From bfe1bf63665937068d1a383513fc590ce6de2fdf Mon Sep 17 00:00:00 2001 From: Rodin Date: Thu, 30 Apr 2026 14:06:51 +0000 Subject: [PATCH] changelog: 2026-04-30 digest --- .watermark.json | 7 +++++ changelog/2026-04-30.md | 61 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 .watermark.json create mode 100644 changelog/2026-04-30.md diff --git a/.watermark.json b/.watermark.json new file mode 100644 index 0000000..d024c1c --- /dev/null +++ b/.watermark.json @@ -0,0 +1,7 @@ +{ + "source_repo": "kubernetes/kubernetes", + "last_digest_sha": "138708", + "last_digest_at": "2026-04-30T14:01:00Z", + "last_refresh_sha": null, + "last_refresh_at": null +} diff --git a/changelog/2026-04-30.md b/changelog/2026-04-30.md new file mode 100644 index 0000000..26dddeb --- /dev/null +++ b/changelog/2026-04-30.md @@ -0,0 +1,61 @@ +# Kubernetes Digest — 2026-04-30 + +## Highlights + +### kube-proxy: No periodic full syncs in large cluster mode (#138571) +- **Author:** @aojea +- **Impact:** High — eliminates periodic traffic disruption on clusters with >1000 endpoints +- **Discussion:** Dan Winship suggested reducing to 24h; Aojea argued any periodic disruption is unacceptable. Clean elimination won over frequency reduction. +- **Scope:** iptables mode only (nftables improvement planned) +- **Release note:** kube-proxy does not perform full-sync operations when operating in large cluster mode (more than 1000 endpoints) + +### kubeadm: Use localAPIEndpoint for all API calls in init (#138449) +- **Author:** @neolit123 +- **Impact:** Unblocks CAPI infra providers (CAPA, CAPG) that provision LB after kube-apiserver starts +- **Discussion:** Multiple rounds of E2E testing caught subtle bugs — first iteration broke `kubeadm join` after node replacement because bootstrap token config was rewritten with local endpoint +- **Pattern:** Init ordering dependencies in distributed bootstrapping are only catchable with full provider E2E, not unit tests + +### client-go reflector: Object count in trace (#138576) +- **Author:** @p0lyn0mial +- **Impact:** Better debugging of slow list operations — count shown inline with timing +- **Before:** Two trace lines needed correlation +- **After:** Single "Objects listed" step shows count + duration + +### Declarative Validation: +k8s:update list/map support (#138472) +- **Author:** @aaron-prindle +- **Impact:** DV framework extends to compound types with NoAddItem/NoRemoveItem payloads +- **Significance:** Next step toward DV as standard validation for all API types + +## Regression Fixes + +### kubelet ZFS cadvisor plugin (#138587) +- **Author:** @BenTheElder +- **Fix:** Re-introduced accidentally dropped cadvisor ZFS support +- **Release note:** Fixed kubelet failure starting on ZFS due to missing cadvisor plugin + +### kubectl column alignment (#138550) +- **Author:** @rawkode +- **Fix:** Pre-scan computes max cell widths before first tabwriter flush +- **Cause:** Periodic flush (from #138023) misaligned when wide cells appeared after row 100 +- **Preserves:** Memory/CPU wins (135 allocs/op, O(1) memory across 500k rows) + +## Cleanup & GA Progress + +| PR | What | Why | +|----|------|-----| +| #138583 | Drop StructuredAuthenticationConfiguration gate | GA since 1.34, removed for 1.37 | +| #138669 | DRA DeviceTaintRule CRUD E2E | Required for DRA GA conformance | +| #138451 | StatefulSet reconcile skip metrics registration | Metrics were silently unregistered | +| #138626 | Remove unused kubectl help command | Dead code since Cobra built-in | +| #138708 | Scheduler queue hints cleanup | Gate locked since 1.34 | + +## Dependencies + +- CoreDNS → v1.14.3 (#138536) +- cri-tools → v1.36.0 (#138613) + +## Patterns to Extract + +- **Elimination over reduction:** When periodic operations are disruptive, eliminate them entirely rather than reducing frequency. "Once a day" is still a disruption window someone will hit. +- **Provider E2E catches init ordering:** Unit tests can't catch distributed bootstrapping races. Full CAPI provider E2E suites are the only reliable way to validate init-phase changes. +- **Trace observability wins:** Adding context (counts, keys) to existing trace points costs nothing but saves debugging hours. The reflector already had the count — it just wasn't printing it at the right time.