changelog: 2026-04-30 digest

.watermark.json

@@ -0,0 +1,7 @@
+{
+  "source_repo": "kubernetes/kubernetes",
+  "last_digest_sha": "138708",
+  "last_digest_at": "2026-04-30T14:01:00Z",
+  "last_refresh_sha": null,
+  "last_refresh_at": null
+}

changelog/2026-04-30.md

@@ -0,0 +1,61 @@
+# Kubernetes Digest — 2026-04-30
+
+## Highlights
+
+### kube-proxy: No periodic full syncs in large cluster mode (#138571)
+- **Author:** @aojea
+- **Impact:** High — eliminates periodic traffic disruption on clusters with >1000 endpoints
+- **Discussion:** Dan Winship suggested reducing to 24h; Aojea argued any periodic disruption is unacceptable. Clean elimination won over frequency reduction.
+- **Scope:** iptables mode only (nftables improvement planned)
+- **Release note:** kube-proxy does not perform full-sync operations when operating in large cluster mode (more than 1000 endpoints)
+
+### kubeadm: Use localAPIEndpoint for all API calls in init (#138449)
+- **Author:** @neolit123
+- **Impact:** Unblocks CAPI infra providers (CAPA, CAPG) that provision LB after kube-apiserver starts
+- **Discussion:** Multiple rounds of E2E testing caught subtle bugs — first iteration broke `kubeadm join` after node replacement because bootstrap token config was rewritten with local endpoint
+- **Pattern:** Init ordering dependencies in distributed bootstrapping are only catchable with full provider E2E, not unit tests
+
+### client-go reflector: Object count in trace (#138576)
+- **Author:** @p0lyn0mial
+- **Impact:** Better debugging of slow list operations — count shown inline with timing
+- **Before:** Two trace lines needed correlation
+- **After:** Single "Objects listed" step shows count + duration
+
+### Declarative Validation: +k8s:update list/map support (#138472)
+- **Author:** @aaron-prindle
+- **Impact:** DV framework extends to compound types with NoAddItem/NoRemoveItem payloads
+- **Significance:** Next step toward DV as standard validation for all API types
+
+## Regression Fixes
+
+### kubelet ZFS cadvisor plugin (#138587)
+- **Author:** @BenTheElder
+- **Fix:** Re-introduced accidentally dropped cadvisor ZFS support
+- **Release note:** Fixed kubelet failure starting on ZFS due to missing cadvisor plugin
+
+### kubectl column alignment (#138550)
+- **Author:** @rawkode
+- **Fix:** Pre-scan computes max cell widths before first tabwriter flush
+- **Cause:** Periodic flush (from #138023) misaligned when wide cells appeared after row 100
+- **Preserves:** Memory/CPU wins (135 allocs/op, O(1) memory across 500k rows)
+
+## Cleanup & GA Progress
+
+| PR | What | Why |
+|----|------|-----|
+| #138583 | Drop StructuredAuthenticationConfiguration gate | GA since 1.34, removed for 1.37 |
+| #138669 | DRA DeviceTaintRule CRUD E2E | Required for DRA GA conformance |
+| #138451 | StatefulSet reconcile skip metrics registration | Metrics were silently unregistered |
+| #138626 | Remove unused kubectl help command | Dead code since Cobra built-in |
+| #138708 | Scheduler queue hints cleanup | Gate locked since 1.34 |
+
+## Dependencies
+
+- CoreDNS → v1.14.3 (#138536)
+- cri-tools → v1.36.0 (#138613)
+
+## Patterns to Extract
+
+- **Elimination over reduction:** When periodic operations are disruptive, eliminate them entirely rather than reducing frequency. "Once a day" is still a disruption window someone will hit.
+- **Provider E2E catches init ordering:** Unit tests can't catch distributed bootstrapping races. Full CAPI provider E2E suites are the only reliable way to validate init-phase changes.
+- **Trace observability wins:** Adding context (counts, keys) to existing trace points costs nothing but saves debugging hours. The reflector already had the count — it just wasn't printing it at the right time.