# Kubernetes Digest — 2026-04-30

## Highlights

### kube-proxy: No periodic full syncs in large cluster mode (#138571)
- **Author:** @aojea
- **Impact:** High — eliminates periodic traffic disruption on clusters with >1000 endpoints
- **Discussion:** Dan Winship suggested reducing to 24h; Aojea argued any periodic disruption is unacceptable. Clean elimination won over frequency reduction.
- **Scope:** iptables mode only (nftables improvement planned)
- **Release note:** kube-proxy does not perform full-sync operations when operating in large cluster mode (more than 1000 endpoints)

### kubeadm: Use localAPIEndpoint for all API calls in init (#138449)
- **Author:** @neolit123
- **Impact:** Unblocks CAPI infra providers (CAPA, CAPG) that provision LB after kube-apiserver starts
- **Discussion:** Multiple rounds of E2E testing caught subtle bugs — first iteration broke `kubeadm join` after node replacement because bootstrap token config was rewritten with local endpoint
- **Pattern:** Init ordering dependencies in distributed bootstrapping are only catchable with full provider E2E, not unit tests

### client-go reflector: Object count in trace (#138576)
- **Author:** @p0lyn0mial
- **Impact:** Better debugging of slow list operations — count shown inline with timing
- **Before:** Two trace lines needed correlation
- **After:** Single "Objects listed" step shows count + duration

### Declarative Validation: +k8s:update list/map support (#138472)
- **Author:** @aaron-prindle
- **Impact:** DV framework extends to compound types with NoAddItem/NoRemoveItem payloads
- **Significance:** Next step toward DV as standard validation for all API types

## Regression Fixes

### kubelet ZFS cadvisor plugin (#138587)
- **Author:** @BenTheElder
- **Fix:** Re-introduced accidentally dropped cadvisor ZFS support
- **Release note:** Fixed kubelet failure starting on ZFS due to missing cadvisor plugin

### kubectl column alignment (#138550)
- **Author:** @rawkode
- **Fix:** Pre-scan computes max cell widths before first tabwriter flush
- **Cause:** Periodic flush (from #138023) misaligned when wide cells appeared after row 100
- **Preserves:** Memory/CPU wins (135 allocs/op, O(1) memory across 500k rows)

## Cleanup & GA Progress

| PR | What | Why |
|----|------|-----|
| #138583 | Drop StructuredAuthenticationConfiguration gate | GA since 1.34, removed for 1.37 |
| #138669 | DRA DeviceTaintRule CRUD E2E | Required for DRA GA conformance |
| #138451 | StatefulSet reconcile skip metrics registration | Metrics were silently unregistered |
| #138626 | Remove unused kubectl help command | Dead code since Cobra built-in |
| #138708 | Scheduler queue hints cleanup | Gate locked since 1.34 |

## Dependencies

- CoreDNS → v1.14.3 (#138536)
- cri-tools → v1.36.0 (#138613)

## Patterns to Extract

- **Elimination over reduction:** When periodic operations are disruptive, eliminate them entirely rather than reducing frequency. "Once a day" is still a disruption window someone will hit.
- **Provider E2E catches init ordering:** Unit tests can't catch distributed bootstrapping races. Full CAPI provider E2E suites are the only reliable way to validate init-phase changes.
- **Trace observability wins:** Adding context (counts, keys) to existing trace points costs nothing but saves debugging hours. The reflector already had the count — it just wasn't printing it at the right time.