Last Week in Kubernetes Development
Stay up-to-date on Kubernetes development in 15 minutes a week.
Week Ending February 23, 2025
Developer News
Unconference proposals are open for the Maintainer Summit EU. Also, remember to register.
The SIG Meet & Greet at KubeCon EU will on April 3, 12:15pm to 2:15pm BST at the Project Pavilion. Sign up if your SIG will have representation.
Maciek Pytel is stepping down from SIG-Autoscaling chair, and has proposed Kuba Tużnik to replace him.
Release Schedule
Next Deadline: Placeholder PRs for Docs, Feb 27
Yes, this means you should be starting your documentation process for those opt-in features. Also, final call for Enhancement Exceptions is March 3.
KEP of the Week
KEP 4633: Only allow anonymous auth for configured endpoints
This KEP proposes allowing anonymous authentication only for specified endpoints while disabling it elsewhere. Kubernetes permits anonymous requests by default, but fully disabling them (--anonymous-auth=false) can break unauthenticated health checks (healthz, livez, readyz). Misconfigurations, like binding system:anonymous to powerful roles, pose security risks. This proposal enhances security by minimizing misconfigurations while preserving essential functionality.
Other Merges
- Watch added to controller roles that include List but do not include Watch
- Move GetCurrentResourceVersion to storage.Interface
- Rename CacheProxy to CacheDelegator
- Fix to allow ImageVolume for Restricted PSA profiles
- E2E tests for Pod exec to use websockets instead of SPDY
- Cleanup for failing tests
- Fix for in-place Pod resize E2E tests after forbidding memory limit decrease
- Remove Flagz feature-gate check before populating serverRunOptions.Flagz
- Framework util function GetPodList to return errors for upstream handling
- test apiserver to use default API groups ensuring tests are realistic as possible
- Fix SelfSubjectReview test to decouple beta and GA types
- DRA added dedicated integration tests
- backoffQ in scheduler split into backoffQ and errorBackoffQ
- Fix for sweep and fix stat, lstat, evalsymlink usage for go1.23 on Windows
- Metadata management for Pods updated to populate .metadata.generation on writes
- CPU footprint of node cpumanager cfs quota testcases reduced to avoid false negatives reds on CI
- Controllers that write out IP address or CIDR values to API objects to ensure that they always write values in canonical form
- Fix for the ResourceQuota admission plugin not respecting any scope changes during updates
- reflect.DeepEqual replaced with cmp.Diff in pkg/scheduler tests
- queueinghint added for volumeattachment deletion
- Fixed an issue in register-gen where imports were missing
- Canonicalization of NetworkDeviceData IPs now required
Promotions
- AnyVolumeDataSource to GA
Version Updates
- Latest etcd image v3.6.0-rc.1 bumped
Subprojects and Dependency Updates
- Python client v32.0.1: server side apply, decimal to quantity conversion, cluster info
Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.