Weekly GitHub Report for Kubernetes: May 12, 2025 - May 19, 2025 (12:01:24)

Weekly GitHub Report for Kubernetes

Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.

---

Table of Contents

• I. News
  • 1.1. Recent Version Releases
  • 1.2. Other Noteworthy Updates
• II. Issues
  • 2.1. Top 5 Active Issues
  • 2.2. Top 5 Stale Issues
  • 2.3. Open Issues
  • 2.4. Closed Issues
  • 2.5. Issue Discussion Insights

• III. Pull Requests
  • 3.1. Open Pull Requests
  • 3.2. Closed Pull Requests
  • 3.3. Pull Request Discussion Insights

• IV. Contributors
  • 4.1. Contributors

I. News

1.1 Recent Version Releases:

The current version of this repository is v1.32.3

1.2 Version Information:

The version release information, created on March 11, 2025, highlights key updates in Kubernetes version 1.32, with detailed changes and additional binary downloads available in the linked changelog. Notable trends or highlights are not specified in the provided text.

II. Issues

2.1 Top 5 Active Issues:

We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.

1. Does it make sense to use ServiceAccounts for custom resources?: This issue discusses the potential use of ServiceAccounts for custom resources in the context of CNCF Flux, specifically regarding the introduction of spec.serviceAccountName fields to issue JWTs through the TokenRequest API and exchange them for Access Tokens in cloud providers' Security Token Services. The author seeks clarification on whether this approach aligns with Kubernetes' intended use of ServiceAccounts, as they are traditionally associated with Pods, and whether this method could be considered an abuse of the system.

   • The comments explore the feasibility and implications of using ServiceAccounts for custom resources, with discussions on security concerns, potential attack vectors, and the alignment with Kubernetes' architecture. Participants provide insights into alternative methods, such as binding tokens to Secret objects, and discuss the broader ecosystem's direction regarding workload identity. The conversation also touches on the potential for Kubernetes to support more granular identity management for controllers and the need for cloud providers to accommodate such use cases without breaking existing integrations.
   • Number of comments this week: 22

2. [Flaking Test] [sig-api-machinery] ResourceQuota should create a ResourceQuota and capture the life of a ResourceClaim [FeatureGate:DynamicResourceAllocation]: This issue is about a flaking test in the Kubernetes project, specifically within the sig-api-machinery group, where the ResourceQuota test is failing to create a ResourceQuota and capture the life of a ResourceClaim due to a context deadline exceeded error. The problem has been occurring since May 12th, and it appears to be related to how the resource quota controller reconciles, rather than the Dynamic Resource Allocation logic itself.

   • The comments discuss the rarity and difficulty in reproducing the flake, with attempts to trigger it locally and in CI without success. It is noted that the flake is not specific to ResourceClaim, though it occurs more frequently with it. The test has been identified as the flakiest in the beta job, and there are plans to merge an enhanced test to gather more information. Despite active monitoring, the flake has not reappeared recently.
   • Number of comments this week: 7

3. apimachinery/pkg/util/errors: deprecate MessageCountMap: This issue proposes the deprecation of the MessageCountMap and CreateAggregateFromMessageCountMap functions from the k8s.io/apimachinery/pkg/util/errors package, as they are no longer used in the Kubernetes codebase and the functionality is now covered by the errors.Join function available since Go 1.20. The deprecation is suggested to encourage developers to transition away from the outdated package and adopt the newer, more efficient error handling methods.

   • The comments discuss assigning the issue to a contributor, with one person expressing interest in taking it up if no one else is working on it. There is a concern about whether the functions can be easily replaced by errors.Join and whether any subprojects are still using these methods. A search indicates that the functions are primarily used in vendor directories.
   • Number of comments this week: 6

4. kubelet device manager provides some useless hints: This issue highlights a problem with the kubelet device manager in Kubernetes, where it provides an excessive number of hints for GPU allocation, far exceeding the number of available GPUs, which significantly reduces the efficiency of computing the best hint. The user expected the device manager to generate hints that match the requested number of GPUs, as the current behavior results in a substantial decrease in performance, particularly when creating a 1-GPU pod on a node with multiple NUMA nodes.

   • The comments discuss the inefficiency caused by the device manager generating excessive hints, leading to a lengthy pod admission time. The issue is acknowledged as a known scalability problem with the topology manager, and there is a suggestion to open a more generic issue to address the slow admission time, as the current behavior is considered expected but undesirable.
   • Number of comments this week: 5

5. goroutines may stuck in method (*cacheWatcher).processInterval because of watch clients do not deal with watch event: This issue is about a potential bug in a Kubernetes cluster where goroutines may become stuck in the (*cacheWatcher).processInterval method because watch clients do not handle watch events properly. The problem arises when a test client in the cluster watches cluster resources but does not process the events, leading to concerns about whether these events can be garbage collected if the watch goroutine does not exit.

   • The comments discuss assigning the issue to a specific person and accepting it for triage. A suggestion is made to either kick watchers referencing outdated events or impose a limit, as the current behavior may prevent events from being garbage collected.
   • Number of comments this week: 4

2.2 Top 5 Stale Issues:

We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.

1. apimachinery resource.Quantity primitive values should be public for recursive hashing: This issue addresses the need for the primitive values within the apimachinery resource.Quantity struct to be made public to facilitate recursive hashing, which is currently hindered by their private status. The lack of public access to these values complicates the process of detecting changes in Custom Resource Definitions (CRDs) for projects like kubernetes-sigs/karpenter, which rely on hash comparisons to identify specification drifts, impacting resource allocation and necessitating cumbersome workarounds.
2. APF borrowing by exempt does not match KEP: This issue highlights a discrepancy between the Kubernetes Enhancement Proposal (KEP) and its implementation regarding how the exempt priority level borrows from other levels in the system. Specifically, the KEP outlines a distinct formula for calculating the minimum concurrency limit for exempt levels, which is not reflected in the current implementation, leading to potential inconsistencies in resource allocation.
3. apimachinery's unstructured converter panics if the destination struct contains private fields: This issue describes a problem with the DefaultUnstructuredConverter in the Kubernetes apimachinery package, where it panics when attempting to convert an unstructured object to a structured object if the destination struct contains private fields. The panic occurs because the converter tries to set values on non-exported fields, which is not allowed in Go, and the user expects the converter to ignore these private fields instead of causing a panic.
4. Jsonpath impl does not support left match regex: This issue is about the lack of support for the =~ operator in jsonpath filter expressions within a GitHub project, which prevents users from performing left match regex operations. The addition of this feature would allow users to efficiently locate resources by matching patterns, such as identifying items whose descriptions start with a specific string, thereby simplifying resource management in systems with numerous resources. Since there were fewer than 5 open issues, all of the open issues have been listed above.

2.3 Open Issues

This section lists, groups, and then summarizes issues that were created within the last week in the repository.

Issues Opened This Week: 29

Summarized Issues:

• Goroutine Stuck in processInterval: This issue describes a problem in a Kubernetes cluster where goroutines may become stuck in the (*cacheWatcher).processInterval method. This occurs because watch clients do not handle watch events, potentially preventing events from being garbage collected and causing the watch goroutine to not exit.
  • issues/131721

• Integration with Go 1.20's errors.Join: This issue involves updating the k8s.io/apimachinery/pkg/util/errors package to integrate with Go 1.20's errors.Join. It includes implementing the Unwrap() []error method for the aggregate type and deprecating the current Errors() []error method to align with standard library practices.
  • issues/131723, issues/131726

• Documentation for x-kubernetes Extensions: This issue is about adding documentation for the x-kubernetes-list-type, x-kubernetes-map-key, and x-kubernetes-unions fields. The api/openapi-spec/README.md file currently lacks information on these specific x-kubernetes extensions.
  • issues/131724

• Device Allocator Performance: This issue addresses the slow performance of the device allocator in Kubernetes. It struggles to efficiently find a suitable set of devices to satisfy ResourceClaims, leading to significant delays and necessitating discussions on potential improvements and performance optimizations.
  • issues/131730, issues/131735, issues/131738

• Metric Discrepancy in kubelet_pod_start_sli_duration_seconds: This issue highlights a discrepancy between the expected behavior and the actual implementation of the kubelet_pod_start_sli_duration_seconds metric. The metric is supposed to exclude the runtime of init containers, but testing and code inspection suggest that this exclusion is not occurring.
  • issues/131733

• ServiceAccounts for Custom Resources in CNCF Flux: This issue discusses whether it is appropriate to use Kubernetes ServiceAccounts for custom resources in the context of CNCF Flux. It raises concerns about potential misuse, ecosystem compatibility, and future constraints related to Kubernetes' direction towards pod-bound workload identity.
  • issues/131740

• Failing Tests and Reconciliation Issues: This issue involves a failing test in the Kubernetes project, specifically the Test_StorageVersionUpdatedWithAllEncodingVersionsEqualOnLeaseDeletion. It is encountering unexpected storage version objects and common encoding versions, leading to a runtime error due to an index out of range.
  • issues/131745, issues/131748, issues/131758

• Discrepancy in topologySpreadConstraints Handling: This issue highlights a discrepancy in the Kubernetes API Server's handling of topologySpreadConstraints between StatefulSets and Deployments. A missing whenUnsatisfiable field causes Deployments to be correctly rejected due to validation errors, while StatefulSets are incorrectly accepted but fail to schedule pods.
  • issues/131761

• kube-proxy Traffic Dropping in nftables Mode: This issue describes a problem where using kube-proxy in nftables mode with a LoadBalancer Service set to externalTrafficPolicy:Local results in traffic being dropped to the external IP. This prevents pods on the host from sending traffic to the LoadBalancer's external IP.
  • issues/131765

• CPU Manager Test Failures: This issue pertains to a failing test in the Kubernetes project related to the CPU Manager. Non-guaranteed pods are not able to access all online CPUs as expected due to a missing file or directory error, highlighting the need for test adjustments.
  • issues/131769, issues/131793

• Kubelet Reconnection to DRA Plugin: This issue involves measuring the reconnection time of the kubelet to the Device Resource Allocation (DRA) plugin during kubelet restarts and plugin crashes. It includes updating the documentation by consolidating notes and discussions from various documents and meetings.
  • issues/131770

• Network Connectivity Issues During StatefulSet Upgrades: This issue describes a problem during large-scale Kubernetes cluster upgrades where the garbage collector deletes old pods that are terminating during a StatefulSet rolling upgrade. This leads to network connectivity issues for new pods because the old pod's delayed network teardown inadvertently removes the new pod's network interface.
  • issues/131775

• Pod Stuck in ContainerCreating Status: This issue involves a Kubernetes pod stuck in the "ContainerCreating" status due to a kubelet error where the connection to the kubelet.sock is refused. It likely follows a firmware update on RHEL 8 and lacks clear reproduction steps or conditions for further diagnosis.
  • issues/131776

• cachingObject Skipping defaultOnRead Method: This issue describes a problem where the cachingObject skips the defaultOnRead method when pushing events. This leads to a scenario where Service objects upgraded from a version older than 1.20 do not include the IPFamilies field in their events.
  • issues/131779

• kube-log-runner Log Splitting Issue: This issue addresses the problem of kube-log-runner splitting log streams without respecting log record boundaries when using log rotation. It proposes the use of Unix Domain sequential packet sockets to ensure complete log records are maintained in each log file.
  • issues/131788

• Standardizing Metric Reference Resources: This issue addresses the need to standardize the format of metric reference resources in a Kubernetes project. It proposes adopting a consistent labeling approach to reduce confusion, improve filtering, and facilitate metric aggregation.
  • issues/131796

• Migrating DeepCopy Functions to deepcopy-gen: This issue involves migrating manually written DeepCopy functions in the Kubernetes scheduler implementation to an automated solution using deepcopy-gen. This is to improve maintainability and prevent issues like those referenced in a previous pull request.
  • issues/131797

• Resource Usage Calculation for DRAPrioritizedList: This issue addresses the need to update the resource usage calculation to support the DRAPrioritizedList feature in Kubernetes. Currently, users can bypass ResourceQuota checks when this feature is enabled, and this update is necessary before the feature can be promoted to beta.
  • issues/131805

• mTLS Authentication for ConversionWebhook: This issue is about adding an option for mutual TLS (mTLS) authentication for the ConversionWebhook in Kubernetes. The current setup causes TLS handshake errors when the kube-apiserver does not present a client certificate.
  • issues/131810

• Field-Level Deprecation Warnings in CRD Generation: This issue discusses the need for implementing field-level deprecation warnings in Custom Resource Definition (CRD) generation within the Kubernetes ecosystem. It proposes a mechanism to make deprecated fields more visible to end users by providing actionable warnings at runtime.
  • issues/131817

• ReplicationController Reconciliation with DeploymentReplicaSetTerminatingReplicas: This issue involves a problem where a ReplicationController cannot fully reconcile with the DeploymentReplicaSetTerminatingReplicas feature gate enabled. It results in extra synchronization logs in the Kubernetes Controller Manager (KCM).
  • issues/131821

• Validation of createNodeOp Function: This issue concerns the validation of the createNodeOp function in the Kubernetes scheduler. It specifically addresses whether an error should be raised when the number of nodes is set to zero.
  • issues/131828

2.4 Closed Issues

This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.

Issues Closed This Week: 12

Summarized Issues:

• Kubernetes CronJobs and Kubelet Cleanup Issues: The Kubernetes cluster experiences issues with a high number of CronJobs where the kubelet fails to clean up exited containers. This leads to IP address management congestion and eventual failure due to exceeding gRPC message size limits, despite configuration adjustments.
  • issues/131407

• Kubernetes Build and Certificate Verification Errors: A failure occurs in building the Busybox image for Windows due to a TLS certificate verification error. The error arises when attempting to download a curl binary from an unofficial source, suggesting a need to switch to a more reliable source or modify the build process.
  • issues/131426

• Kubelet Pod Removal and Cache Operation Errors: The Kubernetes kubelet faces issues where the NodeUnprepareResources function does not block pod removal with a zero terminationGracePeriod. This results in a failure to set up a container due to a locked cache operation error, suspected to be caused by a race condition.
  • issues/131513

• Kubernetes Scheduler Test Flakes: The Kubernetes scheduler integration test experiences a flake where a pod with node affinity is scheduled on the wrong node. This unexpected behavior is observed in the TestNodeAffinityScoring test, leading to incorrect test results.
  • issues/131515

• Kubernetes Scheduler Preemption Test Issues: In the Kubernetes scheduler preemption test, low-priority pods with finalizers are expected to remain undeleted until high-priority pods are scheduled. However, a synthetic delete event violates this assumption, causing premature scheduling of high-priority pods.
  • issues/131695

• Kubernetes Connectivity Test Failures: The "Connectivity Pod Lifecycle" test in Kubernetes fails to achieve zero downtime during a Blue-Green deployment due to a connectivity error. The system incorrectly connects to the "blue-pod" instead of the "green-pod," causing the test to fail.
  • issues/131707

• Persistent Volume State Update Issues: A potential problem arises when a Persistent Volume (PV) is updated to the "Released" state while still being detached. This can lead to a failed DeleteVolume operation and misleading error feedback due to the volume's attached state.
  • issues/131713

• Kubernetes API Server Memory Regression: A regression in memory usage for Kubernetes' API server is observed, where a performance improvement inadvertently increases memory consumption from 3 GB to 30 GB. This is potentially due to changes in JSON encoding for audit logs.
  • issues/131720

• Kubernetes Service Controller Reconciliation Failures: The Kubernetes service controller fails to retry service reconciliation when the UpdateLoadBalancer function returns an error. The error is overwritten by a subsequent successful call to GetLoadBalancer, resulting in incomplete backend node updates.
  • issues/131729

• Kubernetes Secrets Security Concerns: Concerns are raised about the security of Kubernetes secrets, criticizing the use of base64 encoding for passwords. The suggestion is to adopt Argon2 hashing to enhance security and prevent unauthorized access to original secret values.
  • issues/131734

• ResourceSlice CRD Field Selector Feature: A request is made to add spec.nodeName to the selectable fields of the ResourceSlice CRD in Kubernetes. This would allow efficient server-side execution of field selector queries, but it was later discovered that this feature was already implemented.
  • issues/131739

• Kubernetes Descheduler Eviction Issues: The descheduler version 0.30 attempts to evict pods even when no suitable nodes are available for relocation. This occurs despite configuration settings intended to prevent such actions when no fit nodes are present.
  • issues/131814

2.5 Issue Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.

---

III. Pull Requests

3.1 Open Pull Requests

This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Opened This Week: 50

Key Open Pull Requests

1. [WIP] Allow OpenAPI model package names to be declared by APIs: This pull request introduces a change to the Kubernetes project by transitioning from a reflection-based approach to a declarative approach for OpenAPI model naming, allowing API authors to specify desired OpenAPI model package names through OpenAPIModelName() receiver functions generated into zz_generated.openapi_model.go files, thereby addressing limitations related to undesirable model package names derived from Go package paths and facilitating easier code organization and repackaging.

• URL: pull/131755

• Merged: No

• Associated Commits: 279d3, a56dd, 61e45, b4e56, b4f4d, 3f168, b90a3, 6ccf6, d1294, b15e3, abc75, 7f4f2, bae58, a68f9, edf22, 5defd, b520c, 9de10, 9c3ad, 54299, 81c6d, de98b, fac8d, b8169, 30e92, 2066c, 5f6b1, abc38, 84687, d3647, a05e5, 92057, 4317b, 91c10

2. WIP: prevent code generators adding testing imports: This pull request aims to clean up the codebase by preventing code generators from adding testing imports into production code, ensuring that all *testing imports are detected in non-test code, and refactoring the kubelet to avoid linking testing packages into production binaries, thereby addressing issue #131646 in the Kubernetes project.

• URL: pull/131750

• Merged: No

• Associated Commits: 8b12d, 78844, ff956, e40dd, 4126f, 5cbe2

3. Moving Scheduler interfaces to staging, step 1: Copy part of the files from pkg/scheduler/framework to staging: This pull request involves the initial step of relocating certain Scheduler interfaces and type definitions from the pkg/scheduler/framework directory to a staging repository, k8s.io/kube-scheduler, to facilitate the importation of scheduler framework interfaces without the need to import the entire Kubernetes repository, with the expectation that subsequent pull requests will eliminate the temporary dependency on the main Kubernetes repository.

• URL: pull/131722

• Merged: No

• Associated Commits: ce32f, 013f3, e6672, 50ea8, 8e75d

Other Open Pull Requests

• kuberc Feature Promotion: The kuberc feature has been promoted to beta status in the Kubernetes project, enabling it by default while allowing users to disable it through specific flags. This update includes adding v1beta1 types, testing the configuration loading mechanism, and introducing fuzzing for kuberc types to ensure input validation and correctness.
  • pull/131818

• Windows Unit Tests Fixes: Several pull requests address fixing unit tests on Windows for the Kubernetes project, specifically focusing on the user namespace (userns) stub implementation. These changes include fixing userns tests, providing a stub implementation for Windows, wrapping errors for debugging, and removing unnecessary test skips on Windows.
  • pull/131786, pull/131787, pull/131811

• User Namespace Error Message Improvements: Multiple pull requests aim to improve error messages when a pod with user namespaces is created in Kubernetes and the runtime does not support user namespaces. These changes involve checking the length of slices to handle empty non-nil slices and clarifying error messages to indicate the lack of user namespace support.
  • pull/131781, pull/131782, pull/131783, pull/131812

• Kernel Version Check Reversion: Automated cherry-picks revert a kernel version check related to Linux user namespaces in Kubernetes, removing warnings for kernel versions earlier than 6.3.0. This change aims to eliminate unnecessary log noise and potential confusion caused by the hardcoded version check.
  • pull/131784, pull/131785

• Dynamic Resource Allocation Plugin Registration: An end-to-end node test has been introduced to verify that the kubelet plugin manager correctly retries the plugin registration process after a failed GetInfo call. This ensures that the plugin is successfully registered once the GetInfo call succeeds, improving the robustness of the Dynamic Resource Allocation (DRA) plugin registration process in failure scenarios.
  • pull/131760

• Pod Admission and Resize Logic Refactor: The Kubernetes codebase has been refactored by moving the pod admission and resize logic into the allocation manager. This effort is part of a cleanup process to untangle dependencies without altering the existing business logic, in preparation for future changes.
  • pull/131801

• Horizontal Pod Autoscaler Enhancement: A new feature allows the Horizontal Pod Autoscaler (HPA) to scale based on the current number of replicas when no matched Pods are ready. This addresses issue #130130 in the Kubernetes project.
  • pull/131819

• ReplicationController Bug Fix: A bug has been addressed by disabling the reconciliation of terminatingReplicas in the ReplicationController when the DeploymentReplicaSetTerminatingReplicas feature gate is enabled. This fixes issue #131821 in the Kubernetes project.
  • pull/131822

• ResourceQuota Test Flake Debugging: A pull request focuses on debugging a test flake related to the ResourceQuota in Kubernetes, where the test sometimes fails due to discrepancies in expected versus actual resource counts. Changes include making assertions more verbose to aid in understanding and resolving the issue, although it is not intended to be merged.
  • pull/131718

• x-kubernetes OpenAPI Documentation Enhancement: Documentation has been enhanced by adding missing information for x-kubernetes OpenAPI fields, addressing issue #131724. This includes adding the missing documentation and fixing formatting and semantic issues.
  • pull/131737

• AuthenticationConfiguration Promotion: The v1beta1 version of AuthenticationConfiguration has been duplicated to v1 in the Kubernetes project, promoting the AuthenticationConfiguration type to apiserver.config.k8s.io/v1 for use in --authentication-config files. Associated tests have been updated to reflect this change as part of the ongoing enhancements detailed in Kubernetes Enhancement Proposal 3331.
  • pull/131752

• User Namespace Logging Backport: An automated cherry-pick adds logging functionality for user namespace custom mappings parsing in the kubelet component, backporting these changes to the release-1.30 branch since they have already been merged into version 1.31.
  • pull/131813

• End-to-End Test Cleanup: End-to-end tests have been cleaned up by removing all cloud provider calls, specifically e2epv.DeletePDWithRetry and e2epv.CreatePDWithRetry(ctx), from the storage/volume_provisioning.go file in the Kubernetes project. This is a follow-up to a previous discussion.
  • pull/131717

• StorageObjectInUseProtection Nil Pointer Fix: A cleanup task addresses a nil pointer issue in the StorageObjectInUseProtection component of the Kubernetes project. This is detailed in the commit linked here: https://github.com/kubernetes/kubernetes/commit/9f83a2ceca0d693e0e580b98b79503591b3d91f2.
  • pull/131719

• Kubeconfig Preferences Deprecation: The 'preferences' field in kubeconfig is proposed for deprecation in favor of using 'kuberc', as part of a cleanup and documentation update. This is linked to the Kubernetes Enhancement Proposal (KEP) issue 3104.
  • pull/131741

• ResourceSlices Feature Addition: A new feature adds a ResourceSlices section to the kubectl describe node command, displaying aggregated ResourceSlices information, including slice name, driver, and pool, when the ResourceSlice API is available.
  • pull/131744

• End-to-End Testing Framework Enhancement: The end-to-end (e2e) testing framework has been enhanced by adding corresponding feature gate labels to node features. This improves the ability of suite authors to filter tests based on available features and ensures that tests are labeled with both the required feature set and the feature gates they test.
  • pull/131746

• Lease Controller Bug Fix: A bug in the Kubernetes project has been addressed by ensuring that the lease controller used by kubelet updates the lease duration when the kubelet's configuration changes. Previously, this did not occur, potentially leading to fragile lease validity if the configuration was altered to extend the lease duration and the kubelet was restarted.
  • pull/131749

• Unit Test Deflaking: The unit test "Test_StorageVersionUpdatedWithAllEncodingVersionsEqualOnLeaseDeletion" has been deflaked by increasing the delay duration to 5 seconds, addressing issue #131745 in the Kubernetes project.
  • pull/131756

3.2 Closed Pull Requests

This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Closed This Week: 56

Key Closed Pull Requests

1. Automated cherry pick of #130503: Unhandled panic crash on rollout_history printer.PrintObj: This pull request addresses a critical issue by cherry-picking changes from a previous commit (#130503) to fix an unhandled panic crash in the rollout_history function of the kubectl command, ensuring stability and error handling improvements in the Kubernetes release-1.33 branch.

• URL: pull/131496

• Merged: 2025-05-14T07:26:54Z

• Associated Commits: 303b2, 191b8, bb64a, f2019, a314f, ca7a1, eca69, 66d53, 19cf3, c0792

2. DRA: kubelet: check for duplicate claim names: This pull request addresses a cleanup task in the Kubernetes project by implementing a check in the kubelet to reject NodePrepareResources if the cached claim UID does not match the resource claim, thereby preventing issues with duplicate claim names and fixing issue #131513.

• URL: pull/131617

• Merged: 2025-05-16T11:53:14Z

• Associated Commits: 7f59a, 43b9e, 5b789, 798cd

3. DRA E2E: revise test labeling: This pull request revises the test labeling for Dynamic Resource Allocation (DRA) in Kubernetes by introducing a "DRA" label for easier identification of DRA-related tests, ensuring that the automatic labeling through WithFeatureGate is sufficient for individual features, and addressing an obsolete reference to v1alpha2 in DRA quota, with the changes dependent on an update of the DRA jobs.

• URL: pull/131691

• Merged: 2025-05-12T12:43:16Z

• Associated Commits: b09d0, 70b9d, 90db6, e7608

Other Closed Pull Requests

• Automated Cherry-Picks for NodeExpansion and Resize Fields: This set of pull requests involves automated cherry-picks of a previous change to various branches of the Kubernetes project. They focus on checking for newer resize fields to determine the status of the expansion recovery feature in kubelet, and include modifications such as removing the feature gate check to finalize the status of NodeExpansion.
  • pull/131437, pull/131438, pull/131439

• Bug Fixes for NodeResizeError in PVC Status: These pull requests address a bug fix by cherry-picking changes from a previous commit to the release-1.33 and release-1.32 branches. They resolve an issue where a NodeResizeError condition was incorrectly reported in the PersistentVolumeClaim (PVC) status when the CSI driver does not support node volume expansion for volumes with the ReadWriteMany (RWX) access mode.
  • pull/131523, pull/131524

• Go Version and Dependency Updates: These pull requests update the Kubernetes project by bumping images, dependencies, and versions to Go 1.23.8 and distroless iptables. They ensure the project is built with the latest Go version across multiple branches, addressing related issues.
  • pull/131528, pull/131537, pull/131683

• Cleanup and Code Consistency Improvements: These pull requests focus on cleanup tasks and code consistency improvements in the Kubernetes project. They include tasks such as avoiding unnecessary encoding, fixing scheme imports, and replacing hardcoded strings with constants to ensure uniformity across the codebase.
  • pull/131725, pull/131795, pull/131365

• Publishing Rules and Go Version Updates: This pull request updates the publishing rules for Kubernetes releases 1.30, 1.31, and 1.32 to use Go version 1.23.8. It also removes the configuration for the deprecated release 1.29 as part of a cleanup effort.
  • pull/131743

• Error Message Improvements for Kubelet: This pull request improves the error messages returned by the kubelet when creating a pod sandbox with user namespaces on older runtimes. It provides clearer and more specific error descriptions when the runtime does not support user namespaces, enhancing user understanding and debugging capabilities.
  • pull/131623

• Function Migration and Cleanup: This pull request involves migrating the function ExtractCommentTags to ExtractFunctionStyleCommentTags in the conversion.go file. It is part of a cleanup effort addressing issue #130358 in the Kubernetes project.
  • pull/131608

• Disable Size Checking for Filesystems: This pull request involves an automated cherry-pick of a previous change to the release-1.33 branch. It disables the size checking performed during the resize process for ext and xfs filesystems by preventing the reading of disk geometry before calling the expansion function.
  • pull/131636

• Security and Package Updates: This pull request updates the go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful package to version v0.44.0. It addresses the advisory GHSA-rcjv-mgp8-qvmr and silences security scanners on the master branch, explicitly stating that no backport or cherry-pick requests should be made.
  • pull/131440

• Pod Status and Conditions Documentation Update: This pull request involves renaming the helpers and updating the Go documentation (godoc) related to the calculation of observedGeneration on pod status and pod conditions. It addresses potential confusion as a follow-up to a previous discussion in the Kubernetes project.
  • pull/131445

• Kuberc Feature Promotion: This pull request aims to promote the "kuberc" feature to beta status, making it enabled by default in Kubernetes. It introduces a user-facing change where a valid kuberc file will be operational if defined in a specified location.
  • pull/131619

• NodeTaint TimeAdded Field Comment Cleanup: This pull request addresses a cleanup task by removing an inaccurate and potentially misleading comment from the NodeTaint TimeAdded field in the Kubernetes project. The comment incorrectly suggested that the field was only applicable to NoExecute taints, despite its use with NoSchedule taints as well.
  • pull/131644

• Kube-Scheduler Device Allocation Fix: This pull request is an automated cherry-pick of a previous fix that addresses an issue in Kubernetes 1.33. It restores the kube-scheduler's ability to allocate a large number of devices per ResourceClaim back to 32 devices, after it was inadvertently reduced to 16.
  • pull/131679

• Watch Tests Reliability Improvements: This pull request focuses on improving the reliability and cleanliness of watch tests in the Kubernetes project. It ensures that response bodies are properly closed after HTTP calls and introduces utility methods for handling and testing errors from response bodies and websockets.
  • pull/131706

• Potential Panic Issue Fix in YAML to JSON Decoder: This pull request is an automated cherry-pick of a previous fix addressing a potential panic issue in the NewYAMLToJSONDecoder function. It occurs when a JSON document is followed by a shorter YAML document, leading to a negative byte consumption and subsequent panic.
  • pull/131708

3.3 Pull Request Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.

---

IV. Contributors

4.1 Contributors

Active Contributors:

We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.

If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.

Contributor	Commits	Pull Requests	Issues	Comments
pohly	28	8	11	86
BenTheElder	24	5	5	76
jpbetz	58	3	3	17
bart0sh	8	2	1	58
roseteromeo56	61	0	0	0
carlory	23	14	1	16
aojea	16	4	3	30
rata	33	12	0	5
dims	11	6	2	28
gnufied	18	4	1	10