Update documentation for KEP-3104#52877
Merged
k8s-ci-robot merged 6 commits intokubernetes:dev-1.35from Dec 3, 2025
Merged
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
Contributor
|
Welcome @pmengelbert! |
k8s-ci-robot
added
the
size/XS
✅ Pull request preview available for checkingBuilt without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify project configuration. |
Member
dipesh-rawat
left a comment
dipesh-rawat
left a comment
There was a problem hiding this comment.
@pmengelbert, We should consider setting the dev-1.35 branch as the target branch rather than the main branch for this pull request. Since the change is related to the feature targeting beta in v1.35
12 tasks
Member
|
It's handy to mark these as not yet ready for review. /retitle [WIP] Update documention for KEP-3104 |
k8s-ci-robot
changed the title
k8s-ci-robot
added
the
do-not-merge/work-in-progress
16 tasks
Contributor
|
/assign |
Contributor
Author
done |
Contributor
|
Hello @pmengelbert 👋, v1.35 Docs Team here again! We are closing in on the deadline to get your PR ready for review before Tuesday 18th November 2025, so I'm sending a second reminder. Please take a look at the Documenting for a release - PR Ready for Review document to get your PR ready for review before the deadline. Please also let us know once your PR is fully Ready for Review -- meaning all documentation updates are complete and it's awaiting reviewer feedback -- so we can update our tracking. Thank you! |
pmengelbert
force-pushed
the
pmengelbert/placeholder-docs-kep-3104/1
branch
from
472d800 to
4ee94ec
Compare
👷 Deploy Preview for kubernetes-io-vnext-staging processing.
|
k8s-ci-robot
added
language/en
pmengelbert
force-pushed
the
pmengelbert/placeholder-docs-kep-3104/1
branch
from
4ee94ec to
9e1469b
Compare
Signed-off-by: Peter Engelbert <[email protected]>
pmengelbert
force-pushed
the
pmengelbert/placeholder-docs-kep-3104/1
branch
from
9e1469b to
1c14ce0
Compare
pmengelbert
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
lmktfy
reviewed
Nov 17, 2025
Member
lmktfy
left a comment
lmktfy
left a comment
There was a problem hiding this comment.
Thanks for the PR. I do recommend revising it.
Member
|
@kubernetes/sig-security-pr-reviews I have suggested a change to not always deny exec plugins, because those plugins are a useful way to avoid hard coding private key material / long lived tokens into your kubeconfig. However, that's a security opinion about a deny control. With that vin mind, please comment on this PR. Feel free to invite SIG Auth interested parties if you judge it helpful. |
k8s-ci-robot
added
the
sig/security
Co-authored-by: Tim Bannister <[email protected]>
k8s-ci-robot
removed
the
size/M
liggitt
reviewed
Nov 25, 2025
| When the policy is set to `"DenyAll"`, no exec plugins will be permitted to run. | ||
| If you don't use credential plugins, the Kubernetes project recommends that you | ||
| set the DenyAll policy. Using the Allowlist policy is a good choice if you do | ||
| use credential plugins. If you are not sure, choose DenyAll. |
Member
There was a problem hiding this comment.
If you are not sure, choose DenyAll
Unsure users adding DenyAll to their kuberc without any other guidance about how to test the resulting behavior is definitely going to break users of managed clusters that distribute kubeconfigs that use credential plugins. Can we put the note about consulting managed provider docs right by this recommendation, or at least indicate they need to try the kubeconfigs they expect use after setting this to make sure DenyAll isn't blocking something they intend to work?
Contributor
Author
There was a problem hiding this comment.
I ended up removing this section and kept the note below (in the only remaining place where the recommended default is discussed)
Contributor
Author
There was a problem hiding this comment.
I also added additional troubleshooting steps in case users encounter problems with a "DenyAll" policy.
soltysh
reviewed
Nov 25, 2025
Contributor
soltysh
left a comment
soltysh
left a comment
There was a problem hiding this comment.
Minor nits, but this is very close
* Add language explaining that globs and symlinks are not supported * Add troubleshooting steps if "DenyAll" causes problems Signed-off-by: Peter Engelbert <[email protected]>
pmengelbert
force-pushed
the
pmengelbert/placeholder-docs-kep-3104/1
branch
from
b0bb6d9 to
1a53fda
Compare
Contributor
Author
|
All comments addressed, again. |
Member
|
LGTM |
1 similar comment
Member
|
LGTM |
Contributor
Author
|
/assign @divya-mohan0209 This is ready for final review |
Contributor
|
/label tide/merge-method-squash |
k8s-ci-robot
added
the
tide/merge-method-squash
k8s-ci-robot
added
the
lgtm
Contributor
|
LGTM label has been added. DetailsGit tree hash: 66e2055ce14c97cdd24a908194f83837a7b089bc |
dipesh-rawat
reviewed
Dec 3, 2025
Member
dipesh-rawat
left a comment
dipesh-rawat
left a comment
There was a problem hiding this comment.
/approve
This looks like good to merge. We can always refine and address any doc improvements with subsequent PRs.
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dipesh-rawat, soltysh The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
Member
|
I sent in a follow up PR |
aditip149209
pushed a commit
to aditip149209/website
that referenced
this pull request
Dec 29, 2025
* KEP 3104: document plugin policy and allowlist Signed-off-by: Peter Engelbert <[email protected]> * Apply suggestions from code review Co-authored-by: Tim Bannister <[email protected]> * Apply suggestions from code review Additionally: - Use note shortcodes - Capitalize "Kubernetes" - Replace expressions with behavior explanation - Add tabs for Windows/POSIX Signed-off-by: Peter Engelbert <[email protected]> * Apply suggestions from code review Co-authored-by: Maciej Szulik <[email protected]> Additional corrections: - Put tabbed code in triple backquotes - Move policy explanations next to their listings - Give examples to help user parse dense sections Signed-off-by: Peter Engelbert <[email protected]> * Apply suggestions from code review Co-authored-by: Tim Bannister <[email protected]> Co-authored-by: Maciej Szulik <[email protected]> * Remove description of future behavior Since this intended future behavior is documented in the KEP, and since it is not yet relevant, save this explanation and example for later when the implementation actually matches this intended reality. * Remove backticks for tabbed code * Add note about managed providers * Fix typos, formatting, and streamline some language Signed-off-by: Peter Engelbert <[email protected]> * Remove duplication of recommended defaults * Add language explaining that globs and symlinks are not supported * Add troubleshooting steps if "DenyAll" causes problems Signed-off-by: Peter Engelbert <[email protected]> --------- Signed-off-by: Peter Engelbert <[email protected]> Co-authored-by: Tim Bannister <[email protected]>
wip-sync
pushed a commit
to NetBSD/pkgsrc-wip
that referenced
this pull request
Jan 3, 2026
Changes by Kind API Change * Changed kuberc configuration schema. Two new optional fields added to * kuberc configuration, credPluginPolicy and credPluginAllowlist. This is * documented in KEP-3104 and documentation is added to the website by * kubernetes/website#52877 [SIG API Machinery, Architecture, Auth, CLI, Instrumentation and Testing] * Enabled kubectl get -o kyaml by default. To disable it, set KUBECTL_KYAML=false. * Enabled in-place resizing of pod-level resources. * Added Resources in PodStatus to capture resources set in the pod-level cgroup. * Added AllocatedResources in PodStatus to capture resources requested in the PodSpec. [SIG API Machinery, Apps, Architecture, Auth, CLI, Instrumentation, Node, Scheduling and Testing] * Enabled the NominatedNodeNameForExpectation feature in kube-scheduler by default. * Enabled the ClearingNominatedNodeNameAfterBinding feature in kube-apiserver by default. [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Scheduling, Storage and Testing] * Generated OpenAPI model packages for API types into zz_generated.model_name.go files, accessible via the OpenAPIModelName() function. This allows API authors to declare desired OpenAPI model packages instead of relying on the Go package path of API types. [SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing] * Introduced the GangScheduling kube-scheduler plugin to support "all-or-nothing" scheduling using the scheduling.k8s.io/v1alpha1 Workload API. [SIG API Machinery, Apps, Auth, CLI, Etcd, Scheduling and Testing] * Introduced the scheduling.k8s.io/v1alpha1 Workload API to express workload-level scheduling requirements and allow the kube-scheduler to act on them. [SIG API Machinery, Apps, CLI, Etcd, Scheduling and Testing] * Kube-apiserver: Fixed a v1.34 regression in CustomResourceDefinition handling that incorrectly warned about unrecognized formats on number and integer properties. [SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Contributor Experience, Network, Node and Scheduling] * Kube-apiserver: Fixed a possible panic validating a custom resource whose CustomResourceDefinition indicates a status subresource exists, but which does not define a status property in the openAPIV3Schema. [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] * Kubernetes API Go types removed runtime use of the github.com/gogo/protobuf library, and are no longer registered into the global gogo type registry. Kubernetes API Go types were not suitable for use with the google.golang.org/protobuf library, and no longer implement ProtoMessage() by default to avoid accidental incompatible use. If removal of these marker methods impacts your use, it can be re-enabled for one more release with a kubernetes_protomessage_one_more_release build tag, but will be removed in v1.36. [SIG API Machinery, Apps, Architecture, Auth, CLI, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage] Feature * Added kubectl kuberc view and kubectl kuberc set commands to perform operations against the kuberc file. [SIG CLI and Testing] * Added support for tracing in kubectl with the --profile=trace flag. * Added the -n flag as a shorthand for --namespace in the kubectl config set-context command. [SIG CLI and Testing] * Enabled the WatchListClient feature gate. [SIG API Machinery, Apps, Auth, CLI, Instrumentation, Node and Testing] * Introduced the --as-user-extra persistent flag in kubectl, which allows passing extra arguments during impersonation. [SIG CLI and Testing] * Kubernetes now uses Go Language Version 1.25, including https://go.dev/blog/container-aware-gomaxprocs [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling and Storage] * Promoted kubectl command headers to stable. [SIG CLI and Testing] * Updated kubectl describe pods to include the involved object’s fieldPath (e.g., container name) in event messages, providing better context for debugging multi-container Pods. Note: This changes the previous message format for events that include a fieldPath. Documentation * Promoted the --chunk-size flag to stable. The kubectl describe, get, drain, and events commands can use --chunk-size flag to set chunk size. Bug or Regression * Changed kubectl exec syntax to require -- before the command. The form kubectl exec [POD] [COMMAND] is no longer supported; use kubectl exec [POD] -- [COMMAND] instead. * Extended resources requested by initContainers which are allocated using an automatic ResourceClaim now match the behavior of legacy device plugins, reusing the same resources requested by later sidecar initContainers or regular containers when possible, to minimize the total number of devices requested by the pod. [SIG Apps, CLI, Node, Scheduling and Testing] * Fixed a bug to prevent segmentation fault from occurring when updating deeply nested JSON fields. [SIG API Machinery and CLI] * Fixed a panic in kubectl api-resources that occurred when the Discovery Client failed. * Fixed validation error when ConfigFlags includes CertFile and/or KeyFile while the original configuration also contains CertFileData and/or KeyFileData. [SIG API Machinery and CLI] * Namespace is now included in the --dry-run=client output for HorizontalPodAutoscaler (HPA) objects. [SIG CLI and Testing] * Updated kubectl scale to return a consistent error message when a specified resource is not found. Previously, it returned: error: no objects passed to scale <GroupResource> "<ResourceName>" not found. It now matches the format used by other commands (e.g., kubectl get): Error from server (NotFound): <GroupResource> "<ResourceName>" not found. Other (Cleanup or Flake) * Dropped support for certificates/v1beta1 CertificateSigningRequest in kubectl. * Dropped support for discovery/v1beta1 EndpointSlice in kubectl. * Dropped support for networking/v1beta1 Ingress in kubectl. * Dropped support for networking/v1beta1 Ingress in kubectl. * Dropped support for policy/v1beta1 PodDisruptionBudget in kubectl. * Eliminated and prevented future use of the md5 algorithm in favor of more appropriate hashing algorithms. [SIG Apps, Architecture, CLI, Cluster Lifecycle, Network, Node, Security, Storage and Testing] * Fixed formatting of various Go API deprecations for GoDoc and pkgsite, and enabled a linter to detect misformatted deprecations. [SIG API Machinery, Architecture, CLI, Instrumentation and Testing] * Removed the KUBECTL_OPENAPIV3_PATCH environment variable, as aggregated discovery has been stable since v1.30. * Updated kubectl auth reconcile to retry reconciliation when a conflict error occurs. [SIG Auth and CLI] * Updated kubectl get and kubectl describe human-readable output to no longer show counts for referenced tokens and secrets. [SIG CLI and Testing] * Updated the kubectl wait command description by removing the Experimental prefix, as the command has been stable for a long time. * Updated the etcd client library to v3.6.5. [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage] * Updated the short description of the kubectl wait command by removing the Experimental prefix, as the command has been stable for a long time.
github-merge-queue Bot
pushed a commit
to open-telemetry/otel-arrow
that referenced
this pull request
Jan 19, 2026
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [kubernetes](https://redirect.github.com/kubernetes-client/python) | `==34.1.0` → `==35.0.0` |  |  | --- ### Release Notes <details> <summary>kubernetes-client/python (kubernetes)</summary> ### [`v35.0.0`](https://redirect.github.com/kubernetes-client/python/blob/HEAD/CHANGELOG.md#v3500snapshot) [Compare Source](https://redirect.github.com/kubernetes-client/python/compare/v34.1.0...v35.0.0) Kubernetes API Version: v1.35.0 ##### API Change - Added `ObservedGeneration` to CustomResourceDefinition conditions. ([kubernetes/kubernetes#134984](https://redirect.github.com/kubernetes/kubernetes/pull/134984), [@​michaelasp](https://redirect.github.com/michaelasp)) - Added `WithOrigin` within `apis/core/validation` with adjusted tests. ([kubernetes/kubernetes#132825](https://redirect.github.com/kubernetes/kubernetes/pull/132825), [@​PatrickLaabs](https://redirect.github.com/PatrickLaabs)) - Added scoring for the prioritized list feature so nodes that best satisfy the highest-ranked subrequests were chosen. ([kubernetes/kubernetes#134711](https://redirect.github.com/kubernetes/kubernetes/pull/134711), [@​mortent](https://redirect.github.com/mortent)) \[SIG Node, Scheduling and Testing] - Added the `--min-compatibility-version` flag to `kube-apiserver`, `kube-controller-manager`, and `kube-scheduler`. ([kubernetes/kubernetes#133980](https://redirect.github.com/kubernetes/kubernetes/pull/133980), [@​siyuanfoundation](https://redirect.github.com/siyuanfoundation)) \[SIG API Machinery, Architecture, Cluster Lifecycle, Etcd, Scheduling and Testing] - Added the `StorageVersionMigration` `v1beta1` API and removed the `v1alpha1` API. ACTION REQUIRED: The `v1alpha1` API is no longer supported. Users must remove any `v1alpha1` resources before upgrading. ([kubernetes/kubernetes#134784](https://redirect.github.com/kubernetes/kubernetes/pull/134784), [@​michaelasp](https://redirect.github.com/michaelasp)) \[SIG API Machinery, Apps, Auth, Etcd and Testing] - Added validation to ensure `log-flush-frequency` is a positive value, returning an error instead of causing a panic. ([kubernetes/kubernetes#133540](https://redirect.github.com/kubernetes/kubernetes/pull/133540), [@​BenTheElder](https://redirect.github.com/BenTheElder)) \[SIG Architecture, Instrumentation, Network and Node] - All containers are restarted when a source container in a restart policy rule exits. This alpha feature is gated behind `RestartAllContainersOnContainerExit`. ([kubernetes/kubernetes#134345](https://redirect.github.com/kubernetes/kubernetes/pull/134345), [@​yuanwang04](https://redirect.github.com/yuanwang04)) \[SIG Apps, Node and Testing] - CSI drivers can now opt in to receive service account tokens via the secrets field instead of volume context by setting `spec.serviceAccountTokenInSecrets: true` in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the `CSIServiceAccountTokenSecrets` feature gate (beta in `v1.35`). ([kubernetes/kubernetes#134826](https://redirect.github.com/kubernetes/kubernetes/pull/134826), [@​aramase](https://redirect.github.com/aramase)) \[SIG API Machinery, Auth, Storage and Testing] - Changed kuberc configuration schema. Two new optional fields added to kuberc configuration, `credPluginPolicy` and `credPluginAllowlist`. This is documented in [KEP-3104](https://redirect.github.com/kubernetes/enhancements/blob/master/keps/sig-cli/3104-introduce-kuberc/README.md#allowlist-design-details) and documentation is added to the website by [kubernetes/website#52877](https://redirect.github.com/kubernetes/website/pull/52877) ([kubernetes/kubernetes#134870](https://redirect.github.com/kubernetes/kubernetes/pull/134870), [@​pmengelbert](https://redirect.github.com/pmengelbert)) \[SIG API Machinery, Architecture, Auth, CLI, Instrumentation and Testing] - DRA device taints: `DeviceTaintRule` status provides information about the rule, including whether Pods still need to be evicted (`EvictionInProgress` condition). The newly added `None` effect can be used to preview what a `DeviceTaintRule` would do if it used the `NoExecute` effect and to taint devices (`device health`) without immediately affecting scheduling or running Pods. ([kubernetes/kubernetes#134152](https://redirect.github.com/kubernetes/kubernetes/pull/134152), [@​pohly](https://redirect.github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Release, Scheduling and Testing] - DRA: The `DynamicResourceAllocation` feature gate for the core functionality (GA in `v1.34`) has now been locked to enabled-by-default and cannot be disabled anymore. ([kubernetes/kubernetes#134452](https://redirect.github.com/kubernetes/kubernetes/pull/134452), [@​pohly](https://redirect.github.com/pohly)) \[SIG Auth, Node, Scheduling and Testing] - Enabled `kubectl get -o kyaml` by default. To disable it, set `KUBECTL_KYAML=false`. ([kubernetes/kubernetes#133327](https://redirect.github.com/kubernetes/kubernetes/pull/133327), [@​thockin](https://redirect.github.com/thockin)) - Enabled in-place resizing of pod-level resources. - Added `Resources` in `PodStatus` to capture resources set in the pod-level cgroup. - Added `AllocatedResources` in `PodStatus` to capture resources requested in the `PodSpec`. ([kubernetes/kubernetes#132919](https://redirect.github.com/kubernetes/kubernetes/pull/132919), [@​ndixita](https://redirect.github.com/ndixita)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Instrumentation, Node, Scheduling and Testing] - Enabled the `NominatedNodeNameForExpectation` feature in kube-scheduler by default. - Enabled the `ClearingNominatedNodeNameAfterBinding` feature in kube-apiserver by default. ([kubernetes/kubernetes#135103](https://redirect.github.com/kubernetes/kubernetes/pull/135103), [@​ania-borowiec](https://redirect.github.com/ania-borowiec)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Enhanced discovery responses to merge API groups and resources from all peer apiservers when the `UnknownVersionInteroperabilityProxy` feature is enabled. ([kubernetes/kubernetes#133648](https://redirect.github.com/kubernetes/kubernetes/pull/133648), [@​richabanker](https://redirect.github.com/richabanker)) \[SIG API Machinery, Auth, Cloud Provider, Node, Scheduling and Testing] - Extended `core/v1` `Toleration` to support numeric comparison operators (`Gt`,`Lt`). ([kubernetes/kubernetes#134665](https://redirect.github.com/kubernetes/kubernetes/pull/134665), [@​helayoty](https://redirect.github.com/helayoty)) \[SIG API Machinery, Apps, Node, Scheduling, Testing and Windows] - Feature gate dependencies are now explicit, and validated at startup. A feature can no longer be enabled if it depends on a disabled feature. In particular, this means that `AllAlpha=true` will no longer work without enabling disabled-by-default beta features that are depended on (either with `AllBeta=true` or explicitly enumerating the disabled dependencies). ([kubernetes/kubernetes#133697](https://redirect.github.com/kubernetes/kubernetes/pull/133697), [@​tallclair](https://redirect.github.com/tallclair)) \[SIG API Machinery, Architecture, Cluster Lifecycle and Node] - Generated OpenAPI model packages for API types into `zz_generated.model_name.go` files, accessible via the `OpenAPIModelName()` function. This allows API authors to declare desired OpenAPI model packages instead of relying on the Go package path of API types. ([kubernetes/kubernetes#131755](https://redirect.github.com/kubernetes/kubernetes/pull/131755), [@​jpbetz](https://redirect.github.com/jpbetz)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Implemented constrained impersonation as described in [KEP-5284](https://kep.k8s.io/5284). ([kubernetes/kubernetes#134803](https://redirect.github.com/kubernetes/kubernetes/pull/134803), [@​enj](https://redirect.github.com/enj)) \[SIG API Machinery, Auth and Testing] - Introduced a new declarative validation tag `+k8s:customUnique` to control listmap uniqueness. ([kubernetes/kubernetes#134279](https://redirect.github.com/kubernetes/kubernetes/pull/134279), [@​yongruilin](https://redirect.github.com/yongruilin)) \[SIG API Machinery and Auth] - Introduced a structured and versioned `v1alpha1` response for the `statusz` endpoint. ([kubernetes/kubernetes#134313](https://redirect.github.com/kubernetes/kubernetes/pull/134313), [@​richabanker](https://redirect.github.com/richabanker)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduced a structured and versioned `v1alpha1` response format for the `flagz` endpoint. ([kubernetes/kubernetes#134995](https://redirect.github.com/kubernetes/kubernetes/pull/134995), [@​yongruilin](https://redirect.github.com/yongruilin)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduced the GangScheduling kube-scheduler plugin to support "all-or-nothing" scheduling using the `scheduling.k8s.io/v1alpha1` Workload API. ([kubernetes/kubernetes#134722](https://redirect.github.com/kubernetes/kubernetes/pull/134722), [@​macsko](https://redirect.github.com/macsko)) \[SIG API Machinery, Apps, Auth, CLI, Etcd, Scheduling and Testing] - Introduced the Node Declared Features capability (alpha), which includes: - A new `Node.Status.DeclaredFeatures` field for publishing node-specific features. - A `component-helpers` library for feature registration and inference. - A `NodeDeclaredFeatures` scheduler plugin to match pods with nodes that provide required features. - A `NodeDeclaredFeatureValidator` admission plugin to validate pod updates against a node's declared features. ([kubernetes/kubernetes#133389](https://redirect.github.com/kubernetes/kubernetes/pull/133389), [@​pravk03](https://redirect.github.com/pravk03)) \[SIG API Machinery, Apps, Node, Release, Scheduling and Testing] - Introduced the `scheduling.k8s.io/v1alpha1` Workload API to express workload-level scheduling requirements and allow the kube-scheduler to act on them. ([kubernetes/kubernetes#134564](https://redirect.github.com/kubernetes/kubernetes/pull/134564), [@​macsko](https://redirect.github.com/macsko)) \[SIG API Machinery, Apps, CLI, Etcd, Scheduling and Testing] - Introduced the alpha `MutableSchedulingDirectivesForSuspendedJobs` feature gate (disabled by default), which allows mutating a Job's scheduling directives while the Job is suspended. It also updates the Job controller to clears the `status.startTime` field for suspended Jobs. ([kubernetes/kubernetes#135104](https://redirect.github.com/kubernetes/kubernetes/pull/135104), [@​mimowo](https://redirect.github.com/mimowo)) \[SIG Apps and Testing] - Kube-apiserver: Fixed a `v1.34` regression in `CustomResourceDefinition` handling that incorrectly warned about unrecognized formats on number and integer properties. ([kubernetes/kubernetes#133896](https://redirect.github.com/kubernetes/kubernetes/pull/133896), [@​yongruilin](https://redirect.github.com/yongruilin)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Contributor Experience, Network, Node and Scheduling] - Kube-apiserver: Fixed a possible panic validating a custom resource whose `CustomResourceDefinition` indicates a status subresource exists, but which does not define a `status` property in the `openAPIV3Schema`. ([kubernetes/kubernetes#133721](https://redirect.github.com/kubernetes/kubernetes/pull/133721), [@​fusida](https://redirect.github.com/fusida)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] - Kubernetes API Go types removed runtime use of the `github.com/gogo/protobuf` library, and are no longer registered into the global gogo type registry. Kubernetes API Go types were not suitable for use with the `google.golang.org/protobuf` library, and no longer implement `ProtoMessage()` by default to avoid accidental incompatible use. If removal of these marker methods impacts your use, it can be re-enabled for one more release with a `kubernetes_protomessage_one_more_release` build tag, but will be removed in `v1.36`. ([kubernetes/kubernetes#134256](https://redirect.github.com/kubernetes/kubernetes/pull/134256), [@​liggitt](https://redirect.github.com/liggitt)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage] - Made node affinity in Persistent Volume mutable. ([kubernetes/kubernetes#134339](https://redirect.github.com/kubernetes/kubernetes/pull/134339), [@​huww98](https://redirect.github.com/huww98)) \[SIG API Machinery, Apps and Node] - Moved the `ImagePullIntent` and `ImagePulledRecord` objects used by the kubelet to track image pulls to the `v1beta1` API version. ([kubernetes/kubernetes#132579](https://redirect.github.com/kubernetes/kubernetes/pull/132579), [@​stlaz](https://redirect.github.com/stlaz)) \[SIG Auth and Node] - Pod resize now only allows CPU and memory resources; other resource types are forbidden. ([kubernetes/kubernetes#135084](https://redirect.github.com/kubernetes/kubernetes/pull/135084), [@​tallclair](https://redirect.github.com/tallclair)) \[SIG Apps, Node and Testing] - Prevented Pods from being scheduled onto nodes that lack the required CSI driver. ([kubernetes/kubernetes#135012](https://redirect.github.com/kubernetes/kubernetes/pull/135012), [@​gnufied](https://redirect.github.com/gnufied)) \[SIG API Machinery, Scheduling, Storage and Testing] - Promoted HPA configurable tolerance to beta. The `HPAConfigurableTolerance` feature gate has now been enabled by default. ([kubernetes/kubernetes#133128](https://redirect.github.com/kubernetes/kubernetes/pull/133128), [@​jm-franc](https://redirect.github.com/jm-franc)) \[SIG API Machinery and Autoscaling] - Promoted ReplicaSet and Deployment `.status.terminatingReplicas` tracking to beta. The `DeploymentReplicaSetTerminatingReplicas` feature gate is now enabled by default. ([kubernetes/kubernetes#133087](https://redirect.github.com/kubernetes/kubernetes/pull/133087), [@​atiratree](https://redirect.github.com/atiratree)) \[SIG API Machinery, Apps and Testing] - Promoted `PodObservedGenerationTracking` to GA. ([kubernetes/kubernetes#134948](https://redirect.github.com/kubernetes/kubernetes/pull/134948), [@​natasha41575](https://redirect.github.com/natasha41575)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Promoted the `JobManagedBy` feature to general availability. The `JobManagedBy` feature gate was locked to `true` and will be removed in a future Kubernetes release. ([kubernetes/kubernetes#135080](https://redirect.github.com/kubernetes/kubernetes/pull/135080), [@​dejanzele](https://redirect.github.com/dejanzele)) \[SIG API Machinery, Apps and Testing] - Promoted the `MaxUnavailableStatefulSet` feature to beta and enabling it by default. ([kubernetes/kubernetes#133153](https://redirect.github.com/kubernetes/kubernetes/pull/133153), [@​helayoty](https://redirect.github.com/helayoty)) \[SIG API Machinery and Apps] - Removed the `StrictCostEnforcementForVAP` and `StrictCostEnforcementForWebhooks` feature gates, which were locked since `v1.32`. ([kubernetes/kubernetes#134994](https://redirect.github.com/kubernetes/kubernetes/pull/134994), [@​liggitt](https://redirect.github.com/liggitt)) \[SIG API Machinery, Auth, Node and Testing] - Scheduler: Added the `bindingTimeout` argument to the DynamicResources plugin configuration, allowing customization of the wait duration in `PreBind` for device binding conditions. Defaults to 10 minutes when `DRADeviceBindingConditions` and `DRAResourceClaimDeviceStatus` are both enabled. ([kubernetes/kubernetes#134905](https://redirect.github.com/kubernetes/kubernetes/pull/134905), [@​fj-naji](https://redirect.github.com/fj-naji)) \[SIG Node and Scheduling] - The DRA device taints and toleration feature received a separate feature gate, `DRADeviceTaintRules`, which controlled support for `DeviceTaintRules`. This allowed disabling it while keeping `DRADeviceTaints` enabled so that tainting via `ResourceSlices` continued to work. ([kubernetes/kubernetes#135068](https://redirect.github.com/kubernetes/kubernetes/pull/135068), [@​pohly](https://redirect.github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Scheduling and Testing] - The Pod Certificates feature moved to beta. The `PodCertificateRequest` feature gate is set disabled by default. To use the feature, users must enable the certificates API groups in `v1beta1` and enable the `PodCertificateRequest` feature gate. The `UserAnnotations` field was added to the `PodCertificateProjection` API and the corresponding `UnverifiedUserAnnotations` field was added to the `PodCertificateRequest` API. ([kubernetes/kubernetes#134624](https://redirect.github.com/kubernetes/kubernetes/pull/134624), [@​yt2985](https://redirect.github.com/yt2985)) \[SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node and Testing] - The `KubeletEnsureSecretPulledImages` feature was promoted to Beta and enabled by default. ([kubernetes/kubernetes#135228](https://redirect.github.com/kubernetes/kubernetes/pull/135228), [@​aramase](https://redirect.github.com/aramase)) \[SIG Auth, Node and Testing] - The `PreferSameZone` and `PreferSameNode` values for the Service `trafficDistribution` field graduated to general availability. The `PreferClose` value is now deprecated in favor of the more explicit `PreferSameZone`. ([kubernetes/kubernetes#134457](https://redirect.github.com/kubernetes/kubernetes/pull/134457), [@​danwinship](https://redirect.github.com/danwinship)) \[SIG API Machinery, Apps, Network and Testing] - Updated `ResourceQuota` to count device class requests within a `ResourceClaim` as two additional quotas when the `DRAExtendedResource` feature is enabled: - `requests.deviceclass.resource.k8s.io/<deviceclass>` is charged based on the worst-case number of devices requested. - Device classes mapping to an extended resource now consume `requests.<extended resource name>`. ([kubernetes/kubernetes#134210](https://redirect.github.com/kubernetes/kubernetes/pull/134210), [@​yliaog](https://redirect.github.com/yliaog)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Updated storage version for `MutatingAdmissionPolicy` to `v1beta1`. ([kubernetes/kubernetes#133715](https://redirect.github.com/kubernetes/kubernetes/pull/133715), [@​cici37](https://redirect.github.com/cici37)) \[SIG API Machinery, Etcd and Testing] - Updated the Partitionable Devices feature to support referencing counter sets across ResourceSlices within the same resource pool. Devices from incomplete pools were no longer considered for allocation. This change introduced backwards-incompatible updates to the alpha feature, requiring any ResourceSlices using it to be removed before upgrading or downgrading between v1.34 and v1.35. ([kubernetes/kubernetes#134189](https://redirect.github.com/kubernetes/kubernetes/pull/134189), [@​mortent](https://redirect.github.com/mortent)) \[SIG API Machinery, Node, Scheduling and Testing] - Upgraded the `PodObservedGenerationTracking` feature to beta in `v1.34` and removed the alpha version description from the OpenAPI specification. ([kubernetes/kubernetes#133883](https://redirect.github.com/kubernetes/kubernetes/pull/133883), [@​yangjunmyfm192085](https://redirect.github.com/yangjunmyfm192085)) - Add scoring for the prioritized list feature so that the node that can satisfy the best ranked subrequests are chosen. ([kubernetes/kubernetes#134711](https://redirect.github.com/kubernetes/kubernetes/pull/134711), [@​mortent](https://redirect.github.com/mortent)) \[SIG Node, Scheduling and Testing] - Allows restart all containers when the source container exits with a matching restart policy rule. This is an alpha feature behind feature gate RestartAllContainersOnContainerExit. ([kubernetes/kubernetes#134345](https://redirect.github.com/kubernetes/kubernetes/pull/134345), [@​yuanwang04](https://redirect.github.com/yuanwang04)) \[SIG Apps, Node and Testing] - Changed kuberc configuration schema. Two new optional fields added to kuberc configuration, `credPluginPolicy` and `credPluginAllowlist`. This is documented in [KEP-3104](https://redirect.github.com/kubernetes/enhancements/blob/master/keps/sig-cli/3104-introduce-kuberc/README.md#allowlist-design-details) and documentation is added to the website by [kubernetes/website#52877](https://redirect.github.com/kubernetes/website/pull/52877) ([kubernetes/kubernetes#134870](https://redirect.github.com/kubernetes/kubernetes/pull/134870), [@​pmengelbert](https://redirect.github.com/pmengelbert)) \[SIG API Machinery, Architecture, Auth, CLI, Instrumentation and Testing] - Enhanced discovery response to support merged API groups/resources from all peer apiservers when UnknownVersionInteroperabilityProxy feature is enabled ([kubernetes/kubernetes#133648](https://redirect.github.com/kubernetes/kubernetes/pull/133648), [@​richabanker](https://redirect.github.com/richabanker)) \[SIG API Machinery, Auth, Cloud Provider, Node, Scheduling and Testing] - Extend `core/v1 Toleration` to support numeric comparison operators (`Gt`, `Lt`). ([kubernetes/kubernetes#134665](https://redirect.github.com/kubernetes/kubernetes/pull/134665), [@​helayoty](https://redirect.github.com/helayoty)) \[SIG API Machinery, Apps, Node, Scheduling, Testing and Windows] - Features: NominatedNodeNameForExpectation in kube-scheduler and CleaeringNominatedNodeNameAfterBinding in kube-apiserver are now enabled by default. ([kubernetes/kubernetes#135103](https://redirect.github.com/kubernetes/kubernetes/pull/135103), [@​ania-borowiec](https://redirect.github.com/ania-borowiec)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Implement changes to prevent pod scheduling to a node without CSI driver ([kubernetes/kubernetes#135012](https://redirect.github.com/kubernetes/kubernetes/pull/135012), [@​gnufied](https://redirect.github.com/gnufied)) \[SIG API Machinery, Scheduling, Storage and Testing] - Introduce scheduling.k8s.io/v1alpha1 Workload API to allow for expressing workload-level scheduling requirements and let kube-scheduler act on those. ([kubernetes/kubernetes#134564](https://redirect.github.com/kubernetes/kubernetes/pull/134564), [@​macsko](https://redirect.github.com/macsko)) \[SIG API Machinery, Apps, CLI, Etcd, Scheduling and Testing] - Introduce the alpha MutableSchedulingDirectivesForSuspendedJobs feature gate (disabled by default) which: 1. allows to mutate Job's scheduling directives for suspended Jobs 2. makes the Job controller to clear the status.startTime field for suspended Jobs ([kubernetes/kubernetes#135104](https://redirect.github.com/kubernetes/kubernetes/pull/135104), [@​mimowo](https://redirect.github.com/mimowo)) \[SIG Apps and Testing] - Introduced GangScheduling kube-scheduler plugin to enable "all-or-nothing" scheduling. Workload API in scheduling.k8s.io/v1alpha1 is used to express the desired policy. ([kubernetes/kubernetes#134722](https://redirect.github.com/kubernetes/kubernetes/pull/134722), [@​macsko](https://redirect.github.com/macsko)) \[SIG API Machinery, Apps, Auth, CLI, Etcd, Scheduling and Testing] - PV node affinity is now mutable. ([kubernetes/kubernetes#134339](https://redirect.github.com/kubernetes/kubernetes/pull/134339), [@​huww98](https://redirect.github.com/huww98)) \[SIG API Machinery, Apps and Node] - ResourceQuota now counts device class requests within a ResourceClaim object as consuming two additional quotas when the DRAExtendedResource feature is enabled: - `requests.deviceclass.resource.k8s.io/<deviceclass>` with a quantity equal to the worst case count of devices requested - requests for device classes that map to an extended resource consume `requests.<extended resource name>` ([kubernetes/kubernetes#134210](https://redirect.github.com/kubernetes/kubernetes/pull/134210), [@​yliaog](https://redirect.github.com/yliaog)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - The DRA device taints and toleration feature now has a separate feature gate, DRADeviceTaintRules, which controls whether support for DeviceTaintRules is enabled. It is possible to disable that and keep DRADeviceTaints enabled, in which case tainting by DRA drivers through ResourceSlices continues to work. ([kubernetes/kubernetes#135068](https://redirect.github.com/kubernetes/kubernetes/pull/135068), [@​pohly](https://redirect.github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Scheduling and Testing] - The ImagePullIntent and ImagePulledRecord objects used by kubelet to store information about image pulls have been moved to the v1beta1 API version. ([kubernetes/kubernetes#132579](https://redirect.github.com/kubernetes/kubernetes/pull/132579), [@​stlaz](https://redirect.github.com/stlaz)) \[SIG Auth and Node] - The KubeletEnsureSecretPulledImages feature is now beta and enabled by default. ([kubernetes/kubernetes#135228](https://redirect.github.com/kubernetes/kubernetes/pull/135228), [@​aramase](https://redirect.github.com/aramase)) \[SIG Auth, Node and Testing] - This change adds a new alpha feature Node Declared Features, which includes: - A new `Node.Status.DeclaredFeatures` field for Kubelet to publish node-specific features. - A library in `component-helpers` for feature registration and inference. - A scheduler plugin (`NodeDeclaredFeatures`) scheduler plugin to match pods with nodes that provide their required features. - An admission plugin (`NodeDeclaredFeatureValidator`) to validate pod updates against a node's declared features. ([kubernetes/kubernetes#133389](https://redirect.github.com/kubernetes/kubernetes/pull/133389), [@​pravk03](https://redirect.github.com/pravk03)) \[SIG API Machinery, Apps, Node, Release, Scheduling and Testing] - This change allows In Place Resize of Pod Level Resources - Add Resources in PodStatus to capture resources set at pod-level cgroup - Add AllocatedResources in PodStatus to capture resources requested in the PodSpec ([kubernetes/kubernetes#132919](https://redirect.github.com/kubernetes/kubernetes/pull/132919), [@​ndixita](https://redirect.github.com/ndixita)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Instrumentation, Node, Scheduling and Testing] - Updates to the Partitionable Devices feature which allows for referencing counter sets across different ResourceSlices within the same resource pool. Devices from incomplete pools are no longer considered for allocation. This contains backwards incompatible changes to the Partitionable Devices alpha feature, so any ResourceSlices that uses the feature should be removed prior to upgrading or downgrading between 1.34 and 1.35. ([kubernetes/kubernetes#134189](https://redirect.github.com/kubernetes/kubernetes/pull/134189), [@​mortent](https://redirect.github.com/mortent)) \[SIG API Machinery, Node, Scheduling and Testing] - Add ObservedGeneration to CustomResourceDefinition Conditions. ([kubernetes/kubernetes#134984](https://redirect.github.com/kubernetes/kubernetes/pull/134984), [@​michaelasp](https://redirect.github.com/michaelasp)) \[SIG API Machinery] - Add StorageVersionMigration v1beta1 api and remove the v1alpha API. Any use of the v1alpha1 api is no longer supported and users must remove any v1alpha1 resources prior to upgrade. ([kubernetes/kubernetes#134784](https://redirect.github.com/kubernetes/kubernetes/pull/134784), [@​michaelasp](https://redirect.github.com/michaelasp)) \[SIG API Machinery, Apps, Auth, Etcd and Testing] - CSI drivers can now opt-in to receive service account tokens via the secrets field instead of volume context by setting `spec.serviceAccountTokenInSecrets: true` in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the `CSIServiceAccountTokenSecrets` feature gate (Beta in v1.35). ([kubernetes/kubernetes#134826](https://redirect.github.com/kubernetes/kubernetes/pull/134826), [@​aramase](https://redirect.github.com/aramase)) \[SIG API Machinery, Auth, Storage and Testing] - DRA device taints: DeviceTaintRule status provided information about the rule, in particular whether pods still need to be evicted ("EvictionInProgress" condition). The new "None" effect can be used to preview what a DeviceTaintRule would do if it used the "NoExecute" effect and to taint devices ("device health") without immediately affecting scheduling or running pods. ([kubernetes/kubernetes#134152](https://redirect.github.com/kubernetes/kubernetes/pull/134152), [@​pohly](https://redirect.github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Release, Scheduling and Testing] - DRA: the DynamicResourceAllocation feature gate for the core functionality (GA in 1.34) is now locked to enabled-by-default and thus cannot be disabled anymore. ([kubernetes/kubernetes#134452](https://redirect.github.com/kubernetes/kubernetes/pull/134452), [@​pohly](https://redirect.github.com/pohly)) \[SIG Auth, Node, Scheduling and Testing] - Forbid adding resources other than CPU & memory on pod resize. ([kubernetes/kubernetes#135084](https://redirect.github.com/kubernetes/kubernetes/pull/135084), [@​tallclair](https://redirect.github.com/tallclair)) \[SIG Apps, Node and Testing] - Implement constrained impersonation as described in <https://kep.k8s.io/5284> ([kubernetes/kubernetes#134803](https://redirect.github.com/kubernetes/kubernetes/pull/134803), [@​enj](https://redirect.github.com/enj)) \[SIG API Machinery, Auth and Testing] - Introduces a structured and versioned v1alpha1 response for flagz ([kubernetes/kubernetes#134995](https://redirect.github.com/kubernetes/kubernetes/pull/134995), [@​yongruilin](https://redirect.github.com/yongruilin)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduces a structured and versioned v1alpha1 response for statusz ([kubernetes/kubernetes#134313](https://redirect.github.com/kubernetes/kubernetes/pull/134313), [@​richabanker](https://redirect.github.com/richabanker)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - New `--min-compatibility-version` flag for apiserver, kcm and kube scheduler ([kubernetes/kubernetes#133980](https://redirect.github.com/kubernetes/kubernetes/pull/133980), [@​siyuanfoundation](https://redirect.github.com/siyuanfoundation)) \[SIG API Machinery, Architecture, Cluster Lifecycle, Etcd, Scheduling and Testing] - Promote PodObservedGenerationTracking to GA. ([kubernetes/kubernetes#134948](https://redirect.github.com/kubernetes/kubernetes/pull/134948), [@​natasha41575](https://redirect.github.com/natasha41575)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Promoted Job Managed By to general availability. The `JobManagedBy` feature gate is now locked to true, and will be removed in a future release of Kubernetes. ([kubernetes/kubernetes#135080](https://redirect.github.com/kubernetes/kubernetes/pull/135080), [@​dejanzele](https://redirect.github.com/dejanzele)) \[SIG API Machinery, Apps and Testing] - Promoted ReplicaSet and Deployment `.status.terminatingReplicas` tracking to beta. The `DeploymentReplicaSetTerminatingReplicas` feature gate is now enabled by default. ([kubernetes/kubernetes#133087](https://redirect.github.com/kubernetes/kubernetes/pull/133087), [@​atiratree](https://redirect.github.com/atiratree)) \[SIG API Machinery, Apps and Testing] - Scheduler: added a new `bindingTimeout` argument to the DynamicResources plugin configuration. This allows customizing the wait duration in PreBind for device binding conditions. Defaults to 10 minutes when DRADeviceBindingConditions and DRAResourceClaimDeviceStatus are both enabled. ([kubernetes/kubernetes#134905](https://redirect.github.com/kubernetes/kubernetes/pull/134905), [@​fj-naji](https://redirect.github.com/fj-naji)) \[SIG Node and Scheduling] - The Pod Certificates feature is moving to beta. The PodCertificateRequest feature gate is still set false by default. To use the feature, users will need to enable the certificates API groups in v1beta1 and enable the feature gate PodCertificateRequest. A new field UserAnnotations is added to the PodCertificateProjection API and the corresponding UnverifiedUserAnnotations is added to the PodCertificateRequest API. ([kubernetes/kubernetes#134624](https://redirect.github.com/kubernetes/kubernetes/pull/134624), [@​yt2985](https://redirect.github.com/yt2985)) \[SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node and Testing] - The StrictCostEnforcementForVAP and StrictCostEnforcementForWebhooks feature gates, locked on since 1.32, have been removed ([kubernetes/kubernetes#134994](https://redirect.github.com/kubernetes/kubernetes/pull/134994), [@​liggitt](https://redirect.github.com/liggitt)) \[SIG API Machinery, Auth, Node and Testing] - The `PreferSameZone` and `PreferSameNode` values for Service's `trafficDistribution` field are now GA. The old value `PreferClose` is now deprecated in favor of the more-explicit `PreferSameZone`. ([kubernetes/kubernetes#134457](https://redirect.github.com/kubernetes/kubernetes/pull/134457), [@​danwinship](https://redirect.github.com/danwinship)) \[SIG API Machinery, Apps, Network and Testing] - Kube-apiserver: fix a possible panic validating a custom resource whose CustomResourceDefinition indicates a status subresource exists, but which does not define a `status` property in the `openAPIV3Schema` ([kubernetes/kubernetes#133721](https://redirect.github.com/kubernetes/kubernetes/pull/133721), [@​fusida](https://redirect.github.com/fusida)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] - Kubernetes API Go types removed runtime use of the github.com/gogo/protobuf library, and are no longer registered into the global gogo type registry. Kubernetes API Go types were not suitable for use with the google.golang.org/protobuf library, and no longer implement `ProtoMessage()` by default to avoid accidental incompatible use. If removal of these marker methods impacts your use, it can be re-enabled for one more release with a `kubernetes_protomessage_one_more_release` build tag, but will be removed in 1.36. ([kubernetes/kubernetes#134256](https://redirect.github.com/kubernetes/kubernetes/pull/134256), [@​liggitt](https://redirect.github.com/liggitt)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage] - Promoted HPA configurable tolerance to beta. The `HPAConfigurableTolerance` feature gate is now enabled by default. ([kubernetes/kubernetes#133128](https://redirect.github.com/kubernetes/kubernetes/pull/133128), [@​jm-franc](https://redirect.github.com/jm-franc)) \[SIG API Machinery and Autoscaling] - The MaxUnavailableStatefulSet feature is now beta and enabled by default. ([kubernetes/kubernetes#133153](https://redirect.github.com/kubernetes/kubernetes/pull/133153), [@​helayoty](https://redirect.github.com/helayoty)) \[SIG API Machinery and Apps] - Added WithOrigin within apis/core/validation with adjusted tests ([kubernetes/kubernetes#132825](https://redirect.github.com/kubernetes/kubernetes/pull/132825), [@​PatrickLaabs](https://redirect.github.com/PatrickLaabs)) \[SIG Apps] - Component-base: validate that log-flush-frequency is positive and return an error instead of panic-ing ([kubernetes/kubernetes#133540](https://redirect.github.com/kubernetes/kubernetes/pull/133540), [@​BenTheElder](https://redirect.github.com/BenTheElder)) \[SIG Architecture, Instrumentation, Network and Node] - Feature gate dependencies are now explicit, and validated at startup. A feature can no longer be enabled if it depends on a disabled feature. In particular, this means that `AllAlpha=true` will no longer work without enabling disabled-by-default beta features that are depended on (either with `AllBeta=true` or explicitly enumerating the disabled dependencies). ([kubernetes/kubernetes#133697](https://redirect.github.com/kubernetes/kubernetes/pull/133697), [@​tallclair](https://redirect.github.com/tallclair)) \[SIG API Machinery, Architecture, Cluster Lifecycle and Node] - In version 1.34, the PodObservedGenerationTracking feature has been upgraded to beta, and the description of the alpha version in the openapi has been removed. ([kubernetes/kubernetes#133883](https://redirect.github.com/kubernetes/kubernetes/pull/133883), [@​yangjunmyfm192085](https://redirect.github.com/yangjunmyfm192085)) \[SIG Apps] - Introduce a new declarative validation tag +k8s:customUnique to control listmap uniqueness ([kubernetes/kubernetes#134279](https://redirect.github.com/kubernetes/kubernetes/pull/134279), [@​yongruilin](https://redirect.github.com/yongruilin)) \[SIG API Machinery and Auth] - Kube-apiserver: Fixed a 1.34 regression in CustomResourceDefinition handling that incorrectly warned about unrecognized formats on number and integer properties ([kubernetes/kubernetes#133896](https://redirect.github.com/kubernetes/kubernetes/pull/133896), [@​yongruilin](https://redirect.github.com/yongruilin)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Contributor Experience, Network, Node and Scheduling] - OpenAPI model packages of API types are generated into `zz_generated.model_name.go` files and are accessible using the `OpenAPIModelName()` function. This allows API authors to declare the desired OpenAPI model packages instead of using the go package path of API types. ([kubernetes/kubernetes#131755](https://redirect.github.com/kubernetes/kubernetes/pull/131755), [@​jpbetz](https://redirect.github.com/jpbetz)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Support for `kubectl get -o kyaml` is now on by default. To disable it, set `KUBECTL_KYAML=false`. ([kubernetes/kubernetes#133327](https://redirect.github.com/kubernetes/kubernetes/pull/133327), [@​thockin](https://redirect.github.com/thockin)) \[SIG CLI] - The storage version for MutatingAdmissionPolicy is updated to v1beta1. ([kubernetes/kubernetes#133715](https://redirect.github.com/kubernetes/kubernetes/pull/133715), [@​cici37](https://redirect.github.com/cici37)) \[SIG API Machinery, Etcd and Testing] </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 8am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/otel-arrow). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate Bot
added a commit
to sdwilsh/ansible-playbooks
that referenced
this pull request
Jan 20, 2026
##### [\`35.0.0\`](https://github.com/kubernetes-client/python/blob/HEAD/CHANGELOG.md#v3500snapshot) Kubernetes API Version: v1.35.0 ##### API Change - Added `ObservedGeneration` to CustomResourceDefinition conditions. ([kubernetes/kubernetes#134984](kubernetes/kubernetes#134984), [@michaelasp](https://github.com/michaelasp)) - Added `WithOrigin` within `apis/core/validation` with adjusted tests. ([kubernetes/kubernetes#132825](kubernetes/kubernetes#132825), [@PatrickLaabs](https://github.com/PatrickLaabs)) - Added scoring for the prioritized list feature so nodes that best satisfy the highest-ranked subrequests were chosen. ([kubernetes/kubernetes#134711](kubernetes/kubernetes#134711), [@mortent](https://github.com/mortent)) \[SIG Node, Scheduling and Testing] - Added the `--min-compatibility-version` flag to `kube-apiserver`, `kube-controller-manager`, and `kube-scheduler`. ([kubernetes/kubernetes#133980](kubernetes/kubernetes#133980), [@siyuanfoundation](https://github.com/siyuanfoundation)) \[SIG API Machinery, Architecture, Cluster Lifecycle, Etcd, Scheduling and Testing] - Added the `StorageVersionMigration` `v1beta1` API and removed the `v1alpha1` API. ACTION REQUIRED: The `v1alpha1` API is no longer supported. Users must remove any `v1alpha1` resources before upgrading. ([kubernetes/kubernetes#134784](kubernetes/kubernetes#134784), [@michaelasp](https://github.com/michaelasp)) \[SIG API Machinery, Apps, Auth, Etcd and Testing] - Added validation to ensure `log-flush-frequency` is a positive value, returning an error instead of causing a panic. ([kubernetes/kubernetes#133540](kubernetes/kubernetes#133540), [@BenTheElder](https://github.com/BenTheElder)) \[SIG Architecture, Instrumentation, Network and Node] - All containers are restarted when a source container in a restart policy rule exits. This alpha feature is gated behind `RestartAllContainersOnContainerExit`. ([kubernetes/kubernetes#134345](kubernetes/kubernetes#134345), [@yuanwang04](https://github.com/yuanwang04)) \[SIG Apps, Node and Testing] - CSI drivers can now opt in to receive service account tokens via the secrets field instead of volume context by setting `spec.serviceAccountTokenInSecrets: true` in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the `CSIServiceAccountTokenSecrets` feature gate (beta in `v1.35`). ([kubernetes/kubernetes#134826](kubernetes/kubernetes#134826), [@aramase](https://github.com/aramase)) \[SIG API Machinery, Auth, Storage and Testing] - Changed kuberc configuration schema. Two new optional fields added to kuberc configuration, `credPluginPolicy` and `credPluginAllowlist`. This is documented in [KEP-3104](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cli/3104-introduce-kuberc/README.md#allowlist-design-details) and documentation is added to the website by [kubernetes/website#52877](kubernetes/website#52877) ([kubernetes/kubernetes#134870](kubernetes/kubernetes#134870), [@pmengelbert](https://github.com/pmengelbert)) \[SIG API Machinery, Architecture, Auth, CLI, Instrumentation and Testing] - DRA device taints: `DeviceTaintRule` status provides information about the rule, including whether Pods still need to be evicted (`EvictionInProgress` condition). The newly added `None` effect can be used to preview what a `DeviceTaintRule` would do if it used the `NoExecute` effect and to taint devices (`device health`) without immediately affecting scheduling or running Pods. ([kubernetes/kubernetes#134152](kubernetes/kubernetes#134152), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Release, Scheduling and Testing] - DRA: The `DynamicResourceAllocation` feature gate for the core functionality (GA in `v1.34`) has now been locked to enabled-by-default and cannot be disabled anymore. ([kubernetes/kubernetes#134452](kubernetes/kubernetes#134452), [@pohly](https://github.com/pohly)) \[SIG Auth, Node, Scheduling and Testing] - Enabled `kubectl get -o kyaml` by default. To disable it, set `KUBECTL_KYAML=false`. ([kubernetes/kubernetes#133327](kubernetes/kubernetes#133327), [@thockin](https://github.com/thockin)) - Enabled in-place resizing of pod-level resources. - Added `Resources` in `PodStatus` to capture resources set in the pod-level cgroup. - Added `AllocatedResources` in `PodStatus` to capture resources requested in the `PodSpec`. ([kubernetes/kubernetes#132919](kubernetes/kubernetes#132919), [@ndixita](https://github.com/ndixita)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Instrumentation, Node, Scheduling and Testing] - Enabled the `NominatedNodeNameForExpectation` feature in kube-scheduler by default. - Enabled the `ClearingNominatedNodeNameAfterBinding` feature in kube-apiserver by default. ([kubernetes/kubernetes#135103](kubernetes/kubernetes#135103), [@ania-borowiec](https://github.com/ania-borowiec)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Enhanced discovery responses to merge API groups and resources from all peer apiservers when the `UnknownVersionInteroperabilityProxy` feature is enabled. ([kubernetes/kubernetes#133648](kubernetes/kubernetes#133648), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Auth, Cloud Provider, Node, Scheduling and Testing] - Extended `core/v1` `Toleration` to support numeric comparison operators (`Gt`,`Lt`). ([kubernetes/kubernetes#134665](kubernetes/kubernetes#134665), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery, Apps, Node, Scheduling, Testing and Windows] - Feature gate dependencies are now explicit, and validated at startup. A feature can no longer be enabled if it depends on a disabled feature. In particular, this means that `AllAlpha=true` will no longer work without enabling disabled-by-default beta features that are depended on (either with `AllBeta=true` or explicitly enumerating the disabled dependencies). ([kubernetes/kubernetes#133697](kubernetes/kubernetes#133697), [@tallclair](https://github.com/tallclair)) \[SIG API Machinery, Architecture, Cluster Lifecycle and Node] - Generated OpenAPI model packages for API types into `zz_generated.model_name.go` files, accessible via the `OpenAPIModelName()` function. This allows API authors to declare desired OpenAPI model packages instead of relying on the Go package path of API types. ([kubernetes/kubernetes#131755](kubernetes/kubernetes#131755), [@jpbetz](https://github.com/jpbetz)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Implemented constrained impersonation as described in [KEP-5284](https://kep.k8s.io/5284). ([kubernetes/kubernetes#134803](kubernetes/kubernetes#134803), [@enj](https://github.com/enj)) \[SIG API Machinery, Auth and Testing] - Introduced a new declarative validation tag `+k8s:customUnique` to control listmap uniqueness. ([kubernetes/kubernetes#134279](kubernetes/kubernetes#134279), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery and Auth] - Introduced a structured and versioned `v1alpha1` response for the `statusz` endpoint. ([kubernetes/kubernetes#134313](kubernetes/kubernetes#134313), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduced a structured and versioned `v1alpha1` response format for the `flagz` endpoint. ([kubernetes/kubernetes#134995](kubernetes/kubernetes#134995), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduced the GangScheduling kube-scheduler plugin to support "all-or-nothing" scheduling using the `scheduling.k8s.io/v1alpha1` Workload API. ([kubernetes/kubernetes#134722](kubernetes/kubernetes#134722), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, Auth, CLI, Etcd, Scheduling and Testing] - Introduced the Node Declared Features capability (alpha), which includes: - A new `Node.Status.DeclaredFeatures` field for publishing node-specific features. - A `component-helpers` library for feature registration and inference. - A `NodeDeclaredFeatures` scheduler plugin to match pods with nodes that provide required features. - A `NodeDeclaredFeatureValidator` admission plugin to validate pod updates against a node's declared features. ([kubernetes/kubernetes#133389](kubernetes/kubernetes#133389), [@pravk03](https://github.com/pravk03)) \[SIG API Machinery, Apps, Node, Release, Scheduling and Testing] - Introduced the `scheduling.k8s.io/v1alpha1` Workload API to express workload-level scheduling requirements and allow the kube-scheduler to act on them. ([kubernetes/kubernetes#134564](kubernetes/kubernetes#134564), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, CLI, Etcd, Scheduling and Testing] - Introduced the alpha `MutableSchedulingDirectivesForSuspendedJobs` feature gate (disabled by default), which allows mutating a Job's scheduling directives while the Job is suspended. It also updates the Job controller to clears the `status.startTime` field for suspended Jobs. ([kubernetes/kubernetes#135104](kubernetes/kubernetes#135104), [@mimowo](https://github.com/mimowo)) \[SIG Apps and Testing] - Kube-apiserver: Fixed a `v1.34` regression in `CustomResourceDefinition` handling that incorrectly warned about unrecognized formats on number and integer properties. ([kubernetes/kubernetes#133896](kubernetes/kubernetes#133896), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Contributor Experience, Network, Node and Scheduling] - Kube-apiserver: Fixed a possible panic validating a custom resource whose `CustomResourceDefinition` indicates a status subresource exists, but which does not define a `status` property in the `openAPIV3Schema`. ([kubernetes/kubernetes#133721](kubernetes/kubernetes#133721), [@fusida](https://github.com/fusida)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] - Kubernetes API Go types removed runtime use of the `github.com/gogo/protobuf` library, and are no longer registered into the global gogo type registry. Kubernetes API Go types were not suitable for use with the `google.golang.org/protobuf` library, and no longer implement `ProtoMessage()` by default to avoid accidental incompatible use. If removal of these marker methods impacts your use, it can be re-enabled for one more release with a `kubernetes_protomessage_one_more_release` build tag, but will be removed in `v1.36`. ([kubernetes/kubernetes#134256](kubernetes/kubernetes#134256), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage] - Made node affinity in Persistent Volume mutable. ([kubernetes/kubernetes#134339](kubernetes/kubernetes#134339), [@huww98](https://github.com/huww98)) \[SIG API Machinery, Apps and Node] - Moved the `ImagePullIntent` and `ImagePulledRecord` objects used by the kubelet to track image pulls to the `v1beta1` API version. ([kubernetes/kubernetes#132579](kubernetes/kubernetes#132579), [@stlaz](https://github.com/stlaz)) \[SIG Auth and Node] - Pod resize now only allows CPU and memory resources; other resource types are forbidden. ([kubernetes/kubernetes#135084](kubernetes/kubernetes#135084), [@tallclair](https://github.com/tallclair)) \[SIG Apps, Node and Testing] - Prevented Pods from being scheduled onto nodes that lack the required CSI driver. ([kubernetes/kubernetes#135012](kubernetes/kubernetes#135012), [@gnufied](https://github.com/gnufied)) \[SIG API Machinery, Scheduling, Storage and Testing] - Promoted HPA configurable tolerance to beta. The `HPAConfigurableTolerance` feature gate has now been enabled by default. ([kubernetes/kubernetes#133128](kubernetes/kubernetes#133128), [@jm-franc](https://github.com/jm-franc)) \[SIG API Machinery and Autoscaling] - Promoted ReplicaSet and Deployment `.status.terminatingReplicas` tracking to beta. The `DeploymentReplicaSetTerminatingReplicas` feature gate is now enabled by default. ([kubernetes/kubernetes#133087](kubernetes/kubernetes#133087), [@atiratree](https://github.com/atiratree)) \[SIG API Machinery, Apps and Testing] - Promoted `PodObservedGenerationTracking` to GA. ([kubernetes/kubernetes#134948](kubernetes/kubernetes#134948), [@natasha41575](https://github.com/natasha41575)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Promoted the `JobManagedBy` feature to general availability. The `JobManagedBy` feature gate was locked to `true` and will be removed in a future Kubernetes release. ([kubernetes/kubernetes#135080](kubernetes/kubernetes#135080), [@dejanzele](https://github.com/dejanzele)) \[SIG API Machinery, Apps and Testing] - Promoted the `MaxUnavailableStatefulSet` feature to beta and enabling it by default. ([kubernetes/kubernetes#133153](kubernetes/kubernetes#133153), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery and Apps] - Removed the `StrictCostEnforcementForVAP` and `StrictCostEnforcementForWebhooks` feature gates, which were locked since `v1.32`. ([kubernetes/kubernetes#134994](kubernetes/kubernetes#134994), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Auth, Node and Testing] - Scheduler: Added the `bindingTimeout` argument to the DynamicResources plugin configuration, allowing customization of the wait duration in `PreBind` for device binding conditions. Defaults to 10 minutes when `DRADeviceBindingConditions` and `DRAResourceClaimDeviceStatus` are both enabled. ([kubernetes/kubernetes#134905](kubernetes/kubernetes#134905), [@fj-naji](https://github.com/fj-naji)) \[SIG Node and Scheduling] - The DRA device taints and toleration feature received a separate feature gate, `DRADeviceTaintRules`, which controlled support for `DeviceTaintRules`. This allowed disabling it while keeping `DRADeviceTaints` enabled so that tainting via `ResourceSlices` continued to work. ([kubernetes/kubernetes#135068](kubernetes/kubernetes#135068), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Scheduling and Testing] - The Pod Certificates feature moved to beta. The `PodCertificateRequest` feature gate is set disabled by default. To use the feature, users must enable the certificates API groups in `v1beta1` and enable the `PodCertificateRequest` feature gate. The `UserAnnotations` field was added to the `PodCertificateProjection` API and the corresponding `UnverifiedUserAnnotations` field was added to the `PodCertificateRequest` API. ([kubernetes/kubernetes#134624](kubernetes/kubernetes#134624), [@yt2985](https://github.com/yt2985)) \[SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node and Testing] - The `KubeletEnsureSecretPulledImages` feature was promoted to Beta and enabled by default. ([kubernetes/kubernetes#135228](kubernetes/kubernetes#135228), [@aramase](https://github.com/aramase)) \[SIG Auth, Node and Testing] - The `PreferSameZone` and `PreferSameNode` values for the Service `trafficDistribution` field graduated to general availability. The `PreferClose` value is now deprecated in favor of the more explicit `PreferSameZone`. ([kubernetes/kubernetes#134457](kubernetes/kubernetes#134457), [@danwinship](https://github.com/danwinship)) \[SIG API Machinery, Apps, Network and Testing] - Updated `ResourceQuota` to count device class requests within a `ResourceClaim` as two additional quotas when the `DRAExtendedResource` feature is enabled: - `requests.deviceclass.resource.k8s.io/<deviceclass>` is charged based on the worst-case number of devices requested. - Device classes mapping to an extended resource now consume `requests.<extended resource name>`. ([kubernetes/kubernetes#134210](kubernetes/kubernetes#134210), [@yliaog](https://github.com/yliaog)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Updated storage version for `MutatingAdmissionPolicy` to `v1beta1`. ([kubernetes/kubernetes#133715](kubernetes/kubernetes#133715), [@cici37](https://github.com/cici37)) \[SIG API Machinery, Etcd and Testing] - Updated the Partitionable Devices feature to support referencing counter sets across ResourceSlices within the same resource pool. Devices from incomplete pools were no longer considered for allocation. This change introduced backwards-incompatible updates to the alpha feature, requiring any ResourceSlices using it to be removed before upgrading or downgrading between v1.34 and v1.35. ([kubernetes/kubernetes#134189](kubernetes/kubernetes#134189), [@mortent](https://github.com/mortent)) \[SIG API Machinery, Node, Scheduling and Testing] - Upgraded the `PodObservedGenerationTracking` feature to beta in `v1.34` and removed the alpha version description from the OpenAPI specification. ([kubernetes/kubernetes#133883](kubernetes/kubernetes#133883), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) - Add scoring for the prioritized list feature so that the node that can satisfy the best ranked subrequests are chosen. ([kubernetes/kubernetes#134711](kubernetes/kubernetes#134711), [@mortent](https://github.com/mortent)) \[SIG Node, Scheduling and Testing] - Allows restart all containers when the source container exits with a matching restart policy rule. This is an alpha feature behind feature gate RestartAllContainersOnContainerExit. ([kubernetes/kubernetes#134345](kubernetes/kubernetes#134345), [@yuanwang04](https://github.com/yuanwang04)) \[SIG Apps, Node and Testing] - Changed kuberc configuration schema. Two new optional fields added to kuberc configuration, `credPluginPolicy` and `credPluginAllowlist`. This is documented in [KEP-3104](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cli/3104-introduce-kuberc/README.md#allowlist-design-details) and documentation is added to the website by [kubernetes/website#52877](kubernetes/website#52877) ([kubernetes/kubernetes#134870](kubernetes/kubernetes#134870), [@pmengelbert](https://github.com/pmengelbert)) \[SIG API Machinery, Architecture, Auth, CLI, Instrumentation and Testing] - Enhanced discovery response to support merged API groups/resources from all peer apiservers when UnknownVersionInteroperabilityProxy feature is enabled ([kubernetes/kubernetes#133648](kubernetes/kubernetes#133648), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Auth, Cloud Provider, Node, Scheduling and Testing] - Extend `core/v1 Toleration` to support numeric comparison operators (`Gt`, `Lt`). ([kubernetes/kubernetes#134665](kubernetes/kubernetes#134665), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery, Apps, Node, Scheduling, Testing and Windows] - Features: NominatedNodeNameForExpectation in kube-scheduler and CleaeringNominatedNodeNameAfterBinding in kube-apiserver are now enabled by default. ([kubernetes/kubernetes#135103](kubernetes/kubernetes#135103), [@ania-borowiec](https://github.com/ania-borowiec)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Implement changes to prevent pod scheduling to a node without CSI driver ([kubernetes/kubernetes#135012](kubernetes/kubernetes#135012), [@gnufied](https://github.com/gnufied)) \[SIG API Machinery, Scheduling, Storage and Testing] - Introduce scheduling.k8s.io/v1alpha1 Workload API to allow for expressing workload-level scheduling requirements and let kube-scheduler act on those. ([kubernetes/kubernetes#134564](kubernetes/kubernetes#134564), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, CLI, Etcd, Scheduling and Testing] - Introduce the alpha MutableSchedulingDirectivesForSuspendedJobs feature gate (disabled by default) which: 1. allows to mutate Job's scheduling directives for suspended Jobs 2. makes the Job controller to clear the status.startTime field for suspended Jobs ([kubernetes/kubernetes#135104](kubernetes/kubernetes#135104), [@mimowo](https://github.com/mimowo)) \[SIG Apps and Testing] - Introduced GangScheduling kube-scheduler plugin to enable "all-or-nothing" scheduling. Workload API in scheduling.k8s.io/v1alpha1 is used to express the desired policy. ([kubernetes/kubernetes#134722](kubernetes/kubernetes#134722), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, Auth, CLI, Etcd, Scheduling and Testing] - PV node affinity is now mutable. ([kubernetes/kubernetes#134339](kubernetes/kubernetes#134339), [@huww98](https://github.com/huww98)) \[SIG API Machinery, Apps and Node] - ResourceQuota now counts device class requests within a ResourceClaim object as consuming two additional quotas when the DRAExtendedResource feature is enabled: - `requests.deviceclass.resource.k8s.io/<deviceclass>` with a quantity equal to the worst case count of devices requested - requests for device classes that map to an extended resource consume `requests.<extended resource name>` ([kubernetes/kubernetes#134210](kubernetes/kubernetes#134210), [@yliaog](https://github.com/yliaog)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - The DRA device taints and toleration feature now has a separate feature gate, DRADeviceTaintRules, which controls whether support for DeviceTaintRules is enabled. It is possible to disable that and keep DRADeviceTaints enabled, in which case tainting by DRA drivers through ResourceSlices continues to work. ([kubernetes/kubernetes#135068](kubernetes/kubernetes#135068), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Scheduling and Testing] - The ImagePullIntent and ImagePulledRecord objects used by kubelet to store information about image pulls have been moved to the v1beta1 API version. ([kubernetes/kubernetes#132579](kubernetes/kubernetes#132579), [@stlaz](https://github.com/stlaz)) \[SIG Auth and Node] - The KubeletEnsureSecretPulledImages feature is now beta and enabled by default. ([kubernetes/kubernetes#135228](kubernetes/kubernetes#135228), [@aramase](https://github.com/aramase)) \[SIG Auth, Node and Testing] - This change adds a new alpha feature Node Declared Features, which includes: - A new `Node.Status.DeclaredFeatures` field for Kubelet to publish node-specific features. - A library in `component-helpers` for feature registration and inference. - A scheduler plugin (`NodeDeclaredFeatures`) scheduler plugin to match pods with nodes that provide their required features. - An admission plugin (`NodeDeclaredFeatureValidator`) to validate pod updates against a node's declared features. ([kubernetes/kubernetes#133389](kubernetes/kubernetes#133389), [@pravk03](https://github.com/pravk03)) \[SIG API Machinery, Apps, Node, Release, Scheduling and Testing] - This change allows In Place Resize of Pod Level Resources - Add Resources in PodStatus to capture resources set at pod-level cgroup - Add AllocatedResources in PodStatus to capture resources requested in the PodSpec ([kubernetes/kubernetes#132919](kubernetes/kubernetes#132919), [@ndixita](https://github.com/ndixita)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Instrumentation, Node, Scheduling and Testing] - Updates to the Partitionable Devices feature which allows for referencing counter sets across different ResourceSlices within the same resource pool. Devices from incomplete pools are no longer considered for allocation. This contains backwards incompatible changes to the Partitionable Devices alpha feature, so any ResourceSlices that uses the feature should be removed prior to upgrading or downgrading between 1.34 and 1.35. ([kubernetes/kubernetes#134189](kubernetes/kubernetes#134189), [@mortent](https://github.com/mortent)) \[SIG API Machinery, Node, Scheduling and Testing] - Add ObservedGeneration to CustomResourceDefinition Conditions. ([kubernetes/kubernetes#134984](kubernetes/kubernetes#134984), [@michaelasp](https://github.com/michaelasp)) \[SIG API Machinery] - Add StorageVersionMigration v1beta1 api and remove the v1alpha API. Any use of the v1alpha1 api is no longer supported and users must remove any v1alpha1 resources prior to upgrade. ([kubernetes/kubernetes#134784](kubernetes/kubernetes#134784), [@michaelasp](https://github.com/michaelasp)) \[SIG API Machinery, Apps, Auth, Etcd and Testing] - CSI drivers can now opt-in to receive service account tokens via the secrets field instead of volume context by setting `spec.serviceAccountTokenInSecrets: true` in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the `CSIServiceAccountTokenSecrets` feature gate (Beta in v1.35). ([kubernetes/kubernetes#134826](kubernetes/kubernetes#134826), [@aramase](https://github.com/aramase)) \[SIG API Machinery, Auth, Storage and Testing] - DRA device taints: DeviceTaintRule status provided information about the rule, in particular whether pods still need to be evicted ("EvictionInProgress" condition). The new "None" effect can be used to preview what a DeviceTaintRule would do if it used the "NoExecute" effect and to taint devices ("device health") without immediately affecting scheduling or running pods. ([kubernetes/kubernetes#134152](kubernetes/kubernetes#134152), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Release, Scheduling and Testing] - DRA: the DynamicResourceAllocation feature gate for the core functionality (GA in 1.34) is now locked to enabled-by-default and thus cannot be disabled anymore. ([kubernetes/kubernetes#134452](kubernetes/kubernetes#134452), [@pohly](https://github.com/pohly)) \[SIG Auth, Node, Scheduling and Testing] - Forbid adding resources other than CPU & memory on pod resize. ([kubernetes/kubernetes#135084](kubernetes/kubernetes#135084), [@tallclair](https://github.com/tallclair)) \[SIG Apps, Node and Testing] - Implement constrained impersonation as described in <https://kep.k8s.io/5284> ([kubernetes/kubernetes#134803](kubernetes/kubernetes#134803), [@enj](https://github.com/enj)) \[SIG API Machinery, Auth and Testing] - Introduces a structured and versioned v1alpha1 response for flagz ([kubernetes/kubernetes#134995](kubernetes/kubernetes#134995), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduces a structured and versioned v1alpha1 response for statusz ([kubernetes/kubernetes#134313](kubernetes/kubernetes#134313), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - New `--min-compatibility-version` flag for apiserver, kcm and kube scheduler ([kubernetes/kubernetes#133980](kubernetes/kubernetes#133980), [@siyuanfoundation](https://github.com/siyuanfoundation)) \[SIG API Machinery, Architecture, Cluster Lifecycle, Etcd, Scheduling and Testing] - Promote PodObservedGenerationTracking to GA. ([kubernetes/kubernetes#134948](kubernetes/kubernetes#134948), [@natasha41575](https://github.com/natasha41575)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Promoted Job Managed By to general availability. The `JobManagedBy` feature gate is now locked to true, and will be removed in a future release of Kubernetes. ([kubernetes/kubernetes#135080](kubernetes/kubernetes#135080), [@dejanzele](https://github.com/dejanzele)) \[SIG API Machinery, Apps and Testing] - Promoted ReplicaSet and Deployment `.status.terminatingReplicas` tracking to beta. The `DeploymentReplicaSetTerminatingReplicas` feature gate is now enabled by default. ([kubernetes/kubernetes#133087](kubernetes/kubernetes#133087), [@atiratree](https://github.com/atiratree)) \[SIG API Machinery, Apps and Testing] - Scheduler: added a new `bindingTimeout` argument to the DynamicResources plugin configuration. This allows customizing the wait duration in PreBind for device binding conditions. Defaults to 10 minutes when DRADeviceBindingConditions and DRAResourceClaimDeviceStatus are both enabled. ([kubernetes/kubernetes#134905](kubernetes/kubernetes#134905), [@fj-naji](https://github.com/fj-naji)) \[SIG Node and Scheduling] - The Pod Certificates feature is moving to beta. The PodCertificateRequest feature gate is still set false by default. To use the feature, users will need to enable the certificates API groups in v1beta1 and enable the feature gate PodCertificateRequest. A new field UserAnnotations is added to the PodCertificateProjection API and the corresponding UnverifiedUserAnnotations is added to the PodCertificateRequest API. ([kubernetes/kubernetes#134624](kubernetes/kubernetes#134624), [@yt2985](https://github.com/yt2985)) \[SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node and Testing] - The StrictCostEnforcementForVAP and StrictCostEnforcementForWebhooks feature gates, locked on since 1.32, have been removed ([kubernetes/kubernetes#134994](kubernetes/kubernetes#134994), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Auth, Node and Testing] - The `PreferSameZone` and `PreferSameNode` values for Service's `trafficDistribution` field are now GA. The old value `PreferClose` is now deprecated in favor of the more-explicit `PreferSameZone`. ([kubernetes/kubernetes#134457](kubernetes/kubernetes#134457), [@danwinship](https://github.com/danwinship)) \[SIG API Machinery, Apps, Network and Testing] - Kube-apiserver: fix a possible panic validating a custom resource whose CustomResourceDefinition indicates a status subresource exists, but which does not define a `status` property in the `openAPIV3Schema` ([kubernetes/kubernetes#133721](kubernetes/kubernetes#133721), [@fusida](https://github.com/fusida)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] - Kubernetes API Go types removed runtime use of the github.com/gogo/protobuf library, and are no longer registered into the global gogo type registry. Kubernetes API Go types were not suitable for use with the google.golang.org/protobuf library, and no longer implement `ProtoMessage()` by default to avoid accidental incompatible use. If removal of these marker methods impacts your use, it can be re-enabled for one more release with a `kubernetes_protomessage_one_more_release` build tag, but will be removed in 1.36. ([kubernetes/kubernetes#134256](kubernetes/kubernetes#134256), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage] - Promoted HPA configurable tolerance to beta. The `HPAConfigurableTolerance` feature gate is now enabled by default. ([kubernetes/kubernetes#133128](kubernetes/kubernetes#133128), [@jm-franc](https://github.com/jm-franc)) \[SIG API Machinery and Autoscaling] - The MaxUnavailableStatefulSet feature is now beta and enabled by default. ([kubernetes/kubernetes#133153](kubernetes/kubernetes#133153), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery and Apps] - Added WithOrigin within apis/core/validation with adjusted tests ([kubernetes/kubernetes#132825](kubernetes/kubernetes#132825), [@PatrickLaabs](https://github.com/PatrickLaabs)) \[SIG Apps] - Component-base: validate that log-flush-frequency is positive and return an error instead of panic-ing ([kubernetes/kubernetes#133540](kubernetes/kubernetes#133540), [@BenTheElder](https://github.com/BenTheElder)) \[SIG Architecture, Instrumentation, Network and Node] - Feature gate dependencies are now explicit, and validated at startup. A feature can no longer be enabled if it depends on a disabled feature. In particular, this means that `AllAlpha=true` will no longer work without enabling disabled-by-default beta features that are depended on (either with `AllBeta=true` or explicitly enumerating the disabled dependencies). ([kubernetes/kubernetes#133697](kubernetes/kubernetes#133697), [@tallclair](https://github.com/tallclair)) \[SIG API Machinery, Architecture, Cluster Lifecycle and Node] - In version 1.34, the PodObservedGenerationTracking feature has been upgraded to beta, and the description of the alpha version in the openapi has been removed. ([kubernetes/kubernetes#133883](kubernetes/kubernetes#133883), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) \[SIG Apps] - Introduce a new declarative validation tag +k8s:customUnique to control listmap uniqueness ([kubernetes/kubernetes#134279](kubernetes/kubernetes#134279), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery and Auth] - Kube-apiserver: Fixed a 1.34 regression in CustomResourceDefinition handling that incorrectly warned about unrecognized formats on number and integer properties ([kubernetes/kubernetes#133896](kubernetes/kubernetes#133896), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Contributor Experience, Network, Node and Scheduling] - OpenAPI model packages of API types are generated into `zz_generated.model_name.go` files and are accessible using the `OpenAPIModelName()` function. This allows API authors to declare the desired OpenAPI model packages instead of using the go package path of API types. ([kubernetes/kubernetes#131755](kubernetes/kubernetes#131755), [@jpbetz](https://github.com/jpbetz)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Support for `kubectl get -o kyaml` is now on by default. To disable it, set `KUBECTL_KYAML=false`. ([kubernetes/kubernetes#133327](kubernetes/kubernetes#133327), [@thockin](https://github.com/thockin)) \[SIG CLI] - The storage version for MutatingAdmissionPolicy is updated to v1beta1. ([kubernetes/kubernetes#133715](kubernetes/kubernetes#133715), [@cici37](https://github.com/cici37)) \[SIG API Machinery, Etcd and Testing]
renovate Bot
added a commit
to sdwilsh/ansible-playbooks
that referenced
this pull request
Feb 2, 2026
##### [\`35.0.0\`](https://github.com/kubernetes-client/python/blob/HEAD/CHANGELOG.md#v3500snapshot) Kubernetes API Version: v1.35.0 ##### API Change - Added `ObservedGeneration` to CustomResourceDefinition conditions. ([kubernetes/kubernetes#134984](kubernetes/kubernetes#134984), [@michaelasp](https://github.com/michaelasp)) - Added `WithOrigin` within `apis/core/validation` with adjusted tests. ([kubernetes/kubernetes#132825](kubernetes/kubernetes#132825), [@PatrickLaabs](https://github.com/PatrickLaabs)) - Added scoring for the prioritized list feature so nodes that best satisfy the highest-ranked subrequests were chosen. ([kubernetes/kubernetes#134711](kubernetes/kubernetes#134711), [@mortent](https://github.com/mortent)) \[SIG Node, Scheduling and Testing] - Added the `--min-compatibility-version` flag to `kube-apiserver`, `kube-controller-manager`, and `kube-scheduler`. ([kubernetes/kubernetes#133980](kubernetes/kubernetes#133980), [@siyuanfoundation](https://github.com/siyuanfoundation)) \[SIG API Machinery, Architecture, Cluster Lifecycle, Etcd, Scheduling and Testing] - Added the `StorageVersionMigration` `v1beta1` API and removed the `v1alpha1` API. ACTION REQUIRED: The `v1alpha1` API is no longer supported. Users must remove any `v1alpha1` resources before upgrading. ([kubernetes/kubernetes#134784](kubernetes/kubernetes#134784), [@michaelasp](https://github.com/michaelasp)) \[SIG API Machinery, Apps, Auth, Etcd and Testing] - Added validation to ensure `log-flush-frequency` is a positive value, returning an error instead of causing a panic. ([kubernetes/kubernetes#133540](kubernetes/kubernetes#133540), [@BenTheElder](https://github.com/BenTheElder)) \[SIG Architecture, Instrumentation, Network and Node] - All containers are restarted when a source container in a restart policy rule exits. This alpha feature is gated behind `RestartAllContainersOnContainerExit`. ([kubernetes/kubernetes#134345](kubernetes/kubernetes#134345), [@yuanwang04](https://github.com/yuanwang04)) \[SIG Apps, Node and Testing] - CSI drivers can now opt in to receive service account tokens via the secrets field instead of volume context by setting `spec.serviceAccountTokenInSecrets: true` in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the `CSIServiceAccountTokenSecrets` feature gate (beta in `v1.35`). ([kubernetes/kubernetes#134826](kubernetes/kubernetes#134826), [@aramase](https://github.com/aramase)) \[SIG API Machinery, Auth, Storage and Testing] - Changed kuberc configuration schema. Two new optional fields added to kuberc configuration, `credPluginPolicy` and `credPluginAllowlist`. This is documented in [KEP-3104](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cli/3104-introduce-kuberc/README.md#allowlist-design-details) and documentation is added to the website by [kubernetes/website#52877](kubernetes/website#52877) ([kubernetes/kubernetes#134870](kubernetes/kubernetes#134870), [@pmengelbert](https://github.com/pmengelbert)) \[SIG API Machinery, Architecture, Auth, CLI, Instrumentation and Testing] - DRA device taints: `DeviceTaintRule` status provides information about the rule, including whether Pods still need to be evicted (`EvictionInProgress` condition). The newly added `None` effect can be used to preview what a `DeviceTaintRule` would do if it used the `NoExecute` effect and to taint devices (`device health`) without immediately affecting scheduling or running Pods. ([kubernetes/kubernetes#134152](kubernetes/kubernetes#134152), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Release, Scheduling and Testing] - DRA: The `DynamicResourceAllocation` feature gate for the core functionality (GA in `v1.34`) has now been locked to enabled-by-default and cannot be disabled anymore. ([kubernetes/kubernetes#134452](kubernetes/kubernetes#134452), [@pohly](https://github.com/pohly)) \[SIG Auth, Node, Scheduling and Testing] - Enabled `kubectl get -o kyaml` by default. To disable it, set `KUBECTL_KYAML=false`. ([kubernetes/kubernetes#133327](kubernetes/kubernetes#133327), [@thockin](https://github.com/thockin)) - Enabled in-place resizing of pod-level resources. - Added `Resources` in `PodStatus` to capture resources set in the pod-level cgroup. - Added `AllocatedResources` in `PodStatus` to capture resources requested in the `PodSpec`. ([kubernetes/kubernetes#132919](kubernetes/kubernetes#132919), [@ndixita](https://github.com/ndixita)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Instrumentation, Node, Scheduling and Testing] - Enabled the `NominatedNodeNameForExpectation` feature in kube-scheduler by default. - Enabled the `ClearingNominatedNodeNameAfterBinding` feature in kube-apiserver by default. ([kubernetes/kubernetes#135103](kubernetes/kubernetes#135103), [@ania-borowiec](https://github.com/ania-borowiec)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Enhanced discovery responses to merge API groups and resources from all peer apiservers when the `UnknownVersionInteroperabilityProxy` feature is enabled. ([kubernetes/kubernetes#133648](kubernetes/kubernetes#133648), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Auth, Cloud Provider, Node, Scheduling and Testing] - Extended `core/v1` `Toleration` to support numeric comparison operators (`Gt`,`Lt`). ([kubernetes/kubernetes#134665](kubernetes/kubernetes#134665), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery, Apps, Node, Scheduling, Testing and Windows] - Feature gate dependencies are now explicit, and validated at startup. A feature can no longer be enabled if it depends on a disabled feature. In particular, this means that `AllAlpha=true` will no longer work without enabling disabled-by-default beta features that are depended on (either with `AllBeta=true` or explicitly enumerating the disabled dependencies). ([kubernetes/kubernetes#133697](kubernetes/kubernetes#133697), [@tallclair](https://github.com/tallclair)) \[SIG API Machinery, Architecture, Cluster Lifecycle and Node] - Generated OpenAPI model packages for API types into `zz_generated.model_name.go` files, accessible via the `OpenAPIModelName()` function. This allows API authors to declare desired OpenAPI model packages instead of relying on the Go package path of API types. ([kubernetes/kubernetes#131755](kubernetes/kubernetes#131755), [@jpbetz](https://github.com/jpbetz)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Implemented constrained impersonation as described in [KEP-5284](https://kep.k8s.io/5284). ([kubernetes/kubernetes#134803](kubernetes/kubernetes#134803), [@enj](https://github.com/enj)) \[SIG API Machinery, Auth and Testing] - Introduced a new declarative validation tag `+k8s:customUnique` to control listmap uniqueness. ([kubernetes/kubernetes#134279](kubernetes/kubernetes#134279), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery and Auth] - Introduced a structured and versioned `v1alpha1` response for the `statusz` endpoint. ([kubernetes/kubernetes#134313](kubernetes/kubernetes#134313), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduced a structured and versioned `v1alpha1` response format for the `flagz` endpoint. ([kubernetes/kubernetes#134995](kubernetes/kubernetes#134995), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduced the GangScheduling kube-scheduler plugin to support "all-or-nothing" scheduling using the `scheduling.k8s.io/v1alpha1` Workload API. ([kubernetes/kubernetes#134722](kubernetes/kubernetes#134722), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, Auth, CLI, Etcd, Scheduling and Testing] - Introduced the Node Declared Features capability (alpha), which includes: - A new `Node.Status.DeclaredFeatures` field for publishing node-specific features. - A `component-helpers` library for feature registration and inference. - A `NodeDeclaredFeatures` scheduler plugin to match pods with nodes that provide required features. - A `NodeDeclaredFeatureValidator` admission plugin to validate pod updates against a node's declared features. ([kubernetes/kubernetes#133389](kubernetes/kubernetes#133389), [@pravk03](https://github.com/pravk03)) \[SIG API Machinery, Apps, Node, Release, Scheduling and Testing] - Introduced the `scheduling.k8s.io/v1alpha1` Workload API to express workload-level scheduling requirements and allow the kube-scheduler to act on them. ([kubernetes/kubernetes#134564](kubernetes/kubernetes#134564), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, CLI, Etcd, Scheduling and Testing] - Introduced the alpha `MutableSchedulingDirectivesForSuspendedJobs` feature gate (disabled by default), which allows mutating a Job's scheduling directives while the Job is suspended. It also updates the Job controller to clears the `status.startTime` field for suspended Jobs. ([kubernetes/kubernetes#135104](kubernetes/kubernetes#135104), [@mimowo](https://github.com/mimowo)) \[SIG Apps and Testing] - Kube-apiserver: Fixed a `v1.34` regression in `CustomResourceDefinition` handling that incorrectly warned about unrecognized formats on number and integer properties. ([kubernetes/kubernetes#133896](kubernetes/kubernetes#133896), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Contributor Experience, Network, Node and Scheduling] - Kube-apiserver: Fixed a possible panic validating a custom resource whose `CustomResourceDefinition` indicates a status subresource exists, but which does not define a `status` property in the `openAPIV3Schema`. ([kubernetes/kubernetes#133721](kubernetes/kubernetes#133721), [@fusida](https://github.com/fusida)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] - Kubernetes API Go types removed runtime use of the `github.com/gogo/protobuf` library, and are no longer registered into the global gogo type registry. Kubernetes API Go types were not suitable for use with the `google.golang.org/protobuf` library, and no longer implement `ProtoMessage()` by default to avoid accidental incompatible use. If removal of these marker methods impacts your use, it can be re-enabled for one more release with a `kubernetes_protomessage_one_more_release` build tag, but will be removed in `v1.36`. ([kubernetes/kubernetes#134256](kubernetes/kubernetes#134256), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage] - Made node affinity in Persistent Volume mutable. ([kubernetes/kubernetes#134339](kubernetes/kubernetes#134339), [@huww98](https://github.com/huww98)) \[SIG API Machinery, Apps and Node] - Moved the `ImagePullIntent` and `ImagePulledRecord` objects used by the kubelet to track image pulls to the `v1beta1` API version. ([kubernetes/kubernetes#132579](kubernetes/kubernetes#132579), [@stlaz](https://github.com/stlaz)) \[SIG Auth and Node] - Pod resize now only allows CPU and memory resources; other resource types are forbidden. ([kubernetes/kubernetes#135084](kubernetes/kubernetes#135084), [@tallclair](https://github.com/tallclair)) \[SIG Apps, Node and Testing] - Prevented Pods from being scheduled onto nodes that lack the required CSI driver. ([kubernetes/kubernetes#135012](kubernetes/kubernetes#135012), [@gnufied](https://github.com/gnufied)) \[SIG API Machinery, Scheduling, Storage and Testing] - Promoted HPA configurable tolerance to beta. The `HPAConfigurableTolerance` feature gate has now been enabled by default. ([kubernetes/kubernetes#133128](kubernetes/kubernetes#133128), [@jm-franc](https://github.com/jm-franc)) \[SIG API Machinery and Autoscaling] - Promoted ReplicaSet and Deployment `.status.terminatingReplicas` tracking to beta. The `DeploymentReplicaSetTerminatingReplicas` feature gate is now enabled by default. ([kubernetes/kubernetes#133087](kubernetes/kubernetes#133087), [@atiratree](https://github.com/atiratree)) \[SIG API Machinery, Apps and Testing] - Promoted `PodObservedGenerationTracking` to GA. ([kubernetes/kubernetes#134948](kubernetes/kubernetes#134948), [@natasha41575](https://github.com/natasha41575)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Promoted the `JobManagedBy` feature to general availability. The `JobManagedBy` feature gate was locked to `true` and will be removed in a future Kubernetes release. ([kubernetes/kubernetes#135080](kubernetes/kubernetes#135080), [@dejanzele](https://github.com/dejanzele)) \[SIG API Machinery, Apps and Testing] - Promoted the `MaxUnavailableStatefulSet` feature to beta and enabling it by default. ([kubernetes/kubernetes#133153](kubernetes/kubernetes#133153), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery and Apps] - Removed the `StrictCostEnforcementForVAP` and `StrictCostEnforcementForWebhooks` feature gates, which were locked since `v1.32`. ([kubernetes/kubernetes#134994](kubernetes/kubernetes#134994), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Auth, Node and Testing] - Scheduler: Added the `bindingTimeout` argument to the DynamicResources plugin configuration, allowing customization of the wait duration in `PreBind` for device binding conditions. Defaults to 10 minutes when `DRADeviceBindingConditions` and `DRAResourceClaimDeviceStatus` are both enabled. ([kubernetes/kubernetes#134905](kubernetes/kubernetes#134905), [@fj-naji](https://github.com/fj-naji)) \[SIG Node and Scheduling] - The DRA device taints and toleration feature received a separate feature gate, `DRADeviceTaintRules`, which controlled support for `DeviceTaintRules`. This allowed disabling it while keeping `DRADeviceTaints` enabled so that tainting via `ResourceSlices` continued to work. ([kubernetes/kubernetes#135068](kubernetes/kubernetes#135068), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Scheduling and Testing] - The Pod Certificates feature moved to beta. The `PodCertificateRequest` feature gate is set disabled by default. To use the feature, users must enable the certificates API groups in `v1beta1` and enable the `PodCertificateRequest` feature gate. The `UserAnnotations` field was added to the `PodCertificateProjection` API and the corresponding `UnverifiedUserAnnotations` field was added to the `PodCertificateRequest` API. ([kubernetes/kubernetes#134624](kubernetes/kubernetes#134624), [@yt2985](https://github.com/yt2985)) \[SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node and Testing] - The `KubeletEnsureSecretPulledImages` feature was promoted to Beta and enabled by default. ([kubernetes/kubernetes#135228](kubernetes/kubernetes#135228), [@aramase](https://github.com/aramase)) \[SIG Auth, Node and Testing] - The `PreferSameZone` and `PreferSameNode` values for the Service `trafficDistribution` field graduated to general availability. The `PreferClose` value is now deprecated in favor of the more explicit `PreferSameZone`. ([kubernetes/kubernetes#134457](kubernetes/kubernetes#134457), [@danwinship](https://github.com/danwinship)) \[SIG API Machinery, Apps, Network and Testing] - Updated `ResourceQuota` to count device class requests within a `ResourceClaim` as two additional quotas when the `DRAExtendedResource` feature is enabled: - `requests.deviceclass.resource.k8s.io/<deviceclass>` is charged based on the worst-case number of devices requested. - Device classes mapping to an extended resource now consume `requests.<extended resource name>`. ([kubernetes/kubernetes#134210](kubernetes/kubernetes#134210), [@yliaog](https://github.com/yliaog)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Updated storage version for `MutatingAdmissionPolicy` to `v1beta1`. ([kubernetes/kubernetes#133715](kubernetes/kubernetes#133715), [@cici37](https://github.com/cici37)) \[SIG API Machinery, Etcd and Testing] - Updated the Partitionable Devices feature to support referencing counter sets across ResourceSlices within the same resource pool. Devices from incomplete pools were no longer considered for allocation. This change introduced backwards-incompatible updates to the alpha feature, requiring any ResourceSlices using it to be removed before upgrading or downgrading between v1.34 and v1.35. ([kubernetes/kubernetes#134189](kubernetes/kubernetes#134189), [@mortent](https://github.com/mortent)) \[SIG API Machinery, Node, Scheduling and Testing] - Upgraded the `PodObservedGenerationTracking` feature to beta in `v1.34` and removed the alpha version description from the OpenAPI specification. ([kubernetes/kubernetes#133883](kubernetes/kubernetes#133883), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) - Add scoring for the prioritized list feature so that the node that can satisfy the best ranked subrequests are chosen. ([kubernetes/kubernetes#134711](kubernetes/kubernetes#134711), [@mortent](https://github.com/mortent)) \[SIG Node, Scheduling and Testing] - Allows restart all containers when the source container exits with a matching restart policy rule. This is an alpha feature behind feature gate RestartAllContainersOnContainerExit. ([kubernetes/kubernetes#134345](kubernetes/kubernetes#134345), [@yuanwang04](https://github.com/yuanwang04)) \[SIG Apps, Node and Testing] - Changed kuberc configuration schema. Two new optional fields added to kuberc configuration, `credPluginPolicy` and `credPluginAllowlist`. This is documented in [KEP-3104](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cli/3104-introduce-kuberc/README.md#allowlist-design-details) and documentation is added to the website by [kubernetes/website#52877](kubernetes/website#52877) ([kubernetes/kubernetes#134870](kubernetes/kubernetes#134870), [@pmengelbert](https://github.com/pmengelbert)) \[SIG API Machinery, Architecture, Auth, CLI, Instrumentation and Testing] - Enhanced discovery response to support merged API groups/resources from all peer apiservers when UnknownVersionInteroperabilityProxy feature is enabled ([kubernetes/kubernetes#133648](kubernetes/kubernetes#133648), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Auth, Cloud Provider, Node, Scheduling and Testing] - Extend `core/v1 Toleration` to support numeric comparison operators (`Gt`, `Lt`). ([kubernetes/kubernetes#134665](kubernetes/kubernetes#134665), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery, Apps, Node, Scheduling, Testing and Windows] - Features: NominatedNodeNameForExpectation in kube-scheduler and CleaeringNominatedNodeNameAfterBinding in kube-apiserver are now enabled by default. ([kubernetes/kubernetes#135103](kubernetes/kubernetes#135103), [@ania-borowiec](https://github.com/ania-borowiec)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Implement changes to prevent pod scheduling to a node without CSI driver ([kubernetes/kubernetes#135012](kubernetes/kubernetes#135012), [@gnufied](https://github.com/gnufied)) \[SIG API Machinery, Scheduling, Storage and Testing] - Introduce scheduling.k8s.io/v1alpha1 Workload API to allow for expressing workload-level scheduling requirements and let kube-scheduler act on those. ([kubernetes/kubernetes#134564](kubernetes/kubernetes#134564), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, CLI, Etcd, Scheduling and Testing] - Introduce the alpha MutableSchedulingDirectivesForSuspendedJobs feature gate (disabled by default) which: 1. allows to mutate Job's scheduling directives for suspended Jobs 2. makes the Job controller to clear the status.startTime field for suspended Jobs ([kubernetes/kubernetes#135104](kubernetes/kubernetes#135104), [@mimowo](https://github.com/mimowo)) \[SIG Apps and Testing] - Introduced GangScheduling kube-scheduler plugin to enable "all-or-nothing" scheduling. Workload API in scheduling.k8s.io/v1alpha1 is used to express the desired policy. ([kubernetes/kubernetes#134722](kubernetes/kubernetes#134722), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, Auth, CLI, Etcd, Scheduling and Testing] - PV node affinity is now mutable. ([kubernetes/kubernetes#134339](kubernetes/kubernetes#134339), [@huww98](https://github.com/huww98)) \[SIG API Machinery, Apps and Node] - ResourceQuota now counts device class requests within a ResourceClaim object as consuming two additional quotas when the DRAExtendedResource feature is enabled: - `requests.deviceclass.resource.k8s.io/<deviceclass>` with a quantity equal to the worst case count of devices requested - requests for device classes that map to an extended resource consume `requests.<extended resource name>` ([kubernetes/kubernetes#134210](kubernetes/kubernetes#134210), [@yliaog](https://github.com/yliaog)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - The DRA device taints and toleration feature now has a separate feature gate, DRADeviceTaintRules, which controls whether support for DeviceTaintRules is enabled. It is possible to disable that and keep DRADeviceTaints enabled, in which case tainting by DRA drivers through ResourceSlices continues to work. ([kubernetes/kubernetes#135068](kubernetes/kubernetes#135068), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Scheduling and Testing] - The ImagePullIntent and ImagePulledRecord objects used by kubelet to store information about image pulls have been moved to the v1beta1 API version. ([kubernetes/kubernetes#132579](kubernetes/kubernetes#132579), [@stlaz](https://github.com/stlaz)) \[SIG Auth and Node] - The KubeletEnsureSecretPulledImages feature is now beta and enabled by default. ([kubernetes/kubernetes#135228](kubernetes/kubernetes#135228), [@aramase](https://github.com/aramase)) \[SIG Auth, Node and Testing] - This change adds a new alpha feature Node Declared Features, which includes: - A new `Node.Status.DeclaredFeatures` field for Kubelet to publish node-specific features. - A library in `component-helpers` for feature registration and inference. - A scheduler plugin (`NodeDeclaredFeatures`) scheduler plugin to match pods with nodes that provide their required features. - An admission plugin (`NodeDeclaredFeatureValidator`) to validate pod updates against a node's declared features. ([kubernetes/kubernetes#133389](kubernetes/kubernetes#133389), [@pravk03](https://github.com/pravk03)) \[SIG API Machinery, Apps, Node, Release, Scheduling and Testing] - This change allows In Place Resize of Pod Level Resources - Add Resources in PodStatus to capture resources set at pod-level cgroup - Add AllocatedResources in PodStatus to capture resources requested in the PodSpec ([kubernetes/kubernetes#132919](kubernetes/kubernetes#132919), [@ndixita](https://github.com/ndixita)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Instrumentation, Node, Scheduling and Testing] - Updates to the Partitionable Devices feature which allows for referencing counter sets across different ResourceSlices within the same resource pool. Devices from incomplete pools are no longer considered for allocation. This contains backwards incompatible changes to the Partitionable Devices alpha feature, so any ResourceSlices that uses the feature should be removed prior to upgrading or downgrading between 1.34 and 1.35. ([kubernetes/kubernetes#134189](kubernetes/kubernetes#134189), [@mortent](https://github.com/mortent)) \[SIG API Machinery, Node, Scheduling and Testing] - Add ObservedGeneration to CustomResourceDefinition Conditions. ([kubernetes/kubernetes#134984](kubernetes/kubernetes#134984), [@michaelasp](https://github.com/michaelasp)) \[SIG API Machinery] - Add StorageVersionMigration v1beta1 api and remove the v1alpha API. Any use of the v1alpha1 api is no longer supported and users must remove any v1alpha1 resources prior to upgrade. ([kubernetes/kubernetes#134784](kubernetes/kubernetes#134784), [@michaelasp](https://github.com/michaelasp)) \[SIG API Machinery, Apps, Auth, Etcd and Testing] - CSI drivers can now opt-in to receive service account tokens via the secrets field instead of volume context by setting `spec.serviceAccountTokenInSecrets: true` in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the `CSIServiceAccountTokenSecrets` feature gate (Beta in v1.35). ([kubernetes/kubernetes#134826](kubernetes/kubernetes#134826), [@aramase](https://github.com/aramase)) \[SIG API Machinery, Auth, Storage and Testing] - DRA device taints: DeviceTaintRule status provided information about the rule, in particular whether pods still need to be evicted ("EvictionInProgress" condition). The new "None" effect can be used to preview what a DeviceTaintRule would do if it used the "NoExecute" effect and to taint devices ("device health") without immediately affecting scheduling or running pods. ([kubernetes/kubernetes#134152](kubernetes/kubernetes#134152), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Release, Scheduling and Testing] - DRA: the DynamicResourceAllocation feature gate for the core functionality (GA in 1.34) is now locked to enabled-by-default and thus cannot be disabled anymore. ([kubernetes/kubernetes#134452](kubernetes/kubernetes#134452), [@pohly](https://github.com/pohly)) \[SIG Auth, Node, Scheduling and Testing] - Forbid adding resources other than CPU & memory on pod resize. ([kubernetes/kubernetes#135084](kubernetes/kubernetes#135084), [@tallclair](https://github.com/tallclair)) \[SIG Apps, Node and Testing] - Implement constrained impersonation as described in <https://kep.k8s.io/5284> ([kubernetes/kubernetes#134803](kubernetes/kubernetes#134803), [@enj](https://github.com/enj)) \[SIG API Machinery, Auth and Testing] - Introduces a structured and versioned v1alpha1 response for flagz ([kubernetes/kubernetes#134995](kubernetes/kubernetes#134995), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduces a structured and versioned v1alpha1 response for statusz ([kubernetes/kubernetes#134313](kubernetes/kubernetes#134313), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - New `--min-compatibility-version` flag for apiserver, kcm and kube scheduler ([kubernetes/kubernetes#133980](kubernetes/kubernetes#133980), [@siyuanfoundation](https://github.com/siyuanfoundation)) \[SIG API Machinery, Architecture, Cluster Lifecycle, Etcd, Scheduling and Testing] - Promote PodObservedGenerationTracking to GA. ([kubernetes/kubernetes#134948](kubernetes/kubernetes#134948), [@natasha41575](https://github.com/natasha41575)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Promoted Job Managed By to general availability. The `JobManagedBy` feature gate is now locked to true, and will be removed in a future release of Kubernetes. ([kubernetes/kubernetes#135080](kubernetes/kubernetes#135080), [@dejanzele](https://github.com/dejanzele)) \[SIG API Machinery, Apps and Testing] - Promoted ReplicaSet and Deployment `.status.terminatingReplicas` tracking to beta. The `DeploymentReplicaSetTerminatingReplicas` feature gate is now enabled by default. ([kubernetes/kubernetes#133087](kubernetes/kubernetes#133087), [@atiratree](https://github.com/atiratree)) \[SIG API Machinery, Apps and Testing] - Scheduler: added a new `bindingTimeout` argument to the DynamicResources plugin configuration. This allows customizing the wait duration in PreBind for device binding conditions. Defaults to 10 minutes when DRADeviceBindingConditions and DRAResourceClaimDeviceStatus are both enabled. ([kubernetes/kubernetes#134905](kubernetes/kubernetes#134905), [@fj-naji](https://github.com/fj-naji)) \[SIG Node and Scheduling] - The Pod Certificates feature is moving to beta. The PodCertificateRequest feature gate is still set false by default. To use the feature, users will need to enable the certificates API groups in v1beta1 and enable the feature gate PodCertificateRequest. A new field UserAnnotations is added to the PodCertificateProjection API and the corresponding UnverifiedUserAnnotations is added to the PodCertificateRequest API. ([kubernetes/kubernetes#134624](kubernetes/kubernetes#134624), [@yt2985](https://github.com/yt2985)) \[SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node and Testing] - The StrictCostEnforcementForVAP and StrictCostEnforcementForWebhooks feature gates, locked on since 1.32, have been removed ([kubernetes/kubernetes#134994](kubernetes/kubernetes#134994), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Auth, Node and Testing] - The `PreferSameZone` and `PreferSameNode` values for Service's `trafficDistribution` field are now GA. The old value `PreferClose` is now deprecated in favor of the more-explicit `PreferSameZone`. ([kubernetes/kubernetes#134457](kubernetes/kubernetes#134457), [@danwinship](https://github.com/danwinship)) \[SIG API Machinery, Apps, Network and Testing] - Kube-apiserver: fix a possible panic validating a custom resource whose CustomResourceDefinition indicates a status subresource exists, but which does not define a `status` property in the `openAPIV3Schema` ([kubernetes/kubernetes#133721](kubernetes/kubernetes#133721), [@fusida](https://github.com/fusida)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] - Kubernetes API Go types removed runtime use of the github.com/gogo/protobuf library, and are no longer registered into the global gogo type registry. Kubernetes API Go types were not suitable for use with the google.golang.org/protobuf library, and no longer implement `ProtoMessage()` by default to avoid accidental incompatible use. If removal of these marker methods impacts your use, it can be re-enabled for one more release with a `kubernetes_protomessage_one_more_release` build tag, but will be removed in 1.36. ([kubernetes/kubernetes#134256](kubernetes/kubernetes#134256), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage] - Promoted HPA configurable tolerance to beta. The `HPAConfigurableTolerance` feature gate is now enabled by default. ([kubernetes/kubernetes#133128](kubernetes/kubernetes#133128), [@jm-franc](https://github.com/jm-franc)) \[SIG API Machinery and Autoscaling] - The MaxUnavailableStatefulSet feature is now beta and enabled by default. ([kubernetes/kubernetes#133153](kubernetes/kubernetes#133153), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery and Apps] - Added WithOrigin within apis/core/validation with adjusted tests ([kubernetes/kubernetes#132825](kubernetes/kubernetes#132825), [@PatrickLaabs](https://github.com/PatrickLaabs)) \[SIG Apps] - Component-base: validate that log-flush-frequency is positive and return an error instead of panic-ing ([kubernetes/kubernetes#133540](kubernetes/kubernetes#133540), [@BenTheElder](https://github.com/BenTheElder)) \[SIG Architecture, Instrumentation, Network and Node] - Feature gate dependencies are now explicit, and validated at startup. A feature can no longer be enabled if it depends on a disabled feature. In particular, this means that `AllAlpha=true` will no longer work without enabling disabled-by-default beta features that are depended on (either with `AllBeta=true` or explicitly enumerating the disabled dependencies). ([kubernetes/kubernetes#133697](kubernetes/kubernetes#133697), [@tallclair](https://github.com/tallclair)) \[SIG API Machinery, Architecture, Cluster Lifecycle and Node] - In version 1.34, the PodObservedGenerationTracking feature has been upgraded to beta, and the description of the alpha version in the openapi has been removed. ([kubernetes/kubernetes#133883](kubernetes/kubernetes#133883), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) \[SIG Apps] - Introduce a new declarative validation tag +k8s:customUnique to control listmap uniqueness ([kubernetes/kubernetes#134279](kubernetes/kubernetes#134279), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery and Auth] - Kube-apiserver: Fixed a 1.34 regression in CustomResourceDefinition handling that incorrectly warned about unrecognized formats on number and integer properties ([kubernetes/kubernetes#133896](kubernetes/kubernetes#133896), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Contributor Experience, Network, Node and Scheduling] - OpenAPI model packages of API types are generated into `zz_generated.model_name.go` files and are accessible using the `OpenAPIModelName()` function. This allows API authors to declare the desired OpenAPI model packages instead of using the go package path of API types. ([kubernetes/kubernetes#131755](kubernetes/kubernetes#131755), [@jpbetz](https://github.com/jpbetz)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Support for `kubectl get -o kyaml` is now on by default. To disable it, set `KUBECTL_KYAML=false`. ([kubernetes/kubernetes#133327](kubernetes/kubernetes#133327), [@thockin](https://github.com/thockin)) \[SIG CLI] - The storage version for MutatingAdmissionPolicy is updated to v1beta1. ([kubernetes/kubernetes#133715](kubernetes/kubernetes#133715), [@cici37](https://github.com/cici37)) \[SIG API Machinery, Etcd and Testing]
renovate Bot
added a commit
to sdwilsh/ansible-playbooks
that referenced
this pull request
Feb 12, 2026
##### [\`35.0.0\`](https://github.com/kubernetes-client/python/blob/HEAD/CHANGELOG.md#v3500snapshot) Kubernetes API Version: v1.35.0 ##### API Change - Added `ObservedGeneration` to CustomResourceDefinition conditions. ([kubernetes/kubernetes#134984](kubernetes/kubernetes#134984), [@michaelasp](https://github.com/michaelasp)) - Added `WithOrigin` within `apis/core/validation` with adjusted tests. ([kubernetes/kubernetes#132825](kubernetes/kubernetes#132825), [@PatrickLaabs](https://github.com/PatrickLaabs)) - Added scoring for the prioritized list feature so nodes that best satisfy the highest-ranked subrequests were chosen. ([kubernetes/kubernetes#134711](kubernetes/kubernetes#134711), [@mortent](https://github.com/mortent)) \[SIG Node, Scheduling and Testing] - Added the `--min-compatibility-version` flag to `kube-apiserver`, `kube-controller-manager`, and `kube-scheduler`. ([kubernetes/kubernetes#133980](kubernetes/kubernetes#133980), [@siyuanfoundation](https://github.com/siyuanfoundation)) \[SIG API Machinery, Architecture, Cluster Lifecycle, Etcd, Scheduling and Testing] - Added the `StorageVersionMigration` `v1beta1` API and removed the `v1alpha1` API. ACTION REQUIRED: The `v1alpha1` API is no longer supported. Users must remove any `v1alpha1` resources before upgrading. ([kubernetes/kubernetes#134784](kubernetes/kubernetes#134784), [@michaelasp](https://github.com/michaelasp)) \[SIG API Machinery, Apps, Auth, Etcd and Testing] - Added validation to ensure `log-flush-frequency` is a positive value, returning an error instead of causing a panic. ([kubernetes/kubernetes#133540](kubernetes/kubernetes#133540), [@BenTheElder](https://github.com/BenTheElder)) \[SIG Architecture, Instrumentation, Network and Node] - All containers are restarted when a source container in a restart policy rule exits. This alpha feature is gated behind `RestartAllContainersOnContainerExit`. ([kubernetes/kubernetes#134345](kubernetes/kubernetes#134345), [@yuanwang04](https://github.com/yuanwang04)) \[SIG Apps, Node and Testing] - CSI drivers can now opt in to receive service account tokens via the secrets field instead of volume context by setting `spec.serviceAccountTokenInSecrets: true` in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the `CSIServiceAccountTokenSecrets` feature gate (beta in `v1.35`). ([kubernetes/kubernetes#134826](kubernetes/kubernetes#134826), [@aramase](https://github.com/aramase)) \[SIG API Machinery, Auth, Storage and Testing] - Changed kuberc configuration schema. Two new optional fields added to kuberc configuration, `credPluginPolicy` and `credPluginAllowlist`. This is documented in [KEP-3104](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cli/3104-introduce-kuberc/README.md#allowlist-design-details) and documentation is added to the website by [kubernetes/website#52877](kubernetes/website#52877) ([kubernetes/kubernetes#134870](kubernetes/kubernetes#134870), [@pmengelbert](https://github.com/pmengelbert)) \[SIG API Machinery, Architecture, Auth, CLI, Instrumentation and Testing] - DRA device taints: `DeviceTaintRule` status provides information about the rule, including whether Pods still need to be evicted (`EvictionInProgress` condition). The newly added `None` effect can be used to preview what a `DeviceTaintRule` would do if it used the `NoExecute` effect and to taint devices (`device health`) without immediately affecting scheduling or running Pods. ([kubernetes/kubernetes#134152](kubernetes/kubernetes#134152), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Release, Scheduling and Testing] - DRA: The `DynamicResourceAllocation` feature gate for the core functionality (GA in `v1.34`) has now been locked to enabled-by-default and cannot be disabled anymore. ([kubernetes/kubernetes#134452](kubernetes/kubernetes#134452), [@pohly](https://github.com/pohly)) \[SIG Auth, Node, Scheduling and Testing] - Enabled `kubectl get -o kyaml` by default. To disable it, set `KUBECTL_KYAML=false`. ([kubernetes/kubernetes#133327](kubernetes/kubernetes#133327), [@thockin](https://github.com/thockin)) - Enabled in-place resizing of pod-level resources. - Added `Resources` in `PodStatus` to capture resources set in the pod-level cgroup. - Added `AllocatedResources` in `PodStatus` to capture resources requested in the `PodSpec`. ([kubernetes/kubernetes#132919](kubernetes/kubernetes#132919), [@ndixita](https://github.com/ndixita)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Instrumentation, Node, Scheduling and Testing] - Enabled the `NominatedNodeNameForExpectation` feature in kube-scheduler by default. - Enabled the `ClearingNominatedNodeNameAfterBinding` feature in kube-apiserver by default. ([kubernetes/kubernetes#135103](kubernetes/kubernetes#135103), [@ania-borowiec](https://github.com/ania-borowiec)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Enhanced discovery responses to merge API groups and resources from all peer apiservers when the `UnknownVersionInteroperabilityProxy` feature is enabled. ([kubernetes/kubernetes#133648](kubernetes/kubernetes#133648), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Auth, Cloud Provider, Node, Scheduling and Testing] - Extended `core/v1` `Toleration` to support numeric comparison operators (`Gt`,`Lt`). ([kubernetes/kubernetes#134665](kubernetes/kubernetes#134665), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery, Apps, Node, Scheduling, Testing and Windows] - Feature gate dependencies are now explicit, and validated at startup. A feature can no longer be enabled if it depends on a disabled feature. In particular, this means that `AllAlpha=true` will no longer work without enabling disabled-by-default beta features that are depended on (either with `AllBeta=true` or explicitly enumerating the disabled dependencies). ([kubernetes/kubernetes#133697](kubernetes/kubernetes#133697), [@tallclair](https://github.com/tallclair)) \[SIG API Machinery, Architecture, Cluster Lifecycle and Node] - Generated OpenAPI model packages for API types into `zz_generated.model_name.go` files, accessible via the `OpenAPIModelName()` function. This allows API authors to declare desired OpenAPI model packages instead of relying on the Go package path of API types. ([kubernetes/kubernetes#131755](kubernetes/kubernetes#131755), [@jpbetz](https://github.com/jpbetz)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Implemented constrained impersonation as described in [KEP-5284](https://kep.k8s.io/5284). ([kubernetes/kubernetes#134803](kubernetes/kubernetes#134803), [@enj](https://github.com/enj)) \[SIG API Machinery, Auth and Testing] - Introduced a new declarative validation tag `+k8s:customUnique` to control listmap uniqueness. ([kubernetes/kubernetes#134279](kubernetes/kubernetes#134279), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery and Auth] - Introduced a structured and versioned `v1alpha1` response for the `statusz` endpoint. ([kubernetes/kubernetes#134313](kubernetes/kubernetes#134313), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduced a structured and versioned `v1alpha1` response format for the `flagz` endpoint. ([kubernetes/kubernetes#134995](kubernetes/kubernetes#134995), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduced the GangScheduling kube-scheduler plugin to support "all-or-nothing" scheduling using the `scheduling.k8s.io/v1alpha1` Workload API. ([kubernetes/kubernetes#134722](kubernetes/kubernetes#134722), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, Auth, CLI, Etcd, Scheduling and Testing] - Introduced the Node Declared Features capability (alpha), which includes: - A new `Node.Status.DeclaredFeatures` field for publishing node-specific features. - A `component-helpers` library for feature registration and inference. - A `NodeDeclaredFeatures` scheduler plugin to match pods with nodes that provide required features. - A `NodeDeclaredFeatureValidator` admission plugin to validate pod updates against a node's declared features. ([kubernetes/kubernetes#133389](kubernetes/kubernetes#133389), [@pravk03](https://github.com/pravk03)) \[SIG API Machinery, Apps, Node, Release, Scheduling and Testing] - Introduced the `scheduling.k8s.io/v1alpha1` Workload API to express workload-level scheduling requirements and allow the kube-scheduler to act on them. ([kubernetes/kubernetes#134564](kubernetes/kubernetes#134564), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, CLI, Etcd, Scheduling and Testing] - Introduced the alpha `MutableSchedulingDirectivesForSuspendedJobs` feature gate (disabled by default), which allows mutating a Job's scheduling directives while the Job is suspended. It also updates the Job controller to clears the `status.startTime` field for suspended Jobs. ([kubernetes/kubernetes#135104](kubernetes/kubernetes#135104), [@mimowo](https://github.com/mimowo)) \[SIG Apps and Testing] - Kube-apiserver: Fixed a `v1.34` regression in `CustomResourceDefinition` handling that incorrectly warned about unrecognized formats on number and integer properties. ([kubernetes/kubernetes#133896](kubernetes/kubernetes#133896), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Contributor Experience, Network, Node and Scheduling] - Kube-apiserver: Fixed a possible panic validating a custom resource whose `CustomResourceDefinition` indicates a status subresource exists, but which does not define a `status` property in the `openAPIV3Schema`. ([kubernetes/kubernetes#133721](kubernetes/kubernetes#133721), [@fusida](https://github.com/fusida)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] - Kubernetes API Go types removed runtime use of the `github.com/gogo/protobuf` library, and are no longer registered into the global gogo type registry. Kubernetes API Go types were not suitable for use with the `google.golang.org/protobuf` library, and no longer implement `ProtoMessage()` by default to avoid accidental incompatible use. If removal of these marker methods impacts your use, it can be re-enabled for one more release with a `kubernetes_protomessage_one_more_release` build tag, but will be removed in `v1.36`. ([kubernetes/kubernetes#134256](kubernetes/kubernetes#134256), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage] - Made node affinity in Persistent Volume mutable. ([kubernetes/kubernetes#134339](kubernetes/kubernetes#134339), [@huww98](https://github.com/huww98)) \[SIG API Machinery, Apps and Node] - Moved the `ImagePullIntent` and `ImagePulledRecord` objects used by the kubelet to track image pulls to the `v1beta1` API version. ([kubernetes/kubernetes#132579](kubernetes/kubernetes#132579), [@stlaz](https://github.com/stlaz)) \[SIG Auth and Node] - Pod resize now only allows CPU and memory resources; other resource types are forbidden. ([kubernetes/kubernetes#135084](kubernetes/kubernetes#135084), [@tallclair](https://github.com/tallclair)) \[SIG Apps, Node and Testing] - Prevented Pods from being scheduled onto nodes that lack the required CSI driver. ([kubernetes/kubernetes#135012](kubernetes/kubernetes#135012), [@gnufied](https://github.com/gnufied)) \[SIG API Machinery, Scheduling, Storage and Testing] - Promoted HPA configurable tolerance to beta. The `HPAConfigurableTolerance` feature gate has now been enabled by default. ([kubernetes/kubernetes#133128](kubernetes/kubernetes#133128), [@jm-franc](https://github.com/jm-franc)) \[SIG API Machinery and Autoscaling] - Promoted ReplicaSet and Deployment `.status.terminatingReplicas` tracking to beta. The `DeploymentReplicaSetTerminatingReplicas` feature gate is now enabled by default. ([kubernetes/kubernetes#133087](kubernetes/kubernetes#133087), [@atiratree](https://github.com/atiratree)) \[SIG API Machinery, Apps and Testing] - Promoted `PodObservedGenerationTracking` to GA. ([kubernetes/kubernetes#134948](kubernetes/kubernetes#134948), [@natasha41575](https://github.com/natasha41575)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Promoted the `JobManagedBy` feature to general availability. The `JobManagedBy` feature gate was locked to `true` and will be removed in a future Kubernetes release. ([kubernetes/kubernetes#135080](kubernetes/kubernetes#135080), [@dejanzele](https://github.com/dejanzele)) \[SIG API Machinery, Apps and Testing] - Promoted the `MaxUnavailableStatefulSet` feature to beta and enabling it by default. ([kubernetes/kubernetes#133153](kubernetes/kubernetes#133153), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery and Apps] - Removed the `StrictCostEnforcementForVAP` and `StrictCostEnforcementForWebhooks` feature gates, which were locked since `v1.32`. ([kubernetes/kubernetes#134994](kubernetes/kubernetes#134994), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Auth, Node and Testing] - Scheduler: Added the `bindingTimeout` argument to the DynamicResources plugin configuration, allowing customization of the wait duration in `PreBind` for device binding conditions. Defaults to 10 minutes when `DRADeviceBindingConditions` and `DRAResourceClaimDeviceStatus` are both enabled. ([kubernetes/kubernetes#134905](kubernetes/kubernetes#134905), [@fj-naji](https://github.com/fj-naji)) \[SIG Node and Scheduling] - The DRA device taints and toleration feature received a separate feature gate, `DRADeviceTaintRules`, which controlled support for `DeviceTaintRules`. This allowed disabling it while keeping `DRADeviceTaints` enabled so that tainting via `ResourceSlices` continued to work. ([kubernetes/kubernetes#135068](kubernetes/kubernetes#135068), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Scheduling and Testing] - The Pod Certificates feature moved to beta. The `PodCertificateRequest` feature gate is set disabled by default. To use the feature, users must enable the certificates API groups in `v1beta1` and enable the `PodCertificateRequest` feature gate. The `UserAnnotations` field was added to the `PodCertificateProjection` API and the corresponding `UnverifiedUserAnnotations` field was added to the `PodCertificateRequest` API. ([kubernetes/kubernetes#134624](kubernetes/kubernetes#134624), [@yt2985](https://github.com/yt2985)) \[SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node and Testing] - The `KubeletEnsureSecretPulledImages` feature was promoted to Beta and enabled by default. ([kubernetes/kubernetes#135228](kubernetes/kubernetes#135228), [@aramase](https://github.com/aramase)) \[SIG Auth, Node and Testing] - The `PreferSameZone` and `PreferSameNode` values for the Service `trafficDistribution` field graduated to general availability. The `PreferClose` value is now deprecated in favor of the more explicit `PreferSameZone`. ([kubernetes/kubernetes#134457](kubernetes/kubernetes#134457), [@danwinship](https://github.com/danwinship)) \[SIG API Machinery, Apps, Network and Testing] - Updated `ResourceQuota` to count device class requests within a `ResourceClaim` as two additional quotas when the `DRAExtendedResource` feature is enabled: - `requests.deviceclass.resource.k8s.io/<deviceclass>` is charged based on the worst-case number of devices requested. - Device classes mapping to an extended resource now consume `requests.<extended resource name>`. ([kubernetes/kubernetes#134210](kubernetes/kubernetes#134210), [@yliaog](https://github.com/yliaog)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Updated storage version for `MutatingAdmissionPolicy` to `v1beta1`. ([kubernetes/kubernetes#133715](kubernetes/kubernetes#133715), [@cici37](https://github.com/cici37)) \[SIG API Machinery, Etcd and Testing] - Updated the Partitionable Devices feature to support referencing counter sets across ResourceSlices within the same resource pool. Devices from incomplete pools were no longer considered for allocation. This change introduced backwards-incompatible updates to the alpha feature, requiring any ResourceSlices using it to be removed before upgrading or downgrading between v1.34 and v1.35. ([kubernetes/kubernetes#134189](kubernetes/kubernetes#134189), [@mortent](https://github.com/mortent)) \[SIG API Machinery, Node, Scheduling and Testing] - Upgraded the `PodObservedGenerationTracking` feature to beta in `v1.34` and removed the alpha version description from the OpenAPI specification. ([kubernetes/kubernetes#133883](kubernetes/kubernetes#133883), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) - Add scoring for the prioritized list feature so that the node that can satisfy the best ranked subrequests are chosen. ([kubernetes/kubernetes#134711](kubernetes/kubernetes#134711), [@mortent](https://github.com/mortent)) \[SIG Node, Scheduling and Testing] - Allows restart all containers when the source container exits with a matching restart policy rule. This is an alpha feature behind feature gate RestartAllContainersOnContainerExit. ([kubernetes/kubernetes#134345](kubernetes/kubernetes#134345), [@yuanwang04](https://github.com/yuanwang04)) \[SIG Apps, Node and Testing] - Changed kuberc configuration schema. Two new optional fields added to kuberc configuration, `credPluginPolicy` and `credPluginAllowlist`. This is documented in [KEP-3104](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cli/3104-introduce-kuberc/README.md#allowlist-design-details) and documentation is added to the website by [kubernetes/website#52877](kubernetes/website#52877) ([kubernetes/kubernetes#134870](kubernetes/kubernetes#134870), [@pmengelbert](https://github.com/pmengelbert)) \[SIG API Machinery, Architecture, Auth, CLI, Instrumentation and Testing] - Enhanced discovery response to support merged API groups/resources from all peer apiservers when UnknownVersionInteroperabilityProxy feature is enabled ([kubernetes/kubernetes#133648](kubernetes/kubernetes#133648), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Auth, Cloud Provider, Node, Scheduling and Testing] - Extend `core/v1 Toleration` to support numeric comparison operators (`Gt`, `Lt`). ([kubernetes/kubernetes#134665](kubernetes/kubernetes#134665), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery, Apps, Node, Scheduling, Testing and Windows] - Features: NominatedNodeNameForExpectation in kube-scheduler and CleaeringNominatedNodeNameAfterBinding in kube-apiserver are now enabled by default. ([kubernetes/kubernetes#135103](kubernetes/kubernetes#135103), [@ania-borowiec](https://github.com/ania-borowiec)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Implement changes to prevent pod scheduling to a node without CSI driver ([kubernetes/kubernetes#135012](kubernetes/kubernetes#135012), [@gnufied](https://github.com/gnufied)) \[SIG API Machinery, Scheduling, Storage and Testing] - Introduce scheduling.k8s.io/v1alpha1 Workload API to allow for expressing workload-level scheduling requirements and let kube-scheduler act on those. ([kubernetes/kubernetes#134564](kubernetes/kubernetes#134564), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, CLI, Etcd, Scheduling and Testing] - Introduce the alpha MutableSchedulingDirectivesForSuspendedJobs feature gate (disabled by default) which: 1. allows to mutate Job's scheduling directives for suspended Jobs 2. makes the Job controller to clear the status.startTime field for suspended Jobs ([kubernetes/kubernetes#135104](kubernetes/kubernetes#135104), [@mimowo](https://github.com/mimowo)) \[SIG Apps and Testing] - Introduced GangScheduling kube-scheduler plugin to enable "all-or-nothing" scheduling. Workload API in scheduling.k8s.io/v1alpha1 is used to express the desired policy. ([kubernetes/kubernetes#134722](kubernetes/kubernetes#134722), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, Auth, CLI, Etcd, Scheduling and Testing] - PV node affinity is now mutable. ([kubernetes/kubernetes#134339](kubernetes/kubernetes#134339), [@huww98](https://github.com/huww98)) \[SIG API Machinery, Apps and Node] - ResourceQuota now counts device class requests within a ResourceClaim object as consuming two additional quotas when the DRAExtendedResource feature is enabled: - `requests.deviceclass.resource.k8s.io/<deviceclass>` with a quantity equal to the worst case count of devices requested - requests for device classes that map to an extended resource consume `requests.<extended resource name>` ([kubernetes/kubernetes#134210](kubernetes/kubernetes#134210), [@yliaog](https://github.com/yliaog)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - The DRA device taints and toleration feature now has a separate feature gate, DRADeviceTaintRules, which controls whether support for DeviceTaintRules is enabled. It is possible to disable that and keep DRADeviceTaints enabled, in which case tainting by DRA drivers through ResourceSlices continues to work. ([kubernetes/kubernetes#135068](kubernetes/kubernetes#135068), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Scheduling and Testing] - The ImagePullIntent and ImagePulledRecord objects used by kubelet to store information about image pulls have been moved to the v1beta1 API version. ([kubernetes/kubernetes#132579](kubernetes/kubernetes#132579), [@stlaz](https://github.com/stlaz)) \[SIG Auth and Node] - The KubeletEnsureSecretPulledImages feature is now beta and enabled by default. ([kubernetes/kubernetes#135228](kubernetes/kubernetes#135228), [@aramase](https://github.com/aramase)) \[SIG Auth, Node and Testing] - This change adds a new alpha feature Node Declared Features, which includes: - A new `Node.Status.DeclaredFeatures` field for Kubelet to publish node-specific features. - A library in `component-helpers` for feature registration and inference. - A scheduler plugin (`NodeDeclaredFeatures`) scheduler plugin to match pods with nodes that provide their required features. - An admission plugin (`NodeDeclaredFeatureValidator`) to validate pod updates against a node's declared features. ([kubernetes/kubernetes#133389](kubernetes/kubernetes#133389), [@pravk03](https://github.com/pravk03)) \[SIG API Machinery, Apps, Node, Release, Scheduling and Testing] - This change allows In Place Resize of Pod Level Resources - Add Resources in PodStatus to capture resources set at pod-level cgroup - Add AllocatedResources in PodStatus to capture resources requested in the PodSpec ([kubernetes/kubernetes#132919](kubernetes/kubernetes#132919), [@ndixita](https://github.com/ndixita)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Instrumentation, Node, Scheduling and Testing] - Updates to the Partitionable Devices feature which allows for referencing counter sets across different ResourceSlices within the same resource pool. Devices from incomplete pools are no longer considered for allocation. This contains backwards incompatible changes to the Partitionable Devices alpha feature, so any ResourceSlices that uses the feature should be removed prior to upgrading or downgrading between 1.34 and 1.35. ([kubernetes/kubernetes#134189](kubernetes/kubernetes#134189), [@mortent](https://github.com/mortent)) \[SIG API Machinery, Node, Scheduling and Testing] - Add ObservedGeneration to CustomResourceDefinition Conditions. ([kubernetes/kubernetes#134984](kubernetes/kubernetes#134984), [@michaelasp](https://github.com/michaelasp)) \[SIG API Machinery] - Add StorageVersionMigration v1beta1 api and remove the v1alpha API. Any use of the v1alpha1 api is no longer supported and users must remove any v1alpha1 resources prior to upgrade. ([kubernetes/kubernetes#134784](kubernetes/kubernetes#134784), [@michaelasp](https://github.com/michaelasp)) \[SIG API Machinery, Apps, Auth, Etcd and Testing] - CSI drivers can now opt-in to receive service account tokens via the secrets field instead of volume context by setting `spec.serviceAccountTokenInSecrets: true` in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the `CSIServiceAccountTokenSecrets` feature gate (Beta in v1.35). ([kubernetes/kubernetes#134826](kubernetes/kubernetes#134826), [@aramase](https://github.com/aramase)) \[SIG API Machinery, Auth, Storage and Testing] - DRA device taints: DeviceTaintRule status provided information about the rule, in particular whether pods still need to be evicted ("EvictionInProgress" condition). The new "None" effect can be used to preview what a DeviceTaintRule would do if it used the "NoExecute" effect and to taint devices ("device health") without immediately affecting scheduling or running pods. ([kubernetes/kubernetes#134152](kubernetes/kubernetes#134152), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Release, Scheduling and Testing] - DRA: the DynamicResourceAllocation feature gate for the core functionality (GA in 1.34) is now locked to enabled-by-default and thus cannot be disabled anymore. ([kubernetes/kubernetes#134452](kubernetes/kubernetes#134452), [@pohly](https://github.com/pohly)) \[SIG Auth, Node, Scheduling and Testing] - Forbid adding resources other than CPU & memory on pod resize. ([kubernetes/kubernetes#135084](kubernetes/kubernetes#135084), [@tallclair](https://github.com/tallclair)) \[SIG Apps, Node and Testing] - Implement constrained impersonation as described in <https://kep.k8s.io/5284> ([kubernetes/kubernetes#134803](kubernetes/kubernetes#134803), [@enj](https://github.com/enj)) \[SIG API Machinery, Auth and Testing] - Introduces a structured and versioned v1alpha1 response for flagz ([kubernetes/kubernetes#134995](kubernetes/kubernetes#134995), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduces a structured and versioned v1alpha1 response for statusz ([kubernetes/kubernetes#134313](kubernetes/kubernetes#134313), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - New `--min-compatibility-version` flag for apiserver, kcm and kube scheduler ([kubernetes/kubernetes#133980](kubernetes/kubernetes#133980), [@siyuanfoundation](https://github.com/siyuanfoundation)) \[SIG API Machinery, Architecture, Cluster Lifecycle, Etcd, Scheduling and Testing] - Promote PodObservedGenerationTracking to GA. ([kubernetes/kubernetes#134948](kubernetes/kubernetes#134948), [@natasha41575](https://github.com/natasha41575)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Promoted Job Managed By to general availability. The `JobManagedBy` feature gate is now locked to true, and will be removed in a future release of Kubernetes. ([kubernetes/kubernetes#135080](kubernetes/kubernetes#135080), [@dejanzele](https://github.com/dejanzele)) \[SIG API Machinery, Apps and Testing] - Promoted ReplicaSet and Deployment `.status.terminatingReplicas` tracking to beta. The `DeploymentReplicaSetTerminatingReplicas` feature gate is now enabled by default. ([kubernetes/kubernetes#133087](kubernetes/kubernetes#133087), [@atiratree](https://github.com/atiratree)) \[SIG API Machinery, Apps and Testing] - Scheduler: added a new `bindingTimeout` argument to the DynamicResources plugin configuration. This allows customizing the wait duration in PreBind for device binding conditions. Defaults to 10 minutes when DRADeviceBindingConditions and DRAResourceClaimDeviceStatus are both enabled. ([kubernetes/kubernetes#134905](kubernetes/kubernetes#134905), [@fj-naji](https://github.com/fj-naji)) \[SIG Node and Scheduling] - The Pod Certificates feature is moving to beta. The PodCertificateRequest feature gate is still set false by default. To use the feature, users will need to enable the certificates API groups in v1beta1 and enable the feature gate PodCertificateRequest. A new field UserAnnotations is added to the PodCertificateProjection API and the corresponding UnverifiedUserAnnotations is added to the PodCertificateRequest API. ([kubernetes/kubernetes#134624](kubernetes/kubernetes#134624), [@yt2985](https://github.com/yt2985)) \[SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node and Testing] - The StrictCostEnforcementForVAP and StrictCostEnforcementForWebhooks feature gates, locked on since 1.32, have been removed ([kubernetes/kubernetes#134994](kubernetes/kubernetes#134994), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Auth, Node and Testing] - The `PreferSameZone` and `PreferSameNode` values for Service's `trafficDistribution` field are now GA. The old value `PreferClose` is now deprecated in favor of the more-explicit `PreferSameZone`. ([kubernetes/kubernetes#134457](kubernetes/kubernetes#134457), [@danwinship](https://github.com/danwinship)) \[SIG API Machinery, Apps, Network and Testing] - Kube-apiserver: fix a possible panic validating a custom resource whose CustomResourceDefinition indicates a status subresource exists, but which does not define a `status` property in the `openAPIV3Schema` ([kubernetes/kubernetes#133721](kubernetes/kubernetes#133721), [@fusida](https://github.com/fusida)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] - Kubernetes API Go types removed runtime use of the github.com/gogo/protobuf library, and are no longer registered into the global gogo type registry. Kubernetes API Go types were not suitable for use with the google.golang.org/protobuf library, and no longer implement `ProtoMessage()` by default to avoid accidental incompatible use. If removal of these marker methods impacts your use, it can be re-enabled for one more release with a `kubernetes_protomessage_one_more_release` build tag, but will be removed in 1.36. ([kubernetes/kubernetes#134256](kubernetes/kubernetes#134256), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage] - Promoted HPA configurable tolerance to beta. The `HPAConfigurableTolerance` feature gate is now enabled by default. ([kubernetes/kubernetes#133128](kubernetes/kubernetes#133128), [@jm-franc](https://github.com/jm-franc)) \[SIG API Machinery and Autoscaling] - The MaxUnavailableStatefulSet feature is now beta and enabled by default. ([kubernetes/kubernetes#133153](kubernetes/kubernetes#133153), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery and Apps] - Added WithOrigin within apis/core/validation with adjusted tests ([kubernetes/kubernetes#132825](kubernetes/kubernetes#132825), [@PatrickLaabs](https://github.com/PatrickLaabs)) \[SIG Apps] - Component-base: validate that log-flush-frequency is positive and return an error instead of panic-ing ([kubernetes/kubernetes#133540](kubernetes/kubernetes#133540), [@BenTheElder](https://github.com/BenTheElder)) \[SIG Architecture, Instrumentation, Network and Node] - Feature gate dependencies are now explicit, and validated at startup. A feature can no longer be enabled if it depends on a disabled feature. In particular, this means that `AllAlpha=true` will no longer work without enabling disabled-by-default beta features that are depended on (either with `AllBeta=true` or explicitly enumerating the disabled dependencies). ([kubernetes/kubernetes#133697](kubernetes/kubernetes#133697), [@tallclair](https://github.com/tallclair)) \[SIG API Machinery, Architecture, Cluster Lifecycle and Node] - In version 1.34, the PodObservedGenerationTracking feature has been upgraded to beta, and the description of the alpha version in the openapi has been removed. ([kubernetes/kubernetes#133883](kubernetes/kubernetes#133883), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) \[SIG Apps] - Introduce a new declarative validation tag +k8s:customUnique to control listmap uniqueness ([kubernetes/kubernetes#134279](kubernetes/kubernetes#134279), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery and Auth] - Kube-apiserver: Fixed a 1.34 regression in CustomResourceDefinition handling that incorrectly warned about unrecognized formats on number and integer properties ([kubernetes/kubernetes#133896](kubernetes/kubernetes#133896), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Contributor Experience, Network, Node and Scheduling] - OpenAPI model packages of API types are generated into `zz_generated.model_name.go` files and are accessible using the `OpenAPIModelName()` function. This allows API authors to declare the desired OpenAPI model packages instead of using the go package path of API types. ([kubernetes/kubernetes#131755](kubernetes/kubernetes#131755), [@jpbetz](https://github.com/jpbetz)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Support for `kubectl get -o kyaml` is now on by default. To disable it, set `KUBECTL_KYAML=false`. ([kubernetes/kubernetes#133327](kubernetes/kubernetes#133327), [@thockin](https://github.com/thockin)) \[SIG CLI] - The storage version for MutatingAdmissionPolicy is updated to v1beta1. ([kubernetes/kubernetes#133715](kubernetes/kubernetes#133715), [@cici37](https://github.com/cici37)) \[SIG API Machinery, Etcd and Testing]
renovate Bot
added a commit
to sdwilsh/ansible-playbooks
that referenced
this pull request
Feb 21, 2026
##### [\`35.0.0\`](https://github.com/kubernetes-client/python/blob/HEAD/CHANGELOG.md#v3500snapshot) Kubernetes API Version: v1.35.0 ##### API Change - Added `ObservedGeneration` to CustomResourceDefinition conditions. ([kubernetes/kubernetes#134984](kubernetes/kubernetes#134984), [@michaelasp](https://github.com/michaelasp)) - Added `WithOrigin` within `apis/core/validation` with adjusted tests. ([kubernetes/kubernetes#132825](kubernetes/kubernetes#132825), [@PatrickLaabs](https://github.com/PatrickLaabs)) - Added scoring for the prioritized list feature so nodes that best satisfy the highest-ranked subrequests were chosen. ([kubernetes/kubernetes#134711](kubernetes/kubernetes#134711), [@mortent](https://github.com/mortent)) \[SIG Node, Scheduling and Testing] - Added the `--min-compatibility-version` flag to `kube-apiserver`, `kube-controller-manager`, and `kube-scheduler`. ([kubernetes/kubernetes#133980](kubernetes/kubernetes#133980), [@siyuanfoundation](https://github.com/siyuanfoundation)) \[SIG API Machinery, Architecture, Cluster Lifecycle, Etcd, Scheduling and Testing] - Added the `StorageVersionMigration` `v1beta1` API and removed the `v1alpha1` API. ACTION REQUIRED: The `v1alpha1` API is no longer supported. Users must remove any `v1alpha1` resources before upgrading. ([kubernetes/kubernetes#134784](kubernetes/kubernetes#134784), [@michaelasp](https://github.com/michaelasp)) \[SIG API Machinery, Apps, Auth, Etcd and Testing] - Added validation to ensure `log-flush-frequency` is a positive value, returning an error instead of causing a panic. ([kubernetes/kubernetes#133540](kubernetes/kubernetes#133540), [@BenTheElder](https://github.com/BenTheElder)) \[SIG Architecture, Instrumentation, Network and Node] - All containers are restarted when a source container in a restart policy rule exits. This alpha feature is gated behind `RestartAllContainersOnContainerExit`. ([kubernetes/kubernetes#134345](kubernetes/kubernetes#134345), [@yuanwang04](https://github.com/yuanwang04)) \[SIG Apps, Node and Testing] - CSI drivers can now opt in to receive service account tokens via the secrets field instead of volume context by setting `spec.serviceAccountTokenInSecrets: true` in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the `CSIServiceAccountTokenSecrets` feature gate (beta in `v1.35`). ([kubernetes/kubernetes#134826](kubernetes/kubernetes#134826), [@aramase](https://github.com/aramase)) \[SIG API Machinery, Auth, Storage and Testing] - Changed kuberc configuration schema. Two new optional fields added to kuberc configuration, `credPluginPolicy` and `credPluginAllowlist`. This is documented in [KEP-3104](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cli/3104-introduce-kuberc/README.md#allowlist-design-details) and documentation is added to the website by [kubernetes/website#52877](kubernetes/website#52877) ([kubernetes/kubernetes#134870](kubernetes/kubernetes#134870), [@pmengelbert](https://github.com/pmengelbert)) \[SIG API Machinery, Architecture, Auth, CLI, Instrumentation and Testing] - DRA device taints: `DeviceTaintRule` status provides information about the rule, including whether Pods still need to be evicted (`EvictionInProgress` condition). The newly added `None` effect can be used to preview what a `DeviceTaintRule` would do if it used the `NoExecute` effect and to taint devices (`device health`) without immediately affecting scheduling or running Pods. ([kubernetes/kubernetes#134152](kubernetes/kubernetes#134152), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Release, Scheduling and Testing] - DRA: The `DynamicResourceAllocation` feature gate for the core functionality (GA in `v1.34`) has now been locked to enabled-by-default and cannot be disabled anymore. ([kubernetes/kubernetes#134452](kubernetes/kubernetes#134452), [@pohly](https://github.com/pohly)) \[SIG Auth, Node, Scheduling and Testing] - Enabled `kubectl get -o kyaml` by default. To disable it, set `KUBECTL_KYAML=false`. ([kubernetes/kubernetes#133327](kubernetes/kubernetes#133327), [@thockin](https://github.com/thockin)) - Enabled in-place resizing of pod-level resources. - Added `Resources` in `PodStatus` to capture resources set in the pod-level cgroup. - Added `AllocatedResources` in `PodStatus` to capture resources requested in the `PodSpec`. ([kubernetes/kubernetes#132919](kubernetes/kubernetes#132919), [@ndixita](https://github.com/ndixita)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Instrumentation, Node, Scheduling and Testing] - Enabled the `NominatedNodeNameForExpectation` feature in kube-scheduler by default. - Enabled the `ClearingNominatedNodeNameAfterBinding` feature in kube-apiserver by default. ([kubernetes/kubernetes#135103](kubernetes/kubernetes#135103), [@ania-borowiec](https://github.com/ania-borowiec)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Enhanced discovery responses to merge API groups and resources from all peer apiservers when the `UnknownVersionInteroperabilityProxy` feature is enabled. ([kubernetes/kubernetes#133648](kubernetes/kubernetes#133648), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Auth, Cloud Provider, Node, Scheduling and Testing] - Extended `core/v1` `Toleration` to support numeric comparison operators (`Gt`,`Lt`). ([kubernetes/kubernetes#134665](kubernetes/kubernetes#134665), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery, Apps, Node, Scheduling, Testing and Windows] - Feature gate dependencies are now explicit, and validated at startup. A feature can no longer be enabled if it depends on a disabled feature. In particular, this means that `AllAlpha=true` will no longer work without enabling disabled-by-default beta features that are depended on (either with `AllBeta=true` or explicitly enumerating the disabled dependencies). ([kubernetes/kubernetes#133697](kubernetes/kubernetes#133697), [@tallclair](https://github.com/tallclair)) \[SIG API Machinery, Architecture, Cluster Lifecycle and Node] - Generated OpenAPI model packages for API types into `zz_generated.model_name.go` files, accessible via the `OpenAPIModelName()` function. This allows API authors to declare desired OpenAPI model packages instead of relying on the Go package path of API types. ([kubernetes/kubernetes#131755](kubernetes/kubernetes#131755), [@jpbetz](https://github.com/jpbetz)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Implemented constrained impersonation as described in [KEP-5284](https://kep.k8s.io/5284). ([kubernetes/kubernetes#134803](kubernetes/kubernetes#134803), [@enj](https://github.com/enj)) \[SIG API Machinery, Auth and Testing] - Introduced a new declarative validation tag `+k8s:customUnique` to control listmap uniqueness. ([kubernetes/kubernetes#134279](kubernetes/kubernetes#134279), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery and Auth] - Introduced a structured and versioned `v1alpha1` response for the `statusz` endpoint. ([kubernetes/kubernetes#134313](kubernetes/kubernetes#134313), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduced a structured and versioned `v1alpha1` response format for the `flagz` endpoint. ([kubernetes/kubernetes#134995](kubernetes/kubernetes#134995), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduced the GangScheduling kube-scheduler plugin to support "all-or-nothing" scheduling using the `scheduling.k8s.io/v1alpha1` Workload API. ([kubernetes/kubernetes#134722](kubernetes/kubernetes#134722), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, Auth, CLI, Etcd, Scheduling and Testing] - Introduced the Node Declared Features capability (alpha), which includes: - A new `Node.Status.DeclaredFeatures` field for publishing node-specific features. - A `component-helpers` library for feature registration and inference. - A `NodeDeclaredFeatures` scheduler plugin to match pods with nodes that provide required features. - A `NodeDeclaredFeatureValidator` admission plugin to validate pod updates against a node's declared features. ([kubernetes/kubernetes#133389](kubernetes/kubernetes#133389), [@pravk03](https://github.com/pravk03)) \[SIG API Machinery, Apps, Node, Release, Scheduling and Testing] - Introduced the `scheduling.k8s.io/v1alpha1` Workload API to express workload-level scheduling requirements and allow the kube-scheduler to act on them. ([kubernetes/kubernetes#134564](kubernetes/kubernetes#134564), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, CLI, Etcd, Scheduling and Testing] - Introduced the alpha `MutableSchedulingDirectivesForSuspendedJobs` feature gate (disabled by default), which allows mutating a Job's scheduling directives while the Job is suspended. It also updates the Job controller to clears the `status.startTime` field for suspended Jobs. ([kubernetes/kubernetes#135104](kubernetes/kubernetes#135104), [@mimowo](https://github.com/mimowo)) \[SIG Apps and Testing] - Kube-apiserver: Fixed a `v1.34` regression in `CustomResourceDefinition` handling that incorrectly warned about unrecognized formats on number and integer properties. ([kubernetes/kubernetes#133896](kubernetes/kubernetes#133896), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Contributor Experience, Network, Node and Scheduling] - Kube-apiserver: Fixed a possible panic validating a custom resource whose `CustomResourceDefinition` indicates a status subresource exists, but which does not define a `status` property in the `openAPIV3Schema`. ([kubernetes/kubernetes#133721](kubernetes/kubernetes#133721), [@fusida](https://github.com/fusida)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] - Kubernetes API Go types removed runtime use of the `github.com/gogo/protobuf` library, and are no longer registered into the global gogo type registry. Kubernetes API Go types were not suitable for use with the `google.golang.org/protobuf` library, and no longer implement `ProtoMessage()` by default to avoid accidental incompatible use. If removal of these marker methods impacts your use, it can be re-enabled for one more release with a `kubernetes_protomessage_one_more_release` build tag, but will be removed in `v1.36`. ([kubernetes/kubernetes#134256](kubernetes/kubernetes#134256), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage] - Made node affinity in Persistent Volume mutable. ([kubernetes/kubernetes#134339](kubernetes/kubernetes#134339), [@huww98](https://github.com/huww98)) \[SIG API Machinery, Apps and Node] - Moved the `ImagePullIntent` and `ImagePulledRecord` objects used by the kubelet to track image pulls to the `v1beta1` API version. ([kubernetes/kubernetes#132579](kubernetes/kubernetes#132579), [@stlaz](https://github.com/stlaz)) \[SIG Auth and Node] - Pod resize now only allows CPU and memory resources; other resource types are forbidden. ([kubernetes/kubernetes#135084](kubernetes/kubernetes#135084), [@tallclair](https://github.com/tallclair)) \[SIG Apps, Node and Testing] - Prevented Pods from being scheduled onto nodes that lack the required CSI driver. ([kubernetes/kubernetes#135012](kubernetes/kubernetes#135012), [@gnufied](https://github.com/gnufied)) \[SIG API Machinery, Scheduling, Storage and Testing] - Promoted HPA configurable tolerance to beta. The `HPAConfigurableTolerance` feature gate has now been enabled by default. ([kubernetes/kubernetes#133128](kubernetes/kubernetes#133128), [@jm-franc](https://github.com/jm-franc)) \[SIG API Machinery and Autoscaling] - Promoted ReplicaSet and Deployment `.status.terminatingReplicas` tracking to beta. The `DeploymentReplicaSetTerminatingReplicas` feature gate is now enabled by default. ([kubernetes/kubernetes#133087](kubernetes/kubernetes#133087), [@atiratree](https://github.com/atiratree)) \[SIG API Machinery, Apps and Testing] - Promoted `PodObservedGenerationTracking` to GA. ([kubernetes/kubernetes#134948](kubernetes/kubernetes#134948), [@natasha41575](https://github.com/natasha41575)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Promoted the `JobManagedBy` feature to general availability. The `JobManagedBy` feature gate was locked to `true` and will be removed in a future Kubernetes release. ([kubernetes/kubernetes#135080](kubernetes/kubernetes#135080), [@dejanzele](https://github.com/dejanzele)) \[SIG API Machinery, Apps and Testing] - Promoted the `MaxUnavailableStatefulSet` feature to beta and enabling it by default. ([kubernetes/kubernetes#133153](kubernetes/kubernetes#133153), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery and Apps] - Removed the `StrictCostEnforcementForVAP` and `StrictCostEnforcementForWebhooks` feature gates, which were locked since `v1.32`. ([kubernetes/kubernetes#134994](kubernetes/kubernetes#134994), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Auth, Node and Testing] - Scheduler: Added the `bindingTimeout` argument to the DynamicResources plugin configuration, allowing customization of the wait duration in `PreBind` for device binding conditions. Defaults to 10 minutes when `DRADeviceBindingConditions` and `DRAResourceClaimDeviceStatus` are both enabled. ([kubernetes/kubernetes#134905](kubernetes/kubernetes#134905), [@fj-naji](https://github.com/fj-naji)) \[SIG Node and Scheduling] - The DRA device taints and toleration feature received a separate feature gate, `DRADeviceTaintRules`, which controlled support for `DeviceTaintRules`. This allowed disabling it while keeping `DRADeviceTaints` enabled so that tainting via `ResourceSlices` continued to work. ([kubernetes/kubernetes#135068](kubernetes/kubernetes#135068), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Scheduling and Testing] - The Pod Certificates feature moved to beta. The `PodCertificateRequest` feature gate is set disabled by default. To use the feature, users must enable the certificates API groups in `v1beta1` and enable the `PodCertificateRequest` feature gate. The `UserAnnotations` field was added to the `PodCertificateProjection` API and the corresponding `UnverifiedUserAnnotations` field was added to the `PodCertificateRequest` API. ([kubernetes/kubernetes#134624](kubernetes/kubernetes#134624), [@yt2985](https://github.com/yt2985)) \[SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node and Testing] - The `KubeletEnsureSecretPulledImages` feature was promoted to Beta and enabled by default. ([kubernetes/kubernetes#135228](kubernetes/kubernetes#135228), [@aramase](https://github.com/aramase)) \[SIG Auth, Node and Testing] - The `PreferSameZone` and `PreferSameNode` values for the Service `trafficDistribution` field graduated to general availability. The `PreferClose` value is now deprecated in favor of the more explicit `PreferSameZone`. ([kubernetes/kubernetes#134457](kubernetes/kubernetes#134457), [@danwinship](https://github.com/danwinship)) \[SIG API Machinery, Apps, Network and Testing] - Updated `ResourceQuota` to count device class requests within a `ResourceClaim` as two additional quotas when the `DRAExtendedResource` feature is enabled: - `requests.deviceclass.resource.k8s.io/<deviceclass>` is charged based on the worst-case number of devices requested. - Device classes mapping to an extended resource now consume `requests.<extended resource name>`. ([kubernetes/kubernetes#134210](kubernetes/kubernetes#134210), [@yliaog](https://github.com/yliaog)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Updated storage version for `MutatingAdmissionPolicy` to `v1beta1`. ([kubernetes/kubernetes#133715](kubernetes/kubernetes#133715), [@cici37](https://github.com/cici37)) \[SIG API Machinery, Etcd and Testing] - Updated the Partitionable Devices feature to support referencing counter sets across ResourceSlices within the same resource pool. Devices from incomplete pools were no longer considered for allocation. This change introduced backwards-incompatible updates to the alpha feature, requiring any ResourceSlices using it to be removed before upgrading or downgrading between v1.34 and v1.35. ([kubernetes/kubernetes#134189](kubernetes/kubernetes#134189), [@mortent](https://github.com/mortent)) \[SIG API Machinery, Node, Scheduling and Testing] - Upgraded the `PodObservedGenerationTracking` feature to beta in `v1.34` and removed the alpha version description from the OpenAPI specification. ([kubernetes/kubernetes#133883](kubernetes/kubernetes#133883), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) - Add scoring for the prioritized list feature so that the node that can satisfy the best ranked subrequests are chosen. ([kubernetes/kubernetes#134711](kubernetes/kubernetes#134711), [@mortent](https://github.com/mortent)) \[SIG Node, Scheduling and Testing] - Allows restart all containers when the source container exits with a matching restart policy rule. This is an alpha feature behind feature gate RestartAllContainersOnContainerExit. ([kubernetes/kubernetes#134345](kubernetes/kubernetes#134345), [@yuanwang04](https://github.com/yuanwang04)) \[SIG Apps, Node and Testing] - Changed kuberc configuration schema. Two new optional fields added to kuberc configuration, `credPluginPolicy` and `credPluginAllowlist`. This is documented in [KEP-3104](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cli/3104-introduce-kuberc/README.md#allowlist-design-details) and documentation is added to the website by [kubernetes/website#52877](kubernetes/website#52877) ([kubernetes/kubernetes#134870](kubernetes/kubernetes#134870), [@pmengelbert](https://github.com/pmengelbert)) \[SIG API Machinery, Architecture, Auth, CLI, Instrumentation and Testing] - Enhanced discovery response to support merged API groups/resources from all peer apiservers when UnknownVersionInteroperabilityProxy feature is enabled ([kubernetes/kubernetes#133648](kubernetes/kubernetes#133648), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Auth, Cloud Provider, Node, Scheduling and Testing] - Extend `core/v1 Toleration` to support numeric comparison operators (`Gt`, `Lt`). ([kubernetes/kubernetes#134665](kubernetes/kubernetes#134665), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery, Apps, Node, Scheduling, Testing and Windows] - Features: NominatedNodeNameForExpectation in kube-scheduler and CleaeringNominatedNodeNameAfterBinding in kube-apiserver are now enabled by default. ([kubernetes/kubernetes#135103](kubernetes/kubernetes#135103), [@ania-borowiec](https://github.com/ania-borowiec)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Implement changes to prevent pod scheduling to a node without CSI driver ([kubernetes/kubernetes#135012](kubernetes/kubernetes#135012), [@gnufied](https://github.com/gnufied)) \[SIG API Machinery, Scheduling, Storage and Testing] - Introduce scheduling.k8s.io/v1alpha1 Workload API to allow for expressing workload-level scheduling requirements and let kube-scheduler act on those. ([kubernetes/kubernetes#134564](kubernetes/kubernetes#134564), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, CLI, Etcd, Scheduling and Testing] - Introduce the alpha MutableSchedulingDirectivesForSuspendedJobs feature gate (disabled by default) which: 1. allows to mutate Job's scheduling directives for suspended Jobs 2. makes the Job controller to clear the status.startTime field for suspended Jobs ([kubernetes/kubernetes#135104](kubernetes/kubernetes#135104), [@mimowo](https://github.com/mimowo)) \[SIG Apps and Testing] - Introduced GangScheduling kube-scheduler plugin to enable "all-or-nothing" scheduling. Workload API in scheduling.k8s.io/v1alpha1 is used to express the desired policy. ([kubernetes/kubernetes#134722](kubernetes/kubernetes#134722), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, Auth, CLI, Etcd, Scheduling and Testing] - PV node affinity is now mutable. ([kubernetes/kubernetes#134339](kubernetes/kubernetes#134339), [@huww98](https://github.com/huww98)) \[SIG API Machinery, Apps and Node] - ResourceQuota now counts device class requests within a ResourceClaim object as consuming two additional quotas when the DRAExtendedResource feature is enabled: - `requests.deviceclass.resource.k8s.io/<deviceclass>` with a quantity equal to the worst case count of devices requested - requests for device classes that map to an extended resource consume `requests.<extended resource name>` ([kubernetes/kubernetes#134210](kubernetes/kubernetes#134210), [@yliaog](https://github.com/yliaog)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - The DRA device taints and toleration feature now has a separate feature gate, DRADeviceTaintRules, which controls whether support for DeviceTaintRules is enabled. It is possible to disable that and keep DRADeviceTaints enabled, in which case tainting by DRA drivers through ResourceSlices continues to work. ([kubernetes/kubernetes#135068](kubernetes/kubernetes#135068), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Scheduling and Testing] - The ImagePullIntent and ImagePulledRecord objects used by kubelet to store information about image pulls have been moved to the v1beta1 API version. ([kubernetes/kubernetes#132579](kubernetes/kubernetes#132579), [@stlaz](https://github.com/stlaz)) \[SIG Auth and Node] - The KubeletEnsureSecretPulledImages feature is now beta and enabled by default. ([kubernetes/kubernetes#135228](kubernetes/kubernetes#135228), [@aramase](https://github.com/aramase)) \[SIG Auth, Node and Testing] - This change adds a new alpha feature Node Declared Features, which includes: - A new `Node.Status.DeclaredFeatures` field for Kubelet to publish node-specific features. - A library in `component-helpers` for feature registration and inference. - A scheduler plugin (`NodeDeclaredFeatures`) scheduler plugin to match pods with nodes that provide their required features. - An admission plugin (`NodeDeclaredFeatureValidator`) to validate pod updates against a node's declared features. ([kubernetes/kubernetes#133389](kubernetes/kubernetes#133389), [@pravk03](https://github.com/pravk03)) \[SIG API Machinery, Apps, Node, Release, Scheduling and Testing] - This change allows In Place Resize of Pod Level Resources - Add Resources in PodStatus to capture resources set at pod-level cgroup - Add AllocatedResources in PodStatus to capture resources requested in the PodSpec ([kubernetes/kubernetes#132919](kubernetes/kubernetes#132919), [@ndixita](https://github.com/ndixita)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Instrumentation, Node, Scheduling and Testing] - Updates to the Partitionable Devices feature which allows for referencing counter sets across different ResourceSlices within the same resource pool. Devices from incomplete pools are no longer considered for allocation. This contains backwards incompatible changes to the Partitionable Devices alpha feature, so any ResourceSlices that uses the feature should be removed prior to upgrading or downgrading between 1.34 and 1.35. ([kubernetes/kubernetes#134189](kubernetes/kubernetes#134189), [@mortent](https://github.com/mortent)) \[SIG API Machinery, Node, Scheduling and Testing] - Add ObservedGeneration to CustomResourceDefinition Conditions. ([kubernetes/kubernetes#134984](kubernetes/kubernetes#134984), [@michaelasp](https://github.com/michaelasp)) \[SIG API Machinery] - Add StorageVersionMigration v1beta1 api and remove the v1alpha API. Any use of the v1alpha1 api is no longer supported and users must remove any v1alpha1 resources prior to upgrade. ([kubernetes/kubernetes#134784](kubernetes/kubernetes#134784), [@michaelasp](https://github.com/michaelasp)) \[SIG API Machinery, Apps, Auth, Etcd and Testing] - CSI drivers can now opt-in to receive service account tokens via the secrets field instead of volume context by setting `spec.serviceAccountTokenInSecrets: true` in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the `CSIServiceAccountTokenSecrets` feature gate (Beta in v1.35). ([kubernetes/kubernetes#134826](kubernetes/kubernetes#134826), [@aramase](https://github.com/aramase)) \[SIG API Machinery, Auth, Storage and Testing] - DRA device taints: DeviceTaintRule status provided information about the rule, in particular whether pods still need to be evicted ("EvictionInProgress" condition). The new "None" effect can be used to preview what a DeviceTaintRule would do if it used the "NoExecute" effect and to taint devices ("device health") without immediately affecting scheduling or running pods. ([kubernetes/kubernetes#134152](kubernetes/kubernetes#134152), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Release, Scheduling and Testing] - DRA: the DynamicResourceAllocation feature gate for the core functionality (GA in 1.34) is now locked to enabled-by-default and thus cannot be disabled anymore. ([kubernetes/kubernetes#134452](kubernetes/kubernetes#134452), [@pohly](https://github.com/pohly)) \[SIG Auth, Node, Scheduling and Testing] - Forbid adding resources other than CPU & memory on pod resize. ([kubernetes/kubernetes#135084](kubernetes/kubernetes#135084), [@tallclair](https://github.com/tallclair)) \[SIG Apps, Node and Testing] - Implement constrained impersonation as described in <https://kep.k8s.io/5284> ([kubernetes/kubernetes#134803](kubernetes/kubernetes#134803), [@enj](https://github.com/enj)) \[SIG API Machinery, Auth and Testing] - Introduces a structured and versioned v1alpha1 response for flagz ([kubernetes/kubernetes#134995](kubernetes/kubernetes#134995), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduces a structured and versioned v1alpha1 response for statusz ([kubernetes/kubernetes#134313](kubernetes/kubernetes#134313), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - New `--min-compatibility-version` flag for apiserver, kcm and kube scheduler ([kubernetes/kubernetes#133980](kubernetes/kubernetes#133980), [@siyuanfoundation](https://github.com/siyuanfoundation)) \[SIG API Machinery, Architecture, Cluster Lifecycle, Etcd, Scheduling and Testing] - Promote PodObservedGenerationTracking to GA. ([kubernetes/kubernetes#134948](kubernetes/kubernetes#134948), [@natasha41575](https://github.com/natasha41575)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Promoted Job Managed By to general availability. The `JobManagedBy` feature gate is now locked to true, and will be removed in a future release of Kubernetes. ([kubernetes/kubernetes#135080](kubernetes/kubernetes#135080), [@dejanzele](https://github.com/dejanzele)) \[SIG API Machinery, Apps and Testing] - Promoted ReplicaSet and Deployment `.status.terminatingReplicas` tracking to beta. The `DeploymentReplicaSetTerminatingReplicas` feature gate is now enabled by default. ([kubernetes/kubernetes#133087](kubernetes/kubernetes#133087), [@atiratree](https://github.com/atiratree)) \[SIG API Machinery, Apps and Testing] - Scheduler: added a new `bindingTimeout` argument to the DynamicResources plugin configuration. This allows customizing the wait duration in PreBind for device binding conditions. Defaults to 10 minutes when DRADeviceBindingConditions and DRAResourceClaimDeviceStatus are both enabled. ([kubernetes/kubernetes#134905](kubernetes/kubernetes#134905), [@fj-naji](https://github.com/fj-naji)) \[SIG Node and Scheduling] - The Pod Certificates feature is moving to beta. The PodCertificateRequest feature gate is still set false by default. To use the feature, users will need to enable the certificates API groups in v1beta1 and enable the feature gate PodCertificateRequest. A new field UserAnnotations is added to the PodCertificateProjection API and the corresponding UnverifiedUserAnnotations is added to the PodCertificateRequest API. ([kubernetes/kubernetes#134624](kubernetes/kubernetes#134624), [@yt2985](https://github.com/yt2985)) \[SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node and Testing] - The StrictCostEnforcementForVAP and StrictCostEnforcementForWebhooks feature gates, locked on since 1.32, have been removed ([kubernetes/kubernetes#134994](kubernetes/kubernetes#134994), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Auth, Node and Testing] - The `PreferSameZone` and `PreferSameNode` values for Service's `trafficDistribution` field are now GA. The old value `PreferClose` is now deprecated in favor of the more-explicit `PreferSameZone`. ([kubernetes/kubernetes#134457](kubernetes/kubernetes#134457), [@danwinship](https://github.com/danwinship)) \[SIG API Machinery, Apps, Network and Testing] - Kube-apiserver: fix a possible panic validating a custom resource whose CustomResourceDefinition indicates a status subresource exists, but which does not define a `status` property in the `openAPIV3Schema` ([kubernetes/kubernetes#133721](kubernetes/kubernetes#133721), [@fusida](https://github.com/fusida)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] - Kubernetes API Go types removed runtime use of the github.com/gogo/protobuf library, and are no longer registered into the global gogo type registry. Kubernetes API Go types were not suitable for use with the google.golang.org/protobuf library, and no longer implement `ProtoMessage()` by default to avoid accidental incompatible use. If removal of these marker methods impacts your use, it can be re-enabled for one more release with a `kubernetes_protomessage_one_more_release` build tag, but will be removed in 1.36. ([kubernetes/kubernetes#134256](kubernetes/kubernetes#134256), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage] - Promoted HPA configurable tolerance to beta. The `HPAConfigurableTolerance` feature gate is now enabled by default. ([kubernetes/kubernetes#133128](kubernetes/kubernetes#133128), [@jm-franc](https://github.com/jm-franc)) \[SIG API Machinery and Autoscaling] - The MaxUnavailableStatefulSet feature is now beta and enabled by default. ([kubernetes/kubernetes#133153](kubernetes/kubernetes#133153), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery and Apps] - Added WithOrigin within apis/core/validation with adjusted tests ([kubernetes/kubernetes#132825](kubernetes/kubernetes#132825), [@PatrickLaabs](https://github.com/PatrickLaabs)) \[SIG Apps] - Component-base: validate that log-flush-frequency is positive and return an error instead of panic-ing ([kubernetes/kubernetes#133540](kubernetes/kubernetes#133540), [@BenTheElder](https://github.com/BenTheElder)) \[SIG Architecture, Instrumentation, Network and Node] - Feature gate dependencies are now explicit, and validated at startup. A feature can no longer be enabled if it depends on a disabled feature. In particular, this means that `AllAlpha=true` will no longer work without enabling disabled-by-default beta features that are depended on (either with `AllBeta=true` or explicitly enumerating the disabled dependencies). ([kubernetes/kubernetes#133697](kubernetes/kubernetes#133697), [@tallclair](https://github.com/tallclair)) \[SIG API Machinery, Architecture, Cluster Lifecycle and Node] - In version 1.34, the PodObservedGenerationTracking feature has been upgraded to beta, and the description of the alpha version in the openapi has been removed. ([kubernetes/kubernetes#133883](kubernetes/kubernetes#133883), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) \[SIG Apps] - Introduce a new declarative validation tag +k8s:customUnique to control listmap uniqueness ([kubernetes/kubernetes#134279](kubernetes/kubernetes#134279), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery and Auth] - Kube-apiserver: Fixed a 1.34 regression in CustomResourceDefinition handling that incorrectly warned about unrecognized formats on number and integer properties ([kubernetes/kubernetes#133896](kubernetes/kubernetes#133896), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Contributor Experience, Network, Node and Scheduling] - OpenAPI model packages of API types are generated into `zz_generated.model_name.go` files and are accessible using the `OpenAPIModelName()` function. This allows API authors to declare the desired OpenAPI model packages instead of using the go package path of API types. ([kubernetes/kubernetes#131755](kubernetes/kubernetes#131755), [@jpbetz](https://github.com/jpbetz)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Support for `kubectl get -o kyaml` is now on by default. To disable it, set `KUBECTL_KYAML=false`. ([kubernetes/kubernetes#133327](kubernetes/kubernetes#133327), [@thockin](https://github.com/thockin)) \[SIG CLI] - The storage version for MutatingAdmissionPolicy is updated to v1beta1. ([kubernetes/kubernetes#133715](kubernetes/kubernetes#133715), [@cici37](https://github.com/cici37)) \[SIG API Machinery, Etcd and Testing]
sdwilsh
pushed a commit
to sdwilsh/ansible-playbooks
that referenced
this pull request
Feb 26, 2026
##### [\`35.0.0\`](https://github.com/kubernetes-client/python/blob/HEAD/CHANGELOG.md#v3500snapshot) Kubernetes API Version: v1.35.0 ##### API Change - Added `ObservedGeneration` to CustomResourceDefinition conditions. ([kubernetes/kubernetes#134984](kubernetes/kubernetes#134984), [@michaelasp](https://github.com/michaelasp)) - Added `WithOrigin` within `apis/core/validation` with adjusted tests. ([kubernetes/kubernetes#132825](kubernetes/kubernetes#132825), [@PatrickLaabs](https://github.com/PatrickLaabs)) - Added scoring for the prioritized list feature so nodes that best satisfy the highest-ranked subrequests were chosen. ([kubernetes/kubernetes#134711](kubernetes/kubernetes#134711), [@mortent](https://github.com/mortent)) \[SIG Node, Scheduling and Testing] - Added the `--min-compatibility-version` flag to `kube-apiserver`, `kube-controller-manager`, and `kube-scheduler`. ([kubernetes/kubernetes#133980](kubernetes/kubernetes#133980), [@siyuanfoundation](https://github.com/siyuanfoundation)) \[SIG API Machinery, Architecture, Cluster Lifecycle, Etcd, Scheduling and Testing] - Added the `StorageVersionMigration` `v1beta1` API and removed the `v1alpha1` API. ACTION REQUIRED: The `v1alpha1` API is no longer supported. Users must remove any `v1alpha1` resources before upgrading. ([kubernetes/kubernetes#134784](kubernetes/kubernetes#134784), [@michaelasp](https://github.com/michaelasp)) \[SIG API Machinery, Apps, Auth, Etcd and Testing] - Added validation to ensure `log-flush-frequency` is a positive value, returning an error instead of causing a panic. ([kubernetes/kubernetes#133540](kubernetes/kubernetes#133540), [@BenTheElder](https://github.com/BenTheElder)) \[SIG Architecture, Instrumentation, Network and Node] - All containers are restarted when a source container in a restart policy rule exits. This alpha feature is gated behind `RestartAllContainersOnContainerExit`. ([kubernetes/kubernetes#134345](kubernetes/kubernetes#134345), [@yuanwang04](https://github.com/yuanwang04)) \[SIG Apps, Node and Testing] - CSI drivers can now opt in to receive service account tokens via the secrets field instead of volume context by setting `spec.serviceAccountTokenInSecrets: true` in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the `CSIServiceAccountTokenSecrets` feature gate (beta in `v1.35`). ([kubernetes/kubernetes#134826](kubernetes/kubernetes#134826), [@aramase](https://github.com/aramase)) \[SIG API Machinery, Auth, Storage and Testing] - Changed kuberc configuration schema. Two new optional fields added to kuberc configuration, `credPluginPolicy` and `credPluginAllowlist`. This is documented in [KEP-3104](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cli/3104-introduce-kuberc/README.md#allowlist-design-details) and documentation is added to the website by [kubernetes/website#52877](kubernetes/website#52877) ([kubernetes/kubernetes#134870](kubernetes/kubernetes#134870), [@pmengelbert](https://github.com/pmengelbert)) \[SIG API Machinery, Architecture, Auth, CLI, Instrumentation and Testing] - DRA device taints: `DeviceTaintRule` status provides information about the rule, including whether Pods still need to be evicted (`EvictionInProgress` condition). The newly added `None` effect can be used to preview what a `DeviceTaintRule` would do if it used the `NoExecute` effect and to taint devices (`device health`) without immediately affecting scheduling or running Pods. ([kubernetes/kubernetes#134152](kubernetes/kubernetes#134152), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Release, Scheduling and Testing] - DRA: The `DynamicResourceAllocation` feature gate for the core functionality (GA in `v1.34`) has now been locked to enabled-by-default and cannot be disabled anymore. ([kubernetes/kubernetes#134452](kubernetes/kubernetes#134452), [@pohly](https://github.com/pohly)) \[SIG Auth, Node, Scheduling and Testing] - Enabled `kubectl get -o kyaml` by default. To disable it, set `KUBECTL_KYAML=false`. ([kubernetes/kubernetes#133327](kubernetes/kubernetes#133327), [@thockin](https://github.com/thockin)) - Enabled in-place resizing of pod-level resources. - Added `Resources` in `PodStatus` to capture resources set in the pod-level cgroup. - Added `AllocatedResources` in `PodStatus` to capture resources requested in the `PodSpec`. ([kubernetes/kubernetes#132919](kubernetes/kubernetes#132919), [@ndixita](https://github.com/ndixita)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Instrumentation, Node, Scheduling and Testing] - Enabled the `NominatedNodeNameForExpectation` feature in kube-scheduler by default. - Enabled the `ClearingNominatedNodeNameAfterBinding` feature in kube-apiserver by default. ([kubernetes/kubernetes#135103](kubernetes/kubernetes#135103), [@ania-borowiec](https://github.com/ania-borowiec)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Enhanced discovery responses to merge API groups and resources from all peer apiservers when the `UnknownVersionInteroperabilityProxy` feature is enabled. ([kubernetes/kubernetes#133648](kubernetes/kubernetes#133648), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Auth, Cloud Provider, Node, Scheduling and Testing] - Extended `core/v1` `Toleration` to support numeric comparison operators (`Gt`,`Lt`). ([kubernetes/kubernetes#134665](kubernetes/kubernetes#134665), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery, Apps, Node, Scheduling, Testing and Windows] - Feature gate dependencies are now explicit, and validated at startup. A feature can no longer be enabled if it depends on a disabled feature. In particular, this means that `AllAlpha=true` will no longer work without enabling disabled-by-default beta features that are depended on (either with `AllBeta=true` or explicitly enumerating the disabled dependencies). ([kubernetes/kubernetes#133697](kubernetes/kubernetes#133697), [@tallclair](https://github.com/tallclair)) \[SIG API Machinery, Architecture, Cluster Lifecycle and Node] - Generated OpenAPI model packages for API types into `zz_generated.model_name.go` files, accessible via the `OpenAPIModelName()` function. This allows API authors to declare desired OpenAPI model packages instead of relying on the Go package path of API types. ([kubernetes/kubernetes#131755](kubernetes/kubernetes#131755), [@jpbetz](https://github.com/jpbetz)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Implemented constrained impersonation as described in [KEP-5284](https://kep.k8s.io/5284). ([kubernetes/kubernetes#134803](kubernetes/kubernetes#134803), [@enj](https://github.com/enj)) \[SIG API Machinery, Auth and Testing] - Introduced a new declarative validation tag `+k8s:customUnique` to control listmap uniqueness. ([kubernetes/kubernetes#134279](kubernetes/kubernetes#134279), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery and Auth] - Introduced a structured and versioned `v1alpha1` response for the `statusz` endpoint. ([kubernetes/kubernetes#134313](kubernetes/kubernetes#134313), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduced a structured and versioned `v1alpha1` response format for the `flagz` endpoint. ([kubernetes/kubernetes#134995](kubernetes/kubernetes#134995), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduced the GangScheduling kube-scheduler plugin to support "all-or-nothing" scheduling using the `scheduling.k8s.io/v1alpha1` Workload API. ([kubernetes/kubernetes#134722](kubernetes/kubernetes#134722), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, Auth, CLI, Etcd, Scheduling and Testing] - Introduced the Node Declared Features capability (alpha), which includes: - A new `Node.Status.DeclaredFeatures` field for publishing node-specific features. - A `component-helpers` library for feature registration and inference. - A `NodeDeclaredFeatures` scheduler plugin to match pods with nodes that provide required features. - A `NodeDeclaredFeatureValidator` admission plugin to validate pod updates against a node's declared features. ([kubernetes/kubernetes#133389](kubernetes/kubernetes#133389), [@pravk03](https://github.com/pravk03)) \[SIG API Machinery, Apps, Node, Release, Scheduling and Testing] - Introduced the `scheduling.k8s.io/v1alpha1` Workload API to express workload-level scheduling requirements and allow the kube-scheduler to act on them. ([kubernetes/kubernetes#134564](kubernetes/kubernetes#134564), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, CLI, Etcd, Scheduling and Testing] - Introduced the alpha `MutableSchedulingDirectivesForSuspendedJobs` feature gate (disabled by default), which allows mutating a Job's scheduling directives while the Job is suspended. It also updates the Job controller to clears the `status.startTime` field for suspended Jobs. ([kubernetes/kubernetes#135104](kubernetes/kubernetes#135104), [@mimowo](https://github.com/mimowo)) \[SIG Apps and Testing] - Kube-apiserver: Fixed a `v1.34` regression in `CustomResourceDefinition` handling that incorrectly warned about unrecognized formats on number and integer properties. ([kubernetes/kubernetes#133896](kubernetes/kubernetes#133896), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Contributor Experience, Network, Node and Scheduling] - Kube-apiserver: Fixed a possible panic validating a custom resource whose `CustomResourceDefinition` indicates a status subresource exists, but which does not define a `status` property in the `openAPIV3Schema`. ([kubernetes/kubernetes#133721](kubernetes/kubernetes#133721), [@fusida](https://github.com/fusida)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] - Kubernetes API Go types removed runtime use of the `github.com/gogo/protobuf` library, and are no longer registered into the global gogo type registry. Kubernetes API Go types were not suitable for use with the `google.golang.org/protobuf` library, and no longer implement `ProtoMessage()` by default to avoid accidental incompatible use. If removal of these marker methods impacts your use, it can be re-enabled for one more release with a `kubernetes_protomessage_one_more_release` build tag, but will be removed in `v1.36`. ([kubernetes/kubernetes#134256](kubernetes/kubernetes#134256), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage] - Made node affinity in Persistent Volume mutable. ([kubernetes/kubernetes#134339](kubernetes/kubernetes#134339), [@huww98](https://github.com/huww98)) \[SIG API Machinery, Apps and Node] - Moved the `ImagePullIntent` and `ImagePulledRecord` objects used by the kubelet to track image pulls to the `v1beta1` API version. ([kubernetes/kubernetes#132579](kubernetes/kubernetes#132579), [@stlaz](https://github.com/stlaz)) \[SIG Auth and Node] - Pod resize now only allows CPU and memory resources; other resource types are forbidden. ([kubernetes/kubernetes#135084](kubernetes/kubernetes#135084), [@tallclair](https://github.com/tallclair)) \[SIG Apps, Node and Testing] - Prevented Pods from being scheduled onto nodes that lack the required CSI driver. ([kubernetes/kubernetes#135012](kubernetes/kubernetes#135012), [@gnufied](https://github.com/gnufied)) \[SIG API Machinery, Scheduling, Storage and Testing] - Promoted HPA configurable tolerance to beta. The `HPAConfigurableTolerance` feature gate has now been enabled by default. ([kubernetes/kubernetes#133128](kubernetes/kubernetes#133128), [@jm-franc](https://github.com/jm-franc)) \[SIG API Machinery and Autoscaling] - Promoted ReplicaSet and Deployment `.status.terminatingReplicas` tracking to beta. The `DeploymentReplicaSetTerminatingReplicas` feature gate is now enabled by default. ([kubernetes/kubernetes#133087](kubernetes/kubernetes#133087), [@atiratree](https://github.com/atiratree)) \[SIG API Machinery, Apps and Testing] - Promoted `PodObservedGenerationTracking` to GA. ([kubernetes/kubernetes#134948](kubernetes/kubernetes#134948), [@natasha41575](https://github.com/natasha41575)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Promoted the `JobManagedBy` feature to general availability. The `JobManagedBy` feature gate was locked to `true` and will be removed in a future Kubernetes release. ([kubernetes/kubernetes#135080](kubernetes/kubernetes#135080), [@dejanzele](https://github.com/dejanzele)) \[SIG API Machinery, Apps and Testing] - Promoted the `MaxUnavailableStatefulSet` feature to beta and enabling it by default. ([kubernetes/kubernetes#133153](kubernetes/kubernetes#133153), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery and Apps] - Removed the `StrictCostEnforcementForVAP` and `StrictCostEnforcementForWebhooks` feature gates, which were locked since `v1.32`. ([kubernetes/kubernetes#134994](kubernetes/kubernetes#134994), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Auth, Node and Testing] - Scheduler: Added the `bindingTimeout` argument to the DynamicResources plugin configuration, allowing customization of the wait duration in `PreBind` for device binding conditions. Defaults to 10 minutes when `DRADeviceBindingConditions` and `DRAResourceClaimDeviceStatus` are both enabled. ([kubernetes/kubernetes#134905](kubernetes/kubernetes#134905), [@fj-naji](https://github.com/fj-naji)) \[SIG Node and Scheduling] - The DRA device taints and toleration feature received a separate feature gate, `DRADeviceTaintRules`, which controlled support for `DeviceTaintRules`. This allowed disabling it while keeping `DRADeviceTaints` enabled so that tainting via `ResourceSlices` continued to work. ([kubernetes/kubernetes#135068](kubernetes/kubernetes#135068), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Scheduling and Testing] - The Pod Certificates feature moved to beta. The `PodCertificateRequest` feature gate is set disabled by default. To use the feature, users must enable the certificates API groups in `v1beta1` and enable the `PodCertificateRequest` feature gate. The `UserAnnotations` field was added to the `PodCertificateProjection` API and the corresponding `UnverifiedUserAnnotations` field was added to the `PodCertificateRequest` API. ([kubernetes/kubernetes#134624](kubernetes/kubernetes#134624), [@yt2985](https://github.com/yt2985)) \[SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node and Testing] - The `KubeletEnsureSecretPulledImages` feature was promoted to Beta and enabled by default. ([kubernetes/kubernetes#135228](kubernetes/kubernetes#135228), [@aramase](https://github.com/aramase)) \[SIG Auth, Node and Testing] - The `PreferSameZone` and `PreferSameNode` values for the Service `trafficDistribution` field graduated to general availability. The `PreferClose` value is now deprecated in favor of the more explicit `PreferSameZone`. ([kubernetes/kubernetes#134457](kubernetes/kubernetes#134457), [@danwinship](https://github.com/danwinship)) \[SIG API Machinery, Apps, Network and Testing] - Updated `ResourceQuota` to count device class requests within a `ResourceClaim` as two additional quotas when the `DRAExtendedResource` feature is enabled: - `requests.deviceclass.resource.k8s.io/<deviceclass>` is charged based on the worst-case number of devices requested. - Device classes mapping to an extended resource now consume `requests.<extended resource name>`. ([kubernetes/kubernetes#134210](kubernetes/kubernetes#134210), [@yliaog](https://github.com/yliaog)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Updated storage version for `MutatingAdmissionPolicy` to `v1beta1`. ([kubernetes/kubernetes#133715](kubernetes/kubernetes#133715), [@cici37](https://github.com/cici37)) \[SIG API Machinery, Etcd and Testing] - Updated the Partitionable Devices feature to support referencing counter sets across ResourceSlices within the same resource pool. Devices from incomplete pools were no longer considered for allocation. This change introduced backwards-incompatible updates to the alpha feature, requiring any ResourceSlices using it to be removed before upgrading or downgrading between v1.34 and v1.35. ([kubernetes/kubernetes#134189](kubernetes/kubernetes#134189), [@mortent](https://github.com/mortent)) \[SIG API Machinery, Node, Scheduling and Testing] - Upgraded the `PodObservedGenerationTracking` feature to beta in `v1.34` and removed the alpha version description from the OpenAPI specification. ([kubernetes/kubernetes#133883](kubernetes/kubernetes#133883), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) - Add scoring for the prioritized list feature so that the node that can satisfy the best ranked subrequests are chosen. ([kubernetes/kubernetes#134711](kubernetes/kubernetes#134711), [@mortent](https://github.com/mortent)) \[SIG Node, Scheduling and Testing] - Allows restart all containers when the source container exits with a matching restart policy rule. This is an alpha feature behind feature gate RestartAllContainersOnContainerExit. ([kubernetes/kubernetes#134345](kubernetes/kubernetes#134345), [@yuanwang04](https://github.com/yuanwang04)) \[SIG Apps, Node and Testing] - Changed kuberc configuration schema. Two new optional fields added to kuberc configuration, `credPluginPolicy` and `credPluginAllowlist`. This is documented in [KEP-3104](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cli/3104-introduce-kuberc/README.md#allowlist-design-details) and documentation is added to the website by [kubernetes/website#52877](kubernetes/website#52877) ([kubernetes/kubernetes#134870](kubernetes/kubernetes#134870), [@pmengelbert](https://github.com/pmengelbert)) \[SIG API Machinery, Architecture, Auth, CLI, Instrumentation and Testing] - Enhanced discovery response to support merged API groups/resources from all peer apiservers when UnknownVersionInteroperabilityProxy feature is enabled ([kubernetes/kubernetes#133648](kubernetes/kubernetes#133648), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Auth, Cloud Provider, Node, Scheduling and Testing] - Extend `core/v1 Toleration` to support numeric comparison operators (`Gt`, `Lt`). ([kubernetes/kubernetes#134665](kubernetes/kubernetes#134665), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery, Apps, Node, Scheduling, Testing and Windows] - Features: NominatedNodeNameForExpectation in kube-scheduler and CleaeringNominatedNodeNameAfterBinding in kube-apiserver are now enabled by default. ([kubernetes/kubernetes#135103](kubernetes/kubernetes#135103), [@ania-borowiec](https://github.com/ania-borowiec)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Implement changes to prevent pod scheduling to a node without CSI driver ([kubernetes/kubernetes#135012](kubernetes/kubernetes#135012), [@gnufied](https://github.com/gnufied)) \[SIG API Machinery, Scheduling, Storage and Testing] - Introduce scheduling.k8s.io/v1alpha1 Workload API to allow for expressing workload-level scheduling requirements and let kube-scheduler act on those. ([kubernetes/kubernetes#134564](kubernetes/kubernetes#134564), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, CLI, Etcd, Scheduling and Testing] - Introduce the alpha MutableSchedulingDirectivesForSuspendedJobs feature gate (disabled by default) which: 1. allows to mutate Job's scheduling directives for suspended Jobs 2. makes the Job controller to clear the status.startTime field for suspended Jobs ([kubernetes/kubernetes#135104](kubernetes/kubernetes#135104), [@mimowo](https://github.com/mimowo)) \[SIG Apps and Testing] - Introduced GangScheduling kube-scheduler plugin to enable "all-or-nothing" scheduling. Workload API in scheduling.k8s.io/v1alpha1 is used to express the desired policy. ([kubernetes/kubernetes#134722](kubernetes/kubernetes#134722), [@macsko](https://github.com/macsko)) \[SIG API Machinery, Apps, Auth, CLI, Etcd, Scheduling and Testing] - PV node affinity is now mutable. ([kubernetes/kubernetes#134339](kubernetes/kubernetes#134339), [@huww98](https://github.com/huww98)) \[SIG API Machinery, Apps and Node] - ResourceQuota now counts device class requests within a ResourceClaim object as consuming two additional quotas when the DRAExtendedResource feature is enabled: - `requests.deviceclass.resource.k8s.io/<deviceclass>` with a quantity equal to the worst case count of devices requested - requests for device classes that map to an extended resource consume `requests.<extended resource name>` ([kubernetes/kubernetes#134210](kubernetes/kubernetes#134210), [@yliaog](https://github.com/yliaog)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - The DRA device taints and toleration feature now has a separate feature gate, DRADeviceTaintRules, which controls whether support for DeviceTaintRules is enabled. It is possible to disable that and keep DRADeviceTaints enabled, in which case tainting by DRA drivers through ResourceSlices continues to work. ([kubernetes/kubernetes#135068](kubernetes/kubernetes#135068), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Scheduling and Testing] - The ImagePullIntent and ImagePulledRecord objects used by kubelet to store information about image pulls have been moved to the v1beta1 API version. ([kubernetes/kubernetes#132579](kubernetes/kubernetes#132579), [@stlaz](https://github.com/stlaz)) \[SIG Auth and Node] - The KubeletEnsureSecretPulledImages feature is now beta and enabled by default. ([kubernetes/kubernetes#135228](kubernetes/kubernetes#135228), [@aramase](https://github.com/aramase)) \[SIG Auth, Node and Testing] - This change adds a new alpha feature Node Declared Features, which includes: - A new `Node.Status.DeclaredFeatures` field for Kubelet to publish node-specific features. - A library in `component-helpers` for feature registration and inference. - A scheduler plugin (`NodeDeclaredFeatures`) scheduler plugin to match pods with nodes that provide their required features. - An admission plugin (`NodeDeclaredFeatureValidator`) to validate pod updates against a node's declared features. ([kubernetes/kubernetes#133389](kubernetes/kubernetes#133389), [@pravk03](https://github.com/pravk03)) \[SIG API Machinery, Apps, Node, Release, Scheduling and Testing] - This change allows In Place Resize of Pod Level Resources - Add Resources in PodStatus to capture resources set at pod-level cgroup - Add AllocatedResources in PodStatus to capture resources requested in the PodSpec ([kubernetes/kubernetes#132919](kubernetes/kubernetes#132919), [@ndixita](https://github.com/ndixita)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Instrumentation, Node, Scheduling and Testing] - Updates to the Partitionable Devices feature which allows for referencing counter sets across different ResourceSlices within the same resource pool. Devices from incomplete pools are no longer considered for allocation. This contains backwards incompatible changes to the Partitionable Devices alpha feature, so any ResourceSlices that uses the feature should be removed prior to upgrading or downgrading between 1.34 and 1.35. ([kubernetes/kubernetes#134189](kubernetes/kubernetes#134189), [@mortent](https://github.com/mortent)) \[SIG API Machinery, Node, Scheduling and Testing] - Add ObservedGeneration to CustomResourceDefinition Conditions. ([kubernetes/kubernetes#134984](kubernetes/kubernetes#134984), [@michaelasp](https://github.com/michaelasp)) \[SIG API Machinery] - Add StorageVersionMigration v1beta1 api and remove the v1alpha API. Any use of the v1alpha1 api is no longer supported and users must remove any v1alpha1 resources prior to upgrade. ([kubernetes/kubernetes#134784](kubernetes/kubernetes#134784), [@michaelasp](https://github.com/michaelasp)) \[SIG API Machinery, Apps, Auth, Etcd and Testing] - CSI drivers can now opt-in to receive service account tokens via the secrets field instead of volume context by setting `spec.serviceAccountTokenInSecrets: true` in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the `CSIServiceAccountTokenSecrets` feature gate (Beta in v1.35). ([kubernetes/kubernetes#134826](kubernetes/kubernetes#134826), [@aramase](https://github.com/aramase)) \[SIG API Machinery, Auth, Storage and Testing] - DRA device taints: DeviceTaintRule status provided information about the rule, in particular whether pods still need to be evicted ("EvictionInProgress" condition). The new "None" effect can be used to preview what a DeviceTaintRule would do if it used the "NoExecute" effect and to taint devices ("device health") without immediately affecting scheduling or running pods. ([kubernetes/kubernetes#134152](kubernetes/kubernetes#134152), [@pohly](https://github.com/pohly)) \[SIG API Machinery, Apps, Auth, Node, Release, Scheduling and Testing] - DRA: the DynamicResourceAllocation feature gate for the core functionality (GA in 1.34) is now locked to enabled-by-default and thus cannot be disabled anymore. ([kubernetes/kubernetes#134452](kubernetes/kubernetes#134452), [@pohly](https://github.com/pohly)) \[SIG Auth, Node, Scheduling and Testing] - Forbid adding resources other than CPU & memory on pod resize. ([kubernetes/kubernetes#135084](kubernetes/kubernetes#135084), [@tallclair](https://github.com/tallclair)) \[SIG Apps, Node and Testing] - Implement constrained impersonation as described in <https://kep.k8s.io/5284> ([kubernetes/kubernetes#134803](kubernetes/kubernetes#134803), [@enj](https://github.com/enj)) \[SIG API Machinery, Auth and Testing] - Introduces a structured and versioned v1alpha1 response for flagz ([kubernetes/kubernetes#134995](kubernetes/kubernetes#134995), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - Introduces a structured and versioned v1alpha1 response for statusz ([kubernetes/kubernetes#134313](kubernetes/kubernetes#134313), [@richabanker](https://github.com/richabanker)) \[SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing] - New `--min-compatibility-version` flag for apiserver, kcm and kube scheduler ([kubernetes/kubernetes#133980](kubernetes/kubernetes#133980), [@siyuanfoundation](https://github.com/siyuanfoundation)) \[SIG API Machinery, Architecture, Cluster Lifecycle, Etcd, Scheduling and Testing] - Promote PodObservedGenerationTracking to GA. ([kubernetes/kubernetes#134948](kubernetes/kubernetes#134948), [@natasha41575](https://github.com/natasha41575)) \[SIG API Machinery, Apps, Node, Scheduling and Testing] - Promoted Job Managed By to general availability. The `JobManagedBy` feature gate is now locked to true, and will be removed in a future release of Kubernetes. ([kubernetes/kubernetes#135080](kubernetes/kubernetes#135080), [@dejanzele](https://github.com/dejanzele)) \[SIG API Machinery, Apps and Testing] - Promoted ReplicaSet and Deployment `.status.terminatingReplicas` tracking to beta. The `DeploymentReplicaSetTerminatingReplicas` feature gate is now enabled by default. ([kubernetes/kubernetes#133087](kubernetes/kubernetes#133087), [@atiratree](https://github.com/atiratree)) \[SIG API Machinery, Apps and Testing] - Scheduler: added a new `bindingTimeout` argument to the DynamicResources plugin configuration. This allows customizing the wait duration in PreBind for device binding conditions. Defaults to 10 minutes when DRADeviceBindingConditions and DRAResourceClaimDeviceStatus are both enabled. ([kubernetes/kubernetes#134905](kubernetes/kubernetes#134905), [@fj-naji](https://github.com/fj-naji)) \[SIG Node and Scheduling] - The Pod Certificates feature is moving to beta. The PodCertificateRequest feature gate is still set false by default. To use the feature, users will need to enable the certificates API groups in v1beta1 and enable the feature gate PodCertificateRequest. A new field UserAnnotations is added to the PodCertificateProjection API and the corresponding UnverifiedUserAnnotations is added to the PodCertificateRequest API. ([kubernetes/kubernetes#134624](kubernetes/kubernetes#134624), [@yt2985](https://github.com/yt2985)) \[SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node and Testing] - The StrictCostEnforcementForVAP and StrictCostEnforcementForWebhooks feature gates, locked on since 1.32, have been removed ([kubernetes/kubernetes#134994](kubernetes/kubernetes#134994), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Auth, Node and Testing] - The `PreferSameZone` and `PreferSameNode` values for Service's `trafficDistribution` field are now GA. The old value `PreferClose` is now deprecated in favor of the more-explicit `PreferSameZone`. ([kubernetes/kubernetes#134457](kubernetes/kubernetes#134457), [@danwinship](https://github.com/danwinship)) \[SIG API Machinery, Apps, Network and Testing] - Kube-apiserver: fix a possible panic validating a custom resource whose CustomResourceDefinition indicates a status subresource exists, but which does not define a `status` property in the `openAPIV3Schema` ([kubernetes/kubernetes#133721](kubernetes/kubernetes#133721), [@fusida](https://github.com/fusida)) \[SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] - Kubernetes API Go types removed runtime use of the github.com/gogo/protobuf library, and are no longer registered into the global gogo type registry. Kubernetes API Go types were not suitable for use with the google.golang.org/protobuf library, and no longer implement `ProtoMessage()` by default to avoid accidental incompatible use. If removal of these marker methods impacts your use, it can be re-enabled for one more release with a `kubernetes_protomessage_one_more_release` build tag, but will be removed in 1.36. ([kubernetes/kubernetes#134256](kubernetes/kubernetes#134256), [@liggitt](https://github.com/liggitt)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage] - Promoted HPA configurable tolerance to beta. The `HPAConfigurableTolerance` feature gate is now enabled by default. ([kubernetes/kubernetes#133128](kubernetes/kubernetes#133128), [@jm-franc](https://github.com/jm-franc)) \[SIG API Machinery and Autoscaling] - The MaxUnavailableStatefulSet feature is now beta and enabled by default. ([kubernetes/kubernetes#133153](kubernetes/kubernetes#133153), [@helayoty](https://github.com/helayoty)) \[SIG API Machinery and Apps] - Added WithOrigin within apis/core/validation with adjusted tests ([kubernetes/kubernetes#132825](kubernetes/kubernetes#132825), [@PatrickLaabs](https://github.com/PatrickLaabs)) \[SIG Apps] - Component-base: validate that log-flush-frequency is positive and return an error instead of panic-ing ([kubernetes/kubernetes#133540](kubernetes/kubernetes#133540), [@BenTheElder](https://github.com/BenTheElder)) \[SIG Architecture, Instrumentation, Network and Node] - Feature gate dependencies are now explicit, and validated at startup. A feature can no longer be enabled if it depends on a disabled feature. In particular, this means that `AllAlpha=true` will no longer work without enabling disabled-by-default beta features that are depended on (either with `AllBeta=true` or explicitly enumerating the disabled dependencies). ([kubernetes/kubernetes#133697](kubernetes/kubernetes#133697), [@tallclair](https://github.com/tallclair)) \[SIG API Machinery, Architecture, Cluster Lifecycle and Node] - In version 1.34, the PodObservedGenerationTracking feature has been upgraded to beta, and the description of the alpha version in the openapi has been removed. ([kubernetes/kubernetes#133883](kubernetes/kubernetes#133883), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) \[SIG Apps] - Introduce a new declarative validation tag +k8s:customUnique to control listmap uniqueness ([kubernetes/kubernetes#134279](kubernetes/kubernetes#134279), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery and Auth] - Kube-apiserver: Fixed a 1.34 regression in CustomResourceDefinition handling that incorrectly warned about unrecognized formats on number and integer properties ([kubernetes/kubernetes#133896](kubernetes/kubernetes#133896), [@yongruilin](https://github.com/yongruilin)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Contributor Experience, Network, Node and Scheduling] - OpenAPI model packages of API types are generated into `zz_generated.model_name.go` files and are accessible using the `OpenAPIModelName()` function. This allows API authors to declare the desired OpenAPI model packages instead of using the go package path of API types. ([kubernetes/kubernetes#131755](kubernetes/kubernetes#131755), [@jpbetz](https://github.com/jpbetz)) \[SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing] - Support for `kubectl get -o kyaml` is now on by default. To disable it, set `KUBECTL_KYAML=false`. ([kubernetes/kubernetes#133327](kubernetes/kubernetes#133327), [@thockin](https://github.com/thockin)) \[SIG CLI] - The storage version for MutatingAdmissionPolicy is updated to v1beta1. ([kubernetes/kubernetes#133715](kubernetes/kubernetes#133715), [@cici37](https://github.com/cici37)) \[SIG API Machinery, Etcd and Testing]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Issue
Closes: #