Week Ending July 20, 2025
https://lwkd.info/2025/20250723
Developer News
Code Freeze and Test Freeze for the Kubernetes v1.34 release begins at 02:00 UTC on Friday, July 25, 2025 (7:00 PM PDT on Thursday, July 24, 2025). Developers should ensure that all pull requests for KEPs and major changes targeting v1.34 are merged by the deadline.
Release Schedule
Next Deadline: Code and Test Freeze, July 24/25
Code and Test Freeze starts this week at 0200 UTC on Friday, July 25. Your PRs should all be merged by then. If you think you may miss the deadline, file an exception request.
Featured PRs
51630: Add Hugo Segments for Faster Local Website Builds
This PR introduces support for Hugo segments, allowing users to render specific parts of the Kubernetes website locally; For example, the build can be limited to English (en) or Persian (fa) content instead of rendering the entire site; This significantly reduces build time and resource usage when previewing documentation changes.
The default method make container-serve continues to build the whole site.
To build a specific segment, users can use the following commands
make container-serve segments=en # To build individual segments make container-serve segments=en,fa # To build multiple segments
131700: Add Support for CEL Extended Lists Library
This PR adds the support for using CEL extended lists library in Kubernetes by integrating upstream support from cel-go. This adds new list functions that allow more advanced list operations in CEL expressions. These functions can improve how conditions are written in features that use CEL-based evaluation, such as admission control and CRD validations.
KEP of the Week
KEP-5080: Ordered Namespace Deletion
This KEP introduces a secure and deterministic mechanism for deleting Kubernetes namespaces. The motivation comes from security and operational concerns with the current semi-random deletion order — for example, pods might continue running after their protecting NetworkPolicy is removed. This KEP ensures that all pods are deleted first and only then are the remaining resources removed, reducing the risk of exposed workloads. It is implemented through a feature gate OrderedNamespaceDeletion that enforces this opinionated deletion order during namespace cleanup.
This KEP is tracked as stable in v1.34
Other Merges
DRA: fixes watch handling on apiserver restart when conversion is needed
CSR declarative validation enabled for /status and /approval
e2e test added for DRA Admin Access
LIST request estimation accounts for maximum object size and caching
APF max seats to 100 for LIST request
deviceplugin and podresources APIs in kubelet from gogo to protoc
InPlacePodVerticalScaling kubelet_container_resize_requests_total metric to include all resize-related updates
Jitter added to periodic storage processes to reduce synchronized execution
InPlacePodVerticalScaling to retry pending resizes only if aggregated requests decrease
kubeadm: generate default etcd command based on etcd version
Optional listMapKeys supported in server-side apply for associative lists
In kubectl describe pod, port names are now included alongside port numbers when specified in the pod spec
kubelet_credential_provider_config_info metric reports credential provider config hash
CSR.status.conditions in v1 and v1beta1 enforce approved/denied exclusivity with declarative validation tags
Support reducing memory limits via NotRequired restart policy, with safeguards against OOM kills
e2e test for batch pod deletion in kubelet
Union validation rule tags added and +k8s:item chaining enabled in validation-gen
PodCPUAndMemoryStats added to the stats.Provider interface for fetching the CPU & memory stats for a single pod
apiserver_storage_objects metric is deprecated and replaced by apiserver_resource_objects with consistent labels
claimsToAllocate is passed through Allocate instead of NewAllocator
Memory tracking functionality added to the scheduler performance tests
kubelet: Instrumentation for in-place pod resize
Test coverage increased for pkg/kubelet/types
Fix for CPUManager non-regression test to handle CPU quota edge cases
InPlacePodVerticalScaling adds an event for pod resize completion
Fix for incorrect label key used in PodTopologyLabelAdmission, blocking beta graduation
kubelet supports contextual logging, and components including apis, kubeletconfig, nodeshutdown, pod, preemption, and memory manager have been migrated to use it
kuberuntime migrated to contextual logging
Image pull credential verification enabled for service account–based credential providers
Mirror pods test for generation and observedGeneration
More complex e2e test created for deferred resizes
DRA filter plugin times out after 10s to avoid long scheduling delays, configurable via FilterTimeout
Pause version updated to registry.k8s.io/pause:3.10.1
kube-apiserver support for PodCertificateRequest and PodCertificate projected volumes enabled
Warnings added for headless service using loadBalancerIP, externalIPs, or sessionAffinity
last_config_info metric added for authn, authz and encryption config
Promotions
PodLifecycleSleepAction to GA
NodeSwap to GA
Recovery feature to GA
PodObservedGenerationTracking to beta
WatchList to beta
API Server Tracing to GA
KubeletServiceAccountTokenForCredentialProviders to beta
ListFromCacheSnapshot to beta
Version Updates
Bumped cel-go to v0.26.0
Subprojects and Dependency Updates
cluster-api v1.11.0-beta.0: releases beta version for testing
via Last Week in Kubernetes Development https://lwkd.info/
July 23, 2025 at 05:38AM
