diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var index 8a83df5018..8fc0d7418c 100644 --- a/Makefile.kube_git.var +++ b/Makefile.kube_git.var @@ -1,5 +1,5 @@ KUBE_GIT_MAJOR=1 KUBE_GIT_MINOR=32 -KUBE_GIT_VERSION=v1.32.8 -KUBE_GIT_COMMIT=2f14046818a7ff3ae3e9da76376991698d7188f1 +KUBE_GIT_VERSION=v1.32.7 +KUBE_GIT_COMMIT=169f654a6b0bc3dcca620eda17240b86c578cb10 KUBE_GIT_TREE_STATE=clean diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index bb451bdf1b..0cec3d751d 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.19.0-0.nightly-arm64-2025-08-30-002356 +OCP_VERSION := 4.19.0-0.nightly-arm64-2025-09-03-055143 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index 60c5afa013..ab78c8865b 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 4.19.0-0.nightly-2025-08-28-080135 +OCP_VERSION := 4.19.0-0.nightly-2025-09-03-061123 diff --git a/assets/components/multus/release-multus-aarch64.json b/assets/components/multus/release-multus-aarch64.json index 1ab065d9b4..91d2c7f7f7 100644 --- a/assets/components/multus/release-multus-aarch64.json +++ b/assets/components/multus/release-multus-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.19.0-0.nightly-arm64-2025-08-30-002356" + "base": "4.19.0-0.nightly-arm64-2025-09-03-055143" }, "images": { "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1d6352263861dfe58dfecd01c006647942ceadd221ae218011c4210f18d6fae1", diff --git a/assets/components/multus/release-multus-x86_64.json b/assets/components/multus/release-multus-x86_64.json index 5e91693da8..fa9a18284a 100644 --- a/assets/components/multus/release-multus-x86_64.json +++ b/assets/components/multus/release-multus-x86_64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.19.0-0.nightly-2025-08-28-080135" + "base": "4.19.0-0.nightly-2025-09-03-061123" }, "images": { "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:aaa95e54149c167e1574a49b94940b7dd8a2d842dcaf799a544eb7a4fff81206", diff --git a/assets/controllers/kube-apiserver/defaultconfig.yaml b/assets/controllers/kube-apiserver/defaultconfig.yaml index 35b3144974..4e4fb4343c 100644 --- a/assets/controllers/kube-apiserver/defaultconfig.yaml +++ b/assets/controllers/kube-apiserver/defaultconfig.yaml @@ -115,7 +115,7 @@ apiServerArguments: event-ttl: - 3h goaway-chance: - - "0" + - "0.001" http2-max-streams-per-connection: - "2000" # recommended is 1000, but we need to mitigate https://github.com/kubernetes/kubernetes/issues/74412 kubelet-certificate-authority: diff --git a/assets/optional/kube-proxy/kustomization.aarch64.yaml b/assets/optional/kube-proxy/kustomization.aarch64.yaml index 34aa968a8b..e24e5e34b6 100644 --- a/assets/optional/kube-proxy/kustomization.aarch64.yaml +++ b/assets/optional/kube-proxy/kustomization.aarch64.yaml @@ -2,4 +2,4 @@ images: - name: kube-proxy newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:b04da659b92cff560f06d7e43d9a79256203e2079cbc67d869d4c14c9c4afaf8 + digest: sha256:9d127619426957561651bee9981a4518bc32bf8f498d30b1ddb8dc0fe7f419d4 diff --git a/assets/optional/kube-proxy/kustomization.x86_64.yaml b/assets/optional/kube-proxy/kustomization.x86_64.yaml index 84b12e46c0..31a8e81171 100644 --- a/assets/optional/kube-proxy/kustomization.x86_64.yaml +++ b/assets/optional/kube-proxy/kustomization.x86_64.yaml @@ -2,4 +2,4 @@ images: - name: kube-proxy newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:c9b5bb82e6d64c4e0859c72cc129c646997dae0bd54ebc157da7505fbac72b7d + digest: sha256:009c67202af540173dbcd9285196cd2be1e7729c0fd5480e4037b2a0e62c87c4 diff --git a/assets/optional/kube-proxy/release-kube-proxy-aarch64.json b/assets/optional/kube-proxy/release-kube-proxy-aarch64.json index 0f1c86e8d2..15e122edd2 100644 --- a/assets/optional/kube-proxy/release-kube-proxy-aarch64.json +++ b/assets/optional/kube-proxy/release-kube-proxy-aarch64.json @@ -1,8 +1,8 @@ { "release": { - "base": "4.19.0-0.nightly-arm64-2025-08-30-002356" + "base": "4.19.0-0.nightly-arm64-2025-09-03-055143" }, "images": { - "kube-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b04da659b92cff560f06d7e43d9a79256203e2079cbc67d869d4c14c9c4afaf8" + "kube-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9d127619426957561651bee9981a4518bc32bf8f498d30b1ddb8dc0fe7f419d4" } } diff --git a/assets/optional/kube-proxy/release-kube-proxy-x86_64.json b/assets/optional/kube-proxy/release-kube-proxy-x86_64.json index 8ce41e5f68..fa8b2aba9c 100644 --- a/assets/optional/kube-proxy/release-kube-proxy-x86_64.json +++ b/assets/optional/kube-proxy/release-kube-proxy-x86_64.json @@ -1,8 +1,8 @@ { "release": { - "base": "4.19.0-0.nightly-2025-08-28-080135" + "base": "4.19.0-0.nightly-2025-09-03-061123" }, "images": { - "kube-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c9b5bb82e6d64c4e0859c72cc129c646997dae0bd54ebc157da7505fbac72b7d" + "kube-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:009c67202af540173dbcd9285196cd2be1e7729c0fd5480e4037b2a0e62c87c4" } } diff --git a/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json b/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json index 9c76144322..18cb367d86 100644 --- a/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json +++ b/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.19.0-0.nightly-arm64-2025-08-30-002356" + "base": "4.19.0-0.nightly-arm64-2025-09-03-055143" }, "images": { "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:27d0f8fe2a77f86abc103a1d40e3b22d9f0dd73c2527ecd974d07dd00cee2292", diff --git a/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json b/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json index bca858ebc5..75e6506823 100644 --- a/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json +++ b/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.19.0-0.nightly-2025-08-28-080135" + "base": "4.19.0-0.nightly-2025-09-03-061123" }, "images": { "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6a9b23dbc7a79bd28b48503d14b8cb264d53317ad1a7562c702680b8dc33cbc4", diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index cda2be9560..a5d2d8b945 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,14 +1,14 @@ { "release": { - "base": "4.19.0-0.nightly-arm64-2025-08-30-002356" + "base": "4.19.0-0.nightly-arm64-2025-09-03-055143" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:01d166f019e899fce2d3a18f03fb6b47d4e2d1ff4902eeb51ab5191576332117", "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:647d3c6ab38660682b38f71d6d84a2f5098e6b47529015460857006e4a59fc9e", "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:05e93dfa937e14d66fcf9fc495dcf8c1267543090a0dd2fda1ccdefe2999167c", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ca02215c8768dbcf45d3dbd1307498bec58e8bdf511eb5213f6c42273fdb7bf6", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c8c48fbed7990a460c2d2e4026b0ceca53e2a30063ebfc234e60e6722955f0b1", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2cc9810b1b08720ef659c0e2fc931c3e9211993cf5011ba133e83eca724afc64", + "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:54697b90ffc921f940ce8f1ddedef26de74553b3d724146c18cbc950a7d93822", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:daae5c3f56757be9be621ce5f531a269d4da5a464053582623ce20776dd6df68", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5eb8b82960b4edfc81270aec479407bc8d2777929e13f636bcbf9ae814e58c5f", "lvms_operator": "registry.redhat.io/lvms4/lvms-rhel9-operator@sha256:03771d66c0ed8a422c012ffaf6f390d8c3191e02330ef9b9dee00af518928d6e", "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:95b43a3788e6417f066a89ce5add3416c551fc54696ce3431957d38fdbb0540e" diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 741cc72f37..68a45d6edc 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,14 +1,14 @@ { "release": { - "base": "4.19.0-0.nightly-2025-08-28-080135" + "base": "4.19.0-0.nightly-2025-09-03-061123" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d64c69218f60db8c4131996130e7f2af21e508dcffe26c61b468af045be51058", "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f9c07bac72b6146912af9eb6308ef09d0506f125114740144b18a533aa0ab8a1", "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a4e9a9878842ea97a73fe0754c2e87ac49ebbaae2bcb8f98453dfc6a2c54faa2", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e2eaed4c4c062fd66ef3d814ca134159ff260315abf5714bc986a858b7cc9860", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:698883c5e441f88f0dcf7faffb9d5cb7e781ebd4f85ed7835ea0ab1555c8d750", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:696bcf0b046c5d2fa8e9a92055366f7fde226a9b782ceeb6bc8994d410cc534e", + "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6e677891f54fbae216e543f38673d3baaafcf69fdcef2f644c25fb8dee4acf0f", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:85614e43f83fa021bc74d82b72a600071c288db6cde2555c195a1284346f8624", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e4d2ae274e48c925325db8ceaed8d49f9e820d1a1d9eee8d1db1b131a89b9efa", "lvms_operator": "registry.redhat.io/lvms4/lvms-rhel9-operator@sha256:c5f0ad26372afdd4d3e6a37fdb5cdf0c91304c0e994ec885e2db89e851081504", "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:06da7d2653d7992bae6c74ec662f14a6019769450dc60c4307ed158ebcc50004" diff --git a/deps/github.com/openshift/kubernetes/.go-version b/deps/github.com/openshift/kubernetes/.go-version index aafdde18c8..b6773170a5 100644 --- a/deps/github.com/openshift/kubernetes/.go-version +++ b/deps/github.com/openshift/kubernetes/.go-version @@ -1 +1 @@ -1.23.11 +1.23.10 diff --git a/deps/github.com/openshift/kubernetes/CHANGELOG/CHANGELOG-1.32.md b/deps/github.com/openshift/kubernetes/CHANGELOG/CHANGELOG-1.32.md index 36142c53b8..92c26fde8c 100644 --- a/deps/github.com/openshift/kubernetes/CHANGELOG/CHANGELOG-1.32.md +++ b/deps/github.com/openshift/kubernetes/CHANGELOG/CHANGELOG-1.32.md @@ -1,348 +1,247 @@ -- [v1.32.7](#v1327) - - [Downloads for v1.32.7](#downloads-for-v1327) +- [v1.32.6](#v1326) + - [Downloads for v1.32.6](#downloads-for-v1326) - [Source Code](#source-code) - [Client Binaries](#client-binaries) - [Server Binaries](#server-binaries) - [Node Binaries](#node-binaries) - [Container Images](#container-images) - - [Changelog since v1.32.6](#changelog-since-v1326) + - [Changelog since v1.32.5](#changelog-since-v1325) + - [Important Security Information](#important-security-information) + - [CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks](#cve-2025-4563-nodes-can-bypass-dynamic-resource-allocation-authorization-checks) - [Changes by Kind](#changes-by-kind) + - [Feature](#feature) - [Bug or Regression](#bug-or-regression) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake) - [Dependencies](#dependencies) - [Added](#added) - [Changed](#changed) - [Removed](#removed) -- [v1.32.6](#v1326) - - [Downloads for v1.32.6](#downloads-for-v1326) +- [v1.32.5](#v1325) + - [Downloads for v1.32.5](#downloads-for-v1325) - [Source Code](#source-code-1) - [Client Binaries](#client-binaries-1) - [Server Binaries](#server-binaries-1) - [Node Binaries](#node-binaries-1) - [Container Images](#container-images-1) - - [Changelog since v1.32.5](#changelog-since-v1325) - - [Important Security Information](#important-security-information) - - [CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks](#cve-2025-4563-nodes-can-bypass-dynamic-resource-allocation-authorization-checks) + - [Changelog since v1.32.4](#changelog-since-v1324) - [Changes by Kind](#changes-by-kind-1) - - [Feature](#feature) + - [Feature](#feature-1) - [Bug or Regression](#bug-or-regression-1) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake) - [Dependencies](#dependencies-1) - [Added](#added-1) - [Changed](#changed-1) - [Removed](#removed-1) -- [v1.32.5](#v1325) - - [Downloads for v1.32.5](#downloads-for-v1325) +- [v1.32.4](#v1324) + - [Downloads for v1.32.4](#downloads-for-v1324) - [Source Code](#source-code-2) - [Client Binaries](#client-binaries-2) - [Server Binaries](#server-binaries-2) - [Node Binaries](#node-binaries-2) - [Container Images](#container-images-2) - - [Changelog since v1.32.4](#changelog-since-v1324) + - [Changelog since v1.32.3](#changelog-since-v1323) - [Changes by Kind](#changes-by-kind-2) - - [Feature](#feature-1) - [Bug or Regression](#bug-or-regression-2) - [Dependencies](#dependencies-2) - [Added](#added-2) - [Changed](#changed-2) - [Removed](#removed-2) -- [v1.32.4](#v1324) - - [Downloads for v1.32.4](#downloads-for-v1324) +- [v1.32.3](#v1323) + - [Downloads for v1.32.3](#downloads-for-v1323) - [Source Code](#source-code-3) - [Client Binaries](#client-binaries-3) - [Server Binaries](#server-binaries-3) - [Node Binaries](#node-binaries-3) - [Container Images](#container-images-3) - - [Changelog since v1.32.3](#changelog-since-v1323) + - [Changelog since v1.32.2](#changelog-since-v1322) - [Changes by Kind](#changes-by-kind-3) + - [API Change](#api-change) - [Bug or Regression](#bug-or-regression-3) - [Dependencies](#dependencies-3) - [Added](#added-3) - [Changed](#changed-3) - [Removed](#removed-3) -- [v1.32.3](#v1323) - - [Downloads for v1.32.3](#downloads-for-v1323) +- [v1.32.2](#v1322) + - [Downloads for v1.32.2](#downloads-for-v1322) - [Source Code](#source-code-4) - [Client Binaries](#client-binaries-4) - [Server Binaries](#server-binaries-4) - [Node Binaries](#node-binaries-4) - [Container Images](#container-images-4) - - [Changelog since v1.32.2](#changelog-since-v1322) + - [Changelog since v1.32.1](#changelog-since-v1321) + - [Important Security Information](#important-security-information-1) + - [CVE-2025-0426: Node Denial of Service via Kubelet Checkpoint API](#cve-2025-0426-node-denial-of-service-via-kubelet-checkpoint-api) - [Changes by Kind](#changes-by-kind-4) - - [API Change](#api-change) + - [Feature](#feature-2) - [Bug or Regression](#bug-or-regression-4) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) - [Dependencies](#dependencies-4) - [Added](#added-4) - [Changed](#changed-4) - [Removed](#removed-4) -- [v1.32.2](#v1322) - - [Downloads for v1.32.2](#downloads-for-v1322) +- [v1.32.1](#v1321) + - [Downloads for v1.32.1](#downloads-for-v1321) - [Source Code](#source-code-5) - [Client Binaries](#client-binaries-5) - [Server Binaries](#server-binaries-5) - [Node Binaries](#node-binaries-5) - [Container Images](#container-images-5) - - [Changelog since v1.32.1](#changelog-since-v1321) - - [Important Security Information](#important-security-information-1) - - [CVE-2025-0426: Node Denial of Service via Kubelet Checkpoint API](#cve-2025-0426-node-denial-of-service-via-kubelet-checkpoint-api) + - [Changelog since v1.32.0](#changelog-since-v1320) + - [Important Security Information](#important-security-information-2) + - [CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API](#cve-2024-9042-command-injection-affecting-windows-nodes-via-nodeslogsquery-api) - [Changes by Kind](#changes-by-kind-5) - - [Feature](#feature-2) + - [API Change](#api-change-1) + - [Feature](#feature-3) - [Bug or Regression](#bug-or-regression-5) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) - [Dependencies](#dependencies-5) - [Added](#added-5) - [Changed](#changed-5) - [Removed](#removed-5) -- [v1.32.1](#v1321) - - [Downloads for v1.32.1](#downloads-for-v1321) +- [v1.32.0](#v1320) + - [Downloads for v1.32.0](#downloads-for-v1320) - [Source Code](#source-code-6) - [Client Binaries](#client-binaries-6) - [Server Binaries](#server-binaries-6) - [Node Binaries](#node-binaries-6) - [Container Images](#container-images-6) - - [Changelog since v1.32.0](#changelog-since-v1320) - - [Important Security Information](#important-security-information-2) - - [CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API](#cve-2024-9042-command-injection-affecting-windows-nodes-via-nodeslogsquery-api) + - [Changelog since v1.31.0](#changelog-since-v1310) + - [Urgent Upgrade Notes](#urgent-upgrade-notes) - [Changes by Kind](#changes-by-kind-6) - - [API Change](#api-change-1) - - [Feature](#feature-3) + - [Deprecation](#deprecation) + - [API Change](#api-change-2) + - [Feature](#feature-4) + - [Documentation](#documentation) + - [Failing Test](#failing-test) - [Bug or Regression](#bug-or-regression-6) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - [Dependencies](#dependencies-6) - [Added](#added-6) - [Changed](#changed-6) - [Removed](#removed-6) -- [v1.32.0](#v1320) - - [Downloads for v1.32.0](#downloads-for-v1320) +- [v1.32.0-rc.2](#v1320-rc2) + - [Downloads for v1.32.0-rc.2](#downloads-for-v1320-rc2) - [Source Code](#source-code-7) - [Client Binaries](#client-binaries-7) - [Server Binaries](#server-binaries-7) - [Node Binaries](#node-binaries-7) - [Container Images](#container-images-7) - - [Changelog since v1.31.0](#changelog-since-v1310) - - [Urgent Upgrade Notes](#urgent-upgrade-notes) + - [Changelog since v1.32.0-rc.1](#changelog-since-v1320-rc1) - [Changes by Kind](#changes-by-kind-7) - - [Deprecation](#deprecation) - - [API Change](#api-change-2) - - [Feature](#feature-4) - - [Documentation](#documentation) - - [Failing Test](#failing-test) + - [API Change](#api-change-3) - [Bug or Regression](#bug-or-regression-7) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - [Dependencies](#dependencies-7) - [Added](#added-7) - [Changed](#changed-7) - [Removed](#removed-7) -- [v1.32.0-rc.2](#v1320-rc2) - - [Downloads for v1.32.0-rc.2](#downloads-for-v1320-rc2) +- [v1.32.0-rc.1](#v1320-rc1) + - [Downloads for v1.32.0-rc.1](#downloads-for-v1320-rc1) - [Source Code](#source-code-8) - [Client Binaries](#client-binaries-8) - [Server Binaries](#server-binaries-8) - [Node Binaries](#node-binaries-8) - [Container Images](#container-images-8) - - [Changelog since v1.32.0-rc.1](#changelog-since-v1320-rc1) - - [Changes by Kind](#changes-by-kind-8) - - [API Change](#api-change-3) - - [Bug or Regression](#bug-or-regression-8) + - [Changelog since v1.32.0-rc.0](#changelog-since-v1320-rc0) - [Dependencies](#dependencies-8) - [Added](#added-8) - [Changed](#changed-8) - [Removed](#removed-8) -- [v1.32.0-rc.1](#v1320-rc1) - - [Downloads for v1.32.0-rc.1](#downloads-for-v1320-rc1) +- [v1.32.0-rc.0](#v1320-rc0) + - [Downloads for v1.32.0-rc.0](#downloads-for-v1320-rc0) - [Source Code](#source-code-9) - [Client Binaries](#client-binaries-9) - [Server Binaries](#server-binaries-9) - [Node Binaries](#node-binaries-9) - [Container Images](#container-images-9) - - [Changelog since v1.32.0-rc.0](#changelog-since-v1320-rc0) + - [Changelog since v1.32.0-beta.0](#changelog-since-v1320-beta0) + - [Changes by Kind](#changes-by-kind-8) + - [API Change](#api-change-4) + - [Feature](#feature-5) + - [Bug or Regression](#bug-or-regression-8) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) - [Dependencies](#dependencies-9) - [Added](#added-9) - [Changed](#changed-9) - [Removed](#removed-9) -- [v1.32.0-rc.0](#v1320-rc0) - - [Downloads for v1.32.0-rc.0](#downloads-for-v1320-rc0) +- [v1.32.0-beta.0](#v1320-beta0) + - [Downloads for v1.32.0-beta.0](#downloads-for-v1320-beta0) - [Source Code](#source-code-10) - [Client Binaries](#client-binaries-10) - [Server Binaries](#server-binaries-10) - [Node Binaries](#node-binaries-10) - [Container Images](#container-images-10) - - [Changelog since v1.32.0-beta.0](#changelog-since-v1320-beta0) + - [Changelog since v1.32.0-alpha.3](#changelog-since-v1320-alpha3) + - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) - [Changes by Kind](#changes-by-kind-9) - - [API Change](#api-change-4) - - [Feature](#feature-5) + - [Deprecation](#deprecation-1) + - [API Change](#api-change-5) + - [Feature](#feature-6) - [Bug or Regression](#bug-or-regression-9) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) - [Dependencies](#dependencies-10) - [Added](#added-10) - [Changed](#changed-10) - [Removed](#removed-10) -- [v1.32.0-beta.0](#v1320-beta0) - - [Downloads for v1.32.0-beta.0](#downloads-for-v1320-beta0) +- [v1.32.0-alpha.3](#v1320-alpha3) + - [Downloads for v1.32.0-alpha.3](#downloads-for-v1320-alpha3) - [Source Code](#source-code-11) - [Client Binaries](#client-binaries-11) - [Server Binaries](#server-binaries-11) - [Node Binaries](#node-binaries-11) - [Container Images](#container-images-11) - - [Changelog since v1.32.0-alpha.3](#changelog-since-v1320-alpha3) - - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) + - [Changelog since v1.32.0-alpha.2](#changelog-since-v1320-alpha2) - [Changes by Kind](#changes-by-kind-10) - - [Deprecation](#deprecation-1) - - [API Change](#api-change-5) - - [Feature](#feature-6) + - [API Change](#api-change-6) + - [Feature](#feature-7) + - [Documentation](#documentation-1) - [Bug or Regression](#bug-or-regression-10) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) - [Dependencies](#dependencies-11) - [Added](#added-11) - [Changed](#changed-11) - [Removed](#removed-11) -- [v1.32.0-alpha.3](#v1320-alpha3) - - [Downloads for v1.32.0-alpha.3](#downloads-for-v1320-alpha3) +- [v1.32.0-alpha.2](#v1320-alpha2) + - [Downloads for v1.32.0-alpha.2](#downloads-for-v1320-alpha2) - [Source Code](#source-code-12) - [Client Binaries](#client-binaries-12) - [Server Binaries](#server-binaries-12) - [Node Binaries](#node-binaries-12) - [Container Images](#container-images-12) - - [Changelog since v1.32.0-alpha.2](#changelog-since-v1320-alpha2) + - [Changelog since v1.32.0-alpha.1](#changelog-since-v1320-alpha1) - [Changes by Kind](#changes-by-kind-11) - - [API Change](#api-change-6) - - [Feature](#feature-7) - - [Documentation](#documentation-1) + - [API Change](#api-change-7) + - [Feature](#feature-8) + - [Documentation](#documentation-2) - [Bug or Regression](#bug-or-regression-11) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) - [Dependencies](#dependencies-12) - [Added](#added-12) - [Changed](#changed-12) - [Removed](#removed-12) -- [v1.32.0-alpha.2](#v1320-alpha2) - - [Downloads for v1.32.0-alpha.2](#downloads-for-v1320-alpha2) +- [v1.32.0-alpha.1](#v1320-alpha1) + - [Downloads for v1.32.0-alpha.1](#downloads-for-v1320-alpha1) - [Source Code](#source-code-13) - [Client Binaries](#client-binaries-13) - [Server Binaries](#server-binaries-13) - [Node Binaries](#node-binaries-13) - [Container Images](#container-images-13) - - [Changelog since v1.32.0-alpha.1](#changelog-since-v1320-alpha1) - - [Changes by Kind](#changes-by-kind-12) - - [API Change](#api-change-7) - - [Feature](#feature-8) - - [Documentation](#documentation-2) - - [Bug or Regression](#bug-or-regression-12) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) - - [Dependencies](#dependencies-13) - - [Added](#added-13) - - [Changed](#changed-13) - - [Removed](#removed-13) -- [v1.32.0-alpha.1](#v1320-alpha1) - - [Downloads for v1.32.0-alpha.1](#downloads-for-v1320-alpha1) - - [Source Code](#source-code-14) - - [Client Binaries](#client-binaries-14) - - [Server Binaries](#server-binaries-14) - - [Node Binaries](#node-binaries-14) - - [Container Images](#container-images-14) - [Changelog since v1.31.0](#changelog-since-v1310-1) - - [Changes by Kind](#changes-by-kind-13) + - [Changes by Kind](#changes-by-kind-12) - [Deprecation](#deprecation-2) - [API Change](#api-change-8) - [Feature](#feature-9) - [Documentation](#documentation-3) - [Failing Test](#failing-test-1) - - [Bug or Regression](#bug-or-regression-13) + - [Bug or Regression](#bug-or-regression-12) - [Other (Cleanup or Flake)](#other-cleanup-or-flake-7) - - [Dependencies](#dependencies-14) - - [Added](#added-14) - - [Changed](#changed-14) - - [Removed](#removed-14) + - [Dependencies](#dependencies-13) + - [Added](#added-13) + - [Changed](#changed-13) + - [Removed](#removed-13) -# v1.32.7 - - -## Downloads for v1.32.7 - - - -### Source Code - -filename | sha512 hash --------- | ----------- -[kubernetes.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes.tar.gz) | 00d360a2c858f6254b93fdb7369cddb163d04667da330a02205cbcd50bf7c9720f363e445546ecdb3baf96afafd499215163c79a713526fb1685061b4b306af9 -[kubernetes-src.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-src.tar.gz) | 03b0306b28c9973ecbb4de4058dafa16a153e4b30036bb9fd9f0fc6c8bbf9f50a535e663e464ff8ec75c1d3b193d1e84c31ddbe5cdc0f6328a9f342b3f5943c0 - -### Client Binaries - -filename | sha512 hash --------- | ----------- -[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-client-darwin-amd64.tar.gz) | d11144e36472fb00b4faca4e2f48cef65fe9351e3ed5ca7e2914be85187bd524c29db1bd6eb4b424086a5bc9b23ed06203af2463fa421ac0b08c28090ce6ed7f -[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-client-darwin-arm64.tar.gz) | f4470d333130926a0de81298c19a9018b35cc58d675751c94c4933598927d416a719b39b6ff9ff65ebd4547f49ff6c7b1cb813b33ad34bcc72689a600f2138ee -[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-client-linux-386.tar.gz) | 52464b81ee9205b4439e499723f81a24d4284908f8c8a14f407c6415386a74320ed23cacc7b198a5160dc7dd308d83edf7de20e7dacf6391dbfff8f1d39c5623 -[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-client-linux-amd64.tar.gz) | fb31a1727c8a50ae1a2b0a74434569d32e847fd5248a35b2345c063d588e435e676fffea6db861e8abf6621fc41ace92a48e5b2c34df2272db955fe951d37cfe -[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-client-linux-arm.tar.gz) | 3a598034d6339340386e82abddf85b7dcfed17b59bd933ccff0fd8f88c09ef6a4dc697fc245b9045cd73c0fa8d637987fafd49d4d1b31d111070ad66f4a93933 -[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-client-linux-arm64.tar.gz) | 9106c73bb66996211468ed78e0fac7bd8481a9037f9d121ca2b05dc9187cefb502c6c459a23f2732e1235958f20521c17061cf5f741b8bc542ee698937ccd942 -[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-client-linux-ppc64le.tar.gz) | 82331d4c35644a90cfe99af1468050c18ca550b1ca5f29712075f731641daa3e4f96c2f0401d30f445cbd2fd6892dfc605e802fc9d7beb805c25aa0a3525b806 -[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-client-linux-s390x.tar.gz) | d13e41f644e7a4ece99d980d645b761d4981927af29c472bc15a88acfaef47d074ddfed27e1adaa185ac748f11c0eae58ed705d8784dfaf7216d8685047b3b01 -[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-client-windows-386.tar.gz) | 4ae3690372063a134b30364f48329e8795ce7aa03d03053d2687807fbfcd50f2c5d0e0c9388c0dd12dedda4d31483d217399e0707c5770bedea960af71d46fd0 -[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-client-windows-amd64.tar.gz) | e9c62241b4ce59c00dca577992e2f6a065e817673b357d70498b1a4bf204736957815b611f9fecaa53ac7a1eb4000fd69b1458d4ab9c3105d8dc3f8cd8d4bdf3 -[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-client-windows-arm64.tar.gz) | 33ffcbc77480c71a80122e037d6fbf372b0ad109fa22fd73de8e373d380ed014aab7852d11cc5983e3afc43c9d07e869b4e401c192dc04601879d9b08933e3b0 - -### Server Binaries - -filename | sha512 hash --------- | ----------- -[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-server-linux-amd64.tar.gz) | ff7e724f8527553f61b005371bf2688c889d525d21966a7799ffa4a997d6faddbeb7577ad8df5cb7fd6e08037d41634259fa85a158b857b20eb4672fe8d4baa5 -[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-server-linux-arm64.tar.gz) | 2e42207d09f49348546db0209109aa1c1bebf96e3818ccad22553ee3f65c13a6e36cb812b2ae7262941b655868fa16b9d8e681bb0b8555271ab03f4fd33798b1 -[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-server-linux-ppc64le.tar.gz) | f031afcfc656c573ebcc45de0f28656fbd6bb45c458f30c3372114940d04b12a05bfa33c0454834d927566b07a39ea78225702676adb2a2bd0fb4eebbd41ad99 -[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-server-linux-s390x.tar.gz) | aebaf89debfaf6d8543528eb2c334290452db6ef00520818d90022088a195811f6a4219a8156aeee37c841c4197d89020e17e15cda3eb80c729e041ce1626193 - -### Node Binaries - -filename | sha512 hash --------- | ----------- -[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-node-linux-amd64.tar.gz) | b6f44877cc57914cf86ae1ba1df136f4cbb1ba40d9dd39a0c455d8bc13df54af61e53c470c89c2d8ff3d47be5de360e23bb764a83038f30d1afdf54fd5f5ba6d -[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-node-linux-arm64.tar.gz) | 2934d28b5cf6856444ee1a4b4a224be19d89447b4596014507f2c0f5cc33bbbf52ed884d1366c6bc9a39e088f2dbe0e1ef389f8973c2bf3cadba80d388a9d6cb -[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-node-linux-ppc64le.tar.gz) | 20fee6ba042870d930ea3e4c650f5ba8b7b7755c85ffc0f61a93dbf92c3f1239633aee9b0e2b0e4462dba056148d9e63eb5554f8af4fd97046d7750fae96bcb4 -[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-node-linux-s390x.tar.gz) | 63ac2e7861eb709b331365c71198adb4de1e3533d76e63d7f08fd7e9cf6eb457ffc5388c22967f0eb4fc6b3cb1061d345e4e52e76fbdda444ad21d3830a0d03a -[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.32.7/kubernetes-node-windows-amd64.tar.gz) | acd5cfc416407353c010621ba93829dd263b21981814ec8a1c10434eeb4cea37a92f1b9343cecca97a4680a7b6443048583d1688a915d14bffe9a72398f75faa - -### Container Images - -All container images are available as manifest lists and support the described -architectures. It is also possible to pull a specific architecture directly by -adding the "-$ARCH" suffix to the container image name. - -name | architectures ----- | ------------- -[registry.k8s.io/conformance:v1.32.7](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-s390x) -[registry.k8s.io/kube-apiserver:v1.32.7](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-s390x) -[registry.k8s.io/kube-controller-manager:v1.32.7](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-s390x) -[registry.k8s.io/kube-proxy:v1.32.7](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-s390x) -[registry.k8s.io/kube-scheduler:v1.32.7](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-s390x) -[registry.k8s.io/kubectl:v1.32.7](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-s390x) - -## Changelog since v1.32.6 - -## Changes by Kind - -### Bug or Regression - -- Fix a bug causing unexpected delay of creating pods for newly created jobs ([#132159](https://github.com/kubernetes/kubernetes/pull/132159), [@linxiulei](https://github.com/linxiulei)) [SIG Apps and Testing] -- Fix validation for Job with suspend=true, and completions=0 to set the Complete condition. ([#132727](https://github.com/kubernetes/kubernetes/pull/132727), [@mimowo](https://github.com/mimowo)) [SIG Apps and Testing] -- Kubeadm: fixed issue where etcd member promotion fails with an error saying the member was already promoted ([#132281](https://github.com/kubernetes/kubernetes/pull/132281), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] - -## Dependencies - -### Added -_Nothing has changed._ - -### Changed -_Nothing has changed._ - -### Removed -_Nothing has changed._ - - - # v1.32.6 diff --git a/deps/github.com/openshift/kubernetes/build/build-image/cross/VERSION b/deps/github.com/openshift/kubernetes/build/build-image/cross/VERSION index 121f717023..0d4ae66aa1 100644 --- a/deps/github.com/openshift/kubernetes/build/build-image/cross/VERSION +++ b/deps/github.com/openshift/kubernetes/build/build-image/cross/VERSION @@ -1 +1 @@ -v1.32.0-go1.23.11-bullseye.0 +v1.32.0-go1.23.10-bullseye.0 diff --git a/deps/github.com/openshift/kubernetes/build/common.sh b/deps/github.com/openshift/kubernetes/build/common.sh index 730288da7c..e79b172ae8 100755 --- a/deps/github.com/openshift/kubernetes/build/common.sh +++ b/deps/github.com/openshift/kubernetes/build/common.sh @@ -97,8 +97,8 @@ readonly KUBE_RSYNC_PORT="${KUBE_RSYNC_PORT:-}" readonly KUBE_CONTAINER_RSYNC_PORT=8730 # These are the default versions (image tags) for their respective base images. -readonly __default_distroless_iptables_version=v0.6.12 -readonly __default_go_runner_version=v2.4.0-go1.23.11-bookworm.0 +readonly __default_distroless_iptables_version=v0.6.11 +readonly __default_go_runner_version=v2.4.0-go1.23.10-bookworm.0 readonly __default_setcap_version=bookworm-v1.0.4 # These are the base images for the Docker-wrapped binaries. diff --git a/deps/github.com/openshift/kubernetes/build/dependencies.yaml b/deps/github.com/openshift/kubernetes/build/dependencies.yaml index f7fe33dd33..4d4bc159e3 100644 --- a/deps/github.com/openshift/kubernetes/build/dependencies.yaml +++ b/deps/github.com/openshift/kubernetes/build/dependencies.yaml @@ -116,7 +116,7 @@ dependencies: # Golang - name: "golang: upstream version" - version: 1.23.11 + version: 1.23.10 refPaths: - path: .go-version - path: build/build-image/cross/VERSION @@ -140,7 +140,7 @@ dependencies: match: golang:([0-9]+\.[0-9]+).0-bullseye - name: "registry.k8s.io/kube-cross: dependents" - version: v1.32.0-go1.23.11-bullseye.0 + version: v1.32.0-go1.23.10-bullseye.0 refPaths: - path: build/build-image/cross/VERSION @@ -178,7 +178,7 @@ dependencies: match: registry\.k8s\.io\/build-image\/debian-base:[a-zA-Z]+\-v((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?) - name: "registry.k8s.io/distroless-iptables: dependents" - version: v0.6.12 + version: v0.6.11 refPaths: - path: build/common.sh match: __default_distroless_iptables_version= @@ -186,7 +186,7 @@ dependencies: match: configs\[DistrolessIptables\] = Config{list\.BuildImageRegistry, "distroless-iptables", "v([0-9]+)\.([0-9]+)\.([0-9]+)"} - name: "registry.k8s.io/go-runner: dependents" - version: v2.4.0-go1.23.11-bookworm.0 + version: v2.4.0-go1.23.10-bookworm.0 refPaths: - path: build/common.sh match: __default_go_runner_version= diff --git a/deps/github.com/openshift/kubernetes/openshift-hack/e2e/annotate/generated/zz_generated.annotations.go b/deps/github.com/openshift/kubernetes/openshift-hack/e2e/annotate/generated/zz_generated.annotations.go index 99bca0c091..8b92a331ea 100644 --- a/deps/github.com/openshift/kubernetes/openshift-hack/e2e/annotate/generated/zz_generated.annotations.go +++ b/deps/github.com/openshift/kubernetes/openshift-hack/e2e/annotate/generated/zz_generated.annotations.go @@ -1481,6 +1481,8 @@ var Annotations = map[string]string{ "[sig-node] Container Runtime blackbox test on terminated container should report termination message if TerminationMessagePath is set as non-root user and at a non-default path [NodeConformance] [Conformance]": " [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + "[sig-node] Container Runtime blackbox test when running a container with a new image should be able to pull from private registry with secret [NodeConformance]": " [Disabled:Broken] [Suite:k8s]", + "[sig-node] Container Runtime blackbox test when running a container with a new image should be able to pull image [NodeConformance]": " [Suite:openshift/conformance/parallel] [Suite:k8s]", "[sig-node] Container Runtime blackbox test when running a container with a new image should not be able to pull from private registry without secret [NodeConformance]": " [Suite:openshift/conformance/parallel] [Suite:k8s]", diff --git a/deps/github.com/openshift/kubernetes/openshift-hack/images/hyperkube/Dockerfile.rhel b/deps/github.com/openshift/kubernetes/openshift-hack/images/hyperkube/Dockerfile.rhel index 8ff19b1745..9770d554ca 100644 --- a/deps/github.com/openshift/kubernetes/openshift-hack/images/hyperkube/Dockerfile.rhel +++ b/deps/github.com/openshift/kubernetes/openshift-hack/images/hyperkube/Dockerfile.rhel @@ -14,4 +14,4 @@ COPY --from=builder /tmp/build/* /usr/bin/ LABEL io.k8s.display-name="OpenShift Kubernetes Server Commands" \ io.k8s.description="OpenShift is a platform for developing, building, and deploying containerized applications." \ io.openshift.tags="openshift,hyperkube" \ - io.openshift.build.versions="kubernetes=1.32.8" \ No newline at end of file + io.openshift.build.versions="kubernetes=1.32.7" \ No newline at end of file diff --git a/deps/github.com/openshift/kubernetes/plugin/pkg/admission/noderestriction/admission.go b/deps/github.com/openshift/kubernetes/plugin/pkg/admission/noderestriction/admission.go index 1163f6bc20..419de31a99 100644 --- a/deps/github.com/openshift/kubernetes/plugin/pkg/admission/noderestriction/admission.go +++ b/deps/github.com/openshift/kubernetes/plugin/pkg/admission/noderestriction/admission.go @@ -518,11 +518,6 @@ func (p *Plugin) admitNode(nodeName string, a admission.Attributes) error { return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to modify taints", nodeName)) } - // Don't allow a node to update its own ownerReferences. - if !apiequality.Semantic.DeepEqual(node.OwnerReferences, oldNode.OwnerReferences) { - return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to modify ownerReferences", nodeName)) - } - // Don't allow a node to update labels outside the allowed set. // This would allow a node to add or modify its labels in a way that would let it steer privileged workloads to itself. modifiedLabels := getModifiedLabels(node.Labels, oldNode.Labels) diff --git a/deps/github.com/openshift/kubernetes/plugin/pkg/admission/noderestriction/admission_test.go b/deps/github.com/openshift/kubernetes/plugin/pkg/admission/noderestriction/admission_test.go index b8325dbff3..86a2666ef8 100644 --- a/deps/github.com/openshift/kubernetes/plugin/pkg/admission/noderestriction/admission_test.go +++ b/deps/github.com/openshift/kubernetes/plugin/pkg/admission/noderestriction/admission_test.go @@ -254,14 +254,10 @@ func (a *admitTestCase) run(t *testing.T) { func Test_nodePlugin_Admit(t *testing.T) { var ( - trueRef = true - mynode = &user.DefaultInfo{Name: "system:node:mynode", Groups: []string{"system:nodes"}} - bob = &user.DefaultInfo{Name: "bob"} - - mynodeObjMeta = metav1.ObjectMeta{Name: "mynode", UID: "mynode-uid"} - mynodeObjMetaOwnerRefA = metav1.ObjectMeta{Name: "mynode", UID: "mynode-uid", OwnerReferences: []metav1.OwnerReference{{Name: "fooerA", Controller: &trueRef}}} - mynodeObjMetaOwnerRefB = metav1.ObjectMeta{Name: "mynode", UID: "mynode-uid", OwnerReferences: []metav1.OwnerReference{{Name: "fooerB", Controller: &trueRef}}} + mynode = &user.DefaultInfo{Name: "system:node:mynode", Groups: []string{"system:nodes"}} + bob = &user.DefaultInfo{Name: "bob"} + mynodeObjMeta = metav1.ObjectMeta{Name: "mynode", UID: "mynode-uid"} mynodeObj = &api.Node{ObjectMeta: mynodeObjMeta} mynodeObjConfigA = &api.Node{ObjectMeta: mynodeObjMeta, Spec: api.NodeSpec{ConfigSource: &api.NodeConfigSource{ ConfigMap: &api.ConfigMapNodeConfigSource{ @@ -278,11 +274,9 @@ func Test_nodePlugin_Admit(t *testing.T) { KubeletConfigKey: "kubelet", }}}} - mynodeObjTaintA = &api.Node{ObjectMeta: mynodeObjMeta, Spec: api.NodeSpec{Taints: []api.Taint{{Key: "mykey", Value: "A"}}}} - mynodeObjTaintB = &api.Node{ObjectMeta: mynodeObjMeta, Spec: api.NodeSpec{Taints: []api.Taint{{Key: "mykey", Value: "B"}}}} - mynodeObjOwnerRefA = &api.Node{ObjectMeta: mynodeObjMetaOwnerRefA} - mynodeObjOwnerRefB = &api.Node{ObjectMeta: mynodeObjMetaOwnerRefB} - othernodeObj = &api.Node{ObjectMeta: metav1.ObjectMeta{Name: "othernode"}} + mynodeObjTaintA = &api.Node{ObjectMeta: mynodeObjMeta, Spec: api.NodeSpec{Taints: []api.Taint{{Key: "mykey", Value: "A"}}}} + mynodeObjTaintB = &api.Node{ObjectMeta: mynodeObjMeta, Spec: api.NodeSpec{Taints: []api.Taint{{Key: "mykey", Value: "B"}}}} + othernodeObj = &api.Node{ObjectMeta: metav1.ObjectMeta{Name: "othernode"}} coremymirrorpod, v1mymirrorpod = makeTestPod("ns", "mymirrorpod", "mynode", true) coreothermirrorpod, v1othermirrorpod = makeTestPod("ns", "othermirrorpod", "othernode", true) @@ -1173,24 +1167,6 @@ func Test_nodePlugin_Admit(t *testing.T) { attributes: admission.NewAttributesRecord(setForbiddenUpdateLabels(mynodeObj, "new"), setForbiddenUpdateLabels(mynodeObj, "old"), nodeKind, mynodeObj.Namespace, mynodeObj.Name, nodeResource, "", admission.Update, &metav1.UpdateOptions{}, false, mynode), err: `is not allowed to modify labels: foo.node-restriction.kubernetes.io/foo, node-restriction.kubernetes.io/foo, other.k8s.io/foo, other.kubernetes.io/foo`, }, - { - name: "forbid update of my node: add owner reference", - podsGetter: existingPods, - attributes: admission.NewAttributesRecord(mynodeObjOwnerRefA, mynodeObj, nodeKind, mynodeObj.Namespace, mynodeObj.Name, nodeResource, "", admission.Update, &metav1.UpdateOptions{}, false, mynode), - err: "node \"mynode\" is not allowed to modify ownerReferences", - }, - { - name: "forbid update of my node: remove owner reference", - podsGetter: existingPods, - attributes: admission.NewAttributesRecord(mynodeObj, mynodeObjOwnerRefA, nodeKind, mynodeObj.Namespace, mynodeObj.Name, nodeResource, "", admission.Update, &metav1.UpdateOptions{}, false, mynode), - err: "node \"mynode\" is not allowed to modify ownerReferences", - }, - { - name: "forbid update of my node: change owner reference", - podsGetter: existingPods, - attributes: admission.NewAttributesRecord(mynodeObjOwnerRefA, mynodeObjOwnerRefB, nodeKind, mynodeObj.Namespace, mynodeObj.Name, nodeResource, "", admission.Update, &metav1.UpdateOptions{}, false, mynode), - err: "node \"mynode\" is not allowed to modify ownerReferences", - }, // Other node object { diff --git a/deps/github.com/openshift/kubernetes/staging/publishing/rules.yaml b/deps/github.com/openshift/kubernetes/staging/publishing/rules.yaml index fc316e1d27..e3db4a7fc3 100644 --- a/deps/github.com/openshift/kubernetes/staging/publishing/rules.yaml +++ b/deps/github.com/openshift/kubernetes/staging/publishing/rules.yaml @@ -2900,4 +2900,4 @@ rules: - staging/src/k8s.io/externaljwt recursive-delete-patterns: - '*/.gitattributes' -default-go-version: 1.23.11 +default-go-version: 1.23.10 diff --git a/deps/github.com/openshift/kubernetes/test/e2e/common/node/runtime.go b/deps/github.com/openshift/kubernetes/test/e2e/common/node/runtime.go index 8caf4cf4c4..fedf1241c2 100644 --- a/deps/github.com/openshift/kubernetes/test/e2e/common/node/runtime.go +++ b/deps/github.com/openshift/kubernetes/test/e2e/common/node/runtime.go @@ -19,10 +19,13 @@ package node import ( "context" "fmt" + "os" "path" "time" v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/uuid" "k8s.io/kubernetes/pkg/kubelet/images" "k8s.io/kubernetes/test/e2e/framework" e2epod "k8s.io/kubernetes/test/e2e/framework/pod" @@ -259,7 +262,7 @@ while true; do sleep 1; done // Images used for ConformanceContainer are not added into NodePrePullImageList, because this test is // testing image pulling, these images don't need to be prepulled. The ImagePullPolicy // is v1.PullAlways, so it won't be blocked by framework image pre-pull list check. - imagePullTest := func(ctx context.Context, image string, expectedPhase v1.PodPhase, expectedPullStatus bool, windowsImage bool) { + imagePullTest := func(ctx context.Context, image string, hasSecret bool, expectedPhase v1.PodPhase, expectedPullStatus bool, windowsImage bool) { command := []string{"/bin/sh", "-c", "while true; do sleep 1; done"} if windowsImage { // -t: Ping the specified host until stopped. @@ -275,7 +278,34 @@ while true; do sleep 1; done }, RestartPolicy: v1.RestartPolicyNever, } - + if hasSecret { + // The service account only has pull permission + auth := ` +{ + "auths": { + "https://gcr.io": { + "auth": "X2pzb25fa2V5OnsKICAidHlwZSI6ICJzZXJ2aWNlX2FjY291bnQiLAogICJwcm9qZWN0X2lkIjogImF1dGhlbnRpY2F0ZWQtaW1hZ2UtcHVsbGluZyIsCiAgInByaXZhdGVfa2V5X2lkIjogImI5ZjJhNjY0YWE5YjIwNDg0Y2MxNTg2MDYzZmVmZGExOTIyNGFjM2IiLAogICJwcml2YXRlX2tleSI6ICItLS0tLUJFR0lOIFBSSVZBVEUgS0VZLS0tLS1cbk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzdTSG5LVEVFaVlMamZcbkpmQVBHbUozd3JCY2VJNTBKS0xxS21GWE5RL3REWGJRK2g5YVl4aldJTDhEeDBKZTc0bVovS01uV2dYRjVLWlNcbm9BNktuSU85Yi9SY1NlV2VpSXRSekkzL1lYVitPNkNjcmpKSXl4anFWam5mVzJpM3NhMzd0OUE5VEZkbGZycm5cbjR6UkpiOWl4eU1YNGJMdHFGR3ZCMDNOSWl0QTNzVlo1ODhrb1FBZmgzSmhhQmVnTWorWjRSYko0aGVpQlFUMDNcbnZVbzViRWFQZVQ5RE16bHdzZWFQV2dydDZOME9VRGNBRTl4bGNJek11MjUzUG4vSzgySFpydEx4akd2UkhNVXhcbng0ZjhwSnhmQ3h4QlN3Z1NORit3OWpkbXR2b0wwRmE3ZGducFJlODZWRDY2ejNZenJqNHlLRXRqc2hLZHl5VWRcbkl5cVhoN1JSQWdNQkFBRUNnZ0VBT3pzZHdaeENVVlFUeEFka2wvSTVTRFVidi9NazRwaWZxYjJEa2FnbmhFcG9cbjFJajJsNGlWMTByOS9uenJnY2p5VlBBd3pZWk1JeDFBZVF0RDdoUzRHWmFweXZKWUc3NkZpWFpQUm9DVlB6b3VcbmZyOGRDaWFwbDV0enJDOWx2QXNHd29DTTdJWVRjZmNWdDdjRTEyRDNRS3NGNlo3QjJ6ZmdLS251WVBmK0NFNlRcbmNNMHkwaCtYRS9kMERvSERoVy96YU1yWEhqOFRvd2V1eXRrYmJzNGYvOUZqOVBuU2dET1lQd2xhbFZUcitGUWFcbkpSd1ZqVmxYcEZBUW14M0Jyd25rWnQzQ2lXV2lGM2QrSGk5RXRVYnRWclcxYjZnK1JRT0licWFtcis4YlJuZFhcbjZWZ3FCQWtKWjhSVnlkeFVQMGQxMUdqdU9QRHhCbkhCbmM0UW9rSXJFUUtCZ1FEMUNlaWN1ZGhXdGc0K2dTeGJcbnplanh0VjFONDFtZHVjQnpvMmp5b1dHbzNQVDh3ckJPL3lRRTM0cU9WSi9pZCs4SThoWjRvSWh1K0pBMDBzNmdcblRuSXErdi9kL1RFalk4MW5rWmlDa21SUFdiWHhhWXR4UjIxS1BYckxOTlFKS2ttOHRkeVh5UHFsOE1veUdmQ1dcbjJ2aVBKS05iNkhabnY5Q3lqZEo5ZzJMRG5RS0JnUUREcVN2eURtaGViOTIzSW96NGxlZ01SK205Z2xYVWdTS2dcbkVzZlllbVJmbU5XQitDN3ZhSXlVUm1ZNU55TXhmQlZXc3dXRldLYXhjK0krYnFzZmx6elZZdFpwMThNR2pzTURcbmZlZWZBWDZCWk1zVXQ3Qmw3WjlWSjg1bnRFZHFBQ0xwWitaLzN0SVJWdWdDV1pRMWhrbmxHa0dUMDI0SkVFKytcbk55SDFnM2QzUlFLQmdRQ1J2MXdKWkkwbVBsRklva0tGTkh1YTBUcDNLb1JTU1hzTURTVk9NK2xIckcxWHJtRjZcbkMwNGNTKzQ0N0dMUkxHOFVUaEpKbTRxckh0Ti9aK2dZOTYvMm1xYjRIakpORDM3TVhKQnZFYTN5ZUxTOHEvK1JcbjJGOU1LamRRaU5LWnhQcG84VzhOSlREWTVOa1BaZGh4a2pzSHdVNGRTNjZwMVRESUU0MGd0TFpaRFFLQmdGaldcbktyblFpTnEzOS9iNm5QOFJNVGJDUUFKbmR3anhTUU5kQTVmcW1rQTlhRk9HbCtqamsxQ1BWa0tNSWxLSmdEYkpcbk9heDl2OUc2Ui9NSTFIR1hmV3QxWU56VnRocjRIdHNyQTB0U3BsbWhwZ05XRTZWejZuQURqdGZQSnMyZUdqdlhcbmpQUnArdjhjY21MK3dTZzhQTGprM3ZsN2VlNXJsWWxNQndNdUdjUHhBb0dBZWRueGJXMVJMbVZubEFpSEx1L0xcbmxtZkF3RFdtRWlJMFVnK1BMbm9Pdk81dFE1ZDRXMS94RU44bFA0cWtzcGtmZk1Rbk5oNFNZR0VlQlQzMlpxQ1RcbkpSZ2YwWGpveXZ2dXA5eFhqTWtYcnBZL3ljMXpmcVRaQzBNTzkvMVVjMWJSR2RaMmR5M2xSNU5XYXA3T1h5Zk9cblBQcE5Gb1BUWGd2M3FDcW5sTEhyR3pNPVxuLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLVxuIiwKICAiY2xpZW50X2VtYWlsIjogImltYWdlLXB1bGxpbmdAYXV0aGVudGljYXRlZC1pbWFnZS1wdWxsaW5nLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwKICAiY2xpZW50X2lkIjogIjExMzc5NzkxNDUzMDA3MzI3ODcxMiIsCiAgImF1dGhfdXJpIjogImh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi9hdXRoIiwKICAidG9rZW5fdXJpIjogImh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsCiAgImF1dGhfcHJvdmlkZXJfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9vYXV0aDIvdjEvY2VydHMiLAogICJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9yb2JvdC92MS9tZXRhZGF0YS94NTA5L2ltYWdlLXB1bGxpbmclNDBhdXRoZW50aWNhdGVkLWltYWdlLXB1bGxpbmcuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iCn0=", + "email": "image-pulling@authenticated-image-pulling.iam.gserviceaccount.com" + } + } +}` + // we might be told to use a different docker config JSON. + if framework.TestContext.DockerConfigFile != "" { + contents, err := os.ReadFile(framework.TestContext.DockerConfigFile) + framework.ExpectNoError(err) + auth = string(contents) + } + secret := &v1.Secret{ + Data: map[string][]byte{v1.DockerConfigJsonKey: []byte(auth)}, + Type: v1.SecretTypeDockerConfigJson, + } + secret.Name = "image-pull-secret-" + string(uuid.NewUUID()) + ginkgo.By("create image pull secret") + _, err := f.ClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, secret, metav1.CreateOptions{}) + framework.ExpectNoError(err) + ginkgo.DeferCleanup(f.ClientSet.CoreV1().Secrets(f.Namespace.Name).Delete, secret.Name, metav1.DeleteOptions{}) + container.ImagePullSecrets = []string{secret.Name} + } // checkContainerStatus checks whether the container status matches expectation. checkContainerStatus := func(ctx context.Context) error { status, err := container.GetStatus(ctx) @@ -340,24 +370,29 @@ while true; do sleep 1; done f.It("should not be able to pull image from invalid registry", f.WithNodeConformance(), func(ctx context.Context) { image := imageutils.GetE2EImage(imageutils.InvalidRegistryImage) - imagePullTest(ctx, image, v1.PodPending, true, false) + imagePullTest(ctx, image, false, v1.PodPending, true, false) }) f.It("should be able to pull image", f.WithNodeConformance(), func(ctx context.Context) { // NOTE(claudiub): The agnhost image is supposed to work on both Linux and Windows. image := imageutils.GetE2EImage(imageutils.Agnhost) - imagePullTest(ctx, image, v1.PodRunning, false, false) + imagePullTest(ctx, image, false, v1.PodRunning, false, false) }) - // TODO: https://github.com/kubernetes/kubernetes/issues/130271 - // Switch this to use a locally hosted private image and not depend on this host f.It("should not be able to pull from private registry without secret", f.WithNodeConformance(), func(ctx context.Context) { image := imageutils.GetE2EImage(imageutils.AuthenticatedAlpine) - imagePullTest(ctx, image, v1.PodPending, true, false) + imagePullTest(ctx, image, false, v1.PodPending, true, false) }) - // TODO: https://github.com/kubernetes/kubernetes/issues/130271 - // Add a sustainable test for pulling with a private registry secret + f.It("should be able to pull from private registry with secret", f.WithNodeConformance(), func(ctx context.Context) { + image := imageutils.GetE2EImage(imageutils.AuthenticatedAlpine) + isWindows := false + if framework.NodeOSDistroIs("windows") { + image = imageutils.GetE2EImage(imageutils.AuthenticatedWindowsNanoServer) + isWindows = true + } + imagePullTest(ctx, image, true, v1.PodRunning, false, isWindows) + }) }) }) }) diff --git a/deps/github.com/openshift/kubernetes/test/e2e_node/runtime_conformance_test.go b/deps/github.com/openshift/kubernetes/test/e2e_node/runtime_conformance_test.go new file mode 100644 index 0000000000..0aa256d400 --- /dev/null +++ b/deps/github.com/openshift/kubernetes/test/e2e_node/runtime_conformance_test.go @@ -0,0 +1,156 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package e2enode + +import ( + "context" + "fmt" + "os" + "path/filepath" + "time" + + v1 "k8s.io/api/core/v1" + "k8s.io/kubernetes/pkg/kubelet/images" + "k8s.io/kubernetes/test/e2e/common/node" + "k8s.io/kubernetes/test/e2e/framework" + e2epod "k8s.io/kubernetes/test/e2e/framework/pod" + "k8s.io/kubernetes/test/e2e_node/services" + admissionapi "k8s.io/pod-security-admission/api" + + "github.com/onsi/ginkgo/v2" +) + +var _ = SIGDescribe("Container Runtime Conformance Test", func() { + f := framework.NewDefaultFramework("runtime-conformance") + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline + + ginkgo.Describe("container runtime conformance blackbox test", func() { + + ginkgo.Context("when running a container with a new image", func() { + // The service account only has pull permission + auth := ` +{ + "auths": { + "https://gcr.io": { + "auth": "X2pzb25fa2V5OnsKICAidHlwZSI6ICJzZXJ2aWNlX2FjY291bnQiLAogICJwcm9qZWN0X2lkIjogImF1dGhlbnRpY2F0ZWQtaW1hZ2UtcHVsbGluZyIsCiAgInByaXZhdGVfa2V5X2lkIjogImI5ZjJhNjY0YWE5YjIwNDg0Y2MxNTg2MDYzZmVmZGExOTIyNGFjM2IiLAogICJwcml2YXRlX2tleSI6ICItLS0tLUJFR0lOIFBSSVZBVEUgS0VZLS0tLS1cbk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzdTSG5LVEVFaVlMamZcbkpmQVBHbUozd3JCY2VJNTBKS0xxS21GWE5RL3REWGJRK2g5YVl4aldJTDhEeDBKZTc0bVovS01uV2dYRjVLWlNcbm9BNktuSU85Yi9SY1NlV2VpSXRSekkzL1lYVitPNkNjcmpKSXl4anFWam5mVzJpM3NhMzd0OUE5VEZkbGZycm5cbjR6UkpiOWl4eU1YNGJMdHFGR3ZCMDNOSWl0QTNzVlo1ODhrb1FBZmgzSmhhQmVnTWorWjRSYko0aGVpQlFUMDNcbnZVbzViRWFQZVQ5RE16bHdzZWFQV2dydDZOME9VRGNBRTl4bGNJek11MjUzUG4vSzgySFpydEx4akd2UkhNVXhcbng0ZjhwSnhmQ3h4QlN3Z1NORit3OWpkbXR2b0wwRmE3ZGducFJlODZWRDY2ejNZenJqNHlLRXRqc2hLZHl5VWRcbkl5cVhoN1JSQWdNQkFBRUNnZ0VBT3pzZHdaeENVVlFUeEFka2wvSTVTRFVidi9NazRwaWZxYjJEa2FnbmhFcG9cbjFJajJsNGlWMTByOS9uenJnY2p5VlBBd3pZWk1JeDFBZVF0RDdoUzRHWmFweXZKWUc3NkZpWFpQUm9DVlB6b3VcbmZyOGRDaWFwbDV0enJDOWx2QXNHd29DTTdJWVRjZmNWdDdjRTEyRDNRS3NGNlo3QjJ6ZmdLS251WVBmK0NFNlRcbmNNMHkwaCtYRS9kMERvSERoVy96YU1yWEhqOFRvd2V1eXRrYmJzNGYvOUZqOVBuU2dET1lQd2xhbFZUcitGUWFcbkpSd1ZqVmxYcEZBUW14M0Jyd25rWnQzQ2lXV2lGM2QrSGk5RXRVYnRWclcxYjZnK1JRT0licWFtcis4YlJuZFhcbjZWZ3FCQWtKWjhSVnlkeFVQMGQxMUdqdU9QRHhCbkhCbmM0UW9rSXJFUUtCZ1FEMUNlaWN1ZGhXdGc0K2dTeGJcbnplanh0VjFONDFtZHVjQnpvMmp5b1dHbzNQVDh3ckJPL3lRRTM0cU9WSi9pZCs4SThoWjRvSWh1K0pBMDBzNmdcblRuSXErdi9kL1RFalk4MW5rWmlDa21SUFdiWHhhWXR4UjIxS1BYckxOTlFKS2ttOHRkeVh5UHFsOE1veUdmQ1dcbjJ2aVBKS05iNkhabnY5Q3lqZEo5ZzJMRG5RS0JnUUREcVN2eURtaGViOTIzSW96NGxlZ01SK205Z2xYVWdTS2dcbkVzZlllbVJmbU5XQitDN3ZhSXlVUm1ZNU55TXhmQlZXc3dXRldLYXhjK0krYnFzZmx6elZZdFpwMThNR2pzTURcbmZlZWZBWDZCWk1zVXQ3Qmw3WjlWSjg1bnRFZHFBQ0xwWitaLzN0SVJWdWdDV1pRMWhrbmxHa0dUMDI0SkVFKytcbk55SDFnM2QzUlFLQmdRQ1J2MXdKWkkwbVBsRklva0tGTkh1YTBUcDNLb1JTU1hzTURTVk9NK2xIckcxWHJtRjZcbkMwNGNTKzQ0N0dMUkxHOFVUaEpKbTRxckh0Ti9aK2dZOTYvMm1xYjRIakpORDM3TVhKQnZFYTN5ZUxTOHEvK1JcbjJGOU1LamRRaU5LWnhQcG84VzhOSlREWTVOa1BaZGh4a2pzSHdVNGRTNjZwMVRESUU0MGd0TFpaRFFLQmdGaldcbktyblFpTnEzOS9iNm5QOFJNVGJDUUFKbmR3anhTUU5kQTVmcW1rQTlhRk9HbCtqamsxQ1BWa0tNSWxLSmdEYkpcbk9heDl2OUc2Ui9NSTFIR1hmV3QxWU56VnRocjRIdHNyQTB0U3BsbWhwZ05XRTZWejZuQURqdGZQSnMyZUdqdlhcbmpQUnArdjhjY21MK3dTZzhQTGprM3ZsN2VlNXJsWWxNQndNdUdjUHhBb0dBZWRueGJXMVJMbVZubEFpSEx1L0xcbmxtZkF3RFdtRWlJMFVnK1BMbm9Pdk81dFE1ZDRXMS94RU44bFA0cWtzcGtmZk1Rbk5oNFNZR0VlQlQzMlpxQ1RcbkpSZ2YwWGpveXZ2dXA5eFhqTWtYcnBZL3ljMXpmcVRaQzBNTzkvMVVjMWJSR2RaMmR5M2xSNU5XYXA3T1h5Zk9cblBQcE5Gb1BUWGd2M3FDcW5sTEhyR3pNPVxuLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLVxuIiwKICAiY2xpZW50X2VtYWlsIjogImltYWdlLXB1bGxpbmdAYXV0aGVudGljYXRlZC1pbWFnZS1wdWxsaW5nLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwKICAiY2xpZW50X2lkIjogIjExMzc5NzkxNDUzMDA3MzI3ODcxMiIsCiAgImF1dGhfdXJpIjogImh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi9hdXRoIiwKICAidG9rZW5fdXJpIjogImh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsCiAgImF1dGhfcHJvdmlkZXJfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9vYXV0aDIvdjEvY2VydHMiLAogICJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9yb2JvdC92MS9tZXRhZGF0YS94NTA5L2ltYWdlLXB1bGxpbmclNDBhdXRoZW50aWNhdGVkLWltYWdlLXB1bGxpbmcuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iCn0=", + "email": "image-pulling@authenticated-image-pulling.iam.gserviceaccount.com" + } + } +}` + // The following images are not added into NodePrePullImageList, because this test is + // testing image pulling, these images don't need to be prepulled. The ImagePullPolicy + // is v1.PullAlways, so it won't be blocked by framework image pre-pull list check. + for _, testCase := range []struct { + description string + image string + phase v1.PodPhase + waiting bool + }{ + { + description: "should be able to pull from private registry with credential provider", + image: "gcr.io/authenticated-image-pulling/alpine:3.7", + phase: v1.PodRunning, + waiting: false, + }, + } { + testCase := testCase + f.It(testCase.description+"", f.WithNodeConformance(), func(ctx context.Context) { + name := "image-pull-test" + command := []string{"/bin/sh", "-c", "while true; do sleep 1; done"} + container := node.ConformanceContainer{ + PodClient: e2epod.NewPodClient(f), + Container: v1.Container{ + Name: name, + Image: testCase.image, + Command: command, + // PullAlways makes sure that the image will always be pulled even if it is present before the test. + ImagePullPolicy: v1.PullAlways, + }, + RestartPolicy: v1.RestartPolicyNever, + } + + configFile := filepath.Join(services.KubeletRootDirectory, "config.json") + err := os.WriteFile(configFile, []byte(auth), 0644) + framework.ExpectNoError(err) + defer os.Remove(configFile) + + // checkContainerStatus checks whether the container status matches expectation. + checkContainerStatus := func(ctx context.Context) error { + status, err := container.GetStatus(ctx) + if err != nil { + return fmt.Errorf("failed to get container status: %w", err) + } + // We need to check container state first. The default pod status is pending, If we check + // pod phase first, and the expected pod phase is Pending, the container status may not + // even show up when we check it. + // Check container state + if !testCase.waiting { + if status.State.Running == nil { + return fmt.Errorf("expected container state: Running, got: %q", + node.GetContainerState(status.State)) + } + } + if testCase.waiting { + if status.State.Waiting == nil { + return fmt.Errorf("expected container state: Waiting, got: %q", + node.GetContainerState(status.State)) + } + reason := status.State.Waiting.Reason + if reason != images.ErrImagePull.Error() && + reason != images.ErrImagePullBackOff.Error() { + return fmt.Errorf("unexpected waiting reason: %q", reason) + } + } + // Check pod phase + phase, err := container.GetPhase(ctx) + if err != nil { + return fmt.Errorf("failed to get pod phase: %w", err) + } + if phase != testCase.phase { + return fmt.Errorf("expected pod phase: %q, got: %q", testCase.phase, phase) + } + return nil + } + // The image registry is not stable, which sometimes causes the test to fail. Add retry mechanism to make this + // less flaky. + const flakeRetry = 3 + for i := 1; i <= flakeRetry; i++ { + var err error + ginkgo.By("create the container") + container.Create(ctx) + ginkgo.By("check the container status") + for start := time.Now(); time.Since(start) < node.ContainerStatusRetryTimeout; time.Sleep(node.ContainerStatusPollInterval) { + if err = checkContainerStatus(ctx); err == nil { + break + } + } + ginkgo.By("delete the container") + _ = container.Delete(ctx) + if err == nil { + break + } + if i < flakeRetry { + framework.Logf("No.%d attempt failed: %v, retrying...", i, err) + } else { + framework.Failf("All %d attempts failed: %v", flakeRetry, err) + } + } + }) + } + }) + }) +}) diff --git a/deps/github.com/openshift/kubernetes/test/images/.permitted-images b/deps/github.com/openshift/kubernetes/test/images/.permitted-images index 042af1417c..ec7dac61ab 100644 --- a/deps/github.com/openshift/kubernetes/test/images/.permitted-images +++ b/deps/github.com/openshift/kubernetes/test/images/.permitted-images @@ -4,6 +4,7 @@ # The sources for which are in test/images/agnhost. # If agnhost is missing functionality for your tests, please reach out to SIG Testing. gcr.io/authenticated-image-pulling/alpine +gcr.io/authenticated-image-pulling/windows-nanoserver gcr.io/k8s-authenticated-test/agnhost invalid.registry.k8s.io/invalid/alpine registry.k8s.io/build-image/distroless-iptables diff --git a/deps/github.com/openshift/kubernetes/test/images/Makefile b/deps/github.com/openshift/kubernetes/test/images/Makefile index 7048c9fa86..a96a629816 100644 --- a/deps/github.com/openshift/kubernetes/test/images/Makefile +++ b/deps/github.com/openshift/kubernetes/test/images/Makefile @@ -16,7 +16,7 @@ REGISTRY ?= registry.k8s.io/e2e-test-images GOARM ?= 7 DOCKER_CERT_BASE_PATH ?= QEMUVERSION=v5.1.0-2 -GOLANG_VERSION=1.23.11 +GOLANG_VERSION=1.23.10 export ifndef WHAT diff --git a/deps/github.com/openshift/kubernetes/test/utils/image/manifest.go b/deps/github.com/openshift/kubernetes/test/utils/image/manifest.go index 15ef54ffbe..135e121def 100644 --- a/deps/github.com/openshift/kubernetes/test/utils/image/manifest.go +++ b/deps/github.com/openshift/kubernetes/test/utils/image/manifest.go @@ -129,17 +129,13 @@ func readFromURL(url string, writer io.Writer) error { var ( initRegistry = RegistryList{ - // TODO: https://github.com/kubernetes/kubernetes/issues/130271 - // Eliminate GcAuthenticatedRegistry. - GcAuthenticatedRegistry: "gcr.io/authenticated-image-pulling", - PromoterE2eRegistry: "registry.k8s.io/e2e-test-images", - BuildImageRegistry: "registry.k8s.io/build-image", - InvalidRegistry: "invalid.registry.k8s.io/invalid", - GcEtcdRegistry: "registry.k8s.io", - GcRegistry: "registry.k8s.io", - SigStorageRegistry: "registry.k8s.io/sig-storage", - // TODO: https://github.com/kubernetes/kubernetes/issues/130271 - // Eliminate PrivateRegistry. + GcAuthenticatedRegistry: "gcr.io/authenticated-image-pulling", + PromoterE2eRegistry: "registry.k8s.io/e2e-test-images", + BuildImageRegistry: "registry.k8s.io/build-image", + InvalidRegistry: "invalid.registry.k8s.io/invalid", + GcEtcdRegistry: "registry.k8s.io", + GcRegistry: "registry.k8s.io", + SigStorageRegistry: "registry.k8s.io/sig-storage", PrivateRegistry: "gcr.io/k8s-authenticated-test", DockerLibraryRegistry: "docker.io/library", CloudProviderGcpRegistry: "registry.k8s.io/cloud-provider-gcp", @@ -156,17 +152,15 @@ const ( // Agnhost image Agnhost // AgnhostPrivate image - // TODO: https://github.com/kubernetes/kubernetes/issues/130271 - // Eliminate this. AgnhostPrivate // APIServer image APIServer // AppArmorLoader image AppArmorLoader // AuthenticatedAlpine image - // TODO: https://github.com/kubernetes/kubernetes/issues/130271 - // Eliminate this. AuthenticatedAlpine + // AuthenticatedWindowsNanoServer image + AuthenticatedWindowsNanoServer // BusyBox image BusyBox // DistrolessIptables Image @@ -225,10 +219,11 @@ func initImageConfigs(list RegistryList) (map[ImageID]Config, map[ImageID]Config configs[Agnhost] = Config{list.PromoterE2eRegistry, "agnhost", "2.53"} configs[AgnhostPrivate] = Config{list.PrivateRegistry, "agnhost", "2.6"} configs[AuthenticatedAlpine] = Config{list.GcAuthenticatedRegistry, "alpine", "3.7"} + configs[AuthenticatedWindowsNanoServer] = Config{list.GcAuthenticatedRegistry, "windows-nanoserver", "v1"} configs[APIServer] = Config{list.PromoterE2eRegistry, "sample-apiserver", "1.29.2"} configs[AppArmorLoader] = Config{list.PromoterE2eRegistry, "apparmor-loader", "1.4"} configs[BusyBox] = Config{list.PromoterE2eRegistry, "busybox", "1.36.1-1"} - configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.6.12"} + configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.6.11"} configs[Etcd] = Config{list.GcEtcdRegistry, "etcd", "3.5.16-0"} configs[Httpd] = Config{list.PromoterE2eRegistry, "httpd", "2.4.38-4"} configs[HttpdNew] = Config{list.PromoterE2eRegistry, "httpd", "2.4.39-4"} @@ -275,7 +270,7 @@ func GetMappedImageConfigs(originalImageConfigs map[ImageID]Config, repo string) for i, config := range originalImageConfigs { switch i { case InvalidRegistryImage, AuthenticatedAlpine, - AgnhostPrivate: + AuthenticatedWindowsNanoServer, AgnhostPrivate: // These images are special and can't be run out of the cloud - some because they // are authenticated, and others because they are not real images. Tests that depend // on these images can't be run without access to the public internet. diff --git a/etcd/go.mod b/etcd/go.mod index 811ca776bf..6e3ed278d2 100644 --- a/etcd/go.mod +++ b/etcd/go.mod @@ -144,12 +144,12 @@ require ( replace ( github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20241205171354-8006f302fd12 // from kubernetes - go.etcd.io/etcd/api/v3 => github.com/openshift/etcd/api/v3 v3.5.1-0.20250411172207-a5421dfe551a // from etcd - go.etcd.io/etcd/client/pkg/v3 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250411172207-a5421dfe551a // from etcd - go.etcd.io/etcd/client/v3 => github.com/openshift/etcd/client/v3 v3.5.1-0.20250411172207-a5421dfe551a // from etcd - go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20250411172207-a5421dfe551a // from etcd - go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20250411172207-a5421dfe551a // from etcd - go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20250411172207-a5421dfe551a // from etcd + go.etcd.io/etcd/api/v3 => github.com/openshift/etcd/api/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 // from etcd + go.etcd.io/etcd/client/pkg/v3 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 // from etcd + go.etcd.io/etcd/client/v3 => github.com/openshift/etcd/client/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 // from etcd + go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 // from etcd + go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 // from etcd + go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 // from etcd ) replace ( diff --git a/etcd/go.sum b/etcd/go.sum index 71f616489e..10f8f9ed6d 100644 --- a/etcd/go.sum +++ b/etcd/go.sum @@ -162,18 +162,18 @@ github.com/openshift/api v0.0.0-20250213010142-f5b09d13c01f h1:HH+BqfxONWB2kknhC github.com/openshift/api v0.0.0-20250213010142-f5b09d13c01f/go.mod h1:yk60tHAmHhtVpJQo3TwVYq2zpuP70iJIFDCmeKMIzPw= github.com/openshift/build-machinery-go v0.0.0-20250602125535-1b6d00b8c37c h1:gJvhduWIrpzoUTwrJjjeul+hGETKkhRhEZosBg/X3Hg= github.com/openshift/build-machinery-go v0.0.0-20250602125535-1b6d00b8c37c/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE= -github.com/openshift/etcd/api/v3 v3.5.1-0.20250411172207-a5421dfe551a h1:xPuKS5jHdAvz/ZnVk1Zib4BFQfQvWGE81l9naQ8+3ok= -github.com/openshift/etcd/api/v3 v3.5.1-0.20250411172207-a5421dfe551a/go.mod h1:c3aH5wcvXv/9dqIw2Y810LDXJfhSYdHQ0vxmP3CCHVY= -github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250411172207-a5421dfe551a h1:S+zAlmcKTX+oFurjzztf0+89ySajZpWq9KbjN4VtEB0= -github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250411172207-a5421dfe551a/go.mod h1:BgqT/IXPjK9NkeSDjbzwsHySX3yIle2+ndz28nVsjUs= -github.com/openshift/etcd/client/v3 v3.5.1-0.20250411172207-a5421dfe551a h1:4u4yoryqRDNV+oAR5F+MABA3QWmHNo0WB5JmzQn/Uik= -github.com/openshift/etcd/client/v3 v3.5.1-0.20250411172207-a5421dfe551a/go.mod h1:mFYy67IOqmbRf/kRUvsHixzo3iG+1OF2W2+jVIQRAnU= -github.com/openshift/etcd/pkg/v3 v3.5.1-0.20250411172207-a5421dfe551a h1:BKcKeVF8m+Og1yGdQAXzLSPZb3ttNvhhVkkrLDK+yWw= -github.com/openshift/etcd/pkg/v3 v3.5.1-0.20250411172207-a5421dfe551a/go.mod h1:wpZx8Egv1g4y+N7JAsqi2zoUiBIUWznLjqJbylDjWgU= -github.com/openshift/etcd/raft/v3 v3.5.1-0.20250411172207-a5421dfe551a h1:19aSm0Xo47oaTfK9vgg/i9Ybu1Pzq5tFKIEQyzdCfPk= -github.com/openshift/etcd/raft/v3 v3.5.1-0.20250411172207-a5421dfe551a/go.mod h1:fmcuY5R2SNkklU4+fKVBQi2biVp5vafMrWUEj4TJ4Cs= -github.com/openshift/etcd/server/v3 v3.5.1-0.20250411172207-a5421dfe551a h1:C/8cEHhZcK1VdHUZyYzgTtT84E7Tji1qlebb8SUnhqA= -github.com/openshift/etcd/server/v3 v3.5.1-0.20250411172207-a5421dfe551a/go.mod h1:G1mOzdwuzKT1VRL7SqRchli/qcFrtLBTAQ4lV20sXXo= +github.com/openshift/etcd/api/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 h1:ZOmc6Ds7POjfZS/zEoU9QPgq5o0Ng6MjFYrvHePJXTs= +github.com/openshift/etcd/api/v3 v3.5.1-0.20250829104148-eb0acd5c92a8/go.mod h1:c3aH5wcvXv/9dqIw2Y810LDXJfhSYdHQ0vxmP3CCHVY= +github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 h1:jC9Oi+1QXiuRycgbK7JpLklUpx1QqGPZbaCC7jihXYg= +github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250829104148-eb0acd5c92a8/go.mod h1:BgqT/IXPjK9NkeSDjbzwsHySX3yIle2+ndz28nVsjUs= +github.com/openshift/etcd/client/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 h1:MDo/a7/dMfpRwRf7of4h7Y6cxXXExeJi93sSgj5rteA= +github.com/openshift/etcd/client/v3 v3.5.1-0.20250829104148-eb0acd5c92a8/go.mod h1:mFYy67IOqmbRf/kRUvsHixzo3iG+1OF2W2+jVIQRAnU= +github.com/openshift/etcd/pkg/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 h1:Hbo+rghxJdAvxWX8vNak+WwsHiQhsGzvEkS88qD4mzI= +github.com/openshift/etcd/pkg/v3 v3.5.1-0.20250829104148-eb0acd5c92a8/go.mod h1:wpZx8Egv1g4y+N7JAsqi2zoUiBIUWznLjqJbylDjWgU= +github.com/openshift/etcd/raft/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 h1:1joMryPJwX92mM8ctecm46j8lHHtBmKLawn3uHMcmQs= +github.com/openshift/etcd/raft/v3 v3.5.1-0.20250829104148-eb0acd5c92a8/go.mod h1:fmcuY5R2SNkklU4+fKVBQi2biVp5vafMrWUEj4TJ4Cs= +github.com/openshift/etcd/server/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 h1:yfp1Lotng/kTA+wTPzHX9pvPwYMAcpC7x/wibqk/K7s= +github.com/openshift/etcd/server/v3 v3.5.1-0.20250829104148-eb0acd5c92a8/go.mod h1:G1mOzdwuzKT1VRL7SqRchli/qcFrtLBTAQ4lV20sXXo= github.com/openshift/library-go v0.0.0-20250217144305-c917e6d528b2 h1:y6VYcutLuJEXDeE/EUMYMcJWyhlxuSg8DbLBajMBJy8= github.com/openshift/library-go v0.0.0-20250217144305-c917e6d528b2/go.mod h1:GHwvopE5KXXCz4ULHp871sTPLLW+FB+hu/RIzlNwxx8= github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20241205171354-8006f302fd12 h1:AKx/w1qpS8We43bsRgf8Nll3CGlDHpr/WAXvuedTNZI= diff --git a/etcd/vendor/go.etcd.io/etcd/server/v3/etcdserver/api/rafthttp/pipeline.go b/etcd/vendor/go.etcd.io/etcd/server/v3/etcdserver/api/rafthttp/pipeline.go index 1909e8cdba..de3b459118 100644 --- a/etcd/vendor/go.etcd.io/etcd/server/v3/etcdserver/api/rafthttp/pipeline.go +++ b/etcd/vendor/go.etcd.io/etcd/server/v3/etcdserver/api/rafthttp/pipeline.go @@ -165,7 +165,7 @@ func (p *pipeline) post(data []byte) (err error) { p.picker.unreachable(u) // errMemberRemoved is a critical error since a removed member should // always be stopped. So we use reportCriticalError to report it to errorc. - if err == errMemberRemoved || err == ErrClusterIDMismatch { + if err == errMemberRemoved { reportCriticalError(err, p.errorc) } return err diff --git a/etcd/vendor/go.etcd.io/etcd/server/v3/etcdserver/raft.go b/etcd/vendor/go.etcd.io/etcd/server/v3/etcdserver/raft.go index 0eddd266ba..b022c68fb0 100644 --- a/etcd/vendor/go.etcd.io/etcd/server/v3/etcdserver/raft.go +++ b/etcd/vendor/go.etcd.io/etcd/server/v3/etcdserver/raft.go @@ -19,7 +19,6 @@ import ( "expvar" "fmt" "log" - "math/rand/v2" "sort" "sync" "time" @@ -579,7 +578,7 @@ func restartAsStandaloneNode(cfg config.ServerConfig, snapshot *raftpb.Snapshot, if snapshot != nil { walsnap.Index, walsnap.Term = snapshot.Metadata.Index, snapshot.Metadata.Term } - w, id, _, st, ents := readWAL(cfg.Logger, cfg.WALDir(), walsnap, cfg.UnsafeNoFsync) + w, id, cid, st, ents := readWAL(cfg.Logger, cfg.WALDir(), walsnap, cfg.UnsafeNoFsync) // discard the previously uncommitted entries for i, ent := range ents { @@ -605,12 +604,8 @@ func restartAsStandaloneNode(cfg config.ServerConfig, snapshot *raftpb.Snapshot, ) ents = append(ents, toAppEnts...) - cl := membership.NewCluster(cfg.Logger, membership.WithMaxLearners(cfg.ExperimentalMaxLearners)) - cid := types.ID(rand.Uint64()) - cl.SetID(id, cid) - // force commit newly appended entries - err := w.SaveWithMetadata(raftpb.HardState{}, toAppEnts, &pb.Metadata{NodeID: uint64(id), ClusterID: uint64(cid)}) + err := w.Save(raftpb.HardState{}, toAppEnts) if err != nil { cfg.Logger.Fatal("failed to save hard state and entries", zap.Error(err)) } @@ -632,6 +627,8 @@ func restartAsStandaloneNode(cfg config.ServerConfig, snapshot *raftpb.Snapshot, zap.Uint64("commit-index", st.Commit), ) + cl := membership.NewCluster(cfg.Logger, membership.WithMaxLearners(cfg.ExperimentalMaxLearners)) + cl.SetID(id, cid) s := raft.NewMemoryStorage() if snapshot != nil { s.ApplySnapshot(*snapshot) diff --git a/etcd/vendor/go.etcd.io/etcd/server/v3/wal/wal.go b/etcd/vendor/go.etcd.io/etcd/server/v3/wal/wal.go index f315176ce2..69011025fa 100644 --- a/etcd/vendor/go.etcd.io/etcd/server/v3/wal/wal.go +++ b/etcd/vendor/go.etcd.io/etcd/server/v3/wal/wal.go @@ -27,8 +27,6 @@ import ( "sync" "time" - "go.etcd.io/etcd/api/v3/etcdserverpb" - "go.etcd.io/etcd/client/pkg/v3/fileutil" "go.etcd.io/etcd/pkg/v3/pbutil" "go.etcd.io/etcd/raft/v3" @@ -44,7 +42,6 @@ const ( stateType crcType snapshotType - metadataModType // warnSyncDuration is the amount of time allotted to an fsync before // logging a warning @@ -65,7 +62,6 @@ var ( ErrSnapshotNotFound = errors.New("wal: snapshot not found") ErrSliceOutOfRange = errors.New("wal: slice bounds out of range") ErrDecoderNotFound = errors.New("wal: decoder not found") - ErrNoMetadata = errors.New("wal: no metadata found") crcTable = crc32.MakeTable(crc32.Castagnoli) ) @@ -475,18 +471,6 @@ func (w *WAL) ReadAll() (metadata []byte, state raftpb.HardState, ents []raftpb. } metadata = rec.Data - case metadataModType: - if metadata == nil { - state.Reset() - return nil, state, nil, ErrNoMetadata - } - - var meta, metaMod etcdserverpb.Metadata - pbutil.MustUnmarshal(&meta, metadata) - pbutil.MustUnmarshal(&metaMod, rec.Data) - meta.ClusterID = metaMod.ClusterID - metadata = pbutil.MustMarshal(&meta) - case crcType: crc := decoder.crc.Sum32() // current crc of decoder must match the crc of the record. @@ -945,25 +929,12 @@ func (w *WAL) saveState(s *raftpb.HardState) error { return w.encoder.encode(rec) } -func (w *WAL) SaveMetadata(metadata *etcdserverpb.Metadata) error { - b := pbutil.MustMarshal(metadata) - rec := &walpb.Record{Type: metadataModType, Data: b} - if err := w.encoder.encode(rec); err != nil { - return err - } - return nil -} - func (w *WAL) Save(st raftpb.HardState, ents []raftpb.Entry) error { - return w.SaveWithMetadata(st, ents, nil) -} - -func (w *WAL) SaveWithMetadata(st raftpb.HardState, ents []raftpb.Entry, metadata *etcdserverpb.Metadata) error { w.mu.Lock() defer w.mu.Unlock() // short cut, do not call sync - if metadata == nil && raft.IsEmptyHardState(st) && len(ents) == 0 { + if raft.IsEmptyHardState(st) && len(ents) == 0 { return nil } @@ -975,13 +946,6 @@ func (w *WAL) SaveWithMetadata(st raftpb.HardState, ents []raftpb.Entry, metadat return err } } - - if metadata != nil { - if err := w.SaveMetadata(metadata); err != nil { - return err - } - } - if err := w.saveState(&st); err != nil { return err } diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt index 0d46fa4536..f6145bb47a 100644 --- a/etcd/vendor/modules.txt +++ b/etcd/vendor/modules.txt @@ -282,7 +282,7 @@ github.com/xlab/treeprint # go.etcd.io/bbolt v1.3.11 ## explicit; go 1.22 go.etcd.io/bbolt -# go.etcd.io/etcd/api/v3 v3.5.21 => github.com/openshift/etcd/api/v3 v3.5.1-0.20250411172207-a5421dfe551a +# go.etcd.io/etcd/api/v3 v3.5.21 => github.com/openshift/etcd/api/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 ## explicit; go 1.23.0 go.etcd.io/etcd/api/v3/authpb go.etcd.io/etcd/api/v3/etcdserverpb @@ -291,7 +291,7 @@ go.etcd.io/etcd/api/v3/membershippb go.etcd.io/etcd/api/v3/mvccpb go.etcd.io/etcd/api/v3/v3rpc/rpctypes go.etcd.io/etcd/api/v3/version -# go.etcd.io/etcd/client/pkg/v3 v3.5.21 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250411172207-a5421dfe551a +# go.etcd.io/etcd/client/pkg/v3 v3.5.21 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 ## explicit; go 1.23.0 go.etcd.io/etcd/client/pkg/v3/fileutil go.etcd.io/etcd/client/pkg/v3/logutil @@ -304,14 +304,14 @@ go.etcd.io/etcd/client/pkg/v3/types # go.etcd.io/etcd/client/v2 v2.305.21 ## explicit; go 1.23.0 go.etcd.io/etcd/client/v2 -# go.etcd.io/etcd/client/v3 v3.5.21 => github.com/openshift/etcd/client/v3 v3.5.1-0.20250411172207-a5421dfe551a +# go.etcd.io/etcd/client/v3 v3.5.21 => github.com/openshift/etcd/client/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 ## explicit; go 1.23.0 go.etcd.io/etcd/client/v3 go.etcd.io/etcd/client/v3/concurrency go.etcd.io/etcd/client/v3/credentials go.etcd.io/etcd/client/v3/internal/endpoint go.etcd.io/etcd/client/v3/internal/resolver -# go.etcd.io/etcd/pkg/v3 v3.5.21 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20250411172207-a5421dfe551a +# go.etcd.io/etcd/pkg/v3 v3.5.21 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 ## explicit; go 1.23.0 go.etcd.io/etcd/pkg/v3/adt go.etcd.io/etcd/pkg/v3/contention @@ -328,14 +328,14 @@ go.etcd.io/etcd/pkg/v3/runtime go.etcd.io/etcd/pkg/v3/schedule go.etcd.io/etcd/pkg/v3/traceutil go.etcd.io/etcd/pkg/v3/wait -# go.etcd.io/etcd/raft/v3 v3.5.21 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20250411172207-a5421dfe551a +# go.etcd.io/etcd/raft/v3 v3.5.21 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 ## explicit; go 1.23.0 go.etcd.io/etcd/raft/v3 go.etcd.io/etcd/raft/v3/confchange go.etcd.io/etcd/raft/v3/quorum go.etcd.io/etcd/raft/v3/raftpb go.etcd.io/etcd/raft/v3/tracker -# go.etcd.io/etcd/server/v3 v3.5.16 => github.com/openshift/etcd/server/v3 v3.5.1-0.20250411172207-a5421dfe551a +# go.etcd.io/etcd/server/v3 v3.5.16 => github.com/openshift/etcd/server/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 ## explicit; go 1.23.0 go.etcd.io/etcd/server/v3/auth go.etcd.io/etcd/server/v3/config @@ -1078,12 +1078,12 @@ sigs.k8s.io/yaml/goyaml.v3 # github.com/openshift/microshift/pkg/config => ../pkg/config # github.com/openshift/microshift/pkg/util/cryptomaterial => ../pkg/util/cryptomaterial # github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20241205171354-8006f302fd12 -# go.etcd.io/etcd/api/v3 => github.com/openshift/etcd/api/v3 v3.5.1-0.20250411172207-a5421dfe551a -# go.etcd.io/etcd/client/pkg/v3 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250411172207-a5421dfe551a -# go.etcd.io/etcd/client/v3 => github.com/openshift/etcd/client/v3 v3.5.1-0.20250411172207-a5421dfe551a -# go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20250411172207-a5421dfe551a -# go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20250411172207-a5421dfe551a -# go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20250411172207-a5421dfe551a +# go.etcd.io/etcd/api/v3 => github.com/openshift/etcd/api/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 +# go.etcd.io/etcd/client/pkg/v3 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 +# go.etcd.io/etcd/client/v3 => github.com/openshift/etcd/client/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 +# go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 +# go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 +# go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 # k8s.io/api => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/api # k8s.io/apiextensions-apiserver => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver # k8s.io/apimachinery => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery diff --git a/go.mod b/go.mod index 149af75cbc..83eab9b901 100644 --- a/go.mod +++ b/go.mod @@ -38,16 +38,16 @@ require ( github.com/prometheus/common v0.62.0 github.com/prometheus/prometheus v0.302.1 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v1.32.8 - k8s.io/apiextensions-apiserver v1.32.8 - k8s.io/apimachinery v1.32.8 - k8s.io/apiserver v1.32.8 - k8s.io/cli-runtime v1.32.8 - k8s.io/client-go v1.32.8 - k8s.io/cloud-provider v1.32.8 - k8s.io/component-base v1.32.8 - k8s.io/kube-aggregator v1.32.8 - k8s.io/kubectl v1.32.8 + k8s.io/api v1.32.7 + k8s.io/apiextensions-apiserver v1.32.7 + k8s.io/apimachinery v1.32.7 + k8s.io/apiserver v1.32.7 + k8s.io/cli-runtime v1.32.7 + k8s.io/client-go v1.32.7 + k8s.io/cloud-provider v1.32.7 + k8s.io/component-base v1.32.7 + k8s.io/kube-aggregator v1.32.7 + k8s.io/kubectl v1.32.7 k8s.io/utils v0.0.0-20241210054802-24370beab758 sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 sigs.k8s.io/kustomize/api v0.18.0 @@ -146,22 +146,22 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect - k8s.io/cluster-bootstrap v1.32.8 // indirect - k8s.io/component-helpers v1.32.8 // indirect - k8s.io/controller-manager v1.32.8 // indirect - k8s.io/cri-api v1.32.8 // indirect - k8s.io/cri-client v1.32.8 // indirect - k8s.io/csi-translation-lib v1.32.8 // indirect - k8s.io/dynamic-resource-allocation v1.32.8 // indirect - k8s.io/endpointslice v1.32.8 // indirect - k8s.io/externaljwt v1.32.8 // indirect - k8s.io/kms v1.32.8 // indirect - k8s.io/kube-controller-manager v1.32.8 // indirect - k8s.io/kube-scheduler v1.32.8 // indirect - k8s.io/kubelet v1.32.8 // indirect - k8s.io/metrics v1.32.8 // indirect - k8s.io/mount-utils v1.32.8 // indirect - k8s.io/pod-security-admission v1.32.8 // indirect + k8s.io/cluster-bootstrap v1.32.7 // indirect + k8s.io/component-helpers v1.32.7 // indirect + k8s.io/controller-manager v1.32.7 // indirect + k8s.io/cri-api v1.32.7 // indirect + k8s.io/cri-client v1.32.7 // indirect + k8s.io/csi-translation-lib v1.32.7 // indirect + k8s.io/dynamic-resource-allocation v1.32.7 // indirect + k8s.io/endpointslice v1.32.7 // indirect + k8s.io/externaljwt v1.32.7 // indirect + k8s.io/kms v1.32.7 // indirect + k8s.io/kube-controller-manager v1.32.7 // indirect + k8s.io/kube-scheduler v1.32.7 // indirect + k8s.io/kubelet v1.32.7 // indirect + k8s.io/metrics v1.32.7 // indirect + k8s.io/mount-utils v1.32.7 // indirect + k8s.io/pod-security-admission v1.32.7 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect ) @@ -210,7 +210,7 @@ require ( google.golang.org/protobuf v1.36.4 // indirect k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9 // indirect k8s.io/klog/v2 v2.130.1 - k8s.io/kubernetes v1.32.8 + k8s.io/kubernetes v1.32.7 sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect ) @@ -257,7 +257,7 @@ replace ( ) replace ( - go.etcd.io/etcd/api/v3 => github.com/openshift/etcd/api/v3 v3.5.1-0.20250411172207-a5421dfe551a // from etcd - go.etcd.io/etcd/client/pkg/v3 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250411172207-a5421dfe551a // from etcd - go.etcd.io/etcd/client/v3 => github.com/openshift/etcd/client/v3 v3.5.1-0.20250411172207-a5421dfe551a // from etcd + go.etcd.io/etcd/api/v3 => github.com/openshift/etcd/api/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 // from etcd + go.etcd.io/etcd/client/pkg/v3 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 // from etcd + go.etcd.io/etcd/client/v3 => github.com/openshift/etcd/client/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 // from etcd ) diff --git a/go.sum b/go.sum index ae3e0d86ec..169f209ad9 100644 --- a/go.sum +++ b/go.sum @@ -255,12 +255,12 @@ github.com/openshift/client-go v0.0.0-20250131180035-f7ec47e2d87a h1:duO3JMrUOqV github.com/openshift/client-go v0.0.0-20250131180035-f7ec47e2d87a/go.mod h1:Qw3ThpzVZ0bfTILpBNYg4LGyjtNxfyCiGh/uDLOOTP8= github.com/openshift/cluster-policy-controller v0.0.0-20250310152427-748524784686 h1:nGyo9X9HcK6qs6jmFKFZgzkTl0b1adD0VumMCjDXzBA= github.com/openshift/cluster-policy-controller v0.0.0-20250310152427-748524784686/go.mod h1:O5k9FNYPPYp5xt+1batZMRgfXihz26l9pGKKUfLoHJA= -github.com/openshift/etcd/api/v3 v3.5.1-0.20250411172207-a5421dfe551a h1:xPuKS5jHdAvz/ZnVk1Zib4BFQfQvWGE81l9naQ8+3ok= -github.com/openshift/etcd/api/v3 v3.5.1-0.20250411172207-a5421dfe551a/go.mod h1:c3aH5wcvXv/9dqIw2Y810LDXJfhSYdHQ0vxmP3CCHVY= -github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250411172207-a5421dfe551a h1:S+zAlmcKTX+oFurjzztf0+89ySajZpWq9KbjN4VtEB0= -github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250411172207-a5421dfe551a/go.mod h1:BgqT/IXPjK9NkeSDjbzwsHySX3yIle2+ndz28nVsjUs= -github.com/openshift/etcd/client/v3 v3.5.1-0.20250411172207-a5421dfe551a h1:4u4yoryqRDNV+oAR5F+MABA3QWmHNo0WB5JmzQn/Uik= -github.com/openshift/etcd/client/v3 v3.5.1-0.20250411172207-a5421dfe551a/go.mod h1:mFYy67IOqmbRf/kRUvsHixzo3iG+1OF2W2+jVIQRAnU= +github.com/openshift/etcd/api/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 h1:ZOmc6Ds7POjfZS/zEoU9QPgq5o0Ng6MjFYrvHePJXTs= +github.com/openshift/etcd/api/v3 v3.5.1-0.20250829104148-eb0acd5c92a8/go.mod h1:c3aH5wcvXv/9dqIw2Y810LDXJfhSYdHQ0vxmP3CCHVY= +github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 h1:jC9Oi+1QXiuRycgbK7JpLklUpx1QqGPZbaCC7jihXYg= +github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250829104148-eb0acd5c92a8/go.mod h1:BgqT/IXPjK9NkeSDjbzwsHySX3yIle2+ndz28nVsjUs= +github.com/openshift/etcd/client/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 h1:MDo/a7/dMfpRwRf7of4h7Y6cxXXExeJi93sSgj5rteA= +github.com/openshift/etcd/client/v3 v3.5.1-0.20250829104148-eb0acd5c92a8/go.mod h1:mFYy67IOqmbRf/kRUvsHixzo3iG+1OF2W2+jVIQRAnU= github.com/openshift/kubernetes-kube-storage-version-migrator v0.0.3-0.20250805115014-fdef30c84b3d h1:IWDq8F80qkyfhXE3itWqLbcBr2Y32fPQ9XoH5zwRh0w= github.com/openshift/kubernetes-kube-storage-version-migrator v0.0.3-0.20250805115014-fdef30c84b3d/go.mod h1:X3tzGhATM+qhiiIRdoBW/rDhXylEM0IltBRRDUG8AWk= github.com/openshift/library-go v0.0.0-20250217144305-c917e6d528b2 h1:y6VYcutLuJEXDeE/EUMYMcJWyhlxuSg8DbLBajMBJy8= diff --git a/packaging/crio.conf.d/10-microshift_amd64.conf b/packaging/crio.conf.d/10-microshift_amd64.conf index 46236bd026..6add14da90 100644 --- a/packaging/crio.conf.d/10-microshift_amd64.conf +++ b/packaging/crio.conf.d/10-microshift_amd64.conf @@ -24,6 +24,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:696bcf0b046c5d2fa8e9a92055366f7fde226a9b782ceeb6bc8994d410cc534e" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:85614e43f83fa021bc74d82b72a600071c288db6cde2555c195a1284346f8624" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/packaging/crio.conf.d/10-microshift_arm64.conf b/packaging/crio.conf.d/10-microshift_arm64.conf index 445dbbec2e..06d4be901c 100644 --- a/packaging/crio.conf.d/10-microshift_arm64.conf +++ b/packaging/crio.conf.d/10-microshift_arm64.conf @@ -24,6 +24,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2cc9810b1b08720ef659c0e2fc931c3e9211993cf5011ba133e83eca724afc64" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:daae5c3f56757be9be621ce5f531a269d4da5a464053582623ce20776dd6df68" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index e48c599a56..97a8e64329 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,20 +1,264 @@ -- cluster-kube-apiserver-operator embedded-component e2ad6c193a3a0ee71a2bd128d5a4692ad8a6776a to f9683e5669a03f0b93cf555d2942a04f3a2c5912 - - 47fb4aa 2025-08-20T09:34:13+00:00 certrotation: ensure that all rotated secrets/configmaps have RefreshOnlyWhenExpired set - - 7f8eb29 2025-08-14T05:28:52+00:00 certrotationcontroller: extend node-system-admin-signer lifetime - -- kubernetes embedded-component 97b7f2e2ecbbf844812a7158086030bfff2bd324 to 2f14046818a7ff3ae3e9da76376991698d7188f1 - - 558b4826c 2025-08-25T09:51:25-04:00 UPSTREAM: : hack/update-vendor.sh, make update and update image - - 2e83bc4bf 2025-08-13T14:21:20+00:00 Release commit for Kubernetes v1.32.8 - - 21b02fabc 2025-08-10T15:09:08-07:00 do not allow the node to update it's owner reference - - e497bc6fe 2025-07-28T16:35:24-07:00 remove failing test that depends on expired credential, remove credential, add TODOs - - a1bc55e31 2025-07-15T18:23:11+00:00 Update CHANGELOG/CHANGELOG-1.32.md for v1.32.7 - - cb4682131 2025-07-11T20:39:18+02:00 Bump images, dependencies and versions to go 1.23.11 and distroless iptables - -- kubernetes image-amd64 97b7f2e2ecbbf844812a7158086030bfff2bd324 to 2f14046818a7ff3ae3e9da76376991698d7188f1 - - 558b4826c 2025-08-25T09:51:25-04:00 UPSTREAM: : hack/update-vendor.sh, make update and update image - - 2e83bc4bf 2025-08-13T14:21:20+00:00 Release commit for Kubernetes v1.32.8 - - 21b02fabc 2025-08-10T15:09:08-07:00 do not allow the node to update it's owner reference - - e497bc6fe 2025-07-28T16:35:24-07:00 remove failing test that depends on expired credential, remove credential, add TODOs - - a1bc55e31 2025-07-15T18:23:11+00:00 Update CHANGELOG/CHANGELOG-1.32.md for v1.32.7 - - cb4682131 2025-07-11T20:39:18+02:00 Bump images, dependencies and versions to go 1.23.11 and distroless iptables +- api embedded-component 1c614f54419fa23266ae2f6660b9034893749079 to c9f500dc7ca317fcb4028b172a8c638305976e7f + - d68a59ca 2025-07-28T16:09:34+05:30 Lift 4.19 feature gate for RouteAdvertisements + +- cluster-kube-apiserver-operator embedded-component f9683e5669a03f0b93cf555d2942a04f3a2c5912 to 80c1fc3d81e3392ef7b056c8833185c8bdf6f599 + - ed836a1 2025-08-05T16:03:13+08:00 [release-4.19] Set goaway chance to 0.001 + +- cluster-network-operator embedded-component bc62016ccc39a66406caf5110ac7140f285fb264 to bc27b42976486bd395fdbb0f4fbc9a5a8499be2c + - c8c1f37 2025-08-06T13:52:41+00:00 Update CNO reviwers/approvers + +- etcd embedded-component a5421dfe551a2e9c911a75062a4cdeb7473f5c26 to eb0acd5c92a830da18d7d0d789f7a8ecac860620 + - e33cbd2a 2025-08-29T06:28:57+00:00 Revert "OCPBUGS-52181: Ensure cluster id changes during force-new-cluster" + +- kubernetes embedded-component 2f14046818a7ff3ae3e9da76376991698d7188f1 to 169f654a6b0bc3dcca620eda17240b86c578cb10 + - 033cd87cf 2025-08-29T08:11:07+00:00 UPSTREAM: : Revert "Merge pull request #2412 from dusk125/rebase-v1.32.8" + +- machine-config-operator embedded-component 366ecc0d61006b46a8e05cddb8dfffd5e347a09b to 1cc3b020cb2d5cdcb9135de39ddbd0ddd494495f + - 0be59603 2025-08-21T09:00:51-04:00 tests: update OnClusterBuild tests to have MOSC and MCPs with matching names + - ef8b5f63 2025-07-28T14:09:53+00:00 fixing comment styles + - 7cb5b975 2025-07-28T14:09:53+00:00 fixing noisy logs for MCN + +- openshift-controller-manager embedded-component a672407574befa9faf6a56078d6852229701f8c6 to 5b3063ff149f290bebca0783fc508dfbf07689a5 + - 2568a3b 2025-05-22T12:01:27+00:00 legacy image pull secret rollback controller + - 2f75d7d 2025-05-22T12:01:27+00:00 introduce rollback controllers + +- ovn-kubernetes image-amd64 1e27e7a22ddb5a30fe5ae7ccb8e1d3967bc645ec to 6ff66743c4fbd0c413cf4bb9933a1eb510aa42e4 + - a4925460 2025-08-25T16:20:27+02:00 Fix getHostNamespaceAddressesForNode error wrapping + - 0e52a994 2025-08-21T09:11:31-07:00 incorrect CNI result for primary UDN is returned in the unprivileged mode + - d074c6c9 2025-08-20T16:21:53-04:00 Ensure that UDN updates update NAD annotations correctly + - 0a2536b1 2025-08-20T20:59:54+02:00 fix: gw accelerated interface - use gwInterfaceRep instead of bridge(LOCAL) + - d5e0632b 2025-08-20T13:39:16+02:00 Enable CEL validation for subnet overlaps for Layer2 (C)UDN + - fa6f7d29 2025-08-20T13:39:16+02:00 Allow for allocating all valid host IPs from ReservedSubnets + - 10338ca7 2025-08-20T13:39:16+02:00 Fix excludeSubnets bug found by rabbitai + - 49ae5139 2025-08-20T13:39:16+02:00 Refactor ipallocator.AddOrUpdateSubnet to take a struct + - ad5bb221 2025-08-20T13:39:16+02:00 Refactor parseSubnets in multi_network.go + - 9e3eb36b 2025-08-20T13:39:16+02:00 Guard new API fields support with feature flag + - 3c6b2e35 2025-08-20T13:39:16+02:00 E2E: Add tests for custom primary L2 UDNs + - b8f61b06 2025-08-20T13:39:16+02:00 E2E: Add a test variant for the newly added API fields + - eb6032d6 2025-08-20T13:39:16+02:00 E2E: Refactor network creation to always filter the supported networks + - 0988d273 2025-08-20T13:39:16+02:00 E2E: Rename joinCIDRs to joinStrings + - f1406815 2025-08-20T13:39:12+02:00 Layer2 UDN: Add support for InfrastructureSubnets + - 64540ab2 2025-08-20T13:31:19+02:00 Layer2 UDN: Add support for DefaultGatewayIPs + - 841d398c 2025-08-20T13:31:19+02:00 Layer2 UDN: Add support for ReservedSubnets + - 6d46691f 2025-08-20T13:31:19+02:00 Extract static IP allocator into a separate interface + - 15223486 2025-08-20T13:31:18+02:00 Add Layer2 (Cluster) UDN API fields + - 742041be 2025-08-19T17:51:08+02:00 Refactor: Rename config flag routed-udn-isolation to advertised-udn-isolation-mode + - 28c67eac 2025-08-19T17:51:08+02:00 node: refactor MEG/Advertised UDN ingress and egress flows + - 01fccb76 2025-08-19T17:51:08+02:00 Set nodes default gateway to the external FRR router for isolation loose mode + - b1c9b281 2025-08-19T17:51:08+02:00 Add CI lane and E2E to test loosly isolated advertised UDNs + - 636eaeb8 2025-08-19T17:51:08+02:00 Skip adding drop ACLs when Routed UDN Isolation is disabled + - e1ac3994 2025-08-19T17:51:08+02:00 Provide global routed udn isolation option + - 3c082359 2025-08-19T08:47:48+02:00 Revert "Skip session affinity conformance test" + - 6222ec8e 2025-08-17T12:07:55-07:00 fix d/s merge conflict + - bf174d67 2025-08-15T22:54:55-07:00 support unprivileged mode CNI for plumbing the UDN primary interface + - d0e0e285 2025-08-15T22:54:55-07:00 Add VF device support for primary UDN Pod interface + - b05875b1 2025-08-15T21:18:52-07:00 SDN-3674 Copy annotations from UDN to NAD + - 13291aef 2025-08-14T18:30:20-04:00 kind.sh: Allow to override duration to sleep at the end + - e4d2b281 2025-08-14T21:24:09+02:00 [node_allocator] Add stale annotation cleanup. + - 0bbfdd83 2025-08-14T21:24:09+02:00 [e2e fix] Parse JoinIPs from the NAD spec instead of annotation. + - 0e565af2 2025-08-14T21:24:09+02:00 Fix unit test: egressIP. + - 04cc24fa 2025-08-14T21:24:09+02:00 Fix unit test: use node-id annotation instead of OVNNodeGRLRPAddrs. + - f0dd3271 2025-08-14T21:24:08+02:00 [podannotation] Move AddRoutesGatewayIP to the allocator/pod. + - 6cbf8336 2025-08-14T21:24:08+02:00 [node/anno] Stop using OVNNodeGRLRPAddrs annotaion. + - 7db6c992 2025-08-14T13:06:05+00:00 Reapply "Add the IP rule for a UDN only when it is advertised to the default VRF" + - bcfce1bf 2025-08-14T13:06:05+00:00 SNAT traffic from advertised UDNs towards UDN enabled default services + - e64f5408 2025-08-13T15:12:38-04:00 Fix mgmt port allocation with VFs provided as resource for DPU + - 1aa67349 2025-08-13T14:33:24-04:00 Fix Node Admission Webhook for OVNNodePrimaryDPUHostAddr annotation + - 64f16133 2025-08-13T11:10:07-04:00 Adds logging for informer waitForCacheSync + - f5cc61e6 2025-08-13T12:30:32+02:00 ci: enable preconfigured-udn-addresses for all interconnect network-segmentation jobs + - 4a544135 2025-08-13T12:30:32+02:00 Prevent changes to default-network pod annotation + - 14175f20 2025-08-13T09:46:15+02:00 (C)UDN Controller: use rate limiting instead of delayed addition, do not update conditions unnecessarily + - c3ddbad3 2025-08-13T09:46:15+02:00 Prevent UDN deletion race condition by checking controller state + - 5236890c 2025-08-12T22:48:47-07:00 add back the removed OCP hack from d/s merge + - 4ea40ef3 2025-08-12T22:23:24-07:00 Reapply "OCPBUGS-56202: DownStream Merge [07-25-2025]" + - 519a160e 2025-08-12T10:41:16+01:00 crd, virt: consume an updated IPAMClaim version + - 5e636ad4 2025-08-11T16:47:11-04:00 Revert "OCPBUGS-56202: DownStream Merge [07-25-2025]" + - 149d92f9 2025-08-11T20:30:27+02:00 Make upgrade jobs run IC=true always + - f1355489 2025-08-11T13:10:08+02:00 Update makefile go version + - d2cffb87 2025-08-11T09:55:18+02:00 Allow CI workflow dispatcher on release-1.1 branch + - 32d56b74 2025-08-08T20:53:42-04:00 Revert "Skip conformance tests for upgrade CI" This reverts commit e307c17fddf5da02f8df0aa3064dbad88b4c0f89. + - cf9c8a4a 2025-08-08T15:01:22-04:00 Fix bugs in the kind-helm script + - 4e44c1b8 2025-08-08T15:01:22-04:00 Make Interconnect the KIND default. + - 856f027c 2025-08-08T18:09:53+02:00 Update helm-chat version to 1.1.0 + - 495a3eb2 2025-08-08T18:09:53+02:00 Change OVN_DAEMONSET_VERSION to 1.1.0 + - e04a14d0 2025-08-08T18:09:53+02:00 OVN-Kubernetes 1.1 release + - 311ebbd9 2025-08-08T17:07:10+01:00 chore: Bump libovsdb to v0.8.1 + - ba74bfbf 2025-08-08T11:11:16-04:00 Upstreams BGP enhancement + - 4d79dc32 2025-08-08T16:27:54+02:00 Restore "Fixes FDB learning" commit after bridge refactoring + - 0db72a02 2025-08-08T08:31:33+00:00 Add BGP docs + - ee7d6f30 2025-08-07T16:29:10-04:00 > test/conformance go get k8s.io/kubernetes@v1.33.3 go mod tidy make conformance + - e307c17f 2025-08-07T16:28:44-04:00 Skip conformance tests for upgrade CI test/scripts/e2e-kind.sh - ephemeral containers, relaxed dns search validation and named port services. + - 4b75652d 2025-08-07T16:25:55-04:00 egressip: fix race condition when a node becomes reachable + - b6813459 2025-08-07T16:25:34-04:00 K8s rebase 1.33.3 > test/e2e go get k8s.io/kubernetes@v1.33.3 go get k8s.io/api@v0.33.3 go get k8s.io/client-go@v0.33.3 go get k8s.io/pod-security-admission@v0.33.3 go get k8s.io/kubectl@v0.33.3 go get sigs.k8s.io/controller-runtime@v0.21.0 go get k8s.io/mount-utils@v0.33.3 go get k8s.io/cri-client@v0.33.3 go get k8s.io/dynamic-resource-allocation@v0.33.3 go get k8s.io/kube-scheduler@v0.33.3 go get k8s.io/csi-translation-lib@v0.33.3 go get k8s.io/cloud-provider@v0.33.3 go get k8s.io/controller-manager@v0.33.3 go get sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.33.0 go mod tidy + - afad0c8b 2025-08-07T14:59:32-04:00 K8s rebase 1.33.3 > go-controller + - b1864a44 2025-08-07T16:25:04+02:00 [kind] Use control-plane node IP instead of DNS name. + - b2fa79a5 2025-08-07T10:13:36-04:00 Add config file for coderabbit AI bot + - 2a0cd67d 2025-08-07T14:11:14+02:00 nit-fix: The filename point to UDN docs is wrong + - 0a387dcb 2025-08-06T16:07:04+02:00 Bump OVN to 25.03.0-73.el9fdp for OCP and 25.03.1-36.el9s for OKD + - dda44c83 2025-08-06T12:13:47+02:00 ovnkube: Do not exit early on ovs CLI initialization errors + - bd7ebabf 2025-08-06T11:49:21+02:00 Add UDN user facing docs + - a5b97994 2025-08-05T17:32:21+00:00 kind.sh: Don't build go-controller twice + - e18ed9ae 2025-08-04T11:16:45-04:00 docs: remove dead link to topology google document + - 94944843 2025-08-04T11:12:50+02:00 fixes fedora image build script + - eaf91a72 2025-08-01T17:42:14-07:00 fix flow update error + - c0fad85f 2025-08-01T17:42:32+05:30 Remove NetworkUnavailable condition from node + - d49c46c0 2025-08-01T13:17:49+02:00 gh, actions: Add multihoming + net-seg + static IPs to test workflow + - a3de8680 2025-08-01T13:00:27+02:00 allocator, pod: Validate consistency of ipRequest and ipamClaims IPs + - d9f26e45 2025-08-01T13:00:27+02:00 e2e: Add happy test + - 5679396a 2025-08-01T13:00:27+02:00 e2e, kv: Add p-udn test for static ip and mac + - 6b76f22e 2025-08-01T13:00:27+02:00 gh, actions: Enable custon net conf for net-seg and virt + - 532d9919 2025-08-01T13:00:27+02:00 allocator: Allow static IP with ipam + - 13bbcf26 2025-08-01T13:00:27+02:00 udn, util: Add ip, mac and ipamclaimref request to active network + - fa7558fc 2025-08-01T12:57:44+02:00 go, deps: Pin CNI library to v1.2.3 to prevent OVN-K parsing issues + - 5180a461 2025-08-01T12:40:10+02:00 bump: network-attachment-definition-client 1.7.7 + - 8eb02f9f 2025-07-31T14:16:37+05:30 dnsnameresolver: run tests on dualstack instead of IPv6 only support + - 6241b279 2025-07-31T14:15:48+05:30 dnsnameresolver: add e2e test to verify connectivity after DNS name TTL expiry + - 03ccdf98 2025-07-30T11:03:44-07:00 Bump ubuntu to 25.04 + - 4780a5e2 2025-07-30T21:52:27+05:30 dnsnameresolver: add unit test for DNSNameResolver resource update + - 575a08cb 2025-07-30T18:58:26+05:30 dnsnameresolver: fix ever growing address set + - b85c0f5f 2025-07-30T11:14:06+01:00 chore: Update libovsdb bindings to ovn 25.03 + - cc6fe11a 2025-07-29T13:15:48+01:00 udn, pre assigned port net ids: provision the default net NAD CR + - 9b21fc06 2025-07-29T11:09:21+02:00 Change OVN-Kubernetes community meeting time + - e8fc7644 2025-07-28T21:09:26+02:00 UDN,L2: UDN pod in networkA to nodePort on networkB works for IPV6! + - bcd06566 2025-07-28T16:38:13+02:00 Bump OVN to 25.03 + - 5056d4da 2025-07-28T16:09:49+02:00 Fix CreateOrUpdateNATs to update non-default values + - 0635caef 2025-07-28T16:09:49+02:00 cleanupStalePodSNATs: Don't blow all SNATs for advertised Networks + - 659010cf 2025-07-28T16:09:49+02:00 Add all remote nodeIPs for the PMTUD/BGP remote node NFT set + - 8f5b3d46 2025-07-28T16:09:49+02:00 Change priority of ovn-kube-local-gw-masq to 101 + - 10ea4ab4 2025-07-28T16:09:49+02:00 Add masqueradeIP flows back for advertised networks in breth0 + - 8a65723f 2025-07-28T16:09:49+02:00 Add E2E's for these traffic flows + - 04d48c31 2025-07-28T16:09:49+02:00 BGP, default network, LGW: Conditionally Masquerade + - a67872dc 2025-07-28T16:09:49+02:00 rename/reuse pmtud nft sets to remote-node-ips + - 501bcbff 2025-07-28T16:09:49+02:00 Convert LGW postrouting rules to NFT + - f32731c2 2025-07-28T16:09:49+02:00 BGP,UDN,LGW: Ensure both masqueradeIP and podsubnet ip rules are present + - 15adf65d 2025-07-28T16:09:49+02:00 Advertised networks: SNAT Traffic to nodeIP + - ea1b6a01 2025-07-28T16:09:48+02:00 Don't use match as a criteria for isEquivalentMatch + - 410550fb 2025-07-28T16:09:48+02:00 Remove support for receiving advertised routes on nodes + - df487d26 2025-07-26T02:14:40-07:00 UDN: verify specific error messages in NAD rendering unit tests + - 9a6e8e33 2025-06-30T05:01:48-04:00 ovnkube.sh: use node name as zone as default if ovn-ic + - c770ecde 2025-06-20T11:26:29+00:00 Updating ovn-kubernetes-microshift-container image to be consistent with ART for 4.20 Reconciling with https://github.com/openshift/ocp-build-data/tree/8f77fc475c95f9d98c348deb2feb88f5952d7357/images/ovn-kubernetes-microshift.yml + - ffadcff5 2025-06-20T11:12:09+00:00 Updating ose-ovn-kubernetes-container image to be consistent with ART for 4.20 Reconciling with https://github.com/openshift/ocp-build-data/tree/8f77fc475c95f9d98c348deb2feb88f5952d7357/images/ose-ovn-kubernetes.yml + +- kubernetes image-amd64 2f14046818a7ff3ae3e9da76376991698d7188f1 to 169f654a6b0bc3dcca620eda17240b86c578cb10 + - 033cd87cf 2025-08-29T08:11:07+00:00 UPSTREAM: : Revert "Merge pull request #2412 from dusk125/rebase-v1.32.8" + +- ovn-kubernetes image-arm64 1e27e7a22ddb5a30fe5ae7ccb8e1d3967bc645ec to 6ff66743c4fbd0c413cf4bb9933a1eb510aa42e4 + - a4925460 2025-08-25T16:20:27+02:00 Fix getHostNamespaceAddressesForNode error wrapping + - 0e52a994 2025-08-21T09:11:31-07:00 incorrect CNI result for primary UDN is returned in the unprivileged mode + - d074c6c9 2025-08-20T16:21:53-04:00 Ensure that UDN updates update NAD annotations correctly + - 0a2536b1 2025-08-20T20:59:54+02:00 fix: gw accelerated interface - use gwInterfaceRep instead of bridge(LOCAL) + - d5e0632b 2025-08-20T13:39:16+02:00 Enable CEL validation for subnet overlaps for Layer2 (C)UDN + - fa6f7d29 2025-08-20T13:39:16+02:00 Allow for allocating all valid host IPs from ReservedSubnets + - 10338ca7 2025-08-20T13:39:16+02:00 Fix excludeSubnets bug found by rabbitai + - 49ae5139 2025-08-20T13:39:16+02:00 Refactor ipallocator.AddOrUpdateSubnet to take a struct + - ad5bb221 2025-08-20T13:39:16+02:00 Refactor parseSubnets in multi_network.go + - 9e3eb36b 2025-08-20T13:39:16+02:00 Guard new API fields support with feature flag + - 3c6b2e35 2025-08-20T13:39:16+02:00 E2E: Add tests for custom primary L2 UDNs + - b8f61b06 2025-08-20T13:39:16+02:00 E2E: Add a test variant for the newly added API fields + - eb6032d6 2025-08-20T13:39:16+02:00 E2E: Refactor network creation to always filter the supported networks + - 0988d273 2025-08-20T13:39:16+02:00 E2E: Rename joinCIDRs to joinStrings + - f1406815 2025-08-20T13:39:12+02:00 Layer2 UDN: Add support for InfrastructureSubnets + - 64540ab2 2025-08-20T13:31:19+02:00 Layer2 UDN: Add support for DefaultGatewayIPs + - 841d398c 2025-08-20T13:31:19+02:00 Layer2 UDN: Add support for ReservedSubnets + - 6d46691f 2025-08-20T13:31:19+02:00 Extract static IP allocator into a separate interface + - 15223486 2025-08-20T13:31:18+02:00 Add Layer2 (Cluster) UDN API fields + - 742041be 2025-08-19T17:51:08+02:00 Refactor: Rename config flag routed-udn-isolation to advertised-udn-isolation-mode + - 28c67eac 2025-08-19T17:51:08+02:00 node: refactor MEG/Advertised UDN ingress and egress flows + - 01fccb76 2025-08-19T17:51:08+02:00 Set nodes default gateway to the external FRR router for isolation loose mode + - b1c9b281 2025-08-19T17:51:08+02:00 Add CI lane and E2E to test loosly isolated advertised UDNs + - 636eaeb8 2025-08-19T17:51:08+02:00 Skip adding drop ACLs when Routed UDN Isolation is disabled + - e1ac3994 2025-08-19T17:51:08+02:00 Provide global routed udn isolation option + - 3c082359 2025-08-19T08:47:48+02:00 Revert "Skip session affinity conformance test" + - 6222ec8e 2025-08-17T12:07:55-07:00 fix d/s merge conflict + - bf174d67 2025-08-15T22:54:55-07:00 support unprivileged mode CNI for plumbing the UDN primary interface + - d0e0e285 2025-08-15T22:54:55-07:00 Add VF device support for primary UDN Pod interface + - b05875b1 2025-08-15T21:18:52-07:00 SDN-3674 Copy annotations from UDN to NAD + - 13291aef 2025-08-14T18:30:20-04:00 kind.sh: Allow to override duration to sleep at the end + - e4d2b281 2025-08-14T21:24:09+02:00 [node_allocator] Add stale annotation cleanup. + - 0bbfdd83 2025-08-14T21:24:09+02:00 [e2e fix] Parse JoinIPs from the NAD spec instead of annotation. + - 0e565af2 2025-08-14T21:24:09+02:00 Fix unit test: egressIP. + - 04cc24fa 2025-08-14T21:24:09+02:00 Fix unit test: use node-id annotation instead of OVNNodeGRLRPAddrs. + - f0dd3271 2025-08-14T21:24:08+02:00 [podannotation] Move AddRoutesGatewayIP to the allocator/pod. + - 6cbf8336 2025-08-14T21:24:08+02:00 [node/anno] Stop using OVNNodeGRLRPAddrs annotaion. + - 7db6c992 2025-08-14T13:06:05+00:00 Reapply "Add the IP rule for a UDN only when it is advertised to the default VRF" + - bcfce1bf 2025-08-14T13:06:05+00:00 SNAT traffic from advertised UDNs towards UDN enabled default services + - e64f5408 2025-08-13T15:12:38-04:00 Fix mgmt port allocation with VFs provided as resource for DPU + - 1aa67349 2025-08-13T14:33:24-04:00 Fix Node Admission Webhook for OVNNodePrimaryDPUHostAddr annotation + - 64f16133 2025-08-13T11:10:07-04:00 Adds logging for informer waitForCacheSync + - f5cc61e6 2025-08-13T12:30:32+02:00 ci: enable preconfigured-udn-addresses for all interconnect network-segmentation jobs + - 4a544135 2025-08-13T12:30:32+02:00 Prevent changes to default-network pod annotation + - 14175f20 2025-08-13T09:46:15+02:00 (C)UDN Controller: use rate limiting instead of delayed addition, do not update conditions unnecessarily + - c3ddbad3 2025-08-13T09:46:15+02:00 Prevent UDN deletion race condition by checking controller state + - 5236890c 2025-08-12T22:48:47-07:00 add back the removed OCP hack from d/s merge + - 4ea40ef3 2025-08-12T22:23:24-07:00 Reapply "OCPBUGS-56202: DownStream Merge [07-25-2025]" + - 519a160e 2025-08-12T10:41:16+01:00 crd, virt: consume an updated IPAMClaim version + - 5e636ad4 2025-08-11T16:47:11-04:00 Revert "OCPBUGS-56202: DownStream Merge [07-25-2025]" + - 149d92f9 2025-08-11T20:30:27+02:00 Make upgrade jobs run IC=true always + - f1355489 2025-08-11T13:10:08+02:00 Update makefile go version + - d2cffb87 2025-08-11T09:55:18+02:00 Allow CI workflow dispatcher on release-1.1 branch + - 32d56b74 2025-08-08T20:53:42-04:00 Revert "Skip conformance tests for upgrade CI" This reverts commit e307c17fddf5da02f8df0aa3064dbad88b4c0f89. + - cf9c8a4a 2025-08-08T15:01:22-04:00 Fix bugs in the kind-helm script + - 4e44c1b8 2025-08-08T15:01:22-04:00 Make Interconnect the KIND default. + - 856f027c 2025-08-08T18:09:53+02:00 Update helm-chat version to 1.1.0 + - 495a3eb2 2025-08-08T18:09:53+02:00 Change OVN_DAEMONSET_VERSION to 1.1.0 + - e04a14d0 2025-08-08T18:09:53+02:00 OVN-Kubernetes 1.1 release + - 311ebbd9 2025-08-08T17:07:10+01:00 chore: Bump libovsdb to v0.8.1 + - ba74bfbf 2025-08-08T11:11:16-04:00 Upstreams BGP enhancement + - 4d79dc32 2025-08-08T16:27:54+02:00 Restore "Fixes FDB learning" commit after bridge refactoring + - 0db72a02 2025-08-08T08:31:33+00:00 Add BGP docs + - ee7d6f30 2025-08-07T16:29:10-04:00 > test/conformance go get k8s.io/kubernetes@v1.33.3 go mod tidy make conformance + - e307c17f 2025-08-07T16:28:44-04:00 Skip conformance tests for upgrade CI test/scripts/e2e-kind.sh - ephemeral containers, relaxed dns search validation and named port services. + - 4b75652d 2025-08-07T16:25:55-04:00 egressip: fix race condition when a node becomes reachable + - b6813459 2025-08-07T16:25:34-04:00 K8s rebase 1.33.3 > test/e2e go get k8s.io/kubernetes@v1.33.3 go get k8s.io/api@v0.33.3 go get k8s.io/client-go@v0.33.3 go get k8s.io/pod-security-admission@v0.33.3 go get k8s.io/kubectl@v0.33.3 go get sigs.k8s.io/controller-runtime@v0.21.0 go get k8s.io/mount-utils@v0.33.3 go get k8s.io/cri-client@v0.33.3 go get k8s.io/dynamic-resource-allocation@v0.33.3 go get k8s.io/kube-scheduler@v0.33.3 go get k8s.io/csi-translation-lib@v0.33.3 go get k8s.io/cloud-provider@v0.33.3 go get k8s.io/controller-manager@v0.33.3 go get sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.33.0 go mod tidy + - afad0c8b 2025-08-07T14:59:32-04:00 K8s rebase 1.33.3 > go-controller + - b1864a44 2025-08-07T16:25:04+02:00 [kind] Use control-plane node IP instead of DNS name. + - b2fa79a5 2025-08-07T10:13:36-04:00 Add config file for coderabbit AI bot + - 2a0cd67d 2025-08-07T14:11:14+02:00 nit-fix: The filename point to UDN docs is wrong + - 0a387dcb 2025-08-06T16:07:04+02:00 Bump OVN to 25.03.0-73.el9fdp for OCP and 25.03.1-36.el9s for OKD + - dda44c83 2025-08-06T12:13:47+02:00 ovnkube: Do not exit early on ovs CLI initialization errors + - bd7ebabf 2025-08-06T11:49:21+02:00 Add UDN user facing docs + - a5b97994 2025-08-05T17:32:21+00:00 kind.sh: Don't build go-controller twice + - e18ed9ae 2025-08-04T11:16:45-04:00 docs: remove dead link to topology google document + - 94944843 2025-08-04T11:12:50+02:00 fixes fedora image build script + - eaf91a72 2025-08-01T17:42:14-07:00 fix flow update error + - c0fad85f 2025-08-01T17:42:32+05:30 Remove NetworkUnavailable condition from node + - d49c46c0 2025-08-01T13:17:49+02:00 gh, actions: Add multihoming + net-seg + static IPs to test workflow + - a3de8680 2025-08-01T13:00:27+02:00 allocator, pod: Validate consistency of ipRequest and ipamClaims IPs + - d9f26e45 2025-08-01T13:00:27+02:00 e2e: Add happy test + - 5679396a 2025-08-01T13:00:27+02:00 e2e, kv: Add p-udn test for static ip and mac + - 6b76f22e 2025-08-01T13:00:27+02:00 gh, actions: Enable custon net conf for net-seg and virt + - 532d9919 2025-08-01T13:00:27+02:00 allocator: Allow static IP with ipam + - 13bbcf26 2025-08-01T13:00:27+02:00 udn, util: Add ip, mac and ipamclaimref request to active network + - fa7558fc 2025-08-01T12:57:44+02:00 go, deps: Pin CNI library to v1.2.3 to prevent OVN-K parsing issues + - 5180a461 2025-08-01T12:40:10+02:00 bump: network-attachment-definition-client 1.7.7 + - 8eb02f9f 2025-07-31T14:16:37+05:30 dnsnameresolver: run tests on dualstack instead of IPv6 only support + - 6241b279 2025-07-31T14:15:48+05:30 dnsnameresolver: add e2e test to verify connectivity after DNS name TTL expiry + - 03ccdf98 2025-07-30T11:03:44-07:00 Bump ubuntu to 25.04 + - 4780a5e2 2025-07-30T21:52:27+05:30 dnsnameresolver: add unit test for DNSNameResolver resource update + - 575a08cb 2025-07-30T18:58:26+05:30 dnsnameresolver: fix ever growing address set + - b85c0f5f 2025-07-30T11:14:06+01:00 chore: Update libovsdb bindings to ovn 25.03 + - cc6fe11a 2025-07-29T13:15:48+01:00 udn, pre assigned port net ids: provision the default net NAD CR + - 9b21fc06 2025-07-29T11:09:21+02:00 Change OVN-Kubernetes community meeting time + - e8fc7644 2025-07-28T21:09:26+02:00 UDN,L2: UDN pod in networkA to nodePort on networkB works for IPV6! + - bcd06566 2025-07-28T16:38:13+02:00 Bump OVN to 25.03 + - 5056d4da 2025-07-28T16:09:49+02:00 Fix CreateOrUpdateNATs to update non-default values + - 0635caef 2025-07-28T16:09:49+02:00 cleanupStalePodSNATs: Don't blow all SNATs for advertised Networks + - 659010cf 2025-07-28T16:09:49+02:00 Add all remote nodeIPs for the PMTUD/BGP remote node NFT set + - 8f5b3d46 2025-07-28T16:09:49+02:00 Change priority of ovn-kube-local-gw-masq to 101 + - 10ea4ab4 2025-07-28T16:09:49+02:00 Add masqueradeIP flows back for advertised networks in breth0 + - 8a65723f 2025-07-28T16:09:49+02:00 Add E2E's for these traffic flows + - 04d48c31 2025-07-28T16:09:49+02:00 BGP, default network, LGW: Conditionally Masquerade + - a67872dc 2025-07-28T16:09:49+02:00 rename/reuse pmtud nft sets to remote-node-ips + - 501bcbff 2025-07-28T16:09:49+02:00 Convert LGW postrouting rules to NFT + - f32731c2 2025-07-28T16:09:49+02:00 BGP,UDN,LGW: Ensure both masqueradeIP and podsubnet ip rules are present + - 15adf65d 2025-07-28T16:09:49+02:00 Advertised networks: SNAT Traffic to nodeIP + - ea1b6a01 2025-07-28T16:09:48+02:00 Don't use match as a criteria for isEquivalentMatch + - 410550fb 2025-07-28T16:09:48+02:00 Remove support for receiving advertised routes on nodes + - df487d26 2025-07-26T02:14:40-07:00 UDN: verify specific error messages in NAD rendering unit tests + - 9a6e8e33 2025-06-30T05:01:48-04:00 ovnkube.sh: use node name as zone as default if ovn-ic + - c770ecde 2025-06-20T11:26:29+00:00 Updating ovn-kubernetes-microshift-container image to be consistent with ART for 4.20 Reconciling with https://github.com/openshift/ocp-build-data/tree/8f77fc475c95f9d98c348deb2feb88f5952d7357/images/ovn-kubernetes-microshift.yml + - ffadcff5 2025-06-20T11:12:09+00:00 Updating ose-ovn-kubernetes-container image to be consistent with ART for 4.20 Reconciling with https://github.com/openshift/ocp-build-data/tree/8f77fc475c95f9d98c348deb2feb88f5952d7357/images/ose-ovn-kubernetes.yml + +- kubernetes image-arm64 2f14046818a7ff3ae3e9da76376991698d7188f1 to 169f654a6b0bc3dcca620eda17240b86c578cb10 + - 033cd87cf 2025-08-29T08:11:07+00:00 UPSTREAM: : Revert "Merge pull request #2412 from dusk125/rebase-v1.32.8" diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index e3fd4b1678..f3a0ba6f71 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -1,19 +1,19 @@ -https://github.com/openshift/api embedded-component 1c614f54419fa23266ae2f6660b9034893749079 +https://github.com/openshift/api embedded-component c9f500dc7ca317fcb4028b172a8c638305976e7f https://github.com/openshift/cluster-csi-snapshot-controller-operator embedded-component cf99de974354133f853928cff9e19ad19c5347d9 https://github.com/openshift/cluster-dns-operator embedded-component 659813065170f4e52f80b7a29bbab64bfa9aa172 https://github.com/openshift/cluster-ingress-operator embedded-component ddd78734833eb45f2cd5fba677fe50e4ae9f063b -https://github.com/openshift/cluster-kube-apiserver-operator embedded-component f9683e5669a03f0b93cf555d2942a04f3a2c5912 +https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 80c1fc3d81e3392ef7b056c8833185c8bdf6f599 https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component 3dfbb67635ce056fd55c360937be9868a3cf8ad5 https://github.com/openshift/cluster-kube-scheduler-operator embedded-component 8740a60de76690a17d5081db078eb93dfdb7a066 -https://github.com/openshift/cluster-network-operator embedded-component bc62016ccc39a66406caf5110ac7140f285fb264 +https://github.com/openshift/cluster-network-operator embedded-component bc27b42976486bd395fdbb0f4fbc9a5a8499be2c https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 0ab30996207ada63ef2e2fd4f47aac03b0872c9a https://github.com/openshift/cluster-policy-controller embedded-component 748524784686a5f397490563882cbfb88f9acd01 https://github.com/openshift/csi-external-snapshotter embedded-component ac82cafc95b301f67f46ee0db93720d55177a19b -https://github.com/openshift/etcd embedded-component a5421dfe551a2e9c911a75062a4cdeb7473f5c26 -https://github.com/openshift/kubernetes embedded-component 2f14046818a7ff3ae3e9da76376991698d7188f1 +https://github.com/openshift/etcd embedded-component eb0acd5c92a830da18d7d0d789f7a8ecac860620 +https://github.com/openshift/kubernetes embedded-component 169f654a6b0bc3dcca620eda17240b86c578cb10 https://github.com/openshift/kubernetes-kube-storage-version-migrator embedded-component fdef30c84b3d45ede364500984221c3f492b1415 -https://github.com/openshift/machine-config-operator embedded-component 366ecc0d61006b46a8e05cddb8dfffd5e347a09b -https://github.com/openshift/openshift-controller-manager embedded-component a672407574befa9faf6a56078d6852229701f8c6 +https://github.com/openshift/machine-config-operator embedded-component 1cc3b020cb2d5cdcb9135de39ddbd0ddd494495f +https://github.com/openshift/openshift-controller-manager embedded-component 5b3063ff149f290bebca0783fc508dfbf07689a5 https://github.com/openshift/operator-framework-olm embedded-component 5c83a8adfd3fb0a5b3f2f8a26d3d05eefd5ba9d0 https://github.com/openshift/route-controller-manager embedded-component bc97534a12a7a6bac096e4ed488b29535c8d4f33 https://github.com/openshift/service-ca-operator embedded-component 4dfa6916f984d0fd7188380edc88b250738f07f7 @@ -22,14 +22,14 @@ https://github.com/openshift/coredns image-amd64 4f64931403bf747b78bccb40ad877b0 https://github.com/openshift/csi-external-snapshotter image-amd64 ac82cafc95b301f67f46ee0db93720d55177a19b https://github.com/openshift/router image-amd64 b41f9d05467fb7b3f6c2dafa6ac4b5e25164c0b6 https://github.com/openshift/kube-rbac-proxy image-amd64 591277560f328601273f88f2881e09ccccd90a97 -https://github.com/openshift/ovn-kubernetes image-amd64 1e27e7a22ddb5a30fe5ae7ccb8e1d3967bc645ec -https://github.com/openshift/kubernetes image-amd64 2f14046818a7ff3ae3e9da76376991698d7188f1 +https://github.com/openshift/ovn-kubernetes image-amd64 6ff66743c4fbd0c413cf4bb9933a1eb510aa42e4 +https://github.com/openshift/kubernetes image-amd64 169f654a6b0bc3dcca620eda17240b86c578cb10 https://github.com/openshift/service-ca-operator image-amd64 4dfa6916f984d0fd7188380edc88b250738f07f7 https://github.com/openshift/oc image-arm64 298429ba9831d1d72b89edd9beb82a6ee665c3b7 https://github.com/openshift/coredns image-arm64 4f64931403bf747b78bccb40ad877b08da534e23 https://github.com/openshift/csi-external-snapshotter image-arm64 ac82cafc95b301f67f46ee0db93720d55177a19b https://github.com/openshift/router image-arm64 b41f9d05467fb7b3f6c2dafa6ac4b5e25164c0b6 https://github.com/openshift/kube-rbac-proxy image-arm64 591277560f328601273f88f2881e09ccccd90a97 -https://github.com/openshift/ovn-kubernetes image-arm64 1e27e7a22ddb5a30fe5ae7ccb8e1d3967bc645ec -https://github.com/openshift/kubernetes image-arm64 2f14046818a7ff3ae3e9da76376991698d7188f1 +https://github.com/openshift/ovn-kubernetes image-arm64 6ff66743c4fbd0c413cf4bb9933a1eb510aa42e4 +https://github.com/openshift/kubernetes image-arm64 169f654a6b0bc3dcca620eda17240b86c578cb10 https://github.com/openshift/service-ca-operator image-arm64 4dfa6916f984d0fd7188380edc88b250738f07f7 diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 2687e6bec3..f29755e52e 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.19.0-0.nightly-2025-08-28-080135" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.19.0-0.nightly-arm64-2025-08-30-002356" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.19.0-0.nightly-2025-09-03-061123" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.19.0-0.nightly-arm64-2025-09-03-055143" diff --git a/scripts/multinode/configure-sec.sh b/scripts/multinode/configure-sec.sh index 8ad1728a13..871f0b8360 100755 --- a/scripts/multinode/configure-sec.sh +++ b/scripts/multinode/configure-sec.sh @@ -77,10 +77,10 @@ function configure_kubelet() { # Checksums can be obtained from https://www.downloadkubernetes.com/ # or by downloading a "${url}.sha256" file (see below for ${url}). For example: - # version=v1.32.8; for kube_arch in amd64 arm64; do echo "${kube_arch}: $(curl -L https://dl.k8s.io/release/${version}/bin/linux/${kube_arch}/kubelet.sha256 2>/dev/null)"; done - local -r version="v1.32.8" - local -r kube_hash_amd64="7dfca4da9cdf592c0f70800e09fb42553765bc0951cade3d6e0c571daf3f23ee" - local -r kube_hash_arm64="d5527714fac08eac4c1ddcbd8a3c6db35f3acd335d43360219d733273b672cce" + # version=v1.32.7; for kube_arch in amd64 arm64; do echo "${kube_arch}: $(curl -L https://dl.k8s.io/release/${version}/bin/linux/${kube_arch}/kubelet.sha256 2>/dev/null)"; done + local -r version="v1.32.7" + local -r kube_hash_amd64="7ab96898436475640cbd416b2446f33aba1c2cb62dae876302ff7775d850041c" + local -r kube_hash_arm64="b862a8d550875924c8abed6c15ba22564f7e232c239aa6a2e88caf069a0ab548" local kube_arch="" local kube_hash="" diff --git a/vendor/k8s.io/kubernetes/plugin/pkg/admission/noderestriction/admission.go b/vendor/k8s.io/kubernetes/plugin/pkg/admission/noderestriction/admission.go index 1163f6bc20..419de31a99 100644 --- a/vendor/k8s.io/kubernetes/plugin/pkg/admission/noderestriction/admission.go +++ b/vendor/k8s.io/kubernetes/plugin/pkg/admission/noderestriction/admission.go @@ -518,11 +518,6 @@ func (p *Plugin) admitNode(nodeName string, a admission.Attributes) error { return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to modify taints", nodeName)) } - // Don't allow a node to update its own ownerReferences. - if !apiequality.Semantic.DeepEqual(node.OwnerReferences, oldNode.OwnerReferences) { - return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to modify ownerReferences", nodeName)) - } - // Don't allow a node to update labels outside the allowed set. // This would allow a node to add or modify its labels in a way that would let it steer privileged workloads to itself. modifiedLabels := getModifiedLabels(node.Labels, oldNode.Labels) diff --git a/vendor/modules.txt b/vendor/modules.txt index 8c8416d9d8..694acc0225 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -801,7 +801,7 @@ github.com/x448/float16 # github.com/xlab/treeprint v1.2.0 ## explicit; go 1.13 github.com/xlab/treeprint -# go.etcd.io/etcd/api/v3 v3.5.21 => github.com/openshift/etcd/api/v3 v3.5.1-0.20250411172207-a5421dfe551a +# go.etcd.io/etcd/api/v3 v3.5.21 => github.com/openshift/etcd/api/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 ## explicit; go 1.23.0 go.etcd.io/etcd/api/v3/authpb go.etcd.io/etcd/api/v3/etcdserverpb @@ -809,7 +809,7 @@ go.etcd.io/etcd/api/v3/membershippb go.etcd.io/etcd/api/v3/mvccpb go.etcd.io/etcd/api/v3/v3rpc/rpctypes go.etcd.io/etcd/api/v3/version -# go.etcd.io/etcd/client/pkg/v3 v3.5.21 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250411172207-a5421dfe551a +# go.etcd.io/etcd/client/pkg/v3 v3.5.21 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 ## explicit; go 1.23.0 go.etcd.io/etcd/client/pkg/v3/fileutil go.etcd.io/etcd/client/pkg/v3/logutil @@ -817,7 +817,7 @@ go.etcd.io/etcd/client/pkg/v3/systemd go.etcd.io/etcd/client/pkg/v3/tlsutil go.etcd.io/etcd/client/pkg/v3/transport go.etcd.io/etcd/client/pkg/v3/types -# go.etcd.io/etcd/client/v3 v3.5.16 => github.com/openshift/etcd/client/v3 v3.5.1-0.20250411172207-a5421dfe551a +# go.etcd.io/etcd/client/v3 v3.5.16 => github.com/openshift/etcd/client/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 ## explicit; go 1.23.0 go.etcd.io/etcd/client/v3 go.etcd.io/etcd/client/v3/credentials @@ -1163,7 +1163,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/api +# k8s.io/api v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/api ## explicit; go 1.23.0 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1224,7 +1224,7 @@ k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 k8s.io/api/storagemigration/v1alpha1 -# k8s.io/apiextensions-apiserver v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver +# k8s.io/apiextensions-apiserver v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver ## explicit; go 1.23.0 k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1271,7 +1271,7 @@ k8s.io/apiextensions-apiserver/pkg/generated/openapi k8s.io/apiextensions-apiserver/pkg/registry/customresource k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition -# k8s.io/apimachinery v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery +# k8s.io/apimachinery v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery ## explicit; go 1.23.0 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1343,7 +1343,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiserver +# k8s.io/apiserver v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiserver ## explicit; go 1.23.0 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/configuration @@ -1524,13 +1524,13 @@ k8s.io/apiserver/plugin/pkg/authenticator/token/oidc k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook/metrics -# k8s.io/cli-runtime v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime +# k8s.io/cli-runtime v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime ## explicit; go 1.23.0 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/genericiooptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go +# k8s.io/client-go v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go ## explicit; go 1.23.0 k8s.io/client-go/applyconfigurations k8s.io/client-go/applyconfigurations/admissionregistration/v1 @@ -1894,7 +1894,7 @@ k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/watchlist k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider +# k8s.io/cloud-provider v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider ## explicit; go 1.23.0 k8s.io/cloud-provider k8s.io/cloud-provider/api @@ -1913,14 +1913,14 @@ k8s.io/cloud-provider/service/helpers k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers -# k8s.io/cluster-bootstrap v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap +# k8s.io/cluster-bootstrap v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap ## explicit; go 1.23.0 k8s.io/cluster-bootstrap/token/api k8s.io/cluster-bootstrap/token/jws k8s.io/cluster-bootstrap/token/util k8s.io/cluster-bootstrap/util/secrets k8s.io/cluster-bootstrap/util/tokens -# k8s.io/component-base v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-base +# k8s.io/component-base v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-base ## explicit; go 1.23.0 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -1957,7 +1957,7 @@ k8s.io/component-base/version/verflag k8s.io/component-base/zpages/features k8s.io/component-base/zpages/flagz k8s.io/component-base/zpages/statusz -# k8s.io/component-helpers v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers +# k8s.io/component-helpers v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers ## explicit; go 1.23.0 k8s.io/component-helpers/apimachinery/lease k8s.io/component-helpers/apps/poddisruptionbudget @@ -1971,7 +1971,7 @@ k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/ephemeral k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager +# k8s.io/controller-manager v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager ## explicit; go 1.23.0 k8s.io/controller-manager/app k8s.io/controller-manager/config @@ -1988,35 +1988,35 @@ k8s.io/controller-manager/pkg/informerfactory k8s.io/controller-manager/pkg/leadermigration k8s.io/controller-manager/pkg/leadermigration/config k8s.io/controller-manager/pkg/leadermigration/options -# k8s.io/cri-api v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cri-api +# k8s.io/cri-api v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cri-api ## explicit; go 1.23.0 k8s.io/cri-api/pkg/apis k8s.io/cri-api/pkg/apis/runtime/v1 k8s.io/cri-api/pkg/errors -# k8s.io/cri-client v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cri-client +# k8s.io/cri-client v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cri-client ## explicit; go 1.23.0 k8s.io/cri-client/pkg k8s.io/cri-client/pkg/internal k8s.io/cri-client/pkg/logs k8s.io/cri-client/pkg/util -# k8s.io/csi-translation-lib v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib +# k8s.io/csi-translation-lib v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib ## explicit; go 1.23.0 k8s.io/csi-translation-lib k8s.io/csi-translation-lib/plugins -# k8s.io/dynamic-resource-allocation v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation +# k8s.io/dynamic-resource-allocation v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation ## explicit; go 1.23.0 k8s.io/dynamic-resource-allocation/api k8s.io/dynamic-resource-allocation/cel k8s.io/dynamic-resource-allocation/resourceclaim k8s.io/dynamic-resource-allocation/structured -# k8s.io/endpointslice v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice +# k8s.io/endpointslice v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice ## explicit; go 1.23.0 k8s.io/endpointslice k8s.io/endpointslice/metrics k8s.io/endpointslice/topologycache k8s.io/endpointslice/trafficdist k8s.io/endpointslice/util -# k8s.io/externaljwt v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/externaljwt +# k8s.io/externaljwt v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/externaljwt ## explicit; go 1.23.0 k8s.io/externaljwt/apis/v1alpha1 # k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9 @@ -2037,13 +2037,13 @@ k8s.io/klog/v2/internal/severity k8s.io/klog/v2/internal/sloghandler k8s.io/klog/v2/internal/verbosity k8s.io/klog/v2/textlogger -# k8s.io/kms v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kms +# k8s.io/kms v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kms ## explicit; go 1.23.0 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2 k8s.io/kms/pkg/service k8s.io/kms/pkg/util -# k8s.io/kube-aggregator v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator +# k8s.io/kube-aggregator v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator ## explicit; go 1.23.0 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install @@ -2076,7 +2076,7 @@ k8s.io/kube-aggregator/pkg/controllers/status/remote k8s.io/kube-aggregator/pkg/registry/apiservice k8s.io/kube-aggregator/pkg/registry/apiservice/etcd k8s.io/kube-aggregator/pkg/registry/apiservice/rest -# k8s.io/kube-controller-manager v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager +# k8s.io/kube-controller-manager v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager ## explicit; go 1.23.0 k8s.io/kube-controller-manager/config/v1alpha1 # k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f @@ -2109,11 +2109,11 @@ k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson k8s.io/kube-openapi/pkg/validation/validate -# k8s.io/kube-scheduler v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler +# k8s.io/kube-scheduler v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler ## explicit; go 1.23.0 k8s.io/kube-scheduler/config/v1 k8s.io/kube-scheduler/extender/v1 -# k8s.io/kubectl v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubectl +# k8s.io/kubectl v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubectl ## explicit; go 1.23.0 k8s.io/kubectl/pkg/apps k8s.io/kubectl/pkg/cmd/apiresources @@ -2148,7 +2148,7 @@ k8s.io/kubectl/pkg/util/storage k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubelet +# k8s.io/kubelet v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubelet ## explicit; go 1.23.0 k8s.io/kubelet/config/v1 k8s.io/kubelet/config/v1alpha1 @@ -2170,7 +2170,7 @@ k8s.io/kubelet/pkg/cri/streaming k8s.io/kubelet/pkg/cri/streaming/portforward k8s.io/kubelet/pkg/cri/streaming/remotecommand k8s.io/kubelet/pkg/types -# k8s.io/kubernetes v1.32.8 => ./deps/github.com/openshift/kubernetes +# k8s.io/kubernetes v1.32.7 => ./deps/github.com/openshift/kubernetes ## explicit; go 1.23.0 k8s.io/kubernetes/cmd/kube-apiserver/app k8s.io/kubernetes/cmd/kube-apiserver/app/options @@ -2990,7 +2990,7 @@ k8s.io/kubernetes/third_party/forked/gonum/graph/simple k8s.io/kubernetes/third_party/forked/gonum/graph/traverse k8s.io/kubernetes/third_party/forked/libcontainer/apparmor k8s.io/kubernetes/third_party/forked/libcontainer/utils -# k8s.io/metrics v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/metrics +# k8s.io/metrics v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/metrics ## explicit; go 1.23.0 k8s.io/metrics/pkg/apis/custom_metrics k8s.io/metrics/pkg/apis/custom_metrics/v1beta1 @@ -3005,10 +3005,10 @@ k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1 k8s.io/metrics/pkg/client/custom_metrics k8s.io/metrics/pkg/client/custom_metrics/scheme k8s.io/metrics/pkg/client/external_metrics -# k8s.io/mount-utils v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils +# k8s.io/mount-utils v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils ## explicit; go 1.23.0 k8s.io/mount-utils -# k8s.io/pod-security-admission v1.32.8 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission +# k8s.io/pod-security-admission v1.32.7 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission ## explicit; go 1.23.0 k8s.io/pod-security-admission/admission k8s.io/pod-security-admission/admission/api @@ -3190,6 +3190,6 @@ sigs.k8s.io/yaml/goyaml.v3 # k8s.io/sample-apiserver => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver # k8s.io/sample-cli-plugin => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin # k8s.io/sample-controller => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller -# go.etcd.io/etcd/api/v3 => github.com/openshift/etcd/api/v3 v3.5.1-0.20250411172207-a5421dfe551a -# go.etcd.io/etcd/client/pkg/v3 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250411172207-a5421dfe551a -# go.etcd.io/etcd/client/v3 => github.com/openshift/etcd/client/v3 v3.5.1-0.20250411172207-a5421dfe551a +# go.etcd.io/etcd/api/v3 => github.com/openshift/etcd/api/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 +# go.etcd.io/etcd/client/pkg/v3 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250829104148-eb0acd5c92a8 +# go.etcd.io/etcd/client/v3 => github.com/openshift/etcd/client/v3 v3.5.1-0.20250829104148-eb0acd5c92a8