From 97f71156e59ac8a87d048fc47067d2303bad3435 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Thu, 11 Sep 2025 04:42:18 +0000 Subject: [PATCH 01/12] update last_rebase.sh --- scripts/auto-rebase/last_rebase.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 6852df7f2f..b30fd3e2ef 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.20.0-0.nightly-2025-09-08-182033" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.20.0-0.nightly-arm64-2025-09-09-204939" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.20.0-0.nightly-2025-09-10-095237" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.20.0-0.nightly-arm64-2025-09-10-095236" From ed4b954abc9663575112d96b966d4cb63fd1969b Mon Sep 17 00:00:00 2001 From: ci-robot Date: Thu, 11 Sep 2025 04:42:19 +0000 Subject: [PATCH 02/12] update changelog --- scripts/auto-rebase/changelog.txt | 22 ++++++++-------------- scripts/auto-rebase/commits.txt | 6 +++--- 2 files changed, 11 insertions(+), 17 deletions(-) diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index adb3a09f31..18ea490661 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,19 +1,13 @@ -- api embedded-component 4a165b214722ff53fbdac1d250f62d4b0bb2bd3d to a638ff2e96fb9fb41192e85268fdcb07c0b1ed93 - - e0349455 2025-09-01T11:30:26+02:00 Add default value for MachineHealthCheck's maxUnhealthy to the description - -- cluster-kube-apiserver-operator embedded-component 0bec046c8c10682390e2a20ae4f416a2d8589f40 to cae310f190fccb3f0fa613de50c484afb039c098 - - 6c2d992 2025-08-25T18:29:46+02:00 revert dev cert rotation - -- cluster-kube-controller-manager-operator embedded-component 7030e7353408e83096a285404700c573273c25c8 to 90dc670123652d73f3fd8e5f40096bb665a917d5 - - d7381fb 2025-09-05T18:02:18+05:30 Fixing arch issue - -- cluster-network-operator embedded-component 746b8fb86171dfc75011a7b8db29de5c2355d848 to 7bbd2653092fc383803ba98169f6ffc5be2a64d5 - - fb3f46d 2025-08-20T14:43:26-05:00 Set RunAsUser for network-node-identity +- kubernetes embedded-component a237dcbeee8bbe1440c94349399cc6eac8870910 to 72a1beec012d2552d27d250025c832d7794a7cf1 + - a38f5e1b3 2025-09-07T14:10:57+00:00 UPSTREAM: revert: 133264: Revert "remove failing test that depends on expired credential, remove credential, add TODOs" + - 998bc5e17 2025-09-07T14:10:57+00:00 UPSTREAM: : Revert "UPSTREAM: : Revert "OCPBUGS-60507: Bump 1.33.4"" -- oc image-amd64 31597edbaedc6d8d206deda350cfc93e89fa24bf to a43428189603f12ae190703cb725f66f742fbe52 - - ea3cacdc 2025-08-29T13:21:45+02:00 must-gather: Fix usage checker for custom commands +- operator-framework-olm embedded-component e53cf3090214284bf913bd2d7165a0a9422635a0 to 10d327b38876b2fbc654ddc54eee6199ea0dbbb8 + - e8cb2905 2025-09-06T17:49:49+02:00 UPSTREAM: : make downstream csv namespace labeler plugin e2e more resilient to race conditions + - be283bad 2025-09-06T17:49:40+02:00 Make PSA catalog tests more resilient (#3645) + - 85780936 2025-09-06T17:49:16+02:00 refactor ensure job to remove named parameters (#3644) -- kubernetes image-arm64 a237dcbeee8bbe1440c94349399cc6eac8870910 to 72a1beec012d2552d27d250025c832d7794a7cf1 +- kubernetes image-amd64 a237dcbeee8bbe1440c94349399cc6eac8870910 to 72a1beec012d2552d27d250025c832d7794a7cf1 - a38f5e1b3 2025-09-07T14:10:57+00:00 UPSTREAM: revert: 133264: Revert "remove failing test that depends on expired credential, remove credential, add TODOs" - 998bc5e17 2025-09-07T14:10:57+00:00 UPSTREAM: : Revert "UPSTREAM: : Revert "OCPBUGS-60507: Bump 1.33.4"" diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index a9c14ccace..e1fa9d76ce 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -10,11 +10,11 @@ https://github.com/openshift/cluster-openshift-controller-manager-operator embed https://github.com/openshift/cluster-policy-controller embedded-component 3e7538547c8f209c72083097a4ebaada6e9c46c5 https://github.com/openshift/csi-external-snapshotter embedded-component 42604822c25eb2aa0ecb017c24e328221b238eb9 https://github.com/openshift/etcd embedded-component 9c065d4d842c8de57806426c13201413b4d595e2 -https://github.com/openshift/kubernetes embedded-component a237dcbeee8bbe1440c94349399cc6eac8870910 +https://github.com/openshift/kubernetes embedded-component 72a1beec012d2552d27d250025c832d7794a7cf1 https://github.com/openshift/kubernetes-kube-storage-version-migrator embedded-component 0f8a4eb84ace9b746cf25d51d80dacf34ca5f953 https://github.com/openshift/machine-config-operator embedded-component 7a56cf0048a05d576e746c3e992ce586e07c97e8 https://github.com/openshift/openshift-controller-manager embedded-component 49aaf599fb9024f36359f55bac6b3bb1482e24b8 -https://github.com/openshift/operator-framework-olm embedded-component e53cf3090214284bf913bd2d7165a0a9422635a0 +https://github.com/openshift/operator-framework-olm embedded-component 10d327b38876b2fbc654ddc54eee6199ea0dbbb8 https://github.com/openshift/route-controller-manager embedded-component bf2fa662f57f233d8541f94c4953e0dcd7a5ab20 https://github.com/openshift/service-ca-operator embedded-component b0fe556a981964728306f803864af9d2881db967 https://github.com/openshift/oc image-amd64 a43428189603f12ae190703cb725f66f742fbe52 @@ -23,7 +23,7 @@ https://github.com/openshift/csi-external-snapshotter image-amd64 42604822c25eb2 https://github.com/openshift/router image-amd64 7c50294cfbc9a7c0d3c715de56fb92dadeefb8e6 https://github.com/openshift/kube-rbac-proxy image-amd64 b9134351be37c43408334047d8eb85d0ac01fe4e https://github.com/openshift/ovn-kubernetes image-amd64 9741174157381d7b87e2d21559cbe06b8f2b5ebf -https://github.com/openshift/kubernetes image-amd64 a237dcbeee8bbe1440c94349399cc6eac8870910 +https://github.com/openshift/kubernetes image-amd64 72a1beec012d2552d27d250025c832d7794a7cf1 https://github.com/openshift/service-ca-operator image-amd64 b0fe556a981964728306f803864af9d2881db967 https://github.com/openshift/oc image-arm64 a43428189603f12ae190703cb725f66f742fbe52 https://github.com/openshift/coredns image-arm64 6f39336e6da9dc77b2db140a96773c413d50a665 From 76f003745c2c18e5797331e892ac24c4a5344835 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Thu, 11 Sep 2025 04:43:17 +0000 Subject: [PATCH 03/12] update microshift/go.mod --- go.mod | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/go.mod b/go.mod index 3f8f64460f..ad532a2914 100644 --- a/go.mod +++ b/go.mod @@ -38,17 +38,17 @@ require ( github.com/prometheus/prometheus v0.302.1 github.com/squat/generic-device-plugin v0.0.0-20250710162141-0f7fddf166f1 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v1.33.3 - k8s.io/apiextensions-apiserver v1.33.3 - k8s.io/apimachinery v1.33.3 - k8s.io/apiserver v1.33.3 - k8s.io/cli-runtime v1.33.3 - k8s.io/client-go v1.33.3 - k8s.io/cloud-provider v1.33.3 - k8s.io/component-base v1.33.3 - k8s.io/kube-aggregator v1.33.3 - k8s.io/kubectl v1.33.3 - k8s.io/kubelet v1.33.3 + k8s.io/api v1.33.4 + k8s.io/apiextensions-apiserver v1.33.4 + k8s.io/apimachinery v1.33.4 + k8s.io/apiserver v1.33.4 + k8s.io/cli-runtime v1.33.4 + k8s.io/client-go v1.33.4 + k8s.io/cloud-provider v1.33.4 + k8s.io/component-base v1.33.4 + k8s.io/kube-aggregator v1.33.4 + k8s.io/kubectl v1.33.4 + k8s.io/kubelet v1.33.4 k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 sigs.k8s.io/kustomize/api v0.19.0 @@ -162,21 +162,21 @@ require ( gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect - k8s.io/cluster-bootstrap v1.33.3 // indirect - k8s.io/component-helpers v1.33.3 // indirect - k8s.io/controller-manager v1.33.3 // indirect - k8s.io/cri-api v1.33.3 // indirect - k8s.io/cri-client v1.33.3 // indirect - k8s.io/csi-translation-lib v1.33.3 // indirect - k8s.io/dynamic-resource-allocation v1.33.3 // indirect - k8s.io/endpointslice v1.33.3 // indirect - k8s.io/externaljwt v1.33.3 // indirect - k8s.io/kms v1.33.3 // indirect - k8s.io/kube-controller-manager v1.33.3 // indirect - k8s.io/kube-scheduler v1.33.3 // indirect - k8s.io/metrics v1.33.3 // indirect - k8s.io/mount-utils v1.33.3 // indirect - k8s.io/pod-security-admission v1.33.3 // indirect + k8s.io/cluster-bootstrap v1.33.4 // indirect + k8s.io/component-helpers v1.33.4 // indirect + k8s.io/controller-manager v1.33.4 // indirect + k8s.io/cri-api v1.33.4 // indirect + k8s.io/cri-client v1.33.4 // indirect + k8s.io/csi-translation-lib v1.33.4 // indirect + k8s.io/dynamic-resource-allocation v1.33.4 // indirect + k8s.io/endpointslice v1.33.4 // indirect + k8s.io/externaljwt v1.33.4 // indirect + k8s.io/kms v1.33.4 // indirect + k8s.io/kube-controller-manager v1.33.4 // indirect + k8s.io/kube-scheduler v1.33.4 // indirect + k8s.io/metrics v1.33.4 // indirect + k8s.io/mount-utils v1.33.4 // indirect + k8s.io/pod-security-admission v1.33.4 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect sigs.k8s.io/randfill v1.0.0 // indirect @@ -217,7 +217,7 @@ require ( google.golang.org/protobuf v1.36.5 // indirect k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7 // indirect k8s.io/klog/v2 v2.130.1 - k8s.io/kubernetes v1.33.3 + k8s.io/kubernetes v1.33.4 sigs.k8s.io/structured-merge-diff/v4 v4.7.0 // indirect ) From 6659f5123541f8ffea86dc56335fcb2d1ea15480 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Thu, 11 Sep 2025 04:43:18 +0000 Subject: [PATCH 04/12] update microshift/deps --- .../openshift/kubernetes/.go-version | 2 +- .../kubernetes/CHANGELOG/CHANGELOG-1.33.md | 223 +++++++++++++----- .../build/build-image/cross/VERSION | 2 +- .../openshift/kubernetes/build/common.sh | 4 +- .../kubernetes/build/dependencies.yaml | 8 +- .../images/hyperkube/Dockerfile.rhel | 2 +- .../admission/noderestriction/admission.go | 5 + .../noderestriction/admission_test.go | 36 ++- .../kubernetes/staging/publishing/rules.yaml | 2 +- .../third_party/forked/golang/json/fields.go | 5 +- .../forked/golang/template/exec.go | 6 +- .../forked/golang/template/funcs.go | 6 +- .../third_party/forked/golang/reflect/type.go | 6 +- .../component-helpers/resource/helpers.go | 7 +- .../resource/helpers_test.go | 86 +++++-- .../openshift/kubernetes/test/images/Makefile | 2 +- .../kubernetes/test/utils/image/manifest.go | 2 +- 17 files changed, 301 insertions(+), 103 deletions(-) diff --git a/deps/github.com/openshift/kubernetes/.go-version b/deps/github.com/openshift/kubernetes/.go-version index 2f4320f67f..6521720b41 100644 --- a/deps/github.com/openshift/kubernetes/.go-version +++ b/deps/github.com/openshift/kubernetes/.go-version @@ -1 +1 @@ -1.24.4 +1.24.5 diff --git a/deps/github.com/openshift/kubernetes/CHANGELOG/CHANGELOG-1.33.md b/deps/github.com/openshift/kubernetes/CHANGELOG/CHANGELOG-1.33.md index de03744792..03a8205240 100644 --- a/deps/github.com/openshift/kubernetes/CHANGELOG/CHANGELOG-1.33.md +++ b/deps/github.com/openshift/kubernetes/CHANGELOG/CHANGELOG-1.33.md @@ -1,170 +1,277 @@ -- [v1.33.2](#v1332) - - [Downloads for v1.33.2](#downloads-for-v1332) +- [v1.33.3](#v1333) + - [Downloads for v1.33.3](#downloads-for-v1333) - [Source Code](#source-code) - [Client Binaries](#client-binaries) - [Server Binaries](#server-binaries) - [Node Binaries](#node-binaries) - [Container Images](#container-images) - - [Changelog since v1.33.1](#changelog-since-v1331) - - [Important Security Information](#important-security-information) - - [CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks](#cve-2025-4563-nodes-can-bypass-dynamic-resource-allocation-authorization-checks) + - [Changelog since v1.33.2](#changelog-since-v1332) - [Changes by Kind](#changes-by-kind) - - [Feature](#feature) - [Bug or Regression](#bug-or-regression) - [Other (Cleanup or Flake)](#other-cleanup-or-flake) - [Dependencies](#dependencies) - [Added](#added) - [Changed](#changed) - [Removed](#removed) -- [v1.33.1](#v1331) - - [Downloads for v1.33.1](#downloads-for-v1331) +- [v1.33.2](#v1332) + - [Downloads for v1.33.2](#downloads-for-v1332) - [Source Code](#source-code-1) - [Client Binaries](#client-binaries-1) - [Server Binaries](#server-binaries-1) - [Node Binaries](#node-binaries-1) - [Container Images](#container-images-1) - - [Changelog since v1.33.0](#changelog-since-v1330) + - [Changelog since v1.33.1](#changelog-since-v1331) + - [Important Security Information](#important-security-information) + - [CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks](#cve-2025-4563-nodes-can-bypass-dynamic-resource-allocation-authorization-checks) - [Changes by Kind](#changes-by-kind-1) + - [Feature](#feature) - [Bug or Regression](#bug-or-regression-1) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) - [Dependencies](#dependencies-1) - [Added](#added-1) - [Changed](#changed-1) - [Removed](#removed-1) -- [v1.33.0](#v1330) - - [Downloads for v1.33.0](#downloads-for-v1330) +- [v1.33.1](#v1331) + - [Downloads for v1.33.1](#downloads-for-v1331) - [Source Code](#source-code-2) - [Client Binaries](#client-binaries-2) - [Server Binaries](#server-binaries-2) - [Node Binaries](#node-binaries-2) - [Container Images](#container-images-2) - - [Changelog since v1.32.0](#changelog-since-v1320) - - [Urgent Upgrade Notes](#urgent-upgrade-notes) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) + - [Changelog since v1.33.0](#changelog-since-v1330) - [Changes by Kind](#changes-by-kind-2) - - [Deprecation](#deprecation) - - [API Change](#api-change) - - [Feature](#feature-1) - - [Documentation](#documentation) - [Bug or Regression](#bug-or-regression-2) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) - [Dependencies](#dependencies-2) - [Added](#added-2) - [Changed](#changed-2) - [Removed](#removed-2) -- [v1.33.0-rc.1](#v1330-rc1) - - [Downloads for v1.33.0-rc.1](#downloads-for-v1330-rc1) +- [v1.33.0](#v1330) + - [Downloads for v1.33.0](#downloads-for-v1330) - [Source Code](#source-code-3) - [Client Binaries](#client-binaries-3) - [Server Binaries](#server-binaries-3) - [Node Binaries](#node-binaries-3) - [Container Images](#container-images-3) - - [Changelog since v1.33.0-rc.0](#changelog-since-v1330-rc0) + - [Changelog since v1.32.0](#changelog-since-v1320) + - [Urgent Upgrade Notes](#urgent-upgrade-notes) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) - [Changes by Kind](#changes-by-kind-3) + - [Deprecation](#deprecation) + - [API Change](#api-change) + - [Feature](#feature-1) + - [Documentation](#documentation) - [Bug or Regression](#bug-or-regression-3) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - [Dependencies](#dependencies-3) - [Added](#added-3) - [Changed](#changed-3) - [Removed](#removed-3) -- [v1.33.0-rc.0](#v1330-rc0) - - [Downloads for v1.33.0-rc.0](#downloads-for-v1330-rc0) +- [v1.33.0-rc.1](#v1330-rc1) + - [Downloads for v1.33.0-rc.1](#downloads-for-v1330-rc1) - [Source Code](#source-code-4) - [Client Binaries](#client-binaries-4) - [Server Binaries](#server-binaries-4) - [Node Binaries](#node-binaries-4) - [Container Images](#container-images-4) - - [Changelog since v1.33.0-beta.0](#changelog-since-v1330-beta0) - - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) + - [Changelog since v1.33.0-rc.0](#changelog-since-v1330-rc0) - [Changes by Kind](#changes-by-kind-4) - - [Deprecation](#deprecation-1) - - [API Change](#api-change-1) - - [Feature](#feature-2) - [Bug or Regression](#bug-or-regression-4) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - [Dependencies](#dependencies-4) - [Added](#added-4) - [Changed](#changed-4) - [Removed](#removed-4) -- [v1.33.0-beta.0](#v1330-beta0) - - [Downloads for v1.33.0-beta.0](#downloads-for-v1330-beta0) +- [v1.33.0-rc.0](#v1330-rc0) + - [Downloads for v1.33.0-rc.0](#downloads-for-v1330-rc0) - [Source Code](#source-code-5) - [Client Binaries](#client-binaries-5) - [Server Binaries](#server-binaries-5) - [Node Binaries](#node-binaries-5) - [Container Images](#container-images-5) - - [Changelog since v1.33.0-alpha.3](#changelog-since-v1330-alpha3) + - [Changelog since v1.33.0-beta.0](#changelog-since-v1330-beta0) + - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) - [Changes by Kind](#changes-by-kind-5) - - [API Change](#api-change-2) - - [Feature](#feature-3) + - [Deprecation](#deprecation-1) + - [API Change](#api-change-1) + - [Feature](#feature-2) - [Bug or Regression](#bug-or-regression-5) - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) - [Dependencies](#dependencies-5) - [Added](#added-5) - [Changed](#changed-5) - [Removed](#removed-5) -- [v1.33.0-alpha.3](#v1330-alpha3) - - [Downloads for v1.33.0-alpha.3](#downloads-for-v1330-alpha3) +- [v1.33.0-beta.0](#v1330-beta0) + - [Downloads for v1.33.0-beta.0](#downloads-for-v1330-beta0) - [Source Code](#source-code-6) - [Client Binaries](#client-binaries-6) - [Server Binaries](#server-binaries-6) - [Node Binaries](#node-binaries-6) - [Container Images](#container-images-6) - - [Changelog since v1.33.0-alpha.2](#changelog-since-v1330-alpha2) - - [Urgent Upgrade Notes](#urgent-upgrade-notes-2) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-2) + - [Changelog since v1.33.0-alpha.3](#changelog-since-v1330-alpha3) - [Changes by Kind](#changes-by-kind-6) - - [Deprecation](#deprecation-2) - - [API Change](#api-change-3) - - [Feature](#feature-4) + - [API Change](#api-change-2) + - [Feature](#feature-3) - [Bug or Regression](#bug-or-regression-6) - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) - [Dependencies](#dependencies-6) - [Added](#added-6) - [Changed](#changed-6) - [Removed](#removed-6) -- [v1.33.0-alpha.2](#v1330-alpha2) - - [Downloads for v1.33.0-alpha.2](#downloads-for-v1330-alpha2) +- [v1.33.0-alpha.3](#v1330-alpha3) + - [Downloads for v1.33.0-alpha.3](#downloads-for-v1330-alpha3) - [Source Code](#source-code-7) - [Client Binaries](#client-binaries-7) - [Server Binaries](#server-binaries-7) - [Node Binaries](#node-binaries-7) - [Container Images](#container-images-7) - - [Changelog since v1.33.0-alpha.1](#changelog-since-v1330-alpha1) + - [Changelog since v1.33.0-alpha.2](#changelog-since-v1330-alpha2) + - [Urgent Upgrade Notes](#urgent-upgrade-notes-2) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-2) - [Changes by Kind](#changes-by-kind-7) - - [Deprecation](#deprecation-3) - - [API Change](#api-change-4) - - [Feature](#feature-5) + - [Deprecation](#deprecation-2) + - [API Change](#api-change-3) + - [Feature](#feature-4) - [Bug or Regression](#bug-or-regression-7) - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) - [Dependencies](#dependencies-7) - [Added](#added-7) - [Changed](#changed-7) - [Removed](#removed-7) -- [v1.33.0-alpha.1](#v1330-alpha1) - - [Downloads for v1.33.0-alpha.1](#downloads-for-v1330-alpha1) +- [v1.33.0-alpha.2](#v1330-alpha2) + - [Downloads for v1.33.0-alpha.2](#downloads-for-v1330-alpha2) - [Source Code](#source-code-8) - [Client Binaries](#client-binaries-8) - [Server Binaries](#server-binaries-8) - [Node Binaries](#node-binaries-8) - [Container Images](#container-images-8) - - [Changelog since v1.32.0](#changelog-since-v1320-1) - - [Urgent Upgrade Notes](#urgent-upgrade-notes-3) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-3) + - [Changelog since v1.33.0-alpha.1](#changelog-since-v1330-alpha1) - [Changes by Kind](#changes-by-kind-8) - - [API Change](#api-change-5) - - [Feature](#feature-6) - - [Documentation](#documentation-1) + - [Deprecation](#deprecation-3) + - [API Change](#api-change-4) + - [Feature](#feature-5) - [Bug or Regression](#bug-or-regression-8) - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) - [Dependencies](#dependencies-8) - [Added](#added-8) - [Changed](#changed-8) - [Removed](#removed-8) +- [v1.33.0-alpha.1](#v1330-alpha1) + - [Downloads for v1.33.0-alpha.1](#downloads-for-v1330-alpha1) + - [Source Code](#source-code-9) + - [Client Binaries](#client-binaries-9) + - [Server Binaries](#server-binaries-9) + - [Node Binaries](#node-binaries-9) + - [Container Images](#container-images-9) + - [Changelog since v1.32.0](#changelog-since-v1320-1) + - [Urgent Upgrade Notes](#urgent-upgrade-notes-3) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-3) + - [Changes by Kind](#changes-by-kind-9) + - [API Change](#api-change-5) + - [Feature](#feature-6) + - [Documentation](#documentation-1) + - [Bug or Regression](#bug-or-regression-9) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-7) + - [Dependencies](#dependencies-9) + - [Added](#added-9) + - [Changed](#changed-9) + - [Removed](#removed-9) +# v1.33.3 + + +## Downloads for v1.33.3 + + + +### Source Code + +filename | sha512 hash +-------- | ----------- +[kubernetes.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes.tar.gz) | 363c52cddaec8b16d6fa00382446907db5d4df262c4ceda293bdcae3bc8033ebe662c4c32fa3f1f66e815b9a4c865ffe93f662f814c10b702359be692c00acfb +[kubernetes-src.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-src.tar.gz) | d23bdc69123f4975a151224c450cbeadc97895f7645563daea67e01915549ea3fb5b31237598abed4fbe5add3c77ffd92e95cbe3f635cf2f4c0626a704f15fca + +### Client Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-client-darwin-amd64.tar.gz) | 58fc38f9f7c8952d318ad79139310588e077d2efd5100b586079cbee1cf04211b91d035a897164283bfb792b497139b143dd8bea63b3b538eaa346fb9e9f0379 +[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-client-darwin-arm64.tar.gz) | 15adffb9517df740e806698db5c0e973b8a765ef1e999a94e7f60d3598b9fba3b1299b95b5cccb765d94688cd15e153c4a84f4c4f039c45504fd7d3f44e395a2 +[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-client-linux-386.tar.gz) | 7cc1891ac0b230ab90e78cb7bad48e0d0ae4cafc88c8563a82de0f79c6d8dbb429bc5f96a540c84bd7334d2d3978d3e81d80949499c8ea6a66fc166cf9b9196c +[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-client-linux-amd64.tar.gz) | d4ef8efe17406ca3234c4628b0b4c14214f77b42056bd7db8298b0ace78305cf641e250572726996437c08bbb298aa7f942c6e748d4293478d11426a42666103 +[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-client-linux-arm.tar.gz) | 056378073fc2dd46533202c7d2d8dd3468f07a5853497d220d33827f37959934e10c7e10218e86df99c0b4136935fbab6167dd10586b0ec82caebf7806b99d53 +[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-client-linux-arm64.tar.gz) | e5cbf3394c0cab0d4443ed3731bb8010c5e7170bc41fc6bb269f00281643b441491fe4bb121058da8d52d7c87dc32b764e8b3670944b3cd8a1239e3b36430247 +[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-client-linux-ppc64le.tar.gz) | 8f5dca8a7390d63f5793067a3900256a2378534683957b9f3ef1e74338f23da4c0466703dd2fe7c6761ded9c5efbd36114a32d8ebacfab52a7a986f29be41f30 +[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-client-linux-s390x.tar.gz) | fbc8eaa3e8bd85beb0ca02167ff17ca87fba073e55a8cc55f5595339a7cc33f068af81e4525ba196dbce52d0874de8c5beecad988ea41d9fae69b8740136a26e +[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-client-windows-386.tar.gz) | f3b4d95f0399521d93765b891e49f0c2b57b0d62f59254684cd0495679909306acb07eb630460369bd1335a5c97e786c40bfa3d318cceda04f36d0039ef368eb +[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-client-windows-amd64.tar.gz) | d5953a6589159d69aed70f33d3f8c79d947f97659664ef254ae5a18dc2469899f1a0243d58b36324c246a76cc5ecdff93ddb81d864749185c2d8dd777040bad5 +[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-client-windows-arm64.tar.gz) | e126a72af5f56447236996060a29d9c47191b99b2891482d0f681e1a2640416a7f9151d658b579b7af15e0fb2167062d3a7e7062e8c9bca2342f020d1785813a + +### Server Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-server-linux-amd64.tar.gz) | 2098b70d6e328e0c5777a20d95cb7c5f8f3cd9f26960165c0db3135e9ddfb5b22e3f5471a130692dc48185592f4684c9239ed8e505a51984e31604c9a2e9040e +[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-server-linux-arm64.tar.gz) | a4b97b9141b49a5bcb2e271b85d03926503c4272689556814cb0714d114ef327c6b209c4b0f0b339475d1bdc9f3dfcaf865c8b4283abaeb0714d2d8602b57f63 +[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-server-linux-ppc64le.tar.gz) | ab326bb628ba477f18f9a33f5abdcd2f36486146f062b09f3f524f8162e6c3d2736699c463b14ef29cde4b9cae18117a6cbe962a63553b2938a240461605aaea +[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-server-linux-s390x.tar.gz) | 8af631c137f65af10129765cdff2697c730ba4ab58b63aea96d73c69e5d4fa2c35ff23416dac24fcadd3f3b856d08cf8223c28b40f4e8a02bb3c698dece6501f + +### Node Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-node-linux-amd64.tar.gz) | 90d5aa5c08d01febea7f2afe11fb7771568494e68c5cf7b2c1a245b9de24d7962e207efa218ecba45540a2f613b13cf561a8b5f5618f9422042f40a8d7e88988 +[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-node-linux-arm64.tar.gz) | a631b6236485979c98f1a99553e55e4f6a77bc6fcad444490095872a3516b761ad5097297dd730f1b8fb27bd613af4eea0d4fefc3379fa4724bf4915f8576ecb +[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-node-linux-ppc64le.tar.gz) | 342873a2d9eea49bc4b1ca0eca03ba1d019d60a8068bc2f015f5e35f5438e970d8d0722f441778cecf0f72cb5b27082bd1b434fc0d532dc5eaf96533616a8822 +[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-node-linux-s390x.tar.gz) | b0fa7050445cd4d9ffbe8014f72b44984f47ccb1ba7b6fcb191a0d6a784e4c741d1a04584339e6f09d0aa9568120d22dc4cde95f81f79cb52b13105cf5a57a9c +[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.33.3/kubernetes-node-windows-amd64.tar.gz) | 741b4e93de0053586220ac210856dff035c8bb64856f600006be73875a53846f55fb32d9262b3fc6aab7b81cca4b2cfe0d05716fbe9c89e8ab8a9ab4e56ae8e4 + +### Container Images + +All container images are available as manifest lists and support the described +architectures. It is also possible to pull a specific architecture directly by +adding the "-$ARCH" suffix to the container image name. + +name | architectures +---- | ------------- +[registry.k8s.io/conformance:v1.33.3](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-s390x) +[registry.k8s.io/kube-apiserver:v1.33.3](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-s390x) +[registry.k8s.io/kube-controller-manager:v1.33.3](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-s390x) +[registry.k8s.io/kube-proxy:v1.33.3](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-s390x) +[registry.k8s.io/kube-scheduler:v1.33.3](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-s390x) +[registry.k8s.io/kubectl:v1.33.3](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-s390x) + +## Changelog since v1.33.2 + +## Changes by Kind + +### Bug or Regression + +- Fix a bug causing unexpected delay of creating pods for newly created jobs ([#132158](https://github.com/kubernetes/kubernetes/pull/132158), [@linxiulei](https://github.com/linxiulei)) [SIG Apps and Testing] +- Fix regression introduced in 1.33 - where some Paginated LIST calls are falling back to etcd instead of serving from cache. ([#132337](https://github.com/kubernetes/kubernetes/pull/132337), [@hakuna-matatah](https://github.com/hakuna-matatah)) [SIG API Machinery] +- Fix validation for Job with suspend=true, and completions=0 to set the Complete condition. ([#132728](https://github.com/kubernetes/kubernetes/pull/132728), [@mimowo](https://github.com/mimowo)) [SIG Apps and Testing] +- Kubeadm: fixed issue where etcd member promotion fails with an error saying the member was already promoted ([#132280](https://github.com/kubernetes/kubernetes/pull/132280), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] + +### Other (Cleanup or Flake) + +- Reduce logspam when calculating the container resources on linux ([#132272](https://github.com/kubernetes/kubernetes/pull/132272), [@Peac36](https://github.com/Peac36)) [SIG Node] + +## Dependencies + +### Added +_Nothing has changed._ + +### Changed +_Nothing has changed._ + +### Removed +_Nothing has changed._ + + + # v1.33.2 diff --git a/deps/github.com/openshift/kubernetes/build/build-image/cross/VERSION b/deps/github.com/openshift/kubernetes/build/build-image/cross/VERSION index ea4cedcf78..4415fb7d96 100644 --- a/deps/github.com/openshift/kubernetes/build/build-image/cross/VERSION +++ b/deps/github.com/openshift/kubernetes/build/build-image/cross/VERSION @@ -1 +1 @@ -v1.33.0-go1.24.4-bullseye.0 +v1.33.0-go1.24.5-bullseye.0 diff --git a/deps/github.com/openshift/kubernetes/build/common.sh b/deps/github.com/openshift/kubernetes/build/common.sh index 8612e94612..93bcdb17f7 100755 --- a/deps/github.com/openshift/kubernetes/build/common.sh +++ b/deps/github.com/openshift/kubernetes/build/common.sh @@ -97,8 +97,8 @@ readonly KUBE_RSYNC_PORT="${KUBE_RSYNC_PORT:-}" readonly KUBE_CONTAINER_RSYNC_PORT=8730 # These are the default versions (image tags) for their respective base images. -readonly __default_distroless_iptables_version=v0.7.6 -readonly __default_go_runner_version=v2.4.0-go1.24.4-bookworm.0 +readonly __default_distroless_iptables_version=v0.7.7 +readonly __default_go_runner_version=v2.4.0-go1.24.5-bookworm.0 readonly __default_setcap_version=bookworm-v1.0.4 # These are the base images for the Docker-wrapped binaries. diff --git a/deps/github.com/openshift/kubernetes/build/dependencies.yaml b/deps/github.com/openshift/kubernetes/build/dependencies.yaml index dca70ade7f..6108000a49 100644 --- a/deps/github.com/openshift/kubernetes/build/dependencies.yaml +++ b/deps/github.com/openshift/kubernetes/build/dependencies.yaml @@ -116,7 +116,7 @@ dependencies: # Golang - name: "golang: upstream version" - version: 1.24.4 + version: 1.24.5 refPaths: - path: .go-version - path: build/build-image/cross/VERSION @@ -139,7 +139,7 @@ dependencies: match: minimum_go_version=go([0-9]+\.[0-9]+) - name: "registry.k8s.io/kube-cross: dependents" - version: v1.33.0-go1.24.4-bullseye.0 + version: v1.33.0-go1.24.5-bullseye.0 refPaths: - path: build/build-image/cross/VERSION @@ -177,7 +177,7 @@ dependencies: match: registry\.k8s\.io\/build-image\/debian-base:[a-zA-Z]+\-v((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?) - name: "registry.k8s.io/distroless-iptables: dependents" - version: v0.7.6 + version: v0.7.7 refPaths: - path: build/common.sh match: __default_distroless_iptables_version= @@ -185,7 +185,7 @@ dependencies: match: configs\[DistrolessIptables\] = Config{list\.BuildImageRegistry, "distroless-iptables", "v([0-9]+)\.([0-9]+)\.([0-9]+)"} - name: "registry.k8s.io/go-runner: dependents" - version: v2.4.0-go1.24.4-bookworm.0 + version: v2.4.0-go1.24.5-bookworm.0 refPaths: - path: build/common.sh match: __default_go_runner_version= diff --git a/deps/github.com/openshift/kubernetes/openshift-hack/images/hyperkube/Dockerfile.rhel b/deps/github.com/openshift/kubernetes/openshift-hack/images/hyperkube/Dockerfile.rhel index 331cc88d99..0401df113b 100644 --- a/deps/github.com/openshift/kubernetes/openshift-hack/images/hyperkube/Dockerfile.rhel +++ b/deps/github.com/openshift/kubernetes/openshift-hack/images/hyperkube/Dockerfile.rhel @@ -14,4 +14,4 @@ COPY --from=builder /tmp/build/* /usr/bin/ LABEL io.k8s.display-name="OpenShift Kubernetes Server Commands" \ io.k8s.description="OpenShift is a platform for developing, building, and deploying containerized applications." \ io.openshift.tags="openshift,hyperkube" \ - io.openshift.build.versions="kubernetes=1.33.3" \ No newline at end of file + io.openshift.build.versions="kubernetes=1.33.4" \ No newline at end of file diff --git a/deps/github.com/openshift/kubernetes/plugin/pkg/admission/noderestriction/admission.go b/deps/github.com/openshift/kubernetes/plugin/pkg/admission/noderestriction/admission.go index 5c9502cb28..f40d0fc6be 100644 --- a/deps/github.com/openshift/kubernetes/plugin/pkg/admission/noderestriction/admission.go +++ b/deps/github.com/openshift/kubernetes/plugin/pkg/admission/noderestriction/admission.go @@ -536,6 +536,11 @@ func (p *Plugin) admitNode(nodeName string, a admission.Attributes) error { return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to modify taints", nodeName)) } + // Don't allow a node to update its own ownerReferences. + if !apiequality.Semantic.DeepEqual(node.OwnerReferences, oldNode.OwnerReferences) { + return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to modify ownerReferences", nodeName)) + } + // Don't allow a node to update labels outside the allowed set. // This would allow a node to add or modify its labels in a way that would let it steer privileged workloads to itself. modifiedLabels := getModifiedLabels(node.Labels, oldNode.Labels) diff --git a/deps/github.com/openshift/kubernetes/plugin/pkg/admission/noderestriction/admission_test.go b/deps/github.com/openshift/kubernetes/plugin/pkg/admission/noderestriction/admission_test.go index 0cd7c881f1..77b077dcd6 100644 --- a/deps/github.com/openshift/kubernetes/plugin/pkg/admission/noderestriction/admission_test.go +++ b/deps/github.com/openshift/kubernetes/plugin/pkg/admission/noderestriction/admission_test.go @@ -260,10 +260,14 @@ func (a *admitTestCase) run(t *testing.T) { func Test_nodePlugin_Admit(t *testing.T) { var ( - mynode = &user.DefaultInfo{Name: "system:node:mynode", Groups: []string{"system:nodes"}} - bob = &user.DefaultInfo{Name: "bob"} + trueRef = true + mynode = &user.DefaultInfo{Name: "system:node:mynode", Groups: []string{"system:nodes"}} + bob = &user.DefaultInfo{Name: "bob"} + + mynodeObjMeta = metav1.ObjectMeta{Name: "mynode", UID: "mynode-uid"} + mynodeObjMetaOwnerRefA = metav1.ObjectMeta{Name: "mynode", UID: "mynode-uid", OwnerReferences: []metav1.OwnerReference{{Name: "fooerA", Controller: &trueRef}}} + mynodeObjMetaOwnerRefB = metav1.ObjectMeta{Name: "mynode", UID: "mynode-uid", OwnerReferences: []metav1.OwnerReference{{Name: "fooerB", Controller: &trueRef}}} - mynodeObjMeta = metav1.ObjectMeta{Name: "mynode", UID: "mynode-uid"} mynodeObj = &api.Node{ObjectMeta: mynodeObjMeta} mynodeObjConfigA = &api.Node{ObjectMeta: mynodeObjMeta, Spec: api.NodeSpec{ConfigSource: &api.NodeConfigSource{ ConfigMap: &api.ConfigMapNodeConfigSource{ @@ -280,9 +284,11 @@ func Test_nodePlugin_Admit(t *testing.T) { KubeletConfigKey: "kubelet", }}}} - mynodeObjTaintA = &api.Node{ObjectMeta: mynodeObjMeta, Spec: api.NodeSpec{Taints: []api.Taint{{Key: "mykey", Value: "A"}}}} - mynodeObjTaintB = &api.Node{ObjectMeta: mynodeObjMeta, Spec: api.NodeSpec{Taints: []api.Taint{{Key: "mykey", Value: "B"}}}} - othernodeObj = &api.Node{ObjectMeta: metav1.ObjectMeta{Name: "othernode"}} + mynodeObjTaintA = &api.Node{ObjectMeta: mynodeObjMeta, Spec: api.NodeSpec{Taints: []api.Taint{{Key: "mykey", Value: "A"}}}} + mynodeObjTaintB = &api.Node{ObjectMeta: mynodeObjMeta, Spec: api.NodeSpec{Taints: []api.Taint{{Key: "mykey", Value: "B"}}}} + mynodeObjOwnerRefA = &api.Node{ObjectMeta: mynodeObjMetaOwnerRefA} + mynodeObjOwnerRefB = &api.Node{ObjectMeta: mynodeObjMetaOwnerRefB} + othernodeObj = &api.Node{ObjectMeta: metav1.ObjectMeta{Name: "othernode"}} coremymirrorpod, v1mymirrorpod = makeTestPod("ns", "mymirrorpod", "mynode", true) coreothermirrorpod, v1othermirrorpod = makeTestPod("ns", "othermirrorpod", "othernode", true) @@ -1222,6 +1228,24 @@ func Test_nodePlugin_Admit(t *testing.T) { attributes: admission.NewAttributesRecord(setForbiddenUpdateLabels(mynodeObj, "new"), setForbiddenUpdateLabels(mynodeObj, "old"), nodeKind, mynodeObj.Namespace, mynodeObj.Name, nodeResource, "", admission.Update, &metav1.UpdateOptions{}, false, mynode), err: `is not allowed to modify labels: foo.node-restriction.kubernetes.io/foo, node-restriction.kubernetes.io/foo, other.k8s.io/foo, other.kubernetes.io/foo`, }, + { + name: "forbid update of my node: add owner reference", + podsGetter: existingPods, + attributes: admission.NewAttributesRecord(mynodeObjOwnerRefA, mynodeObj, nodeKind, mynodeObj.Namespace, mynodeObj.Name, nodeResource, "", admission.Update, &metav1.UpdateOptions{}, false, mynode), + err: "node \"mynode\" is not allowed to modify ownerReferences", + }, + { + name: "forbid update of my node: remove owner reference", + podsGetter: existingPods, + attributes: admission.NewAttributesRecord(mynodeObj, mynodeObjOwnerRefA, nodeKind, mynodeObj.Namespace, mynodeObj.Name, nodeResource, "", admission.Update, &metav1.UpdateOptions{}, false, mynode), + err: "node \"mynode\" is not allowed to modify ownerReferences", + }, + { + name: "forbid update of my node: change owner reference", + podsGetter: existingPods, + attributes: admission.NewAttributesRecord(mynodeObjOwnerRefA, mynodeObjOwnerRefB, nodeKind, mynodeObj.Namespace, mynodeObj.Name, nodeResource, "", admission.Update, &metav1.UpdateOptions{}, false, mynode), + err: "node \"mynode\" is not allowed to modify ownerReferences", + }, // Other node object { diff --git a/deps/github.com/openshift/kubernetes/staging/publishing/rules.yaml b/deps/github.com/openshift/kubernetes/staging/publishing/rules.yaml index 076e059e33..781dc9c607 100644 --- a/deps/github.com/openshift/kubernetes/staging/publishing/rules.yaml +++ b/deps/github.com/openshift/kubernetes/staging/publishing/rules.yaml @@ -2901,4 +2901,4 @@ rules: - staging/src/k8s.io/externaljwt recursive-delete-patterns: - '*/.gitattributes' -default-go-version: 1.24.4 +default-go-version: 1.24.5 diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery/third_party/forked/golang/json/fields.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery/third_party/forked/golang/json/fields.go index e38605df92..5b8514b3fa 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery/third_party/forked/golang/json/fields.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery/third_party/forked/golang/json/fields.go @@ -359,9 +359,8 @@ const ( // 4) simpleLetterEqualFold, no specials, no non-letters. // // The letters S and K are special because they map to 3 runes, not just 2: -// - S maps to s and to U+017F 'ſ' Latin small letter long s -// - k maps to K and to U+212A 'K' Kelvin sign -// +// * S maps to s and to U+017F 'ſ' Latin small letter long s +// * k maps to K and to U+212A 'K' Kelvin sign // See http://play.golang.org/p/tTxjOc0OGo // // The returned function is specialized for matching against s and diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/third_party/forked/golang/template/exec.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/third_party/forked/golang/template/exec.go index ed66f84010..7cf29524ce 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/third_party/forked/golang/template/exec.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/third_party/forked/golang/template/exec.go @@ -1,6 +1,6 @@ -// This package is copied from Go library text/template. -// The original private functions indirect and printableValue -// are exported as public functions. +//This package is copied from Go library text/template. +//The original private functions indirect and printableValue +//are exported as public functions. package template import ( diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/third_party/forked/golang/template/funcs.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/third_party/forked/golang/template/funcs.go index 94c396c657..f0c8e712ca 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/third_party/forked/golang/template/funcs.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/third_party/forked/golang/template/funcs.go @@ -1,6 +1,6 @@ -// This package is copied from Go library text/template. -// The original private functions eq, ge, gt, le, lt, and ne -// are exported as public functions. +//This package is copied from Go library text/template. +//The original private functions eq, ge, gt, le, lt, and ne +//are exported as public functions. package template import ( diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/third_party/forked/golang/reflect/type.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/third_party/forked/golang/reflect/type.go index 8c05c8efca..67957ee33e 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/third_party/forked/golang/reflect/type.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/third_party/forked/golang/reflect/type.go @@ -1,6 +1,6 @@ -// This package is copied from Go library reflect/type.go. -// The struct tag library provides no way to extract the list of struct tags, only -// a specific tag +//This package is copied from Go library reflect/type.go. +//The struct tag library provides no way to extract the list of struct tags, only +//a specific tag package reflect import ( diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers/resource/helpers.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers/resource/helpers.go index 780db54245..7ff5bef111 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers/resource/helpers.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers/resource/helpers.go @@ -404,7 +404,12 @@ func maxResourceList(list, newList v1.ResourceList) { // max returns the result of max(a, b...) for each named resource and is only used if we can't // accumulate into an existing resource list func max(a v1.ResourceList, b ...v1.ResourceList) v1.ResourceList { - result := a.DeepCopy() + var result v1.ResourceList + if a != nil { + result = a.DeepCopy() + } else { + result = v1.ResourceList{} + } for _, other := range b { maxResourceList(result, other) } diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers/resource/helpers_test.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers/resource/helpers_test.go index 19849b0911..5cfdd016d3 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers/resource/helpers_test.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers/resource/helpers_test.go @@ -23,6 +23,7 @@ import ( v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apimachinery/pkg/api/resource" + "k8s.io/utils/ptr" ) func TestPodRequestsAndLimits(t *testing.T) { @@ -1967,11 +1968,14 @@ func TestIsSupportedPodLevelResource(t *testing.T) { func TestAggregateContainerRequestsAndLimits(t *testing.T) { restartAlways := v1.ContainerRestartPolicyAlways cases := []struct { - containers []v1.Container - initContainers []v1.Container - name string - expectedRequests v1.ResourceList - expectedLimits v1.ResourceList + options PodResourcesOptions + containers []v1.Container + containerStatuses []v1.ContainerStatus + initContainers []v1.Container + initContainerStatuses []v1.ContainerStatus + name string + expectedRequests v1.ResourceList + expectedLimits v1.ResourceList }{ { name: "one container with limits", @@ -2135,20 +2139,74 @@ func TestAggregateContainerRequestsAndLimits(t *testing.T) { v1.ResourceName(v1.ResourceCPU): resource.MustParse("17"), }, }, + { + name: "regularcontainers with empty requests, but status with non-empty requests", + options: PodResourcesOptions{UseStatusResources: true}, + containers: []v1.Container{ + { + Name: "container-1", + Resources: v1.ResourceRequirements{}, + }, + }, + containerStatuses: []v1.ContainerStatus{ + { + Name: "container-1", + Resources: &v1.ResourceRequirements{ + Requests: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("2"), + }, + }, + }, + }, + expectedRequests: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("2"), + }, + expectedLimits: v1.ResourceList{}, + }, + { + name: "always-restart init containers with empty requests, but status with non-empty requests", + options: PodResourcesOptions{UseStatusResources: true}, + initContainers: []v1.Container{ + { + Name: "container-1", + RestartPolicy: ptr.To[v1.ContainerRestartPolicy](v1.ContainerRestartPolicyAlways), + Resources: v1.ResourceRequirements{}, + }, + }, + initContainerStatuses: []v1.ContainerStatus{ + { + Name: "container-1", + Resources: &v1.ResourceRequirements{ + Requests: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("2"), + }, + }, + }, + }, + expectedRequests: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("2"), + }, + expectedLimits: v1.ResourceList{}, + }, } for idx, tc := range cases { - testPod := &v1.Pod{Spec: v1.PodSpec{Containers: tc.containers, InitContainers: tc.initContainers}} - resRequests := AggregateContainerRequests(testPod, PodResourcesOptions{}) - resLimits := AggregateContainerLimits(testPod, PodResourcesOptions{}) + t.Run(tc.name, func(t *testing.T) { + testPod := &v1.Pod{ + Spec: v1.PodSpec{Containers: tc.containers, InitContainers: tc.initContainers}, + Status: v1.PodStatus{ContainerStatuses: tc.containerStatuses, InitContainerStatuses: tc.initContainerStatuses}, + } + resRequests := AggregateContainerRequests(testPod, tc.options) + resLimits := AggregateContainerLimits(testPod, tc.options) - if !equality.Semantic.DeepEqual(tc.expectedRequests, resRequests) { - t.Errorf("test case failure[%d]: %v, requests:\n expected:\t%v\ngot\t\t%v", idx, tc.name, tc.expectedRequests, resRequests) - } + if !equality.Semantic.DeepEqual(tc.expectedRequests, resRequests) { + t.Errorf("test case failure[%d]: %v, requests:\n expected:\t%v\ngot\t\t%v", idx, tc.name, tc.expectedRequests, resRequests) + } - if !equality.Semantic.DeepEqual(tc.expectedLimits, resLimits) { - t.Errorf("test case failure[%d]: %v, limits:\n expected:\t%v\ngot\t\t%v", idx, tc.name, tc.expectedLimits, resLimits) - } + if !equality.Semantic.DeepEqual(tc.expectedLimits, resLimits) { + t.Errorf("test case failure[%d]: %v, limits:\n expected:\t%v\ngot\t\t%v", idx, tc.name, tc.expectedLimits, resLimits) + } + }) } } diff --git a/deps/github.com/openshift/kubernetes/test/images/Makefile b/deps/github.com/openshift/kubernetes/test/images/Makefile index 112ccc7a87..867d8e994f 100644 --- a/deps/github.com/openshift/kubernetes/test/images/Makefile +++ b/deps/github.com/openshift/kubernetes/test/images/Makefile @@ -16,7 +16,7 @@ REGISTRY ?= registry.k8s.io/e2e-test-images GOARM ?= 7 DOCKER_CERT_BASE_PATH ?= QEMUVERSION=v5.1.0-2 -GOLANG_VERSION=1.24.4 +GOLANG_VERSION=1.24.5 export ifndef WHAT diff --git a/deps/github.com/openshift/kubernetes/test/utils/image/manifest.go b/deps/github.com/openshift/kubernetes/test/utils/image/manifest.go index 7574ceaf6b..6f0d49c47b 100644 --- a/deps/github.com/openshift/kubernetes/test/utils/image/manifest.go +++ b/deps/github.com/openshift/kubernetes/test/utils/image/manifest.go @@ -223,7 +223,7 @@ func initImageConfigs(list RegistryList) (map[ImageID]Config, map[ImageID]Config configs[APIServer] = Config{list.PromoterE2eRegistry, "sample-apiserver", "1.29.2"} configs[AppArmorLoader] = Config{list.PromoterE2eRegistry, "apparmor-loader", "1.4"} configs[BusyBox] = Config{list.PromoterE2eRegistry, "busybox", "1.36.1-1"} - configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.7.6"} + configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.7.7"} configs[Etcd] = Config{list.GcEtcdRegistry, "etcd", "3.5.21-0"} configs[Httpd] = Config{list.PromoterE2eRegistry, "httpd", "2.4.38-4"} configs[HttpdNew] = Config{list.PromoterE2eRegistry, "httpd", "2.4.39-4"} From 686e4b4e2051398fd4c3194e9c94eadfff785c6e Mon Sep 17 00:00:00 2001 From: ci-robot Date: Thu, 11 Sep 2025 04:43:36 +0000 Subject: [PATCH 05/12] update microshift/vendor --- .../component-helpers/resource/helpers.go | 7 ++- .../admission/noderestriction/admission.go | 5 ++ vendor/modules.txt | 54 +++++++++---------- 3 files changed, 38 insertions(+), 28 deletions(-) diff --git a/vendor/k8s.io/component-helpers/resource/helpers.go b/vendor/k8s.io/component-helpers/resource/helpers.go index 780db54245..7ff5bef111 100644 --- a/vendor/k8s.io/component-helpers/resource/helpers.go +++ b/vendor/k8s.io/component-helpers/resource/helpers.go @@ -404,7 +404,12 @@ func maxResourceList(list, newList v1.ResourceList) { // max returns the result of max(a, b...) for each named resource and is only used if we can't // accumulate into an existing resource list func max(a v1.ResourceList, b ...v1.ResourceList) v1.ResourceList { - result := a.DeepCopy() + var result v1.ResourceList + if a != nil { + result = a.DeepCopy() + } else { + result = v1.ResourceList{} + } for _, other := range b { maxResourceList(result, other) } diff --git a/vendor/k8s.io/kubernetes/plugin/pkg/admission/noderestriction/admission.go b/vendor/k8s.io/kubernetes/plugin/pkg/admission/noderestriction/admission.go index 5c9502cb28..f40d0fc6be 100644 --- a/vendor/k8s.io/kubernetes/plugin/pkg/admission/noderestriction/admission.go +++ b/vendor/k8s.io/kubernetes/plugin/pkg/admission/noderestriction/admission.go @@ -536,6 +536,11 @@ func (p *Plugin) admitNode(nodeName string, a admission.Attributes) error { return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to modify taints", nodeName)) } + // Don't allow a node to update its own ownerReferences. + if !apiequality.Semantic.DeepEqual(node.OwnerReferences, oldNode.OwnerReferences) { + return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to modify ownerReferences", nodeName)) + } + // Don't allow a node to update labels outside the allowed set. // This would allow a node to add or modify its labels in a way that would let it steer privileged workloads to itself. modifiedLabels := getModifiedLabels(node.Labels, oldNode.Labels) diff --git a/vendor/modules.txt b/vendor/modules.txt index 262a162d10..36685fdfba 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1186,7 +1186,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/api +# k8s.io/api v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/api ## explicit; go 1.24.0 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1248,7 +1248,7 @@ k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 k8s.io/api/storagemigration/v1alpha1 -# k8s.io/apiextensions-apiserver v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver +# k8s.io/apiextensions-apiserver v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver ## explicit; go 1.24.0 k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1295,7 +1295,7 @@ k8s.io/apiextensions-apiserver/pkg/generated/openapi k8s.io/apiextensions-apiserver/pkg/registry/customresource k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition -# k8s.io/apimachinery v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery +# k8s.io/apimachinery v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery ## explicit; go 1.24.0 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1373,7 +1373,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiserver +# k8s.io/apiserver v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiserver ## explicit; go 1.24.0 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/configuration @@ -1558,13 +1558,13 @@ k8s.io/apiserver/plugin/pkg/authenticator/token/oidc k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook/metrics -# k8s.io/cli-runtime v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime +# k8s.io/cli-runtime v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime ## explicit; go 1.24.0 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/genericiooptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go +# k8s.io/client-go v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go ## explicit; go 1.24.0 k8s.io/client-go/applyconfigurations k8s.io/client-go/applyconfigurations/admissionregistration/v1 @@ -1933,7 +1933,7 @@ k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/watchlist k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider +# k8s.io/cloud-provider v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider ## explicit; go 1.24.0 k8s.io/cloud-provider k8s.io/cloud-provider/api @@ -1952,14 +1952,14 @@ k8s.io/cloud-provider/service/helpers k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers -# k8s.io/cluster-bootstrap v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap +# k8s.io/cluster-bootstrap v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap ## explicit; go 1.24.0 k8s.io/cluster-bootstrap/token/api k8s.io/cluster-bootstrap/token/jws k8s.io/cluster-bootstrap/token/util k8s.io/cluster-bootstrap/util/secrets k8s.io/cluster-bootstrap/util/tokens -# k8s.io/component-base v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-base +# k8s.io/component-base v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-base ## explicit; go 1.24.0 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -1998,7 +1998,7 @@ k8s.io/component-base/zpages/features k8s.io/component-base/zpages/flagz k8s.io/component-base/zpages/httputil k8s.io/component-base/zpages/statusz -# k8s.io/component-helpers v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers +# k8s.io/component-helpers v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers ## explicit; go 1.24.0 k8s.io/component-helpers/apimachinery/lease k8s.io/component-helpers/apps/poddisruptionbudget @@ -2012,7 +2012,7 @@ k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/ephemeral k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager +# k8s.io/controller-manager v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager ## explicit; go 1.24.0 k8s.io/controller-manager/app k8s.io/controller-manager/config @@ -2029,22 +2029,22 @@ k8s.io/controller-manager/pkg/informerfactory k8s.io/controller-manager/pkg/leadermigration k8s.io/controller-manager/pkg/leadermigration/config k8s.io/controller-manager/pkg/leadermigration/options -# k8s.io/cri-api v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cri-api +# k8s.io/cri-api v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cri-api ## explicit; go 1.24.0 k8s.io/cri-api/pkg/apis k8s.io/cri-api/pkg/apis/runtime/v1 k8s.io/cri-api/pkg/errors -# k8s.io/cri-client v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cri-client +# k8s.io/cri-client v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cri-client ## explicit; go 1.24.0 k8s.io/cri-client/pkg k8s.io/cri-client/pkg/internal k8s.io/cri-client/pkg/logs k8s.io/cri-client/pkg/util -# k8s.io/csi-translation-lib v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib +# k8s.io/csi-translation-lib v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib ## explicit; go 1.24.0 k8s.io/csi-translation-lib k8s.io/csi-translation-lib/plugins -# k8s.io/dynamic-resource-allocation v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation +# k8s.io/dynamic-resource-allocation v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation ## explicit; go 1.24.0 k8s.io/dynamic-resource-allocation/api k8s.io/dynamic-resource-allocation/cel @@ -2052,14 +2052,14 @@ k8s.io/dynamic-resource-allocation/internal/queue k8s.io/dynamic-resource-allocation/resourceclaim k8s.io/dynamic-resource-allocation/resourceslice/tracker k8s.io/dynamic-resource-allocation/structured -# k8s.io/endpointslice v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice +# k8s.io/endpointslice v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice ## explicit; go 1.24.0 k8s.io/endpointslice k8s.io/endpointslice/metrics k8s.io/endpointslice/topologycache k8s.io/endpointslice/trafficdist k8s.io/endpointslice/util -# k8s.io/externaljwt v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/externaljwt +# k8s.io/externaljwt v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/externaljwt ## explicit; go 1.24.0 k8s.io/externaljwt/apis/v1alpha1 # k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7 @@ -2080,13 +2080,13 @@ k8s.io/klog/v2/internal/severity k8s.io/klog/v2/internal/sloghandler k8s.io/klog/v2/internal/verbosity k8s.io/klog/v2/textlogger -# k8s.io/kms v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kms +# k8s.io/kms v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kms ## explicit; go 1.24.0 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2 k8s.io/kms/pkg/service k8s.io/kms/pkg/util -# k8s.io/kube-aggregator v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator +# k8s.io/kube-aggregator v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator ## explicit; go 1.24.0 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install @@ -2119,7 +2119,7 @@ k8s.io/kube-aggregator/pkg/controllers/status/remote k8s.io/kube-aggregator/pkg/registry/apiservice k8s.io/kube-aggregator/pkg/registry/apiservice/etcd k8s.io/kube-aggregator/pkg/registry/apiservice/rest -# k8s.io/kube-controller-manager v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager +# k8s.io/kube-controller-manager v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager ## explicit; go 1.24.0 k8s.io/kube-controller-manager/config/v1alpha1 # k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff @@ -2153,11 +2153,11 @@ k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson k8s.io/kube-openapi/pkg/validation/validate -# k8s.io/kube-scheduler v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler +# k8s.io/kube-scheduler v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler ## explicit; go 1.24.0 k8s.io/kube-scheduler/config/v1 k8s.io/kube-scheduler/extender/v1 -# k8s.io/kubectl v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubectl +# k8s.io/kubectl v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubectl ## explicit; go 1.24.0 k8s.io/kubectl/pkg/apps k8s.io/kubectl/pkg/cmd/apiresources @@ -2192,7 +2192,7 @@ k8s.io/kubectl/pkg/util/storage k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubelet +# k8s.io/kubelet v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubelet ## explicit; go 1.24.0 k8s.io/kubelet/config/v1 k8s.io/kubelet/config/v1alpha1 @@ -2214,7 +2214,7 @@ k8s.io/kubelet/pkg/cri/streaming k8s.io/kubelet/pkg/cri/streaming/portforward k8s.io/kubelet/pkg/cri/streaming/remotecommand k8s.io/kubelet/pkg/types -# k8s.io/kubernetes v1.33.3 => ./deps/github.com/openshift/kubernetes +# k8s.io/kubernetes v1.33.4 => ./deps/github.com/openshift/kubernetes ## explicit; go 1.24.0 k8s.io/kubernetes/cmd/kube-apiserver/app k8s.io/kubernetes/cmd/kube-apiserver/app/options @@ -3044,7 +3044,7 @@ k8s.io/kubernetes/third_party/forked/gonum/graph/simple k8s.io/kubernetes/third_party/forked/gonum/graph/traverse k8s.io/kubernetes/third_party/forked/libcontainer/apparmor k8s.io/kubernetes/third_party/forked/libcontainer/utils -# k8s.io/metrics v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/metrics +# k8s.io/metrics v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/metrics ## explicit; go 1.24.0 k8s.io/metrics/pkg/apis/custom_metrics k8s.io/metrics/pkg/apis/custom_metrics/v1beta1 @@ -3059,10 +3059,10 @@ k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1 k8s.io/metrics/pkg/client/custom_metrics k8s.io/metrics/pkg/client/custom_metrics/scheme k8s.io/metrics/pkg/client/external_metrics -# k8s.io/mount-utils v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils +# k8s.io/mount-utils v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils ## explicit; go 1.24.0 k8s.io/mount-utils -# k8s.io/pod-security-admission v1.33.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission +# k8s.io/pod-security-admission v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission ## explicit; go 1.24.0 k8s.io/pod-security-admission/admission k8s.io/pod-security-admission/admission/api From 4626663c215ff76853979d4cfc6ecf5a23f1f2ad Mon Sep 17 00:00:00 2001 From: ci-robot Date: Thu, 11 Sep 2025 04:43:44 +0000 Subject: [PATCH 06/12] update deps gofmt --- .../apimachinery/third_party/forked/golang/json/fields.go | 5 +++-- .../client-go/third_party/forked/golang/template/exec.go | 6 +++--- .../client-go/third_party/forked/golang/template/funcs.go | 6 +++--- .../third_party/forked/golang/reflect/type.go | 6 +++--- 4 files changed, 12 insertions(+), 11 deletions(-) diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery/third_party/forked/golang/json/fields.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery/third_party/forked/golang/json/fields.go index 5b8514b3fa..e38605df92 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery/third_party/forked/golang/json/fields.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery/third_party/forked/golang/json/fields.go @@ -359,8 +359,9 @@ const ( // 4) simpleLetterEqualFold, no specials, no non-letters. // // The letters S and K are special because they map to 3 runes, not just 2: -// * S maps to s and to U+017F 'ſ' Latin small letter long s -// * k maps to K and to U+212A 'K' Kelvin sign +// - S maps to s and to U+017F 'ſ' Latin small letter long s +// - k maps to K and to U+212A 'K' Kelvin sign +// // See http://play.golang.org/p/tTxjOc0OGo // // The returned function is specialized for matching against s and diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/third_party/forked/golang/template/exec.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/third_party/forked/golang/template/exec.go index 7cf29524ce..ed66f84010 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/third_party/forked/golang/template/exec.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/third_party/forked/golang/template/exec.go @@ -1,6 +1,6 @@ -//This package is copied from Go library text/template. -//The original private functions indirect and printableValue -//are exported as public functions. +// This package is copied from Go library text/template. +// The original private functions indirect and printableValue +// are exported as public functions. package template import ( diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/third_party/forked/golang/template/funcs.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/third_party/forked/golang/template/funcs.go index f0c8e712ca..94c396c657 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/third_party/forked/golang/template/funcs.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/third_party/forked/golang/template/funcs.go @@ -1,6 +1,6 @@ -//This package is copied from Go library text/template. -//The original private functions eq, ge, gt, le, lt, and ne -//are exported as public functions. +// This package is copied from Go library text/template. +// The original private functions eq, ge, gt, le, lt, and ne +// are exported as public functions. package template import ( diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/third_party/forked/golang/reflect/type.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/third_party/forked/golang/reflect/type.go index 67957ee33e..8c05c8efca 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/third_party/forked/golang/reflect/type.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/third_party/forked/golang/reflect/type.go @@ -1,6 +1,6 @@ -//This package is copied from Go library reflect/type.go. -//The struct tag library provides no way to extract the list of struct tags, only -//a specific tag +// This package is copied from Go library reflect/type.go. +// The struct tag library provides no way to extract the list of struct tags, only +// a specific tag package reflect import ( From 54fc7ccd1106c4f58cb90a6aa42fb6b6e203e6c5 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Thu, 11 Sep 2025 04:43:44 +0000 Subject: [PATCH 07/12] update etcd/go.mod --- etcd/go.mod | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/etcd/go.mod b/etcd/go.mod index cec06d5eed..819238f22d 100644 --- a/etcd/go.mod +++ b/etcd/go.mod @@ -15,11 +15,11 @@ require ( github.com/openshift/build-machinery-go v0.0.0-20250602125535-1b6d00b8c37c github.com/spf13/cobra v1.9.1 go.etcd.io/etcd/server/v3 v3.5.21 - k8s.io/apimachinery v1.33.3 - k8s.io/cli-runtime v1.33.3 - k8s.io/component-base v1.33.3 + k8s.io/apimachinery v1.33.4 + k8s.io/cli-runtime v1.33.4 + k8s.io/component-base v1.33.4 k8s.io/klog/v2 v2.130.1 - k8s.io/kubectl v1.33.3 + k8s.io/kubectl v1.33.4 sigs.k8s.io/yaml v1.5.0 ) @@ -48,8 +48,8 @@ require ( google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect - k8s.io/apiserver v1.33.3 // indirect - k8s.io/kubelet v1.33.3 // indirect + k8s.io/apiserver v1.33.4 // indirect + k8s.io/kubelet v1.33.4 // indirect sigs.k8s.io/randfill v1.0.0 // indirect ) @@ -138,8 +138,8 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v1.33.3 // indirect - k8s.io/client-go v1.33.3 // indirect + k8s.io/api v1.33.4 // indirect + k8s.io/client-go v1.33.4 // indirect k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect From ab1ba60661bdf376761671bb3fef2d4be277f882 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Thu, 11 Sep 2025 04:43:50 +0000 Subject: [PATCH 08/12] update etcd/vendor --- etcd/vendor/modules.txt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt index 0de9a43eb0..4d0218b9ea 100644 --- a/etcd/vendor/modules.txt +++ b/etcd/vendor/modules.txt @@ -638,7 +638,7 @@ gopkg.in/natefinch/lumberjack.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v1.33.3 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/api +# k8s.io/api v1.33.4 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/api ## explicit; go 1.24.0 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -700,7 +700,7 @@ k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 k8s.io/api/storagemigration/v1alpha1 -# k8s.io/apimachinery v1.33.3 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery +# k8s.io/apimachinery v1.33.4 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery ## explicit; go 1.24.0 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -763,18 +763,18 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v1.33.3 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiserver +# k8s.io/apiserver v1.33.4 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiserver ## explicit; go 1.24.0 k8s.io/apiserver/pkg/apis/audit k8s.io/apiserver/pkg/apis/audit/v1 k8s.io/apiserver/pkg/authentication/user -# k8s.io/cli-runtime v1.33.3 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime +# k8s.io/cli-runtime v1.33.4 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime ## explicit; go 1.24.0 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/genericiooptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v1.33.3 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go +# k8s.io/client-go v1.33.4 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go ## explicit; go 1.24.0 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -935,7 +935,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/watchlist k8s.io/client-go/util/workqueue -# k8s.io/component-base v1.33.3 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-base +# k8s.io/component-base v1.33.4 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-base ## explicit; go 1.24.0 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -972,7 +972,7 @@ k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/util/proto/validation k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubectl v1.33.3 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubectl +# k8s.io/kubectl v1.33.4 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubectl ## explicit; go 1.24.0 k8s.io/kubectl/pkg/cmd/util k8s.io/kubectl/pkg/scheme @@ -982,7 +982,7 @@ k8s.io/kubectl/pkg/util/openapi k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v1.33.3 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubelet +# k8s.io/kubelet v1.33.4 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubelet ## explicit; go 1.24.0 k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1 # k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 From b6cafb850facb045297342d9fb1efa890b3d3d51 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Thu, 11 Sep 2025 04:43:59 +0000 Subject: [PATCH 09/12] update component images --- packaging/crio.conf.d/10-microshift_amd64.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/crio.conf.d/10-microshift_amd64.conf b/packaging/crio.conf.d/10-microshift_amd64.conf index 2807d7e251..57a1e99875 100644 --- a/packaging/crio.conf.d/10-microshift_amd64.conf +++ b/packaging/crio.conf.d/10-microshift_amd64.conf @@ -2,6 +2,6 @@ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:80eee1a5bc67cc29f2bb1734bbb62c7f73660a83fe18b7946276a5b4f443046d" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e2a4627c408a4f3acdebfae1b9615a6f6e2b334eea9afcde2bf357bc9efbb0e8" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" From 1481bf7536cfa73e9eef28bacb512dc11a48dc80 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Thu, 11 Sep 2025 04:44:00 +0000 Subject: [PATCH 10/12] update manifests --- assets/components/multus/release-multus-aarch64.json | 2 +- assets/components/multus/release-multus-x86_64.json | 2 +- assets/optional/kube-proxy/kustomization.x86_64.yaml | 2 +- .../optional/kube-proxy/release-kube-proxy-aarch64.json | 2 +- assets/optional/kube-proxy/release-kube-proxy-x86_64.json | 4 ++-- .../operator-lifecycle-manager/kustomization.x86_64.yaml | 8 ++++---- .../operator-lifecycle-manager/release-olm-aarch64.json | 2 +- .../operator-lifecycle-manager/release-olm-x86_64.json | 6 +++--- assets/release/release-aarch64.json | 2 +- assets/release/release-x86_64.json | 4 ++-- 10 files changed, 17 insertions(+), 17 deletions(-) diff --git a/assets/components/multus/release-multus-aarch64.json b/assets/components/multus/release-multus-aarch64.json index 3be3a1c347..9c8a015515 100644 --- a/assets/components/multus/release-multus-aarch64.json +++ b/assets/components/multus/release-multus-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.20.0-0.nightly-arm64-2025-09-09-204939" + "base": "4.20.0-0.nightly-arm64-2025-09-10-095236" }, "images": { "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7c08db6546dfb44593d14b709903d36b5bd4dad53571d5ce57d36040f4d5846e", diff --git a/assets/components/multus/release-multus-x86_64.json b/assets/components/multus/release-multus-x86_64.json index 3652f18528..735f5c6385 100644 --- a/assets/components/multus/release-multus-x86_64.json +++ b/assets/components/multus/release-multus-x86_64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.20.0-0.nightly-2025-09-08-182033" + "base": "4.20.0-0.nightly-2025-09-10-095237" }, "images": { "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e717b2a600dca4aa161d89de464d7c376e3d83dd40ad022026eaba9ac7d18410", diff --git a/assets/optional/kube-proxy/kustomization.x86_64.yaml b/assets/optional/kube-proxy/kustomization.x86_64.yaml index d1b1998949..476353c663 100644 --- a/assets/optional/kube-proxy/kustomization.x86_64.yaml +++ b/assets/optional/kube-proxy/kustomization.x86_64.yaml @@ -2,4 +2,4 @@ images: - name: kube-proxy newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:38381e86f4a95514c6a1ad0fc52c06d685fffa9f0ed210af845c82f0a8fcfdbc + digest: sha256:ebafeea1029975b4cfb0a03c197020bc51ee6019faa2464424534071d972ed5d diff --git a/assets/optional/kube-proxy/release-kube-proxy-aarch64.json b/assets/optional/kube-proxy/release-kube-proxy-aarch64.json index ea1ef77c64..3cc4bed5f0 100644 --- a/assets/optional/kube-proxy/release-kube-proxy-aarch64.json +++ b/assets/optional/kube-proxy/release-kube-proxy-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.20.0-0.nightly-arm64-2025-09-09-204939" + "base": "4.20.0-0.nightly-arm64-2025-09-10-095236" }, "images": { "kube-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b06e7381966986e3c9deaba6fb609ce8377d476bcaa1a68a1bc4360092553f51" diff --git a/assets/optional/kube-proxy/release-kube-proxy-x86_64.json b/assets/optional/kube-proxy/release-kube-proxy-x86_64.json index eed458bd1f..46681f4721 100644 --- a/assets/optional/kube-proxy/release-kube-proxy-x86_64.json +++ b/assets/optional/kube-proxy/release-kube-proxy-x86_64.json @@ -1,8 +1,8 @@ { "release": { - "base": "4.20.0-0.nightly-2025-09-08-182033" + "base": "4.20.0-0.nightly-2025-09-10-095237" }, "images": { - "kube-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:38381e86f4a95514c6a1ad0fc52c06d685fffa9f0ed210af845c82f0a8fcfdbc" + "kube-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ebafeea1029975b4cfb0a03c197020bc51ee6019faa2464424534071d972ed5d" } } diff --git a/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml b/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml index cb9ea04697..c297d5a4e8 100644 --- a/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml +++ b/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml @@ -2,10 +2,10 @@ images: - name: quay.io/operator-framework/olm newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:35e75dd28f68f154f7dcf1719a8a8d4baf2d3fc975177b057852ead10b71b7ca + digest: sha256:f3cadbe2c3515542c0256275396735ee542b0c6f2634eef3fd22d2f695634233 - name: quay.io/operator-framework/configmap-operator-registry newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:5e6732ef4c276e8856e322d124c6bcdba6fa511b97f37f79ac7574978c8a6db3 + digest: sha256:a40275cedf2fb5b6b0cf749cbe408a1ad1c360de33076e2794895418a2550a24 - name: quay.io/openshift/origin-kube-rbac-proxy newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev digest: sha256:3d4b12e44cdd7111bf136d3f72240cd46285d0294778896c43d98b6dd4fb563b @@ -16,12 +16,12 @@ patches: path: /spec/template/spec/containers/0/env/- value: name: OPERATOR_REGISTRY_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5e6732ef4c276e8856e322d124c6bcdba6fa511b97f37f79ac7574978c8a6db3 + value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a40275cedf2fb5b6b0cf749cbe408a1ad1c360de33076e2794895418a2550a24 - op: add path: /spec/template/spec/containers/0/env/- value: name: OLM_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:35e75dd28f68f154f7dcf1719a8a8d4baf2d3fc975177b057852ead10b71b7ca + value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f3cadbe2c3515542c0256275396735ee542b0c6f2634eef3fd22d2f695634233 target: kind: Deployment labelSelector: app=catalog-operator diff --git a/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json b/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json index 2b63e5d9a9..9fc98004c6 100644 --- a/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json +++ b/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.20.0-0.nightly-arm64-2025-09-09-204939" + "base": "4.20.0-0.nightly-arm64-2025-09-10-095236" }, "images": { "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9d2f72d59dc08b7be51a9434e97c1a487c4e7ad711bc3e8c7279f246fe7a36aa", diff --git a/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json b/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json index 2f3740c551..2a642e119a 100644 --- a/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json +++ b/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json @@ -1,10 +1,10 @@ { "release": { - "base": "4.20.0-0.nightly-2025-09-08-182033" + "base": "4.20.0-0.nightly-2025-09-10-095237" }, "images": { - "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:35e75dd28f68f154f7dcf1719a8a8d4baf2d3fc975177b057852ead10b71b7ca", - "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5e6732ef4c276e8856e322d124c6bcdba6fa511b97f37f79ac7574978c8a6db3", + "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f3cadbe2c3515542c0256275396735ee542b0c6f2634eef3fd22d2f695634233", + "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a40275cedf2fb5b6b0cf749cbe408a1ad1c360de33076e2794895418a2550a24", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3d4b12e44cdd7111bf136d3f72240cd46285d0294778896c43d98b6dd4fb563b" } } diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index b08cf8a8b0..e0420870ef 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.20.0-0.nightly-arm64-2025-09-09-204939" + "base": "4.20.0-0.nightly-arm64-2025-09-10-095236" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c16568ba757685e47551d02469a6d2dd772a9998c0a24434865ff43baec952bc", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 6002c663a9..73d23a718a 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.20.0-0.nightly-2025-09-08-182033" + "base": "4.20.0-0.nightly-2025-09-10-095237" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fac8dd579b304458732207221fdc35076520fcf0e58ed82134c00535027f7525", @@ -8,7 +8,7 @@ "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3685c5bd7e78a6b45a5b78710a705fc9e8554aca1c8fbf868998d799b9e153a4", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3d4b12e44cdd7111bf136d3f72240cd46285d0294778896c43d98b6dd4fb563b", "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a076b47cde6d55fb97b78c8e69f7eb47f1b916073bade3ae83eee4370b874230", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:80eee1a5bc67cc29f2bb1734bbb62c7f73660a83fe18b7946276a5b4f443046d", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e2a4627c408a4f3acdebfae1b9615a6f6e2b334eea9afcde2bf357bc9efbb0e8", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1f759c5d90ec8ae62a6bc87f1a3bdfc1c1b36b02f932277c527cdb5999767128", "lvms_operator": "registry.redhat.io/lvms4/lvms-rhel9-operator@sha256:58804d8baf922927b66cec9424d431a3bdb341d207024ce40cc8f0123bac03ee", "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8fe661da838eb42953c6ad75a62af57c05d729ee63346655ad8c56037faad4b3" From 1736314fca4a0eb285d58a25e0877e6dfb323c53 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Thu, 11 Sep 2025 04:44:02 +0000 Subject: [PATCH 11/12] update buildfiles --- Makefile.kube_git.var | 4 ++-- Makefile.version.aarch64.var | 2 +- Makefile.version.x86_64.var | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var index 8df1c08da0..1ed5c54eb1 100644 --- a/Makefile.kube_git.var +++ b/Makefile.kube_git.var @@ -1,5 +1,5 @@ KUBE_GIT_MAJOR=1 KUBE_GIT_MINOR=33 -KUBE_GIT_VERSION=v1.33.3 -KUBE_GIT_COMMIT=a237dcbeee8bbe1440c94349399cc6eac8870910 +KUBE_GIT_VERSION=v1.33.4 +KUBE_GIT_COMMIT=72a1beec012d2552d27d250025c832d7794a7cf1 KUBE_GIT_TREE_STATE=clean diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index 14b70aeb55..7bc4b46514 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.20.0-0.nightly-arm64-2025-09-09-204939 +OCP_VERSION := 4.20.0-0.nightly-arm64-2025-09-10-095236 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index 3324734155..b6f1579381 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 4.20.0-0.nightly-2025-09-08-182033 +OCP_VERSION := 4.20.0-0.nightly-2025-09-10-095237 From 2090f91bdb720cb05ad57a0c3160558c30f3c950 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Thu, 11 Sep 2025 04:44:03 +0000 Subject: [PATCH 12/12] update kubernetes version in CNCF scripts --- scripts/multinode/configure-sec.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/multinode/configure-sec.sh b/scripts/multinode/configure-sec.sh index 47afbe60c5..5b90b4dec8 100755 --- a/scripts/multinode/configure-sec.sh +++ b/scripts/multinode/configure-sec.sh @@ -77,10 +77,10 @@ function configure_kubelet() { # Checksums can be obtained from https://www.downloadkubernetes.com/ # or by downloading a "${url}.sha256" file (see below for ${url}). For example: - # version=v1.33.3; for kube_arch in amd64 arm64; do echo "${kube_arch}: $(curl -L https://dl.k8s.io/release/${version}/bin/linux/${kube_arch}/kubelet.sha256 2>/dev/null)"; done - local -r version="v1.33.3" - local -r kube_hash_amd64="37f9093ed2b4669cccf5474718e43ec412833e1267c84b01e662df2c4e5d7aaa" - local -r kube_hash_arm64="3f69bb32debfaf25fce91aa5e7181e1e32f3550f3257b93c17dfb37bed621a9c" + # version=v1.33.4; for kube_arch in amd64 arm64; do echo "${kube_arch}: $(curl -L https://dl.k8s.io/release/${version}/bin/linux/${kube_arch}/kubelet.sha256 2>/dev/null)"; done + local -r version="v1.33.4" + local -r kube_hash_amd64="109bd2607b054a477ede31c55ae814eae8e75543126dc4cea40b04424d843489" + local -r kube_hash_arm64="623329b1a5f4858e3a5406d3947807b75144f4e71dde11ef1a71362c3a8619cc" local kube_arch="" local kube_hash=""