Weekly GitHub Report for Kubernetes: March 03, 2025 - March 10, 2025
Weekly GitHub Report for Kubernetes
Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.
Table of Contents
I. News
1.1 Recent Version Releases:
The current version of this repository is v1.32.2
1.2 Version Information:
The version release, created on February 12, 2025, introduces key updates and changes to Kubernetes, with detailed information available in the linked changelog. Notable highlights or trends from this release can be further explored in the Kubernetes announcement forum and the changelog documentation.
II. Issues
2.1 Top 5 Active Issues:
We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.
As of our latest update, there are no active issues with ongoing comments this week.
2.2 Top 5 Stale Issues:
We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.
- Support endpoint authentication for K8s trace configuration: This issue addresses the need to support gRPC authentication for Kubernetes trace configuration, as currently only gRPC format endpoints without authentication are supported. The lack of authentication support is seen as insufficient, prompting a request to enhance the trace configuration capabilities by incorporating gRPC authentication.
- Scheduler: Avoid scheduling pods to nodes where the allocatable resource is insufficient for the pod limit resource: This issue addresses the problem of scheduling pods to nodes in Kubernetes where the allocatable resources of the node are insufficient to meet the pod's specified limit resources. It proposes two potential solutions: a soft approach that maintains current behavior but prefers nodes with sufficient resources, and a hard approach that outright rejects nodes lacking the necessary allocatable resources, questioning whether an in-tree or out-of-tree plugin implementation would be more effective.
- kube-proxy: Inconsistent behaviors about disabling health check server and metrics server: This issue highlights inconsistencies between the documentation and the actual behavior of the kube-proxy component in Kubernetes regarding the disabling of the health check server and metrics server using the "--healthz-bind-address" and "--metrics-bind-address" flags. The problem is that setting these flags to empty values, which should theoretically disable the servers, does not work as expected, leading to potential confusion about whether this is a documentation error or a code issue, and also reveals inconsistencies in the validation logic for these addresses.
- [Flaking Test] k8s.io/kubernetes/test/integration/metrics.metrics: This issue pertains to a flaking test in the Kubernetes project, specifically within the
k8s.io/kubernetes/test/integration/metrics.metricstest suite, which has been causing intermittent failures in thesig-release-master-blockingjob, particularly affecting theintegration-masterbranch. The failure is attributed to a test case,TestAPIServerMetricsLabelsWithAllowList, where a value "200" is not permitted for the label "code", leading to a test failure, and this has been occurring since January 28, 2025, as noted in the logs. Since there were fewer than 5 open issues, all of the open issues have been listed above.
2.3 Open Issues
This section lists, groups, and then summarizes issues that were created within the last week in the repository.
Issues Opened This Week: 0
Summarized Issues:
As of our latest update, there are no open issues for the project this week.
2.4 Closed Issues
This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.
Issues Closed This Week: 7
Summarized Issues:
- End-to-End Testing Failures: The end-to-end testing process encounters issues due to permission restrictions on Fedora CoreOS instances, specifically when the
remote.goscript attempts to copy pod logs, resulting in a "Permission denied" error. Additionally, the "ci-kubernetes-e2e-kind-alpha-features" job fails due to errors in initializing the control plane with kubeadm, leading to HTTP 500 and 404 responses.
- Go Version and Environment Setup: The "post-kernel-module-management-push-images" job fails due to an outdated Go version requirement, as the project needs Go version 1.23.0 but is running on 1.22.10. The KMS end-to-end tests require updates to respect the
.go-versionfile, suggesting the use of existing environment setup scripts for Go versioning.
- Testing and Package Updates: Tests for encoding collections in the Proto package need to be added to support Proto response streaming, following a previous pull request. Additionally, the scheduler integration tests require updating by replacing the deprecated
pointerpackage with theptrpackage, which uses generics, as part of a cleanup effort.
- Control Plane Component Registration: There is a need to separate the registration of control plane components in the
DefaultComponentGlobalsRegistryto allow independent flag settings. This change aims to reduce reliance on theDefaultFeatureGateby using local feature gates or identifying components for feature gate checks, addressing difficulties in setting flags independently.
2.5 Issue Discussion Insights
This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.
Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.
III. Pull Requests
3.1 Open Pull Requests
This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.
Pull Requests Opened This Week: 0
As of our latest update, there are no open pull requests for the project this week.
3.2 Closed Pull Requests
This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.
Pull Requests Closed This Week: 52
Key Closed Pull Requests
1. KEP-5073: Declarative Validation: Add validation generator: This pull request introduces a new feature for the Kubernetes project by implementing a code generator called "validation-gen," which is designed to produce declarative validation code based on specific tags in types.go files, and includes a set of core validation plugins, test infrastructure, and various validators to enhance the validation process.
- URL: pull/130349
- Merged: 2025-03-03T19:25:43Z
- Associated Commits: 5c1b9, 48165, 91f58, d2d1a, ca7f9, 9605f, ecda7, 9262b, e13d3, 9fab5, 1838a, ff9c1, 55f09
2. [FG:PodObservedGenerationTracking] Kubelet sets pod status.observedGeneration when updating the pod status: This pull request introduces a new feature in the Kubernetes project where the kubelet updates the pod.status.observedGeneration field to reflect the latest metadata.generation of a pod it has observed, as part of the PodObservedGenerationTracking feature, which includes changes to the pod status API and requires additional handling for mirror pods and potential updates by the scheduler and node lifecycle controller.
- URL: pull/130352
- Merged: 2025-03-07T21:33:45Z
3. WIP: Fixing k8s.io/kubernetes/pkg/util/filesystem unit tests for Windows: This pull request addresses the issue of flaky unit tests for the Windows platform in the Kubernetes project by fixing the tests in the k8s.io/kubernetes/pkg/util/filesystem package, as part of the ongoing effort to resolve the related issue tracked in the Kubernetes repository.
- URL: pull/130245
- Merged: 2025-03-04T00:59:42Z
Other Closed Pull Requests
- Pod Subresource Updates Preparation: This pull request addresses a cleanup task related to the preparation for pod subresource updates in the Kubernetes project. It specifically fixes an issue with the
dropPodUpdatelogic that occurs when the pod Resize or EphemeralContainers subresources are updated, as an offshoot of a previous discussion in another pull request.
- Automated Cherry-Picks for Feature Enhancements: Several pull requests involve automated cherry-picks of previous changes to different release branches, introducing the
OrderedNamespaceDeletionfeature gate and ensuring the kubelet's '/metrics/slis' endpoint is always available. These changes enhance workload security by ensuring pods are deleted before other resources during namespace deletion and improve the availability of metrics endpoints.
- Kubernetes Controller Role Permissions: This pull request involves an automated cherry-pick of changes to the release-1.32 branch, adding the
Watchpermission to several Kubernetes controller roles that previously only included theListpermission. It ensures that when thekube-controller-managerexecutes theListmethod, it can utilizeWatchwithout encountering permission errors, and includes additional tests to verify that roles withListalso haveWatch.
- Topology Manager Logging Improvements: This pull request focuses on improving the logging capabilities of the Topology Manager in Kubernetes by adding metadata to logs. It ensures sufficient information is provided and resolves lint errors, with a future plan to migrate to contextual logging.
- Kubernetes Scheduler Refactoring: This pull request refactors the
PreScoremethod in the Kubernetes scheduler'sbalanced_allocation.goto skip best-effort pods. It updates the corresponding unit tests to verify the new behavior and addresses issue #129138 by preventing the NodeResourcesBalancedAllocation plugin from scheduling too many pods to the same node.
- OpenAPI Verification Process Relaxation: This pull request relaxes the OpenAPI verification process to allow it to pass with both strict and non-strict alpha handling. It enables users to choose their preferred mode via an environment variable, while the default behavior remains strict, as part of a cleanup effort to address issue #128616 in the Kubernetes project.
- Kubeadm Log Output Consistency: This pull request addresses the need for consistent log output in kubeadm by replacing specific mentions of the YAML format with a more generic term to accommodate both YAML and JSON configuration file types. It adds warning logs for unknown GroupVersionKinds (GVKs) and renames the SplitYAMLDocuments function to SplitYAMLOrJSONDocuments for improved clarity and consistency.
- SELinuxWarning Controller Update: This pull request updates the SELinuxWarning controller to ignore SELinux label conflicts for Pods that have opted into the "seLinuxChangePolicy: Recursive" policy. It ensures that conflicts are only reported for Pods using the same volume with "seLinuxChangePolicy: Mount" or no policy, aligning the controller's behavior with previous Kubernetes releases.
- Kube-proxy Optimization with Nftables: This pull request focuses on optimizing the restart time of kube-proxy when using nftables by implementing changes that avoid unnecessary transactions of existing map/set elements and endpoint chain updates. It significantly reduces the time taken for the initial transaction and improves performance compared to iptables.
- CPU Topologies for Prefer-Align-CPUs-by-Uncorecache: This pull request adds test cases and CPU topologies for the
prefer-align-cpus-by-uncorecachefeature. It introduces split and monolithic uncore cache CPU topologies for x86 and ARM processors and applies unit testing on these topologies to enhance the CPU manager's functionality in Kubernetes.
- UserNamespacesSupport Kernel Version Reversion: This pull request reverts previous changes that enforced a minimum Linux kernel version of 6.3 for the UserNamespacesSupport feature in Kubernetes. It argues that the kernel version check was overly strict and unnecessary since user namespaces can function on older kernels.
- Go Settings Cleanup for External Tools: This pull request focuses on cleaning up the Kubernetes project by isolating Go settings for installing external tools. It ensures these tools use automatic Go version selection and makes sure that local binaries and KMS images respect the
.go-versionfile and any overrides.
- Dynamic Configuration of Service Accounts and Audiences: This pull request introduces a feature that allows for the dynamic configuration of service accounts and audiences. It enables the kubelet to request tokens as part of the node audience restriction feature and includes integration tests to ensure the functionality works as intended.
- ListOptions Bug Fix in Fake Client: This pull request addresses a bug by ensuring that
ListOptionsare correctly passed to the Watch method of the fake client in the Kubernetes project. It includes updates to the code generation script to fix the issue.
- Self-Nomination for Storage E2E Tests Approver: This pull request involves the self-nomination of the user "carlory" as an approver for storage end-to-end (e2e) tests within the Kubernetes project. It highlights their extensive experience as a reviewer and contributor, including reviewing 32 merged pull requests and merging 105 substantial pull requests related to the SIG storage.
- PodRejectionStatus Test Modification: This pull request modifies the PodRejectionStatus test in the Kubernetes project to relax the comparison criteria for pod status fields. It addresses issues where operators like ovn-kubernetes modify pods upon node binding, which previously caused test failures in certain environments.
- Kubelet DRA Registration Test Fix: This pull request involves an automated cherry-pick of a previous fix to the release-1.32 branch, addressing an issue in the kubelet's DRA registration test. It sets expected slice fields within the reactor function to prevent test failures caused by premature calls before test cleanup.
- Recursive Read-only Mounts Promotion: This pull request promotes the "Recursive Read-only (RRO) mounts" feature from beta to General Availability (GA) in the Kubernetes project. It is discussed in Kubernetes Enhancement Proposal (KEP) 3857 and is documented in the related enhancement issue.
- Pod Admission E2E Testing Enhancement: This pull request aims to enhance the end-to-end (E2E) testing of pod admission by adding a scenario where a pod annotation update occurs simultaneously with the binding process. It potentially causes the PodRejectionStatus test to fail, as part of the Kubernetes project.
- Windows Unit Test Failures Resolution: This pull request addresses and resolves unit test failures specific to the
k8s.io/kubernetes/pkg/kubelet/apis/config/validationpackage on Windows. It fixes broken test cases, particularly those related to unsupported configurations likesingleProcessOOMKill, ensuring compatibility and stability of the Kubernetes codebase on Windows platforms.
- Kubelet Eviction Component Test Fixes: This pull request addresses the issue of failing unit tests for the Kubernetes Kubelet eviction component on Windows by adding support for a different sysContainer in the /stats/summary used for constructing eviction signals. It also fixes a potential nil-dereference error, although the latter is unlikely to occur outside of testing scenarios.
- Kubernetes Warning Event for CSI Volume Ownership: This pull request proposes the creation of a Kubernetes Warning Event to alert users when the process of changing CSI volume ownership takes longer than 30 seconds. It improves visibility and actionability by surfacing this delay at the pod level rather than relying solely on Kubelet logs.
3.3 Pull Request Discussion Insights
This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.
Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.
IV. Contributors
4.1 Contributors
Active Contributors:
We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.
If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.
| Contributor | Commits | Pull Requests | Issues | Comments |
|---|---|---|---|---|
| bart0sh | 18 | 3 | 3 | 89 |
| aojea | 22 | 5 | 2 | 45 |
| carlory | 31 | 10 | 0 | 16 |
| pohly | 22 | 2 | 3 | 29 |
| omerap12 | 17 | 3 | 0 | 34 |
| ffromani | 17 | 2 | 0 | 32 |
| googs1025 | 12 | 3 | 1 | 31 |
| serathius | 18 | 5 | 7 | 13 |
| jpbetz | 32 | 1 | 1 | 7 |
| BenTheElder | 2 | 1 | 0 | 38 |