Week Ending July 27, 2025
https://lwkd.info/2025/20250730
Developer News
Due to low attendance and frequent cancellations, SIG Release is seeking a better meeting time via a Doodle poll, open until August 3, 2025 (AOE). This applies only to the main SIG Release meeting, not Release Team meetings. Changes will begin the week of August 18, 2025.
A security vulnerability was found in Kubernetes where an unauthorized user may be able to SSH/RDP/WINRM to Windows VMs built with Kubernetes Image Builder. Clusters using Image Builder version v0.1.44 or earlier are affected, specifically when using Windows images built with Nutanix OVA. Images from other providers are not affected.
Release Schedule
Next Deadline: Docs freeze, August 6
Kubernetes v1.34 has entered Code Freeze as of July 25, 2025. Only release-blocking issues and PRs will be accepted into the v1.34 milestone. Enhancements that didn’t meet the criteria have been removed, but exceptions can be requested if necessary. Key deadlines include August 6 for the docs freeze. For concerns, contact the release team via email or the #sig-release Slack channel. Make sure to get your docs PRs reviewed and merged before the upcoming docs freeze deadline!
Featured PRs
133157: KEP 4033: Add metric for out of support CRI and bump feature to GA
This PR graduates the KubeletCgroupDriverFromCRI feature to GA in v1.34; It finalizes a multi-release effort that allows the kubelet to retrieve the cgroup driver configuration directly from the container runtime using the CRI API; This improves consistency between kubelet and container runtime settings and removes the need for manual configuration alignment; A new metric has been added to report when the runtime does not support the Status.cgroupDriver field in its CRI response, helping identify unsupported or outdated CRI implementations.
133136: feat: Add warnings for unrecognized formats in CRDs
This PR updates how Kubernetes handles custom resource definitions (CRDs) that include format values; When a CRD contains a format value that isn’t recognized, the API server now returns a warning during create or update; The CRD is still accepted, but the warning helps you identify issues such as typos or unsupported values.
133105: KEP-5229: Run Unschedulable scheduler_perf test case with SchedulerAsyncAPICalls feature gate enabled
This PR adds new test configurations that specifically toggle SchedulerAsyncAPICalls for the _QueueingHintsEnabled scenarios within the Unschedulable test; These tests measure how the scheduler performs when pods cannot be scheduled, and toggling this feature gate helps validate behavior under different configurations.
KEP of the Week
KEP-961: Implement maxUnavailable in StatefulSet
This KEP enhances StatefulSet rolling updates by introducing the maxUnavailable setting, allowing multiple pods to be updated simultaneously instead of the default one-by-one strategy. It aims to speed up rollouts for large applications while respecting minReadySeconds to maintain availability. The StatefulSet controller is improved to better track pod readiness, and metrics like statefulset_unavailability_violation along with event logs help diagnose rollout issues.
Other Merges
PSA added for blocking .host on pod probes
Aggregated API server discovery supports EndpointSlices
Kubelet monitors device health via DRA and reports it in pod.status.containerStatuses.allocatedResourcesStatus field
pkg/kubelet/winstats and pkg/kubelet/volumemanager migrated to contextual logging
PodLevelResources propagate Pod level hugepage cgroup to containers
Optional APIs in ResouceSlice.Basic and ResourceClaim.Status.AllocatedDeviceStatus added
pvc.spec.VolumeAttributesClassName goes from non-nil to nil
Pod availability checks at the correct time in ReplicaSets
Scheduler interfaces moved from pkg/scheduler/framework to staging repo
kube-apiserver allows white-spaced CABundle during webhook client creation and validation
APIVersion fields of the HPA are validated to ensure created API objects function properly
Allows setting any FQDN as the pod’s hostname
Useful endpoints added for kube-apiserver
Machine readable output options (JSON & YAML) added to kubectl api-resources
PodLevelResources updates Downward API defaulting for resource limits
RV check added on GC delete calls
Container restart policy rules implemented
DRA kubelet adds v1 gRPC
Removed deprecated gogo protocol definitions from k8s.io/kubelet/pkg/apis/pluginregistration in favor of protoc
Runtime cost estimation fix for IntOrString custom resource schemas with maximum length
Kubernetes to return an error if user namespaces are used with volumeDevices
API calls sent through dispatcher and cache
Kubelet: metrics for userns pod creations and failures
Pod rejected when attachment limit is exceeded
KYAML support added to kubectl
debug_redact added to cri api secrets
Metrics added for monitoring async API calls in the scheduler when the SchedulerAsyncAPICalls is enabled
Fix for handle corner cases in the async preemption
Bumped DRA API version to “v1” in “deviceattribute” package in k8s.io/dynamic-resource-allocation
BoundedFrequencyRunner dropped from pkg/util/async
Promotions
VolumeAttributesClass to GA
DRAPrioritizedList to Beta
DRA API to GA
PSI metrics to Beta
kubeletPodResources to Beta
Windows graceful shutdown to Beta
DRAAdminAccess to Beta
Version Updates
Bumped external snapshotter for vgs tests
Bumped etcd sdk to v3.6.4
kustomize to v5.7.0
Subprojects and Dependency Updates
containerd/containerd 1.7.28: The twenty-eighth patch release for containerd 1.7 contains various fixes and updates.
kustomize kyaml/v0.20.1: drop shlex dependency.
cluster-api v1.11.0-beta.0: releases beta version for testing
Shoutouts
Patrick Ohly: Shoutout to @alaypatel07 for tackling the problem of setting up scale tests for DRA. He identified and resolved several bottlenecks, both in the cluster configuration and the Kubernetes source code. He presented at the WG Device Management meeting today and we were happy enough with the preliminary results that graduation to GA is no longer blocked, thanks to @alaypatel07! Also thanks to everyone who has supported him: @jackfrancis, @nojnhuh, @wojtekt and probably others that I don’t know about
Maciej Szulik: Huge shoutout to @Edwin Hernandez and @Heba for their help pushing KEP 961 forward, especially that this is one of the oldest and longest running features
Benjamin Elder: Thanks to @danwinship for quickly looking into and fixing a conformance test flake in SIG Network
Benjamin Elder: Thanks @jasonbraganza for tirelessly handling new member requests
via Last Week in Kubernetes Development https://lwkd.info/
July 30, 2025 at 03:17PM
1_r/devopsish
3_Music
