rebase-4.12.0-0.nightly_amd64-2023-03-15-163541_arm64-2023-03-17-005058

Makefile.kube_git.var

@@ -1,5 +1,5 @@
 KUBE_GIT_MAJOR=1
 KUBE_GIT_MINOR=25
 KUBE_GIT_VERSION=v1.25.0
-KUBE_GIT_COMMIT=18eadcaadf0be77350013c8911ca953bc2ca3778
+KUBE_GIT_COMMIT=eab9cc98fe4c002916621ace6cdd623afa519203
 KUBE_GIT_TREE_STATE=clean

assets/controllers/kube-apiserver/defaultconfig.yaml

@@ -14,21 +14,21 @@ admission:
         kind: PodSecurityConfiguration
         apiVersion: pod-security.admission.config.k8s.io/v1beta1
         defaults:
-          enforce: "privileged"
+          enforce: "restricted"
           enforce-version: "latest"
           audit: "restricted"
           audit-version: "latest"
           warn: "restricted"
           warn-version: "latest"
         exemptions:
           usernames:
-          # The build controller creates pods that are likely to be privileged
-          # based on BuildConfig objects. Access to these build pods is however
-          # still limited by the SCC exec admission and so we can safely add the
-          # build-controller SA here.
-          # This configuration should never be exposed to cluster users as no
-          # such guarantees are made for any other OpenShift SA/user.
-          - system:serviceaccount:openshift-infra:build-controller
+            # The build controller creates pods that are likely to be privileged
+            # based on BuildConfig objects. Access to these build pods is however
+            # still limited by the SCC exec admission and so we can safely add the
+            # build-controller SA here.
+            # This configuration should never be exposed to cluster users as no
+            # such guarantees are made for any other OpenShift SA/user.
+            - system:serviceaccount:openshift-infra:build-controller
 apiServerArguments:
   allow-privileged:
     - "true"
@@ -116,7 +116,7 @@ apiServerArguments:
   goaway-chance:
     - "0"
   http2-max-streams-per-connection:
-    - "2000"  # recommended is 1000, but we need to mitigate https://github.com/kubernetes/kubernetes/issues/74412
+    - "2000" # recommended is 1000, but we need to mitigate https://github.com/kubernetes/kubernetes/issues/74412
   kubelet-certificate-authority:
     - /etc/kubernetes/static-pod-resources/configmaps/kubelet-serving-ca/ca-bundle.crt
   kubelet-client-certificate:
@@ -161,7 +161,7 @@ apiServerArguments:
   shutdown-delay-duration:
     - 70s # give SDN some time to converge: 30s for iptable lock contention, 25s for the second try and some seconds for AWS to update ELBs
   shutdown-send-retry-after:
-  - "true"
+    - "true"
   storage-backend:
     - etcd3
   storage-media-type:

assets/release/release-aarch64.json

@@ -1,20 +1,20 @@
 {
   "release": {
-    "base": "4.12.0-0.nightly-arm64-2023-03-07-014438"
+    "base": "4.12.0-0.nightly-arm64-2023-03-17-005058"
   },
   "images": {
-    "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2d19d1ede0462e880751f44e288491fd539f054b44fdd28cd3314bdd0fb927aa",
-    "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c0161e495285e62f68c41640ff106945276b8fcc14cdf8c062f29ad71f2e741a",
-    "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6adc1bc218be5fe1221bcd03dd1c1d31317e9de1bb3f3a028947e10c38711072",
-    "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1d83bac5fac46aec5b4d5cff90e83713cd56466aac0f05d5f00d27dc01ffa073",
+    "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f29bf239c71887b07f481b1482444180827c2a85c9ccbe49049cc89388ed71a3",
+    "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b37acf3e20cec32eef941035b28e862cb408a684efef8a861bbaf317edc11753",
+    "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:dccb49c0423eeb7af3f66dd89ac953aa5ae4bfbfe9d74da5e6103e26a8497182",
+    "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cb8bd984c493b98238ec3e734f38a246ddd5d444cf889cff56cf628c736eefc5",
     "lvms-topolvm": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1",
     "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671",
-    "csi-external-provisioner": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:51fd02cd5a6c33d765dd53bc5a949877a5061fb7bbdb906c793d76640f2848b0",
-    "csi-external-resizer": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0d4bc7624f6c1797eb1465a83ee5e68fcc8314212bb7c118620135dddb138db1",
-    "csi-node-driver-registrar": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5af1c736990fa72c99a2eb4736aecad77a51f8740a40e4b1fe472c85aff49849",
-    "csi-livenessprobe": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8cc32f9b925358883288fb10f0ae9454fae3f7cc7d9c35052247ade4ecfbe96e",
-    "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:65fa5617833f638d91f1a660446eee2501732146b2d946eda93d6e95cb62f2fe",
-    "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:04cc86b7cb6c5825525873137f8d6f5e2bb7875406df4ff14d1a155d409eb604",
-    "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9558f0cd85d78b8aac1023543098033a5c8bce948004f4cd04d57fa68b88292a"
+    "csi-external-provisioner": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3148e1f10a619c1031ff95d1cf238c6e94520072165ac0a6293077991db9a58a",
+    "csi-external-resizer": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3fd455946b2d560d3b94e8f67da29ef9cc68a44dda18a656383402654b86aff7",
+    "csi-node-driver-registrar": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:606d01cb729ec2beecb44f01afad79ba02316071cf72977212b992b0f9b05c47",
+    "csi-livenessprobe": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a0cbda39b6b749ceff0d50250f4392510e0faa6ea37fafc05710f17ab15177b7",
+    "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:661b699a7d537da5dce33721aa0fd59d9f0ee02b57376c74ada816ece1e068cd",
+    "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2ea2ee51af63638d0ab30712e80e19613ae59f001339ec491d9acf6df381fe72",
+    "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cce29e1ed642420af789112d8a690a03c22df515e16713f444bb0ca6724e338e"
   }
 }

assets/release/release-x86_64.json

@@ -1,20 +1,20 @@
 {
   "release": {
-    "base": "4.12.0-0.nightly-2023-03-06-151602"
+    "base": "4.12.0-0.nightly-2023-03-15-163541"
   },
   "images": {
-    "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6ffec1ff95bc30419bf814144fb58585bdd470b4a7baf505c96c51fb620320e9",
-    "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ddf81e535cf7a6b2775f3db690ec1e6eaa1c7427a0f9b98ce120d8ad06520440",
-    "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a7f55a043a08732dbd65bee03ccb10b10936ad398075d3966af8b04850f7613b",
-    "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2ec398c84b26e79546dd6f98a5e5cc89a9b3d9e36d681bca54cd436cd2f81324",
+    "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1a45573281e6750075b942b58f14c977a2420fc8b85cafe29e75ed46b969228f",
+    "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cd5d25974e32c1b9f79be13d1034e4f21916f46b9d7eaf7b7d20ea2a75bfbd23",
+    "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7bc1c378acc4c3c7b6e12b98cbe1f069d88b3b3eb9780acbf938003f289ab055",
+    "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b30aa7fc1920751620828d3c9aa38cc5f65c107b0f99de6d8f0565ad51ce4d58",
     "lvms-topolvm": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1",
     "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671",
-    "csi-external-provisioner": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:45e0ed677f1828c88abb0d895a8822c22ea5c6f2b2f9b4a08d5cc570a7e522cf",
-    "csi-external-resizer": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6570eb675350100d4ed00933fb0bfa353e631e0574cf1a507501707b995e330a",
-    "csi-node-driver-registrar": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b191beae6beb4085c692c4a7e04034a479aee3ebda17716955f95f993fcd2db3",
-    "csi-livenessprobe": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d24230cf30092fa3ee31b03ac40abdf29fcf9059bda608cac8f0e5c0767b2ac1",
-    "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e61bf1043b13cd30bfe6f64bbabf5428f74b9d8b6cb47649c8af4b369e4dc079",
-    "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ae8d819e5e304beeb27aa7abf69e4cab2686a40596afd221d848249560db0485",
-    "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ec82e2a574537773e53dfde47806fa00fe7d7e1d51b02b84f18e501993d2a3e8"
+    "csi-external-provisioner": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:38f0adf74a602371bddf928484dee323b834e580e4dab3087bb6d7b85718ea05",
+    "csi-external-resizer": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6f0955ca0d477471e03d9847457cf7437c9307dc62c8b8c8ffba61e3ab6876d1",
+    "csi-node-driver-registrar": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd22ae8c0c2d989d7a71d6f25f41e740795a1092c61578ef9928f83e8bd9b94c",
+    "csi-livenessprobe": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3e6bed4d30d26c963796a3b34ebabc2bd37149608f343c8ea2910c80910d53a",
+    "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:50a7c08b2fecca4954f8c5a6b23b426f4a5c369c271e36fa8f4cbe8e6db285b7",
+    "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8ebaf01d4701f52663fd6018da01f0f6b8a524cf82244cdc00ba41000e7b2eb3",
+    "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:354615838c447363e35c9721416d4bdaec72cb3bc00e3d37ccb50dfd0017e78b"
   }
 }