Weekly GitHub Report for Kubernetes: March 24, 2025 - March 31, 2025 (12:04:52)

Weekly GitHub Report for Kubernetes

Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.

---

Table of Contents

• I. News
  • 1.1. Recent Version Releases
  • 1.2. Other Noteworthy Updates
• II. Issues
  • 2.1. Top 5 Active Issues
  • 2.2. Top 5 Stale Issues
  • 2.3. Open Issues
  • 2.4. Closed Issues
  • 2.5. Issue Discussion Insights

• III. Pull Requests
  • 3.1. Open Pull Requests
  • 3.2. Closed Pull Requests
  • 3.3. Pull Request Discussion Insights

• IV. Contributors
  • 4.1. Contributors

I. News

1.1 Recent Version Releases:

The current version of this repository is v1.32.3

1.2 Version Information:

The version release on March 11, 2025, introduces key updates and changes to Kubernetes, as detailed in the linked changelog, with additional binary downloads available for users. Notable highlights or trends from this release can be found in the Kubernetes announcement forum and the comprehensive changelog documentation.

II. Issues

2.1 Top 5 Active Issues:

We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.

1. CVE-2025-1974: ingress-nginx admission controller RCE escalation: This issue addresses a critical security vulnerability (CVE-2025-1974) in Kubernetes' ingress-nginx admission controller, which allows an unauthenticated attacker with access to the pod network to execute arbitrary code, potentially leading to the disclosure of Secrets accessible to the controller. The vulnerability affects specific versions of ingress-nginx, and mitigation requires upgrading to a fixed version or disabling the Validating Admission Controller functionality.

   • The comments discuss various aspects of the vulnerability, including the need for a patched build for older Kubernetes versions, issues encountered after upgrading, and potential network policy mitigations. Users express concerns about the CVSS score, debate the attack vector classification, and share experiences with configuration changes needed to maintain functionality. Some users report issues with specific configurations post-upgrade, while others seek clarification on the security implications and mitigation strategies.
   • Number of comments this week: 29

2. CVE-2025-24513: ingress-nginx controller - auth secret file path traversal vulnerability: This issue addresses a security vulnerability in the ingress-nginx controller, where attacker-provided data can be included in a filename by the ingress-nginx Admission Controller feature, leading to directory traversal within the container. This vulnerability, identified as CVE-2025-24513, could potentially result in denial of service or limited disclosure of Secret objects from the cluster if combined with other vulnerabilities, and it affects versions below v1.11.5 and v1.12.1.

   • The comments discuss the need for more information on the issue, the status of updated image releases, and the maintenance mode of ingress-nginx. There are concerns about the availability of updated images, with explanations that security pull requests are still in progress. The CVE record has been made public, and the builds for the fixed versions are now available. There are also questions about the risk level for specific configurations and requests for proof of concept for the vulnerability.
   • Number of comments this week: 16

3. [Flaking Test] [InPlacePodVerticalScaling] Failed to create containerd task while verifying pod resources resize state: This issue pertains to a flaking test in the Kubernetes project, specifically related to the InPlacePodVerticalScaling feature, where the test fails to create a containerd task due to an error in setting the cgroup configuration during the container initialization process. The problem has been observed since the feature was recently added, and it involves discrepancies in container restart counts, which do not match the expected values.

   • The comments discuss potential causes and solutions, including references to related issues and pull requests, logs from containerd, and observations from production environments. There is a consensus that the issue might be related to containerd/runc, and a separate issue is suggested for similar problems not involving the InPlacePodVerticalScaling feature. A potential fix is proposed, but further investigation is needed to confirm its effectiveness.
   • Number of comments this week: 14

4. [release-1.33] Land etcd v3.5.21 in K8s 1.33.0: This issue addresses the need to update the etcd version to v3.5.21 in Kubernetes 1.33.0 to prevent potential upgrade failures from version 1.33.0 to 1.34 due to inconsistencies in membership data between v2store and v3store. The update is crucial to ensure a smooth transition and avoid issues related to the deprecated v2store being the source of truth for membership data in etcd v3.5.

   • The comments discuss the steps needed to update the etcd version, including building and publishing the image and updating kubeadm. Contributors coordinate on who will handle the updates, with some offering to create pull requests for the necessary changes. There is also a discussion about the broader implications of updating etcd across multiple areas in Kubernetes and the need for better coordination and ownership of these updates by the sig-etcd group.
   • Number of comments this week: 14

5. [Flaking Test][InPlacePodVerticalScaling] Failed container cgroup values don't match expected: This issue addresses a problem with Kubernetes e2e tests related to InPlacePodVerticalScaling, where the container cgroup values do not match the expected values, causing test failures. The problem has been occurring since March 22nd, and involves various test scenarios where CPU and memory resources are adjusted for different Quality of Service (QoS) pods, leading to discrepancies in cgroup value verification.

   • The comments discuss the issue's similarity to another problem, ongoing investigations, and the assignment of tasks to contributors. A detailed analysis reveals that cgroup verification fails due to container restart issues, and suggestions are made to improve test reliability by checking container status before executing commands. A pull request is created to address the issue, and further discussions suggest using a different verification method for cgroup values.
   • Number of comments this week: 12

2.2 Top 5 Stale Issues:

We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.

1. apimachinery resource.Quantity primitive values should be public for recursive hashing: This issue addresses the need for the primitive values within the apimachinery resource.Quantity structure to be made public to facilitate recursive hashing by controllers, which is currently hindered by these values being private. The lack of public access to these values complicates the detection of changes in Custom Resource Definitions (CRDs) for projects like Karpenter, which rely on hash comparisons to identify specification drifts, impacting resource allocation and necessitating cumbersome workarounds.
2. APF borrowing by exempt does not match KEP: This issue highlights a discrepancy between the Kubernetes Enhancement Proposal (KEP) and its implementation regarding how the exempt priority level borrows from other levels in the system. Specifically, the KEP outlines a distinct formula for calculating the minimum concurrency limit for exempt levels, which is not reflected in the current implementation, leading to potential inconsistencies in resource allocation.
3. apimachinery's unstructured converter panics if the destination struct contains private fields: This issue describes a problem with the DefaultUnstructuredConverter in the Kubernetes apimachinery package, where it panics when attempting to convert an unstructured object to a structured object if the destination struct contains private fields. The panic occurs because the converter tries to set values on these non-exported fields, which is not allowed in Go, and the user expects the converter to ignore such private fields to prevent the panic.
4. Jsonpath impl does not support left match regex: This issue highlights the need for adding support for the =~ operator in jsonpath filter expressions within a GitHub project, specifically to enable matching using Golang regular expressions. The enhancement is requested to simplify the process of locating desired resources in systems with numerous resources by allowing regex-based filtering, and the issue opener has expressed willingness to contribute to the implementation.
5. metav1.Now() should have nanoseconds precision: This issue highlights a problem with the metav1.Time wrapper in Golang, where the unmarshalling process fails to preserve nanoseconds precision, resulting in discrepancies between expected and actual nanosecond values. The issue is reproducible through a test case that demonstrates the loss of precision when using UnmarshalJSON or Unmarshal methods, and it is noted that this problem occurs across various cloud providers and operating systems.

2.3 Open Issues

This section lists, groups, and then summarizes issues that were created within the last week in the repository.

Issues Opened This Week: 40

Summarized Issues:

• Security vulnerabilities in ingress-nginx controller: Multiple security vulnerabilities have been identified in the ingress-nginx controller, including CVE-2025-24513, CVE-2025-24514, and others, which allow attackers to exploit configurations leading to arbitrary code execution and unauthorized access to Secrets. Mitigation involves upgrading to fixed versions or enabling specific configurations to prevent these exploits.
  • issues/131005, issues/131006, issues/131007, issues/131008, issues/131009

• Kubernetes test failures and flakiness: Several issues in the Kubernetes project relate to test failures and flakiness, such as the agnhost pause command exiting with incorrect status codes and discrepancies in CPU Manager's static policy tests. These issues affect the reliability of the test suite and require investigation and potential fixes to improve test accuracy and consistency.
  • issues/131021, issues/131027, issues/131030, issues/131031, issues/131043, issues/131067, issues/131069, issues/131071, issues/131072, issues/131106

• Kubernetes API server and resource management issues: Problems with the Kubernetes API server include incorrect display of deleted CustomResource objects and failure to validate CRD format fields. Additionally, issues with resource management, such as pod resource resize verification failures, highlight the need for improvements in API server behavior and resource handling.
  • issues/131022, issues/131082, issues/131030, issues/131031

• Kubernetes CI and feature gate enhancements: Enhancements to Kubernetes CI involve improving coverage for alpha and beta feature gates and transitioning from manual skip regexes to a label filtering system. These changes aim to improve test coverage and flexibility while ensuring robust testing of new features.
  • issues/131038, issues/131040

• Kubernetes network and resource allocation issues: Issues related to network and resource allocation in Kubernetes include challenges with Unix domain socket disconnections and the need for bandwidth reservation for control plane networks. These issues impact the stability and performance of Kubernetes clusters and require targeted solutions.
  • issues/131013, issues/131047

• Kubernetes documentation and configuration errors: Documentation errors, such as broken links, and configuration issues, like TLS verification errors after CA updates, highlight the need for better documentation practices and configuration management in Kubernetes. Addressing these issues is crucial for maintaining system integrity and user trust.
  • issues/131081, issues/131107, issues/131080

• Kubernetes feature and API enhancements: Proposed enhancements to Kubernetes features and APIs include making the CSIDriver.attachRequired field mutable and adding a "Preferred" field to the VolumeNodeAffinity struct. These changes aim to improve flexibility and performance in resource scheduling and management.
  • issues/131035, issues/131108, issues/131109

• Kubernetes system and process improvements: System improvements in Kubernetes involve migrating deprecated syscall functions and addressing discrepancies in field names within validation functions. These changes are necessary for maintaining compatibility and ensuring accurate system behavior.
  • issues/131084, issues/131045

• Kubernetes shutdown and connection handling issues: Issues with Kubernetes shutdown processes, such as the inability to gracefully terminate kube-apiserver, and connection handling, like the need for Unix domain socket path support in kubeconfig, highlight areas for improvement in system shutdown and security.
  • issues/131052, issues/131053

• Kubernetes test and feature introduction strategies: Discussions on test strategies and feature introduction patterns, such as adopting a version introduction pattern for leader election strategies, aim to enhance test reliability and ensure safe feature rollouts in Kubernetes.
  • issues/131070

• Kubernetes container and resource management challenges: Challenges in container and resource management, such as propagating memory requests to the container runtime and handling cgroup configurations, require solutions to improve resource allocation and system performance.
  • issues/131077, issues/131087

• Kubernetes upgrade and version management issues: Issues with Kubernetes upgrades, such as inconsistencies between etcd versions, necessitate careful version management and updates to ensure smooth transitions and system stability during upgrades.
  • issues/131101

• Kubernetes test environment and log management: Ensuring that end-to-end tests are correctly tagged as "Slow" and implementing automated warnings for untagged slow tests are part of efforts to improve test environment management and log handling in Kubernetes.
  • issues/131049

• Kubernetes webhook and ingress-nginx controller issues: Problems encountered after upgrading the ingress-nginx-controller and kube webhook, such as duplicate headers and 502 errors, highlight the need for thorough testing and validation of upgrades to prevent service disruptions.
  • issues/131099

• Kubernetes test and process handling issues: Issues like a panic in the TestRegistrationHandler unit test and discrepancies in test results, such as the TestAuthorizerMetrics/canceled_request, require investigation and resolution to ensure accurate test outcomes and process handling.
  • issues/131056, issues/131069

2.4 Closed Issues

This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.

Issues Closed This Week: 25

Summarized Issues:

• Kubernetes Configuration and Resource Management: The Kubernetes project is addressing issues related to configuration options and resource management. One issue involves adding a configuration option to the kubelet to adjust the eviction period, which currently consumes about 1% of CPU resources unnecessarily. Another issue pertains to a failure in the "Pod InPlace Resize Container" test due to resource quota discrepancies, highlighting potential synchronization issues within the Resource Quota Controller.
  • issues/126085, issues/128840

• Dependency and Compatibility Updates: The Kubernetes project is working on updating dependencies to ensure compatibility and maintainability. This includes upgrading the google/cadvisor library and addressing potential new dependencies like opencontainers/image-spec. These updates are crucial for maintaining the project's code organization and functionality.
  • issues/128572

• Pod and Container Management Issues: Several issues in Kubernetes relate to pod and container management, including a problem with InPlacePodVerticalScaling causing pods to be stuck in a Terminating state due to synchronization failures. Another issue involves a Deployment not updating environment variables after a secret update, likely due to node-specific caching or network issues.
  • issues/129193, issues/130769

• Image Pull and Update Challenges: Users are encountering challenges with Kubernetes' image pull policies during rolling updates. Despite setting imagePullPolicy to Always, images are cached on local nodes, requiring correct placement of the policy within the YAML configuration to ensure images are re-pulled as expected.
  • issues/130845

• HTTP/3 Support and Connectivity Issues: There is a request to support HTTP/3 for container probes in Kubernetes due to connectivity issues with liveness and readiness probes using UDP and HTTPS. The current setup encounters connection refusals, suggesting the need for a feature request to implement HTTP/3 support.
  • issues/130851, issues/130890

• API and Configuration Enhancements: The Kubernetes project is discussing enhancements to APIs and configurations, such as promoting the DRA API group to v1beta2 and assigning a Certificate Authority via an external file in the AuthenticationConfiguration for OIDC. These changes aim to improve consistency, flexibility, and management simplicity.
  • issues/130932, issues/130969

• Test Failures and Performance Issues: Multiple test failures in Kubernetes are being addressed, including issues with the pull-kubernetes-e2e-capz-windows-master job due to misplaced assertions and the gce-master-scale-performance job failing to acquire a project. These failures highlight the need for better test compatibility and resource management.
  • issues/130960, issues/130968

• Client and Protocol Issues: The kubectl client version 1.32.2 is experiencing issues with file transfers to pods in different EKS clusters, suspected to be related to changes in the exec protocol. This problem was not present in version 1.28, indicating potential regressions in recent updates.
  • issues/130972

• Cgroup and Namespace Discrepancies: There are inconsistencies in cgroup hierarchy and naming conventions between containerd and CRI-O when running Kubernetes with user namespaces enabled. This discrepancy raises questions about whether it is a Kubernetes or containerd issue, affecting container management.
  • issues/130982

• Node Conformance and Metrics Issues: Kubernetes is facing issues with node conformance tests, particularly with container metrics not reporting as expected due to timeouts and mismatched values. These issues are linked to recent commits and affect tests running on cgroupv1 with the NodeSwap feature.
  • issues/130988, issues/131004

• Volume Mounting and File System Errors: After upgrading to util-linux version 2.41, Kubernetes pods are experiencing errors in mounting ConfigMap SubPath volumes. This issue is linked to a problem in the util-linux package, which has been addressed in a subsequent patch.
  • issues/130999

• Cluster and Pod Management Challenges: New users of Kubernetes are encountering challenges with cluster and pod management, such as connection refusal errors with kubectl get pods. Troubleshooting involves checking CRI, kubelet, and kube-apiserver statuses, and resetting the kubeadm cluster to resolve issues.
  • issues/131025

• Resource Allocation and Scheduling Performance: Kubernetes is addressing issues with resource allocation and scheduling performance, such as the unexpected nil value in the resourceClaimTemplate field and performance benchmark test failures. These issues highlight the need for improved scheduling and resource management.
  • issues/131044, issues/131051

• Security and Vulnerability Assessments: The Kubernetes project is assessing the security exposure of private EKS configurations to vulnerabilities like CVE-2025-1974. This involves evaluating current network and security measures to determine if further actions, such as upgrading, are necessary.
  • issues/131062

• Network and Load Balancer Issues: Kubernetes is facing network-related issues, including a flaking test in the e2e suite due to client rate limiter errors and a failing health check node port test. These issues are potentially linked to kernel bugs and require investigation into kernel modules and iptables-restore failures.
  • issues/131075, issues/131094

2.5 Issue Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.

---

III. Pull Requests

3.1 Open Pull Requests

This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Opened This Week: 41

Key Open Pull Requests

1. DRA: monitor plugin connection: This pull request introduces a new implementation for monitoring gRPC connections specifically for Dynamic Resource Allocation (DRA) plugins in Kubernetes, aiming to automatically deregister and clean up resources upon connection drops, while addressing concerns from a previous implementation by limiting the monitoring scope to DRA connections, utilizing native gRPC capabilities, and avoiding the use of monitoring goroutines.

• URL: pull/131073

• Merged: No

• Associated Commits: 1e65a, 9472b, cb603, ce9d4, 92bc9, 4d892

2. Always check for Immutable selector in Deployment Replicaset Daemonset: This pull request addresses the removal of the special case for checking Spec.Selector immutability in Kubernetes resources such as Deployment, ReplicaSet, and DaemonSet due to the deprecation of extensions/v1beta1, by moving the ValidateImmutableField into the Validate[Resource]Update method, updating validation tests to focus on selector immutability, and removing outdated tests for v1beta1 while adding new ones for v1.

• URL: pull/131017

• Merged: No

• Associated Commits: 0b220, 91a82, a0413

3. kubelet: Fix pod resizing is too slow when using evented PLEG: This pull request addresses a bug in the Kubernetes project by fixing the issue where the state transition for in-place pod resizing was too slow when using evented PLEG, as detailed in the commits and linked to issue #129829, with a suggestion to merge a related PR #130893 first to maintain the single-purpose principle of pull requests.

• URL: pull/131024

• Merged: No

• Associated Commits: bd815, 7ee5e, 41160

Other Open Pull Requests

• Sample Controller Update: This pull request updates the sample-controller in the Kubernetes project to use the new NewClientset that supports applyconfiguration, replacing the deprecated NewSimpleClientset. It addresses issues with schema errors encountered during unit tests by ensuring fake.NewClientset() works properly with the correct schema.
  • pull/131068

• End-to-End Testing Enhancements: This pull request introduces a new script, hack/e2e.sh, as a replacement for ginkgo-e2e.sh, aimed at providing provider-independent testing with better defaults. It simplifies the interface, removes cloud provider dependencies, and ensures compatibility with arbitrary clusters without requiring non-default configurations.
  • pull/131058

• Debugging and Logging Improvements: This pull request enhances the debugging of end-to-end tests for kubectl by logging injected environment variables during command execution. It also prevents redundant injection of os.Environ() in HTTP proxy tests.
  • pull/131060

• TestPolicyAdmission Decoupling: This pull request decouples the v1beta1 and v1 versions in the TestPolicyAdmission integration test within the Kubernetes project. The v1beta1 resource will be removed in version 1.34, necessitating the separation of tests to ensure compatibility and maintainability.
  • pull/131074

• Feature Gate Renaming: This pull request involves renaming the feature gate from "DeploymentPodReplacementPolicy" to "DeploymentReplicaSetTerminatingReplicas". It facilitates the separate graduation of features related to the new status field .status.terminatingReplicas added to Deployments and ReplicaSets.
  • pull/131088

• Parallel Autoscaling Tests: This pull request modifies the Kubernetes project by moving the autoscaling end-to-end tests to run in parallel. It provides test coverage for multiple Horizontal Pod Autoscalers (HPAs) being processed concurrently, which was previously not covered.
  • pull/131091

• Etcd Client SDK Update: This pull request updates the etcd client SDK to version 3.5.21 as part of a cleanup effort. It addresses issue #131101 in the Kubernetes project and includes commits for bumping the SDK version and fixing narrow spaces in the x/net bump.
  • pull/131103

• TLS Cipher Suites Configuration: This pull request introduces a new feature to the Kubernetes project by adding an option to configure cipher suites in the TLS settings of client-go. It addresses issue #130428 and provides a user-facing change that enhances security customization.
  • pull/131014

• ServiceCIDR Locking: This pull request locks the Kubernetes project to the default ServiceCIDR by disabling dual write operations. Previous versions already utilize the new allocator, and it serves the v1 version from storage by default as part of a cleanup effort for milestone v1.34.
  • pull/131015

• Scheduler Memory Optimization: This pull request addresses a bug in the Kubernetes scheduler by ensuring that the .metadata.managedFields field is properly trimmed to optimize memory usage. It corrects a regression introduced in a previous commit where the pod informer's transform function was inadvertently reset to a nil state.
  • pull/131016

• Security Enhancements in Containers: This pull request enhances security by masking access to Linux thermal interrupt information in the /proc and /sys directories within containers by default. It mitigates potential thermal side-channel vulnerability exploits while ensuring that privileged containers or those started with specific security options remain unaffected.
  • pull/131018

• Kube-apiserver Race Condition Fix: This pull request addresses a critical bug in the Kubernetes project by fixing a race condition that could cause the kube-apiserver to emit further watch events even if decryption failed for an earlier event. It ensures that such events are not emitted erroneously.
  • pull/131020

• Agnhost Pause Command Fix: This pull request addresses a bug and cleanup task by fixing the agnhost pause command in the test tooling of the Kubernetes project. It resolves issue #131021 without introducing any user-facing changes.
  • pull/131028

• ToUnstructured Converter Alignment: This pull request aligns the ToUnstructured converter's behavior with the standard library's JSON marshaling. It ensures consistency and correctness in the apimachinery helpers for types that utilize omitempty and anonymous fields.
  • pull/131029

• Golang-jwt Library Update: This pull request updates the golang-jwt library to version 4.5.2 to address a security vulnerability identified by CVE-2025-30204 and GHSA-mh63-6h87-95cp. It is part of a cleanup effort in the Kubernetes project.
  • pull/131034

• Error Handling Improvements: This pull request enhances error handling by improving the error type for missing objects in Kubernetes. It addresses the issue where UID and resourceVersion preconditions trigger before NotFound errors when the GuaranteedUpdate function is used with the ignoreNotFound=true argument.
  • pull/131037

• Memory Limit Test Adjustment: This pull request adjusts the end-to-end test for container_spec_memory_limit_bytes to accommodate a reduced memory limit range for the ppc64le architecture. It addresses a failing test issue linked to a previous pull request in the Kubernetes project.
  • pull/131042

• ReplicaSetFailedPodsBackoff Feature: This pull request introduces a feature called "ReplicaSetFailedPodsBackoff" to limit pod creation when the kubelet fails. It serves as an alternative solution to a previous pull request and partially addresses an existing issue in the Kubernetes project.
  • pull/131050

• Service Account Annotation Clarification: This pull request clarifies the mutual exclusivity of service account annotation keys in the Go documentation for the Kubernetes project. It is part of a cleanup and API change effort and is considered a priority for the authentication special interest group.
  • pull/131061

• Int32 Overflow Bug Fix: This pull request addresses a bug in the Kubernetes project by modifying the (*suffixHandler) interpret function to prevent int32 overflow during exponent parsing. It ensures that large exponents, which previously caused silent overflows and hangs, are now properly rejected.
  • pull/131063

• Service IP Preservation Test Fix: This pull request addresses a failing end-to-end test related to service IP preservation in Kubernetes. The test incorrectly assumes that the ExternalTrafficPolicy set to local will preserve the IP, but fails due to hostnetwork pods using any existing IP on the host.
  • pull/131064

• DRA Kubelet Unit Test Bug Fix: This pull request addresses a bug in the DRA kubelet unit test by stopping background activities that continue running after test completion. It previously led to a panic due to outdated state and an invalid testing.T pointer, thereby fixing issue #131056.
  • pull/131065

• Ginkgo-e2e.sh Script Cleanup: This pull request addresses a cleanup issue in the hack/ginkgo-e2e.sh script by fixing misplaced brackets that caused the script to fail in properly waiting for a process when it was killed. It was indicated by an error message regarding an invalid PID or job specification.
  • pull/131066

• MilliCPUToQuota Deduplication: This pull request cleans up the Kubernetes codebase by deduplicating the MilliCPUToQuota function and several related constants between the pkg/kubelet/cm and pkg/kubelet/kuberuntime packages. The quotaToMilliCPU and sharesToMilliCPU functions remain unchanged as they are not used outside the kuberuntime package.
  • pull/131076

• SIG-Scheduling Approver Addition: This pull request proposes adding @dom4ha to the SIG-Scheduling approvers list due to his significant contributions and leadership in code reviews, enhancements, and team meetings. It is expected to enhance the development process.
  • pull/131078

3.2 Closed Pull Requests

This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Closed This Week: 37

Key Closed Pull Requests

1. [DNM] Declarative Validation - Ratcheting example: This pull request demonstrates the integration of declarative validation's rest.ValidateUpdateDeclarativelyWithRecovery with ratcheting validation tags in the Kubernetes project, showcasing various changes such as enabling declarative validation for ReplicationController, updating validation strategies, and adding ratcheting cases to strategy tests, although it was not merged.

• URL: pull/130753

• Merged: No

• Associated Commits: 0bf03, ae7aa, 03274, e959b, 7aa0b, 0f614, c202c, f61d3, 8bf0b, 51cc7, 508b5, 96149, 03311, 355d0, 64f5c, 26d86, 52b01, 58419, deecd, f50c0, 7fd1e, 15980

2. Add configurable tolerance end-to-end tests: This pull request introduces end-to-end tests for the Horizontal Pod Autoscaler (HPA) configurable tolerances feature in Kubernetes, including updates to the HPA feature gate, tolerance field, round-trip conversion support, validation, and logic, along with necessary changes to defaults, auto-generated files, and test fixtures, while addressing code review feedback and documentation updates.

• URL: pull/130957

• Merged: No

• Associated Commits: 40860, c109c, 22feb, b371f, 16929, 5eec1, 32fdc, 67a25, d4dfd, 16d61, 611f2, bd8e3, fbeb6, a2cb4, c0d41, afe0a

3. e2e testing for PreferSameZone/PreferSameNode: This pull request introduces end-to-end tests for the PreferSameZone and PreferSameNode features in Kubernetes, refactoring existing tests to avoid redundancy and extending the PreferClose test to cover scenarios where the client and server are in the same zone but not on the same node, while also cleaning up and abstracting the TrafficDistribution test logic to support additional use cases.

• URL: pull/130945

• Merged: 2025-03-26T01:12:35Z

• Associated Commits: 26704, 8f7bb, b1a0f, bc81a, 10cd5, 23aff, 7956b, 0ee6b, 478a6

Other Closed Pull Requests

• KubeletPSI Feature Integration and Testing: This topic involves integrating and testing the alpha feature gate KubeletPSI in the Kubernetes project. The pull request includes API definitions for PSI metrics and extends the CRI API and stats provider to support PSI, along with unit and end-to-end tests.
  • pull/131010

• Container Lifecycle StopSignal Feature: This pull request introduces the alpha release of a Container Lifecycle StopSignal in Kubernetes. It allows users to configure custom stop signals for their containers, involving changes to the CRI API and includes API changes, validation, and end-to-end testing.
  • pull/130556

• HorizontalPodAutoscaler Tolerance Configuration: This pull request introduces a new 'tolerance' field to the HorizontalPodAutoscaler in Kubernetes. It allows users to override the cluster-wide default tolerance by enabling the HPAConfigurableTolerance alpha feature gate, with updates to unit tests, documentation, and end-to-end tests.
  • pull/130797

• Resource.k8s.io v1beta2 API Introduction: This pull request introduces the new v1beta2 API for resource.k8s.io, deprecating the v1beta1 API. It includes changes such as flattening the BasicDevice type in the ResourceSlice, updating nodeSelection fields to pointers, and adding e2e tests.
  • pull/129970

• Bug Fixes in Kubernetes: Several pull requests address various bugs in the Kubernetes project. These include fixing a potential nil pointer dereference in the Watch function, ensuring kube-apiserver health checks work with --anonymous-auth=false, and fixing the metrics cache in the EndpointSlice Reconciler.
  • pull/127358, pull/131036, pull/126005

• Flaky Test and Test Improvement Fixes: Multiple pull requests address flaky tests and improve test reliability in Kubernetes. These include fixing flaky tests by using constant CPU values, addressing a failing test issue on Windows, and improving the accuracy of throughput observations in scheduler performance tests.
  • pull/131046, pull/130962, pull/130980

• Structured Logging Migration: This pull request involves migrating the logging system in the cluster-bootstrap component of Kubernetes to a structured logging format. It is part of an effort to improve log management and readability.
  • pull/124905

• Client-go Library Enhancements: Enhancements to the client-go library include adding an example for verifying audience-scoped JWTs using TokenReview. This supports related documentation updates and discussions linked to Kubernetes Enhancement Proposal 4193.
  • pull/128268

• Code Cleanup and Optimization: Several pull requests focus on code cleanup and optimization in Kubernetes. These include enabling the gci linter for consistent Go package import order, removing unnecessary log messages, and optimizing custom resource list request processing.
  • pull/131023, pull/128300, pull/128177

• Metrics Adjustments and Improvements: Pull requests address metrics adjustments and improvements in Kubernetes. These include modifying the container_spec_memory_swap_limit_bytes metric and adjusting metrics ranges to accommodate additional CI job environments.
  • pull/130997, pull/131012

• Test and Feature Development: Various pull requests focus on test and feature development in Kubernetes. These include adding a label for Azure resources to address a failing test issue and implementing a termination signal handler in the kube-controller-manager.
  • pull/128265, pull/126640

• Miscellaneous Pull Requests: This category includes a work-in-progress pull request for testing purposes and the removal of a comment from the codebase due to changes in test execution.
  • pull/129288, pull/129734

3.3 Pull Request Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.

---

IV. Contributors

4.1 Contributors

Active Contributors:

We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.

If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.

Contributor	Commits	Pull Requests	Issues	Comments
pohly	33	12	6	452
liggitt	20	8	0	329
thockin	42	10	1	220
tallclair	23	10	6	195
BenTheElder	23	13	8	176
serathius	35	29	3	137
aojea	14	9	5	140
natasha41575	25	12	0	129
jpbetz	42	18	4	88
bart0sh	19	3	1	128