The Wire · Showcase
KOPS DROPS IN-TREE CLOUD CONFIG, AZURE SHIFTS TO SECRETS
By RepoJournal · Filed · About Kubernetes
kOps is gutting years of cloud configuration cruft, moving Azure cloud-config from per-node files to a cluster-managed Secret while deprecating the unused in-tree cloud provider flag that's been dead code since Kubernetes 1.31.
The kOps team completed a three-PR cleanout of the in-tree cloud-provider path [1][2][3]. Since kOps enforces --cloud-provider=external across all clouds and versions 1.31+, the entire --cloud-config flag and the azure.json file it pointed to have been no-ops. Meanwhile, the Azure cloud-controller-manager now reads configuration from a Kubernetes Secret instead [4], matching upstream Helm chart conventions and giving operators a single cluster-managed object rather than managing per-node files through nodeup. The related Azure nodeup config fields are being trimmed [5], reducing surface area. In parallel, the Cluster Autoscaler is making smarter resource decisions: it now respects per-group resource quotas during scale-up balancing [6], fixing a bug where groups could exceed their quota limits. The autoscaler also shipped memory optimizations by stripping managed fields from informer caches [7][8], a win for large clusters, and added observedGeneration to VPA status for standardized condition tracking [9]. The Scheduler fixed pod group preemption behavior to match preemptor eligibility rules [10], and kubeadm now warns users who've configured kube-proxy with the deprecated IPVS mode [11], pushing them toward nftables (GA since 1.33) or legacy iptables on older kernels.
Action items
- → If running kOps on Azure: upgrade to consume cloud-config from Secret instead of azure.json files kubernetes/kops [plan]
- → Review your kube-proxy configuration if you've set mode: ipvs and plan a migration path to nftables or iptables kubernetes/kubernetes [plan]
- → Enable Scale Up Salvo in Cluster Autoscaler if you run large unschedulable pod queues (flag currently false by default) kubernetes/autoscaler [monitor]
- → Verify your Cluster Autoscaler respects resource quotas during multi-group scale-ups after upgrading kubernetes/autoscaler [immediate]
References
- [1] Remove the unused in-tree cloud config ↗ kubernetes/kops
- [2] Remove the unused in-tree cloud config kubernetes/kops
- [3] Merge pull request #18347 from hakman/drop-in-tree-cloud.config kubernetes/kops
- [4] azure: load cloud config from a Secret instead of azure.json ↗ kubernetes/kops
- [5] azure: remove unused cloud config fields from nodeup config kubernetes/kops
- [6] fix: respect resource quotas when balancing similar nodegroups ↗ kubernetes/autoscaler
- [7] Strip managed fields from informer caches to reduce memory kubernetes/autoscaler
- [8] Merge pull request #9634 from adrianmoisey/remove-managed-fields kubernetes/autoscaler
- [9] VPA: Add observedGeneration to status and conditions ↗ kubernetes/autoscaler
- [10] scheduler: match preemptor eligibility behavior in pod group preemption ↗ kubernetes/kubernetes
- [11] kubeadm: warn if the user has configured kube-proxy with 'ipvs' kubernetes/kubernetes
FAQ
- What changed in Kubernetes on May 16, 2026?
- kOps is gutting years of cloud configuration cruft, moving Azure cloud-config from per-node files to a cluster-managed Secret while deprecating the unused in-tree cloud provider flag that's been dead code since Kubernetes 1.31.
- What should Kubernetes teams do about it?
- If running kOps on Azure: upgrade to consume cloud-config from Secret instead of azure.json files • Review your kube-proxy configuration if you've set mode: ipvs and plan a migration path to nftables or iptables • Enable Scale Up Salvo in Cluster Autoscaler if you run large unschedulable pod queues (flag currently false by default)
- Which Kubernetes repositories shipped on May 16, 2026?
- kubernetes/kops, kubernetes/autoscaler, kubernetes/kubernetes