The Wire · Showcase
KUBE-OPENAPI FIXES JSON-POINTER BUG, PROMO-TOOLS GAINS ARTIFACT REGISTRY SUPPORT
By RepoJournal · Filed · About Kubernetes
Kubernetes core shipped a critical kube-openapi fix that corrects type lookups for resources with special characters in their names—the kind of bug that silently breaks schema generation for custom resources.
The kube-openapi update [1] lands a builder fix that uses proper JSON-Pointer escaping when keying definition names, resolving incorrect lookups for types containing '/' or '~' characters. This cascades across all staging modules and vendors the fix everywhere it matters. Parallel to that, promo-tools v4.5.0 [2] adds the --staging-repo flag for kpromo pr, enabling Artifact Registry staging repos—a quality-of-life upgrade for release engineering pipelines [3]. On the infrastructure side, cloud-provider-aws resolved a critical security group leak when CLB services are updated with bring-your-own SG annotations [4], fixing a controller bug that left managed security groups dangling. The DRA test suite cleaned house: etcd lifecycle management [5] now runs directly instead of through shell proxies, and unnecessary killall etcd calls [6] got dropped since etcd is now a regular managed component. kops migrated protobuf handling to google.golang.org/protobuf [7], aligning with upstream Go ecosystem standards. The AnonymousAuthConfigurableEndpoints feature gate was dropped [8], cutting another legacy surface from the codebase.
Action items
- → Vendor kube-openapi v0.0.0-20260502001324-b7f5293f4787 in custom controllers using special-character type names kubernetes/kubernetes [plan]
- → Test cloud-provider-aws v1.36.0+ for security group cleanup on CLB Service updates kubernetes/cloud-provider-aws [monitor]
- → Review DRA test suite changes if you maintain local-up-cluster.sh workflows kubernetes/kubernetes [monitor]
References
- [1] bump k8s.io/kube-openapi to v0.0.0-20260502001324-b7f5293f4787 ↗ kubernetes/kubernetes
- [2] Bump sigs.k8s.io/promo-tools/v4 from 4.4.1 to 4.5.0 ↗ kubernetes/release
- [3] Merge pull request #4393 from kubernetes/dependabot/go_modules/sigs.k8s.io/promo-tools/v4-4.5.0 kubernetes/release
- [4] Fix leak managed/owned security group on Service update with BYO SG on CLB ↗ kubernetes/cloud-provider-aws
- [5] DRA upgrade/downgrade: control etcd lifecycle directly ↗ kubernetes/kubernetes
- [6] test/e2e_dra: remove killall etcd from run.sh kubernetes/kubernetes
- [7] protobuf: Migrate to google.golang.org/protobuf ↗ kubernetes/kops
- [8] Merge pull request #138723 from aramase/aramase/c/rm_anonymous_auth_fg kubernetes/kubernetes
FAQ
- What changed in Kubernetes on May 5, 2026?
- Kubernetes core shipped a critical kube-openapi fix that corrects type lookups for resources with special characters in their names—the kind of bug that silently breaks schema generation for custom resources.
- What should Kubernetes teams do about it?
- Vendor kube-openapi v0.0.0-20260502001324-b7f5293f4787 in custom controllers using special-character type names • Test cloud-provider-aws v1.36.0+ for security group cleanup on CLB Service updates • Review DRA test suite changes if you maintain local-up-cluster.sh workflows
- Which Kubernetes repositories shipped on May 5, 2026?
- kubernetes/kubernetes, kubernetes/release, kubernetes/cloud-provider-aws, kubernetes/kops