Week Ending February 1, 2026

Developer News

Ingress-Nginx will be EOL in March: Steering and the SRC announced that all patching and updates for the popular Ingress controller will cease in one month. Migration to ClusterAPI is not a full automated process, so users should already be working on it.

A new kubernetes-sigs project, Node Readiness Controller, launched to provide fine-grained, declarative control over node scheduling. The controller manages node taints based on custom node conditions, enabling multi-step node initialization workflows through NodeReadinessRule CRDs. Slack: #sig-node-readiness-controller

SIG Instrumentation leadership has nominated Patrick Ohly (@pohly) as a new Tech Lead. SIG Release has also announced a leadership update: Frederico Muñoz will join Kat Cosgrove as co-lead of the Release Team subproject.

SIGs are asked to submit their annual reports by February 28, highlighting key accomplishments from the past year and identifying areas or subprojects that need additional support. Reports don’t have to be submitted by SIG/WG chairs, feel free to nominate candidates among your contributors.

Kubernetes automation relies on Prow, our CI/CD system designed for massive scale. We are looking for new contributors to help maintain this critical component of our project.

Release Schedule

Next Deadline: PRR Freeze, Feb 4; Enhancements Freeze, Feb 11

The Production Readiness Freeze is this week, so hopefully you’ve opted-in all your KEPs. Next week is the final Enhancements deadline for 1.36.

Because of multiple waits for critical fixes, January and February patch releases are being combined. Cherry picks are this Friday and the patch release will be next week.

Featured PRs

• 136482: Graduate DeclarativeValidation feature gate to GA This PR graduates the DeclarativeValidation feature gate to GA in Kubernetes v1.36 and locks it to true by default. Declarative Validation is now a stable part of the API machinery, ensuring consistent, schema-driven validation generated from API definitions. The change also updates tests to use feature gate emulation where required, preventing failures now that the gate can no longer be disabled.

• 136643: Promote kubectl kuberc commands to beta This PR promotes kubectl kuberc commands from alpha to beta, making them available outside the kubectl alpha namespace. As part of the promotion, comprehensive e2e tests were added to meet beta stability requirements. This improves the maturity and reliability of kubectl’s user preference management capabilities.

• 136619: DRA allocator: promote experimental → incubating → stable This PR advances the Dynamic Resource Allocation (DRA) allocator by promoting the previously incubating implementation to stable, while moving experimental code to incubating. Although this is a code-structure change with no direct user-facing impact, it marks an important internal milestone in stabilizing DRA components and clarifying their lifecycle stages for future development.

KEP of the Week

KEP-5073: Declarative Validation of Kubernetes Native Types With validation-gen

This enhancement introduces a new code generator validation-gen to write validation logic sourced from the types.go files that define the Kubernetes native API types. A variety of IDL tags have been introduced that are parsed by validation-gen and used to generate boilerplate validation logic that would otherwise have needed to be handwritten. For example, a +k8s:minimum comment can be used to enforce a numeric bound on a field without having to manually write bounds-checking logic.

This KEP is tracked for GA in v1.36.

Other Merges

• Ensure resource version callbacks aren’t called preemptively in reflector
• Handle nil ResourceList in max() to prevent panic
• Fix data race in kubelet status manager and kubelet pod allocated resources
• Correct openapi schema union validation for the PodGroupPolicy struct in scheduling v1alpha1
• Add Declarative Validation (DV) coverage for [ValidatingAdmissionPolicyBinding, focusing on spec.validationActions
• Align NodeResourcesBalancedAllocation scoring algorithm to align with the documentation
• Move preempted WaitOnPermit pods to scheduler backoff queue
• Add GroupResource * filter for noisy subresources
• Update sample-controller to use applyconfiguration-capable clientset

Promotions

• kubectl kuberc commands to beta
• Graduate DeclarativeValidation feature gate to GA
• KEP-2862 Graduate to STABLE

Deprecated

• Remove kube proxy daemonset from cluster
• Remove StructuredAuthorizationConfiguration feature gate

Version Updates

• go-systemd to v22.7.0
• k8s.io/kube-openapi to v0.0.0-20260127142750-a19766b6e2d4
• Images and versions to go 1.25.6 and distroless iptable

Subprojects and Dependency Updates

• kubespray v2.30.0 introduces Kubernetes v1.34.3 support and upgrades major defaults including containerd/nerdctl v2.2.1, CRI-O v1.34.4, Gateway API v1.4.0, and kube-vip v1.0.3. It also removes deprecated containerd config keys (runtime_engine, runtime_root), adds RockyLinux 10 experimental support, improves OpenStack IPv6 defaults, and delivers multiple bugfixes across control plane upgrades, Calico, Cilium, CRI-O registry auth rendering, CSI image versions, and certificate renewal behavior. This release also announces that Ingress NGINX and Kubernetes Dashboard support are being sunset, making this the last Kubespray version to include them.
• gRPC v1.78.0 delivers improvements and bugfixes across multiple language implementations. Notable updates include a Python aio shutdown race-condition fix that could cause asyncio.run() to hang, migration to pyproject.toml builds, improved debug logging for batch execution errors, and compatibility fixes for Objective-C plugins and Ruby version handling.
• csi-driver-nfs v4.13.0 focuses on dependency and tooling upgrades, refreshes CSI sidecar versions, improves Helm chart documentation, and introduces new optional features such as a healthcheck for node-driver-registrar and snapshot compression support. The release also includes multiple CVE-related fixes, mount timeout error message refinement, and removes a vendor-specific Azure cloud-provider dependency to keep the driver more generic.
• csi-driver-smb v1.20.0 updates CSI tooling and sidecar versions, improves Helm chart configuration (including new CSIDriver labels support), refreshes documentation, and includes multiple CVE-related fixes along with mount timeout error cleanup and dependency bumps.
• CRI-O v1.34.5 fixes a high-performance hook issue where late container deletion could incorrectly impact IRQ SMP affinity settings for other containers, improving runtime stability for systems using performance tuning hooks.
• ingress-nginx controller-v1.14.3, and 1.13.7, includes security and stability improvements such as stricter auth method regex handling, safer quoting and escaping of template directives, improved UID verification, fixes for host clock jumps, and a panic fix for empty cpu.max. It also updates OWASP CRS to v4.22.0 and bumps supporting build/test images and dependencies.
• ingress-nginx controller-v1.13.7 mirrors the v1.14.3 update set for the 1.13 line, including auth regex hardening, safer template escaping, admission controller adjustments, panic fixes, improved sync behavior, and an OWASP CRS bump to v4.22.0 alongside dependency refreshes.

Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.

You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.