Overview

This is an automated collection of upstream activity from github.

🔥 High Priority Updates

kubernetes/autoscaler#9736: update contributing doc with deprecation policy

What type of PR is this?

/kind documentation

What this PR does / why we need it:

This change adds a link to the kubernetes deprecation policy and some language about when to observe it. This change is being added to help broadcast how deprecations should occur within this repo…

🔗 Link

Metadata:

  • Created: 2026-06-03
  • Comments: undefined
  • State: open
  • Draft: No

kubernetes/autoscaler#9733: Add norbertcyran to reviewers

What type of PR is this?

/kind…

🔗 Link

Metadata:

  • Created: 2026-06-03
  • Comments: undefined
  • State: open
  • Draft: No

kubernetes/enhancements#6151: KEP: Pod-level Image Pull Duration Metric

Enhancement Description

  • One-line enhancement description: Add a structured ImagePullDuration field to v1.PodStatus to provide granular observability into image acquisition latency.
  • Kubernetes Enhancement Proposal: TBD (I will update this with the PR link once submitted)
  • Discussion Link…

🔗 Link

Metadata:

  • Created: 2026-06-03
  • Comments: 2
  • State: open

kubernetes/enhancements#6152: KEP-6151: Pod-level Image Pull Duration Metric

  • One-line PR description: Add ImagePullDuration field to v1.PodStatus for enhanced pod-level image acquisition observability.

  • Issue link: https://github.com/kubernetes/enhancements/issues/6151

  • Other comments: This PR adds the initial KEP draft (README.md and kep.yaml) for KEP-6151…

🔗 Link

Metadata:

  • Created: 2026-06-03
  • Comments: undefined
  • State: open
  • Draft: No

envoyproxy/envoy: v1.35.11

Summary of changes:

  • Security fixes:
    • CVE-2026-47774: http2: HTTP/2 streams are now reset if they violate the configured maximum header list size. Uncompressed cookies now count towards mutable_max_request_headers_kb and max_headers_count limits, protecting against an HPACK cookie-bomb that could cause excessive memory usage. This can be reverted with “envoy.reloadable_features.http2_include_cooki…

🔗 Link

Metadata:

  • Version: v1.35.11
  • Published: 2026-06-03
  • Prerelease: No

Updates

kubernetes/autoscaler#9739: Make dependabot manage the VPA 1.7 release branch

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

I’d like to start paying attention to VPA patch releases from now on. The idea here is to get dependabot to patch godeps and the Go version for us in release branches.

Which issue(s) this PR fixes:…

🔗 Link

Metadata:

  • Created: 2026-06-04
  • Comments: undefined
  • State: open
  • Draft: No

kubernetes/autoscaler#9738: Bump sigs.k8s.io/apiserver-network-proxy/konnectivity-client from 0.35.0 to 0.36.0 in /vertical-pod-autoscaler/test in the kubernetes group across 1 directory

Bumps the kubernetes group with 1 update in the /vertical-pod-autoscaler/test directory: sigs.k8s.io/apiserver-network-proxy/konnectivity-client.

Updates sigs.k8s.io/apiserver-network-proxy/konnectivity-client from 0.35.0 to 0.36.0 <de…

🔗 Link

Metadata:

  • Created: 2026-06-04
  • Comments: undefined
  • State: open
  • Draft: No

kubernetes/autoscaler#9737: Bump the non-kubernetes group across 2 directories with 1 update

Bumps the non-kubernetes group with 1 update in the /vertical-pod-autoscaler directory: github.com/prometheus/common. Bumps the non-kubernetes group with 1 update in the /vertical-pod-autoscaler/test directory: [github.com/prometheus/common](https://github.com

🔗 Link

Metadata:

  • Created: 2026-06-04
  • Comments: undefined
  • State: open
  • Draft: No

kubernetes/autoscaler#9735: [vpa-release-1.7] Bump the actions group across 3 directories with 1 update

This is an automated cherry-pick of #9728

/assign adrianmoisey

🔗 Link

Metadata:

  • Created: 2026-06-03
  • Comments: undefined
  • State: open
  • Draft: No

kubernetes/autoscaler#9732: Feat/bump aws examples version

What type of PR is this?

/kind feature

What this PR does / why we need it:

Update image version to v1.35.0 in AWS example manifests.

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?

NO...

🔗 [Link](https://github.com/kubernetes/autoscaler/pull/9732)

**Metadata:**
- Created: 2026-06-03
- Comments: undefined
- State: open
- Draft: No

### kubernetes/kubernetes#139498: [Flaking test] [sig-storage] PersistentVolumes NFS with Single PV job timeout failures

### Which jobs are flaking?

- ci-kubernetes-e2e-kind

[Triage: http://go.k8s.io/triage?job=ci-kubernetes-e2e-kind%24&test=PersistentVolumes NFS with](https://storage.googleapis.com/k8s-triage/index.html?job=ci-kubernetes-e2e-kind%24&test=PersistentVolumes%20NFS%20with)

### Which tests are flaking?...

🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139498)

**Metadata:**
- Created: 2026-06-04
- Comments: 1
- State: open

### kubernetes/kubernetes#139497: kube-proxy IPVS with mh scheduler may route traffic to unavailable destinations without mh-fallback

### What happened?

When kube-proxy is configured to use IPVS with the `mh` (Maglev Hashing) scheduler, traffic may fail during endpoint transitions when some backend destinations become unavailable.

The issue happens because IPVS `mh` preserves `last_weight` internally even after a destination wei...

🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139497)

**Metadata:**
- Created: 2026-06-04
- Comments: 2
- State: open

### kubernetes/kubernetes#139496: Enhance SIGKILL log messages

We are trying to monitor and add metrics for our SIGKILL events, but it proves to be quite challenging as the app itself cannot log anything when getting a SIGKILL and the kubelet logs are not informative enough to track.
For now I have found logs with "exitCode=137" to be a good indication for a SI...

🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139496)

**Metadata:**
- Created: 2026-06-04
- Comments: 2
- State: open

### kubernetes/kubernetes#139494: [Flaking Test] load overall (/home/prow/go/src/k8s.io/perf-tests/clusterloader2/testing/load/config.yaml)

### Which jobs are flaking?

* [sig-release-master-informing#gce-master-scale-performance-5000](https://testgrid.k8s.io/sig-release-master-informing#gce-master-scale-performance-5000&exclude-non-failed-tests=)



### Which tests are flaking?

* [ClusterLoaderV2.load overall (/home/prow/go/src/k8s.io...

🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139494)

**Metadata:**
- Created: 2026-06-04
- Comments: 1
- State: open

### kubernetes/kubernetes#139493: [Flake] ci-node-e2e: Containers Lifecycle restartable init containers should not hang in termination if terminated during initialization

### Which jobs are flaking?

ci-kubernetes-node-e2e-containerd

### Which tests are flaking?

E2eNode Suite [It] [sig-node] Containers Lifecycle when A pod with restartable init containers is terminating when Restartable init containers are terminated during initialization should not hang in termina...

🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139493)

**Metadata:**
- Created: 2026-06-04
- Comments: 1
- State: open

### kubernetes/kubernetes#139491: apiserver: return 400 instead of 500 for invalid DeleteOptions field types

### What happened?

When sending a DELETE request with invalid JSON types for fields in `DeleteOptions`, the API Server returns HTTP 500.

For example, when `gracePeriodSeconds` is provided as a string instead of an integer, the API Server returns an internal server error:

```json
{
  "kind": "Stat...

🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139491)

**Metadata:**
- Created: 2026-06-04
- Comments: 2
- State: open

### kubernetes/kubernetes#139490: apiserver: return 400 instead of 500 for invalid DeleteOptions dryRun type

### What happened?

When sending a DELETE request with an invalid type for `DeleteOptions.dryRun`, the API Server returns HTTP 500.

For example, `dryRun` is expected to be a list of strings, but when it is provided as a string, the API Server returns:

```json
{
  "kind": "Status",
  "apiVersion": ...

🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139490)

**Metadata:**
- Created: 2026-06-04
- Comments: 2
- State: open

### kubernetes/kubernetes#139488: apiserver: return 4xx instead of 500 for invalid Binding target fields

### What happened?

When creating a Binding object with invalid or incomplete `target` fields, the API Server returns HTTP 500.

For example, when `target.kind` is unsupported and `target.name` is missing, the response is:

```json
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "sta...

🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139488)

**Metadata:**
- Created: 2026-06-04
- Comments: 2
- State: open

### kubernetes/kubernetes#139487: apiserver: return 400 instead of 500 for invalid kind in node deletion request body

### What happened?

When sending a DELETE request to the Node API with an invalid `kind` value in the request body, the API Server returns HTTP 500.

The response is:

```json
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "no kind \"fixed\" is regi...

🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139487)

**Metadata:**
- Created: 2026-06-04
- Comments: 3
- State: open

### kubernetes/kubernetes#139486: apiserver: return non-500 response for node proxy request when node has no preferred addresses

### What happened?

When sending a node proxy request to a Node object that does not contain any usable address in `status.addresses`, the API Server returns HTTP 500.

The error message indicates that no preferred node address can be selected:

```bash
{
  "kind": "Status",
  "apiVersion": "v1",
  ...

🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139486)

**Metadata:**
- Created: 2026-06-04
- Comments: 2
- State: open

### kubernetes/kubernetes#139485: apiserver: return 400 instead of 500 for invalid resourceVersion API requests

### What happened?

The Kubernetes API Server returns HTTP 500 Internal Server Error when handling API requests with an invalid `resourceVersion` value.

For example, the following request sets `resourceVersion` to `-1`:

```bash
curl -X GET 'http://127.0.0.1:8001/api/v1/services?watch=true&resource...

🔗 [Link](https://github.com/kubernetes/kubernetes/issues/139485)

**Metadata:**
- Created: 2026-06-04
- Comments: 4
- State: open

### kubernetes/kubernetes#139499: Improve concurrent store list benchmarking

/kind feature

```release-note
NONE

Moving benchmark to more standard RunParallel approach for benchmark lowering variance of results and preventing high overhead of spawning unbounded goroutines causing GC pressure.

  • Old approach: Variance ranges from ±14% to ±20%. Spawning new…

🔗 Link

Metadata:

  • Created: 2026-06-04
  • Comments: undefined
  • State: open
  • Draft: No

kubernetes/kubernetes#139495: Reduce times lock is aquired in watch cache during reads

/kind feature

NONE

The optimization reduces the number of watch cache RLock acquisitions on read paths (List/Get) from 2 to 1.

  • Lower Scale (1,000 pods):* Shows a ~44% to 49% reduction in latency and ~2x increase in throughput (both read list-calls/s and write throu…

🔗 Link

Metadata:

  • Created: 2026-06-04
  • Comments: undefined
  • State: open
  • Draft: No

kubernetes/kubernetes#139492: apiserver: return 400 instead of 500 for invalid kind in delete request body

…st body

Tracking info

Link t…

🔗 Link

Metadata:

  • Created: 2026-06-04
  • Comments: 0
  • State: open

kubernetes/release#4422: build kube-cross, go-runner, releng-ci with golang 1.26.4/1.25.11

What type of PR is this?

/kind feature

What this PR does / why we need it:

  • build kube-cross, go-runner, releng-ci with golang 1.26.4/1.25.11

Which issue(s) this PR fixes:

xref https://github.com/kubernetes/release/issues/4421

Does this PR introduce a user-faci…

🔗 Link

Metadata:

  • Created: 2026-06-04
  • Comments: undefined
  • State: open
  • Draft: No

kubernetes/release#4419: Use patched nftables binaries in distroless-iptables

What type of PR is this?

/kind bug ?

What this PR does / why we need it:

Discussion in https://github.com/kubernetes/kubernetes/issues/136786. We basically have to build our kube-proxy images with a patched old nft binary, to avoid the crash with kube-proxy nft 1.0.6 and system n…

🔗 Link

Metadata:

  • Created: 2026-06-03
  • Comments: undefined
  • State: open
  • Draft: No

kubernetes/perf-tests#4081: dra: bump testing/dra config timeouts for 5k scale

What type of PR is this?

/kind bug

What this PR does / why we need it:

Fixes WaitForFinishedJobs undercounting at scale. When churn jobs are deleted by ttlSecondsAfterFinished before the measurement gathers, handleObject read completion from newJob (nil on delete) and dropped the …

🔗 Link

Metadata:

  • Created: 2026-06-03
  • Comments: undefined
  • State: open
  • Draft: No

kubernetes/kops#18440: Kops delete overly aggressive and stuck

/kind bug

1. What kops version are you running? The command kops version, will display this information.

$ kops version I0603 22:06:58.163165 1713687 featureflag.go:182] FeatureFlag “APIServerNodes”=true I0603 22:06:58.163316 1713687 featureflag.go:191] ParseFlags: parsed 1 flags from “+A…

🔗 Link

Metadata:

  • Created: 2026-06-03
  • Comments: 1
  • State: open

kubernetes/kops#18443: dump: raise per-node dump timeout to 5 minutes

The 1-minute per-node dump cap is too short on large clusters: the multi-GB kube-apiserver cat consumes the whole budget and the files after it (etcd, etcd-events, kube-scheduler, kube-controller-manager) dump as 0 bytes. Raise it to 5 minutes.

Based on the last successful runs on 5/15 and 5/11, …

🔗 Link

Metadata:

  • Created: 2026-06-03
  • Comments: undefined
  • State: open
  • Draft: No

kubernetes/cloud-provider-vsphere#1776: Remove unused SUPERVISOR_APISERVER_ENDPOINT_IP env var requirement

What this PR does / why we need it: Cleans up vsphereparavirtual configuration by removing the unused but previously strictly validated SUPERVISOR_APISERVER_ENDPOINT_IP environment variable. This variable went unused after API calls were migrated t…

🔗 Link

Metadata:

  • Created: 2026-06-04
  • Comments: undefined
  • State: open
  • Draft: No

prometheus/client_java: v1.7.0

1.7.0 (2026-06-03)

Features

🔗 Link

Metadata:

  • Version: v1.7.0
  • Published: 2026-06-03
  • Prerelease: No

containerd/nerdbox: v0.1.4

What’s Changed

Full Changelog: https://github.com/containerd/nerdbox/compare/v0.1.3…v0.1.4

🔗 Link

Metadata:

  • Version: v0.1.4
  • Published: 2026-06-04
  • Prerelease: No

containerd/containerd#13529: CRI: tag+digest sandbox image breaks RunPodSandbox

Description

A CRI sandbox image (pinned_images.sandbox, or legacy sandbox_image) configured as a reference with both a tag and a digest (name:tag@sha256:…) makes RunPodSandbox fail with “failed to get sandbox image … not found”, even though containerd successfully pulls that exact image d…

🔗 Link

Metadata:

  • Created: 2026-06-04
  • Comments: 0
  • State: open

This content was automatically collected on 2026-06-04 10:57:37