Upstream Github - 2026-06-04
Overview
This is an automated collection of upstream activity from github.
🔥 High Priority Updates
kubernetes/autoscaler#9736: update contributing doc with deprecation policy
What type of PR is this?
/kind documentation
What this PR does / why we need it:
This change adds a link to the kubernetes deprecation policy and some language about when to observe it. This change is being added to help broadcast how deprecations should occur within this repo…
🔗 Link
Metadata:
- Created: 2026-06-03
- Comments: undefined
- State: open
- Draft: No
kubernetes/autoscaler#9733: Add norbertcyran to reviewers
What type of PR is this?
/kind…
🔗 Link
Metadata:
- Created: 2026-06-03
- Comments: undefined
- State: open
- Draft: No
kubernetes/enhancements#6151: KEP: Pod-level Image Pull Duration Metric
Enhancement Description
- One-line enhancement description: Add a structured
ImagePullDurationfield tov1.PodStatusto provide granular observability into image acquisition latency. - Kubernetes Enhancement Proposal: TBD (I will update this with the PR link once submitted)
- Discussion Link…
🔗 Link
Metadata:
- Created: 2026-06-03
- Comments: 2
- State: open
kubernetes/enhancements#6152: KEP-6151: Pod-level Image Pull Duration Metric
-
One-line PR description: Add
ImagePullDurationfield tov1.PodStatusfor enhanced pod-level image acquisition observability. -
Issue link: https://github.com/kubernetes/enhancements/issues/6151
-
Other comments: This PR adds the initial KEP draft (README.md and kep.yaml) for KEP-6151…
🔗 Link
Metadata:
- Created: 2026-06-03
- Comments: undefined
- State: open
- Draft: No
envoyproxy/envoy: v1.35.11
Summary of changes:
- Security fixes:
- CVE-2026-47774: http2: HTTP/2 streams are now reset if they violate the configured maximum header list size. Uncompressed cookies now count towards
mutable_max_request_headers_kbandmax_headers_countlimits, protecting against an HPACK cookie-bomb that could cause excessive memory usage. This can be reverted with “envoy.reloadable_features.http2_include_cooki…
- CVE-2026-47774: http2: HTTP/2 streams are now reset if they violate the configured maximum header list size. Uncompressed cookies now count towards
🔗 Link
Metadata:
- Version: v1.35.11
- Published: 2026-06-03
- Prerelease: No
Updates
kubernetes/autoscaler#9739: Make dependabot manage the VPA 1.7 release branch
What type of PR is this?
/kind cleanup
What this PR does / why we need it:
I’d like to start paying attention to VPA patch releases from now on. The idea here is to get dependabot to patch godeps and the Go version for us in release branches.
Which issue(s) this PR fixes:…
🔗 Link
Metadata:
- Created: 2026-06-04
- Comments: undefined
- State: open
- Draft: No
kubernetes/autoscaler#9738: Bump sigs.k8s.io/apiserver-network-proxy/konnectivity-client from 0.35.0 to 0.36.0 in /vertical-pod-autoscaler/test in the kubernetes group across 1 directory
Bumps the kubernetes group with 1 update in the /vertical-pod-autoscaler/test directory: sigs.k8s.io/apiserver-network-proxy/konnectivity-client.
Updates sigs.k8s.io/apiserver-network-proxy/konnectivity-client from 0.35.0 to 0.36.0
<de…
🔗 Link
Metadata:
- Created: 2026-06-04
- Comments: undefined
- State: open
- Draft: No
kubernetes/autoscaler#9737: Bump the non-kubernetes group across 2 directories with 1 update
Bumps the non-kubernetes group with 1 update in the /vertical-pod-autoscaler directory: github.com/prometheus/common. Bumps the non-kubernetes group with 1 update in the /vertical-pod-autoscaler/test directory: [github.com/prometheus/common](https://github.com…
🔗 Link
Metadata:
- Created: 2026-06-04
- Comments: undefined
- State: open
- Draft: No
kubernetes/autoscaler#9735: [vpa-release-1.7] Bump the actions group across 3 directories with 1 update
This is an automated cherry-pick of #9728
/assign adrianmoisey
🔗 Link
Metadata:
- Created: 2026-06-03
- Comments: undefined
- State: open
- Draft: No
kubernetes/autoscaler#9732: Feat/bump aws examples version
What type of PR is this?
/kind feature
What this PR does / why we need it:
Update image version to v1.35.0 in AWS example manifests.
Which issue(s) this PR fixes:
Special notes for your reviewer:
Does this PR introduce a user-facing change?
NO...
🔗 [Link](https://github.com/kubernetes/autoscaler/pull/9732)
**Metadata:**
- Created: 2026-06-03
- Comments: undefined
- State: open
- Draft: No
### kubernetes/kubernetes#139498: [Flaking test] [sig-storage] PersistentVolumes NFS with Single PV job timeout failures
### Which jobs are flaking?
- ci-kubernetes-e2e-kind
[Triage: http://go.k8s.io/triage?job=ci-kubernetes-e2e-kind%24&test=PersistentVolumes NFS with](https://storage.googleapis.com/k8s-triage/index.html?job=ci-kubernetes-e2e-kind%24&test=PersistentVolumes%20NFS%20with)
### Which tests are flaking?...
🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139498)
**Metadata:**
- Created: 2026-06-04
- Comments: 1
- State: open
### kubernetes/kubernetes#139497: kube-proxy IPVS with mh scheduler may route traffic to unavailable destinations without mh-fallback
### What happened?
When kube-proxy is configured to use IPVS with the `mh` (Maglev Hashing) scheduler, traffic may fail during endpoint transitions when some backend destinations become unavailable.
The issue happens because IPVS `mh` preserves `last_weight` internally even after a destination wei...
🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139497)
**Metadata:**
- Created: 2026-06-04
- Comments: 2
- State: open
### kubernetes/kubernetes#139496: Enhance SIGKILL log messages
We are trying to monitor and add metrics for our SIGKILL events, but it proves to be quite challenging as the app itself cannot log anything when getting a SIGKILL and the kubelet logs are not informative enough to track.
For now I have found logs with "exitCode=137" to be a good indication for a SI...
🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139496)
**Metadata:**
- Created: 2026-06-04
- Comments: 2
- State: open
### kubernetes/kubernetes#139494: [Flaking Test] load overall (/home/prow/go/src/k8s.io/perf-tests/clusterloader2/testing/load/config.yaml)
### Which jobs are flaking?
* [sig-release-master-informing#gce-master-scale-performance-5000](https://testgrid.k8s.io/sig-release-master-informing#gce-master-scale-performance-5000&exclude-non-failed-tests=)
### Which tests are flaking?
* [ClusterLoaderV2.load overall (/home/prow/go/src/k8s.io...
🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139494)
**Metadata:**
- Created: 2026-06-04
- Comments: 1
- State: open
### kubernetes/kubernetes#139493: [Flake] ci-node-e2e: Containers Lifecycle restartable init containers should not hang in termination if terminated during initialization
### Which jobs are flaking?
ci-kubernetes-node-e2e-containerd
### Which tests are flaking?
E2eNode Suite [It] [sig-node] Containers Lifecycle when A pod with restartable init containers is terminating when Restartable init containers are terminated during initialization should not hang in termina...
🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139493)
**Metadata:**
- Created: 2026-06-04
- Comments: 1
- State: open
### kubernetes/kubernetes#139491: apiserver: return 400 instead of 500 for invalid DeleteOptions field types
### What happened?
When sending a DELETE request with invalid JSON types for fields in `DeleteOptions`, the API Server returns HTTP 500.
For example, when `gracePeriodSeconds` is provided as a string instead of an integer, the API Server returns an internal server error:
```json
{
"kind": "Stat...
🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139491)
**Metadata:**
- Created: 2026-06-04
- Comments: 2
- State: open
### kubernetes/kubernetes#139490: apiserver: return 400 instead of 500 for invalid DeleteOptions dryRun type
### What happened?
When sending a DELETE request with an invalid type for `DeleteOptions.dryRun`, the API Server returns HTTP 500.
For example, `dryRun` is expected to be a list of strings, but when it is provided as a string, the API Server returns:
```json
{
"kind": "Status",
"apiVersion": ...
🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139490)
**Metadata:**
- Created: 2026-06-04
- Comments: 2
- State: open
### kubernetes/kubernetes#139488: apiserver: return 4xx instead of 500 for invalid Binding target fields
### What happened?
When creating a Binding object with invalid or incomplete `target` fields, the API Server returns HTTP 500.
For example, when `target.kind` is unsupported and `target.name` is missing, the response is:
```json
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"sta...
🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139488)
**Metadata:**
- Created: 2026-06-04
- Comments: 2
- State: open
### kubernetes/kubernetes#139487: apiserver: return 400 instead of 500 for invalid kind in node deletion request body
### What happened?
When sending a DELETE request to the Node API with an invalid `kind` value in the request body, the API Server returns HTTP 500.
The response is:
```json
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "no kind \"fixed\" is regi...
🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139487)
**Metadata:**
- Created: 2026-06-04
- Comments: 3
- State: open
### kubernetes/kubernetes#139486: apiserver: return non-500 response for node proxy request when node has no preferred addresses
### What happened?
When sending a node proxy request to a Node object that does not contain any usable address in `status.addresses`, the API Server returns HTTP 500.
The error message indicates that no preferred node address can be selected:
```bash
{
"kind": "Status",
"apiVersion": "v1",
...
🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139486)
**Metadata:**
- Created: 2026-06-04
- Comments: 2
- State: open
### kubernetes/kubernetes#139485: apiserver: return 400 instead of 500 for invalid resourceVersion API requests
### What happened?
The Kubernetes API Server returns HTTP 500 Internal Server Error when handling API requests with an invalid `resourceVersion` value.
For example, the following request sets `resourceVersion` to `-1`:
```bash
curl -X GET 'http://127.0.0.1:8001/api/v1/services?watch=true&resource...
🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139485)
**Metadata:**
- Created: 2026-06-04
- Comments: 4
- State: open
### kubernetes/kubernetes#139499: Improve concurrent store list benchmarking
/kind feature
```release-note
NONE
Moving benchmark to more standard RunParallel approach for benchmark lowering variance of results and preventing high overhead of spawning unbounded goroutines causing GC pressure.
- Old approach: Variance ranges from ±14% to ±20%. Spawning new…
🔗 Link
Metadata:
- Created: 2026-06-04
- Comments: undefined
- State: open
- Draft: No
kubernetes/kubernetes#139495: Reduce times lock is aquired in watch cache during reads
/kind feature
NONE
The optimization reduces the number of watch cache RLock acquisitions on read paths (List/Get) from 2 to 1.
- Lower Scale (1,000 pods):* Shows a ~44% to 49% reduction in latency and ~2x increase in throughput (both read list-calls/s and write throu…
🔗 Link
Metadata:
- Created: 2026-06-04
- Comments: undefined
- State: open
- Draft: No
kubernetes/kubernetes#139492: apiserver: return 400 instead of 500 for invalid kind in delete request body
…st body
Tracking info
Link t…
🔗 Link
Metadata:
- Created: 2026-06-04
- Comments: 0
- State: open
kubernetes/release#4422: build kube-cross, go-runner, releng-ci with golang 1.26.4/1.25.11
What type of PR is this?
/kind feature
What this PR does / why we need it:
- build kube-cross, go-runner, releng-ci with golang 1.26.4/1.25.11
Which issue(s) this PR fixes:
xref https://github.com/kubernetes/release/issues/4421
Does this PR introduce a user-faci…
🔗 Link
Metadata:
- Created: 2026-06-04
- Comments: undefined
- State: open
- Draft: No
kubernetes/release#4419: Use patched nftables binaries in distroless-iptables
What type of PR is this?
/kind bug ?
What this PR does / why we need it:
Discussion in https://github.com/kubernetes/kubernetes/issues/136786. We basically have to build our kube-proxy images with a patched old nft binary, to avoid the crash with kube-proxy nft 1.0.6 and system n…
🔗 Link
Metadata:
- Created: 2026-06-03
- Comments: undefined
- State: open
- Draft: No
kubernetes/perf-tests#4081: dra: bump testing/dra config timeouts for 5k scale
What type of PR is this?
/kind bug
What this PR does / why we need it:
Fixes WaitForFinishedJobs undercounting at scale. When churn jobs are deleted by ttlSecondsAfterFinished before the measurement gathers, handleObject read completion from newJob (nil on delete) and dropped the …
🔗 Link
Metadata:
- Created: 2026-06-03
- Comments: undefined
- State: open
- Draft: No
kubernetes/kops#18440: Kops delete overly aggressive and stuck
/kind bug
1. What kops version are you running? The command kops version, will display
this information.
$ kops version I0603 22:06:58.163165 1713687 featureflag.go:182] FeatureFlag “APIServerNodes”=true I0603 22:06:58.163316 1713687 featureflag.go:191] ParseFlags: parsed 1 flags from “+A…
🔗 Link
Metadata:
- Created: 2026-06-03
- Comments: 1
- State: open
kubernetes/kops#18443: dump: raise per-node dump timeout to 5 minutes
The 1-minute per-node dump cap is too short on large clusters: the multi-GB kube-apiserver cat consumes the whole budget and the files after it (etcd, etcd-events, kube-scheduler, kube-controller-manager) dump as 0 bytes. Raise it to 5 minutes.
Based on the last successful runs on 5/15 and 5/11, …
🔗 Link
Metadata:
- Created: 2026-06-03
- Comments: undefined
- State: open
- Draft: No
kubernetes/cloud-provider-vsphere#1776: Remove unused SUPERVISOR_APISERVER_ENDPOINT_IP env var requirement
What this PR does / why we need it: Cleans up vsphereparavirtual configuration by removing the unused but previously strictly validated SUPERVISOR_APISERVER_ENDPOINT_IP environment variable. This variable went unused after API calls were migrated t…
🔗 Link
Metadata:
- Created: 2026-06-04
- Comments: undefined
- State: open
- Draft: No
prometheus/client_java: v1.7.0
1.7.0 (2026-06-03)
Features
- Add StableApi marker and API diff check (#2168) (768fd3a)
- add typed metric family descriptors (#2114) ([9c3b097](https://github.com/prometheus/client_java/commit/9c3b097f6842ffc08fb3…
🔗 Link
Metadata:
- Version: v1.7.0
- Published: 2026-06-03
- Prerelease: No
containerd/nerdbox: v0.1.4
What’s Changed
- revert: write to tmp vmdk file by @austinvazquez in https://github.com/containerd/nerdbox/pull/213
- shim/manager: detect early shim exit while waiting for pipe on Windows by @dmcgowan in https://github.com/containerd/nerdbox/pull/198
- fix(shim/manager): retry on pipe busy/timeout when waiting for shim pipe on Windows by @austinvazquez in https://github.com/containerd/nerdbox/pull/218
Full Changelog: https://github.com/containerd/nerdbox/compare/v0.1.3…v0.1.4
🔗 Link
Metadata:
- Version: v0.1.4
- Published: 2026-06-04
- Prerelease: No
containerd/containerd#13529: CRI: tag+digest sandbox image breaks RunPodSandbox
Description
A CRI sandbox image (pinned_images.sandbox, or legacy sandbox_image) configured as a reference with both a tag and a digest (name:tag@sha256:…) makes RunPodSandbox fail with “failed to get sandbox image … not found”, even though containerd successfully pulls that exact image d…
🔗 Link
Metadata:
- Created: 2026-06-04
- Comments: 0
- State: open
This content was automatically collected on 2026-06-04 10:57:37