Weekly GitHub Report for Kubernetes: May 19, 2025 - May 26, 2025 (12:02:02)

Weekly GitHub Report for Kubernetes

Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.

---

Table of Contents

• I. News
  • 1.1. Recent Version Releases
  • 1.2. Other Noteworthy Updates
• II. Issues
  • 2.1. Top 5 Active Issues
  • 2.2. Top 5 Stale Issues
  • 2.3. Open Issues
  • 2.4. Closed Issues
  • 2.5. Issue Discussion Insights

• III. Pull Requests
  • 3.1. Open Pull Requests
  • 3.2. Closed Pull Requests
  • 3.3. Pull Request Discussion Insights

• IV. Contributors
  • 4.1. Contributors

I. News

1.1 Recent Version Releases:

The current version of this repository is v1.32.3

1.2 Version Information:

The version release on March 11, 2025, introduces key updates and changes to Kubernetes, as detailed in the linked changelog, with additional binary downloads available for users. Notable highlights or trends from this release can be found in the Kubernetes announcement forum and the comprehensive changelog documentation.

II. Issues

2.1 Top 5 Active Issues:

We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.

1. [KEP-3521]: Integrate well with out-of-tree resource quota solutions: This issue addresses the integration challenges between Kubernetes' Pod Scheduling Readiness feature and out-of-tree resource quota solutions, particularly in light of the In-place Update of Pod Resources feature, which allows resource modifications without rescheduling. The problem arises because the current behavior of in-place updates contradicts the goals of Pod Scheduling Readiness, potentially breaking existing out-of-tree quota solutions by allowing resource allocations that bypass these external quota mechanisms.

   • The comments discuss the confusion and challenges posed by the in-place update feature, with contributors suggesting potential solutions like introducing a resize gate or reusing scheduling gates. There is a consensus on the need for a more generic and extensible quota system within Kubernetes to address these integration issues, and some contributors propose temporary workarounds, such as using a ValidatingAdmissionPolicy to restrict resizing. The discussion also highlights the broader implications for out-of-tree solutions like Kueue and Application Aware Quota, emphasizing the need for a coordinated approach to ensure compatibility with new Kubernetes features.
   • Number of comments this week: 20

2. kind [ipv6?] CI jobs failing sometimes on network not ready: This issue is about intermittent failures in the CI jobs for the Kubernetes project, specifically affecting the pull-kubernetes-e2e-kind-ipv6 job, where the network is reported as unready during cluster creation. The problem seems to have increased in frequency recently, and potential causes include changes in the CI infrastructure or updates to the Kubernetes project, although recent dependency updates do not align with the spike in failures.

   • The comments discuss various potential causes for the issue, including recent pull requests and infrastructure changes, with a focus on a possible kernel issue affecting the node pool. There is an ongoing investigation into the problem, with some suggestions pointing towards a network-related bug in the kernel, and efforts are being made to rollback node pool upgrades and test alternative configurations. The discussion also notes the impact on all kind e2e jobs and mentions a tentative solution involving a different node pool configuration that appears to be working reliably.
   • Number of comments this week: 15

3. Update the BASEIMAGEs to the latest version for test/images: This issue involves updating outdated base images used in test environments to their latest versions, as some current images like alpine:3.6 and alpine:3.8 are no longer supported. The task requires reviewing and updating various test images, such as agnhost, apparmor-loader, and others, to ensure they are using the most recent and supported versions.

   • The comments discuss the need to update and possibly remove unused images, with suggestions to replace some with agnhost where possible. There is a consensus on the importance of maintaining up-to-date images to facilitate testing, especially in airgapped environments. A separate issue may be created to track the work of replacing images, and there is mention of existing linting checks to prevent adding new images unnecessarily.
   • Number of comments this week: 10

4. DRA: failed to create pod: "must specify one of: resourceClaimName, resourceClaimTemplateName": This issue involves a problem with creating a pod in a Kubernetes cluster due to a validation error, where the system requires specifying either resourceClaimName or resourceClaimTemplateName in the resource claims configuration. The user has enabled the Dynamic Resource Allocation feature gate and is attempting to create a DaemonSet, but encounters an error message indicating that the pod is invalid because these fields are not specified.

   • The comments discuss the validation error source and attempts to reproduce the issue on different clusters, with some users unable to replicate the problem. Suggestions are made to check cluster configurations and ensure compatibility with Kubernetes version 1.32, as changes in the pod specification structure might affect older clients or configurations.
   • Number of comments this week: 7

5. Enable event watch cache by default: This issue discusses the proposal to enable the event watch cache by default in the Kubernetes Apiserver, which is currently disabled to speed up testing. The motivation for this change is to reduce the pressure on etcd, as the lack of an event watch cache has previously led to significant issues, including high failure rates and increased request latency in large production clusters.

   • The comments highlight concerns about the high number of LIST requests for events and suggest that enabling the watch cache could lead to object leakage issues. There is a discussion about the scalability of events and the potential problems with continuous periodic LISTS, with suggestions to use watch events instead. The conversation also touches on the impact of kubelet on the number of range requests and the challenges faced when watchers cannot sync with etcd, leading to relisting and increased load.
   • Number of comments this week: 6

2.2 Top 5 Stale Issues:

We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.

1. apimachinery resource.Quantity primitive values should be public for recursive hashing: This issue addresses the need for the primitive values within the apimachinery resource.Quantity struct to be made public to facilitate recursive hashing, which is currently hindered by their private status. The lack of public access to these values complicates the process of detecting changes in Custom Resource Definitions (CRDs) for projects like kubernetes-sigs/karpenter, which rely on hash comparisons to identify specification drifts, impacting resource allocation and necessitating inefficient workarounds.
2. APF borrowing by exempt does not match KEP: This issue highlights a discrepancy between the Kubernetes Enhancement Proposal (KEP) and its implementation regarding how the exempt priority level borrows from other levels in the Kubernetes API Priority and Fairness (APF) system. Specifically, the KEP outlines a distinct formula for calculating the minimum concurrency limit for exempt levels, which is not reflected in the current implementation, leading to a situation where the exempt priority level is assigned a minimum concurrency limit of zero, contrary to the expectations set by the KEP.
3. apimachinery's unstructured converter panics if the destination struct contains private fields: This issue describes a problem with the DefaultUnstructuredConverter in the Kubernetes apimachinery package, where it panics when attempting to convert an unstructured object to a structured object if the destination struct contains private fields. The panic occurs because the converter tries to set values on these non-exported fields, which is not allowed, and the user expects the converter to ignore such private fields to prevent the panic.
4. Jsonpath impl does not support left match regex: This issue highlights a request for the addition of support for the =~ operator in jsonpath filter expressions within a GitHub project, specifically to enable matching using Golang regular expressions. The feature is needed to simplify the process of locating desired resources in systems with numerous resources by allowing users to perform regex-based searches, and the issue's author has expressed willingness to contribute to the implementation. Since there were fewer than 5 open issues, all of the open issues have been listed above.

2.3 Open Issues

This section lists, groups, and then summarizes issues that were created within the last week in the repository.

Issues Opened This Week: 38

Summarized Issues:

• Continuous Integration and Dependency Testing: This issue serves as an umbrella to track and address problems identified by a new continuous integration job, which tests newer versions of dependencies in the Kubernetes project. It links related fixes and discussions to ensure comprehensive resolution.
  • issues/131839

• Security Enhancements in Kubernetes API Server: This issue proposes a configuration change to the Kubernetes API server to restrict certificate-based authentication to only allow it from localhost. This enhances security by preventing external users or controllers from using certificates to access the API server, while still permitting colocated controllers to authenticate in this manner.
  • issues/131851

• Transformer Cache Growth and Memory Leaks: This issue concerns the potential for the transformer cache in Kubernetes to grow uncontrollably when users fail to re-encrypt all secrets. The Data Encryption Key (DEK) seed is rotated with each API server restart or key ID change, leading to an accumulation of cache entries without a size limit, which could eventually cause the cache to "explode."
  • issues/131853

• LoadBalancer Test Flakiness: This issue pertains to the flakiness of certain LoadBalancer tests within the Kubernetes project, specifically related to timeouts and failures in establishing load balancers due to infrastructure errors. Suggestions include improving error reporting for better diagnosis.
  • issues/131863

• Leadership Election Resource Conflict: This issue addresses a problem in the Kubernetes leadership election process where a resource conflict can prevent the release of an election lock. It suggests that the release logic should be modified to include a retry mechanism to handle conflicts, ensuring the lock is released even if the renewal context is canceled.
  • issues/131867

• Updating Base Images in Test Environments: This issue involves updating outdated base images used in test environments, such as alpine:3.6 and alpine:3.8, to their latest versions across various components in the Kubernetes project. It also considers the removal of unused images and ensuring compatibility with existing linting checks to maintain efficiency and ease of maintenance.
  • issues/131874

• Pod Creation Validation Error in Daemonset: This issue involves a problem with creating a pod in a Kubernetes daemonset due to a validation error. The Kubernetes Controller Manager (KCM) reports that either resourceClaimName or resourceClaimTemplateName must be specified, despite the user's configuration seemingly including the necessary resourceClaimTemplateName, leading to confusion about the cause of the error and requests for further troubleshooting and configuration details.
  • issues/131877

• Node Taint Management and Deprecation Concerns: This issue describes a problem where the node-lifecycle-controller in Kubernetes automatically removes the node.kubernetes.io/unschedulable=true:NoSchedule taint from a node when node.spec.Unschedulable is set to false. Despite the user's intention to have the node registered with this taint by default and only remove it manually, it highlights the deprecation of the --register-schedulable flag as a potential concern for configuring kubelet startup.
  • issues/131878

• Memory Usage Monitoring in Apiserver Benchmarks: This issue involves expanding the existing Kubernetes project to include a mechanism for monitoring the memory usage of the apiserver in list benchmarks. The goal is to detect regressions by reorganizing benchmark jobs to include mixed traffic and renaming them for clarity, ultimately aiding in informing Kubernetes releases.
  • issues/131885

• Porting Network Metrics Fix: This issue involves porting a fix related to network metrics from version 1.30 to version 1.31 of the Kubernetes project. The latest 1.31.9 version currently uses cadvisor v0.49.0, and it includes a reference to a specific pull request for context.
  • issues/131889

• Managed Fields Update Issue: This issue addresses a problem where the managed fields are not updated as expected when patching or updating the /scale subresource of a custom resource in Kubernetes. Specifically, the specReplicasPath field does not reflect the subresource operation and field manager used, unlike the behavior observed with built-in resources.
  • issues/131892

• End-to-End Test Image Cleanup: This issue involves reviewing and potentially replacing existing usages of end-to-end (e2e) test images with the agnhost image in the Kubernetes project. It also involves improving linting or documentation to prevent future non-agnhost image entries, as part of a cleanup effort.
  • issues/131893

• Event Watch Cache Performance: This issue discusses the need to enable the event watch cache by default in Kubernetes' Apiserver to alleviate significant etcd pressure and improve performance. Disabling it has led to high failure rates and latency issues in large production clusters, although there are concerns about potential object leaks in the watch cache.
  • issues/131897

• Memory Leak in Controller Component: This issue pertains to a memory leak identified in the controller component of a Kubernetes project. The reporter is actively working on a fix in their forked repository and planning to submit a pull request, while additional information is requested to clarify the specific controller component, the nature of the leak, and the affected Kubernetes version.
  • issues/131899

• Container Network Interface Connectivity Issues: This issue involves recurring connectivity problems in the container network interface implementation within Kubernetes, characterized by intermittent connection timeouts and DNS resolution failures. It particularly affects larger clusters with high pod density and suggests investigating areas such as CNI plugin implementation, iptables rule application, and DNS caching to address these challenges.
  • issues/131900

• Persistence of Metrics After CRD Deletion: This issue is about the persistence of apiserver_storage_objects metrics even after a Custom Resource Definition (CRD) has been deleted. This is unexpected behavior as the metrics should be removed once the CRD is deleted.
  • issues/131901

• DynamicResourceAllocation Feature Promotion: This issue involves promoting the DynamicResourceAllocation feature to General Availability (GA) by removing outdated API versions, adding a stable version, updating tests and CI jobs, and ensuring the feature is enabled by default in the Kubernetes project.
  • issues/131903

• Authentication Token Rejection Post-Upgrade: This issue involves a problem where existing authentication tokens are being rejected following an upgrade of a Kubernetes cluster from version 1.23 to 1.24.
  • issues/131904

• Memory Leak in Container Garbage Collection: This issue involves a memory leak in the Kubernetes container garbage collection mechanism, specifically within the kubelet's container GC process. References to deleted containers are retained in memory, leading to increased memory usage over time and potential OOM issues on nodes with high container turnover, necessitating periodic kubelet restarts to manage the problem.
  • issues/131905

• Memory Leak in Pod Controller: This issue describes a memory leak in the Kubernetes pod controller where memory usage continuously increases over time without being released, even when pods are deleted. This leads to operational challenges such as the need for periodic restarts and potential service disruptions due to Out of Memory (OOM) issues.
  • issues/131906

• Configurable Timeout for DRA Scheduler Plugin: This issue is about adding a configurable timeout for the Filter operation in the DRA scheduler plugin to prevent users from slowing down the scheduler with complex workloads. The runtime of this operation can vary significantly based on several factors.
  • issues/131908

• Pod Memory Usage Reporting Discrepancy: This issue highlights a problem with Kubernetes pod memory usage reporting, where a test pod running a simple script to upload a large file to Google Cloud Storage shows an unexpected and persistent increase in reported memory usage by approximately 27 GiB. This occurs despite minimal actual memory consumption and no active processes, suggesting a potential miscalculation involving disk cache or memory accounting by the kubelet.
  • issues/131913

• Excessive Logging in Kubelet: This issue concerns excessive logging in Kubelet on v1.33 nodes, where the logs are cluttered with non-informative lines about "Enforcing CFS Quota." It suggests that these logs should either be moved to a higher verbosity level or removed, as they were introduced in a recent pull request and may require a fix to be backported.
  • issues/131914

• Missing Swap Usage Metrics: This issue highlights the absence of Kubelet's container-level and pod-level swap usage metrics from the /metrics/resource endpoint, despite their availability from the /stats/summary endpoint. It emphasizes the need for these metrics to be accessible from the /metrics/resource endpoint for better monitoring and resource management.
  • issues/131915

• Job Recreation and Pod Creation Issues: This issue describes a problem in Kubernetes where recreating a job with the same name immediately after deleting it can prevent the new job from creating a pod due to unresolved expectations and mismatched job references.
  • issues/131917

• Service Port Overriding Issue: This issue describes a problem in Kubernetes where adding a service port with the same port number but a different protocol results in the previous port being overridden, rather than being reserved. This occurs due to the patching logic using the port as the merge key, which conflicts with the intended service design.
  • issues/131918

• Pod Level Resources Alpha Test Failures: This issue reports that the Pod Level Resources Alpha tests are failing in the pre-pull jobs for the Kubernetes project, specifically affecting the pull-kubernetes-node-e2e-containerd-serial-ec2 job. Multiple test cases related to Burstable and Guaranteed QoS pods have been failing since at least February 25, 2025, and the reason for the failure is currently unknown.
  • issues/131920

• Node Lifecycle Management Test Failure: This issue pertains to a failing test in the Kubernetes project, specifically within the node lifecycle management, where the test for restartable init containers on a Fedora node fails to restart containers in the correct order after a node reboot due to a timestamp parsing error. The same test passes on an Ubuntu node.
  • issues/131921

• InodeEviction Test Failure: This issue pertains to a failing test in the Kubernetes project, specifically within the E2eNode Suite, where the InodeEviction test, designed to simulate DiskPressure and ensure the correct eviction of pods, is not functioning as expected. The test has been persistently failing since May 16, with the test timing out and not encountering the expected DiskPressure condition, particularly affecting the CRI-O runtime.
  • issues/131923

• TestPrepareResources Timeout Error: This issue pertains to a failing test in the Kubernetes project, specifically the TestPrepareResources/should_timeout test, which is failing due to a mismatch in the expected error message related to a "NodePrepareResources failed" RPC error. This indicates a problem with the test's handling of timeout errors in the node preparation resources process.
  • issues/131925

• APIServer Metrics Labels Test Failure: This issue pertains to a failing test in the Kubernetes project, specifically the TestAPIServerMetricsLabelsWithAllowList/check_CounterVec_metric, where the test fails due to an unexpected label value "200" for the "code" label. Several post-start hooks are not completing, indicating potential issues with the API server's startup and configuration processes.
  • issues/131931

• StatefulSet PVC Retention Issue: This issue pertains to a failure in the Kubernetes project where the StatefulSetPersistentVolumeClaimPolicy is not retaining PVCs as expected after adopting a pod. Specifically, it results in a "pods 'ss-2' not found" error during an e2e test and has been identified as a failing test and flake under the apps SIG.
  • issues/131932

• Kustomize Build Runtime Panic: This issue describes a problem where running the kustomize build command on a file containing multiple patch instructions results in a runtime panic due to an invalid memory address or nil pointer dereference. Instead of applying the patches as expected or providing a helpful error message, it causes a crash.
  • issues/131939

• OpenTelemetry Go Contrib Library Changes: This issue pertains to the removal of UnaryServerInterceptor and UnaryClientInterceptor from the OpenTelemetry Go Contrib library, which has caused build errors in the Kubernetes project due to undefined references in several files. This was detected by their dependency early warning system.
  • issues/131942

• Networking Test Curl Command Failure: This issue involves a failure in the Kubernetes project where the networking test is unable to successfully execute a curl command to check the health of kube-proxy URLs. It results in a timeout and exit code 7 error and has been observed in both e2e-kops-aws-sig-network-beta and kind cluster environments.
  • issues/131943

• Intermittent Network Readiness Failures: This issue involves intermittent failures in the "pull-kubernetes-e2e-kind-ipv6" CI jobs due to network readiness problems. These issues are potentially linked to recent infrastructure changes or kernel issues affecting the node pool, with a specific error indicating that the network is unreachable during cluster creation.
  • issues/131948

• PodAffinity Feature Limitation: This issue discusses a limitation in Kubernetes' podAffinity feature, where the user is unable to schedule cleanup pods on the same nodes as non-running pods with stuck FUSE filesystems. It questions whether podAffinity should be extended to match pods that are not actively running.
  • issues/131949

• ImagePolicyWebhook Deprecation Consideration: This issue involves evaluating whether to deprecate the ImagePolicyWebhook admission plugin in the Kubernetes project or migrate its configuration to a versioned file format to enhance maintainability and clarity. This consideration is due to its prolonged Alpha status and potential replacement by ValidatingAdmissionWebhook.
  • issues/131953

2.4 Closed Issues

This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.

Issues Closed This Week: 13

Summarized Issues:

• Failing Tests in Kubernetes: The Kubernetes project has encountered multiple failing tests, including "TestGetCacheBypass" and a ResourceQuota feature test. These failures are due to issues like a "dummy error" and exceeding quotas for terminating pods, indicating potential problems with test logic or timing.
  • issues/131468, issues/131834

• Code Generation Bug in Kubernetes: A bug in the applyconfiguration-gen tool from Kubernetes causes a nil pointer error when embedding an imported type like gwv1alpha2.PolicyStatus. This issue does not occur when embedding local types or using the imported type without embedding, highlighting a specific problem with the code generation process.
  • issues/131533

• Metrics Recording Enhancement: Kubernetes is working on adding a method to record and expose metrics for various component versions using a Gauge metric with StabilityLevel: k8smetrics.ALPHA. This enhancement aims to improve the monitoring capabilities of components like kube-apiserver, kube-scheduler, and kube-controller-manager.
  • issues/131655

• DaemonSet Deletion Issue: Deleting and quickly recreating a DaemonSet in Kubernetes can lead to both old and new Pods coexisting on the same node. This issue arises because the DaemonSet object is deleted immediately while its Pods remain, suggesting the use of foreground cascading deletion to resolve it.
  • issues/131684

• Dependency Management Proposal: A proposal has been made to improve visibility into upcoming dependency issues in Kubernetes by creating a forward-looking job. This job would periodically update and analyze dependencies to identify potential problems, allowing proactive management and mitigation.
  • issues/131705

• CPU Manager Test Failure: The Kubernetes CPU Manager tests are failing when running non-guaranteed pods, as containers cannot access all online non-exclusively-allocated CPUs. This issue is highlighted by error logs and recent test failures, indicating a problem with CPU allocation.
  • issues/131793

• Code Quality and Typographical Errors: Efforts are being made to enhance the code quality of Kubernetes by correcting spelling errors, particularly in comments, while ensuring the docs folder remains unaffected. Additionally, a typographical error in the build/dependencies.yml file needs correction.
  • issues/131856, issues/131859

• Practice Project Request: There is a suggestion to provide a practice project within the Kubernetes documentation to cover most functions. This request indicates a need for resources that help users better understand and utilize Kubernetes features.
  • issues/131858

• ServiceCIDR Range Issue in AKS: In an Azure Kubernetes Service (AKS) environment, new services fail to be created after exhausting the original ServiceCIDR range, despite adding a new range. The system does not automatically allocate IPs from the new range, suggesting a need for improved IP allocation logic.
  • issues/131866

• Kernel Version Support in kubeadm: The kubeadm init command fails on CentOS due to a SystemVerification preflight error, as the kernel version 5.14.0-585.el9.ppc64le is unsupported. This raises a discussion on whether to relax the version check or change the error to a warning.
  • issues/131898

• Duplicate Issue on Node Creation Validation: An issue regarding validation for a scenario where Count equals zero in the createNodesOp function was marked as a duplicate. This indicates it was closed due to being a repeated report, highlighting the importance of issue tracking.
  • issues/131933

2.5 Issue Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.

---

III. Pull Requests

3.1 Open Pull Requests

This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Opened This Week: 49

Key Open Pull Requests

1. Moving Scheduler interfaces to staging: split CycleState into interface CycleState and implementation CycleStateImpl: This pull request involves a cleanup task that separates the CycleState into an interface and its implementation (CycleStateImpl), as part of a larger effort to move scheduler interfaces to the staging repository "k8s.io/kube-scheduler," allowing users to import scheduler framework interfaces without needing to import the entire Kubernetes repository.

• URL: pull/131887

• Merged: No

• Associated Commits: 39dfb, aba70, 22fcc, f825a, dc1da, 1f6f8, 36726, d52b7, 91cf0

2. In-memory caching for node image access multitenancy: This pull request introduces an in-memory caching layer for node image access in Kubernetes, enhancing multitenancy by implementing a write-through cache between the kubelet's image pulls manager and the on-disk image pull records, which falls back to disk on cache misses, and includes benchmarks demonstrating improved performance with high cache hit rates.

• URL: pull/131882

• Merged: No

• Associated Commits: 76d53, 46999, 65011, a34c0

3. WIP: DRA integration: set up nodes for scheduling: This pull request focuses on integrating DRA (Dynamic Resource Allocation) by setting up nodes for scheduling to enable proper scheduling tests, with an emphasis on performing most tests in the scheduler_perf for benchmarking and YAML-based object creation, while handling special cases like error injection within the current setup.

• URL: pull/131869

• Merged: No

• Associated Commits: 60c36, 50f15, e6301

Other Open Pull Requests

• Bug Fixes in Kubernetes CPUManager and OIDC Discovery Path: These pull requests address critical bugs in the Kubernetes project, including a fix for the prefer-align-cpus-by-uncorecache option in the CPUManager and a backport fix for the OIDC discovery path issue. The CPUManager fix allows for proper CPU allocation on systems with SMT/hyperthreading, while the OIDC fix ensures correct configuration of the PublicKeysGetter to prevent 404 errors.
  • pull/131850, pull/131945, pull/131946

• Volume Expansion Prevention and StructuredAuthenticationConfiguration GA: The pull requests focus on preventing the expansion of certain volumes and promoting the StructuredAuthenticationConfiguration feature to GA. The volume expansion prevention ensures that volumes with specific annotations are not expanded, while the GA promotion updates tests to reflect the new status.
  • pull/131907, pull/131916

• Code Cleanup and Test Improvements: These pull requests aim to clean up code and improve test reliability in the Kubernetes project. Changes include adjusting parameter order in tests, fixing potential goroutine leaks, and making tests serial to reduce flakiness.
  • pull/131846, pull/131847, pull/131852

• New Features and Enhancements: The pull requests introduce new features such as a mutateCachingObject for Service objects and a feature to watch from etcd without PrevKV. These changes aim to improve functionality and performance, with the etcd change validated in large-scale environments.
  • pull/131848, pull/131862

• Security Enhancements and Linter Rule Updates: These pull requests enhance security by rejecting static pods with ResourceClaims and enable a linter rule to ensure required fields are correctly marked. The changes close potential security loopholes and improve code consistency.
  • pull/131875, pull/131876, pull/131884

• Base Image Updates and Cleanup Efforts: The pull requests update base images for httpd and nginx as part of a cleanup effort, addressing specific issues without user-facing changes. These updates are part of ongoing maintenance to ensure up-to-date dependencies.
  • pull/131888, pull/131894

• Automated Cherry-Picks for Lease Duration Updates: These pull requests are automated cherry-picks aimed at updating the lease duration in the kubelet for different release branches. The updates ensure consistent behavior across versions when configuration changes occur.
  • pull/131909, pull/131910

3.2 Closed Pull Requests

This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Closed This Week: 42

Key Closed Pull Requests

1. Add kube-api-linter verify scripts: This pull request introduces scripts and configurations to enable the use of the kube-api-linter on the API staging repository, aiming to automate API reviews by enforcing standards with two initial rules: optionalorrequired, which ensures struct fields are explicitly marked as +optional or +required, and requiredfields, which ensures required fields do not use pointers or have omitempty, thereby facilitating the gradual enforcement of API conventions.

• URL: pull/131561

• Merged: 2025-05-20T21:44:34Z

• Associated Commits: ab7b1, 21d4c, c28f8, eaacf, 58261, e2606

2. [WIP] Lookup field paths reachable by a CEL expression: This pull request aims to introduce a feature that allows for the identification of field paths accessible by a CEL expression, which is essential for declarative validation to adjust based on fields relevant to a validation rule, although it does not introduce any user-facing changes.

• URL: pull/131576

• Merged: No

• Associated Commits: 3246f, 9808a, caaae, 3331b

3. Fix selected typos across sub-directories: This pull request addresses the correction of spelling errors across various sub-directories within the Kubernetes project, specifically targeting the 'api', 'cluster', 'cmd', and 'plugin' folders, as part of a documentation and code quality improvement effort.

• URL: pull/131857

• Merged: No

• Associated Commits: 40a20, 24d54, bb9a8, 47b26

Other Closed Pull Requests

• Bug Fixes in Kubernetes Project: This topic covers various bug fixes in the Kubernetes project, including issues with the applyconfig-gen tool, shadowed errors in test functions, and lease controller updates. These pull requests aim to improve the reliability and functionality of the Kubernetes system by addressing specific bugs and ensuring proper operation of components like kubelet and test functions.
  • pull/131628, pull/131699, pull/131749, pull/131841

• Flaky Test Improvements: Several pull requests focus on addressing flaky tests in the Kubernetes project by ensuring proper initialization and error handling. These improvements aim to enhance the stability and reliability of tests by preventing issues like quota exceedance and watch cache instability.
  • pull/131843, pull/131766, pull/131803

• Cleanup and Documentation Enhancements: This topic includes cleanup tasks and documentation improvements, such as removing outdated comments, fixing broken links, and clarifying descriptions. These efforts are intended to streamline the codebase and enhance the clarity and accuracy of documentation for developers and users.
  • pull/131693, pull/131825, pull/131827, pull/131840

• Feature Enhancements and New Capabilities: Various pull requests introduce new features and capabilities to the Kubernetes project, such as support for ECDSA-P384 encryption, alpha metrics for compatibility versioning, and scaling improvements for the Horizontal Pod Autoscaler. These enhancements aim to expand the functionality and performance of Kubernetes components.
  • pull/131677, pull/131819, pull/131842

• Dependency and Compatibility Updates: This topic covers updates to dependencies and compatibility improvements, including updating the google.golang.org/grpc dependency and future-proofing CSI test mocks. These updates ensure that the Kubernetes project remains compatible with external libraries and future changes.
  • pull/131838, pull/131830

• Security and Validation Enhancements: Security improvements and validation enhancements are addressed in pull requests that implement measures to reject unauthorized static pod references and ensure proper configuration validation. These changes aim to enhance the security and robustness of the Kubernetes system.
  • pull/131844

• Testing Framework and Performance Improvements: Pull requests in this category focus on improving the testing framework and adding performance tests, such as scheduler performance tests for DRA Partitionable Devices. These efforts aim to enhance the testing process and establish benchmarks for future optimizations.
  • pull/131704, pull/131771, pull/131849

• API and Configuration Changes: This topic includes API and configuration changes, such as deprecating the 'preferences' field in kubeconfig and duplicating the v1beta1 version of AuthenticationConfiguration to v1. These changes are part of ongoing efforts to update and improve the Kubernetes API and configuration management.
  • pull/131741, pull/131752

• Metrics and Resource Management: Pull requests in this category address the unification of metrics labeling and the addition of feature gate labels to node features in tests. These changes aim to standardize metrics and improve resource management and test filtering mechanisms.
  • pull/131845, pull/131746

3.3 Pull Request Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.

---

IV. Contributors

4.1 Contributors

Active Contributors:

We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.

If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.

Contributor	Commits	Pull Requests	Issues	Comments
pohly	39	16	15	79
BenTheElder	12	1	5	80
jpbetz	56	3	3	13
liggitt	1	0	1	59
carlory	21	12	1	16
dims	16	6	4	24
aojea	14	0	2	27
rata	33	10	0	0
ania-borowiec	18	4	2	10
bart0sh	8	1	0	24