Kubernetes v1.34.0-rc.0 is live!

133 views
Skip to first unread message

Matteo Bianchi

unread,
Aug 6, 2025, 4:27:23 PM8/6/25
to d...@kubernetes.io, kubernete...@googlegroups.com
Kubernetes Community,

Kubernetes v1.34.0-rc.0 has been built and pushed using Golang version 1.24.5.

The release notes have been updated in CHANGELOG-1.34.md, with a pointer to them on GitHub:

v1.34.0-rc.0

Downloads for v1.34.0-rc.0

Source Code

filenamesha512 hash
kubernetes.tar.gz3a40163a162b703ca49714789d751c741cc09a4921e1dd1a3e51cd1e45285c43aa84c153a9130b105220defe573ecc9bc2f9e69e7ead50f470110eba0f3eb2e7
kubernetes-src.tar.gzf1e769b6bd1c24e88a445ba58c30448b4f138c36b4acb1de04616630eb8d74b01986c94d7ed2022943425e0e9ea8043253fe3f32a696c510187ccae2deb81334

Client Binaries

filenamesha512 hash
kubernetes-client-darwin-amd64.tar.gzc5b135c912d5d942cdeff31b23f3d7865aa40252730e367f8170d70fbb2c695efbc04648787b8d36ec788ce761f71adde0c8bd92ab1bec714ded7e5b43f1e70e
kubernetes-client-darwin-arm64.tar.gzd2dc774dbf6ec52a6e848be7ede8d3640ec3969d6b79462ab5b06c654d65046961fecf7b0dee7861af7895beb65c90867f7f0b370d0437322f92d2afbe7ff999
kubernetes-client-linux-386.tar.gzc5df62de030efad772ff72ce96776229a4cdf7c80c6e8625f46f32d7fe064b84021432eda05aa48d8dfd3b38f5d8bb1f0fec010fa39bdcc437d48f7dc02ce20c
kubernetes-client-linux-amd64.tar.gz789c6ffc56ed8772fdd7142865cd788d0975dbeb759533d00768c6ac964973d5553aaac8341c8d55604e70abdfdb3c5b1b91cf7f2a6fc08ccc4a5a0d93e76127
kubernetes-client-linux-arm.tar.gzf82bb1bc87d8288f54de7f5dbb54ff6e29dea210e0632348b3912cff326a78047da4dd05581dd29be2d9f7756eab1f2af1a9bf45818e378b22ccaf7c265803c1
kubernetes-client-linux-arm64.tar.gz977cd13d6ad03c3e3b820d69d9136acb90e0efc13253a6233cf2c0d819c0b68734672ab623a7496080417c750ee04d3ce276e41d541cd07deb31ff90b6c19ee7
kubernetes-client-linux-ppc64le.tar.gz6bb7a7935989c301727e355b3db6774d2ca057f317c166ceddb3aee1d4d5c553b62dc28f851b8acf0dda73f64d41aec77e41721e9cd5c1d9e8ffb7afc318ff6c
kubernetes-client-linux-s390x.tar.gze922a13265a591f989e6026321c792221663f09f062a5f7866fb4c1efa28a91216bc7f297b4c778eac8784f773d642ed873bcd6d97dfcff6897631a17c3d35d7
kubernetes-client-windows-386.tar.gz963016b3be20076dd94f46aac858d2e4fe3a973d54a574b0289c8e5e20ec192680b3e4cf9f813f17658f892c96adabfd467cb8a7ad6332007e4aea07a828572c
kubernetes-client-windows-amd64.tar.gz01432a7dcdcd99c0c8e00bd9085dde13fb07a7091c19592bd7b7323932af56f47d2554b4806fc5ff867f7f04428a4572e0149bec32f7b9e1b3dc2dc0e63792d6
kubernetes-client-windows-arm64.tar.gz38fefd2b9c6a5b37b461e1787ee824d8208bd76f375bb0f5740e4dc2ede98baa30532021629cfc9ccb04b854ce19c7ccde245e4edd3a7482336d70ea47dd09d4

Server Binaries

filenamesha512 hash
kubernetes-server-linux-amd64.tar.gz4a63efa6876bc66683650361a071ddca8c201a653a3947e3939f68d32835b76357a5c63bebfdbd9e2420b485b9dfe42ea03ad6b230960207c21a98d96f24ddda
kubernetes-server-linux-arm64.tar.gz0965a31c7db0dcbbe8160c420df3ca12923fa1bfc720103b93f3ba238c529667933477df0f190737595402173f38b1785179f468047d504e4a1bfbe969951df9
kubernetes-server-linux-ppc64le.tar.gzb62515af8f866bcde5866b10def38c63bb0ef50d84dcac1b536dad85d04b10285e38bafd79e0d80fcab8820455597164e4202cc4848b1cc03137a967a1ca5597
kubernetes-server-linux-s390x.tar.gz17eaa46f21730ad8e809b827c053030249e8cfff812fbd0a2252650ef1b90ae4c98c57d54972317d806fcad7c77444f69c97436d1f652b7ac0a6ba908acee09a

Node Binaries

filenamesha512 hash
kubernetes-node-linux-amd64.tar.gz97bb8e23f59afae0f0a5d4a9b594dca25e76fc426d1e05d13582df44f207b913f82eb1b36e2669a267f0d8171978049e623556395a94f63ad30a873d41bb0a47
kubernetes-node-linux-arm64.tar.gzcaa6625eec52dee92dec7f33936e7a5f3ba8166e1150b6c747048b74f1bb574dcc097fb7ce7a634f122d42a7fbdbf81e5b4a483a71adeed2c2937af8977114a8
kubernetes-node-linux-ppc64le.tar.gzcab3bd432093fb03bdc6497f94dd501e412fb90eca9b350319239fcca5687012561f7342114b52e09bad61e6eea3109158ef92add94809d4b56f9aa3470e9e93
kubernetes-node-linux-s390x.tar.gz0c95a03a6539f99de244213359c6d4f42ebf6aea79c26c8cfb82d319b7c27dd5ca4050cc58ef27f999fba334fc67629a0b96bb7af66721309a203b1f0aec6467
kubernetes-node-windows-amd64.tar.gz9f2e1f5e6227e41d0c681e07a2edc3eb4da4b6ba20125a4aad6b94c2023d29238257244b243e508c17c5693a8168da5bf66cf744a9610799d77adbed29363c45

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

namearchitectures
registry.k8s.io/conformance:v1.34.0-rc.0amd64arm64ppc64les390x
registry.k8s.io/kube-apiserver:v1.34.0-rc.0amd64arm64ppc64les390x
registry.k8s.io/kube-controller-manager:v1.34.0-rc.0amd64arm64ppc64les390x
registry.k8s.io/kube-proxy:v1.34.0-rc.0amd64arm64ppc64les390x
registry.k8s.io/kube-scheduler:v1.34.0-rc.0amd64arm64ppc64les390x
registry.k8s.io/kubectl:v1.34.0-rc.0amd64arm64ppc64les390x

Changelog since v1.34.0-beta.0

Changes by Kind

Deprecation

API Change

  • Add a new FileKeyRef field to containers, allowing them to load variables from files by setting this field.

    Introduce the EnvFiles feature gate to govern activation of this functionality. (#132626@HirazawaUi) [SIG API Machinery, Apps, Node and Testing]

  • Add driver-owned fields in ResourceSlice to mark whether the device is shareable among multiple resource claims (or requests) and to specify how each capacity can be shared between different requests.

    • Add user-owned fields in ResourceClaim to specify resource requirements against each device capacity.
    • Add scheduler-owned field in ResourceClaim.Status to specify how much device capacity is reserved for a specific request.
    • Add an additional identifier to ResourceClaim.Status for the device supports multiple allocations.
    • Add a new constraint type to enforce uniqueness of specified attributes across all allocated devices. (#132522@sunya-ch) [SIG API Machinery, Apps, Architecture, CLI, Cluster Lifecycle, Network, Node, Release, Scheduling and Testing]

  • Add new optional APIs in ResouceSlice.Basic and ResourceClaim.Status.AllocatedDeviceStatus. (#130160@KobayashiD27) [SIG API Machinery, Apps, Architecture, Node, Release, Scheduling and Testing]

  • Added a mechanism for configurable container restarts: container level restart rules. This is an alpha feature behind the ContainerRestartRules feature gate. (#132642@yuanwang04) [SIG API Machinery, Apps, Node and Testing]

  • Added detailed event for in-place pod vertical scaling completed, improving cluster management and debugging (#130387@shiya0705) [SIG API Machinery, Apps, Autoscaling, Node, Scheduling and Testing]

  • Added validation to reject Pods using the PodLevelResources feature on Windows OS due to lack of support. The API server rejects Pods with Pod-level resources and a Pod.spec.os.name targeting Windows. Kubelet on nodes running Windows also rejects Pods with Pod-level resources at admission phase. (#133046@toVersus) [SIG Apps and Node]

  • Adds warnings when creating headless service with set loadBalancerIP,externalIPs and/or SessionAffinity (#132214@Peac36) [SIG Network]

  • Allow pvc.spec.VolumeAttributesClassName to go from non-nil to nil (#132106@AndrewSirenko) [SIG Apps]

  • Allows setting the hostnameOverride field in PodSpec to specify any RFC 1123 DNS subdomain as the pod's hostname. The HostnameOverride feature gate has been introduced to control enablement of this functionality. (#132558@HirazawaUi) [SIG API Machinery, Apps, Network, Node and Testing]

  • AppArmor profiles specified in the pod or container SecurityContext are no longer copied to deprecated AppArmor annotations (prefix container.apparmor.security.beta.kubernetes.io/). Anything that inspects the deprecated annotations must be migrated to use the SecurityContext fields instead. (#131989@tallclair) [SIG Node]

  • Changes underlying logic to propagate Pod level hugepage cgroup to containers when they do not specify hugepage resources.

    • Adds validation to enforce the hugepage aggregated container limits to be smaller or equal to pod-level limits. This was already enforced with the defaulted requests from the specified limits, however it did not make it clear about both hugepage requests and limits. (#131089@KevinTMtz) [SIG Apps, Node and Testing]

  • DRA: the scheduler plugin now prevents abnormal filter runtimes by timing out after 10 seconds. This is configurable via the plugin configuration's FilterTimeout. Setting it to zero disables the timeout and restores the behavior of Kubernetes <= 1.33. (#132033@pohly) [SIG Node, Scheduling and Testing]

  • DRA: when the prioritized list feature is used in a request and the resulting number of allocated devices exceeds the number of allowed devices per claim, the scheduler aborts the attempt to allocate devices early. Previously it tried to many different combinations, which can take a long time. (#130593@mortent) [SIG Apps, Node, Scheduling and Testing]

  • Dynamic Resource Allocation: graduated core functionality to general availability (GA). This newly stable feature uses the structured parameters flavor of DRA. (#132706@pohly) [SIG API Machinery, Apps, Auth, Autoscaling, Etcd, Node, Scheduling and Testing]

  • Enable kube-apiserver support for PodCertificateRequest and PodCertificate projected volumes (behind the PodCertificateRequest feature gate). (#128010@ahmedtd) [SIG API Machinery, Apps, Auth, Cloud Provider, Etcd, Node, Storage and Testing]

  • Extended resources backed by DRA feature allows cluster operator to specify extendedResourceName in DeviceClass, and application operator to continue using extended resources in pod's requests to request for DRA devices matching the DeviceClass.

    NodeResourcesFit plugin scoring won't work for extended resources backed by DRA (#130653@yliaog) [SIG API Machinery, Apps, Auth, Node, Scheduling and Testing]

  • Fix prerelease lifecycle for PodCertificateRequest (#133350@carlory) [SIG Auth]

  • Fixes a 1.33 regression that can cause a nil panic in kube-scheduler when aggregating resource requests across container's spec and status. (#132895@yue9944882) [SIG Node and Scheduling]

  • Introduced the admissionregistration.k8s.io/v1beta1/MutatingAdmissionPolicy API type. To enable, enable the MutatingAdmissionPolicy feature gate (which is off by default) and set --runtime-config=admissionregistration.k8s.io/v1beta1=true on the kube-apiserver. Note that the default stored version remains alpha in 1.34 and whoever enabled beta during 1.34 needs to run a storage migration yourself to ensure you don't depend on alpha data in etcd. (#132821@cici37) [SIG API Machinery, Etcd and Testing]

  • No, changes underlying logic for Eviction Manager helper functions (#132277@KevinTMtz) [SIG Node, Scheduling and Testing]

  • Promote MutableCSINodeAllocatableCount to Beta. (#132429@torredil) [SIG Storage]

  • Promoted feature-gate VolumeAttributesClass to GA

    • Promoted API VolumeAttributesClass and VolumeAttributesClassList to storage.k8s.io/v1. (#131549@carlory) [SIG API Machinery, Apps, Auth, CLI, Etcd, Storage and Testing]

  • Promoted the APIServerTracing feature gate to GA. The --tracing-config-file flag now accepts TracingConfiguration in version apiserver.config.k8s.io/v1 (with no changes from apiserver.config.k8s.io/v1beta1). (#132340@dashpole) [SIG API Machinery and Testing]

  • Removed deprecated gogo protocol definitions from k8s.io/kubelet/pkg/apis/pluginregistration in favor of google.golang.org/protobuf. (#132773@saschagrunert) [SIG Node]

  • The Kubelet can now monitor the health of devices allocated via Dynamic Resource Allocation (DRA) and report it in the pod.status.containerStatuses.allocatedResourcesStatus field. This requires the DRA plugin to implement the new v1alpha1 NodeHealth gRPC service. This feature is controlled by the ResourceHealthStatus feature gate. (#130606@Jpsassine) [SIG Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Network, Node, Release, Scheduling, Storage and Testing]

  • The KubeletServiceAccountTokenForCredentialProviders feature is now beta and enabled by default. (#133017@aramase) [SIG Auth and Node]

  • The conditionType is "oneof" approved/denied check of CertificateSigningRequest's .status.conditions field has been migrated to declarative validation. If the DeclarativeValidation feature gate is enabled, mismatches with existing validation are reported via metrics. If the DeclarativeValidationTakeover feature gate is enabled, declarative validation is the primary source of errors for migrated fields. (#133013@aaron-prindle) [SIG API Machinery and Auth]

  • The fallback behavior of the Downward API's resourceFieldRef field has been updated to account for pod-level resources: if container-level limits are not set, pod-level limits are now used before falling back to node allocatable resources. (#132605@toVersus) [SIG Node, Scheduling and Testing]

  • The kubelet's image pull credential tracking now supports service account-based verification. When an image is pulled using service account credentials via external credential providers, subsequent pods using the same service account (UID, name, and namespace) can access the cached image without re-authentication for the lifetime of that service account. (#132771@aramase) [SIG Auth, Node and Testing]

Feature

  • API calls dispatched during pod scheduling are now executed asynchronously if the SchedulerAsyncAPICalls feature gate is enabled. Out-of-tree plugins can use APIDispatcher and APICacher from the framework to dispatch their own calls. (#132886@macsko) [SIG Release, Scheduling and Testing]

  • Add started_user_namespaced_pods_total and started_user_namespaced_pods_errors_total for tracking the successes and failures in creating pods if a user namespace is requested. (#132902@haircommander) [SIG Node and Testing]

  • Add apiserver_resource_size_estimate_bytes metric to apiserver (#132893@serathius) [SIG API Machinery, Etcd and Instrumentation]

  • Add memory tracking to scheduler performance tests to help detect memory leaks and monitor memory usage patterns while running scheduler_perf (#132910@utam0k) [SIG Scheduling and Testing]

  • Added 3 new metrics for monitoring async API calls in the scheduler when the SchedulerAsyncAPICalls feature gate is enabled:

    • scheduler_async_api_call_execution_total: tracks executed API calls by call type and result (success/error)
    • scheduler_async_api_call_duration_seconds: histogram of API call execution duration by call type and result
    • scheduler_pending_async_api_calls: gauge showing current number of pending API calls in the queue (#133120@utam0k) [SIG Release and Scheduling]

  • Added machine readable output options (JSON & YAML) to kubectl api-resources (#132604@dharmit) [SIG Apps, CLI and Network]

  • Added support for a new kubectl output format, kyaml. KYAML is a strict subset of YAML and should be accepted by any YAML processor. The formatting of KYAML is halfway between JSON and YAML. Because it is more explicit than the default YAML style, it should be less error-prone. (#132942@thockin) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Contributor Experience, Instrumentation, Network, Node, Scheduling, Storage and Testing]

  • Adds HPA support to pod-level resource specifications. When the pod-level resource feature is enabled, HPAs configured with Resource type metrics will calculate the pod resources from pod.Spec.Resources field, if specified. (#132430@laoj2) [SIG Apps, Autoscaling and Testing]

  • Adds a container_swap_limit_bytes metric to expose the swap limit assigned to containers under the LimitedSwap swap behavior. (#132348@iholder101) [SIG Node and Testing]

  • Adds useful endpoints for kube-apiserver (#132581@itssimrank) [SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing]

  • Bump KubeletCgroupDriverFromCRI to GA and add metric to track out of support CRI implementations (#133157@haircommander) [SIG Node and Testing]

  • CRI API has auth fields in image pulling marked as debug_redact. (#133135@SergeyKanzhelev) [SIG Node]

  • Changed handling of CustomResourceDefinitions with unrecognized formats. Writing a schema with an unrecognized formats now triggers a warning (the write is still accepted). (#133136@yongruilin) [SIG API Machinery]

  • DRAAdminAccess is enabled by default allowing users to create ResourceClaims and ResourceClaimTemplates in privileged mode to grant access to devices that are in use by other users for admin tasks like monitor health or status of the device. (#133085@ritazh) [SIG Auth and Node]

  • DRAPrioritizedList is now turned on by default which makes it possible to provide a prioritized list of subrequests in a ResourceClaim. (#132767@mortent) [SIG Node, Scheduling and Testing]

  • Demote KEP-5278 feature gates ClearingNominatedNodeNameAfterBinding and NominatedNodeNameForExpectation to Alpha from Beta (#133293@utam0k) [SIG Scheduling and Testing]

  • Deprecate apiserver_storage_objects and replace it with apiserver_resource_objects metric using labels consistent with other metrics (#132965@serathius) [SIG API Machinery, Etcd and Instrumentation]

  • Ensure memory resizing for Guaranteed QOS pods on static Memory policy configured is gated by InPlacePodVerticalScalingExclusiveMemory (defaults to false). (#132473@pravk03) [SIG Node, Scheduling and Testing]

  • Fix recording the kubelet_container_resize_requests_total metric to include all resize-related updates. (#133060@natasha41575) [SIG Node]

  • Graduate ListFromCacheSnapshot to Beta (#132901@serathius) [SIG API Machinery and Etcd]

  • Graduate PodLevelResources feature to beta and have it on by default. This feature allows defining CPU and memory resources for an entire pod in pod.spec.resources. (#132999@ndixita) [SIG Node]

  • Graduate PodObservedGenerationTracking feature to beta and have it on by default. This feature means that the top level status.observedGeneration and status.conditions[].observedGeneration fields in pods will now be populated to reflect the metadata.generation of the podspec at the time that the status or condition is being reported. (#132912@natasha41575) [SIG Apps, Node and Testing]

  • Graduate the WinDSR feature in the kube-proxy to GA. The WinDSR feature gate is now enabled by default. (#132108@rzlink) [SIG Network and Windows]

  • Graduate the WinOverlay feature in the kube-proxy to GA. The WinOverlay feature gate is now enabled by default. (#133042@rzlink) [SIG Network and Windows]

  • Graduates the WatchList feature gate to Beta for kube-apiserver and enables WatchListClient for KCM. (#132704@p0lyn0mial) [SIG API Machinery and Testing]

  • If PreBindPreFlight returns Skip, the scheduler doesn't run the plugin at PreBind. If any PreBindPreFlight returns Success, the scheduler puts NominatedNodeName to the pod so that other components (such as the cluster autoscaler) can notice the pod is going to be bound to the node. (#133021@sanposhiho) [SIG Scheduling and Testing]

  • Increase APF max seats to 100 for LIST requests (#133034@serathius) [SIG API Machinery]

  • Introduce a method 'GetPCIeRootAttributeByPCIBusID(pciBusID)' for third-party DRA drivers to provide common logic for the standardized device attribute 'resource.kubernetes.io/pcieRoot' (#132296@everpeace) [SIG Node]

  • It will promote windows graceful shutdown feature from alpha to beta. (#133062@zylxjtu) [SIG Windows]

  • Kube-apiserver now reports the last configuration hash as a label in

    • apiserver_authentication_config_controller_last_config_info metric after successfully loading the authentication configuration file.
    • apiserver_authorization_config_controller_last_config_info metric after successfully loading the authorization configuration file.
    • apiserver_encryption_config_controller_last_config_info metric after successfully loading the encryption configuration file. (#132299@aramase) [SIG API Machinery, Auth and Testing]

  • Kube-apiserver: previously persisted CustomResourceDefinition objects with an invalid whitespace-only caBundle can now serve requests that do not require conversion. (#132514@tiffanny29631) [SIG API Machinery]

  • Kube-controller-manager now reports the following metrics for ResourceClaims with admin access:

    • resourceclaim_controller_creates_total count metric with labels admin_access (true or false), status (failure or success) to track the total number of ResourceClaims creation requests
    • resourceclaim_controller_resource_claims gauge metric with labels admin_access (true or false), allocated (true or false) to track the current number of ResourceClaims (#132800@ritazh) [SIG Apps, Auth, Instrumentation and Node]

  • Kubelet now detects terminal CSI volume mount failures due to exceeded attachment limits on the node and marks the stateful pod as Failed, allowing its controller to recreate it. This prevents pods from getting stuck indefinitely in the ContainerCreating state. (#132933@torredil) [SIG Apps, Node, Storage and Testing]

  • Kubelet now reports a hash of the credential provider configuration via the kubelet_credential_provider_config_info metric. The hash is exposed in the hash label. (#133016@aramase) [SIG API Machinery and Auth]

  • Memory limits can now be decreased with a NotRequired resize restart policy. When decreasing memory limits, perform a best-effort check to prevent limits from decreasing below usage and triggering an OOM-kill. (#133012@tallclair) [SIG Apps, Node and Testing]

  • Move Recover from volume expansion failure GA (#132662@gnufied) [SIG Apps, Auth, Node, Storage and Testing]

  • PodLifecycleSleepAction is graduated to GA (#132595@AxeZhan) [SIG Apps, Node and Testing]

  • Prevents any type of CPU/Memory alignment or hint generation with the Topology manager from the CPU or Memory manager when Pod Level resources are used in the pod spec. (#133279@ffromani) [SIG Node and Testing]

  • Promoted Linux node pressure stall information (PSI) metrics to beta. (#132822@roycaihw) [SIG Node]

  • Start recording metrics for in-place pod resize. (#132903@natasha41575) [SIG Node]

  • The scheduler no longer clears the nominatedNodeName field for Pods. External components, such as Cluster Autoscaler and Karpenter, are responsible for managing this field when needed. (#133276@macsko) [SIG Scheduling and Testing]

  • The validation in the CertificateSigningRequest /status and /approval subresource has been migrated to declarative validation. If the DeclarativeValidation feature gate is enabled, mismatches with existing validation are reported via metrics. If the DeclarativeValidationTakeover feature gate is enabled, declarative validation is the primary source of errors for migrated fields. (#133068@yongruilin) [SIG API Machinery and Auth]

  • This will promote the KubeletPodResourcesDynamicResources and KubeletPodResourcesGet feature gates to Beta which will be enabled by default if DRA goes to GA. (#132940@guptaNswati)

  • Update pause version to registry.k8s.io/pause:3.10.1 (#130713@ArkaSaha30) [SIG Cluster Lifecycle, Node, Scheduling and Testing]

  • Use DRA API version to "v1" in "deviceattribute" package in "k8s.io/dynamic-resource-allocation" module (#133164@everpeace) [SIG Node]

  • When proxying to an aggregated API server, kube-apiserver now uses the EndpointSlices of the service indicated by the APIServer, rather than using Endpoints.

    If you are using the aggregated API server feature, and you are writing out the endpoints for it by hand (rather than letting kube-controller-manager generate Endpoints and EndpointSlices for it automatically based on the Service definition), then you should write out an EndpointSlice object rather than (or in addition to) an Endpoints object. (#129837@danwinship) [SIG API Machinery, Network and Testing]

  • Whenever a pod is successfully bound to a node, the kube-apiserver now clears the pod's nominatedNodeName field. This prevents stale information from affecting external scheduling components. (#132443@utam0k) [SIG Apps, Node, Scheduling and Testing]

Failing Test

  • DRA driver helper: fixed handling of apiserver restart when running on a Kubernetes version which does not support the resource.k8s.io version used by the DRA driver. (#133076@pohly) [SIG Node and Testing]

Bug or Regression

  • Fix bug that prevents the alpha feature PodTopologyLabelAdmission to not work due to checking for the incorrect label key when copying topology labels. This bug delays the graduation of the feature to beta by an additional release to allow time for meaningful feedback. (#132462@munnerz) [SIG Node]
  • Fix runtime cost estimation for x-int-or-string custom resource schemas with maximum lengths (#132837@JoelSpeed) [SIG API Machinery]
  • Fixed a bug that the async preemption feature keeps preemptor pods unnecessarily in the queue. (#133167@sanposhiho) [SIG Scheduling]
  • Kubeadm: fix a bug where the default args for etcd are not correct when a local etcd image is used and the etcd version is less than 3.6.0. (#133023@carlory) [SIG Cluster Lifecycle]
  • Pods can't mix the usage of user-namespaces (hostUsers: false) and volumeDevices. Kubernetes now returns an error in this case. (#132868@rata) [SIG Apps]
  • ReplicaSets and Deployments should always count .status.availableReplicas at the correct time without a delay. This results in faster reconciliation of Deployment conditions and faster, unblocked Deployment rollouts. (#132121@atiratree) [SIG Apps]
  • The baseline and restricted pod security admission levels now block setting the host field on probe and lifecycle handlers (#125271@tssurya) [SIG Auth, Node and Testing]
  • The garbage collection controller no longer races with changes to ownerReferences when deleting orphaned objects. (#132632@sdowell) [SIG API Machinery and Apps]

Other (Cleanup or Flake)

Dependencies

Added

Nothing has changed.

Changed

Removed


Contributors, the CHANGELOG-1.34.md has been bootstrapped with v1.34.0-rc.0 release notes and you may edit now as needed.



Published by your Kubernetes Release Managers.

Matteo Bianchi

unread,
Aug 7, 2025, 12:39:27 PM8/7/25
to d...@kubernetes.io
Kubernetes Community,

We recently discovered that Kubernetes v1.34.0-rc.0 contains a critical bug which causes the kube-apiserver to crash every time at startup.
A fix addressing this issue has just been merged (here) and we are now preparing a new release candidate, v1.34.0-rc.1, which will be available shortly.
For more context, you can view the discussion in the [Slack thread].

Everyone is welcome to follow #release-management on Slack for real-time updates.
We will send another announcement once v1.34.0-rc.1 is published and ready for wider testing.

Thank you all for your attention and patience as we work to resolve this as soon as possible!

Matteo Bianchi
Branch Manager, Kubernetes 1.34
Reply all
Reply to author
Forward
0 new messages