RepoJournal
Kubernetes

@kubernetes

Container orchestration — what platform teams ship on

Pick a date

  1. Mon 4 may
  2. Tue 5 may
  3. Wed 6 may
  4. Thu 7 may
  5. Fri 8 may
  6. Sat 9 may
  7. Sun 10 may
  8. Mon 11 may
  9. Tue 12 may
  10. Wed 13 may
  11. Thu 14 may
  12. Fri 15 may
  13. Sat 16 may
  14. Sun 17 may
  15. Tue 19 may
  16. Wed 20 may
  17. Thu 21 may
  18. Sat 23 may
  19. Sun 24 may
  20. Mon 25 may
  21. Tue 26 may
  22. Wed 27 may
  23. Thu 28 may
  24. Fri 29 may
  25. Sat 30 may
  26. Sun 31 may
  27. Mon 1 jun
  28. Mon 8 jun
  29. Tue 9 jun
  30. Today 10 jun

The Wire · Showcase

CEL ADMISSION PIPELINE GETS MAJOR OPTIMIZATION; KOPS HARDENS CALICO, HETZNER DRIVERS

By RepoJournal · Filed · About Kubernetes

Kubernetes apiserver just cut redundant object conversions in CEL evaluation, while kops shipped critical fixes for eBPF networking and cloud provider integrations.

The apiserver team landed a significant performance optimization [1] that replaces unstructured object caching with direct ref.Val caching in the CEL admission pipeline, eliminating allocation churn during policy evaluation. This follows up on earlier refactoring [2] that introduced LazyObject abstraction to auto-invalidate cached CEL representations when objects mutate—combined, these changes reduce conversion overhead across the entire admission flow [3]. Over in kops, three production-critical changes shipped simultaneously: disabling kube-proxy when Calico runs in eBPF mode [4] to prevent packet duplication, upgrading the Hetzner CSI driver to v2.20.2 [5], and bumping the Hetzner CCM to v1.31.0 [6]. The CEL work matters for anyone running complex validation policies at scale; the kops changes matter immediately if you're running Calico eBPF or Hetzner-backed clusters. Autoscaler continues its testing infrastructure overhaul [7] by migrating buffer integration tests to envtest, aligning with controller-runtime adoption. The stack is stabilizing—these aren't breaking changes, they're the kind of precision fixes that prevent production surprises.

Action items

References

  1. [1] Optimize CEL admission object caching to use ref.Val kubernetes/apiserver
  2. [2] Refactor admission CEL object caching to use LazyObject kubernetes/apiserver
  3. [3] Merge pull request #139010 from lalitc375/cel-alt-opt kubernetes/apiserver
  4. [4] Disable kube-proxy when Calico runs in eBPF mode ↗ kubernetes/kops
  5. [5] hetzner: upgrade CSI driver to v2.20.2 ↗ kubernetes/kops
  6. [6] hetzner: upgrade CCM to v1.31.0 ↗ kubernetes/kops
  7. [7] Rewrite buffer integration tests to envtest ↗ kubernetes/autoscaler

FAQ

What changed in Kubernetes on May 14, 2026?
Kubernetes apiserver just cut redundant object conversions in CEL evaluation, while kops shipped critical fixes for eBPF networking and cloud provider integrations.
What should Kubernetes teams do about it?
If running Calico in eBPF mode, upgrade kops and verify kube-proxy is disabled • Hetzner users: stage CCM v1.31.0 and CSI v2.20.2 in non-prod first • Monitor CEL admission controller latency post-upgrade for validation improvements
Which Kubernetes repositories shipped on May 14, 2026?
kubernetes/apiserver, kubernetes/kops, kubernetes/autoscaler

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.