From 72c78fdb1753da217a2ada7e06815774980ee135 Mon Sep 17 00:00:00 2001 From: kernel-kun <78614901+kernel-kun@users.noreply.github.com> Date: Thu, 6 Nov 2025 15:05:58 +0530 Subject: [PATCH] Release Notes draft for k/k v1.35.0-alpha.3 --- .../release-notes/maps/pr-123642-map.yaml | 7 + .../release-notes/maps/pr-125912-map.yaml | 4 + .../release-notes/maps/pr-132157-map.yaml | 6 + .../release-notes/maps/pr-132240-map.yaml | 5 + .../release-notes/maps/pr-132644-map.yaml | 6 + .../release-notes/maps/pr-133511-map.yaml | 5 + .../release-notes/maps/pr-133779-map.yaml | 7 + .../release-notes/maps/pr-133980-map.yaml | 5 + .../release-notes/maps/pr-134103-map.yaml | 6 + .../release-notes/maps/pr-134152-map.yaml | 8 + .../release-notes/maps/pr-134157-map.yaml | 5 + .../release-notes/maps/pr-134263-map.yaml | 5 + .../release-notes/maps/pr-134313-map.yaml | 5 + .../release-notes/maps/pr-134378-map.yaml | 5 + .../release-notes/maps/pr-134445-map.yaml | 5 + .../release-notes/maps/pr-134452-map.yaml | 5 + .../release-notes/maps/pr-134457-map.yaml | 8 + .../release-notes/maps/pr-134466-map.yaml | 5 + .../release-notes/maps/pr-134493-map.yaml | 6 + .../release-notes/maps/pr-134523-map.yaml | 6 + .../release-notes/maps/pr-134624-map.yaml | 9 + .../release-notes/maps/pr-134647-map.yaml | 4 + .../release-notes/maps/pr-134691-map.yaml | 8 + .../release-notes/maps/pr-134709-map.yaml | 4 + .../release-notes/maps/pr-134730-map.yaml | 5 + .../release-notes/maps/pr-134740-map.yaml | 5 + .../release-notes/maps/pr-134743-map.yaml | 6 + .../release-notes/maps/pr-134744-map.yaml | 13 + .../release-notes/maps/pr-134746-map.yaml | 7 + .../release-notes/maps/pr-134760-map.yaml | 5 + .../release-notes/maps/pr-134769-map.yaml | 6 + .../release-notes/maps/pr-134777-map.yaml | 4 + .../release-notes/maps/pr-134779-map.yaml | 5 + .../release-notes/maps/pr-134780-map.yaml | 4 + .../release-notes/maps/pr-134781-map.yaml | 5 + .../release-notes/maps/pr-134782-map.yaml | 5 + .../release-notes/maps/pr-134784-map.yaml | 7 + .../release-notes/maps/pr-134793-map.yaml | 5 + .../release-notes/maps/pr-134803-map.yaml | 4 + .../release-notes/maps/pr-134826-map.yaml | 8 + .../release-notes/maps/pr-134833-map.yaml | 5 + .../release-notes/maps/pr-134875-map.yaml | 6 + .../release-notes/maps/pr-134905-map.yaml | 6 + .../release-notes/maps/pr-134906-map.yaml | 7 + .../release-notes/maps/pr-134913-map.yaml | 4 + .../release-notes/maps/pr-134948-map.yaml | 4 + .../release-notes/maps/pr-134949-map.yaml | 4 + .../release-notes/maps/pr-134956-map.yaml | 5 + .../release-notes/maps/pr-134962-map.yaml | 5 + .../release-notes/maps/pr-134964-map.yaml | 5 + .../release-notes/maps/pr-134984-map.yaml | 4 + .../release-notes/maps/pr-134994-map.yaml | 5 + .../release-notes/maps/pr-134995-map.yaml | 5 + .../release-notes/maps/pr-135003-map.yaml | 5 + .../release-notes/maps/pr-135007-map.yaml | 6 + .../release-notes/maps/pr-135017-map.yaml | 7 + .../release-notes/maps/pr-135059-map.yaml | 5 + .../release-notes/maps/pr-135080-map.yaml | 5 + .../release-notes/maps/pr-135081-map.yaml | 5 + .../release-notes/maps/pr-135084-map.yaml | 5 + .../release-notes/release-notes-draft.json | 1581 ++++++++++++++++- .../release-notes/release-notes-draft.md | 121 +- .../sessions/maps-1762418245.json | 251 +++ 63 files changed, 2241 insertions(+), 48 deletions(-) create mode 100644 releases/release-1.35/release-notes/maps/pr-123642-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-125912-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-132157-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-132240-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-132644-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-133511-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-133779-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-133980-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134103-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134152-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134157-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134263-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134313-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134378-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134445-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134452-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134457-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134466-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134493-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134523-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134624-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134647-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134691-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134709-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134730-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134740-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134743-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134744-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134746-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134760-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134769-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134777-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134779-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134780-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134781-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134782-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134784-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134793-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134803-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134826-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134833-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134875-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134905-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134906-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134913-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134948-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134949-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134956-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134962-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134964-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134984-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134994-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-134995-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-135003-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-135007-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-135017-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-135059-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-135080-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-135081-map.yaml create mode 100644 releases/release-1.35/release-notes/maps/pr-135084-map.yaml create mode 100644 releases/release-1.35/release-notes/sessions/maps-1762418245.json diff --git a/releases/release-1.35/release-notes/maps/pr-123642-map.yaml b/releases/release-1.35/release-notes/maps/pr-123642-map.yaml new file mode 100644 index 00000000000..cf5e7e75891 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-123642-map.yaml @@ -0,0 +1,7 @@ +pr: 123642 +releasenote: + text: |- + The JWT authenticator in `kube-apiserver` now reports the following metrics when the `StructuredAuthenticationConfiguration` feature gate is enabled: + - `apiserver_authentication_jwt_authenticator_jwks_fetch_last_timestamp_seconds` + - `apiserver_authentication_jwt_authenticator_jwks_fetch_last_key_set_info`. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-125912-map.yaml b/releases/release-1.35/release-notes/maps/pr-125912-map.yaml new file mode 100644 index 00000000000..e71490cb0e1 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-125912-map.yaml @@ -0,0 +1,4 @@ +pr: 125912 +releasenote: + text: Migrated the `CPUManager` to contextual logging. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-132157-map.yaml b/releases/release-1.35/release-notes/maps/pr-132157-map.yaml new file mode 100644 index 00000000000..7dc200fbc4c --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-132157-map.yaml @@ -0,0 +1,6 @@ +pr: 132157 +releasenote: + text: Removed the `UserNamespacesPodSecurityStandards` feature gate. The minimum + supported Kubernetes version for `kubelet` is now `v1.31`, so the gate is no longer + needed. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-132240-map.yaml b/releases/release-1.35/release-notes/maps/pr-132240-map.yaml new file mode 100644 index 00000000000..415d8e5544f --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-132240-map.yaml @@ -0,0 +1,5 @@ +pr: 132240 +releasenote: + text: Improved throughput in the `real-FIFO` queue used by `informers` and `controllers` + by adding batch handling for processing watch events. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-132644-map.yaml b/releases/release-1.35/release-notes/maps/pr-132644-map.yaml new file mode 100644 index 00000000000..fac48e85f4d --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-132644-map.yaml @@ -0,0 +1,6 @@ +pr: 132644 +releasenote: + text: Added a counter metric `kubelet_image_manager_ensure_image_requests_total{present_locally, + pull_policy, pull_required}` that exposes details about `kubelet` ensuring an + image exists on the node. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-133511-map.yaml b/releases/release-1.35/release-notes/maps/pr-133511-map.yaml new file mode 100644 index 00000000000..29cf8e67f49 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-133511-map.yaml @@ -0,0 +1,5 @@ +pr: 133511 +releasenote: + text: Eliminated and prevented future use of the `md5` algorithm in favor of more appropriate + hashing algorithms. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-133779-map.yaml b/releases/release-1.35/release-notes/maps/pr-133779-map.yaml new file mode 100644 index 00000000000..9cfea9fb689 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-133779-map.yaml @@ -0,0 +1,7 @@ +pr: 133779 +releasenote: + text: |- + ACTION REQUIRED: + + Removed the `--pod-infra-container-image` flag from `kubelet` command line. For `non-kubeadm` clusters, users must manually remove this flag from their `kubelet` configuration to prevent startup failures before upgrading `kubelet`. For `kubeadm` clusters, if users pass extra arguments to the `kubelet` like `--pod-infra-container-image`, it will be written to the `kubelet` env file during the `init` phase. `kubeadm` does not remove it during the `init` or `join` phase, so users must manually remove it from `extraArgs` in the `kubelet` configuration file. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-133980-map.yaml b/releases/release-1.35/release-notes/maps/pr-133980-map.yaml new file mode 100644 index 00000000000..53951a04bad --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-133980-map.yaml @@ -0,0 +1,5 @@ +pr: 133980 +releasenote: + text: Added the `--min-compatibility-version` flag to `kube-apiserver`, `kube-controller-manager`, + and `kube-scheduler`. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134103-map.yaml b/releases/release-1.35/release-notes/maps/pr-134103-map.yaml new file mode 100644 index 00000000000..d1b562593e7 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134103-map.yaml @@ -0,0 +1,6 @@ +pr: 134103 +releasenote: + text: Fixed a bug that prevented allocating the same device that was previously + consuming the `CounterSet` when both `DRAConsumableCapacity` and `DRAPartitionableDevices` + were enabled. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134152-map.yaml b/releases/release-1.35/release-notes/maps/pr-134152-map.yaml new file mode 100644 index 00000000000..68337d77061 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134152-map.yaml @@ -0,0 +1,8 @@ +pr: 134152 +releasenote: + text: 'DRA device taints: `DeviceTaintRule` status provides information about the + rule, including whether Pods still need to be evicted (`EvictionInProgress` condition). + The newly added `None` effect can be used to preview what a `DeviceTaintRule` + would do if it used the `NoExecute` effect and to taint devices (`device health`) + without immediately affecting scheduling or running Pods.' +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134157-map.yaml b/releases/release-1.35/release-notes/maps/pr-134157-map.yaml new file mode 100644 index 00000000000..0c21d85d3cd --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134157-map.yaml @@ -0,0 +1,5 @@ +pr: 134157 +releasenote: + text: Fixed a bug where a deleted Pod in the binding phase continued to occupy space + on the node in `kube-scheduler`. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134263-map.yaml b/releases/release-1.35/release-notes/maps/pr-134263-map.yaml new file mode 100644 index 00000000000..f7d88a608ef --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134263-map.yaml @@ -0,0 +1,5 @@ +pr: 134263 +releasenote: + text: Namespace is now included in the `--dry-run=client` output for `HorizontalPodAutoscaler + (HPA)` objects. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134313-map.yaml b/releases/release-1.35/release-notes/maps/pr-134313-map.yaml new file mode 100644 index 00000000000..dd7c5f7519f --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134313-map.yaml @@ -0,0 +1,5 @@ +pr: 134313 +releasenote: + text: Introduced a structured and versioned `v1alpha1` response for the `statusz` + endpoint. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134378-map.yaml b/releases/release-1.35/release-notes/maps/pr-134378-map.yaml new file mode 100644 index 00000000000..2dc95d11df5 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134378-map.yaml @@ -0,0 +1,5 @@ +pr: 134378 +releasenote: + text: Introduced the `--as-user-extra` persistent flag in `kubectl`, which allows + passing extra arguments during impersonation. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134445-map.yaml b/releases/release-1.35/release-notes/maps/pr-134445-map.yaml new file mode 100644 index 00000000000..9f2012a0c30 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134445-map.yaml @@ -0,0 +1,5 @@ +pr: 134445 +releasenote: + text: Fixed a long-standing issue where `kubelet` rejected Pods with `NodeAffinityFailed` + due to a stale informer cache. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134452-map.yaml b/releases/release-1.35/release-notes/maps/pr-134452-map.yaml new file mode 100644 index 00000000000..b6e31409b35 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134452-map.yaml @@ -0,0 +1,5 @@ +pr: 134452 +releasenote: + text: 'DRA: The `DynamicResourceAllocation` feature gate for the core functionality + (GA in `v1.34`) has now been locked to enabled-by-default and cannot be disabled anymore.' +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134457-map.yaml b/releases/release-1.35/release-notes/maps/pr-134457-map.yaml new file mode 100644 index 00000000000..15c81cc86a7 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134457-map.yaml @@ -0,0 +1,8 @@ +pr: 134457 +releasenote: + text: |- + The `PreferSameZone` and `PreferSameNode` values for the Service + `trafficDistribution` field graduated to general availability. The + `PreferClose` value is now deprecated in favor of the more explicit + `PreferSameZone`. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134466-map.yaml b/releases/release-1.35/release-notes/maps/pr-134466-map.yaml new file mode 100644 index 00000000000..ddbfdc268e2 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134466-map.yaml @@ -0,0 +1,5 @@ +pr: 134466 +releasenote: + text: 'Fixed a bug where `AllocationMode: All` would not succeed if a resource pool + contained `ResourceSlices` that were not targeting the current node.' +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134493-map.yaml b/releases/release-1.35/release-notes/maps/pr-134493-map.yaml new file mode 100644 index 00000000000..6f572d21b85 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134493-map.yaml @@ -0,0 +1,6 @@ +pr: 134493 +releasenote: + text: |- + Promoted the `RelaxedServiceNameValidation` feature to beta (enabled by default). + New Service names are now validated with `NameIsDNSLabel()`, relaxing the pre-existing validation. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134523-map.yaml b/releases/release-1.35/release-notes/maps/pr-134523-map.yaml new file mode 100644 index 00000000000..943b7435368 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134523-map.yaml @@ -0,0 +1,6 @@ +pr: 134523 +releasenote: + text: |- + Added a `source` label to the `resourceclaim_controller_resource_claims` metric. + Added the `scheduler_resourceclaim_creates_total` metric for `DRAExtendedResource`. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134624-map.yaml b/releases/release-1.35/release-notes/maps/pr-134624-map.yaml new file mode 100644 index 00000000000..fe7fd8f46d5 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134624-map.yaml @@ -0,0 +1,9 @@ +pr: 134624 +releasenote: + text: The Pod Certificates feature moved to beta. The `PodCertificateRequest` feature + gate is set disabled by default. To use the feature, users must enable the certificates + API groups in `v1beta1` and enable the `PodCertificateRequest` feature gate. The + `UserAnnotations` field was added to the `PodCertificateProjection` API and the + corresponding `UnverifiedUserAnnotations` field was added to the `PodCertificateRequest` + API. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134647-map.yaml b/releases/release-1.35/release-notes/maps/pr-134647-map.yaml new file mode 100644 index 00000000000..4f1cd205eea --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134647-map.yaml @@ -0,0 +1,4 @@ +pr: 134647 +releasenote: + text: Enabled the `MutableCSINodeAllocatableCount` feature gate by default in beta. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134691-map.yaml b/releases/release-1.35/release-notes/maps/pr-134691-map.yaml new file mode 100644 index 00000000000..4f8479f6979 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134691-map.yaml @@ -0,0 +1,8 @@ +pr: 134691 +releasenote: + text: The `SystemdWatchdog` feature gate has been locked to default and will be removed + in future release. The systemd watchdog functionality in `kubelet` can be enabled + via systemd without any feature gate configuration. See the [systemd watchdog + documentation](https://kubernetes.io/docs/reference/node/systemd-watchdog/) for + more information. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134709-map.yaml b/releases/release-1.35/release-notes/maps/pr-134709-map.yaml new file mode 100644 index 00000000000..eb531ec42d4 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134709-map.yaml @@ -0,0 +1,4 @@ +pr: 134709 +releasenote: + text: Added support for tracing in `kubectl` with the `--profile=trace` flag. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134730-map.yaml b/releases/release-1.35/release-notes/maps/pr-134730-map.yaml new file mode 100644 index 00000000000..4f1213d90ea --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134730-map.yaml @@ -0,0 +1,5 @@ +pr: 134730 +releasenote: + text: 'Fixed an issue in asynchronous preemption: Scheduler now checks if preemption + is ongoing for a Pod before initiating new preemption calls.' +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134740-map.yaml b/releases/release-1.35/release-notes/maps/pr-134740-map.yaml new file mode 100644 index 00000000000..597b6abe3a4 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134740-map.yaml @@ -0,0 +1,5 @@ +pr: 134740 +releasenote: + text: '`kube-scheduler`: Pod statuses no longer include specific taint keys or values + when scheduling fails due to untolerated taints.' +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134743-map.yaml b/releases/release-1.35/release-notes/maps/pr-134743-map.yaml new file mode 100644 index 00000000000..b6ff3fbe88e --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134743-map.yaml @@ -0,0 +1,6 @@ +pr: 134743 +releasenote: + text: Fixed an issue where the `kubelet` `/configz` endpoint reported an incorrect + value for `kubeletconfig.cgroupDriver` when the cgroup driver setting was received + from the container runtime. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134744-map.yaml b/releases/release-1.35/release-notes/maps/pr-134744-map.yaml new file mode 100644 index 00000000000..312d6559ab6 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134744-map.yaml @@ -0,0 +1,13 @@ +pr: 134744 +releasenote: + text: |- + ACTION REQUIRED: + + vendor: Updated `k8s.io/system-validators` to `v1.12.1`. The cgroups validator now throws an error instead of a warning if cgroups v1 is detected on the host and the provided KubeletVersion is `v1.35` or newer. + + kubeadm: Started using `k8s.io/system-validators` `v1.12.1` in `kubeadm` `v1.35`. During `kubeadm init`, `kubeadm join`, and `kubeadm upgrade`, the SystemVerification preflight check throws an error if cgroups v1 is detected and the detected `kubelet` version is `v1.35` or newer. For older versions of `kubelet`, a preflight warning is displayed. + + To allow cgroups v1 with `kubeadm` and `kubelet` version `v1.35` or newer, you must: + - Ignore the error from the SystemVerification preflight check by `kubeadm`. + - Edit the `kube-system/kubelet-config` ConfigMap and add the `failCgroupV1: false` field before upgrading. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134746-map.yaml b/releases/release-1.35/release-notes/maps/pr-134746-map.yaml new file mode 100644 index 00000000000..dad3b6efcd6 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134746-map.yaml @@ -0,0 +1,7 @@ +pr: 134746 +releasenote: + text: Added the `ChangeContainerStatusOnKubeletRestart` feature gate, which defaults + to disabled. When the feature gate is disabled, `kubelet` does not change the + Pod status upon restart, and Pods do not re-run startup probes after the `kubelet` + restarts. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134760-map.yaml b/releases/release-1.35/release-notes/maps/pr-134760-map.yaml new file mode 100644 index 00000000000..9d4102bc004 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134760-map.yaml @@ -0,0 +1,5 @@ +pr: 134760 +releasenote: + text: Added the `Step` field to the testing framework to allow volume expansion + in configurable step sizes for tests. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134769-map.yaml b/releases/release-1.35/release-notes/maps/pr-134769-map.yaml new file mode 100644 index 00000000000..0c1cfc46424 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134769-map.yaml @@ -0,0 +1,6 @@ +pr: 134769 +releasenote: + text: |- + Fixed a bug where Job status updates fail after resuming a Job that was previously started and suspended. + The error message was: `status.startTime: Required value: startTime cannot be removed for unsuspended job`. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134777-map.yaml b/releases/release-1.35/release-notes/maps/pr-134777-map.yaml new file mode 100644 index 00000000000..9e1282e4ebc --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134777-map.yaml @@ -0,0 +1,4 @@ +pr: 134777 +releasenote: + text: Promoted `kubectl` command headers to stable. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134779-map.yaml b/releases/release-1.35/release-notes/maps/pr-134779-map.yaml new file mode 100644 index 00000000000..cfb022a8640 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134779-map.yaml @@ -0,0 +1,5 @@ +pr: 134779 +releasenote: + text: '`kubeadm`: Updated the supported etcd version to `v3.5.24` for control plane + versions `v1.32`, `v1.33`, and `v1.34`.' +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134780-map.yaml b/releases/release-1.35/release-notes/maps/pr-134780-map.yaml new file mode 100644 index 00000000000..4d7e25ceba4 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134780-map.yaml @@ -0,0 +1,4 @@ +pr: 134780 +releasenote: + text: Updated the etcd client library to `v3.6.5`. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134781-map.yaml b/releases/release-1.35/release-notes/maps/pr-134781-map.yaml new file mode 100644 index 00000000000..3e9a1cfe6c4 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134781-map.yaml @@ -0,0 +1,5 @@ +pr: 134781 +releasenote: + text: '`kubeadm`: Removed the `WaitForAllControlPlaneComponents` feature gate, which + graduated to GA in `v1.34` and was locked to enabled by default.' +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134782-map.yaml b/releases/release-1.35/release-notes/maps/pr-134782-map.yaml new file mode 100644 index 00000000000..b3a3612dcf0 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134782-map.yaml @@ -0,0 +1,5 @@ +pr: 134782 +releasenote: + text: Dropped support for `certificates/v1beta1` `CertificateSigningRequest` in + `kubectl`. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134784-map.yaml b/releases/release-1.35/release-notes/maps/pr-134784-map.yaml new file mode 100644 index 00000000000..aed6f0bc7d7 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134784-map.yaml @@ -0,0 +1,7 @@ +pr: 134784 +releasenote: + text: |- + Added the `StorageVersionMigration` `v1beta1` API and removed the `v1alpha1` API. + + ACTION REQUIRED: The `v1alpha1` API is no longer supported. Users must remove any `v1alpha1` resources before upgrading. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134793-map.yaml b/releases/release-1.35/release-notes/maps/pr-134793-map.yaml new file mode 100644 index 00000000000..06c163a2024 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134793-map.yaml @@ -0,0 +1,5 @@ +pr: 134793 +releasenote: + text: Fixed an issue where requests for a config `FromClass` in the `ResourceClaim` + status were not referenced. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134803-map.yaml b/releases/release-1.35/release-notes/maps/pr-134803-map.yaml new file mode 100644 index 00000000000..b5b17899a0c --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134803-map.yaml @@ -0,0 +1,4 @@ +pr: 134803 +releasenote: + text: Implemented constrained impersonation as described in [KEP-5284](https://kep.k8s.io/5284). +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134826-map.yaml b/releases/release-1.35/release-notes/maps/pr-134826-map.yaml new file mode 100644 index 00000000000..0998db0f308 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134826-map.yaml @@ -0,0 +1,8 @@ +pr: 134826 +releasenote: + text: 'CSI drivers can now opt in to receive service account tokens via the secrets + field instead of volume context by setting `spec.serviceAccountTokenInSecrets: + true` in the CSIDriver object. This prevents tokens from being exposed in logs + and other outputs. The feature is gated by the `CSIServiceAccountTokenSecrets` + feature gate (beta in `v1.35`).' +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134833-map.yaml b/releases/release-1.35/release-notes/maps/pr-134833-map.yaml new file mode 100644 index 00000000000..0027f74debd --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134833-map.yaml @@ -0,0 +1,5 @@ +pr: 134833 +releasenote: + text: Fixed a panic in `kubectl api-resources` that occurred when the Discovery + Client failed. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134875-map.yaml b/releases/release-1.35/release-notes/maps/pr-134875-map.yaml new file mode 100644 index 00000000000..f0984eb9766 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134875-map.yaml @@ -0,0 +1,6 @@ +pr: 134875 +releasenote: + text: Fixed a bug where the health of a DRA resource was not reported in the Pod + status if the resource claim was generated from a template or used a different + local name in the Pod spec. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134905-map.yaml b/releases/release-1.35/release-notes/maps/pr-134905-map.yaml new file mode 100644 index 00000000000..0828a393723 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134905-map.yaml @@ -0,0 +1,6 @@ +pr: 134905 +releasenote: + text: |- + Scheduler: Added the `bindingTimeout` argument to the DynamicResources plugin configuration, allowing customization of the wait duration in `PreBind` for device binding conditions. + Defaults to 10 minutes when `DRADeviceBindingConditions` and `DRAResourceClaimDeviceStatus` are both enabled. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134906-map.yaml b/releases/release-1.35/release-notes/maps/pr-134906-map.yaml new file mode 100644 index 00000000000..580f44e8396 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134906-map.yaml @@ -0,0 +1,7 @@ +pr: 134906 +releasenote: + text: |- + `kubeadm`: Added a preflight check `ContainerRuntimeVersion` to validate if the installed container runtime supports the `RuntimeConfig` gRPC method. If unsupported, `kubeadm` prints a warning message. + + Starting with Kubernetes `v1.36`, `kubelet` might refuse to start if the CRI runtime does not support this feature. More information can be found at the [Kubernetes blog](https://kubernetes.io/blog/2025/09/12/kubernetes-v1-34-cri-cgroup-driver-lookup-now-ga/). +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134913-map.yaml b/releases/release-1.35/release-notes/maps/pr-134913-map.yaml new file mode 100644 index 00000000000..557c7cbc43f --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134913-map.yaml @@ -0,0 +1,4 @@ +pr: 134913 +releasenote: + text: Dropped support for `discovery/v1beta1` `EndpointSlice` in `kubectl`. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134948-map.yaml b/releases/release-1.35/release-notes/maps/pr-134948-map.yaml new file mode 100644 index 00000000000..b416908139d --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134948-map.yaml @@ -0,0 +1,4 @@ +pr: 134948 +releasenote: + text: Promoted `PodObservedGenerationTracking` to GA. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134949-map.yaml b/releases/release-1.35/release-notes/maps/pr-134949-map.yaml new file mode 100644 index 00000000000..829badb6c8b --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134949-map.yaml @@ -0,0 +1,4 @@ +pr: 134949 +releasenote: + text: Promoted `InPlacePodVerticalScaling` to GA. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134956-map.yaml b/releases/release-1.35/release-notes/maps/pr-134956-map.yaml new file mode 100644 index 00000000000..a2c5cd3cc70 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134956-map.yaml @@ -0,0 +1,5 @@ +pr: 134956 +releasenote: + text: Removed `BlockOwnerDeletion` from `ResourceClaim` created from + `ResourceClaimTemplate` and from `extendedResourceClaim` created by the `scheduler`. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134962-map.yaml b/releases/release-1.35/release-notes/maps/pr-134962-map.yaml new file mode 100644 index 00000000000..4e8473e437e --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134962-map.yaml @@ -0,0 +1,5 @@ +pr: 134962 +releasenote: + text: Fixed an issue with setting `distinctAttribute=nil` when the `DRAConsumableCapacity` + feature gate is disabled. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134964-map.yaml b/releases/release-1.35/release-notes/maps/pr-134964-map.yaml new file mode 100644 index 00000000000..058156a2ff0 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134964-map.yaml @@ -0,0 +1,5 @@ +pr: 134964 +releasenote: + text: Dropped `DeviceBindingConditions` fields when the `DRADeviceBindingConditions` + feature gate is not enabled and not in use. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134984-map.yaml b/releases/release-1.35/release-notes/maps/pr-134984-map.yaml new file mode 100644 index 00000000000..d80f8d51261 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134984-map.yaml @@ -0,0 +1,4 @@ +pr: 134984 +releasenote: + text: Added `ObservedGeneration` to CustomResourceDefinition conditions. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134994-map.yaml b/releases/release-1.35/release-notes/maps/pr-134994-map.yaml new file mode 100644 index 00000000000..9797ae05afb --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134994-map.yaml @@ -0,0 +1,5 @@ +pr: 134994 +releasenote: + text: Removed the `StrictCostEnforcementForVAP` and `StrictCostEnforcementForWebhooks` + feature gates, which were locked since `v1.32`. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-134995-map.yaml b/releases/release-1.35/release-notes/maps/pr-134995-map.yaml new file mode 100644 index 00000000000..618e375008e --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-134995-map.yaml @@ -0,0 +1,5 @@ +pr: 134995 +releasenote: + text: Introduced a structured and versioned `v1alpha1` response format for the `flagz` + endpoint. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-135003-map.yaml b/releases/release-1.35/release-notes/maps/pr-135003-map.yaml new file mode 100644 index 00000000000..db98cb71e1c --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-135003-map.yaml @@ -0,0 +1,5 @@ +pr: 135003 +releasenote: + text: Added `kubectl kuberc view` and `kubectl kuberc set` commands to perform operations + against the `kuberc` file. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-135007-map.yaml b/releases/release-1.35/release-notes/maps/pr-135007-map.yaml new file mode 100644 index 00000000000..9fcec897f74 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-135007-map.yaml @@ -0,0 +1,6 @@ +pr: 135007 +releasenote: + text: The scheduler now clears the `nominatedNodeName` field for Pods upon scheduling + or binding failure. External components, such as Cluster Autoscaler and Karpenter, + should not overwrite this field. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-135017-map.yaml b/releases/release-1.35/release-notes/maps/pr-135017-map.yaml new file mode 100644 index 00000000000..bd5f0df2bcc --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-135017-map.yaml @@ -0,0 +1,7 @@ +pr: 135017 +releasenote: + text: '`kube-controller-manager`: Fixed a `v1.34` regression that triggered a spurious + rollout of existing StatefulSets when upgrading the control plane from `v1.33` + to `v1.34`. This fix is guarded by the `StatefulSetSemanticRevisionComparison` + feature gate, which is enabled by default.' +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-135059-map.yaml b/releases/release-1.35/release-notes/maps/pr-135059-map.yaml new file mode 100644 index 00000000000..61fc3d10fc4 --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-135059-map.yaml @@ -0,0 +1,5 @@ +pr: 135059 +releasenote: + text: After fixing regressions detected in `v1.34`, the `SchedulerAsyncAPICalls` + feature gate was re-enabled by default. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-135080-map.yaml b/releases/release-1.35/release-notes/maps/pr-135080-map.yaml new file mode 100644 index 00000000000..67694db6a7a --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-135080-map.yaml @@ -0,0 +1,5 @@ +pr: 135080 +releasenote: + text: Promoted the `JobManagedBy` feature to general availability. The `JobManagedBy` + feature gate was locked to `true` and will be removed in a future Kubernetes release. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-135081-map.yaml b/releases/release-1.35/release-notes/maps/pr-135081-map.yaml new file mode 100644 index 00000000000..7d73a6e6d0b --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-135081-map.yaml @@ -0,0 +1,5 @@ +pr: 135081 +releasenote: + text: Reduced event spam during volume operation errors in the Portworx in-tree + driver. +pr_body: "" diff --git a/releases/release-1.35/release-notes/maps/pr-135084-map.yaml b/releases/release-1.35/release-notes/maps/pr-135084-map.yaml new file mode 100644 index 00000000000..7cd9f60035a --- /dev/null +++ b/releases/release-1.35/release-notes/maps/pr-135084-map.yaml @@ -0,0 +1,5 @@ +pr: 135084 +releasenote: + text: Pod resize now only allows CPU and memory resources; other resource types + are forbidden. +pr_body: "" diff --git a/releases/release-1.35/release-notes/release-notes-draft.json b/releases/release-1.35/release-notes/release-notes-draft.json index 2d7eb7f8a23..87890b4f550 100644 --- a/releases/release-1.35/release-notes/release-notes-draft.json +++ b/releases/release-1.35/release-notes/release-notes-draft.json @@ -44,6 +44,57 @@ "duplicate": true, "is_mapped": true }, + "123642": { + "commit": "b4d4cc93840fa30a305b013acd1b1060ed3f8ee2", + "text": "The JWT authenticator in `kube-apiserver` now reports the following metrics when the `StructuredAuthenticationConfiguration` feature gate is enabled:\n- `apiserver_authentication_jwt_authenticator_jwks_fetch_last_timestamp_seconds`\n- `apiserver_authentication_jwt_authenticator_jwks_fetch_last_key_set_info`.", + "markdown": "The JWT authenticator in `kube-apiserver` now reports the following metrics when the `StructuredAuthenticationConfiguration` feature gate is enabled:\n - `apiserver_authentication_jwt_authenticator_jwks_fetch_last_timestamp_seconds`\n - `apiserver_authentication_jwt_authenticator_jwks_fetch_last_key_set_info`. ([#123642](https://github.com/kubernetes/kubernetes/pull/123642), [@aramase](https://github.com/aramase)) [SIG API Machinery, Auth and Testing]", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/3331-structured-authentication-configuration", + "type": "KEP" + } + ], + "author": "aramase", + "author_url": "https://github.com/aramase", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/123642", + "pr_number": 123642, + "areas": [ + "test", + "apiserver" + ], + "kinds": [ + "feature" + ], + "sigs": [ + "api-machinery", + "auth", + "testing" + ], + "feature": true, + "duplicate": true, + "is_mapped": true + }, + "125912": { + "commit": "6c91840fed8f53f7ea4dffe5e6b6ab95144d6aad", + "text": "Migrated the `CPUManager` to contextual logging.", + "markdown": "Migrated the `CPUManager` to contextual logging. ([#125912](https://github.com/kubernetes/kubernetes/pull/125912), [@ffromani](https://github.com/ffromani))", + "author": "ffromani", + "author_url": "https://github.com/ffromani", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/125912", + "pr_number": 125912, + "areas": [ + "kubelet", + "logging" + ], + "kinds": [ + "cleanup" + ], + "sigs": [ + "node" + ], + "is_mapped": true + }, "126979": { "commit": "b9a8dffa51ece80efb9584c67bc3ac9d03fb6f34", "text": "Fixed `replicaCount` calculation exceeding max `int32`.", @@ -214,6 +265,48 @@ "duplicate_kind": true, "is_mapped": true }, + "132157": { + "commit": "af70ebcbf505bd9c2b879a8a7081724435a9fb06", + "text": "Removed the `UserNamespacesPodSecurityStandards` feature gate. The minimum supported Kubernetes version for `kubelet` is now `v1.31`, so the gate is no longer needed.", + "markdown": "Removed the `UserNamespacesPodSecurityStandards` feature gate. The minimum supported Kubernetes version for `kubelet` is now `v1.31`, so the gate is no longer needed. ([#132157](https://github.com/kubernetes/kubernetes/pull/132157), [@haircommander](https://github.com/haircommander)) [SIG Auth, Node and Testing]", + "author": "haircommander", + "author_url": "https://github.com/haircommander", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/132157", + "pr_number": 132157, + "areas": [ + "test" + ], + "kinds": [ + "cleanup" + ], + "sigs": [ + "auth", + "node", + "testing" + ], + "duplicate": true, + "is_mapped": true + }, + "132240": { + "commit": "645073f978ed0d7308ad3be453a36a8e99006b3c", + "text": "Improved throughput in the `real-FIFO` queue used by `informers` and `controllers` by adding batch handling for processing watch events.", + "markdown": "Improved throughput in the `real-FIFO` queue used by `informers` and `controllers` by adding batch handling for processing watch events. ([#132240](https://github.com/kubernetes/kubernetes/pull/132240), [@yue9944882](https://github.com/yue9944882)) [SIG API Machinery, Scheduling and Storage]", + "author": "yue9944882", + "author_url": "https://github.com/yue9944882", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/132240", + "pr_number": 132240, + "kinds": [ + "feature" + ], + "sigs": [ + "api-machinery", + "scheduling", + "storage" + ], + "feature": true, + "duplicate": true, + "is_mapped": true + }, "132288": { "commit": "546519987d48d02e6a493a339c064dfd39be5e7f", "text": "Upgraded `CoreDNS` to `v1.12.3`.", @@ -337,6 +430,35 @@ "do_not_publish": true, "is_mapped": true }, + "132644": { + "commit": "e86c0171a736f7fe0d0b7cf6874dd02fc43fe90c", + "text": "Added a counter metric `kubelet_image_manager_ensure_image_requests_total{present_locally, pull_policy, pull_required}` that exposes details about `kubelet` ensuring an image exists on the node.", + "markdown": "Added a counter metric `kubelet_image_manager_ensure_image_requests_total{present_locally, pull_policy, pull_required}` that exposes details about `kubelet` ensuring an image exists on the node. ([#132644](https://github.com/kubernetes/kubernetes/pull/132644), [@stlaz](https://github.com/stlaz)) [SIG Auth and Node]", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/issues/2535", + "type": "KEP" + } + ], + "author": "stlaz", + "author_url": "https://github.com/stlaz", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/132644", + "pr_number": 132644, + "areas": [ + "kubelet" + ], + "kinds": [ + "feature" + ], + "sigs": [ + "auth", + "node" + ], + "feature": true, + "duplicate": true, + "is_mapped": true + }, "132663": { "commit": "3e48146c5d3343f00d44b5177b32aa7c2993d36f", "text": "Updated `applyconfiguration-gen` to preserve struct and field comments from source types in the generated code.", @@ -489,6 +611,31 @@ "duplicate": true, "is_mapped": true }, + "133087": { + "commit": "f051670a473d8583af3397795938d37ca4ebf637", + "text": "Promoted ReplicaSet and Deployment `.status.terminatingReplicas` tracking to beta. The `DeploymentReplicaSetTerminatingReplicas` feature gate is now enabled by default.", + "markdown": "Promoted ReplicaSet and Deployment `.status.terminatingReplicas` tracking to beta. The `DeploymentReplicaSetTerminatingReplicas` feature gate is now enabled by default. ([#133087](https://github.com/kubernetes/kubernetes/pull/133087), [@atiratree](https://github.com/atiratree)) [SIG API Machinery, Apps and Testing]", + "author": "atiratree", + "author_url": "https://github.com/atiratree", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/133087", + "pr_number": 133087, + "areas": [ + "test", + "code-generation" + ], + "kinds": [ + "api-change", + "feature" + ], + "sigs": [ + "api-machinery", + "apps", + "testing" + ], + "feature": true, + "duplicate": true, + "duplicate_kind": true + }, "133097": { "commit": "ddb015f023b48d7ae6d5e24325d1a8b7054d9a9c", "text": "Added the correct error when eviction is blocked due to the failSafe mechanism of the `DisruptionController`.", @@ -745,8 +892,8 @@ }, "133363": { "commit": "d602326b87769c5db478fe84f4ddea98b84c53f2", - "text": "Introduced support for using an implicit extended resource name derived from the device class (`deviceclass.resource.kubernetes.io/`) to request DRA devices matching that class.", - "markdown": "Introduced support for using an implicit extended resource name derived from the device class (`deviceclass.resource.kubernetes.io/`) to request DRA devices matching that class. ([#133363](https://github.com/kubernetes/kubernetes/pull/133363), [@yliaog](https://github.com/yliaog)) [SIG Node, Scheduling and Testing]", + "text": "Introduced support for using an implicit extended resource name derived from the device class (`deviceclass.resource.kubernetes.io/\u003cdevice-class-name\u003e`) to request DRA devices matching that class.", + "markdown": "Introduced support for using an implicit extended resource name derived from the device class (`deviceclass.resource.kubernetes.io/\u003cdevice-class-name\u003e`) to request DRA devices matching that class. ([#133363](https://github.com/kubernetes/kubernetes/pull/133363), [@yliaog](https://github.com/yliaog)) [SIG Node, Scheduling and Testing]", "author": "yliaog", "author_url": "https://github.com/yliaog", "pr_url": "https://github.com/kubernetes/kubernetes/pull/133363", @@ -894,10 +1041,42 @@ ], "is_mapped": true }, + "133511": { + "commit": "60e1f61a6361e782c738ee941d61fddc1ab3d2f2", + "text": "Eliminated and prevented future use of the `md5` algorithm in favor of more appropriate hashing algorithms.", + "markdown": "Eliminated and prevented future use of the `md5` algorithm in favor of more appropriate hashing algorithms. ([#133511](https://github.com/kubernetes/kubernetes/pull/133511), [@BenTheElder](https://github.com/BenTheElder)) [SIG Apps, Architecture, CLI, Cluster Lifecycle, Network, Node, Security, Storage and Testing]", + "author": "BenTheElder", + "author_url": "https://github.com/BenTheElder", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/133511", + "pr_number": 133511, + "areas": [ + "test", + "kubelet", + "kubectl", + "kubeadm", + "code-organization" + ], + "kinds": [ + "cleanup" + ], + "sigs": [ + "apps", + "architecture", + "cli", + "cluster-lifecycle", + "network", + "node", + "security", + "storage", + "testing" + ], + "duplicate": true, + "is_mapped": true + }, "133513": { "commit": "4f0ce131a32f44572616f407011b28af79cca651", "text": "kubeadm: Fixed a bug where `ClusterConfiguration.APIServer.TimeoutForControlPlane` from `v1beta3` was not respected in newer kubeadm versions where `v1beta4` is the default.", - "markdown": "kubeadm: Fixed a bug where `ClusterConfiguration.APIServer.TimeoutForControlPlane` from `v1beta3` was not respected in newer kubeadm versions where `v1beta4` is the default. ([#133513](https://github.com/kubernetes/kubernetes/pull/133513), [@tom1299](https://github.com/tom1299))", + "markdown": "Kubeadm: Fixed a bug where `ClusterConfiguration.APIServer.TimeoutForControlPlane` from `v1beta3` was not respected in newer kubeadm versions where `v1beta4` is the default. ([#133513](https://github.com/kubernetes/kubernetes/pull/133513), [@tom1299](https://github.com/tom1299))", "author": "tom1299", "author_url": "https://github.com/tom1299", "pr_url": "https://github.com/kubernetes/kubernetes/pull/133513", @@ -1253,7 +1432,7 @@ "133778": { "commit": "27cfc5b4d5c59550f38a82f9064bc7f383833e0b", "text": "kubeadm: stopped applying the `--pod-infra-container-image` flag for the kubelet. The flag has been deprecated and no longer served a purpose in the kubelet as the logic was migrated to CRI (Container Runtime Interface). During upgrade, kubeadm will attempt to remove the flag from the file `/var/lib/kubelet/kubeadm-flags.env`.", - "markdown": "kubeadm: stopped applying the `--pod-infra-container-image` flag for the kubelet. The flag has been deprecated and no longer served a purpose in the kubelet as the logic was migrated to CRI (Container Runtime Interface). During upgrade, kubeadm will attempt to remove the flag from the file `/var/lib/kubelet/kubeadm-flags.env`. ([#133778](https://github.com/kubernetes/kubernetes/pull/133778), [@carlory](https://github.com/carlory)) [SIG Cloud Provider and Cluster Lifecycle]", + "markdown": "Kubeadm: stopped applying the `--pod-infra-container-image` flag for the kubelet. The flag has been deprecated and no longer served a purpose in the kubelet as the logic was migrated to CRI (Container Runtime Interface). During upgrade, kubeadm will attempt to remove the flag from the file `/var/lib/kubelet/kubeadm-flags.env`. ([#133778](https://github.com/kubernetes/kubernetes/pull/133778), [@carlory](https://github.com/carlory)) [SIG Cloud Provider and Cluster Lifecycle]", "author": "carlory", "author_url": "https://github.com/carlory", "pr_url": "https://github.com/kubernetes/kubernetes/pull/133778", @@ -1272,6 +1451,26 @@ "duplicate": true, "is_mapped": true }, + "133779": { + "commit": "f66d1a94185581af3a9ad22650eef8437b8cbe6c", + "text": "ACTION REQUIRED:\n\nRemoved the `--pod-infra-container-image` flag from `kubelet` command line. For `non-kubeadm` clusters, users must manually remove this flag from their `kubelet` configuration to prevent startup failures before upgrading `kubelet`. For `kubeadm` clusters, if users pass extra arguments to the `kubelet` like `--pod-infra-container-image`, it will be written to the `kubelet` env file during the `init` phase. `kubeadm` does not remove it during the `init` or `join` phase, so users must manually remove it from `extraArgs` in the `kubelet` configuration file.", + "markdown": "ACTION REQUIRED:\n \n Removed the `--pod-infra-container-image` flag from `kubelet` command line. For `non-kubeadm` clusters, users must manually remove this flag from their `kubelet` configuration to prevent startup failures before upgrading `kubelet`. For `kubeadm` clusters, if users pass extra arguments to the `kubelet` like `--pod-infra-container-image`, it will be written to the `kubelet` env file during the `init` phase. `kubeadm` does not remove it during the `init` or `join` phase, so users must manually remove it from `extraArgs` in the `kubelet` configuration file. ([#133779](https://github.com/kubernetes/kubernetes/pull/133779), [@carlory](https://github.com/carlory))", + "author": "carlory", + "author_url": "https://github.com/carlory", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/133779", + "pr_number": 133779, + "areas": [ + "kubelet" + ], + "kinds": [ + "cleanup" + ], + "sigs": [ + "node" + ], + "action_required": true, + "is_mapped": true + }, "133792": { "commit": "6f093ef29234787b51fc80154c0fa9988a1d7853", "text": "Locked down the `AllowOverwriteTerminationGracePeriodSeconds` feature gate.", @@ -1621,10 +1820,46 @@ "do_not_publish": true, "is_mapped": true }, + "133980": { + "commit": "fb694108249e4765f685471b476b7a9e2f303afd", + "text": "Added the `--min-compatibility-version` flag to `kube-apiserver`, `kube-controller-manager`, and `kube-scheduler`.", + "markdown": "Added the `--min-compatibility-version` flag to `kube-apiserver`, `kube-controller-manager`, and `kube-scheduler`. ([#133980](https://github.com/kubernetes/kubernetes/pull/133980), [@siyuanfoundation](https://github.com/siyuanfoundation)) [SIG API Machinery, Architecture, Cluster Lifecycle, Etcd, Scheduling and Testing]", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/issues/4330", + "type": "KEP" + } + ], + "author": "siyuanfoundation", + "author_url": "https://github.com/siyuanfoundation", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/133980", + "pr_number": 133980, + "areas": [ + "test", + "apiserver" + ], + "kinds": [ + "api-change", + "feature" + ], + "sigs": [ + "api-machinery", + "architecture", + "cluster-lifecycle", + "etcd", + "scheduling", + "testing" + ], + "feature": true, + "duplicate": true, + "duplicate_kind": true, + "is_mapped": true + }, "134007": { "commit": "a4981e1cf3c747b2224fc5d138e23f21f24cc0a5", "text": "kubeadm: Fixed `KUBEADM_UPGRADE_DRYRUN_DIR` not honored in upgrade phase when writing kubelet config files.", - "markdown": "kubeadm: Fixed `KUBEADM_UPGRADE_DRYRUN_DIR` not honored in upgrade phase when writing kubelet config files. ([#134007](https://github.com/kubernetes/kubernetes/pull/134007), [@carlory](https://github.com/carlory))", + "markdown": "Kubeadm: Fixed `KUBEADM_UPGRADE_DRYRUN_DIR` not honored in upgrade phase when writing kubelet config files. ([#134007](https://github.com/kubernetes/kubernetes/pull/134007), [@carlory](https://github.com/carlory))", "author": "carlory", "author_url": "https://github.com/carlory", "pr_url": "https://github.com/kubernetes/kubernetes/pull/134007", @@ -1642,8 +1877,8 @@ }, "134017": { "commit": "7104c1e426b92025aa25083edcd3dac128f3e206", - "text": "Updated `kubectl scale` to return a consistent error message when a specified resource is not found. Previously, it returned: `error: no objects passed to scale \"\" not found`. It now matches the format used by other commands (e.g., `kubectl get`): `Error from server (NotFound): \"\" not found`.", - "markdown": "Updated `kubectl scale` to return a consistent error message when a specified resource is not found. Previously, it returned: `error: no objects passed to scale \"\" not found`. It now matches the format used by other commands (e.g., `kubectl get`): `Error from server (NotFound): \"\" not found`. ([#134017](https://github.com/kubernetes/kubernetes/pull/134017), [@mochizuki875](https://github.com/mochizuki875))", + "text": "Updated `kubectl scale` to return a consistent error message when a specified resource is not found. Previously, it returned: `error: no objects passed to scale \u003cGroupResource\u003e \"\u003cResourceName\u003e\" not found`. It now matches the format used by other commands (e.g., `kubectl get`): `Error from server (NotFound): \u003cGroupResource\u003e \"\u003cResourceName\u003e\" not found`.", + "markdown": "Updated `kubectl scale` to return a consistent error message when a specified resource is not found. Previously, it returned: `error: no objects passed to scale \u003cGroupResource\u003e \"\u003cResourceName\u003e\" not found`. It now matches the format used by other commands (e.g., `kubectl get`): `Error from server (NotFound): \u003cGroupResource\u003e \"\u003cResourceName\u003e\" not found`. ([#134017](https://github.com/kubernetes/kubernetes/pull/134017), [@mochizuki875](https://github.com/mochizuki875))", "author": "mochizuki875", "author_url": "https://github.com/mochizuki875", "pr_url": "https://github.com/kubernetes/kubernetes/pull/134017", @@ -1785,10 +2020,29 @@ "feature": true, "duplicate": true }, + "134103": { + "commit": "3daf280c464c712f38fe2a24d9434fcf2670c251", + "text": "Fixed a bug that prevented allocating the same device that was previously consuming the `CounterSet` when both `DRAConsumableCapacity` and `DRAPartitionableDevices` were enabled.", + "markdown": "Fixed a bug that prevented allocating the same device that was previously consuming the `CounterSet` when both `DRAConsumableCapacity` and `DRAPartitionableDevices` were enabled. ([#134103](https://github.com/kubernetes/kubernetes/pull/134103), [@sunya-ch](https://github.com/sunya-ch))", + "author": "sunya-ch", + "author_url": "https://github.com/sunya-ch", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134103", + "pr_number": 134103, + "areas": [ + "dependency" + ], + "kinds": [ + "bug" + ], + "sigs": [ + "node" + ], + "is_mapped": true + }, "134106": { "commit": "d39b162163006799cc8e0198fa83d0b6d36a41b9", "text": "kubeadm: Graduated the kubeadm-specific feature gate `ControlPlaneKubeletLocalMode` to GA and locked it to enabled by default. To opt out, patch the `server` field in `/etc/kubernetes/kubelet.conf`. Deprecated the subphase of `kubeadm join phase control-plane-join` called `etcd`, which is now hidden and replaced by subphase with identical functionality `etcd-join`. The `etcd` subphase will be removed in a future release. The subphase `kubelet-wait-bootstrap` of `kubeadm join` is no longer experimental and will now always run.", - "markdown": "kubeadm: Graduated the kubeadm-specific feature gate `ControlPlaneKubeletLocalMode` to GA and locked it to enabled by default. To opt out, patch the `server` field in `/etc/kubernetes/kubelet.conf`. Deprecated the subphase of `kubeadm join phase control-plane-join` called `etcd`, which is now hidden and replaced by subphase with identical functionality `etcd-join`. The `etcd` subphase will be removed in a future release. The subphase `kubelet-wait-bootstrap` of `kubeadm join` is no longer experimental and will now always run. ([#134106](https://github.com/kubernetes/kubernetes/pull/134106), [@neolit123](https://github.com/neolit123))", + "markdown": "Kubeadm: Graduated the kubeadm-specific feature gate `ControlPlaneKubeletLocalMode` to GA and locked it to enabled by default. To opt out, patch the `server` field in `/etc/kubernetes/kubelet.conf`. Deprecated the subphase of `kubeadm join phase control-plane-join` called `etcd`, which is now hidden and replaced by subphase with identical functionality `etcd-join`. The `etcd` subphase will be removed in a future release. The subphase `kubelet-wait-bootstrap` of `kubeadm join` is no longer experimental and will now always run. ([#134106](https://github.com/kubernetes/kubernetes/pull/134106), [@neolit123](https://github.com/neolit123))", "documentation": [ { "description": "[KEP]", @@ -1875,6 +2129,37 @@ ], "is_mapped": true }, + "134152": { + "commit": "c1a6a3ca71a88a3d43580b2ffce6966c58f8bd56", + "text": "DRA device taints: `DeviceTaintRule` status provides information about the rule, including whether Pods still need to be evicted (`EvictionInProgress` condition). The newly added `None` effect can be used to preview what a `DeviceTaintRule` would do if it used the `NoExecute` effect and to taint devices (`device health`) without immediately affecting scheduling or running Pods.", + "markdown": "DRA device taints: `DeviceTaintRule` status provides information about the rule, including whether Pods still need to be evicted (`EvictionInProgress` condition). The newly added `None` effect can be used to preview what a `DeviceTaintRule` would do if it used the `NoExecute` effect and to taint devices (`device health`) without immediately affecting scheduling or running Pods. ([#134152](https://github.com/kubernetes/kubernetes/pull/134152), [@pohly](https://github.com/pohly)) [SIG API Machinery, Apps, Auth, Node, Release, Scheduling and Testing]", + "author": "pohly", + "author_url": "https://github.com/pohly", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134152", + "pr_number": 134152, + "areas": [ + "test", + "release-eng", + "code-generation" + ], + "kinds": [ + "api-change", + "feature" + ], + "sigs": [ + "api-machinery", + "apps", + "auth", + "node", + "release", + "scheduling", + "testing" + ], + "feature": true, + "duplicate": true, + "duplicate_kind": true, + "is_mapped": true + }, "134154": { "commit": "db0315a641fc7618f87757c2e179b1e52090f812", "text": "Fixed a bug where high latency `kube-apiserver` caused scheduling throughput degradation.", @@ -1893,6 +2178,27 @@ "duplicate_kind": true, "is_mapped": true }, + "134157": { + "commit": "412bfec7a10d7815c971ddcd60edaf7e65a8c7a3", + "text": "Fixed a bug where a deleted Pod in the binding phase continued to occupy space on the node in `kube-scheduler`.", + "markdown": "Fixed a bug where a deleted Pod in the binding phase continued to occupy space on the node in `kube-scheduler`. ([#134157](https://github.com/kubernetes/kubernetes/pull/134157), [@macsko](https://github.com/macsko)) [SIG Scheduling and Testing]", + "author": "macsko", + "author_url": "https://github.com/macsko", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134157", + "pr_number": 134157, + "areas": [ + "test" + ], + "kinds": [ + "bug" + ], + "sigs": [ + "scheduling", + "testing" + ], + "duplicate": true, + "is_mapped": true + }, "134193": { "commit": "3e4b5e48f2d57585b43c7eac49f999c338c9bb74", "text": "Fixed a bug where 64-bit IPv6 `ServiceCIDRs` allocated addresses outside the subnet range.", @@ -1995,10 +2301,32 @@ "duplicate_kind": true, "is_mapped": true }, + "134263": { + "commit": "da2eea1bf2816e2215e9978e7817d5d150228551", + "text": "Namespace is now included in the `--dry-run=client` output for `HorizontalPodAutoscaler (HPA)` objects.", + "markdown": "Namespace is now included in the `--dry-run=client` output for `HorizontalPodAutoscaler (HPA)` objects. ([#134263](https://github.com/kubernetes/kubernetes/pull/134263), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI and Testing]", + "author": "ardaguclu", + "author_url": "https://github.com/ardaguclu", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134263", + "pr_number": 134263, + "areas": [ + "test", + "kubectl" + ], + "kinds": [ + "bug" + ], + "sigs": [ + "cli", + "testing" + ], + "duplicate": true, + "is_mapped": true + }, "134265": { "commit": "2003bd0cedcd7814d60d17b0754c3b1c548fe46f", "text": "kubeadm: Ensured waiting for `apiserver` uses a local client that doesn't reach to the control plane endpoint and instead reaches directly to the local API server endpoint.", - "markdown": "kubeadm: Ensured waiting for `apiserver` uses a local client that doesn't reach to the control plane endpoint and instead reaches directly to the local API server endpoint. ([#134265](https://github.com/kubernetes/kubernetes/pull/134265), [@neolit123](https://github.com/neolit123))", + "markdown": "Kubeadm: Ensured waiting for `apiserver` uses a local client that doesn't reach to the control plane endpoint and instead reaches directly to the local API server endpoint. ([#134265](https://github.com/kubernetes/kubernetes/pull/134265), [@neolit123](https://github.com/neolit123))", "author": "neolit123", "author_url": "https://github.com/neolit123", "pr_url": "https://github.com/kubernetes/kubernetes/pull/134265", @@ -2069,7 +2397,7 @@ "134298": { "commit": "d92afdefcb62ecf69de68653444b9eea70b9f7b7", "text": "ACTION REQUIRED: `failCgroupV1` will be set to true from 1.35. \nThis means that nodes will not start on a cgroup v1 by default. This puts cgroup v1 into a deprecated state.", - "markdown": "ACTION REQUIRED: `failCgroupV1` will be set to true from 1.35. \nThis means that nodes will not start on a cgroup v1 by default. This puts cgroup v1 into a deprecated state. ([#134298](https://github.com/kubernetes/kubernetes/pull/134298), [@kannon92](https://github.com/kannon92))", + "markdown": "ACTION REQUIRED: `failCgroupV1` will be set to true from 1.35. \n This means that nodes will not start on a cgroup v1 by default. This puts cgroup v1 into a deprecated state. ([#134298](https://github.com/kubernetes/kubernetes/pull/134298), [@kannon92](https://github.com/kannon92))", "author": "kannon92", "author_url": "https://github.com/kannon92", "pr_url": "https://github.com/kubernetes/kubernetes/pull/134298", @@ -2111,28 +2439,61 @@ "duplicate": true, "is_mapped": true }, - "134319": { - "commit": "cffecaac55698b4f364b0be2ba92f5fd69431cb6", - "text": "kubeadm: Fixed a bug where the node registration information for a given node was not fetched correctly during `kubeadm upgrade node` and the node name can end up being incorrect in cases where the node name is not the same as the host name.", - "markdown": "kubeadm: Fixed a bug where the node registration information for a given node was not fetched correctly during `kubeadm upgrade node` and the node name can end up being incorrect in cases where the node name is not the same as the host name. ([#134319](https://github.com/kubernetes/kubernetes/pull/134319), [@neolit123](https://github.com/neolit123))", - "author": "neolit123", - "author_url": "https://github.com/neolit123", - "pr_url": "https://github.com/kubernetes/kubernetes/pull/134319", - "pr_number": 134319, + "134313": { + "commit": "9efb7ee53805225cd70d4b4cd522fc22223dd57b", + "text": "Introduced a structured and versioned `v1alpha1` response for the `statusz` endpoint.", + "markdown": "Introduced a structured and versioned `v1alpha1` response for the `statusz` endpoint. ([#134313](https://github.com/kubernetes/kubernetes/pull/134313), [@richabanker](https://github.com/richabanker)) [SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing]", + "author": "richabanker", + "author_url": "https://github.com/richabanker", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134313", + "pr_number": 134313, "areas": [ - "kubeadm" + "test", + "kubelet", + "kube-proxy", + "apiserver", + "code-generation" ], "kinds": [ - "bug" + "api-change", + "feature" ], "sigs": [ - "cluster-lifecycle" - ], - "is_mapped": true - }, - "134330": { - "commit": "81d7612a539ba3a4f8a02b914b451bbf7c741464", - "text": "k8s.io/apimachinery: Introduced a helper function to compare `resourceVersion` strings between two objects of the same resource.", + "api-machinery", + "architecture", + "instrumentation", + "network", + "node", + "scheduling", + "testing" + ], + "feature": true, + "duplicate": true, + "duplicate_kind": true, + "is_mapped": true + }, + "134319": { + "commit": "cffecaac55698b4f364b0be2ba92f5fd69431cb6", + "text": "kubeadm: Fixed a bug where the node registration information for a given node was not fetched correctly during `kubeadm upgrade node` and the node name can end up being incorrect in cases where the node name is not the same as the host name.", + "markdown": "Kubeadm: Fixed a bug where the node registration information for a given node was not fetched correctly during `kubeadm upgrade node` and the node name can end up being incorrect in cases where the node name is not the same as the host name. ([#134319](https://github.com/kubernetes/kubernetes/pull/134319), [@neolit123](https://github.com/neolit123))", + "author": "neolit123", + "author_url": "https://github.com/neolit123", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134319", + "pr_number": 134319, + "areas": [ + "kubeadm" + ], + "kinds": [ + "bug" + ], + "sigs": [ + "cluster-lifecycle" + ], + "is_mapped": true + }, + "134330": { + "commit": "81d7612a539ba3a4f8a02b914b451bbf7c741464", + "text": "k8s.io/apimachinery: Introduced a helper function to compare `resourceVersion` strings between two objects of the same resource.", "markdown": "K8s.io/apimachinery: Introduced a helper function to compare `resourceVersion` strings between two objects of the same resource. ([#134330](https://github.com/kubernetes/kubernetes/pull/134330), [@michaelasp](https://github.com/michaelasp)) [SIG API Machinery, Apps, Auth, Instrumentation, Network, Node, Scheduling, Storage and Testing]", "documentation": [ { @@ -2166,6 +2527,28 @@ "duplicate": true, "is_mapped": true }, + "134378": { + "commit": "9113013eb89bd3d8f320cc1e0e8c09637292c8ad", + "text": "Introduced the `--as-user-extra` persistent flag in `kubectl`, which allows passing extra arguments during impersonation.", + "markdown": "Introduced the `--as-user-extra` persistent flag in `kubectl`, which allows passing extra arguments during impersonation. ([#134378](https://github.com/kubernetes/kubernetes/pull/134378), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI and Testing]", + "author": "ardaguclu", + "author_url": "https://github.com/ardaguclu", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134378", + "pr_number": 134378, + "areas": [ + "test" + ], + "kinds": [ + "feature" + ], + "sigs": [ + "cli", + "testing" + ], + "feature": true, + "duplicate": true, + "is_mapped": true + }, "134379": { "commit": "16eebeb5eebc410b01a775801d877e4bbcdc8c6c", "text": "kube-controller-manager: Fixed a possible data race in the garbage collection controller.", @@ -2290,7 +2673,7 @@ "134433": { "commit": "095b9d6045cc2d3f1a2ae9ae23b9644c55aaf594", "text": "kubeadm: Added error printing during retries related to the `WaitForAllControlPlaneComponents` functionality at verbosity level 5.", - "markdown": "kubeadm: Added error printing during retries related to the `WaitForAllControlPlaneComponents` functionality at verbosity level 5. ([#134433](https://github.com/kubernetes/kubernetes/pull/134433), [@neolit123](https://github.com/neolit123))", + "markdown": "Kubeadm: Added error printing during retries related to the `WaitForAllControlPlaneComponents` functionality at verbosity level 5. ([#134433](https://github.com/kubernetes/kubernetes/pull/134433), [@neolit123](https://github.com/neolit123))", "author": "neolit123", "author_url": "https://github.com/neolit123", "pr_url": "https://github.com/kubernetes/kubernetes/pull/134433", @@ -2309,6 +2692,101 @@ "duplicate_kind": true, "is_mapped": true }, + "134445": { + "commit": "c5ef945f370f6b2749725c5be2781a4bc89b688e", + "text": "Fixed a long-standing issue where `kubelet` rejected Pods with `NodeAffinityFailed` due to a stale informer cache.", + "markdown": "Fixed a long-standing issue where `kubelet` rejected Pods with `NodeAffinityFailed` due to a stale informer cache. ([#134445](https://github.com/kubernetes/kubernetes/pull/134445), [@natasha41575](https://github.com/natasha41575))", + "author": "natasha41575", + "author_url": "https://github.com/natasha41575", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134445", + "pr_number": 134445, + "areas": [ + "kubelet" + ], + "kinds": [ + "bug" + ], + "sigs": [ + "node" + ], + "is_mapped": true + }, + "134452": { + "commit": "d5efbf2ebf9725ab2bada9136c6958268b31dc4f", + "text": "DRA: The `DynamicResourceAllocation` feature gate for the core functionality (GA in `v1.34`) has now been locked to enabled-by-default and cannot be disabled anymore.", + "markdown": "DRA: The `DynamicResourceAllocation` feature gate for the core functionality (GA in `v1.34`) has now been locked to enabled-by-default and cannot be disabled anymore. ([#134452](https://github.com/kubernetes/kubernetes/pull/134452), [@pohly](https://github.com/pohly)) [SIG Auth, Node, Scheduling and Testing]", + "author": "pohly", + "author_url": "https://github.com/pohly", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134452", + "pr_number": 134452, + "areas": [ + "test" + ], + "kinds": [ + "cleanup", + "api-change" + ], + "sigs": [ + "auth", + "node", + "scheduling", + "testing" + ], + "duplicate": true, + "duplicate_kind": true, + "is_mapped": true + }, + "134457": { + "commit": "6652c9fadf4fa2febdca4a856a0340086236f9e5", + "text": "The `PreferSameZone` and `PreferSameNode` values for the Service\n`trafficDistribution` field graduated to general availability. The\n`PreferClose` value is now deprecated in favor of the more explicit\n`PreferSameZone`.", + "markdown": "The `PreferSameZone` and `PreferSameNode` values for the Service\n `trafficDistribution` field graduated to general availability. The\n `PreferClose` value is now deprecated in favor of the more explicit\n `PreferSameZone`. ([#134457](https://github.com/kubernetes/kubernetes/pull/134457), [@danwinship](https://github.com/danwinship)) [SIG API Machinery, Apps, Network and Testing]", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/blob/master/keps/sig-network/3015-prefer-same-node/", + "type": "KEP" + } + ], + "author": "danwinship", + "author_url": "https://github.com/danwinship", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134457", + "pr_number": 134457, + "areas": [ + "test", + "kube-proxy", + "code-generation" + ], + "kinds": [ + "api-change", + "feature" + ], + "sigs": [ + "api-machinery", + "apps", + "network", + "testing" + ], + "feature": true, + "duplicate": true, + "duplicate_kind": true, + "is_mapped": true + }, + "134466": { + "commit": "83504f1b02a6e807b890a96e70572b27adede7ad", + "text": "Fixed a bug where `AllocationMode: All` would not succeed if a resource pool contained `ResourceSlices` that were not targeting the current node.", + "markdown": "Fixed a bug where `AllocationMode: All` would not succeed if a resource pool contained `ResourceSlices` that were not targeting the current node. ([#134466](https://github.com/kubernetes/kubernetes/pull/134466), [@mortent](https://github.com/mortent))", + "author": "mortent", + "author_url": "https://github.com/mortent", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134466", + "pr_number": 134466, + "kinds": [ + "bug" + ], + "sigs": [ + "node" + ], + "is_mapped": true + }, "134479": { "commit": "ee1ff4866e30ac3685da3e007979b0e9ab7651a6", "text": "DRA Device Taints: Fixed toleration of `NoExecute`. Prior to this enhancement, tolerating a `NoExecute` did not work because the scheduler did not inform the eviction controller about the toleration, so the scheduled pod got evicted almost immediately.", @@ -2353,6 +2831,30 @@ "duplicate_kind": true, "is_mapped": true }, + "134493": { + "commit": "0b90cb5e5a8f36ff51ef64eeca002c44eb17e6b9", + "text": "Promoted the `RelaxedServiceNameValidation` feature to beta (enabled by default).\nNew Service names are now validated with `NameIsDNSLabel()`, relaxing the pre-existing validation.", + "markdown": "Promoted the `RelaxedServiceNameValidation` feature to beta (enabled by default).\n New Service names are now validated with `NameIsDNSLabel()`, relaxing the pre-existing validation. ([#134493](https://github.com/kubernetes/kubernetes/pull/134493), [@adrianmoisey](https://github.com/adrianmoisey))", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/issues/5311", + "type": "KEP" + } + ], + "author": "adrianmoisey", + "author_url": "https://github.com/adrianmoisey", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134493", + "pr_number": 134493, + "kinds": [ + "feature" + ], + "sigs": [ + "network" + ], + "feature": true, + "is_mapped": true + }, "134510": { "commit": "9630ab9581afbac9835d53f9e620a1240a1d2d91", "text": "Substantially simplified building Kubernetes by making the process run a pre-built container image directly without running `rsyncd`.", @@ -2371,6 +2873,34 @@ "duplicate": true, "is_mapped": true }, + "134523": { + "commit": "859e0e6d025b4c90eae9f18e4a4995269deae6d5", + "text": "Added a `source` label to the `resourceclaim_controller_resource_claims` metric.\nAdded the `scheduler_resourceclaim_creates_total` metric for `DRAExtendedResource`.", + "markdown": "Added a `source` label to the `resourceclaim_controller_resource_claims` metric.\n Added the `scheduler_resourceclaim_creates_total` metric for `DRAExtendedResource`. ([#134523](https://github.com/kubernetes/kubernetes/pull/134523), [@bitoku](https://github.com/bitoku)) [SIG Apps, Instrumentation, Node and Scheduling]", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/issues/5004", + "type": "KEP" + } + ], + "author": "bitoku", + "author_url": "https://github.com/bitoku", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134523", + "pr_number": 134523, + "kinds": [ + "feature" + ], + "sigs": [ + "apps", + "instrumentation", + "node", + "scheduling" + ], + "feature": true, + "duplicate": true, + "is_mapped": true + }, "134539": { "commit": "b5c4ebc8985b3de7acf7e69fc75068d1a2ee4f41", "text": "Marked `ipvs` mode in kube-proxy as deprecated, which will be removed in a future version of Kubernetes. Users are encouraged to migrate to `nftables`.", @@ -2417,7 +2947,7 @@ "134588": { "commit": "f7fb7cd86b6db5531087b4ae3b1e8198af3c927e", "text": "kubeadm: Fixed a preflight check that could fail hostname construction in IPv6 setups.", - "markdown": "kubeadm: Fixed a preflight check that could fail hostname construction in IPv6 setups. ([#134588](https://github.com/kubernetes/kubernetes/pull/134588), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Auth, Cloud Provider, Cluster Lifecycle and Testing]", + "markdown": "Kubeadm: Fixed a preflight check that could fail hostname construction in IPv6 setups. ([#134588](https://github.com/kubernetes/kubernetes/pull/134588), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Auth, Cloud Provider, Cluster Lifecycle and Testing]", "author": "liggitt", "author_url": "https://github.com/liggitt", "pr_url": "https://github.com/kubernetes/kubernetes/pull/134588", @@ -2533,6 +3063,36 @@ ], "is_mapped": true }, + "134624": { + "commit": "a058cf788a214b25c42173a6d7df8e77b26e2b1b", + "text": "The Pod Certificates feature moved to beta. The `PodCertificateRequest` feature gate is set disabled by default. To use the feature, users must enable the certificates API groups in `v1beta1` and enable the `PodCertificateRequest` feature gate. The `UserAnnotations` field was added to the `PodCertificateProjection` API and the corresponding `UnverifiedUserAnnotations` field was added to the `PodCertificateRequest` API.", + "markdown": "The Pod Certificates feature moved to beta. The `PodCertificateRequest` feature gate is set disabled by default. To use the feature, users must enable the certificates API groups in `v1beta1` and enable the `PodCertificateRequest` feature gate. The `UserAnnotations` field was added to the `PodCertificateProjection` API and the corresponding `UnverifiedUserAnnotations` field was added to the `PodCertificateRequest` API. ([#134624](https://github.com/kubernetes/kubernetes/pull/134624), [@yt2985](https://github.com/yt2985)) [SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node and Testing]", + "author": "yt2985", + "author_url": "https://github.com/yt2985", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134624", + "pr_number": 134624, + "areas": [ + "test", + "kubelet", + "apiserver", + "code-generation", + "stable-metrics" + ], + "kinds": [ + "api-change" + ], + "sigs": [ + "api-machinery", + "apps", + "auth", + "etcd", + "instrumentation", + "node", + "testing" + ], + "duplicate": true, + "is_mapped": true + }, "134625": { "commit": "e1bc8e4c3d50c07e053e94f0727f6c6e887104e3", "text": "Removed the `VolumeAttributesClass` resource from the `storage.k8s.io/v1alpha1` API in `v1.35`.", @@ -2618,6 +3178,23 @@ "feature": true, "duplicate": true }, + "134647": { + "commit": "31f83cdf2b7a22f6c41c255516b8affa3ba40d70", + "text": "Enabled the `MutableCSINodeAllocatableCount` feature gate by default in beta.", + "markdown": "Enabled the `MutableCSINodeAllocatableCount` feature gate by default in beta. ([#134647](https://github.com/kubernetes/kubernetes/pull/134647), [@torredil](https://github.com/torredil))", + "author": "torredil", + "author_url": "https://github.com/torredil", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134647", + "pr_number": 134647, + "kinds": [ + "feature" + ], + "sigs": [ + "storage" + ], + "feature": true, + "is_mapped": true + }, "134654": { "commit": "aefb388c7da14d1cf1ffb9c9e767609b4a5a193c", "text": "kube-controller-manager: Resolved potential issues handling pods with incorrect uids in their `ownerReference`.", @@ -2674,10 +3251,29 @@ ], "is_mapped": true }, + "134691": { + "commit": "59616d50fd67877f158ebf5bcc7a12aff9fe3a92", + "text": "The `SystemdWatchdog` feature gate has been locked to default and will be removed in future release. The systemd watchdog functionality in `kubelet` can be enabled via systemd without any feature gate configuration. See the [systemd watchdog documentation](https://kubernetes.io/docs/reference/node/systemd-watchdog/) for more information.", + "markdown": "The `SystemdWatchdog` feature gate has been locked to default and will be removed in future release. The systemd watchdog functionality in `kubelet` can be enabled via systemd without any feature gate configuration. See the [systemd watchdog documentation](https://kubernetes.io/docs/reference/node/systemd-watchdog/) for more information. ([#134691](https://github.com/kubernetes/kubernetes/pull/134691), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev))", + "author": "SergeyKanzhelev", + "author_url": "https://github.com/SergeyKanzhelev", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134691", + "pr_number": 134691, + "areas": [ + "kubelet" + ], + "kinds": [ + "cleanup" + ], + "sigs": [ + "node" + ], + "is_mapped": true + }, "134692": { "commit": "d536e31ce279958538846eab83e302dc8d189829", "text": "kubeadm: Updated the supported `etcd` version to `v3.5.23` for supported control plane versions `v1.31`, `v1.32`, and `v1.33`.", - "markdown": "kubeadm: Updated the supported `etcd` version to `v3.5.23` for supported control plane versions `v1.31`, `v1.32`, and `v1.33`. ([#134692](https://github.com/kubernetes/kubernetes/pull/134692), [@joshjms](https://github.com/joshjms)) [SIG Cluster Lifecycle and Etcd]", + "markdown": "Kubeadm: Updated the supported `etcd` version to `v3.5.23` for supported control plane versions `v1.31`, `v1.32`, and `v1.33`. ([#134692](https://github.com/kubernetes/kubernetes/pull/134692), [@joshjms](https://github.com/joshjms)) [SIG Cluster Lifecycle and Etcd]", "author": "joshjms", "author_url": "https://github.com/joshjms", "pr_url": "https://github.com/kubernetes/kubernetes/pull/134692", @@ -2695,10 +3291,30 @@ "duplicate": true, "is_mapped": true }, + "134709": { + "commit": "8cd57a9e6f07d2446910d493781557b6cd4d6b99", + "text": "Added support for tracing in `kubectl` with the `--profile=trace` flag.", + "markdown": "Added support for tracing in `kubectl` with the `--profile=trace` flag. ([#134709](https://github.com/kubernetes/kubernetes/pull/134709), [@tchap](https://github.com/tchap))", + "author": "tchap", + "author_url": "https://github.com/tchap", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134709", + "pr_number": 134709, + "areas": [ + "kubectl" + ], + "kinds": [ + "feature" + ], + "sigs": [ + "cli" + ], + "feature": true, + "is_mapped": true + }, "134715": { "commit": "e2453c503ea3c3961e78f963ade4d7cbe1ba5f46", "text": "kubeadm: Added missing cluster-info context validation to prevent panics when the user has a malformed kubeconfig in the cluster-info ConfigMap that excludes a valid current context.", - "markdown": "kubeadm: Added missing cluster-info context validation to prevent panics when the user has a malformed kubeconfig in the cluster-info ConfigMap that excludes a valid current context. ([#134715](https://github.com/kubernetes/kubernetes/pull/134715), [@neolit123](https://github.com/neolit123))", + "markdown": "Kubeadm: Added missing cluster-info context validation to prevent panics when the user has a malformed kubeconfig in the cluster-info ConfigMap that excludes a valid current context. ([#134715](https://github.com/kubernetes/kubernetes/pull/134715), [@neolit123](https://github.com/neolit123))", "author": "neolit123", "author_url": "https://github.com/neolit123", "pr_url": "https://github.com/kubernetes/kubernetes/pull/134715", @@ -2740,6 +3356,27 @@ "duplicate": true, "is_mapped": true }, + "134730": { + "commit": "c7b6dfb144aa24adaf443f9a3682f971e4f21140", + "text": "Fixed an issue in asynchronous preemption: Scheduler now checks if preemption is ongoing for a Pod before initiating new preemption calls.", + "markdown": "Fixed an issue in asynchronous preemption: Scheduler now checks if preemption is ongoing for a Pod before initiating new preemption calls. ([#134730](https://github.com/kubernetes/kubernetes/pull/134730), [@ania-borowiec](https://github.com/ania-borowiec)) [SIG Scheduling and Testing]", + "author": "ania-borowiec", + "author_url": "https://github.com/ania-borowiec", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134730", + "pr_number": 134730, + "areas": [ + "test" + ], + "kinds": [ + "bug" + ], + "sigs": [ + "scheduling", + "testing" + ], + "duplicate": true, + "is_mapped": true + }, "134739": { "commit": "0ba43e9f5eaf7300f919b418895a5a561c2bee74", "text": "Improved performance of `Endpoint` and `EndpointSlice` controllers when there are a large number of services in a single namespace by making pod-to-service lookup asynchronous.", @@ -2757,5 +3394,885 @@ ], "duplicate": true, "is_mapped": true + }, + "134740": { + "commit": "9e284866c3bd3b9bfbc5c488c8e450cfdb3663ff", + "text": "`kube-scheduler`: Pod statuses no longer include specific taint keys or values when scheduling fails due to untolerated taints.", + "markdown": "`kube-scheduler`: Pod statuses no longer include specific taint keys or values when scheduling fails due to untolerated taints. ([#134740](https://github.com/kubernetes/kubernetes/pull/134740), [@hoskeri](https://github.com/hoskeri))", + "author": "hoskeri", + "author_url": "https://github.com/hoskeri", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134740", + "pr_number": 134740, + "kinds": [ + "bug" + ], + "sigs": [ + "scheduling" + ], + "is_mapped": true + }, + "134743": { + "commit": "eea58e01f445175d7e571fb199403a20c96b5faa", + "text": "Fixed an issue where the `kubelet` `/configz` endpoint reported an incorrect value for `kubeletconfig.cgroupDriver` when the cgroup driver setting was received from the container runtime.", + "markdown": "Fixed an issue where the `kubelet` `/configz` endpoint reported an incorrect value for `kubeletconfig.cgroupDriver` when the cgroup driver setting was received from the container runtime. ([#134743](https://github.com/kubernetes/kubernetes/pull/134743), [@marquiz](https://github.com/marquiz))", + "author": "marquiz", + "author_url": "https://github.com/marquiz", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134743", + "pr_number": 134743, + "areas": [ + "kubelet" + ], + "kinds": [ + "bug" + ], + "sigs": [ + "node" + ], + "is_mapped": true + }, + "134744": { + "commit": "ec5425a6ef45b0df37c66171913edaf0f443567e", + "text": "ACTION REQUIRED:\n\nvendor: Updated `k8s.io/system-validators` to `v1.12.1`. The cgroups validator now throws an error instead of a warning if cgroups v1 is detected on the host and the provided KubeletVersion is `v1.35` or newer.\n\nkubeadm: Started using `k8s.io/system-validators` `v1.12.1` in `kubeadm` `v1.35`. During `kubeadm init`, `kubeadm join`, and `kubeadm upgrade`, the SystemVerification preflight check throws an error if cgroups v1 is detected and the detected `kubelet` version is `v1.35` or newer. For older versions of `kubelet`, a preflight warning is displayed.\n\nTo allow cgroups v1 with `kubeadm` and `kubelet` version `v1.35` or newer, you must:\n- Ignore the error from the SystemVerification preflight check by `kubeadm`.\n- Edit the `kube-system/kubelet-config` ConfigMap and add the `failCgroupV1: false` field before upgrading.", + "markdown": "ACTION REQUIRED:\n \n vendor: Updated `k8s.io/system-validators` to `v1.12.1`. The cgroups validator now throws an error instead of a warning if cgroups v1 is detected on the host and the provided KubeletVersion is `v1.35` or newer.\n \n kubeadm: Started using `k8s.io/system-validators` `v1.12.1` in `kubeadm` `v1.35`. During `kubeadm init`, `kubeadm join`, and `kubeadm upgrade`, the SystemVerification preflight check throws an error if cgroups v1 is detected and the detected `kubelet` version is `v1.35` or newer. For older versions of `kubelet`, a preflight warning is displayed.\n \n To allow cgroups v1 with `kubeadm` and `kubelet` version `v1.35` or newer, you must:\n - Ignore the error from the SystemVerification preflight check by `kubeadm`.\n - Edit the `kube-system/kubelet-config` ConfigMap and add the `failCgroupV1: false` field before upgrading. ([#134744](https://github.com/kubernetes/kubernetes/pull/134744), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle and Node]", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/issues/5573", + "type": "KEP" + } + ], + "author": "neolit123", + "author_url": "https://github.com/neolit123", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134744", + "pr_number": 134744, + "areas": [ + "kubeadm", + "dependency" + ], + "kinds": [ + "feature" + ], + "sigs": [ + "cluster-lifecycle", + "node" + ], + "feature": true, + "duplicate": true, + "action_required": true, + "is_mapped": true + }, + "134746": { + "commit": "0452b0aec7c0def662cb43c8ddaeb0df521c71b8", + "text": "Added the `ChangeContainerStatusOnKubeletRestart` feature gate, which defaults to disabled. When the feature gate is disabled, `kubelet` does not change the Pod status upon restart, and Pods do not re-run startup probes after the `kubelet` restarts.", + "markdown": "Added the `ChangeContainerStatusOnKubeletRestart` feature gate, which defaults to disabled. When the feature gate is disabled, `kubelet` does not change the Pod status upon restart, and Pods do not re-run startup probes after the `kubelet` restarts. ([#134746](https://github.com/kubernetes/kubernetes/pull/134746), [@HirazawaUi](https://github.com/HirazawaUi)) [SIG Node and Testing]", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/issues/4781", + "type": "KEP" + } + ], + "author": "HirazawaUi", + "author_url": "https://github.com/HirazawaUi", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134746", + "pr_number": 134746, + "areas": [ + "test", + "kubelet" + ], + "kinds": [ + "feature" + ], + "sigs": [ + "node", + "testing" + ], + "feature": true, + "duplicate": true, + "is_mapped": true + }, + "134760": { + "commit": "3ef02627669c71a7597d58fcb4eaa1a3ded9d711", + "text": "Added the `Step` field to the testing framework to allow volume expansion in configurable step sizes for tests.", + "markdown": "Added the `Step` field to the testing framework to allow volume expansion in configurable step sizes for tests. ([#134760](https://github.com/kubernetes/kubernetes/pull/134760), [@Rishita-Golla](https://github.com/Rishita-Golla)) [SIG Storage and Testing]", + "author": "Rishita-Golla", + "author_url": "https://github.com/Rishita-Golla", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134760", + "pr_number": 134760, + "areas": [ + "test", + "e2e-test-framework" + ], + "kinds": [ + "cleanup" + ], + "sigs": [ + "storage", + "testing" + ], + "duplicate": true, + "is_mapped": true + }, + "134769": { + "commit": "276c59af7c4c78153248a816f5fa04f499323028", + "text": "Fixed a bug where Job status updates fail after resuming a Job that was previously started and suspended.\nThe error message was: `status.startTime: Required value: startTime cannot be removed for unsuspended job`.", + "markdown": "Fixed a bug where Job status updates fail after resuming a Job that was previously started and suspended.\n The error message was: `status.startTime: Required value: startTime cannot be removed for unsuspended job`. ([#134769](https://github.com/kubernetes/kubernetes/pull/134769), [@dejanzele](https://github.com/dejanzele)) [SIG Apps and Testing]", + "author": "dejanzele", + "author_url": "https://github.com/dejanzele", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134769", + "pr_number": 134769, + "areas": [ + "test" + ], + "kinds": [ + "bug" + ], + "sigs": [ + "apps", + "testing" + ], + "duplicate": true, + "is_mapped": true + }, + "134777": { + "commit": "d915ef1660a6a7ac8cada8d7b526f7bf8bf12bd2", + "text": "Promoted `kubectl` command headers to stable.", + "markdown": "Promoted `kubectl` command headers to stable. ([#134777](https://github.com/kubernetes/kubernetes/pull/134777), [@soltysh](https://github.com/soltysh)) [SIG CLI and Testing]", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/issues/859", + "type": "KEP" + } + ], + "author": "soltysh", + "author_url": "https://github.com/soltysh", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134777", + "pr_number": 134777, + "areas": [ + "test", + "kubectl" + ], + "kinds": [ + "cleanup", + "feature" + ], + "sigs": [ + "cli", + "testing" + ], + "feature": true, + "duplicate": true, + "duplicate_kind": true, + "is_mapped": true + }, + "134779": { + "commit": "4695bb6c19af291902ff701bf6dfcce1ed84bdef", + "text": "`kubeadm`: Updated the supported etcd version to `v3.5.24` for control plane versions `v1.32`, `v1.33`, and `v1.34`.", + "markdown": "`kubeadm`: Updated the supported etcd version to `v3.5.24` for control plane versions `v1.32`, `v1.33`, and `v1.34`. ([#134779](https://github.com/kubernetes/kubernetes/pull/134779), [@joshjms](https://github.com/joshjms)) [SIG API Machinery, Cloud Provider, Cluster Lifecycle, Etcd and Testing]", + "author": "joshjms", + "author_url": "https://github.com/joshjms", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134779", + "pr_number": 134779, + "areas": [ + "test", + "provider/gcp", + "release-eng", + "kubeadm" + ], + "kinds": [ + "cleanup" + ], + "sigs": [ + "api-machinery", + "cloud-provider", + "cluster-lifecycle", + "etcd", + "testing" + ], + "duplicate": true, + "is_mapped": true + }, + "134780": { + "commit": "4415f00294cff245a9594055aed29abcd4e4a0c1", + "text": "Updated the etcd client library to `v3.6.5`.", + "markdown": "Updated the etcd client library to `v3.6.5`. ([#134780](https://github.com/kubernetes/kubernetes/pull/134780), [@joshjms](https://github.com/joshjms)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage]", + "author": "joshjms", + "author_url": "https://github.com/joshjms", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134780", + "pr_number": 134780, + "areas": [ + "kubelet", + "kube-proxy", + "apiserver", + "kubectl", + "cloudprovider", + "code-generation", + "dependency" + ], + "kinds": [ + "cleanup" + ], + "sigs": [ + "api-machinery", + "architecture", + "auth", + "cli", + "cloud-provider", + "cluster-lifecycle", + "instrumentation", + "network", + "node", + "scheduling", + "storage" + ], + "duplicate": true, + "is_mapped": true + }, + "134781": { + "commit": "0bb040288a3a42deb8cce2a65df45b9dfd90d3bb", + "text": "`kubeadm`: Removed the `WaitForAllControlPlaneComponents` feature gate, which graduated to GA in `v1.34` and was locked to enabled by default.", + "markdown": "`kubeadm`: Removed the `WaitForAllControlPlaneComponents` feature gate, which graduated to GA in `v1.34` and was locked to enabled by default. ([#134781](https://github.com/kubernetes/kubernetes/pull/134781), [@neolit123](https://github.com/neolit123))", + "author": "neolit123", + "author_url": "https://github.com/neolit123", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134781", + "pr_number": 134781, + "areas": [ + "kubeadm" + ], + "kinds": [ + "cleanup" + ], + "sigs": [ + "cluster-lifecycle" + ], + "is_mapped": true + }, + "134782": { + "commit": "286d13b96c0e7ddfb9bb1eca7433a90de93a645c", + "text": "Dropped support for `certificates/v1beta1` `CertificateSigningRequest` in `kubectl`.", + "markdown": "Dropped support for `certificates/v1beta1` `CertificateSigningRequest` in `kubectl`. ([#134782](https://github.com/kubernetes/kubernetes/pull/134782), [@scaliby](https://github.com/scaliby))", + "author": "scaliby", + "author_url": "https://github.com/scaliby", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134782", + "pr_number": 134782, + "areas": [ + "kubectl" + ], + "kinds": [ + "cleanup" + ], + "sigs": [ + "cli" + ], + "is_mapped": true + }, + "134784": { + "commit": "3ec2d82da57f2018fc76ae13da7a23a3f9a364f5", + "text": "Added the `StorageVersionMigration` `v1beta1` API and removed the `v1alpha1` API.\n\nACTION REQUIRED: The `v1alpha1` API is no longer supported. Users must remove any `v1alpha1` resources before upgrading.", + "markdown": "Added the `StorageVersionMigration` `v1beta1` API and removed the `v1alpha1` API.\n \n ACTION REQUIRED: The `v1alpha1` API is no longer supported. Users must remove any `v1alpha1` resources before upgrading. ([#134784](https://github.com/kubernetes/kubernetes/pull/134784), [@michaelasp](https://github.com/michaelasp)) [SIG API Machinery, Apps, Auth, Etcd and Testing]", + "documentation": [ + { + "description": "KEP: KEP", + "url": "https://github.com/kubernetes/enhancements/issues/4192", + "type": "KEP" + } + ], + "author": "michaelasp", + "author_url": "https://github.com/michaelasp", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134784", + "pr_number": 134784, + "areas": [ + "test", + "apiserver", + "code-generation" + ], + "kinds": [ + "api-change", + "feature" + ], + "sigs": [ + "api-machinery", + "apps", + "auth", + "etcd", + "testing" + ], + "feature": true, + "duplicate": true, + "duplicate_kind": true, + "action_required": true, + "is_mapped": true + }, + "134793": { + "commit": "3717c7025ea34b29ccbb70fda8cf032478f43933", + "text": "Fixed an issue where requests for a config `FromClass` in the `ResourceClaim` status were not referenced.", + "markdown": "Fixed an issue where requests for a config `FromClass` in the `ResourceClaim` status were not referenced. ([#134793](https://github.com/kubernetes/kubernetes/pull/134793), [@LionelJouin](https://github.com/LionelJouin))", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/issues/4381", + "type": "KEP" + } + ], + "author": "LionelJouin", + "author_url": "https://github.com/LionelJouin", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134793", + "pr_number": 134793, + "kinds": [ + "bug" + ], + "sigs": [ + "node" + ], + "is_mapped": true + }, + "134803": { + "commit": "3d595e369174450a4d81269ca8f97032cf0b4ab6", + "text": "Implemented constrained impersonation as described in [KEP-5284](https://kep.k8s.io/5284).", + "markdown": "Implemented constrained impersonation as described in [KEP-5284](https://kep.k8s.io/5284). ([#134803](https://github.com/kubernetes/kubernetes/pull/134803), [@enj](https://github.com/enj)) [SIG API Machinery, Auth and Testing]", + "documentation": [ + { + "description": "[KEP]", + "url": "https://kep.k8s.io/5284", + "type": "external" + } + ], + "author": "enj", + "author_url": "https://github.com/enj", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134803", + "pr_number": 134803, + "areas": [ + "test", + "apiserver", + "code-generation" + ], + "kinds": [ + "api-change", + "feature" + ], + "sigs": [ + "api-machinery", + "auth", + "testing" + ], + "feature": true, + "duplicate": true, + "duplicate_kind": true, + "is_mapped": true + }, + "134826": { + "commit": "1135d04f1d7746b553a675a558efc58e651eabae", + "text": "CSI drivers can now opt in to receive service account tokens via the secrets field instead of volume context by setting `spec.serviceAccountTokenInSecrets: true` in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the `CSIServiceAccountTokenSecrets` feature gate (beta in `v1.35`).", + "markdown": "CSI drivers can now opt in to receive service account tokens via the secrets field instead of volume context by setting `spec.serviceAccountTokenInSecrets: true` in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the `CSIServiceAccountTokenSecrets` feature gate (beta in `v1.35`). ([#134826](https://github.com/kubernetes/kubernetes/pull/134826), [@aramase](https://github.com/aramase)) [SIG API Machinery, Auth, Storage and Testing]", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/5538-csi-sa-tokens-secrets-field", + "type": "KEP" + } + ], + "author": "aramase", + "author_url": "https://github.com/aramase", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134826", + "pr_number": 134826, + "areas": [ + "test", + "code-generation" + ], + "kinds": [ + "api-change", + "feature" + ], + "sigs": [ + "api-machinery", + "auth", + "storage", + "testing" + ], + "feature": true, + "duplicate": true, + "duplicate_kind": true, + "is_mapped": true + }, + "134833": { + "commit": "fb10a2995459c52238024adbb10ffdfbdafd2c4d", + "text": "Fixed a panic in `kubectl api-resources` that occurred when the Discovery Client failed.", + "markdown": "Fixed a panic in `kubectl api-resources` that occurred when the Discovery Client failed. ([#134833](https://github.com/kubernetes/kubernetes/pull/134833), [@rikatz](https://github.com/rikatz))", + "author": "rikatz", + "author_url": "https://github.com/rikatz", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134833", + "pr_number": 134833, + "areas": [ + "kubectl" + ], + "kinds": [ + "bug" + ], + "sigs": [ + "cli" + ], + "is_mapped": true + }, + "134875": { + "commit": "934c34435ad851469ee6e97e9da0117fe77494bf", + "text": "Fixed a bug where the health of a DRA resource was not reported in the Pod status if the resource claim was generated from a template or used a different local name in the Pod spec.", + "markdown": "Fixed a bug where the health of a DRA resource was not reported in the Pod status if the resource claim was generated from a template or used a different local name in the Pod spec. ([#134875](https://github.com/kubernetes/kubernetes/pull/134875), [@Jpsassine](https://github.com/Jpsassine)) [SIG Node and Testing]", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/4680-add-resource-health-to-pod-status/README.md", + "type": "KEP" + } + ], + "author": "Jpsassine", + "author_url": "https://github.com/Jpsassine", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134875", + "pr_number": 134875, + "areas": [ + "test", + "kubelet" + ], + "kinds": [ + "bug" + ], + "sigs": [ + "node", + "testing" + ], + "duplicate": true, + "is_mapped": true + }, + "134905": { + "commit": "c30b578ee59ad0b1505009897a2a3d7766a6073e", + "text": "Scheduler: Added the `bindingTimeout` argument to the DynamicResources plugin configuration, allowing customization of the wait duration in `PreBind` for device binding conditions.\nDefaults to 10 minutes when `DRADeviceBindingConditions` and `DRAResourceClaimDeviceStatus` are both enabled.", + "markdown": "Scheduler: Added the `bindingTimeout` argument to the DynamicResources plugin configuration, allowing customization of the wait duration in `PreBind` for device binding conditions.\n Defaults to 10 minutes when `DRADeviceBindingConditions` and `DRAResourceClaimDeviceStatus` are both enabled. ([#134905](https://github.com/kubernetes/kubernetes/pull/134905), [@fj-naji](https://github.com/fj-naji)) [SIG Node and Scheduling]", + "author": "fj-naji", + "author_url": "https://github.com/fj-naji", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134905", + "pr_number": 134905, + "areas": [ + "code-generation" + ], + "kinds": [ + "api-change", + "feature" + ], + "sigs": [ + "node", + "scheduling" + ], + "feature": true, + "duplicate": true, + "duplicate_kind": true, + "is_mapped": true + }, + "134906": { + "commit": "5e2ad84f6701a89fb9598fbcef46738f09fac386", + "text": "`kubeadm`: Added a preflight check `ContainerRuntimeVersion` to validate if the installed container runtime supports the `RuntimeConfig` gRPC method. If unsupported, `kubeadm` prints a warning message.\n\nStarting with Kubernetes `v1.36`, `kubelet` might refuse to start if the CRI runtime does not support this feature. More information can be found at the [Kubernetes blog](https://kubernetes.io/blog/2025/09/12/kubernetes-v1-34-cri-cgroup-driver-lookup-now-ga/).", + "markdown": "`kubeadm`: Added a preflight check `ContainerRuntimeVersion` to validate if the installed container runtime supports the `RuntimeConfig` gRPC method. If unsupported, `kubeadm` prints a warning message.\n \n Starting with Kubernetes `v1.36`, `kubelet` might refuse to start if the CRI runtime does not support this feature. More information can be found at the [Kubernetes blog](https://kubernetes.io/blog/2025/09/12/kubernetes-v1-34-cri-cgroup-driver-lookup-now-ga/). ([#134906](https://github.com/kubernetes/kubernetes/pull/134906), [@carlory](https://github.com/carlory))", + "documentation": [ + { + "description": "[KEP]", + "url": "https://kep.k8s.io/4033", + "type": "external" + } + ], + "author": "carlory", + "author_url": "https://github.com/carlory", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134906", + "pr_number": 134906, + "areas": [ + "kubeadm" + ], + "kinds": [ + "feature" + ], + "sigs": [ + "cluster-lifecycle" + ], + "feature": true, + "is_mapped": true + }, + "134913": { + "commit": "3f1255dd5fc332de16e920c3b92168002841e545", + "text": "Dropped support for `discovery/v1beta1` `EndpointSlice` in `kubectl`.", + "markdown": "Dropped support for `discovery/v1beta1` `EndpointSlice` in `kubectl`. ([#134913](https://github.com/kubernetes/kubernetes/pull/134913), [@scaliby](https://github.com/scaliby))", + "author": "scaliby", + "author_url": "https://github.com/scaliby", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134913", + "pr_number": 134913, + "areas": [ + "kubectl" + ], + "kinds": [ + "cleanup" + ], + "sigs": [ + "cli" + ], + "is_mapped": true + }, + "134948": { + "commit": "a490c43f0ec6bf9fa4fa19a5b9a5a9937716d87a", + "text": "Promoted `PodObservedGenerationTracking` to GA.", + "markdown": "Promoted `PodObservedGenerationTracking` to GA. ([#134948](https://github.com/kubernetes/kubernetes/pull/134948), [@natasha41575](https://github.com/natasha41575)) [SIG API Machinery, Apps, Node, Scheduling and Testing]", + "author": "natasha41575", + "author_url": "https://github.com/natasha41575", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134948", + "pr_number": 134948, + "areas": [ + "test", + "kubelet", + "code-generation" + ], + "kinds": [ + "api-change" + ], + "sigs": [ + "api-machinery", + "apps", + "node", + "scheduling", + "testing" + ], + "duplicate": true, + "is_mapped": true + }, + "134949": { + "commit": "a13ad97048f4da8e4ce2f22dcd6e02a4173ecf9e", + "text": "Promoted `InPlacePodVerticalScaling` to GA.", + "markdown": "Promoted `InPlacePodVerticalScaling` to GA. ([#134949](https://github.com/kubernetes/kubernetes/pull/134949), [@natasha41575](https://github.com/natasha41575)) [SIG API Machinery, Node and Scheduling]", + "author": "natasha41575", + "author_url": "https://github.com/natasha41575", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134949", + "pr_number": 134949, + "areas": [ + "kubelet" + ], + "kinds": [ + "feature" + ], + "sigs": [ + "api-machinery", + "node", + "scheduling" + ], + "feature": true, + "duplicate": true, + "is_mapped": true + }, + "134956": { + "commit": "808d320de1e76c3ee89c09f8a65857781b8c5f5b", + "text": "Removed `BlockOwnerDeletion` from `ResourceClaim` created from `ResourceClaimTemplate` and from `extendedResourceClaim` created by the `scheduler`.", + "markdown": "Removed `BlockOwnerDeletion` from `ResourceClaim` created from `ResourceClaimTemplate` and from `extendedResourceClaim` created by the `scheduler`. ([#134956](https://github.com/kubernetes/kubernetes/pull/134956), [@yliaog](https://github.com/yliaog)) [SIG Apps, Node and Scheduling]", + "author": "yliaog", + "author_url": "https://github.com/yliaog", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134956", + "pr_number": 134956, + "kinds": [ + "bug" + ], + "sigs": [ + "apps", + "node", + "scheduling" + ], + "duplicate": true, + "is_mapped": true + }, + "134962": { + "commit": "c329e6492901b7aae1a7555d895e1f75fb43b881", + "text": "Fixed an issue with setting `distinctAttribute=nil` when the `DRAConsumableCapacity` feature gate is disabled.", + "markdown": "Fixed an issue with setting `distinctAttribute=nil` when the `DRAConsumableCapacity` feature gate is disabled. ([#134962](https://github.com/kubernetes/kubernetes/pull/134962), [@sunya-ch](https://github.com/sunya-ch))", + "author": "sunya-ch", + "author_url": "https://github.com/sunya-ch", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134962", + "pr_number": 134962, + "kinds": [ + "bug" + ], + "sigs": [ + "node" + ], + "is_mapped": true + }, + "134964": { + "commit": "b5c62b1b10d0643d0be841eff2a0e9f1b0b77ca2", + "text": "Dropped `DeviceBindingConditions` fields when the `DRADeviceBindingConditions` feature gate is not enabled and not in use.", + "markdown": "Dropped `DeviceBindingConditions` fields when the `DRADeviceBindingConditions` feature gate is not enabled and not in use. ([#134964](https://github.com/kubernetes/kubernetes/pull/134964), [@sunya-ch](https://github.com/sunya-ch))", + "author": "sunya-ch", + "author_url": "https://github.com/sunya-ch", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134964", + "pr_number": 134964, + "kinds": [ + "bug" + ], + "is_mapped": true + }, + "134984": { + "commit": "1ffcea577bec6886c940245bd804991c737a5a52", + "text": "Added `ObservedGeneration` to CustomResourceDefinition conditions.", + "markdown": "Added `ObservedGeneration` to CustomResourceDefinition conditions. ([#134984](https://github.com/kubernetes/kubernetes/pull/134984), [@michaelasp](https://github.com/michaelasp))", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/issues/4192", + "type": "KEP" + } + ], + "author": "michaelasp", + "author_url": "https://github.com/michaelasp", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134984", + "pr_number": 134984, + "areas": [ + "apiserver", + "code-generation" + ], + "kinds": [ + "api-change", + "feature" + ], + "sigs": [ + "api-machinery" + ], + "feature": true, + "duplicate_kind": true, + "is_mapped": true + }, + "134994": { + "commit": "4ca91a6542802f1339caf6f2f8dfe917beb5ce9c", + "text": "Removed the `StrictCostEnforcementForVAP` and `StrictCostEnforcementForWebhooks` feature gates, which were locked since `v1.32`.", + "markdown": "Removed the `StrictCostEnforcementForVAP` and `StrictCostEnforcementForWebhooks` feature gates, which were locked since `v1.32`. ([#134994](https://github.com/kubernetes/kubernetes/pull/134994), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Auth, Node and Testing]", + "author": "liggitt", + "author_url": "https://github.com/liggitt", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134994", + "pr_number": 134994, + "areas": [ + "test", + "apiserver" + ], + "kinds": [ + "cleanup", + "api-change" + ], + "sigs": [ + "api-machinery", + "auth", + "node", + "testing" + ], + "duplicate": true, + "duplicate_kind": true, + "is_mapped": true + }, + "134995": { + "commit": "5fd9cefd95b7e775ab515b3cf7ff2d159df1acd8", + "text": "Introduced a structured and versioned `v1alpha1` response format for the `flagz` endpoint.", + "markdown": "Introduced a structured and versioned `v1alpha1` response format for the `flagz` endpoint. ([#134995](https://github.com/kubernetes/kubernetes/pull/134995), [@yongruilin](https://github.com/yongruilin)) [SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing]", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/blob/master/keps/sig-instrumentation/4828-component-flagz/README.md", + "type": "KEP" + } + ], + "author": "yongruilin", + "author_url": "https://github.com/yongruilin", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/134995", + "pr_number": 134995, + "areas": [ + "test", + "kubelet", + "kube-proxy", + "apiserver", + "code-generation", + "dependency" + ], + "kinds": [ + "api-change", + "feature" + ], + "sigs": [ + "api-machinery", + "architecture", + "instrumentation", + "network", + "node", + "scheduling", + "testing" + ], + "feature": true, + "duplicate": true, + "duplicate_kind": true, + "is_mapped": true + }, + "135003": { + "commit": "9cad3f8787606d711ea8890398877fdfab011474", + "text": "Added `kubectl kuberc view` and `kubectl kuberc set` commands to perform operations against the `kuberc` file.", + "markdown": "Added `kubectl kuberc view` and `kubectl kuberc set` commands to perform operations against the `kuberc` file. ([#135003](https://github.com/kubernetes/kubernetes/pull/135003), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI and Testing]", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/3104-introduce-kuberc", + "type": "KEP" + } + ], + "author": "ardaguclu", + "author_url": "https://github.com/ardaguclu", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/135003", + "pr_number": 135003, + "areas": [ + "test", + "kubectl" + ], + "kinds": [ + "feature" + ], + "sigs": [ + "cli", + "testing" + ], + "feature": true, + "duplicate": true, + "is_mapped": true + }, + "135007": { + "commit": "f09cd625bc3cd5fa8debb5d487db76ca49028402", + "text": "The scheduler now clears the `nominatedNodeName` field for Pods upon scheduling or binding failure. External components, such as Cluster Autoscaler and Karpenter, should not overwrite this field.", + "markdown": "The scheduler now clears the `nominatedNodeName` field for Pods upon scheduling or binding failure. External components, such as Cluster Autoscaler and Karpenter, should not overwrite this field. ([#135007](https://github.com/kubernetes/kubernetes/pull/135007), [@ania-borowiec](https://github.com/ania-borowiec)) [SIG Scheduling and Testing]", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/issues/5278", + "type": "KEP" + } + ], + "author": "ania-borowiec", + "author_url": "https://github.com/ania-borowiec", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/135007", + "pr_number": 135007, + "areas": [ + "test" + ], + "kinds": [ + "feature" + ], + "sigs": [ + "scheduling", + "testing" + ], + "feature": true, + "duplicate": true, + "is_mapped": true + }, + "135017": { + "commit": "48c56e04e0bc2cdc33eb67ee36ca69eba96b5d0b", + "text": "`kube-controller-manager`: Fixed a `v1.34` regression that triggered a spurious rollout of existing StatefulSets when upgrading the control plane from `v1.33` to `v1.34`. This fix is guarded by the `StatefulSetSemanticRevisionComparison` feature gate, which is enabled by default.", + "markdown": "`kube-controller-manager`: Fixed a `v1.34` regression that triggered a spurious rollout of existing StatefulSets when upgrading the control plane from `v1.33` to `v1.34`. This fix is guarded by the `StatefulSetSemanticRevisionComparison` feature gate, which is enabled by default. ([#135017](https://github.com/kubernetes/kubernetes/pull/135017), [@liggitt](https://github.com/liggitt))", + "author": "liggitt", + "author_url": "https://github.com/liggitt", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/135017", + "pr_number": 135017, + "kinds": [ + "bug", + "regression" + ], + "sigs": [ + "apps" + ], + "duplicate_kind": true, + "is_mapped": true + }, + "135059": { + "commit": "22d41b544337e1ebd6c80f36e1c8cf05be3797bf", + "text": "After fixing regressions detected in `v1.34`, the `SchedulerAsyncAPICalls` feature gate was re-enabled by default.", + "markdown": "After fixing regressions detected in `v1.34`, the `SchedulerAsyncAPICalls` feature gate was re-enabled by default. ([#135059](https://github.com/kubernetes/kubernetes/pull/135059), [@macsko](https://github.com/macsko))", + "author": "macsko", + "author_url": "https://github.com/macsko", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/135059", + "pr_number": 135059, + "kinds": [ + "feature" + ], + "sigs": [ + "scheduling" + ], + "feature": true, + "is_mapped": true + }, + "135080": { + "commit": "97cb47a91330db13d05e8674ce2a80ace19e4d99", + "text": "Promoted the `JobManagedBy` feature to general availability. The `JobManagedBy` feature gate was locked to `true` and will be removed in a future Kubernetes release.", + "markdown": "Promoted the `JobManagedBy` feature to general availability. The `JobManagedBy` feature gate was locked to `true` and will be removed in a future Kubernetes release. ([#135080](https://github.com/kubernetes/kubernetes/pull/135080), [@dejanzele](https://github.com/dejanzele)) [SIG API Machinery, Apps and Testing]", + "documentation": [ + { + "description": "[KEP]", + "url": "https://github.com/kubernetes/enhancements/issues/4368", + "type": "KEP" + } + ], + "author": "dejanzele", + "author_url": "https://github.com/dejanzele", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/135080", + "pr_number": 135080, + "areas": [ + "test", + "code-generation" + ], + "kinds": [ + "api-change", + "feature" + ], + "sigs": [ + "api-machinery", + "apps", + "testing" + ], + "feature": true, + "duplicate": true, + "duplicate_kind": true, + "is_mapped": true + }, + "135081": { + "commit": "2a48a78fcb9f0574f2cd7e453fcf56d5ff1c0daa", + "text": "Reduced event spam during volume operation errors in the Portworx in-tree driver.", + "markdown": "Reduced event spam during volume operation errors in the Portworx in-tree driver. ([#135081](https://github.com/kubernetes/kubernetes/pull/135081), [@gohilankit](https://github.com/gohilankit))", + "author": "gohilankit", + "author_url": "https://github.com/gohilankit", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/135081", + "pr_number": 135081, + "kinds": [ + "cleanup" + ], + "sigs": [ + "storage" + ], + "do_not_publish": true, + "is_mapped": true + }, + "135084": { + "commit": "459bea5adffe702cf3bc006b160f863399bf560d", + "text": "Pod resize now only allows CPU and memory resources; other resource types are forbidden.", + "markdown": "Pod resize now only allows CPU and memory resources; other resource types are forbidden. ([#135084](https://github.com/kubernetes/kubernetes/pull/135084), [@tallclair](https://github.com/tallclair)) [SIG Apps, Node and Testing]", + "author": "tallclair", + "author_url": "https://github.com/tallclair", + "pr_url": "https://github.com/kubernetes/kubernetes/pull/135084", + "pr_number": 135084, + "areas": [ + "test" + ], + "kinds": [ + "bug", + "api-change" + ], + "sigs": [ + "apps", + "node", + "testing" + ], + "duplicate": true, + "duplicate_kind": true, + "is_mapped": true } -} +} \ No newline at end of file diff --git a/releases/release-1.35/release-notes/release-notes-draft.md b/releases/release-1.35/release-notes/release-notes-draft.md index a798f386dd8..71cbf9854d9 100644 --- a/releases/release-1.35/release-notes/release-notes-draft.md +++ b/releases/release-1.35/release-notes/release-notes-draft.md @@ -1,47 +1,97 @@ +## Urgent Upgrade Notes + +### (No, really, you MUST read this before you upgrade) + +- ACTION REQUIRED: + + vendor: Updated `k8s.io/system-validators` to `v1.12.1`. The cgroups validator now throws an error instead of a warning if cgroups v1 is detected on the host and the provided KubeletVersion is `v1.35` or newer. + + kubeadm: Started using `k8s.io/system-validators` `v1.12.1` in `kubeadm` `v1.35`. During `kubeadm init`, `kubeadm join`, and `kubeadm upgrade`, the SystemVerification preflight check throws an error if cgroups v1 is detected and the detected `kubelet` version is `v1.35` or newer. For older versions of `kubelet`, a preflight warning is displayed. + + To allow cgroups v1 with `kubeadm` and `kubelet` version `v1.35` or newer, you must: + - Ignore the error from the SystemVerification preflight check by `kubeadm`. + - Edit the `kube-system/kubelet-config` ConfigMap and add the `failCgroupV1: false` field before upgrading. ([#134744](https://github.com/kubernetes/kubernetes/pull/134744), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle and Node] + - ACTION REQUIRED: + + Removed the `--pod-infra-container-image` flag from `kubelet` command line. For `non-kubeadm` clusters, users must manually remove this flag from their `kubelet` configuration to prevent startup failures before upgrading `kubelet`. For `kubeadm` clusters, if users pass extra arguments to the `kubelet` like `--pod-infra-container-image`, it will be written to the `kubelet` env file during the `init` phase. `kubeadm` does not remove it during the `init` or `join` phase, so users must manually remove it from `extraArgs` in the `kubelet` configuration file. ([#133779](https://github.com/kubernetes/kubernetes/pull/133779), [@carlory](https://github.com/carlory)) + ## Changes by Kind ### Deprecation -- Marked `ipvs` mode in kube-proxy as deprecated, which will be removed in a future version of Kubernetes. Users are encouraged to migrate to `nftables`. ([#134539](https://github.com/kubernetes/kubernetes/pull/134539), [@adrianmoisey](https://github.com/adrianmoisey)) -- ACTION REQUIRED: `failCgroupV1` will be set to true from 1.35. +- ACTION REQUIRED: `failCgroupV1` will be set to true from 1.35. This means that nodes will not start on a cgroup v1 by default. This puts cgroup v1 into a deprecated state. ([#134298](https://github.com/kubernetes/kubernetes/pull/134298), [@kannon92](https://github.com/kannon92)) +- Marked `ipvs` mode in kube-proxy as deprecated, which will be removed in a future version of Kubernetes. Users are encouraged to migrate to `nftables`. ([#134539](https://github.com/kubernetes/kubernetes/pull/134539), [@adrianmoisey](https://github.com/adrianmoisey)) ### API Change +- Added `ObservedGeneration` to CustomResourceDefinition conditions. ([#134984](https://github.com/kubernetes/kubernetes/pull/134984), [@michaelasp](https://github.com/michaelasp)) - Added `WithOrigin` within `apis/core/validation` with adjusted tests. ([#132825](https://github.com/kubernetes/kubernetes/pull/132825), [@PatrickLaabs](https://github.com/PatrickLaabs)) +- Added the `--min-compatibility-version` flag to `kube-apiserver`, `kube-controller-manager`, and `kube-scheduler`. ([#133980](https://github.com/kubernetes/kubernetes/pull/133980), [@siyuanfoundation](https://github.com/siyuanfoundation)) [SIG API Machinery, Architecture, Cluster Lifecycle, Etcd, Scheduling and Testing] +- Added the `StorageVersionMigration` `v1beta1` API and removed the `v1alpha1` API. + + ACTION REQUIRED: The `v1alpha1` API is no longer supported. Users must remove any `v1alpha1` resources before upgrading. ([#134784](https://github.com/kubernetes/kubernetes/pull/134784), [@michaelasp](https://github.com/michaelasp)) [SIG API Machinery, Apps, Auth, Etcd and Testing] - Added validation to ensure `log-flush-frequency` is a positive value, returning an error instead of causing a panic. ([#133540](https://github.com/kubernetes/kubernetes/pull/133540), [@BenTheElder](https://github.com/BenTheElder)) [SIG Architecture, Instrumentation, Network and Node] +- CSI drivers can now opt in to receive service account tokens via the secrets field instead of volume context by setting `spec.serviceAccountTokenInSecrets: true` in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the `CSIServiceAccountTokenSecrets` feature gate (beta in `v1.35`). ([#134826](https://github.com/kubernetes/kubernetes/pull/134826), [@aramase](https://github.com/aramase)) [SIG API Machinery, Auth, Storage and Testing] +- DRA device taints: `DeviceTaintRule` status provides information about the rule, including whether Pods still need to be evicted (`EvictionInProgress` condition). The newly added `None` effect can be used to preview what a `DeviceTaintRule` would do if it used the `NoExecute` effect and to taint devices (`device health`) without immediately affecting scheduling or running Pods. ([#134152](https://github.com/kubernetes/kubernetes/pull/134152), [@pohly](https://github.com/pohly)) [SIG API Machinery, Apps, Auth, Node, Release, Scheduling and Testing] +- DRA: The `DynamicResourceAllocation` feature gate for the core functionality (GA in `v1.34`) has now been locked to enabled-by-default and cannot be disabled anymore. ([#134452](https://github.com/kubernetes/kubernetes/pull/134452), [@pohly](https://github.com/pohly)) [SIG Auth, Node, Scheduling and Testing] - Enabled `kubectl get -o kyaml` by default. To disable it, set `KUBECTL_KYAML=false`. ([#133327](https://github.com/kubernetes/kubernetes/pull/133327), [@thockin](https://github.com/thockin)) - Feature gate dependencies are now explicit, and validated at startup. A feature can no longer be enabled if it depends on a disabled feature. In particular, this means that `AllAlpha=true` will no longer work without enabling disabled-by-default beta features that are depended on (either with `AllBeta=true` or explicitly enumerating the disabled dependencies). ([#133697](https://github.com/kubernetes/kubernetes/pull/133697), [@tallclair](https://github.com/tallclair)) [SIG API Machinery, Architecture, Cluster Lifecycle and Node] - Generated OpenAPI model packages for API types into `zz_generated.model_name.go` files, accessible via the `OpenAPIModelName()` function. This allows API authors to declare desired OpenAPI model packages instead of relying on the Go package path of API types. ([#131755](https://github.com/kubernetes/kubernetes/pull/131755), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing] +- Implemented constrained impersonation as described in [KEP-5284](https://kep.k8s.io/5284). ([#134803](https://github.com/kubernetes/kubernetes/pull/134803), [@enj](https://github.com/enj)) [SIG API Machinery, Auth and Testing] - Introduced a new declarative validation tag `+k8s:customUnique` to control listmap uniqueness. ([#134279](https://github.com/kubernetes/kubernetes/pull/134279), [@yongruilin](https://github.com/yongruilin)) [SIG API Machinery and Auth] +- Introduced a structured and versioned `v1alpha1` response for the `statusz` endpoint. ([#134313](https://github.com/kubernetes/kubernetes/pull/134313), [@richabanker](https://github.com/richabanker)) [SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] +- Introduced a structured and versioned `v1alpha1` response format for the `flagz` endpoint. ([#134995](https://github.com/kubernetes/kubernetes/pull/134995), [@yongruilin](https://github.com/yongruilin)) [SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Kube-apiserver: Fixed a `v1.34` regression in `CustomResourceDefinition` handling that incorrectly warned about unrecognized formats on number and integer properties. ([#133896](https://github.com/kubernetes/kubernetes/pull/133896), [@yongruilin](https://github.com/yongruilin)) [SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Contributor Experience, Network, Node and Scheduling] - Kube-apiserver: Fixed a possible panic validating a custom resource whose `CustomResourceDefinition` indicates a status subresource exists, but which does not define a `status` property in the `openAPIV3Schema`. ([#133721](https://github.com/kubernetes/kubernetes/pull/133721), [@fusida](https://github.com/fusida)) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] - Kubernetes API Go types removed runtime use of the `github.com/gogo/protobuf` library, and are no longer registered into the global gogo type registry. Kubernetes API Go types were not suitable for use with the `google.golang.org/protobuf` library, and no longer implement `ProtoMessage()` by default to avoid accidental incompatible use. If removal of these marker methods impacts your use, it can be re-enabled for one more release with a `kubernetes_protomessage_one_more_release` build tag, but will be removed in `v1.36`. ([#134256](https://github.com/kubernetes/kubernetes/pull/134256), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Apps, Architecture, Auth, CLI, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage] +- Pod resize now only allows CPU and memory resources; other resource types are forbidden. ([#135084](https://github.com/kubernetes/kubernetes/pull/135084), [@tallclair](https://github.com/tallclair)) [SIG Apps, Node and Testing] - Promoted HPA configurable tolerance to beta. The `HPAConfigurableTolerance` feature gate has now been enabled by default. ([#133128](https://github.com/kubernetes/kubernetes/pull/133128), [@jm-franc](https://github.com/jm-franc)) [SIG API Machinery and Autoscaling] +- Promoted ReplicaSet and Deployment `.status.terminatingReplicas` tracking to beta. The `DeploymentReplicaSetTerminatingReplicas` feature gate is now enabled by default. ([#133087](https://github.com/kubernetes/kubernetes/pull/133087), [@atiratree](https://github.com/atiratree)) [SIG API Machinery, Apps and Testing] +- Promoted `PodObservedGenerationTracking` to GA. ([#134948](https://github.com/kubernetes/kubernetes/pull/134948), [@natasha41575](https://github.com/natasha41575)) [SIG API Machinery, Apps, Node, Scheduling and Testing] +- Promoted the `JobManagedBy` feature to general availability. The `JobManagedBy` feature gate was locked to `true` and will be removed in a future Kubernetes release. ([#135080](https://github.com/kubernetes/kubernetes/pull/135080), [@dejanzele](https://github.com/dejanzele)) [SIG API Machinery, Apps and Testing] - Promoted the `MaxUnavailableStatefulSet` feature to beta and enabling it by default. ([#133153](https://github.com/kubernetes/kubernetes/pull/133153), [@helayoty](https://github.com/helayoty)) [SIG API Machinery and Apps] +- Removed the `StrictCostEnforcementForVAP` and `StrictCostEnforcementForWebhooks` feature gates, which were locked since `v1.32`. ([#134994](https://github.com/kubernetes/kubernetes/pull/134994), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Auth, Node and Testing] +- Scheduler: Added the `bindingTimeout` argument to the DynamicResources plugin configuration, allowing customization of the wait duration in `PreBind` for device binding conditions. + Defaults to 10 minutes when `DRADeviceBindingConditions` and `DRAResourceClaimDeviceStatus` are both enabled. ([#134905](https://github.com/kubernetes/kubernetes/pull/134905), [@fj-naji](https://github.com/fj-naji)) [SIG Node and Scheduling] +- The Pod Certificates feature moved to beta. The `PodCertificateRequest` feature gate is set disabled by default. To use the feature, users must enable the certificates API groups in `v1beta1` and enable the `PodCertificateRequest` feature gate. The `UserAnnotations` field was added to the `PodCertificateProjection` API and the corresponding `UnverifiedUserAnnotations` field was added to the `PodCertificateRequest` API. ([#134624](https://github.com/kubernetes/kubernetes/pull/134624), [@yt2985](https://github.com/yt2985)) [SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node and Testing] +- The `PreferSameZone` and `PreferSameNode` values for the Service + `trafficDistribution` field graduated to general availability. The + `PreferClose` value is now deprecated in favor of the more explicit + `PreferSameZone`. ([#134457](https://github.com/kubernetes/kubernetes/pull/134457), [@danwinship](https://github.com/danwinship)) [SIG API Machinery, Apps, Network and Testing] - Updated storage version for `MutatingAdmissionPolicy` to `v1beta1`. ([#133715](https://github.com/kubernetes/kubernetes/pull/133715), [@cici37](https://github.com/cici37)) [SIG API Machinery, Etcd and Testing] - Upgraded the `PodObservedGenerationTracking` feature to beta in `v1.34` and removed the alpha version description from the OpenAPI specification. ([#133883](https://github.com/kubernetes/kubernetes/pull/133883), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) ### Feature - Added `k8s-short-name` and `k8s-long-name` format validation tags to enforce DNS label and DNS subdomain compliance. ([#133894](https://github.com/kubernetes/kubernetes/pull/133894), [@lalitc375](https://github.com/lalitc375)) +- Added `kubectl kuberc view` and `kubectl kuberc set` commands to perform operations against the `kuberc` file. ([#135003](https://github.com/kubernetes/kubernetes/pull/135003), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI and Testing] - Added `kubelet` stress test for pod cleanup when rejection due to `VolumeAttachmentLimitExceeded`. ([#133357](https://github.com/kubernetes/kubernetes/pull/133357), [@torredil](https://github.com/torredil)) [SIG Node and Storage] - Added `paths` section to kubelet `statusz` endpoint. ([#133239](https://github.com/kubernetes/kubernetes/pull/133239), [@Peac36](https://github.com/Peac36)) +- Added a `source` label to the `resourceclaim_controller_resource_claims` metric. + Added the `scheduler_resourceclaim_creates_total` metric for `DRAExtendedResource`. ([#134523](https://github.com/kubernetes/kubernetes/pull/134523), [@bitoku](https://github.com/bitoku)) [SIG Apps, Instrumentation, Node and Scheduling] +- Added a counter metric `kubelet_image_manager_ensure_image_requests_total{present_locally, pull_policy, pull_required}` that exposes details about `kubelet` ensuring an image exists on the node. ([#132644](https://github.com/kubernetes/kubernetes/pull/132644), [@stlaz](https://github.com/stlaz)) [SIG Auth and Node] - Added metrics for the `MaxUnavailable` feature in `StatefulSet`. ([#130951](https://github.com/kubernetes/kubernetes/pull/130951), [@Edwinhr716](https://github.com/Edwinhr716)) [SIG Apps and Instrumentation] - Added paths section to scheduler `statusz` endpoint. ([#132606](https://github.com/kubernetes/kubernetes/pull/132606), [@Peac36](https://github.com/Peac36)) [SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Added remote runtime and image `Close()` method to be able to close the connection. ([#133211](https://github.com/kubernetes/kubernetes/pull/133211), [@saschagrunert](https://github.com/saschagrunert)) [SIG Node] +- Added support for tracing in `kubectl` with the `--profile=trace` flag. ([#134709](https://github.com/kubernetes/kubernetes/pull/134709), [@tchap](https://github.com/tchap)) - Added support for validating UUID format. ([#133948](https://github.com/kubernetes/kubernetes/pull/133948), [@lalitc375](https://github.com/lalitc375)) - Added the `-n` flag as a shorthand for `--namespace` in the `kubectl config set-context` command. ([#134384](https://github.com/kubernetes/kubernetes/pull/134384), [@tchap](https://github.com/tchap)) [SIG CLI and Testing] +- Added the `ChangeContainerStatusOnKubeletRestart` feature gate, which defaults to disabled. When the feature gate is disabled, `kubelet` does not change the Pod status upon restart, and Pods do not re-run startup probes after the `kubelet` restarts. ([#134746](https://github.com/kubernetes/kubernetes/pull/134746), [@HirazawaUi](https://github.com/HirazawaUi)) [SIG Node and Testing] +- After fixing regressions detected in `v1.34`, the `SchedulerAsyncAPICalls` feature gate was re-enabled by default. ([#135059](https://github.com/kubernetes/kubernetes/pull/135059), [@macsko](https://github.com/macsko)) - Changed `WaitForNamedCacheSync` to `WaitForNamedCacheSyncWithContext`. ([#133904](https://github.com/kubernetes/kubernetes/pull/133904), [@aditigupta96](https://github.com/aditigupta96)) [SIG API Machinery, Apps, Auth and Network] - DRA: the resource.k8s.io API now uses the v1 API version (introduced in 1.34) as default storage version. Downgrading to 1.33 is not supported. ([#133876](https://github.com/kubernetes/kubernetes/pull/133876), [@kei01234kei](https://github.com/kei01234kei)) [SIG API Machinery, Etcd and Testing] +- Enabled the `MutableCSINodeAllocatableCount` feature gate by default in beta. ([#134647](https://github.com/kubernetes/kubernetes/pull/134647), [@torredil](https://github.com/torredil)) - Enabled the feature gate `ContainerRestartRules` by default. The `ContainerRestartRules` feature has been promoted to beta. Fixed a bug in this feature that caused probes to continue to run even if the container has terminated and is not restartable. ([#134631](https://github.com/kubernetes/kubernetes/pull/134631), [@yuanwang04](https://github.com/yuanwang04)) +- Improved throughput in the `real-FIFO` queue used by `informers` and `controllers` by adding batch handling for processing watch events. ([#132240](https://github.com/kubernetes/kubernetes/pull/132240), [@yue9944882](https://github.com/yue9944882)) [SIG API Machinery, Scheduling and Storage] - Introduced end-to-end tests to verify component invariant metrics across the entire test suite. ([#133394](https://github.com/kubernetes/kubernetes/pull/133394), [@BenTheElder](https://github.com/BenTheElder)) +- Introduced the `--as-user-extra` persistent flag in `kubectl`, which allows passing extra arguments during impersonation. ([#134378](https://github.com/kubernetes/kubernetes/pull/134378), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI and Testing] - K8s.io/apimachinery: Introduced a helper function to compare `resourceVersion` strings between two objects of the same resource. ([#134330](https://github.com/kubernetes/kubernetes/pull/134330), [@michaelasp](https://github.com/michaelasp)) [SIG API Machinery, Apps, Auth, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Kube-apiserver: Made the subresources `pods/exec`, `pods/attach`, and `pods/portforward` require `create` permission for both SPDY and Websocket API requests. Previously, SPDY requests required `create` permission, but Websocket requests only required `get` permission. This change is gated by the `AuthorizePodWebsocketUpgradeCreatePermission` feature-gate, which is enabled by default. Before upgrading to 1.35, ensure any custom ClusterRoles and Roles intended to grant `pods/exec`, `pods/attach`, or `pods/portforward` permission include the `create` verb. ([#134577](https://github.com/kubernetes/kubernetes/pull/134577), [@seans3](https://github.com/seans3)) [SIG API Machinery, Auth, Node and Testing] -- kubeadm: Added error printing during retries related to the `WaitForAllControlPlaneComponents` functionality at verbosity level 5. ([#134433](https://github.com/kubernetes/kubernetes/pull/134433), [@neolit123](https://github.com/neolit123)) -- kubeadm: Graduated the kubeadm-specific feature gate `ControlPlaneKubeletLocalMode` to GA and locked it to enabled by default. To opt out, patch the `server` field in `/etc/kubernetes/kubelet.conf`. Deprecated the subphase of `kubeadm join phase control-plane-join` called `etcd`, which is now hidden and replaced by subphase with identical functionality `etcd-join`. The `etcd` subphase will be removed in a future release. The subphase `kubelet-wait-bootstrap` of `kubeadm join` is no longer experimental and will now always run. ([#134106](https://github.com/kubernetes/kubernetes/pull/134106), [@neolit123](https://github.com/neolit123)) +- Kubeadm: Added error printing during retries related to the `WaitForAllControlPlaneComponents` functionality at verbosity level 5. ([#134433](https://github.com/kubernetes/kubernetes/pull/134433), [@neolit123](https://github.com/neolit123)) +- Kubeadm: Graduated the kubeadm-specific feature gate `ControlPlaneKubeletLocalMode` to GA and locked it to enabled by default. To opt out, patch the `server` field in `/etc/kubernetes/kubelet.conf`. Deprecated the subphase of `kubeadm join phase control-plane-join` called `etcd`, which is now hidden and replaced by subphase with identical functionality `etcd-join`. The `etcd` subphase will be removed in a future release. The subphase `kubelet-wait-bootstrap` of `kubeadm join` is no longer experimental and will now always run. ([#134106](https://github.com/kubernetes/kubernetes/pull/134106), [@neolit123](https://github.com/neolit123)) - Kubernetes is now built using Go 1.25.1 ([#134095](https://github.com/kubernetes/kubernetes/pull/134095), [@dims](https://github.com/dims)) [SIG Release and Testing] - Kubernetes now uses Go Language Version 1.25, including https://go.dev/blog/container-aware-gomaxprocs ([#134120](https://github.com/kubernetes/kubernetes/pull/134120), [@BenTheElder](https://github.com/BenTheElder)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling and Storage] - Locked down the `AllowOverwriteTerminationGracePeriodSeconds` feature gate. ([#133792](https://github.com/kubernetes/kubernetes/pull/133792), [@HirazawaUi](https://github.com/HirazawaUi)) @@ -50,12 +100,23 @@ - Migrated validation in `resource.k8s.io` to declarative validation. When the `DeclarativeValidation` feature gate is enabled, mismatches with existing validation are reported via metrics. when `DeclarativeValidationTakeover` feature gate is enabled, declarative validation becomes the primary source of errors for migrated fields. ([#134072](https://github.com/kubernetes/kubernetes/pull/134072), [@yongruilin](https://github.com/yongruilin)) [SIG API Machinery, Apps and Auth] +- Promoted `InPlacePodVerticalScaling` to GA. ([#134949](https://github.com/kubernetes/kubernetes/pull/134949), [@natasha41575](https://github.com/natasha41575)) [SIG API Machinery, Node and Scheduling] +- Promoted `kubectl` command headers to stable. ([#134777](https://github.com/kubernetes/kubernetes/pull/134777), [@soltysh](https://github.com/soltysh)) [SIG CLI and Testing] - Promoted the `HostnameOverride` feature gate to beta and enabled it by default. ([#134729](https://github.com/kubernetes/kubernetes/pull/134729), [@HirazawaUi](https://github.com/HirazawaUi)) [SIG Network and Node] +- Promoted the `RelaxedServiceNameValidation` feature to beta (enabled by default). + New Service names are now validated with `NameIsDNSLabel()`, relaxing the pre-existing validation. ([#134493](https://github.com/kubernetes/kubernetes/pull/134493), [@adrianmoisey](https://github.com/adrianmoisey)) +- The JWT authenticator in `kube-apiserver` now reports the following metrics when the `StructuredAuthenticationConfiguration` feature gate is enabled: + - `apiserver_authentication_jwt_authenticator_jwks_fetch_last_timestamp_seconds` + - `apiserver_authentication_jwt_authenticator_jwks_fetch_last_key_set_info`. ([#123642](https://github.com/kubernetes/kubernetes/pull/123642), [@aramase](https://github.com/aramase)) [SIG API Machinery, Auth and Testing] +- The scheduler now clears the `nominatedNodeName` field for Pods upon scheduling or binding failure. External components, such as Cluster Autoscaler and Karpenter, should not overwrite this field. ([#135007](https://github.com/kubernetes/kubernetes/pull/135007), [@ania-borowiec](https://github.com/ania-borowiec)) [SIG Scheduling and Testing] - Updated `applyconfiguration-gen` to generate extract functions for all subresources. ([#132665](https://github.com/kubernetes/kubernetes/pull/132665), [@mrIncompetent](https://github.com/mrIncompetent)) - Updated `applyconfiguration-gen` to preserve struct and field comments from source types in the generated code. ([#132663](https://github.com/kubernetes/kubernetes/pull/132663), [@mrIncompetent](https://github.com/mrIncompetent)) - Updated `kubectl describe pods` to include the involved object’s `fieldPath` (e.g., container name) in event messages, providing better context for debugging multi-container Pods. Note: This changes the previous message format for events that include a `fieldPath`. ([#133627](https://github.com/kubernetes/kubernetes/pull/133627), [@itzPranshul](https://github.com/itzPranshul)) - Updated sandbox ordering to use by attempt count or creation time. ([#130551](https://github.com/kubernetes/kubernetes/pull/130551), [@yylt](https://github.com/yylt)) - Updated underlying images and dependencies to be compatible with Go version`1.25.3`. ([#134611](https://github.com/kubernetes/kubernetes/pull/134611), [@cpanato](https://github.com/cpanato)) [SIG Architecture, Cloud Provider, Etcd, Release, Storage and Testing] +- `kubeadm`: Added a preflight check `ContainerRuntimeVersion` to validate if the installed container runtime supports the `RuntimeConfig` gRPC method. If unsupported, `kubeadm` prints a warning message. + + Starting with Kubernetes `v1.36`, `kubelet` might refuse to start if the CRI runtime does not support this feature. More information can be found at the [Kubernetes blog](https://kubernetes.io/blog/2025/09/12/kubernetes-v1-34-cri-cgroup-driver-lookup-now-ga/). ([#134906](https://github.com/kubernetes/kubernetes/pull/134906), [@carlory](https://github.com/carlory)) ### Documentation @@ -70,6 +131,7 @@ - DRA Device Taints: Fixed toleration of `NoExecute`. Prior to this enhancement, tolerating a `NoExecute` did not work because the scheduler did not inform the eviction controller about the toleration, so the scheduled pod got evicted almost immediately. ([#134479](https://github.com/kubernetes/kubernetes/pull/134479), [@pohly](https://github.com/pohly)) [SIG Apps, Node, Scheduling and Testing] - Deprecated metrics will be hidden as per the metrics deprecation policy. https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecating-a-metric . ([#133436](https://github.com/kubernetes/kubernetes/pull/133436), [@richabanker](https://github.com/richabanker)) [SIG Architecture, Instrumentation and Network] - Disabled the `SchedulerAsyncAPICalls` feature gate to mitigate a bug where its interaction with asynchronous preemption could degrade `kube-scheduler` performance, especially under high `kube-apiserver` load. ([#134400](https://github.com/kubernetes/kubernetes/pull/134400), [@macsko](https://github.com/macsko)) +- Dropped `DeviceBindingConditions` fields when the `DRADeviceBindingConditions` feature gate is not enabled and not in use. ([#134964](https://github.com/kubernetes/kubernetes/pull/134964), [@sunya-ch](https://github.com/sunya-ch)) - Fixed SELinux warning controller not emitting events on some SELinux label conflicts. ([#133425](https://github.com/kubernetes/kubernetes/pull/133425), [@jsafrane](https://github.com/jsafrane)) [SIG Apps, Storage and Testing] - Fixed `replicaCount` calculation exceeding max `int32`. ([#126979](https://github.com/kubernetes/kubernetes/pull/126979), [@omerap12](https://github.com/omerap12)) [SIG Apps and Autoscaling] - Fixed a bug in `kube-proxy` `nftables` mode (GA as of `v1.33`) which fails to determine if traffic originates from a local source on the node. The issue was caused by using the wrong meta `iif` instead of `iifname` for name based matches. ([#134024](https://github.com/kubernetes/kubernetes/pull/134024), [@jack4it](https://github.com/jack4it)) @@ -77,21 +139,34 @@ - Fixed a bug that caused apiservers to send an inappropriate Content-Type request header to authorization, token authentication, imagepolicy admission, and audit webhooks when the alpha client-go feature gate "ClientsPreferCBOR" is enabled. ([#132960](https://github.com/kubernetes/kubernetes/pull/132960), [@benluddy](https://github.com/benluddy)) [SIG API Machinery and Node] - Fixed a bug that caused duplicate validation when updating `PersistentVolumeClaims`, `VolumeAttachments` and `VolumeAttributesClasses`. ([#132549](https://github.com/kubernetes/kubernetes/pull/132549), [@gavinkflam](https://github.com/gavinkflam)) - Fixed a bug that caused duplicate validation when updating `Role` and `RoleBinding` resources. ([#132550](https://github.com/kubernetes/kubernetes/pull/132550), [@gavinkflam](https://github.com/gavinkflam)) +- Fixed a bug that prevented allocating the same device that was previously consuming the `CounterSet` when both `DRAConsumableCapacity` and `DRAPartitionableDevices` were enabled. ([#134103](https://github.com/kubernetes/kubernetes/pull/134103), [@sunya-ch](https://github.com/sunya-ch)) - Fixed a bug that prevents scheduling the next pod when using the `DRAConsumableCapacity` feature. ([#133706](https://github.com/kubernetes/kubernetes/pull/133706), [@sunya-ch](https://github.com/sunya-ch)) - Fixed a bug to prevent segmentation fault from occurring when updating deeply nested JSON fields. ([#134381](https://github.com/kubernetes/kubernetes/pull/134381), [@kon-angelo](https://github.com/kon-angelo)) [SIG API Machinery and CLI] - Fixed a bug where 64-bit IPv6 `ServiceCIDRs` allocated addresses outside the subnet range. ([#134193](https://github.com/kubernetes/kubernetes/pull/134193), [@hoskeri](https://github.com/hoskeri)) +- Fixed a bug where Job status updates fail after resuming a Job that was previously started and suspended. + The error message was: `status.startTime: Required value: startTime cannot be removed for unsuspended job`. ([#134769](https://github.com/kubernetes/kubernetes/pull/134769), [@dejanzele](https://github.com/dejanzele)) [SIG Apps and Testing] +- Fixed a bug where `AllocationMode: All` would not succeed if a resource pool contained `ResourceSlices` that were not targeting the current node. ([#134466](https://github.com/kubernetes/kubernetes/pull/134466), [@mortent](https://github.com/mortent)) +- Fixed a bug where a deleted Pod in the binding phase continued to occupy space on the node in `kube-scheduler`. ([#134157](https://github.com/kubernetes/kubernetes/pull/134157), [@macsko](https://github.com/macsko)) [SIG Scheduling and Testing] - Fixed a bug where high latency `kube-apiserver` caused scheduling throughput degradation. ([#134154](https://github.com/kubernetes/kubernetes/pull/134154), [@macsko](https://github.com/macsko)) +- Fixed a bug where the health of a DRA resource was not reported in the Pod status if the resource claim was generated from a template or used a different local name in the Pod spec. ([#134875](https://github.com/kubernetes/kubernetes/pull/134875), [@Jpsassine](https://github.com/Jpsassine)) [SIG Node and Testing] +- Fixed a long-standing issue where `kubelet` rejected Pods with `NodeAffinityFailed` due to a stale informer cache. ([#134445](https://github.com/kubernetes/kubernetes/pull/134445), [@natasha41575](https://github.com/natasha41575)) +- Fixed a panic in `kubectl api-resources` that occurred when the Discovery Client failed. ([#134833](https://github.com/kubernetes/kubernetes/pull/134833), [@rikatz](https://github.com/rikatz)) - Fixed a possible data race during metrics registration. ([#134390](https://github.com/kubernetes/kubernetes/pull/134390), [@liggitt](https://github.com/liggitt)) [SIG Architecture and Instrumentation] - Fixed a startup probe race condition that caused main containers to remain stuck in "Initializing" state when sidecar containers with startup probes had failed initially but succeeded on restart in pods with `restartPolicy=Never`. ([#133072](https://github.com/kubernetes/kubernetes/pull/133072), [@AadiDev005](https://github.com/AadiDev005)) [SIG Node and Testing] +- Fixed an issue in asynchronous preemption: Scheduler now checks if preemption is ongoing for a Pod before initiating new preemption calls. ([#134730](https://github.com/kubernetes/kubernetes/pull/134730), [@ania-borowiec](https://github.com/ania-borowiec)) [SIG Scheduling and Testing] +- Fixed an issue where requests for a config `FromClass` in the `ResourceClaim` status were not referenced. ([#134793](https://github.com/kubernetes/kubernetes/pull/134793), [@LionelJouin](https://github.com/LionelJouin)) +- Fixed an issue where the `kubelet` `/configz` endpoint reported an incorrect value for `kubeletconfig.cgroupDriver` when the cgroup driver setting was received from the container runtime. ([#134743](https://github.com/kubernetes/kubernetes/pull/134743), [@marquiz](https://github.com/marquiz)) - Fixed an issue where the default `serviceCIDR` controller did not log events because the event broadcaster was shutdown during initialization. ([#133338](https://github.com/kubernetes/kubernetes/pull/133338), [@aojea](https://github.com/aojea)) +- Fixed an issue with setting `distinctAttribute=nil` when the `DRAConsumableCapacity` feature gate is disabled. ([#134962](https://github.com/kubernetes/kubernetes/pull/134962), [@sunya-ch](https://github.com/sunya-ch)) - Fixed broken shell completion for API resources. ([#133771](https://github.com/kubernetes/kubernetes/pull/133771), [@marckhouzam](https://github.com/marckhouzam)) - Fixed incorrect behavior of preemptor pod when preemption of the victim takes long to complete. The preemptor pod should not be circling in scheduling cycles until preemption is finished. ([#134294](https://github.com/kubernetes/kubernetes/pull/134294), [@ania-borowiec](https://github.com/ania-borowiec)) [SIG Scheduling and Testing] - Fixed missing `kubelet_volume_stats_*` metrics. ([#133890](https://github.com/kubernetes/kubernetes/pull/133890), [@huww98](https://github.com/huww98)) [SIG Instrumentation and Node] - Fixed occasional schedule delays when a static `PersistentVolume` is created. ([#133929](https://github.com/kubernetes/kubernetes/pull/133929), [@huww98](https://github.com/huww98)) [SIG Scheduling and Storage] - Fixed resource claims deallocation for extended resource when Pod completes. ([#134312](https://github.com/kubernetes/kubernetes/pull/134312), [@alaypatel07](https://github.com/alaypatel07)) [SIG Apps, Node and Testing] +- Fixed the kubelet to honor the `userNamespaces.idsPerPod` configuration, which was previously ignored. ([#133373](https://github.com/kubernetes/kubernetes/pull/133373), [@AkihiroSuda](https://github.com/AkihiroSuda)) [SIG Node and Testing] - Fixed validation error when `ConfigFlags` includes `CertFile` and/or `KeyFile` while the original configuration also contains `CertFileData` and/or `KeyFileData`. ([#133917](https://github.com/kubernetes/kubernetes/pull/133917), [@n2h9](https://github.com/n2h9)) [SIG API Machinery and CLI] -- Improved the `FreeDiskSpaceFailed` warning event to provide more actionable details when image garbage collection fails to free enough disk space. Example: `Insufficient free disk space on the node's image filesystem (95.0% of 10.0 GiB used). Failed to free sufficient space by deleting unused images. Consider resizing the disk or deleting unused files.`. ([#132578](https://github.com/kubernetes/kubernetes/pull/132578), [@drigz](https://github.com/drigz)) - Improved performance of `Endpoint` and `EndpointSlice` controllers when there are a large number of services in a single namespace by making pod-to-service lookup asynchronous. ([#134739](https://github.com/kubernetes/kubernetes/pull/134739), [@shyamjvs](https://github.com/shyamjvs)) [SIG Apps and Network] +- Improved the `FreeDiskSpaceFailed` warning event to provide more actionable details when image garbage collection fails to free enough disk space. Example: `Insufficient free disk space on the node's image filesystem (95.0% of 10.0 GiB used). Failed to free sufficient space by deleting unused images. Consider resizing the disk or deleting unused files.`. ([#132578](https://github.com/kubernetes/kubernetes/pull/132578), [@drigz](https://github.com/drigz)) - Introduced support for using an implicit extended resource name derived from the device class (`deviceclass.resource.kubernetes.io/`) to request DRA devices matching that class. ([#133363](https://github.com/kubernetes/kubernetes/pull/133363), [@yliaog](https://github.com/yliaog)) [SIG Node, Scheduling and Testing] - Kube-apiserver: Fixed a `v1.34` regression with spurious "Error getting keys" log messages. ([#133817](https://github.com/kubernetes/kubernetes/pull/133817), [@serathius](https://github.com/serathius)) [SIG API Machinery and Etcd] - Kube-apiserver: Fixed a possible `v1.34` performance regression calculating object size statistics for resources not served from the watch cache, typically only `Events`. ([#133873](https://github.com/kubernetes/kubernetes/pull/133873), [@serathius](https://github.com/serathius)) [SIG API Machinery and Etcd] @@ -99,31 +174,38 @@ - Kube-apiserver: Made sure that when `--requestheader-client-ca-file` and `--client-ca-file` contain overlapping certificates, `--requestheader-allowed-names` must be specified so that regular client certificates cannot set authenticating proxy headers for arbitrary users. ([#131411](https://github.com/kubernetes/kubernetes/pull/131411), [@ballista01](https://github.com/ballista01)) [SIG API Machinery, Auth and Security] - Kube-controller-manager: Fixed a possible data race in the garbage collection controller. ([#134379](https://github.com/kubernetes/kubernetes/pull/134379), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Apps] - Kube-controller-manager: Resolved potential issues handling pods with incorrect uids in their `ownerReference`. ([#134654](https://github.com/kubernetes/kubernetes/pull/134654), [@liggitt](https://github.com/liggitt)) -- kubeadm: Added missing cluster-info context validation to prevent panics when the user has a malformed kubeconfig in the cluster-info ConfigMap that excludes a valid current context. ([#134715](https://github.com/kubernetes/kubernetes/pull/134715), [@neolit123](https://github.com/neolit123)) -- kubeadm: Ensured waiting for `apiserver` uses a local client that doesn't reach to the control plane endpoint and instead reaches directly to the local API server endpoint. ([#134265](https://github.com/kubernetes/kubernetes/pull/134265), [@neolit123](https://github.com/neolit123)) -- kubeadm: Fixed `KUBEADM_UPGRADE_DRYRUN_DIR` not honored in upgrade phase when writing kubelet config files. ([#134007](https://github.com/kubernetes/kubernetes/pull/134007), [@carlory](https://github.com/carlory)) -- kubeadm: Fixed a bug where `ClusterConfiguration.APIServer.TimeoutForControlPlane` from `v1beta3` was not respected in newer kubeadm versions where `v1beta4` is the default. ([#133513](https://github.com/kubernetes/kubernetes/pull/133513), [@tom1299](https://github.com/tom1299)) -- kubeadm: Fixed a bug where the node registration information for a given node was not fetched correctly during `kubeadm upgrade node` and the node name can end up being incorrect in cases where the node name is not the same as the host name. ([#134319](https://github.com/kubernetes/kubernetes/pull/134319), [@neolit123](https://github.com/neolit123)) -- kubeadm: Fixed a preflight check that could fail hostname construction in IPv6 setups. ([#134588](https://github.com/kubernetes/kubernetes/pull/134588), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Auth, Cloud Provider, Cluster Lifecycle and Testing] +- Kubeadm: Added missing cluster-info context validation to prevent panics when the user has a malformed kubeconfig in the cluster-info ConfigMap that excludes a valid current context. ([#134715](https://github.com/kubernetes/kubernetes/pull/134715), [@neolit123](https://github.com/neolit123)) +- Kubeadm: Ensured waiting for `apiserver` uses a local client that doesn't reach to the control plane endpoint and instead reaches directly to the local API server endpoint. ([#134265](https://github.com/kubernetes/kubernetes/pull/134265), [@neolit123](https://github.com/neolit123)) +- Kubeadm: Fixed `KUBEADM_UPGRADE_DRYRUN_DIR` not honored in upgrade phase when writing kubelet config files. ([#134007](https://github.com/kubernetes/kubernetes/pull/134007), [@carlory](https://github.com/carlory)) +- Kubeadm: Fixed a bug where `ClusterConfiguration.APIServer.TimeoutForControlPlane` from `v1beta3` was not respected in newer kubeadm versions where `v1beta4` is the default. ([#133513](https://github.com/kubernetes/kubernetes/pull/133513), [@tom1299](https://github.com/tom1299)) +- Kubeadm: Fixed a bug where the node registration information for a given node was not fetched correctly during `kubeadm upgrade node` and the node name can end up being incorrect in cases where the node name is not the same as the host name. ([#134319](https://github.com/kubernetes/kubernetes/pull/134319), [@neolit123](https://github.com/neolit123)) +- Kubeadm: Fixed a preflight check that could fail hostname construction in IPv6 setups. ([#134588](https://github.com/kubernetes/kubernetes/pull/134588), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Auth, Cloud Provider, Cluster Lifecycle and Testing] - Kubelet: Fixed an internal deadlock that caused the connection to a DRA driver to become unusable after being idle for 30 minutes. ([#133926](https://github.com/kubernetes/kubernetes/pull/133926), [@pohly](https://github.com/pohly)) - Made legacy watch calls (`ResourceVersion` = 0 or unset) that generate init-events weigh higher in `API Priority and Fairness (APF)` seat usage. Properly accounting for their cost protects the API server from CPU overload. Users might see increased throttling of such calls as a result. ([#134601](https://github.com/kubernetes/kubernetes/pull/134601), [@shyamjvs](https://github.com/shyamjvs)) - Promoted VAC API test to conformance. ([#133615](https://github.com/kubernetes/kubernetes/pull/133615), [@carlory](https://github.com/carlory)) [SIG Architecture, Storage and Testing] +- Removed `BlockOwnerDeletion` from `ResourceClaim` created from `ResourceClaimTemplate` and from `extendedResourceClaim` created by the `scheduler`. ([#134956](https://github.com/kubernetes/kubernetes/pull/134956), [@yliaog](https://github.com/yliaog)) [SIG Apps, Node and Scheduling] - Removed an incorrect `SessionAffinity` warning that appeared when a headless service was created or updated. ([#134054](https://github.com/kubernetes/kubernetes/pull/134054), [@Peac36](https://github.com/Peac36)) -- Fixed the kubelet to honor the `userNamespaces.idsPerPod` configuration, which was previously ignored. ([#133373](https://github.com/kubernetes/kubernetes/pull/133373), [@AkihiroSuda](https://github.com/AkihiroSuda)) [SIG Node and Testing] +- Namespace is now included in the `--dry-run=client` output for `HorizontalPodAutoscaler (HPA)` objects. ([#134263](https://github.com/kubernetes/kubernetes/pull/134263), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI and Testing] - Updated `kubectl scale` to return a consistent error message when a specified resource is not found. Previously, it returned: `error: no objects passed to scale "" not found`. It now matches the format used by other commands (e.g., `kubectl get`): `Error from server (NotFound): "" not found`. ([#134017](https://github.com/kubernetes/kubernetes/pull/134017), [@mochizuki875](https://github.com/mochizuki875)) +- `kube-controller-manager`: Fixed a `v1.34` regression that triggered a spurious rollout of existing StatefulSets when upgrading the control plane from `v1.33` to `v1.34`. This fix is guarded by the `StatefulSetSemanticRevisionComparison` feature gate, which is enabled by default. ([#135017](https://github.com/kubernetes/kubernetes/pull/135017), [@liggitt](https://github.com/liggitt)) +- `kube-scheduler`: Pod statuses no longer include specific taint keys or values when scheduling fails due to untolerated taints. ([#134740](https://github.com/kubernetes/kubernetes/pull/134740), [@hoskeri](https://github.com/hoskeri)) ### Other (Cleanup or Flake) +- Added the `Step` field to the testing framework to allow volume expansion in configurable step sizes for tests. ([#134760](https://github.com/kubernetes/kubernetes/pull/134760), [@Rishita-Golla](https://github.com/Rishita-Golla)) [SIG Storage and Testing] - Bumped addon manager to use `kubectl` version `v1.32.2`. ([#130548](https://github.com/kubernetes/kubernetes/pull/130548), [@Jefftree](https://github.com/Jefftree)) [SIG Cloud Provider, Scalability and Testing] +- Dropped support for `certificates/v1beta1` `CertificateSigningRequest` in `kubectl`. ([#134782](https://github.com/kubernetes/kubernetes/pull/134782), [@scaliby](https://github.com/scaliby)) +- Dropped support for `discovery/v1beta1` `EndpointSlice` in `kubectl`. ([#134913](https://github.com/kubernetes/kubernetes/pull/134913), [@scaliby](https://github.com/scaliby)) - Dropped support for `policy/v1beta1` PodDisruptionBudget in kubectl. ([#134685](https://github.com/kubernetes/kubernetes/pull/134685), [@scaliby](https://github.com/scaliby)) +- Eliminated and prevented future use of the `md5` algorithm in favor of more appropriate hashing algorithms. ([#133511](https://github.com/kubernetes/kubernetes/pull/133511), [@BenTheElder](https://github.com/BenTheElder)) [SIG Apps, Architecture, CLI, Cluster Lifecycle, Network, Node, Security, Storage and Testing] - Fixed `nfacct` test cases on s390x. ([#133603](https://github.com/kubernetes/kubernetes/pull/133603), [@saisindhuri91](https://github.com/saisindhuri91)) - Fixed formatting of various Go API deprecations for `GoDoc` and `pkgsite`, and enabled a linter to detect misformatted deprecations. ([#133571](https://github.com/kubernetes/kubernetes/pull/133571), [@BenTheElder](https://github.com/BenTheElder)) [SIG API Machinery, Architecture, CLI, Instrumentation and Testing] - Improved HPA performance when using container-specific resource metrics by optimizing container lookup logic to exit early once the target container is found, reducing unnecessary iterations through all containers in a pod. ([#133415](https://github.com/kubernetes/kubernetes/pull/133415), [@AadiDev005](https://github.com/AadiDev005)) [SIG Apps and Autoscaling] - Increased the coverage to 89.8%. ([#132607](https://github.com/kubernetes/kubernetes/pull/132607), [@ylink-lfs](https://github.com/ylink-lfs)) - Kube-apiserver: Fixed an issue where passing invalid `DeleteOptions` incorrectly returned a 500 status instead of 400. ([#133358](https://github.com/kubernetes/kubernetes/pull/133358), [@ostrain](https://github.com/ostrain)) -- kubeadm: Updated the supported `etcd` version to `v3.5.23` for supported control plane versions `v1.31`, `v1.32`, and `v1.33`. ([#134692](https://github.com/kubernetes/kubernetes/pull/134692), [@joshjms](https://github.com/joshjms)) [SIG Cluster Lifecycle and Etcd] -- kubeadm: stopped applying the `--pod-infra-container-image` flag for the kubelet. The flag has been deprecated and no longer served a purpose in the kubelet as the logic was migrated to CRI (Container Runtime Interface). During upgrade, kubeadm will attempt to remove the flag from the file `/var/lib/kubelet/kubeadm-flags.env`. ([#133778](https://github.com/kubernetes/kubernetes/pull/133778), [@carlory](https://github.com/carlory)) [SIG Cloud Provider and Cluster Lifecycle] -- Removed `rsync` as a dependency to build Kubernetes. ([#134656](https://github.com/kubernetes/kubernetes/pull/134656), [@BenTheElder](https://github.com/BenTheElder)) [SIG Release and Testing] +- Kubeadm: Updated the supported `etcd` version to `v3.5.23` for supported control plane versions `v1.31`, `v1.32`, and `v1.33`. ([#134692](https://github.com/kubernetes/kubernetes/pull/134692), [@joshjms](https://github.com/joshjms)) [SIG Cluster Lifecycle and Etcd] +- Kubeadm: stopped applying the `--pod-infra-container-image` flag for the kubelet. The flag has been deprecated and no longer served a purpose in the kubelet as the logic was migrated to CRI (Container Runtime Interface). During upgrade, kubeadm will attempt to remove the flag from the file `/var/lib/kubelet/kubeadm-flags.env`. ([#133778](https://github.com/kubernetes/kubernetes/pull/133778), [@carlory](https://github.com/carlory)) [SIG Cloud Provider and Cluster Lifecycle] +- Migrated the `CPUManager` to contextual logging. ([#125912](https://github.com/kubernetes/kubernetes/pull/125912), [@ffromani](https://github.com/ffromani)) - Moved Types in `k/k/pkg/scheduler/framework`: `Handle`, `Plugin`, @@ -138,15 +220,19 @@ Type `Parallelizer` in `k/k/pkg/scheduler/framework/parallelism` has been split into interface `Parallelizer` (in `k8s.io/kube-scheduler/framework`) and `struct Parallelizer` (location unchanged in k/k). Plugin developers should update the import path to staging repo. ([#133172](https://github.com/kubernetes/kubernetes/pull/133172), [@ania-borowiec](https://github.com/ania-borowiec)) [SIG Node, Release, Scheduling, Storage and Testing] - Moved the CPU Manager static policy option `strict-cpu-reservation` to the GA version. ([#134388](https://github.com/kubernetes/kubernetes/pull/134388), [@psasnal](https://github.com/psasnal)) - Promoted the Topology Manager policy option `max-allowable-numa-nodes` to GA version. ([#134614](https://github.com/kubernetes/kubernetes/pull/134614), [@ffromani](https://github.com/ffromani)) +- Reduced event spam during volume operation errors in the Portworx in-tree driver. ([#135081](https://github.com/kubernetes/kubernetes/pull/135081), [@gohilankit](https://github.com/gohilankit)) +- Removed `rsync` as a dependency to build Kubernetes. ([#134656](https://github.com/kubernetes/kubernetes/pull/134656), [@BenTheElder](https://github.com/BenTheElder)) [SIG Release and Testing] - Removed container name from messages for container created and started events. ([#134043](https://github.com/kubernetes/kubernetes/pull/134043), [@HirazawaUi](https://github.com/HirazawaUi)) - Removed deprecated gogo protocol definitions from `k8s.io/kubelet/pkg/apis/dra` in favor of `google.golang.org/protobuf`. ([#133026](https://github.com/kubernetes/kubernetes/pull/133026), [@saschagrunert](https://github.com/saschagrunert)) [SIG API Machinery and Node] - Removed general available feature-gate `SizeMemoryBackedVolumes`. ([#133720](https://github.com/kubernetes/kubernetes/pull/133720), [@carlory](https://github.com/carlory)) [SIG Node, Storage and Testing] - Removed the `ComponentSLIs` feature gate, as it was promoted to stable in the Kubernetes `v1.32` release. ([#133742](https://github.com/kubernetes/kubernetes/pull/133742), [@carlory](https://github.com/carlory)) [SIG Architecture and Instrumentation] - Removed the `KUBECTL_OPENAPIV3_PATCH` environment variable, as aggregated discovery has been stable since `v1.30`. ([#134130](https://github.com/kubernetes/kubernetes/pull/134130), [@ardaguclu](https://github.com/ardaguclu)) +- Removed the `UserNamespacesPodSecurityStandards` feature gate. The minimum supported Kubernetes version for `kubelet` is now `v1.31`, so the gate is no longer needed. ([#132157](https://github.com/kubernetes/kubernetes/pull/132157), [@haircommander](https://github.com/haircommander)) [SIG Auth, Node and Testing] - Removed the `VolumeAttributesClass` resource from the `storage.k8s.io/v1alpha1` API in `v1.35`. ([#134625](https://github.com/kubernetes/kubernetes/pull/134625), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Etcd, Storage and Testing] - Specified the deprecated version of `apiserver_storage_objects` metric in metrics docs. ([#134028](https://github.com/kubernetes/kubernetes/pull/134028), [@richabanker](https://github.com/richabanker)) [SIG API Machinery, Etcd and Instrumentation] - Substantially simplified building Kubernetes by making the process run a pre-built container image directly without running `rsyncd`. ([#134510](https://github.com/kubernetes/kubernetes/pull/134510), [@BenTheElder](https://github.com/BenTheElder)) [SIG Release and Testing] - Tests: Switched to https://go.dev/doc/go1.25#container-aware-gomaxprocs from `go.uber.org/automaxprocs`. ([#133492](https://github.com/kubernetes/kubernetes/pull/133492), [@BenTheElder](https://github.com/BenTheElder)) +- The `SystemdWatchdog` feature gate has been locked to default and will be removed in future release. The systemd watchdog functionality in `kubelet` can be enabled via systemd without any feature gate configuration. See the [systemd watchdog documentation](https://kubernetes.io/docs/reference/node/systemd-watchdog/) for more information. ([#134691](https://github.com/kubernetes/kubernetes/pull/134691), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) - Updated CNI plugins to v1.8.0. ([#133837](https://github.com/kubernetes/kubernetes/pull/133837), [@saschagrunert](https://github.com/saschagrunert)) [SIG Cloud Provider, Node and Testing] - Updated `etcd` to `v3.6.5`. ([#134251](https://github.com/kubernetes/kubernetes/pull/134251), [@joshjms](https://github.com/joshjms)) [SIG API Machinery, Cloud Provider, Cluster Lifecycle, Etcd and Testing] - Updated `kubectl auth reconcile` to retry reconciliation when a conflict error occurs. ([#133323](https://github.com/kubernetes/kubernetes/pull/133323), [@liggitt](https://github.com/liggitt)) [SIG Auth and CLI] @@ -155,5 +241,8 @@ - Updated the Go version of Kubernetes to `1.25.3`. ([#134598](https://github.com/kubernetes/kubernetes/pull/134598), [@BenTheElder](https://github.com/BenTheElder)) - Updated the `/statusz` page for `kube-proxy` to include a list of exposed endpoints, making debugging and introspection easier. ([#133190](https://github.com/kubernetes/kubernetes/pull/133190), [@aman4433](https://github.com/aman4433)) [SIG Network and Node] - Updated the `kubectl wait` command description by removing the `Experimental` prefix, as the command has been stable for a long time. ([#133731](https://github.com/kubernetes/kubernetes/pull/133731), [@ardaguclu](https://github.com/ardaguclu)) +- Updated the etcd client library to `v3.6.5`. ([#134780](https://github.com/kubernetes/kubernetes/pull/134780), [@joshjms](https://github.com/joshjms)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage] - Updated the short description of the `kubectl wait` command by removing the `Experimental` prefix, as the command has been stable for a long time. ([#133907](https://github.com/kubernetes/kubernetes/pull/133907), [@ardaguclu](https://github.com/ardaguclu)) -- Upgraded `CoreDNS` to `v1.12.3`. ([#132288](https://github.com/kubernetes/kubernetes/pull/132288), [@thevilledev](https://github.com/thevilledev)) [SIG Cloud Provider and Cluster Lifecycle] \ No newline at end of file +- Upgraded `CoreDNS` to `v1.12.3`. ([#132288](https://github.com/kubernetes/kubernetes/pull/132288), [@thevilledev](https://github.com/thevilledev)) [SIG Cloud Provider and Cluster Lifecycle] +- `kubeadm`: Removed the `WaitForAllControlPlaneComponents` feature gate, which graduated to GA in `v1.34` and was locked to enabled by default. ([#134781](https://github.com/kubernetes/kubernetes/pull/134781), [@neolit123](https://github.com/neolit123)) +- `kubeadm`: Updated the supported etcd version to `v3.5.24` for control plane versions `v1.32`, `v1.33`, and `v1.34`. ([#134779](https://github.com/kubernetes/kubernetes/pull/134779), [@joshjms](https://github.com/joshjms)) [SIG API Machinery, Cloud Provider, Cluster Lifecycle, Etcd and Testing] \ No newline at end of file diff --git a/releases/release-1.35/release-notes/sessions/maps-1762418245.json b/releases/release-1.35/release-notes/sessions/maps-1762418245.json new file mode 100644 index 00000000000..3aabc43f92b --- /dev/null +++ b/releases/release-1.35/release-notes/sessions/maps-1762418245.json @@ -0,0 +1,251 @@ +{ + "mail": "78614901+kernel-kun@users.noreply.github.com", + "name": "kernel-kun", + "date": 1762418245, + "prs": [ + { + "nr": 133087, + "hash": "f855dad81db0d990797748923515851a3ab97a73" + }, + { + "nr": 133980, + "hash": "ae0b6170160e4fd7d58cea5f78c8e2148cb515ec" + }, + { + "nr": 134746, + "hash": "bf4f8c75ca7738aa95cf7e89948a5e2654a4df93" + }, + { + "nr": 134378, + "hash": "919c407c1292ac0d632df3d89fa0c04a7d954dae" + }, + { + "nr": 134760, + "hash": "a76fab9d268118ee79fd6e88a556cb66a4042175" + }, + { + "nr": 134709, + "hash": "fddf8090804e1b5f7850ff69f9c56331214a39ce" + }, + { + "nr": 134624, + "hash": "f25d8cfd4975ed418f6df396a783aec5ac66adc5" + }, + { + "nr": 134780, + "hash": "c112c300c875441b0d293a65fda8d215532ab6eb" + }, + { + "nr": 134905, + "hash": "2f0c7bbf25fc4b732793a174eab0c3f759910cba" + }, + { + "nr": 125912, + "hash": "439599776213de864482ee4fe7b5bb9b6a30e142" + }, + { + "nr": 134691, + "hash": "2d16c3351fc7e7b074f80d4f8227744b8d01c7ee" + }, + { + "nr": 132157, + "hash": "4b6b67e622c2117c8e6a8b578811b2522c8b9713" + }, + { + "nr": 134740, + "hash": "807a9ecb25cc6ad922b0e4c1d7f83d5343086f1b" + }, + { + "nr": 134457, + "hash": "557f0d44e22f99c92457f4e34310639a93401648" + }, + { + "nr": 134962, + "hash": "601a8d45bba863d33a6357c38bd1545380dcc434" + }, + { + "nr": 134744, + "hash": "40babfc97077c7449b963761f3e8e9732839c430" + }, + { + "nr": 135080, + "hash": "dea09463c8ae05093ba0f3f9ff452be8968125cc" + }, + { + "nr": 134647, + "hash": "61a32ac4b48a4842917d135cc2f8c91e5ce31d0e" + }, + { + "nr": 134103, + "hash": "704818f823c98d5dfcb78ef39b04720b3ce9762f" + }, + { + "nr": 134779, + "hash": "1c82955157c264b328922ed66372364c1a19fa12" + }, + { + "nr": 134833, + "hash": "b36d76e9b0dc67030c85af38b806df6c4792fd19" + }, + { + "nr": 134793, + "hash": "47d3f8fa55dd1ae0283394bd219c3a5b214a82a3" + }, + { + "nr": 133779, + "hash": "c62683806762e4daa81423057a88adaa1fa1a58e" + }, + { + "nr": 134493, + "hash": "1a23a23951aaccbef2e41dadcf465e49ae57354a" + }, + { + "nr": 134523, + "hash": "aa8dd3771096e429e9192ede79eae59f2a9bf7c7" + }, + { + "nr": 134152, + "hash": "82212eb1e86418f312724a23425e74309daca034" + }, + { + "nr": 123642, + "hash": "4e15c79a06d5899318893c83c093bd061b4a754e" + }, + { + "nr": 134452, + "hash": "72dca89c56786232643bfdedb00eb925974ab298" + }, + { + "nr": 134826, + "hash": "3827e3ba5aa75f251b3c928b37376a78747a9b6e" + }, + { + "nr": 135003, + "hash": "c72ee3b6f4290ce3a4f750e787a35d49fe324d2e" + }, + { + "nr": 134784, + "hash": "c327c8f1577bddedff448adc267bfc4761f7c2f0" + }, + { + "nr": 134803, + "hash": "14a15200fada5dc669d971cba8dcc0762dbd6994" + }, + { + "nr": 135084, + "hash": "87d7e19a29822cceb7760e6a137aad6f83183c08" + }, + { + "nr": 134949, + "hash": "550e871c004bfd08868dfe7321b1a8b43e18ec45" + }, + { + "nr": 135007, + "hash": "5067415c069b1985e66796e5cb1dcb14b137cbd6" + }, + { + "nr": 132644, + "hash": "724a813a5f7a4bf9e101321cedeb73604caf825b" + }, + { + "nr": 134466, + "hash": "e33424cfb19e485b6aff6d95da45e5a0d6f51140" + }, + { + "nr": 134782, + "hash": "748e71e7ea486e7334e0e859a7ec3a7d5502ea53" + }, + { + "nr": 133511, + "hash": "fbadce7055e5246955f60d8c8971ea796cae155b" + }, + { + "nr": 132240, + "hash": "49561f856a5f98dcf5adad8c64090e1cf8c1bb39" + }, + { + "nr": 134263, + "hash": "6e099af61253d416153d2c5a084c177b9740feab" + }, + { + "nr": 134906, + "hash": "7a4bddc5065a84c7e638aaf33459c30bf323c651" + }, + { + "nr": 134964, + "hash": "b2e3bd265aadeb574af83d5bbbd96efe2f575cb9" + }, + { + "nr": 135059, + "hash": "50d0a62748b3985ae491b88e183c27fcadbbfe60" + }, + { + "nr": 134875, + "hash": "914d5ef79f5e978ab5b1e2f740d7f0c2154557c1" + }, + { + "nr": 134984, + "hash": "1c6be9c227e830cff444a7aafebe8e70c61dc44e" + }, + { + "nr": 134445, + "hash": "5d24a811e2552b65f2f7dbe5f5fbb57a22124ca0" + }, + { + "nr": 135017, + "hash": "b6bf2602537e3b830126b86e9742b6405aa9d717" + }, + { + "nr": 134313, + "hash": "467591229f346dc031710cd41626e347e8c4e356" + }, + { + "nr": 134777, + "hash": "647bafcffd0092803f2eda9ff10ac53519432bf1" + }, + { + "nr": 134157, + "hash": "14875227232c07cf55225c725c67e57234ee7f77" + }, + { + "nr": 134743, + "hash": "e9602f52f997891d7852ecbc6925541b99c499ad" + }, + { + "nr": 135081, + "hash": "14bc8fb3cab9fe392f489f547c3e9c8d903536d3" + }, + { + "nr": 134956, + "hash": "d555c47e1434f80106ae5ba4766808220c8d71ed" + }, + { + "nr": 134769, + "hash": "a3537adc7bd06ac179c400090a9f485776656bb2" + }, + { + "nr": 134730, + "hash": "f7da4bb7c968020e98ba48220e878a05a3984621" + }, + { + "nr": 134913, + "hash": "17e6c646f262d50274ddeda41bc9e4eecca5e892" + }, + { + "nr": 134994, + "hash": "d877f0fab359488f5a46defa78f3a512a534c045" + }, + { + "nr": 134948, + "hash": "7578e5d93433a3a9c9d196bb3fceb817db2e3cfa" + }, + { + "nr": 134995, + "hash": "b372316040adab732739d3aa6c01f600aadce8fc" + }, + { + "nr": 134781, + "hash": "89cc238bbd3767cdd3f421da18ce541bb6b538e9" + } + ] +} \ No newline at end of file