diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var index 27ea19eed5..4430101202 100644 --- a/Makefile.kube_git.var +++ b/Makefile.kube_git.var @@ -1,5 +1,5 @@ KUBE_GIT_MAJOR=1 KUBE_GIT_MINOR=33 -KUBE_GIT_VERSION=v1.33.4 -KUBE_GIT_COMMIT=95b8140e3a53ffc6aab114c39e07a439dfdf7f9e +KUBE_GIT_VERSION=v1.33.5 +KUBE_GIT_COMMIT=5c9df339496a7595967e06682ece7d0b2145411c KUBE_GIT_TREE_STATE=clean diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index 7b7db68e30..bee078cf53 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.21.0-0.nightly-arm64-2025-09-16-163803 +OCP_VERSION := 4.21.0-0.nightly-arm64-2025-09-20-145748 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index cf320c38b1..a225c0ac6e 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 4.21.0-0.nightly-2025-09-18-193221 +OCP_VERSION := 4.21.0-0.nightly-2025-09-25-082813 diff --git a/assets/components/multus/kustomization.aarch64.yaml b/assets/components/multus/kustomization.aarch64.yaml index 621f0325ef..51699efafc 100644 --- a/assets/components/multus/kustomization.aarch64.yaml +++ b/assets/components/multus/kustomization.aarch64.yaml @@ -2,7 +2,7 @@ images: - name: multus-cni-microshift newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:ddbc09b143ab4922596a838082ba86b64f9f3d799db6f333de417c4a78802e2d + digest: sha256:2cd4dc33075a0ce98d1e81f8fe2b27c6f1da48e9d5d39ac7b019229db90d61f3 - name: containernetworking-plugins-microshift newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:0a4e638174de0237bf2360fb467d035a2f02c48a8a27fd6053e3c98944d712d6 + digest: sha256:ff955c494b21172f285200eed204e692b8cc4bbe86068a3b3acbfeea5611dcb3 diff --git a/assets/components/multus/kustomization.x86_64.yaml b/assets/components/multus/kustomization.x86_64.yaml index 34bb14879d..4de30e9301 100644 --- a/assets/components/multus/kustomization.x86_64.yaml +++ b/assets/components/multus/kustomization.x86_64.yaml @@ -2,7 +2,7 @@ images: - name: multus-cni-microshift newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:0719a66144b744eff9a1f8f5f7ccc029d190f4652ccbceed0fa12dd2b8a526d0 + digest: sha256:5eb436699513493dedcde08bbbdeb38314784e8890325005c12d259acc52f3f7 - name: containernetworking-plugins-microshift newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:19a4d5eb5ffad99144302bab9006895cffce382080b7a9a2fc9b5d478636118b + digest: sha256:b5d0a2a4c6b7d304bcd1f87314d908ef79543b6a0057b37dfbe2a4d1b0baf623 diff --git a/assets/components/multus/release-multus-aarch64.json b/assets/components/multus/release-multus-aarch64.json index 627006e14f..4c72260ee2 100644 --- a/assets/components/multus/release-multus-aarch64.json +++ b/assets/components/multus/release-multus-aarch64.json @@ -1,9 +1,9 @@ { "release": { - "base": "4.21.0-0.nightly-arm64-2025-09-16-163803" + "base": "4.21.0-0.nightly-arm64-2025-09-20-145748" }, "images": { - "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ddbc09b143ab4922596a838082ba86b64f9f3d799db6f333de417c4a78802e2d", - "containernetworking-plugins-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0a4e638174de0237bf2360fb467d035a2f02c48a8a27fd6053e3c98944d712d6" + "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2cd4dc33075a0ce98d1e81f8fe2b27c6f1da48e9d5d39ac7b019229db90d61f3", + "containernetworking-plugins-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ff955c494b21172f285200eed204e692b8cc4bbe86068a3b3acbfeea5611dcb3" } } diff --git a/assets/components/multus/release-multus-x86_64.json b/assets/components/multus/release-multus-x86_64.json index 3e2c9cd260..392482332c 100644 --- a/assets/components/multus/release-multus-x86_64.json +++ b/assets/components/multus/release-multus-x86_64.json @@ -1,9 +1,9 @@ { "release": { - "base": "4.21.0-0.nightly-2025-09-18-193221" + "base": "4.21.0-0.nightly-2025-09-25-082813" }, "images": { - "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0719a66144b744eff9a1f8f5f7ccc029d190f4652ccbceed0fa12dd2b8a526d0", - "containernetworking-plugins-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:19a4d5eb5ffad99144302bab9006895cffce382080b7a9a2fc9b5d478636118b" + "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5eb436699513493dedcde08bbbdeb38314784e8890325005c12d259acc52f3f7", + "containernetworking-plugins-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b5d0a2a4c6b7d304bcd1f87314d908ef79543b6a0057b37dfbe2a4d1b0baf623" } } diff --git a/assets/optional/kube-proxy/kustomization.aarch64.yaml b/assets/optional/kube-proxy/kustomization.aarch64.yaml index 2c9225e609..eb6cbf37aa 100644 --- a/assets/optional/kube-proxy/kustomization.aarch64.yaml +++ b/assets/optional/kube-proxy/kustomization.aarch64.yaml @@ -2,4 +2,4 @@ images: - name: kube-proxy newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:4247e573b4d95b9c3f47a64bb8865e142920670f96efcad8b8d483e24022f588 + digest: sha256:fd3f282e344a62e8e50c656c8eeffd94ad1994d6ee6d1b499ef573b3a1105d68 diff --git a/assets/optional/kube-proxy/kustomization.x86_64.yaml b/assets/optional/kube-proxy/kustomization.x86_64.yaml index c82a7b3760..0cd57248fd 100644 --- a/assets/optional/kube-proxy/kustomization.x86_64.yaml +++ b/assets/optional/kube-proxy/kustomization.x86_64.yaml @@ -2,4 +2,4 @@ images: - name: kube-proxy newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:579115709c542137cab2ea08c59f4ab053a720a4baf1c5c44d1b0f531c43de63 + digest: sha256:e3fc8dfe457c80bc3b4e125511c20c08cb2d30056655e20130a019b561a49b7d diff --git a/assets/optional/kube-proxy/release-kube-proxy-aarch64.json b/assets/optional/kube-proxy/release-kube-proxy-aarch64.json index 7d3fcb1096..90b85df988 100644 --- a/assets/optional/kube-proxy/release-kube-proxy-aarch64.json +++ b/assets/optional/kube-proxy/release-kube-proxy-aarch64.json @@ -1,8 +1,8 @@ { "release": { - "base": "4.21.0-0.nightly-arm64-2025-09-16-163803" + "base": "4.21.0-0.nightly-arm64-2025-09-20-145748" }, "images": { - "kube-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4247e573b4d95b9c3f47a64bb8865e142920670f96efcad8b8d483e24022f588" + "kube-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fd3f282e344a62e8e50c656c8eeffd94ad1994d6ee6d1b499ef573b3a1105d68" } } diff --git a/assets/optional/kube-proxy/release-kube-proxy-x86_64.json b/assets/optional/kube-proxy/release-kube-proxy-x86_64.json index fb020aee1f..2ed5dc213e 100644 --- a/assets/optional/kube-proxy/release-kube-proxy-x86_64.json +++ b/assets/optional/kube-proxy/release-kube-proxy-x86_64.json @@ -1,8 +1,8 @@ { "release": { - "base": "4.21.0-0.nightly-2025-09-18-193221" + "base": "4.21.0-0.nightly-2025-09-25-082813" }, "images": { - "kube-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:579115709c542137cab2ea08c59f4ab053a720a4baf1c5c44d1b0f531c43de63" + "kube-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e3fc8dfe457c80bc3b4e125511c20c08cb2d30056655e20130a019b561a49b7d" } } diff --git a/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml b/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml index 655f5d6101..3c83002928 100644 --- a/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml +++ b/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml @@ -2,13 +2,13 @@ images: - name: quay.io/operator-framework/olm newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:1fe4227bd4019cfa3a76b16e726cf8d4ac6d226569c5c5e604a2f6f09b0aab3b + digest: sha256:4371229f0eb432f2631095ef32007fc90c132f9ff7a3128e8bfdea34cb3e07cc - name: quay.io/operator-framework/configmap-operator-registry newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:c29df2669ebd8ba8fe2ca518ce14d5d4e46d0d99c0c26b5b7ac8e75de47479b4 + digest: sha256:14234d64d169cd76916530e8e126a0584684b76a01cdd63c81421da9c504f7d1 - name: quay.io/openshift/origin-kube-rbac-proxy newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:75ee75cc35ece4662bf58efaaddd073df362b7d6079ff83192f875cfe6e3c7c7 + digest: sha256:52f95efe8c3580649ab226a048510143191a21771e4f41e0be545736576f176b patches: - patch: |- @@ -16,12 +16,12 @@ patches: path: /spec/template/spec/containers/0/env/- value: name: OPERATOR_REGISTRY_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c29df2669ebd8ba8fe2ca518ce14d5d4e46d0d99c0c26b5b7ac8e75de47479b4 + value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:14234d64d169cd76916530e8e126a0584684b76a01cdd63c81421da9c504f7d1 - op: add path: /spec/template/spec/containers/0/env/- value: name: OLM_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1fe4227bd4019cfa3a76b16e726cf8d4ac6d226569c5c5e604a2f6f09b0aab3b + value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4371229f0eb432f2631095ef32007fc90c132f9ff7a3128e8bfdea34cb3e07cc target: kind: Deployment labelSelector: app=catalog-operator diff --git a/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml b/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml index c128d1e29e..84da4e79a5 100644 --- a/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml +++ b/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml @@ -2,13 +2,13 @@ images: - name: quay.io/operator-framework/olm newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:1d609fb68b5621bcd1fb216a1f10a326d22acee9f451de7b4c41ceb390987e77 + digest: sha256:01ef5da26da30db8c2bad60dd0a11f39bdadcab6fd8579cc1737a7ed8b1971cb - name: quay.io/operator-framework/configmap-operator-registry newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:9aa2d72d8d4150ec247788e0d4cf0123345cbe2968b4f45115f83dbf67cd49b6 + digest: sha256:02c63675f87ab74bb9db2688333ed26b488306516dd85f6ee334a9f5d6e6bf33 - name: quay.io/openshift/origin-kube-rbac-proxy newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:d3304374c72e9c4ddf88dbe402224b3736ab1994c19513bd6faa956bce493fc6 + digest: sha256:3d732aa48d32245cdfa4d9d9a52a346c8cc0b26603abd08f371a45c04c722bb5 patches: - patch: |- @@ -16,12 +16,12 @@ patches: path: /spec/template/spec/containers/0/env/- value: name: OPERATOR_REGISTRY_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9aa2d72d8d4150ec247788e0d4cf0123345cbe2968b4f45115f83dbf67cd49b6 + value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:02c63675f87ab74bb9db2688333ed26b488306516dd85f6ee334a9f5d6e6bf33 - op: add path: /spec/template/spec/containers/0/env/- value: name: OLM_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1d609fb68b5621bcd1fb216a1f10a326d22acee9f451de7b4c41ceb390987e77 + value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:01ef5da26da30db8c2bad60dd0a11f39bdadcab6fd8579cc1737a7ed8b1971cb target: kind: Deployment labelSelector: app=catalog-operator diff --git a/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json b/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json index 6b5568bad5..e73b519420 100644 --- a/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json +++ b/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json @@ -1,10 +1,10 @@ { "release": { - "base": "4.21.0-0.nightly-arm64-2025-09-16-163803" + "base": "4.21.0-0.nightly-arm64-2025-09-20-145748" }, "images": { - "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1fe4227bd4019cfa3a76b16e726cf8d4ac6d226569c5c5e604a2f6f09b0aab3b", - "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c29df2669ebd8ba8fe2ca518ce14d5d4e46d0d99c0c26b5b7ac8e75de47479b4", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:75ee75cc35ece4662bf58efaaddd073df362b7d6079ff83192f875cfe6e3c7c7" + "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4371229f0eb432f2631095ef32007fc90c132f9ff7a3128e8bfdea34cb3e07cc", + "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:14234d64d169cd76916530e8e126a0584684b76a01cdd63c81421da9c504f7d1", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:52f95efe8c3580649ab226a048510143191a21771e4f41e0be545736576f176b" } } diff --git a/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json b/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json index 679c1e98ec..48932a0d1d 100644 --- a/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json +++ b/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json @@ -1,10 +1,10 @@ { "release": { - "base": "4.21.0-0.nightly-2025-09-18-193221" + "base": "4.21.0-0.nightly-2025-09-25-082813" }, "images": { - "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1d609fb68b5621bcd1fb216a1f10a326d22acee9f451de7b4c41ceb390987e77", - "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9aa2d72d8d4150ec247788e0d4cf0123345cbe2968b4f45115f83dbf67cd49b6", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d3304374c72e9c4ddf88dbe402224b3736ab1994c19513bd6faa956bce493fc6" + "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:01ef5da26da30db8c2bad60dd0a11f39bdadcab6fd8579cc1737a7ed8b1971cb", + "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:02c63675f87ab74bb9db2688333ed26b488306516dd85f6ee334a9f5d6e6bf33", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3d732aa48d32245cdfa4d9d9a52a346c8cc0b26603abd08f371a45c04c722bb5" } } diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 6433f1bccb..191bbd7fe5 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.21.0-0.nightly-arm64-2025-09-16-163803" + "base": "4.21.0-0.nightly-arm64-2025-09-20-145748" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f786b139e772e08de35e6ad45bcf956fcfc78c5d76c4217a55e4ae64ee7a3c24", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8a9c72411c4eacabd7f45570bbf0467ee5a53d021562edf080385e8764a726cb", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e2b91a1fbe4bd66e24099e0e77f08ad8814961c73a3be33d80cde13fd6cb197e", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:75ee75cc35ece4662bf58efaaddd073df362b7d6079ff83192f875cfe6e3c7c7", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cf5bf3ca0d85086b41daaa5d53eadc3c0038ab935873c926c1a109906b7d118f", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c9dba3e46b2e0d04b7f0bb2e7da314a429d76f28573015f26f85c7baf6037998", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:704fb9154fa0dfb8a4dc55474d7d24b8ab6185ea6e1bb1d79cadd38122669b65", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce0d25472b0f774efa0338b48cb9f595f5c6cc77a3af38c2f927483c03160819", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f049f67d64869428ffe8b3b63c2a9a423fc016f5950772d5aab6edfc299d237e", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3e0c8624075be315462b24c7d26f0e4ed2a646f5391324284a8f13a9ed8eaaed", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:52f95efe8c3580649ab226a048510143191a21771e4f41e0be545736576f176b", + "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f3b9f80e229b80a8f0c30442c7b63db7342ee9b6d9fb0e1571c216045b418d29", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e3f6b8d5389921b48df4b81afe2f69703c457207e380143e8a8929987c620f40", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83f01ddcb6769ca390d2d9b37bebd09866b8ba3583f5d7685e0e8bf23d9749c1", "lvms_operator": "registry.redhat.io/lvms4/lvms-rhel9-operator@sha256:3766640b19c336b443619ecdb35f36b479c79ea71b21de97febf024a5eaf6c84", - "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:013450806f68220b5cdd74690a1f8fa992feda9f28fd76478e22b4e5cc73a0d4" + "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bf4fa06135074add7898adb42a280c7324937cb8bddc22f2e14bfd5d86226e29" } } diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index f0207c2133..7aff93a1f9 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.21.0-0.nightly-2025-09-18-193221" + "base": "4.21.0-0.nightly-2025-09-25-082813" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:71d4467239a45093b768070b6bf4459fd3f6b76c39ac060c693f90ee0b49a17a", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:011884062ded852ff4ab394884334bcd6dc742441ba2aa9f71a58b5ea8921022", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:aaf0ee390bd02dcf7102d331b720f2070e7e2eb7a08c2d31ec8ea27bd5d88997", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d3304374c72e9c4ddf88dbe402224b3736ab1994c19513bd6faa956bce493fc6", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6634e031f549079832bfc4182a28b2e488ec01ad04285be1b95ad740cae91ce9", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9a10adc59bc9e78b0f585016f45ff71a7b5bc1862895f72bf7dc8e461a5528ad", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d64f615b78fb120046458c6f2309796b0c537ad0c83092fb1b207993f3790a7e", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:446b1cf7e5e5bbdc05dd61de90262919ed2207b56cc0a8bb75b29f8cdcae3f67", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:afeba9e7f4cc1270010971f4cf8a3c0f213e7fd47a39c8d783eb597b7e029c32", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd59064838c9a7fe981bb161f6b3c86cc84e29f5cebf4e90a38e46a1ada532f9", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3d732aa48d32245cdfa4d9d9a52a346c8cc0b26603abd08f371a45c04c722bb5", + "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5f610d61e0e95df4d2015203f6f958b0076aeb7abd11d685059c6cc7b0da7796", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d098e9d64a31b392c9c0dbe7caa61abbcb24621b97037dea2d2c9d0a9ce724c9", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:508e03d50ef04642f70a89113b0218d126dc157c77df53f76793500f6f5a0fd4", "lvms_operator": "registry.redhat.io/lvms4/lvms-rhel9-operator@sha256:58804d8baf922927b66cec9424d431a3bdb341d207024ce40cc8f0123bac03ee", - "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:292e6b782caa72d44f558f288ea30cd95b2f1c3e93a7693bbb69783d9e832a32" + "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0d7467707708d9cbcc63a8279e85b02150382d3fab9783b1818a48776b8ed90e" } } diff --git a/deps/github.com/openshift/kubernetes/.go-version b/deps/github.com/openshift/kubernetes/.go-version index 6521720b41..7a429d68a3 100644 --- a/deps/github.com/openshift/kubernetes/.go-version +++ b/deps/github.com/openshift/kubernetes/.go-version @@ -1 +1 @@ -1.24.5 +1.24.6 diff --git a/deps/github.com/openshift/kubernetes/CHANGELOG/CHANGELOG-1.33.md b/deps/github.com/openshift/kubernetes/CHANGELOG/CHANGELOG-1.33.md index 03a8205240..9f3ee47430 100644 --- a/deps/github.com/openshift/kubernetes/CHANGELOG/CHANGELOG-1.33.md +++ b/deps/github.com/openshift/kubernetes/CHANGELOG/CHANGELOG-1.33.md @@ -1,185 +1,320 @@ -- [v1.33.3](#v1333) - - [Downloads for v1.33.3](#downloads-for-v1333) +- [v1.33.4](#v1334) + - [Downloads for v1.33.4](#downloads-for-v1334) - [Source Code](#source-code) - [Client Binaries](#client-binaries) - [Server Binaries](#server-binaries) - [Node Binaries](#node-binaries) - [Container Images](#container-images) - - [Changelog since v1.33.2](#changelog-since-v1332) + - [Changelog since v1.33.3](#changelog-since-v1333) + - [Important Security Information](#important-security-information) + - [CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference](#cve-2025-5187-nodes-can-delete-themselves-by-adding-an-ownerreference) - [Changes by Kind](#changes-by-kind) + - [API Change](#api-change) + - [Feature](#feature) - [Bug or Regression](#bug-or-regression) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake) - [Dependencies](#dependencies) - [Added](#added) - [Changed](#changed) - [Removed](#removed) -- [v1.33.2](#v1332) - - [Downloads for v1.33.2](#downloads-for-v1332) +- [v1.33.3](#v1333) + - [Downloads for v1.33.3](#downloads-for-v1333) - [Source Code](#source-code-1) - [Client Binaries](#client-binaries-1) - [Server Binaries](#server-binaries-1) - [Node Binaries](#node-binaries-1) - [Container Images](#container-images-1) - - [Changelog since v1.33.1](#changelog-since-v1331) - - [Important Security Information](#important-security-information) - - [CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks](#cve-2025-4563-nodes-can-bypass-dynamic-resource-allocation-authorization-checks) + - [Changelog since v1.33.2](#changelog-since-v1332) - [Changes by Kind](#changes-by-kind-1) - - [Feature](#feature) - [Bug or Regression](#bug-or-regression-1) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake) - [Dependencies](#dependencies-1) - [Added](#added-1) - [Changed](#changed-1) - [Removed](#removed-1) -- [v1.33.1](#v1331) - - [Downloads for v1.33.1](#downloads-for-v1331) +- [v1.33.2](#v1332) + - [Downloads for v1.33.2](#downloads-for-v1332) - [Source Code](#source-code-2) - [Client Binaries](#client-binaries-2) - [Server Binaries](#server-binaries-2) - [Node Binaries](#node-binaries-2) - [Container Images](#container-images-2) - - [Changelog since v1.33.0](#changelog-since-v1330) + - [Changelog since v1.33.1](#changelog-since-v1331) + - [Important Security Information](#important-security-information-1) + - [CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks](#cve-2025-4563-nodes-can-bypass-dynamic-resource-allocation-authorization-checks) - [Changes by Kind](#changes-by-kind-2) + - [Feature](#feature-1) - [Bug or Regression](#bug-or-regression-2) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) - [Dependencies](#dependencies-2) - [Added](#added-2) - [Changed](#changed-2) - [Removed](#removed-2) -- [v1.33.0](#v1330) - - [Downloads for v1.33.0](#downloads-for-v1330) +- [v1.33.1](#v1331) + - [Downloads for v1.33.1](#downloads-for-v1331) - [Source Code](#source-code-3) - [Client Binaries](#client-binaries-3) - [Server Binaries](#server-binaries-3) - [Node Binaries](#node-binaries-3) - [Container Images](#container-images-3) - - [Changelog since v1.32.0](#changelog-since-v1320) - - [Urgent Upgrade Notes](#urgent-upgrade-notes) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) + - [Changelog since v1.33.0](#changelog-since-v1330) - [Changes by Kind](#changes-by-kind-3) - - [Deprecation](#deprecation) - - [API Change](#api-change) - - [Feature](#feature-1) - - [Documentation](#documentation) - [Bug or Regression](#bug-or-regression-3) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - [Dependencies](#dependencies-3) - [Added](#added-3) - [Changed](#changed-3) - [Removed](#removed-3) -- [v1.33.0-rc.1](#v1330-rc1) - - [Downloads for v1.33.0-rc.1](#downloads-for-v1330-rc1) +- [v1.33.0](#v1330) + - [Downloads for v1.33.0](#downloads-for-v1330) - [Source Code](#source-code-4) - [Client Binaries](#client-binaries-4) - [Server Binaries](#server-binaries-4) - [Node Binaries](#node-binaries-4) - [Container Images](#container-images-4) - - [Changelog since v1.33.0-rc.0](#changelog-since-v1330-rc0) + - [Changelog since v1.32.0](#changelog-since-v1320) + - [Urgent Upgrade Notes](#urgent-upgrade-notes) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) - [Changes by Kind](#changes-by-kind-4) + - [Deprecation](#deprecation) + - [API Change](#api-change-1) + - [Feature](#feature-2) + - [Documentation](#documentation) - [Bug or Regression](#bug-or-regression-4) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - [Dependencies](#dependencies-4) - [Added](#added-4) - [Changed](#changed-4) - [Removed](#removed-4) -- [v1.33.0-rc.0](#v1330-rc0) - - [Downloads for v1.33.0-rc.0](#downloads-for-v1330-rc0) +- [v1.33.0-rc.1](#v1330-rc1) + - [Downloads for v1.33.0-rc.1](#downloads-for-v1330-rc1) - [Source Code](#source-code-5) - [Client Binaries](#client-binaries-5) - [Server Binaries](#server-binaries-5) - [Node Binaries](#node-binaries-5) - [Container Images](#container-images-5) - - [Changelog since v1.33.0-beta.0](#changelog-since-v1330-beta0) - - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) + - [Changelog since v1.33.0-rc.0](#changelog-since-v1330-rc0) - [Changes by Kind](#changes-by-kind-5) - - [Deprecation](#deprecation-1) - - [API Change](#api-change-1) - - [Feature](#feature-2) - [Bug or Regression](#bug-or-regression-5) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) - [Dependencies](#dependencies-5) - [Added](#added-5) - [Changed](#changed-5) - [Removed](#removed-5) -- [v1.33.0-beta.0](#v1330-beta0) - - [Downloads for v1.33.0-beta.0](#downloads-for-v1330-beta0) +- [v1.33.0-rc.0](#v1330-rc0) + - [Downloads for v1.33.0-rc.0](#downloads-for-v1330-rc0) - [Source Code](#source-code-6) - [Client Binaries](#client-binaries-6) - [Server Binaries](#server-binaries-6) - [Node Binaries](#node-binaries-6) - [Container Images](#container-images-6) - - [Changelog since v1.33.0-alpha.3](#changelog-since-v1330-alpha3) + - [Changelog since v1.33.0-beta.0](#changelog-since-v1330-beta0) + - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) - [Changes by Kind](#changes-by-kind-6) + - [Deprecation](#deprecation-1) - [API Change](#api-change-2) - [Feature](#feature-3) - [Bug or Regression](#bug-or-regression-6) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) - [Dependencies](#dependencies-6) - [Added](#added-6) - [Changed](#changed-6) - [Removed](#removed-6) -- [v1.33.0-alpha.3](#v1330-alpha3) - - [Downloads for v1.33.0-alpha.3](#downloads-for-v1330-alpha3) +- [v1.33.0-beta.0](#v1330-beta0) + - [Downloads for v1.33.0-beta.0](#downloads-for-v1330-beta0) - [Source Code](#source-code-7) - [Client Binaries](#client-binaries-7) - [Server Binaries](#server-binaries-7) - [Node Binaries](#node-binaries-7) - [Container Images](#container-images-7) - - [Changelog since v1.33.0-alpha.2](#changelog-since-v1330-alpha2) - - [Urgent Upgrade Notes](#urgent-upgrade-notes-2) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-2) + - [Changelog since v1.33.0-alpha.3](#changelog-since-v1330-alpha3) - [Changes by Kind](#changes-by-kind-7) - - [Deprecation](#deprecation-2) - [API Change](#api-change-3) - [Feature](#feature-4) - [Bug or Regression](#bug-or-regression-7) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) - [Dependencies](#dependencies-7) - [Added](#added-7) - [Changed](#changed-7) - [Removed](#removed-7) -- [v1.33.0-alpha.2](#v1330-alpha2) - - [Downloads for v1.33.0-alpha.2](#downloads-for-v1330-alpha2) +- [v1.33.0-alpha.3](#v1330-alpha3) + - [Downloads for v1.33.0-alpha.3](#downloads-for-v1330-alpha3) - [Source Code](#source-code-8) - [Client Binaries](#client-binaries-8) - [Server Binaries](#server-binaries-8) - [Node Binaries](#node-binaries-8) - [Container Images](#container-images-8) - - [Changelog since v1.33.0-alpha.1](#changelog-since-v1330-alpha1) + - [Changelog since v1.33.0-alpha.2](#changelog-since-v1330-alpha2) + - [Urgent Upgrade Notes](#urgent-upgrade-notes-2) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-2) - [Changes by Kind](#changes-by-kind-8) - - [Deprecation](#deprecation-3) + - [Deprecation](#deprecation-2) - [API Change](#api-change-4) - [Feature](#feature-5) - [Bug or Regression](#bug-or-regression-8) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) - [Dependencies](#dependencies-8) - [Added](#added-8) - [Changed](#changed-8) - [Removed](#removed-8) -- [v1.33.0-alpha.1](#v1330-alpha1) - - [Downloads for v1.33.0-alpha.1](#downloads-for-v1330-alpha1) +- [v1.33.0-alpha.2](#v1330-alpha2) + - [Downloads for v1.33.0-alpha.2](#downloads-for-v1330-alpha2) - [Source Code](#source-code-9) - [Client Binaries](#client-binaries-9) - [Server Binaries](#server-binaries-9) - [Node Binaries](#node-binaries-9) - [Container Images](#container-images-9) - - [Changelog since v1.32.0](#changelog-since-v1320-1) - - [Urgent Upgrade Notes](#urgent-upgrade-notes-3) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-3) + - [Changelog since v1.33.0-alpha.1](#changelog-since-v1330-alpha1) - [Changes by Kind](#changes-by-kind-9) + - [Deprecation](#deprecation-3) - [API Change](#api-change-5) - [Feature](#feature-6) - - [Documentation](#documentation-1) - [Bug or Regression](#bug-or-regression-9) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-7) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) - [Dependencies](#dependencies-9) - [Added](#added-9) - [Changed](#changed-9) - [Removed](#removed-9) +- [v1.33.0-alpha.1](#v1330-alpha1) + - [Downloads for v1.33.0-alpha.1](#downloads-for-v1330-alpha1) + - [Source Code](#source-code-10) + - [Client Binaries](#client-binaries-10) + - [Server Binaries](#server-binaries-10) + - [Node Binaries](#node-binaries-10) + - [Container Images](#container-images-10) + - [Changelog since v1.32.0](#changelog-since-v1320-1) + - [Urgent Upgrade Notes](#urgent-upgrade-notes-3) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-3) + - [Changes by Kind](#changes-by-kind-10) + - [API Change](#api-change-6) + - [Feature](#feature-7) + - [Documentation](#documentation-1) + - [Bug or Regression](#bug-or-regression-10) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-7) + - [Dependencies](#dependencies-10) + - [Added](#added-10) + - [Changed](#changed-10) + - [Removed](#removed-10) +# v1.33.4 + + +## Downloads for v1.33.4 + + + +### Source Code + +filename | sha512 hash +-------- | ----------- +[kubernetes.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes.tar.gz) | edefd29f93082d860e974a25c9d55cf1a43d4d7b02b7dd8836f3d6c904fe9ba33e8947e8b30c6225fae5b53189c3741d86e5e7fca8520ba82373a112b55b09d7 +[kubernetes-src.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-src.tar.gz) | caafec0f069761c8996bebba303841e50c0b76a519342cb8905011237075f9a6498736496c306ce3beceae051b784f466cc58543a84d633e1c5b5ce07d8b1c55 + +### Client Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-client-darwin-amd64.tar.gz) | ecd902e004a072eaa92d60ce81635519aaa93553313c808c0d27d15a07a1164b0cd586e271fe979e731e167daaed8b8816010bd018cb0ff16dcde9a46dcf0736 +[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-client-darwin-arm64.tar.gz) | 967943fbe8fe87ad4a0715dd55adcd5ca040db8728e5dbcd51c80753845efadb8732bde37c947c2b2d881f758801118909170d2811ceed1ef932c5c6d6611b42 +[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-client-linux-386.tar.gz) | 0ef69b0736b9d6b81f1d8935c0a8a836368f9ed3746f7f5bf04c51f1f5e6da526da223b145b33e315104303adbba01fcb3b49e515594fa48b85d1172ab6c0fab +[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-client-linux-amd64.tar.gz) | e628239516ed6a3d07d47b451b7f42199fb5dcfb4d416f7b519235fd454e0fca3d0c273cc9c709f653a935a32c1f9fbd0a4be88f4c59d0ddcd674be2c289c8a5 +[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-client-linux-arm.tar.gz) | eb349a54d2013ae535fd60a0c32b0a932f176c9203541fba88e9eecbb794a2701479d09389e04950f5ed27b8a48383072b658cdfe7bddb3f0b60c2657a93d90f +[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-client-linux-arm64.tar.gz) | 6b138fd30c198a55e63202dda76f1c9fa04d6a428ff15de9f10a85031ee70c7fd7ed7dd18d24a111c513ec3b492a876a74968048b432ee07ea281798e17653da +[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-client-linux-ppc64le.tar.gz) | 1e39f514ccfe007d96f66330b508f39fac157f5278c44b9017e86744fd4cc5f9f1b0e6eecbcb83ed0c0a4b4f3bc49c8a567c8058db7e8e94cc2071f926e0a2de +[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-client-linux-s390x.tar.gz) | 9d889bbd825cb31b062800b5f450f8ca0aaf799a0d922af1fc026163a7140aeb1a792f5a918e86b40c82dc5cab67b034bc7e4dfc9133a3f4537ded2c46eff9c6 +[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-client-windows-386.tar.gz) | 8fb67c88aeacbd92ddc7c2d53d9b078fc0ccd4c304159008e2acc073a5fe7ed6d5fdaa6292ae08f027e29ecc1dc3ce3c7fd71f24f59e1bec182110d002ea0d7b +[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-client-windows-amd64.tar.gz) | 6b0cd0b690dcd606adac34c3a6fc1b6733f6331354ff548b600e31154ee097000ecd045addc957c27b6ecea98d9676d2ae0edde62d5f0d205bd3fb0132ed008a +[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-client-windows-arm64.tar.gz) | b5055310eb2335c371ea1aa97c371745eace51dca5b87773e48bc00818453f29915685cd0bf17917f4888ced0e47c12ec2abd6bd23059d257034ba1fc00e2983 + +### Server Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-server-linux-amd64.tar.gz) | dc91e00247992e242bd88f7d694f1d090b84211c8440674d14ff37694dfd8241faad4e4f4762e16f9144e337863b4ac388d27cc7597d3b327640f82a4c949823 +[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-server-linux-arm64.tar.gz) | b8c277f1774f4f15fede8d5489707f71f9ec7ebbdc1f5ebfe08b64f067aab9cf4270b33192eb85d571d061db46b4ec33b8f0f4ae961d828f85866fe450902548 +[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-server-linux-ppc64le.tar.gz) | 121d2b65a19737ecadc21906eacc7ff9ee14916e91c42d108fba3c8cf421d36eb39a83d9d7854c03d9a30f310525756973cb56f8f1a62c448abe74c99ace5d62 +[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-server-linux-s390x.tar.gz) | ba53dc9af98de96f03ba5cd4d17299352a09696fd4b3bdd87ee83c8ad33c919aa015d6972f67f12047253b0f2be6f05a6d7ed6025a2bee064caba87224a3bffa + +### Node Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-node-linux-amd64.tar.gz) | f8735d12b7f95bd400834d0d90e76e08f47db117b963073566766e1c530810a8f032b6c771b243f0c538f34a30fe9da5f3ba77e6396f0b00a254a37b1c3ea6c1 +[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-node-linux-arm64.tar.gz) | c8c3286545cf51c64c7c8bf9b92b80a8da142540fc5e0392152756feb99a07aca38eab96aa2f0315dda28fd912b403917012db36ea5e93799a5aff1912066f26 +[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-node-linux-ppc64le.tar.gz) | 606618ccfb5d7b394ee71081458b971d759423e32705c70b7dad3b85581d39acd84791f938fda210f5d88f159eb08612f6db722617bb16d1ab5d97d0eb7b33c4 +[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-node-linux-s390x.tar.gz) | 3fa0175de48ab81142b4fc68d715a53d5d18cd23d5966b23e80d1b01249e91ccf44d59d06ce6daf65dd24d547938afcb96d222bb2227d1386c7c346b43dbc3f3 +[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.33.4/kubernetes-node-windows-amd64.tar.gz) | 205c1f6887ad59b453597a74bc4b6e3e7137e92d2f711c092de1f111d8e6c9137ac01038c84b9a53ebc8f93af7f4453dc557c6fe7610658174eaab06bba0df20 + +### Container Images + +All container images are available as manifest lists and support the described +architectures. It is also possible to pull a specific architecture directly by +adding the "-$ARCH" suffix to the container image name. + +name | architectures +---- | ------------- +[registry.k8s.io/conformance:v1.33.4](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-s390x) +[registry.k8s.io/kube-apiserver:v1.33.4](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-s390x) +[registry.k8s.io/kube-controller-manager:v1.33.4](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-s390x) +[registry.k8s.io/kube-proxy:v1.33.4](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-s390x) +[registry.k8s.io/kube-scheduler:v1.33.4](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-s390x) +[registry.k8s.io/kubectl:v1.33.4](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-s390x) + +## Changelog since v1.33.3 + +## Important Security Information + +This release contains changes that address the following vulnerabilities: + +### CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference + +A vulnerability exists in the NodeRestriction admission controller where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection. By default, node users are authorized for create and patch requests but not delete requests against their node object. Since the NodeRestriction admission controller does not prevent patching OwnerReferences, a compromised node could leverage this vulnerability to delete and then recreate its node object with modified taints or labels. + + +**Affected Versions**: + - kube-apiserver v1.31.0 - v1.31.11 + - kube-apiserver v1.32.0 - v1.32.7 + - kube-apiserver v1.33.0 - v1.33.3 + +**Fixed Versions**: + - kube-apiserver v1.31.12 + - kube-apiserver v1.32.8 + - kube-apiserver v1.33.4 + +This vulnerability was reported by Paul Viossat. + + +**CVSS Rating:** Medium (6.7) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L) + +## Changes by Kind + +### API Change + +- Fixes a 1.33 regression that can cause a nil panic in kube-scheduler when aggregating resource requests across container's spec and status. ([#133285](https://github.com/kubernetes/kubernetes/pull/133285), [@yue9944882](https://github.com/yue9944882)) [SIG Node and Scheduling] + +### Feature + +- Kubernetes is now built using Go 1.24.5 ([#132897](https://github.com/kubernetes/kubernetes/pull/132897), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] + +### Bug or Regression + +- Changed the node restrictions to disallow the node to change it's ownerReferences. ([#133468](https://github.com/kubernetes/kubernetes/pull/133468), [@natherz97](https://github.com/natherz97)) [SIG Auth] + +## Dependencies + +### Added +_Nothing has changed._ + +### Changed +_Nothing has changed._ + +### Removed +_Nothing has changed._ + + + # v1.33.3 diff --git a/deps/github.com/openshift/kubernetes/build/build-image/cross/VERSION b/deps/github.com/openshift/kubernetes/build/build-image/cross/VERSION index 4415fb7d96..8d1533203d 100644 --- a/deps/github.com/openshift/kubernetes/build/build-image/cross/VERSION +++ b/deps/github.com/openshift/kubernetes/build/build-image/cross/VERSION @@ -1 +1 @@ -v1.33.0-go1.24.5-bullseye.0 +v1.33.0-go1.24.6-bullseye.0 diff --git a/deps/github.com/openshift/kubernetes/build/common.sh b/deps/github.com/openshift/kubernetes/build/common.sh index 93bcdb17f7..38c20f5ffb 100755 --- a/deps/github.com/openshift/kubernetes/build/common.sh +++ b/deps/github.com/openshift/kubernetes/build/common.sh @@ -97,8 +97,8 @@ readonly KUBE_RSYNC_PORT="${KUBE_RSYNC_PORT:-}" readonly KUBE_CONTAINER_RSYNC_PORT=8730 # These are the default versions (image tags) for their respective base images. -readonly __default_distroless_iptables_version=v0.7.7 -readonly __default_go_runner_version=v2.4.0-go1.24.5-bookworm.0 +readonly __default_distroless_iptables_version=v0.7.8 +readonly __default_go_runner_version=v2.4.0-go1.24.6-bookworm.0 readonly __default_setcap_version=bookworm-v1.0.4 # These are the base images for the Docker-wrapped binaries. diff --git a/deps/github.com/openshift/kubernetes/build/dependencies.yaml b/deps/github.com/openshift/kubernetes/build/dependencies.yaml index 6108000a49..a8cf083168 100644 --- a/deps/github.com/openshift/kubernetes/build/dependencies.yaml +++ b/deps/github.com/openshift/kubernetes/build/dependencies.yaml @@ -116,7 +116,7 @@ dependencies: # Golang - name: "golang: upstream version" - version: 1.24.5 + version: 1.24.6 refPaths: - path: .go-version - path: build/build-image/cross/VERSION @@ -139,7 +139,7 @@ dependencies: match: minimum_go_version=go([0-9]+\.[0-9]+) - name: "registry.k8s.io/kube-cross: dependents" - version: v1.33.0-go1.24.5-bullseye.0 + version: v1.33.0-go1.24.6-bullseye.0 refPaths: - path: build/build-image/cross/VERSION @@ -177,7 +177,7 @@ dependencies: match: registry\.k8s\.io\/build-image\/debian-base:[a-zA-Z]+\-v((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?) - name: "registry.k8s.io/distroless-iptables: dependents" - version: v0.7.7 + version: v0.7.8 refPaths: - path: build/common.sh match: __default_distroless_iptables_version= @@ -185,7 +185,7 @@ dependencies: match: configs\[DistrolessIptables\] = Config{list\.BuildImageRegistry, "distroless-iptables", "v([0-9]+)\.([0-9]+)\.([0-9]+)"} - name: "registry.k8s.io/go-runner: dependents" - version: v2.4.0-go1.24.5-bookworm.0 + version: v2.4.0-go1.24.6-bookworm.0 refPaths: - path: build/common.sh match: __default_go_runner_version= diff --git a/deps/github.com/openshift/kubernetes/cmd/kubeadm/app/util/config/initconfiguration.go b/deps/github.com/openshift/kubernetes/cmd/kubeadm/app/util/config/initconfiguration.go index 6b15b6bc5b..8eefdbca3d 100644 --- a/deps/github.com/openshift/kubernetes/cmd/kubeadm/app/util/config/initconfiguration.go +++ b/deps/github.com/openshift/kubernetes/cmd/kubeadm/app/util/config/initconfiguration.go @@ -381,6 +381,11 @@ func documentMapToInitConfiguration(gvkmap kubeadmapi.DocumentMap, allowDeprecat // If ClusterConfiguration was given, populate it in the InitConfiguration struct if clustercfg != nil { initcfg.ClusterConfiguration = *clustercfg + + // TODO: Workaround for missing v1beta3 ClusterConfiguration timeout conversion. Remove this conversion once the v1beta3 is removed + if clustercfg.APIServer.TimeoutForControlPlane.Duration != 0 && clustercfg.APIServer.TimeoutForControlPlane.Duration != kubeadmconstants.ControlPlaneComponentHealthCheckTimeout { + initcfg.Timeouts.ControlPlaneComponentHealthCheck.Duration = clustercfg.APIServer.TimeoutForControlPlane.Duration + } } else { // Populate the internal InitConfiguration.ClusterConfiguration with defaults extclustercfg := &kubeadmapiv1.ClusterConfiguration{} diff --git a/deps/github.com/openshift/kubernetes/openshift-hack/images/hyperkube/Dockerfile.rhel b/deps/github.com/openshift/kubernetes/openshift-hack/images/hyperkube/Dockerfile.rhel index 0401df113b..12c7d5e7d8 100644 --- a/deps/github.com/openshift/kubernetes/openshift-hack/images/hyperkube/Dockerfile.rhel +++ b/deps/github.com/openshift/kubernetes/openshift-hack/images/hyperkube/Dockerfile.rhel @@ -14,4 +14,4 @@ COPY --from=builder /tmp/build/* /usr/bin/ LABEL io.k8s.display-name="OpenShift Kubernetes Server Commands" \ io.k8s.description="OpenShift is a platform for developing, building, and deploying containerized applications." \ io.openshift.tags="openshift,hyperkube" \ - io.openshift.build.versions="kubernetes=1.33.4" \ No newline at end of file + io.openshift.build.versions="kubernetes=1.33.5" \ No newline at end of file diff --git a/deps/github.com/openshift/kubernetes/pkg/securitycontext/util.go b/deps/github.com/openshift/kubernetes/pkg/securitycontext/util.go index 28771b6df2..5e000f9333 100644 --- a/deps/github.com/openshift/kubernetes/pkg/securitycontext/util.go +++ b/deps/github.com/openshift/kubernetes/pkg/securitycontext/util.go @@ -17,6 +17,10 @@ limitations under the License. package securitycontext import ( + "fmt" + "os" + "sync" + v1 "k8s.io/api/core/v1" ) @@ -188,21 +192,32 @@ func AddNoNewPrivileges(sc *v1.SecurityContext) bool { var ( // These *must* be kept in sync with moby/moby. - // https://github.com/moby/moby/blob/master/oci/defaults.go#L105-L124 - // @jessfraz will watch changes to those files upstream. - defaultMaskedPaths = []string{ - "/proc/asound", - "/proc/acpi", - "/proc/kcore", - "/proc/keys", - "/proc/latency_stats", - "/proc/timer_list", - "/proc/timer_stats", - "/proc/sched_debug", - "/proc/scsi", - "/sys/firmware", - "/sys/devices/virtual/powercap", - } + // https://github.com/moby/moby/blob/ecb03c4cdae6f323150fc11b303dcc5dc4d82416/oci/defaults.go#L190-L218 + defaultMaskedPaths = sync.OnceValue(func() []string { + maskedPaths := []string{ + "/proc/asound", + "/proc/acpi", + "/proc/interrupts", + "/proc/kcore", + "/proc/keys", + "/proc/latency_stats", + "/proc/timer_list", + "/proc/timer_stats", + "/proc/sched_debug", + "/proc/scsi", + "/sys/firmware", + "/sys/devices/virtual/powercap", + } + + for _, cpu := range possibleCPUs() { + path := fmt.Sprintf("/sys/devices/system/cpu/cpu%d/thermal_throttle", cpu) + if _, err := os.Stat(path); err == nil { + maskedPaths = append(maskedPaths, path) + } + } + + return maskedPaths + }) defaultReadonlyPaths = []string{ "/proc/bus", "/proc/fs", @@ -221,7 +236,7 @@ func ConvertToRuntimeMaskedPaths(opt *v1.ProcMountType) []string { } // Otherwise, add the default masked paths to the runtime security context. - return defaultMaskedPaths + return defaultMaskedPaths() } // ConvertToRuntimeReadonlyPaths converts the ProcMountType to the specified or default diff --git a/deps/github.com/openshift/kubernetes/pkg/securitycontext/util_darwin.go b/deps/github.com/openshift/kubernetes/pkg/securitycontext/util_darwin.go new file mode 100644 index 0000000000..9d14502acb --- /dev/null +++ b/deps/github.com/openshift/kubernetes/pkg/securitycontext/util_darwin.go @@ -0,0 +1,21 @@ +/* +Copyright 2025 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package securitycontext + +func possibleCPUs() []int { + return nil +} diff --git a/deps/github.com/openshift/kubernetes/pkg/securitycontext/util_linux.go b/deps/github.com/openshift/kubernetes/pkg/securitycontext/util_linux.go new file mode 100644 index 0000000000..bcaab4eb3e --- /dev/null +++ b/deps/github.com/openshift/kubernetes/pkg/securitycontext/util_linux.go @@ -0,0 +1,74 @@ +/* +Copyright 2025 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package securitycontext + +import ( + "os" + "runtime" + "strconv" + "strings" + "sync" +) + +// possibleCPUs returns the number of possible CPUs on this host. +func possibleCPUs() (cpus []int) { + if ncpu := possibleCPUsParsed(); ncpu != nil { + return ncpu + } + + for i := range runtime.NumCPU() { + cpus = append(cpus, i) + } + + return cpus +} + +// possibleCPUsParsed is parsing the amount of possible CPUs on this host from +// /sys/devices. +var possibleCPUsParsed = sync.OnceValue(func() (cpus []int) { + data, err := os.ReadFile("/sys/devices/system/cpu/possible") + if err != nil { + return nil + } + + ranges := strings.Split(strings.TrimSpace(string(data)), ",") + + for _, r := range ranges { + if rStart, rEnd, ok := strings.Cut(r, "-"); !ok { + cpu, err := strconv.Atoi(rStart) + if err != nil { + return nil + } + cpus = append(cpus, cpu) + } else { + var start, end int + start, err := strconv.Atoi(rStart) + if err != nil { + return nil + } + end, err = strconv.Atoi(rEnd) + if err != nil { + return nil + } + for i := start; i <= end; i++ { + cpus = append(cpus, i) + } + } + } + + return cpus +}) diff --git a/deps/github.com/openshift/kubernetes/pkg/securitycontext/util_test.go b/deps/github.com/openshift/kubernetes/pkg/securitycontext/util_test.go index 9711262058..87e086e6c3 100644 --- a/deps/github.com/openshift/kubernetes/pkg/securitycontext/util_test.go +++ b/deps/github.com/openshift/kubernetes/pkg/securitycontext/util_test.go @@ -73,11 +73,11 @@ func TestConvertToRuntimeMaskedPaths(t *testing.T) { }{ "procMount nil": { pm: nil, - expect: defaultMaskedPaths, + expect: defaultMaskedPaths(), }, "procMount default": { pm: &dPM, - expect: defaultMaskedPaths, + expect: defaultMaskedPaths(), }, "procMount unmasked": { pm: &uPM, diff --git a/deps/github.com/openshift/kubernetes/pkg/securitycontext/util_windows.go b/deps/github.com/openshift/kubernetes/pkg/securitycontext/util_windows.go new file mode 100644 index 0000000000..9d14502acb --- /dev/null +++ b/deps/github.com/openshift/kubernetes/pkg/securitycontext/util_windows.go @@ -0,0 +1,21 @@ +/* +Copyright 2025 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package securitycontext + +func possibleCPUs() []int { + return nil +} diff --git a/deps/github.com/openshift/kubernetes/staging/publishing/rules.yaml b/deps/github.com/openshift/kubernetes/staging/publishing/rules.yaml index 781dc9c607..6b54eaa3fc 100644 --- a/deps/github.com/openshift/kubernetes/staging/publishing/rules.yaml +++ b/deps/github.com/openshift/kubernetes/staging/publishing/rules.yaml @@ -2901,4 +2901,4 @@ rules: - staging/src/k8s.io/externaljwt recursive-delete-patterns: - '*/.gitattributes' -default-go-version: 1.24.5 +default-go-version: 1.24.6 diff --git a/deps/github.com/openshift/kubernetes/test/e2e/storage/external/external.go b/deps/github.com/openshift/kubernetes/test/e2e/storage/external/external.go index 60bbeae896..67853d638f 100644 --- a/deps/github.com/openshift/kubernetes/test/e2e/storage/external/external.go +++ b/deps/github.com/openshift/kubernetes/test/e2e/storage/external/external.go @@ -152,6 +152,12 @@ type driverDefinition struct { // use topology to ensure that pods land on the right node(s). ClientNodeName string + // NodeSelectors is used to specify nodeSelector information for pod deployment + // during the tests. This is beneficial when needing to control placement + // for specialized environments. Most drivers should not need this and + // instead can use topolgy to ensure that pods land on the right node(s). + NodeSelectors map[string]string + // Timeouts contains the custom timeouts used during the test execution. // The values specified here will override the default values specified in // the framework.TimeoutContext struct. @@ -493,5 +499,10 @@ func (d *driverDefinition) PrepareTest(ctx context.Context, f *framework.Framewo e2econfig.ClientNodeSelection.Selector = map[string]string{"kubernetes.io/os": "linux"} } + // Add all provided nodeSelector settings + for key, value := range d.NodeSelectors { + e2econfig.ClientNodeSelection.Selector[key] = value + } + return e2econfig } diff --git a/deps/github.com/openshift/kubernetes/test/images/Makefile b/deps/github.com/openshift/kubernetes/test/images/Makefile index 867d8e994f..ccbb969f01 100644 --- a/deps/github.com/openshift/kubernetes/test/images/Makefile +++ b/deps/github.com/openshift/kubernetes/test/images/Makefile @@ -16,7 +16,7 @@ REGISTRY ?= registry.k8s.io/e2e-test-images GOARM ?= 7 DOCKER_CERT_BASE_PATH ?= QEMUVERSION=v5.1.0-2 -GOLANG_VERSION=1.24.5 +GOLANG_VERSION=1.24.6 export ifndef WHAT diff --git a/deps/github.com/openshift/kubernetes/test/utils/image/manifest.go b/deps/github.com/openshift/kubernetes/test/utils/image/manifest.go index 6f0d49c47b..57caebc24d 100644 --- a/deps/github.com/openshift/kubernetes/test/utils/image/manifest.go +++ b/deps/github.com/openshift/kubernetes/test/utils/image/manifest.go @@ -223,7 +223,7 @@ func initImageConfigs(list RegistryList) (map[ImageID]Config, map[ImageID]Config configs[APIServer] = Config{list.PromoterE2eRegistry, "sample-apiserver", "1.29.2"} configs[AppArmorLoader] = Config{list.PromoterE2eRegistry, "apparmor-loader", "1.4"} configs[BusyBox] = Config{list.PromoterE2eRegistry, "busybox", "1.36.1-1"} - configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.7.7"} + configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.7.8"} configs[Etcd] = Config{list.GcEtcdRegistry, "etcd", "3.5.21-0"} configs[Httpd] = Config{list.PromoterE2eRegistry, "httpd", "2.4.38-4"} configs[HttpdNew] = Config{list.PromoterE2eRegistry, "httpd", "2.4.39-4"} diff --git a/etcd/go.mod b/etcd/go.mod index 819238f22d..6e0db17e83 100644 --- a/etcd/go.mod +++ b/etcd/go.mod @@ -15,11 +15,11 @@ require ( github.com/openshift/build-machinery-go v0.0.0-20250602125535-1b6d00b8c37c github.com/spf13/cobra v1.9.1 go.etcd.io/etcd/server/v3 v3.5.21 - k8s.io/apimachinery v1.33.4 - k8s.io/cli-runtime v1.33.4 - k8s.io/component-base v1.33.4 + k8s.io/apimachinery v1.33.5 + k8s.io/cli-runtime v1.33.5 + k8s.io/component-base v1.33.5 k8s.io/klog/v2 v2.130.1 - k8s.io/kubectl v1.33.4 + k8s.io/kubectl v1.33.5 sigs.k8s.io/yaml v1.5.0 ) @@ -48,8 +48,8 @@ require ( google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect - k8s.io/apiserver v1.33.4 // indirect - k8s.io/kubelet v1.33.4 // indirect + k8s.io/apiserver v1.33.5 // indirect + k8s.io/kubelet v1.33.5 // indirect sigs.k8s.io/randfill v1.0.0 // indirect ) @@ -138,8 +138,8 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v1.33.4 // indirect - k8s.io/client-go v1.33.4 // indirect + k8s.io/api v1.33.5 // indirect + k8s.io/client-go v1.33.5 // indirect k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt index 4d0218b9ea..82fc656392 100644 --- a/etcd/vendor/modules.txt +++ b/etcd/vendor/modules.txt @@ -638,7 +638,7 @@ gopkg.in/natefinch/lumberjack.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v1.33.4 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/api +# k8s.io/api v1.33.5 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/api ## explicit; go 1.24.0 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -700,7 +700,7 @@ k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 k8s.io/api/storagemigration/v1alpha1 -# k8s.io/apimachinery v1.33.4 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery +# k8s.io/apimachinery v1.33.5 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery ## explicit; go 1.24.0 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -763,18 +763,18 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v1.33.4 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiserver +# k8s.io/apiserver v1.33.5 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiserver ## explicit; go 1.24.0 k8s.io/apiserver/pkg/apis/audit k8s.io/apiserver/pkg/apis/audit/v1 k8s.io/apiserver/pkg/authentication/user -# k8s.io/cli-runtime v1.33.4 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime +# k8s.io/cli-runtime v1.33.5 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime ## explicit; go 1.24.0 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/genericiooptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v1.33.4 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go +# k8s.io/client-go v1.33.5 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go ## explicit; go 1.24.0 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -935,7 +935,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/watchlist k8s.io/client-go/util/workqueue -# k8s.io/component-base v1.33.4 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-base +# k8s.io/component-base v1.33.5 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-base ## explicit; go 1.24.0 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -972,7 +972,7 @@ k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/util/proto/validation k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubectl v1.33.4 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubectl +# k8s.io/kubectl v1.33.5 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubectl ## explicit; go 1.24.0 k8s.io/kubectl/pkg/cmd/util k8s.io/kubectl/pkg/scheme @@ -982,7 +982,7 @@ k8s.io/kubectl/pkg/util/openapi k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v1.33.4 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubelet +# k8s.io/kubelet v1.33.5 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubelet ## explicit; go 1.24.0 k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1 # k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 diff --git a/go.mod b/go.mod index 0c6c9433a1..cda4a810ff 100644 --- a/go.mod +++ b/go.mod @@ -31,24 +31,24 @@ require ( github.com/go-kit/kit v0.9.0 github.com/gogo/protobuf v1.3.2 github.com/golang/snappy v0.0.4 - github.com/openshift/cluster-policy-controller v0.0.0-20250915194436-0e2948510331 - github.com/openshift/route-controller-manager v0.0.0-20250725082216-bf2fa662f57f + github.com/openshift/cluster-policy-controller v0.0.0-20250922125535-5c0dd7a1b366 + github.com/openshift/route-controller-manager v0.0.0-20250923162243-9f4b06c555c1 github.com/prometheus/client_model v0.6.1 github.com/prometheus/common v0.62.0 github.com/prometheus/prometheus v0.302.1 github.com/squat/generic-device-plugin v0.0.0-20250710162141-0f7fddf166f1 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v1.33.4 - k8s.io/apiextensions-apiserver v1.33.4 - k8s.io/apimachinery v1.33.4 - k8s.io/apiserver v1.33.4 - k8s.io/cli-runtime v1.33.4 - k8s.io/client-go v1.33.4 - k8s.io/cloud-provider v1.33.4 - k8s.io/component-base v1.33.4 - k8s.io/kube-aggregator v1.33.4 - k8s.io/kubectl v1.33.4 - k8s.io/kubelet v1.33.4 + k8s.io/api v1.33.5 + k8s.io/apiextensions-apiserver v1.33.5 + k8s.io/apimachinery v1.33.5 + k8s.io/apiserver v1.33.5 + k8s.io/cli-runtime v1.33.5 + k8s.io/client-go v1.33.5 + k8s.io/cloud-provider v1.33.5 + k8s.io/component-base v1.33.5 + k8s.io/kube-aggregator v1.33.5 + k8s.io/kubectl v1.33.5 + k8s.io/kubelet v1.33.5 k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 sigs.k8s.io/kustomize/api v0.19.0 @@ -162,21 +162,21 @@ require ( gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect - k8s.io/cluster-bootstrap v1.33.4 // indirect - k8s.io/component-helpers v1.33.4 // indirect - k8s.io/controller-manager v1.33.4 // indirect - k8s.io/cri-api v1.33.4 // indirect - k8s.io/cri-client v1.33.4 // indirect - k8s.io/csi-translation-lib v1.33.4 // indirect - k8s.io/dynamic-resource-allocation v1.33.4 // indirect - k8s.io/endpointslice v1.33.4 // indirect - k8s.io/externaljwt v1.33.4 // indirect - k8s.io/kms v1.33.4 // indirect - k8s.io/kube-controller-manager v1.33.4 // indirect - k8s.io/kube-scheduler v1.33.4 // indirect - k8s.io/metrics v1.33.4 // indirect - k8s.io/mount-utils v1.33.4 // indirect - k8s.io/pod-security-admission v1.33.4 // indirect + k8s.io/cluster-bootstrap v1.33.5 // indirect + k8s.io/component-helpers v1.33.5 // indirect + k8s.io/controller-manager v1.33.5 // indirect + k8s.io/cri-api v1.33.5 // indirect + k8s.io/cri-client v1.33.5 // indirect + k8s.io/csi-translation-lib v1.33.5 // indirect + k8s.io/dynamic-resource-allocation v1.33.5 // indirect + k8s.io/endpointslice v1.33.5 // indirect + k8s.io/externaljwt v1.33.5 // indirect + k8s.io/kms v1.33.5 // indirect + k8s.io/kube-controller-manager v1.33.5 // indirect + k8s.io/kube-scheduler v1.33.5 // indirect + k8s.io/metrics v1.33.5 // indirect + k8s.io/mount-utils v1.33.5 // indirect + k8s.io/pod-security-admission v1.33.5 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect sigs.k8s.io/randfill v1.0.0 // indirect @@ -217,7 +217,7 @@ require ( google.golang.org/protobuf v1.36.5 // indirect k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7 // indirect k8s.io/klog/v2 v2.130.1 - k8s.io/kubernetes v1.33.4 + k8s.io/kubernetes v1.33.5 sigs.k8s.io/structured-merge-diff/v4 v4.7.0 // indirect ) diff --git a/go.sum b/go.sum index 8a2dad3005..4e2def5174 100644 --- a/go.sum +++ b/go.sum @@ -261,8 +261,8 @@ github.com/openshift/build-machinery-go v0.0.0-20250602125535-1b6d00b8c37c h1:gJ github.com/openshift/build-machinery-go v0.0.0-20250602125535-1b6d00b8c37c/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE= github.com/openshift/client-go v0.0.0-20250710075018-396b36f983ee h1:tOtrrxfDEW8hK3eEsHqxsXurq/D6LcINGfprkQC3hqY= github.com/openshift/client-go v0.0.0-20250710075018-396b36f983ee/go.mod h1:zhRiYyNMk89llof2qEuGPWPD+joQPhCRUc2IK0SB510= -github.com/openshift/cluster-policy-controller v0.0.0-20250915194436-0e2948510331 h1:Vm+BxLt2wMVLlAor0JdatxFK74pIddQ7GjzsYI/OHXE= -github.com/openshift/cluster-policy-controller v0.0.0-20250915194436-0e2948510331/go.mod h1:977DPepMAwnGNdJQdAzVSL+Qpem/aLS9d9sGnt1yEsg= +github.com/openshift/cluster-policy-controller v0.0.0-20250922125535-5c0dd7a1b366 h1:JsGbO3Kd53R3ZDekTh8ncKaI0rWdRKFMTCBjRHlv4J0= +github.com/openshift/cluster-policy-controller v0.0.0-20250922125535-5c0dd7a1b366/go.mod h1:977DPepMAwnGNdJQdAzVSL+Qpem/aLS9d9sGnt1yEsg= github.com/openshift/etcd/api/v3 v3.5.1-0.20250829062802-9c065d4d842c h1:Xty9QBBJwUlug0FGix5rwjOg7rIVnmfbsg4dEaBBFM4= github.com/openshift/etcd/api/v3 v3.5.1-0.20250829062802-9c065d4d842c/go.mod h1:c3aH5wcvXv/9dqIw2Y810LDXJfhSYdHQ0vxmP3CCHVY= github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20250829062802-9c065d4d842c h1:XYHqfMdW35QxSQ6/BWJNF84YPEKRIxvvyAUgfhpo78k= @@ -275,8 +275,8 @@ github.com/openshift/library-go v0.0.0-20250711143941-47604345e7ea h1:0BNis5UGo5 github.com/openshift/library-go v0.0.0-20250711143941-47604345e7ea/go.mod h1:tptKNust9MdRI0p90DoBSPHIrBa9oh+Rok59tF0vT8c= github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20250416174521-4eb003743b54 h1:ehXndVZfIk/fo18YJCMJ+6b8HL8tzqjP7yWgchMnfCc= github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20250416174521-4eb003743b54/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/openshift/route-controller-manager v0.0.0-20250725082216-bf2fa662f57f h1:CcpRerSOS+uchGDly2oCyXbK35ilSZTiBrNhx8ldhq0= -github.com/openshift/route-controller-manager v0.0.0-20250725082216-bf2fa662f57f/go.mod h1:/tw1PYHkUdzPG+EuC+ANJdDD81Ik2pPzYjLBZhyzyME= +github.com/openshift/route-controller-manager v0.0.0-20250923162243-9f4b06c555c1 h1:B2bnMY4EurZtBVJgzbWjLhxAfXDEDNe8MBiht3Nqup8= +github.com/openshift/route-controller-manager v0.0.0-20250923162243-9f4b06c555c1/go.mod h1:/tw1PYHkUdzPG+EuC+ANJdDD81Ik2pPzYjLBZhyzyME= github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= diff --git a/packaging/crio.conf.d/10-microshift_amd64.conf b/packaging/crio.conf.d/10-microshift_amd64.conf index e4fe925660..ef4c40693e 100644 --- a/packaging/crio.conf.d/10-microshift_amd64.conf +++ b/packaging/crio.conf.d/10-microshift_amd64.conf @@ -2,6 +2,6 @@ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9a10adc59bc9e78b0f585016f45ff71a7b5bc1862895f72bf7dc8e461a5528ad" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d098e9d64a31b392c9c0dbe7caa61abbcb24621b97037dea2d2c9d0a9ce724c9" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/packaging/crio.conf.d/10-microshift_arm64.conf b/packaging/crio.conf.d/10-microshift_arm64.conf index f5c1bb444a..8a4ffd2c20 100644 --- a/packaging/crio.conf.d/10-microshift_arm64.conf +++ b/packaging/crio.conf.d/10-microshift_arm64.conf @@ -2,6 +2,6 @@ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c9dba3e46b2e0d04b7f0bb2e7da314a429d76f28573015f26f85c7baf6037998" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e3f6b8d5389921b48df4b81afe2f69703c457207e380143e8a8929987c620f40" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index 1c38fe59f8..a1955ddb62 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,131 +1,165 @@ -- api embedded-component 61248d910ff74aef020492922d14e6dadaba598b to 83b017b06367bf8564bf94f5c6c1ad8aed5d3ab9 - - b6f0e27a 2025-09-16T10:45:31+01:00 Update controller-tools - - 881674e4 2025-09-01T15:03:56+02:00 Add metric server API - -- cluster-dns-operator embedded-component 63a93b05b131a3f7ee8b482a5cb4f0c1eac8660e to 1272aef21dd5dcdbefbf4888c7b0a4a427683fd7 - - 6f21905 2025-09-15T15:07:12-04:00 Add bentito (btofel@redhat.com) to OWNERS - -- cluster-ingress-operator embedded-component 60b4279f91f6fbc135d8f15bda96a5ae664e252a to c968596268df58ed8747a8f88ebb8c501824bbb2 - - c5c5c85 2025-09-15T14:55:09-04:00 Add bentito (btofel@redhat.com) to OWNERS - - cc00436 2025-08-20T17:16:07+01:00 OCPBUGS-55673: Remove IngressControllerLBSubnetsAWS featuregate - -- cluster-kube-apiserver-operator embedded-component 0bec046c8c10682390e2a20ae4f416a2d8589f40 to 25092d8447b0186402dcf2a6564f6ac2ebf55c9b - - f127598 2025-09-15T09:51:28-07:00 bump(k8s): promote MutatingAdmissionPolicy to v1beta1 for > 1.34.0 - -- cluster-kube-controller-manager-operator embedded-component 3b20c534b1b92d46055147c4f82f69b2ad3044c9 to a92da07ac1f335c148411c838dd2982c9ca90988 - - 1e279cb 2025-08-20T17:37:46+02:00 Remove --cloud-provider=external from KCM - -- cluster-kube-scheduler-operator embedded-component f9b5b31943f2be768af6373def4c8946a30d0ed6 to 2345371abed5896006ac4a60c7d555fc25502c0a - - 4339305 2025-09-05T13:59:33+02:00 adding ROFS - - 9d6fe98 2025-09-05T10:17:36+02:00 adding ROFS - -- cluster-network-operator embedded-component 09a4accb5ee420155d19fbf78c6be058be50ee0e to c069f36d58d9d8ad4a9cd23a410fb263a5e689ed - - 7e8f8cc 2025-09-11T15:41:54-04:00 Add validation check for labels and test - - 97b68b8 2025-09-11T15:40:31-04:00 Add documentation surrounding the Smart-NIC/DPU Host/DPU mode labels - - 842c48c 2025-09-11T15:39:37-04:00 Relax label req. of DPU/DPU Host/Smart NIC - -- cluster-policy-controller embedded-component 3e7538547c8f209c72083097a4ebaada6e9c46c5 to 0e2948510331ff9351c5eb6d7f2f440afc7aa17a - - f281462 2025-08-19T14:18:12+02:00 scc allocation controller: Use server-side apply - -- kubernetes embedded-component 679fad59c6fcb6cd86bccb25ac702ec10d5ea15b to 95b8140e3a53ffc6aab114c39e07a439dfdf7f9e - - bd238e196 2025-09-17T10:47:16-04:00 UPSTREAM: : Add retries for GetCurrentResourceVersion. - - 87b26c865 2025-09-09T13:36:27+02:00 UPSTREAM: 133959: Do not remove PVC ClaimRef to fix flaky VAC test - -- machine-config-operator embedded-component cd9b709c16ad9d8b32701d13af2d068eb4ca9c49 to 223bed017865d085a6fda3a41050627be96ed340 - - 139dd0c2 2025-09-15T16:27:15-05:00 OCPBUGS-61695: Override NMState service definition - - fd87e53a 2025-09-15T15:52:14-04:00 units: add delays to TestOSBuildController - - c6f988c0 2025-09-15T10:48:16-05:00 add new recording rule for unsuported packages - - 1889a793 2025-08-27T10:00:56-04:00 msbic: add unit tests - - 55a0cc80 2025-08-27T10:00:56-04:00 msbic: add azure platform support - - 0c077d64 2025-08-25T11:59:59-04:00 operator: add azure boot image update gates - - ae39bd1b 2025-08-25T11:59:59-04:00 vendor bump for Azure stream updates - - 3f274443 2025-08-19T09:13:17-04:00 Add nil/null checks to image registry secret decode - - 715f38dd 2025-08-12T09:02:58-04:00 install: remove mcn crd cleanup cronjob - -- openshift-controller-manager embedded-component 49aaf599fb9024f36359f55bac6b3bb1482e24b8 to b297407761ee836f0a43a42ba0486bc97b54f888 - - 6c2059d 2025-09-15T14:20:48+05:30 set up openshift-tests-extension for cluster-openshift-controller-manager-operator and add a sanity test - -- operator-framework-olm embedded-component 52b69a5bc151303c21268007009c0300f3170bc2 to 44c993131781ff5bfb8665b0e6cc1d2a3bf23839 - - fd5119fc 2025-09-18T14:07:22+08:00 move golangci-lint and go-bindata to new location to fix sync - - 62ce21ab 2025-09-17T14:07:14+08:00 add OTE into olmv0 with new location - - 57aa443f 2025-09-16T18:32:25Z migrate containers libs to new mono-repo (#1799) - - cdba3e50 2025-09-16T18:31:45Z set an exception for migrate file permissions (#1798) - - 8bc227c4 2025-09-16T18:31:21Z Bump the golang-x-deps group across 1 directory with 2 updates (#1797) - - f1e8858f 2025-09-16T18:30:35Z Bump google.golang.org/grpc from 1.75.0 to 1.75.1 (#1796) - - 9e6853ab 2025-09-16T18:30:21Z Bump github.com/maxbrunsfeld/counterfeiter/v6 from 6.11.3 to 6.12.0 (#1791) - - f1d6e13b 2025-09-16T18:30:07Z Bump google.golang.org/protobuf from 1.36.8 to 1.36.9 (#1793) - - abfd941b 2025-09-16T18:29:53Z switch tactics (#1750) - - eba479a4 2025-09-16T18:29:39Z Bump the golang-x-deps group with 2 updates (#1789) - - 872ca763 2025-09-16T18:29:25Z Bump actions/setup-go from 5 to 6 (#1788) - - 7de9f98d 2025-09-16T18:29:11Z Bump actions/stale from 9 to 10 (#1787) - - 269b972a 2025-09-16T18:28:57Z Bump github.com/onsi/ginkgo/v2 from 2.25.2 to 2.25.3 (#1786) - - d6aa1ba3 2025-09-16T18:28:43Z Bump github.com/containers/common from 0.64.1 to 0.64.2 (#1785) - - 57264134 2025-09-16T18:28:27Z Bump github.com/docker/cli (#1784) - - af9d1f73 2025-09-16T18:28:13Z Bump github.com/containers/image/v5 from 5.36.1 to 5.36.2 (#1783) - - 8633b4bc 2025-09-16T18:27:59Z Bump github.com/spf13/pflag from 1.0.9 to 1.0.10 (#1782) - - 0ff2fb3d 2025-09-16T18:27:45Z Bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#1781) - - eb1a07e9 2025-09-16T18:27:31Z Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1779) - - 301f97f5 2025-09-16T18:27:16Z Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1776) - - b5926636 2025-09-16T18:27:01Z Add key ordering for mermaid graph output (#1778) - - e3b314e5 2025-09-16T18:26:47Z Bump github.com/spf13/pflag from 1.0.7 to 1.0.8 (#1775) - - 93fa5af0 2025-09-16T18:26:32Z Bump github.com/golang-migrate/migrate/v4 from 4.18.3 to 4.19.0 (#1774) - - 74e7824b 2025-09-16T18:26:10Z OPRUN-4119: migrate containers libs to new mono repo (#3657) - - 15c068ae 2025-09-16T18:25:53Z :seedling: Bump github.com/containers/image/v5 from 5.36.1 to 5.36.2 (#3655) - - b3909aea 2025-09-16T18:25:36Z :seedling: Bump golang.org/x/time from 0.12.0 to 0.13.0 (#3654) - - 0dd890f4 2025-09-16T18:25:19Z :seedling: Bump github.com/operator-framework/operator-registry (#3656) - - 6b718ac6 2025-09-16T18:24:57Z :seedling: Bump golang.org/x/net from 0.43.0 to 0.44.0 (#3653) - - 57b4385b 2025-09-16T18:24:37Z :seedling: Bump github.com/prometheus/client_golang from 1.23.0 to 1.23.2 (#3649) - - 9f255f70 2025-09-16T18:24:17Z Bump actions/stale from 9 to 10 (#3651) - - 28fa15aa 2025-09-16T18:23:58Z Bump actions/setup-go from 5 to 6 (#3650) - - c240bda3 2025-09-16T18:23:28Z :seedling: Bump github.com/prometheus/common from 0.65.0 to 0.66.1 (#3648) - - b65ec3fb 2025-09-16T14:05:25+08:00 UPSTREAM: : add jiazha to approvers - - 22a2cb72 2025-09-16T10:41:32+08:00 Revert "OCPQE-29415: UPSTREAM: : add OTE into olmv0" - - ec6e19a6 2025-09-12T20:31:11Z Updating operator-registry-container image to be consistent with ART for 4.21 Reconciling with https://github.com/openshift/ocp-build-data/tree/1097a63a576d216981abbff7a60c4c5da67d1644/images/operator-registry.yml - - a3ba3ae2 2025-09-12T13:42:21+08:00 UPSTREAM: : add OTE into olmv0 - - 825dc7b2 2025-09-12T09:30:09+08:00 set package-server-manager as default container - -- service-ca-operator embedded-component b0fe556a981964728306f803864af9d2881db967 to a40d9a8ec60e0c6c1578300c372b6104130f2ecc - - dc11bc4 2025-09-15T11:18:02+02:00 secret_creating_controller: improve hotloop tests - - ae08731 2025-09-12T14:56:47+02:00 secret_creating_controller: fix hotloop on create secret error - - 9052e26 2025-09-12T14:41:46+02:00 secret_creating_controller_test: cover failure with invalid name - - 8a83a3f 2025-09-11T17:24:11+02:00 secret_creating_controller_test: add secretName to test struct - - 9e0422c 2025-09-11T17:22:42+02:00 secret_creating_controller_test: fix typo in test struct field name - -- oc image-amd64 f7c9fc36fbaa85b3cbf0c2e85dd4a42e20f6952d to 0e4fabc98dc46c9fca79544297783053a49370ce +- api embedded-component 83b017b06367bf8564bf94f5c6c1ad8aed5d3ab9 to 8a46f746f2cf87624651e6e8a85421b49bef3b6e + - 70766206 2025-09-23T08:13:22-04:00 (bugfix): fix crdify generator to also return an aggregated error when validations fail + - 08bfa12c 2025-09-19T15:19:20-04:00 add union discriminator for manual mode + - bcad2088 2025-09-18T16:44:05-04:00 cross-validate boot images & skew enforcement + - de957683 2025-09-18T16:44:05-04:00 machine_config: add BootImageSkewEnforcement API + - 206d340a 2025-09-16T14:24:40-04:00 tooling: add crdify generator to run crdify against CRD changes + - 21152dba 2025-09-12T13:57:46-04:00 MachineConfigNode: add 'AGE' print column + - e278f008 2025-09-12T09:53:41+02:00 feat: remove unused feature gate InsightsConfigAPI + +- cluster-ingress-operator embedded-component c968596268df58ed8747a8f88ebb8c501824bbb2 to 69ba323f05c84f72f11a0d086836b3f3412512d4 + - 6fc40ec 2025-09-18T12:29:38-03:00 OCPBUGS-55649: Remove SetEIPForNLBIngressController feature gate + +- cluster-kube-apiserver-operator embedded-component 25092d8447b0186402dcf2a6564f6ac2ebf55c9b to 6333489fd7d8d3494372cb830efba40eb28e45c1 + - dbfd6c0 2025-09-19T12:39:23+02:00 OCPBUGS-15430: move alerting rules from CMO over + - feb3d9e 2025-09-01T08:56:32+02:00 certrotation: update description for control-plane-node-kubeconfig certificate keypair + - c5e5e5b 2025-08-28T21:01:35+02:00 certrotation: fix typo + - c88e363 2025-08-28T20:34:38+02:00 Revert "Revert "OCPBUGS-57049: certrotation: move test case name outside of AutoRegenerateAfterOfflineExpiry"" + +- cluster-network-operator embedded-component c069f36d58d9d8ad4a9cd23a410fb263a5e689ed to 23c976c3ae4a9db28a6c2714840bc71bb0ed20c5 + - 966cc52 2025-09-14T10:44:04-04:00 Add a ValidatingAdmissionPolicy blocking ServiceCIDR changes + +- cluster-policy-controller embedded-component 0e2948510331ff9351c5eb6d7f2f440afc7aa17a to 5c0dd7a1b366d314aa9c929fe775ee3041b348cb + - 3ffb457 2025-08-26T14:06:58+02:00 fix(psalabelsyncer): return an error instead of panic when converting an unknown volume + +- kubernetes embedded-component 95b8140e3a53ffc6aab114c39e07a439dfdf7f9e to 5c9df339496a7595967e06682ece7d0b2145411c + - 61a5f42bd 2025-09-11T17:26:59-04:00 UPSTREAM: : hack/update-vendor.sh, make update and update image + - 03e764d03 2025-09-09T19:43:57+00:00 Release commit for Kubernetes v1.33.5 + - b246955af 2025-08-28T22:57:01+08:00 Fix missing control plane health check timeout + - c1a0f959a 2025-08-28T10:31:15+02:00 Add a note about Conflicts return value + - 2d6c21edd 2025-08-28T10:31:15+02:00 Fix SELinux label comparison + - fe2d1b268 2025-08-28T10:31:15+02:00 Add missing cases to SELinuxMount tests + - 9d0999731 2025-08-21T09:09:11-04:00 Remove patch/update from ServiceCIDR API conformance test + - 98b3daba8 2025-08-14T13:31:05+02:00 Bump dependencies, images and versions used to Go 1.24.6 and distroless iptables + - 0ae9d1d16 2025-08-13T14:40:41+00:00 Update CHANGELOG/CHANGELOG-1.33.md for v1.33.4 + - d8676a24c 2025-07-22T08:21:08-04:00 Added NodeSelectors field to DriverDefinition + - b5fa540b2 2025-07-16T11:07:06+02:00 Mask Linux thermal interrupt info in /proc and /sys. + +- machine-config-operator embedded-component 223bed017865d085a6fda3a41050627be96ed340 to 733131d0113f142aa90172c8e6d653491d2c333f + - 54677883 2025-09-23T15:14:32+02:00 MCO-1685: Add mco-sanitize redactor + - 4fb52433 2025-09-18T10:32:09-04:00 test/extended: add azure e2es + - 9c040309 2025-09-18T10:30:26-04:00 test/extended: add boot image test helpers + - 7c64bec0 2025-09-09T20:53:05-04:00 controller: update is node done check to handle image mode disabling case & add unit test cases for scenario + +- openshift-controller-manager embedded-component b297407761ee836f0a43a42ba0486bc97b54f888 to 15fc552a73e47ae715f0cf59e3f535e26b43477a + - ce067c2 2025-09-18T14:00:16+05:30 Fix Dockerfile.rhel: Add OTE binary build and packaging + +- operator-framework-olm embedded-component 44c993131781ff5bfb8665b0e6cc1d2a3bf23839 to 0b07ab92a28d0377c6600d0b40c5486b4b942ca1 + - 59ec2818 2025-09-20T00:03:50+00:00 Improves quickstart docs to use latest manifests (#3658) + - c126c418 2025-09-18T12:37:43+08:00 add testing framework based on OTE and the first tests-private case + +- route-controller-manager embedded-component bf2fa662f57f233d8541f94c4953e0dcd7a5ab20 to 9f4b06c555c177a7d3bf96c4b407f7c76c4492e4 + - cb30401 2025-09-23T11:22:10-03:00 NOJIRA: Remove old OWNERS file + - f8aac39 2025-09-23T11:22:06-03:00 NOJIRA: Add new team members to OWNERS + +- router image-amd64 2c1a6790a4208cea7b8809ebdba3d2a8223827a8 to 4ab58e470655440e32e82f89c2856fd2100b00ae + - 84b4a48 2025-09-19T09:40:58-03:00 NE-2137: Bump router k8s libraries to 0.33.4 - vendor + - cfc2fd4 2025-09-19T09:40:46-03:00 NE-2137: Bump router k8s libraries to 0.33.4 + - 144665f 2025-09-17T11:44:06-04:00 Keep go indentation the same, w/ same final output + - a2c957e 2025-09-16T13:29:07-04:00 OCPBUGS-60257: fix extra space in haproxy template + - 088afb0 2025-06-20T13:08:14+00:00 Updating openshift-enterprise-haproxy-router-container image to be consistent with ART for 4.20 Reconciling with https://github.com/openshift/ocp-build-data/tree/8f77fc475c95f9d98c348deb2feb88f5952d7357/images/openshift-enterprise-haproxy-router.yml + +- ovn-kubernetes image-amd64 5ad762f86466c2e11b94da2cee211cec97e16a3a to e71219323b38af7afff0710a815a539260832550 + - 6dced5ec 2025-09-19T17:11:36+02:00 Revert "multi-homing, tests: do not use OVN provided IPAM in L3 nets" + - fea3444d 2025-09-10T18:25:29+02:00 Fix EgressIP controller deadlock by sorting node locks lexicographically + - e60220a6 2025-09-09T15:46:41+01:00 Node controller shutdown: do not ref gateway if not set + - db8b2aef 2025-09-09T15:29:38+02:00 Fetch agnhost image from k8s upstream + - 46bcb452 2025-09-09T14:14:31+02:00 expand EgressIP limitations and solution + - d45ffccc 2025-09-09T14:14:31+02:00 Rename ovn_cluster_router to transit_router + - 27b1f317 2025-09-09T14:14:31+02:00 layer2 router topology: describe upgrade + - c655cbf3 2025-09-09T14:14:31+02:00 enhancement: Improve layer2 topology for VMs + - e717e423 2025-09-08T18:56:38+02:00 Replace 0/1 index var to utilnet ipFamily + - d268c014 2025-09-08T18:56:38+02:00 Skip Multi Homing tests on ipv6 singlestack BGP lane + - b9ecb33f 2025-09-08T18:56:38+02:00 Fix bgp tests to work on single stack ipv6 + - 8000cfd6 2025-09-08T18:56:38+02:00 Add singlestack ipv6 bgp lane + - 1bbb7f32 2025-09-08T18:56:37+02:00 Add e2e test towards kapi ipv6 address from udn pods + - e2625f41 2025-09-08T18:56:37+02:00 Make ip and ipv6 constants in flow code + - 1f6964cf 2025-09-08T18:56:37+02:00 Consider more than 1 family serviceCIDR range for UDN service flows + - 38935ee6 2025-09-08T18:56:37+02:00 Fix UDN service CIDR flows that had protocol prefix pinned to `ip` + - 7eed13ba 2025-09-05T18:41:39+01:00 E2Es: dont panic when unable to find a deployment config + - 221205d3 2025-09-05T16:34:58+05:30 Add UDN subnet overlap check with transit switch subnet + - 4ffa27b2 2025-09-05T10:07:54+02:00 Update maintainers affiliation + - 35659ebd 2025-09-04T15:31:52+01:00 E2E: remove node selector from new e2e tests + - 2670efee 2025-09-04T15:31:52+01:00 E2E: fixup e2es without a feature label + - afe4ca59 2025-09-04T15:31:08+01:00 E2Es: use 'app' instead of 'name' when selecting ovn-k node pods + - 4f5fcc83 2025-09-04T15:04:36+01:00 Change UDN networks to relatively rare CIDR + - ad905eaf 2025-09-04T15:11:35+03:00 [kind] Bump kubevirt/ipam-extensions version to v0.3.1 + - 53e6851f 2025-09-04T08:35:00+01:00 E2Es: pass kconfig to detect deployment conf + - 481e954b 2025-09-04T09:55:59+03:00 test/e2e/preconfigured_layer2: Add duplicate IP Validation pod tests + - 9b16a7f9 2025-09-03T20:29:23+03:00 test/e2e/kubevirt: Add duplicate IP Validation test + - 66298cff 2025-09-03T20:29:23+03:00 pod_annotations: Block duplicate IP on new pods + - 6653d552 2025-09-03T10:19:01+01:00 fix: swap quay.io golang image provider + - b004ed09 2025-09-02T20:46:30+02:00 E2E localnet: send three pings instead of just one + - dea42b40 2025-09-02T20:46:30+02:00 E2E localnet: localnet -> host network on VLAN with external router + - 51eae7a9 2025-09-02T20:46:30+02:00 E2E localnet: host network -> localnet on VLAN with external router + - 69ec5696 2025-09-02T20:46:30+02:00 E2E localnet: default network->localnet on VLAN with external router + - f82e1019 2025-09-02T20:46:30+02:00 E2E localnet: Fix requirement on number of schedulable nodes + - eb5f3c10 2025-09-02T20:46:30+02:00 E2E localnet: make IP request for localnet pod extensible + - c4cc25a0 2025-09-02T20:46:30+02:00 E2E localnet: specify that the localnet uses IPs from host subnet + - 6de44ef6 2025-09-02T20:46:30+02:00 E2E localnet: remove references to downstream bugs and stories + - bf6f9c16 2025-09-02T20:46:30+02:00 Configure existing multihoming CI lane as IC-enabled and shared gw + - a5029f87 2025-09-02T20:46:30+02:00 E2E: add test host -> localnet with IP in host subnet + - 4ce92a90 2025-09-02T20:46:30+02:00 E2E localnet: remove double import of ginkgo + - ef1aa996 2025-09-02T20:46:30+02:00 Openflow: lookup conntrack & table=1 when breth0 is next hop (IPv6) + - 66d8f142 2025-09-02T20:46:30+02:00 Openflow: drop in_port from IPv6 dispatch OF rule at prio=50 + - 318f8ce3 2025-09-02T20:46:30+02:00 Openflow: lookup conntrack & table=1 only when breth0 is next hop + - d70e444e 2025-09-02T16:38:34+02:00 fix: Skip node-encap-ips annotation in DPU host mode + - c0c1b266 2025-09-01T10:45:12+01:00 multi-homing, tests: do not use OVN provided IPAM in L3 nets + - 9633bdfa 2025-09-01T11:10:30+03:00 fix: run go mod tidy e2e tests + - 320b2fae 2025-09-01T11:10:29+03:00 fix: routemanager unit tests + - bc4f9b80 2025-09-01T11:10:27+03:00 chore: bump sriovnet lib + - 82fc3bf7 2025-08-27T16:38:56+01:00 ovn-controller: block GARP during startup + - 8b294197 2025-08-27T16:37:52+01:00 Fix ovnkube-controller-with-node shutdown sequence + - 46fa3304 2025-08-27T10:04:05-04:00 Update docs for UDN + - a44f6c12 2025-08-27T10:04:05-04:00 Updates UDN Isolation DBIDs + - a393d95c 2025-08-26T12:13:54-04:00 A couple of minor fixes + - bbca8743 2025-08-26T12:13:54-04:00 Fix naming of "Secondary" to be "User-Defined" + - 45765c51 2025-08-25T14:11:18-07:00 fix intermittent disk space issue + +- kubernetes image-amd64 95b8140e3a53ffc6aab114c39e07a439dfdf7f9e to 5c9df339496a7595967e06682ece7d0b2145411c + - 61a5f42bd 2025-09-11T17:26:59-04:00 UPSTREAM: : hack/update-vendor.sh, make update and update image + - 03e764d03 2025-09-09T19:43:57+00:00 Release commit for Kubernetes v1.33.5 + - b246955af 2025-08-28T22:57:01+08:00 Fix missing control plane health check timeout + - c1a0f959a 2025-08-28T10:31:15+02:00 Add a note about Conflicts return value + - 2d6c21edd 2025-08-28T10:31:15+02:00 Fix SELinux label comparison + - fe2d1b268 2025-08-28T10:31:15+02:00 Add missing cases to SELinuxMount tests + - 9d0999731 2025-08-21T09:09:11-04:00 Remove patch/update from ServiceCIDR API conformance test + - 98b3daba8 2025-08-14T13:31:05+02:00 Bump dependencies, images and versions used to Go 1.24.6 and distroless iptables + - 0ae9d1d16 2025-08-13T14:40:41+00:00 Update CHANGELOG/CHANGELOG-1.33.md for v1.33.4 + - d8676a24c 2025-07-22T08:21:08-04:00 Added NodeSelectors field to DriverDefinition + - b5fa540b2 2025-07-16T11:07:06+02:00 Mask Linux thermal interrupt info in /proc and /sys. + +- oc image-arm64 fa1bc38754e9b24d392d7845a290cf996d8da146 to 0e4fabc98dc46c9fca79544297783053a49370ce - 4e6421d1 2025-09-17T14:26:04+02:00 pkg/.../inspect: Add support for context - 08ec7194 2025-09-17T13:08:45+02:00 must-gather: Align cleanup order - 19c0d4b7 2025-09-17T12:59:07+03:00 Add tchap as reviewer in oc - - 582a8bdc 2025-09-11T14:31:15+02:00 vendor: Update library-go and go-ldap - - 21b0e7cb 2025-09-11T14:31:15+02:00 oc adm groups sync: Use client.Unbind -- coredns image-amd64 6f39336e6da9dc77b2db140a96773c413d50a665 to 42e2cf1e46dfd9dd11669b06fb1d619cd9335e17 +- coredns image-arm64 6f39336e6da9dc77b2db140a96773c413d50a665 to 42e2cf1e46dfd9dd11669b06fb1d619cd9335e17 - 6e38175 2025-09-15T16:48:48-04:00 Add bentito (btofel@redhat.com) to OWNERS -- router image-amd64 2bc8169c87ccd69cceeeab7552bedb6f16a34c84 to 2c1a6790a4208cea7b8809ebdba3d2a8223827a8 +- router image-arm64 2bc8169c87ccd69cceeeab7552bedb6f16a34c84 to 846c6ca6d4222fd0fcd7891edb66dcf226f61c45 - c153dfe 2025-09-15T16:49:10-04:00 Add bentito (btofel@redhat.com) to OWNERS - - 2add7ea 2025-06-20T06:39:20Z Updating ose-haproxy-router-base-container image to be consistent with ART for 4.20 Reconciling with https://github.com/openshift/ocp-build-data/tree/8f77fc475c95f9d98c348deb2feb88f5952d7357/images/ose-haproxy-router-base.yml + - 088afb0 2025-06-20T13:08:14+00:00 Updating openshift-enterprise-haproxy-router-container image to be consistent with ART for 4.20 Reconciling with https://github.com/openshift/ocp-build-data/tree/8f77fc475c95f9d98c348deb2feb88f5952d7357/images/openshift-enterprise-haproxy-router.yml + - 2add7ea 2025-06-20T06:39:20+00:00 Updating ose-haproxy-router-base-container image to be consistent with ART for 4.20 Reconciling with https://github.com/openshift/ocp-build-data/tree/8f77fc475c95f9d98c348deb2feb88f5952d7357/images/ose-haproxy-router-base.yml -- ovn-kubernetes image-amd64 8567f11fa93e164b6eb424ce2f831c608e1094f4 to 5ad762f86466c2e11b94da2cee211cec97e16a3a - - b36bb31d 2025-08-29T13:27:35-04:00 OCPBUGS-61065: As part of DPF installation we are required to use OCP downstream image for dpu service. Dpu service uses upstream ovnkube.sh script that requires ovndb-raft-functions.sh as a dependency. This change copies it into the image as part of Dockerfile.base - -- kubernetes image-amd64 679fad59c6fcb6cd86bccb25ac702ec10d5ea15b to 95b8140e3a53ffc6aab114c39e07a439dfdf7f9e +- kubernetes image-arm64 b59afbdc1eb4ecb7c8b19b8cc95c4657df6caf6d to 5c9df339496a7595967e06682ece7d0b2145411c - bd238e196 2025-09-17T10:47:16-04:00 UPSTREAM: : Add retries for GetCurrentResourceVersion. - - 87b26c865 2025-09-09T13:36:27+02:00 UPSTREAM: 133959: Do not remove PVC ClaimRef to fix flaky VAC test - -- service-ca-operator image-amd64 b0fe556a981964728306f803864af9d2881db967 to a40d9a8ec60e0c6c1578300c372b6104130f2ecc + - 61a5f42bd 2025-09-11T17:26:59-04:00 UPSTREAM: : hack/update-vendor.sh, make update and update image + - 03e764d03 2025-09-09T19:43:57+00:00 Release commit for Kubernetes v1.33.5 + - b246955af 2025-08-28T22:57:01+08:00 Fix missing control plane health check timeout + - c1a0f959a 2025-08-28T10:31:15+02:00 Add a note about Conflicts return value + - 2d6c21edd 2025-08-28T10:31:15+02:00 Fix SELinux label comparison + - fe2d1b268 2025-08-28T10:31:15+02:00 Add missing cases to SELinuxMount tests + - 9d0999731 2025-08-21T09:09:11-04:00 Remove patch/update from ServiceCIDR API conformance test + - 98b3daba8 2025-08-14T13:31:05+02:00 Bump dependencies, images and versions used to Go 1.24.6 and distroless iptables + - 0ae9d1d16 2025-08-13T14:40:41+00:00 Update CHANGELOG/CHANGELOG-1.33.md for v1.33.4 + - d8676a24c 2025-07-22T08:21:08-04:00 Added NodeSelectors field to DriverDefinition + - b5fa540b2 2025-07-16T11:07:06+02:00 Mask Linux thermal interrupt info in /proc and /sys. + +- service-ca-operator image-arm64 b0fe556a981964728306f803864af9d2881db967 to a40d9a8ec60e0c6c1578300c372b6104130f2ecc - dc11bc4 2025-09-15T11:18:02+02:00 secret_creating_controller: improve hotloop tests - ae08731 2025-09-12T14:56:47+02:00 secret_creating_controller: fix hotloop on create secret error - 9052e26 2025-09-12T14:41:46+02:00 secret_creating_controller_test: cover failure with invalid name - 8a83a3f 2025-09-11T17:24:11+02:00 secret_creating_controller_test: add secretName to test struct - 9e0422c 2025-09-11T17:22:42+02:00 secret_creating_controller_test: fix typo in test struct field name -- oc image-arm64 f7c9fc36fbaa85b3cbf0c2e85dd4a42e20f6952d to fa1bc38754e9b24d392d7845a290cf996d8da146 - - 582a8bdc 2025-09-11T14:31:15+02:00 vendor: Update library-go and go-ldap - - 21b0e7cb 2025-09-11T14:31:15+02:00 oc adm groups sync: Use client.Unbind - -- ovn-kubernetes image-arm64 8567f11fa93e164b6eb424ce2f831c608e1094f4 to 5ad762f86466c2e11b94da2cee211cec97e16a3a - - b36bb31d 2025-08-29T13:27:35-04:00 OCPBUGS-61065: As part of DPF installation we are required to use OCP downstream image for dpu service. Dpu service uses upstream ovnkube.sh script that requires ovndb-raft-functions.sh as a dependency. This change copies it into the image as part of Dockerfile.base - -- kubernetes image-arm64 679fad59c6fcb6cd86bccb25ac702ec10d5ea15b to b59afbdc1eb4ecb7c8b19b8cc95c4657df6caf6d - - 87b26c865 2025-09-09T13:36:27+02:00 UPSTREAM: 133959: Do not remove PVC ClaimRef to fix flaky VAC test - diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index 966c8b52ff..a63f104190 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -1,35 +1,35 @@ -https://github.com/openshift/api embedded-component 83b017b06367bf8564bf94f5c6c1ad8aed5d3ab9 +https://github.com/openshift/api embedded-component 8a46f746f2cf87624651e6e8a85421b49bef3b6e https://github.com/openshift/cluster-csi-snapshot-controller-operator embedded-component 3880c9659829c9904e58a943050e8dfd4c9a79cb https://github.com/openshift/cluster-dns-operator embedded-component 1272aef21dd5dcdbefbf4888c7b0a4a427683fd7 -https://github.com/openshift/cluster-ingress-operator embedded-component c968596268df58ed8747a8f88ebb8c501824bbb2 -https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 25092d8447b0186402dcf2a6564f6ac2ebf55c9b +https://github.com/openshift/cluster-ingress-operator embedded-component 69ba323f05c84f72f11a0d086836b3f3412512d4 +https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 6333489fd7d8d3494372cb830efba40eb28e45c1 https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component a92da07ac1f335c148411c838dd2982c9ca90988 https://github.com/openshift/cluster-kube-scheduler-operator embedded-component 2345371abed5896006ac4a60c7d555fc25502c0a -https://github.com/openshift/cluster-network-operator embedded-component c069f36d58d9d8ad4a9cd23a410fb263a5e689ed +https://github.com/openshift/cluster-network-operator embedded-component 23c976c3ae4a9db28a6c2714840bc71bb0ed20c5 https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component da1e14c45093c19bc79e2055c9f4a55efc1cc1a8 -https://github.com/openshift/cluster-policy-controller embedded-component 0e2948510331ff9351c5eb6d7f2f440afc7aa17a +https://github.com/openshift/cluster-policy-controller embedded-component 5c0dd7a1b366d314aa9c929fe775ee3041b348cb https://github.com/openshift/csi-external-snapshotter embedded-component ba8194d5920973069bc56a8bf5844afeedc66bbd https://github.com/openshift/etcd embedded-component 9c065d4d842c8de57806426c13201413b4d595e2 -https://github.com/openshift/kubernetes embedded-component 95b8140e3a53ffc6aab114c39e07a439dfdf7f9e +https://github.com/openshift/kubernetes embedded-component 5c9df339496a7595967e06682ece7d0b2145411c https://github.com/openshift/kubernetes-kube-storage-version-migrator embedded-component 0f8a4eb84ace9b746cf25d51d80dacf34ca5f953 -https://github.com/openshift/machine-config-operator embedded-component 223bed017865d085a6fda3a41050627be96ed340 -https://github.com/openshift/openshift-controller-manager embedded-component b297407761ee836f0a43a42ba0486bc97b54f888 -https://github.com/openshift/operator-framework-olm embedded-component 44c993131781ff5bfb8665b0e6cc1d2a3bf23839 -https://github.com/openshift/route-controller-manager embedded-component bf2fa662f57f233d8541f94c4953e0dcd7a5ab20 +https://github.com/openshift/machine-config-operator embedded-component 733131d0113f142aa90172c8e6d653491d2c333f +https://github.com/openshift/openshift-controller-manager embedded-component 15fc552a73e47ae715f0cf59e3f535e26b43477a +https://github.com/openshift/operator-framework-olm embedded-component 0b07ab92a28d0377c6600d0b40c5486b4b942ca1 +https://github.com/openshift/route-controller-manager embedded-component 9f4b06c555c177a7d3bf96c4b407f7c76c4492e4 https://github.com/openshift/service-ca-operator embedded-component a40d9a8ec60e0c6c1578300c372b6104130f2ecc https://github.com/openshift/oc image-amd64 0e4fabc98dc46c9fca79544297783053a49370ce https://github.com/openshift/coredns image-amd64 42e2cf1e46dfd9dd11669b06fb1d619cd9335e17 https://github.com/openshift/csi-external-snapshotter image-amd64 ba8194d5920973069bc56a8bf5844afeedc66bbd -https://github.com/openshift/router image-amd64 2c1a6790a4208cea7b8809ebdba3d2a8223827a8 +https://github.com/openshift/router image-amd64 4ab58e470655440e32e82f89c2856fd2100b00ae https://github.com/openshift/kube-rbac-proxy image-amd64 b9134351be37c43408334047d8eb85d0ac01fe4e -https://github.com/openshift/ovn-kubernetes image-amd64 5ad762f86466c2e11b94da2cee211cec97e16a3a -https://github.com/openshift/kubernetes image-amd64 95b8140e3a53ffc6aab114c39e07a439dfdf7f9e +https://github.com/openshift/ovn-kubernetes image-amd64 e71219323b38af7afff0710a815a539260832550 +https://github.com/openshift/kubernetes image-amd64 5c9df339496a7595967e06682ece7d0b2145411c https://github.com/openshift/service-ca-operator image-amd64 a40d9a8ec60e0c6c1578300c372b6104130f2ecc -https://github.com/openshift/oc image-arm64 fa1bc38754e9b24d392d7845a290cf996d8da146 -https://github.com/openshift/coredns image-arm64 6f39336e6da9dc77b2db140a96773c413d50a665 +https://github.com/openshift/oc image-arm64 0e4fabc98dc46c9fca79544297783053a49370ce +https://github.com/openshift/coredns image-arm64 42e2cf1e46dfd9dd11669b06fb1d619cd9335e17 https://github.com/openshift/csi-external-snapshotter image-arm64 ba8194d5920973069bc56a8bf5844afeedc66bbd -https://github.com/openshift/router image-arm64 2bc8169c87ccd69cceeeab7552bedb6f16a34c84 +https://github.com/openshift/router image-arm64 846c6ca6d4222fd0fcd7891edb66dcf226f61c45 https://github.com/openshift/kube-rbac-proxy image-arm64 b9134351be37c43408334047d8eb85d0ac01fe4e https://github.com/openshift/ovn-kubernetes image-arm64 5ad762f86466c2e11b94da2cee211cec97e16a3a -https://github.com/openshift/kubernetes image-arm64 b59afbdc1eb4ecb7c8b19b8cc95c4657df6caf6d -https://github.com/openshift/service-ca-operator image-arm64 b0fe556a981964728306f803864af9d2881db967 +https://github.com/openshift/kubernetes image-arm64 5c9df339496a7595967e06682ece7d0b2145411c +https://github.com/openshift/service-ca-operator image-arm64 a40d9a8ec60e0c6c1578300c372b6104130f2ecc diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index e07a6f373d..bc40aff1aa 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.21.0-0.nightly-2025-09-18-193221" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.21.0-0.nightly-arm64-2025-09-16-163803" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.21.0-0.nightly-2025-09-25-082813" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.21.0-0.nightly-arm64-2025-09-20-145748" diff --git a/scripts/multinode/configure-sec.sh b/scripts/multinode/configure-sec.sh index 5b90b4dec8..194703a097 100755 --- a/scripts/multinode/configure-sec.sh +++ b/scripts/multinode/configure-sec.sh @@ -77,10 +77,10 @@ function configure_kubelet() { # Checksums can be obtained from https://www.downloadkubernetes.com/ # or by downloading a "${url}.sha256" file (see below for ${url}). For example: - # version=v1.33.4; for kube_arch in amd64 arm64; do echo "${kube_arch}: $(curl -L https://dl.k8s.io/release/${version}/bin/linux/${kube_arch}/kubelet.sha256 2>/dev/null)"; done - local -r version="v1.33.4" - local -r kube_hash_amd64="109bd2607b054a477ede31c55ae814eae8e75543126dc4cea40b04424d843489" - local -r kube_hash_arm64="623329b1a5f4858e3a5406d3947807b75144f4e71dde11ef1a71362c3a8619cc" + # version=v1.33.5; for kube_arch in amd64 arm64; do echo "${kube_arch}: $(curl -L https://dl.k8s.io/release/${version}/bin/linux/${kube_arch}/kubelet.sha256 2>/dev/null)"; done + local -r version="v1.33.5" + local -r kube_hash_amd64="8f6106b970259486c5af5cbee404d4f23406d96d99dfb92a6965b299c2a4db0e" + local -r kube_hash_arm64="c6ad0510c089d49244eede2638b4a4ff125258fd29a0649e7eef05c7f79c737f" local kube_arch="" local kube_hash="" diff --git a/vendor/github.com/openshift/cluster-policy-controller/pkg/psalabelsyncer/scctopsamapping.go b/vendor/github.com/openshift/cluster-policy-controller/pkg/psalabelsyncer/scctopsamapping.go index ed2fdefb01..65bb858f8b 100644 --- a/vendor/github.com/openshift/cluster-policy-controller/pkg/psalabelsyncer/scctopsamapping.go +++ b/vendor/github.com/openshift/cluster-policy-controller/pkg/psalabelsyncer/scctopsamapping.go @@ -43,7 +43,15 @@ func convertSCCToPSALevel(namespace *corev1.Namespace, scc *securityv1.SecurityC convert_allowPrivilegedContainer(scc.AllowPrivilegedContainer), convert_allowedCapabilities(scc.AllowedCapabilities, scc.RequiredDropCapabilities), convert_unsafeSysctls(scc.AllowedUnsafeSysctls), - convert_volumes(scc.Volumes), + ) + + if restrictivness, err := convert_volumes(scc.Volumes); err != nil { + return privileged, fmt.Errorf("failed to convert SCC %q in namespace %q: %w", scc.Name, namespace.Name, err) + } else { + sccRestrictivness = append(sccRestrictivness, restrictivness) + } + + sccRestrictivness = append(sccRestrictivness, convert_seLinuxOptions(&scc.SELinuxContext), convert_seccompProfile(scc.SeccompProfiles), ) @@ -252,7 +260,7 @@ func convert_runAsUser( } -func convert_volumes(volumes []securityv1.FSType) uint8 { +func convert_volumes(volumes []securityv1.FSType) (uint8, error) { // upstream: check_restrictedVolumes // restricted: // requires: @@ -297,7 +305,7 @@ func convert_volumes(volumes []securityv1.FSType) uint8 { switch v { case securityv1.FSTypeAll, securityv1.FSTypeHostPath: - return privileged + return privileged, nil case securityv1.FSTypeConfigMap, securityv1.FSTypeDownwardAPI, securityv1.FSTypeEmptyDir, @@ -335,12 +343,12 @@ func convert_volumes(volumes []securityv1.FSType) uint8 { currentLevel = baseline } default: - panic(fmt.Errorf("unknown volume type: %s", v)) + return unknown, fmt.Errorf("unknown volume type: %s", v) } } // likely no volumes were configured -> defaults to none allowed - return currentLevel + return currentLevel, nil } func convert_seLinuxOptions(opts *securityv1.SELinuxContextStrategyOptions) uint8 { diff --git a/vendor/k8s.io/kubernetes/pkg/securitycontext/util.go b/vendor/k8s.io/kubernetes/pkg/securitycontext/util.go index 28771b6df2..5e000f9333 100644 --- a/vendor/k8s.io/kubernetes/pkg/securitycontext/util.go +++ b/vendor/k8s.io/kubernetes/pkg/securitycontext/util.go @@ -17,6 +17,10 @@ limitations under the License. package securitycontext import ( + "fmt" + "os" + "sync" + v1 "k8s.io/api/core/v1" ) @@ -188,21 +192,32 @@ func AddNoNewPrivileges(sc *v1.SecurityContext) bool { var ( // These *must* be kept in sync with moby/moby. - // https://github.com/moby/moby/blob/master/oci/defaults.go#L105-L124 - // @jessfraz will watch changes to those files upstream. - defaultMaskedPaths = []string{ - "/proc/asound", - "/proc/acpi", - "/proc/kcore", - "/proc/keys", - "/proc/latency_stats", - "/proc/timer_list", - "/proc/timer_stats", - "/proc/sched_debug", - "/proc/scsi", - "/sys/firmware", - "/sys/devices/virtual/powercap", - } + // https://github.com/moby/moby/blob/ecb03c4cdae6f323150fc11b303dcc5dc4d82416/oci/defaults.go#L190-L218 + defaultMaskedPaths = sync.OnceValue(func() []string { + maskedPaths := []string{ + "/proc/asound", + "/proc/acpi", + "/proc/interrupts", + "/proc/kcore", + "/proc/keys", + "/proc/latency_stats", + "/proc/timer_list", + "/proc/timer_stats", + "/proc/sched_debug", + "/proc/scsi", + "/sys/firmware", + "/sys/devices/virtual/powercap", + } + + for _, cpu := range possibleCPUs() { + path := fmt.Sprintf("/sys/devices/system/cpu/cpu%d/thermal_throttle", cpu) + if _, err := os.Stat(path); err == nil { + maskedPaths = append(maskedPaths, path) + } + } + + return maskedPaths + }) defaultReadonlyPaths = []string{ "/proc/bus", "/proc/fs", @@ -221,7 +236,7 @@ func ConvertToRuntimeMaskedPaths(opt *v1.ProcMountType) []string { } // Otherwise, add the default masked paths to the runtime security context. - return defaultMaskedPaths + return defaultMaskedPaths() } // ConvertToRuntimeReadonlyPaths converts the ProcMountType to the specified or default diff --git a/vendor/k8s.io/kubernetes/pkg/securitycontext/util_darwin.go b/vendor/k8s.io/kubernetes/pkg/securitycontext/util_darwin.go new file mode 100644 index 0000000000..9d14502acb --- /dev/null +++ b/vendor/k8s.io/kubernetes/pkg/securitycontext/util_darwin.go @@ -0,0 +1,21 @@ +/* +Copyright 2025 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package securitycontext + +func possibleCPUs() []int { + return nil +} diff --git a/vendor/k8s.io/kubernetes/pkg/securitycontext/util_linux.go b/vendor/k8s.io/kubernetes/pkg/securitycontext/util_linux.go new file mode 100644 index 0000000000..bcaab4eb3e --- /dev/null +++ b/vendor/k8s.io/kubernetes/pkg/securitycontext/util_linux.go @@ -0,0 +1,74 @@ +/* +Copyright 2025 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package securitycontext + +import ( + "os" + "runtime" + "strconv" + "strings" + "sync" +) + +// possibleCPUs returns the number of possible CPUs on this host. +func possibleCPUs() (cpus []int) { + if ncpu := possibleCPUsParsed(); ncpu != nil { + return ncpu + } + + for i := range runtime.NumCPU() { + cpus = append(cpus, i) + } + + return cpus +} + +// possibleCPUsParsed is parsing the amount of possible CPUs on this host from +// /sys/devices. +var possibleCPUsParsed = sync.OnceValue(func() (cpus []int) { + data, err := os.ReadFile("/sys/devices/system/cpu/possible") + if err != nil { + return nil + } + + ranges := strings.Split(strings.TrimSpace(string(data)), ",") + + for _, r := range ranges { + if rStart, rEnd, ok := strings.Cut(r, "-"); !ok { + cpu, err := strconv.Atoi(rStart) + if err != nil { + return nil + } + cpus = append(cpus, cpu) + } else { + var start, end int + start, err := strconv.Atoi(rStart) + if err != nil { + return nil + } + end, err = strconv.Atoi(rEnd) + if err != nil { + return nil + } + for i := start; i <= end; i++ { + cpus = append(cpus, i) + } + } + } + + return cpus +}) diff --git a/vendor/k8s.io/kubernetes/pkg/securitycontext/util_windows.go b/vendor/k8s.io/kubernetes/pkg/securitycontext/util_windows.go new file mode 100644 index 0000000000..9d14502acb --- /dev/null +++ b/vendor/k8s.io/kubernetes/pkg/securitycontext/util_windows.go @@ -0,0 +1,21 @@ +/* +Copyright 2025 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package securitycontext + +func possibleCPUs() []int { + return nil +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 1736d1a6ab..2eebe1a0f5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -655,7 +655,7 @@ github.com/openshift/client-go/user/informers/externalversions/internalinterface github.com/openshift/client-go/user/informers/externalversions/user github.com/openshift/client-go/user/informers/externalversions/user/v1 github.com/openshift/client-go/user/listers/user/v1 -# github.com/openshift/cluster-policy-controller v0.0.0-20250915194436-0e2948510331 +# github.com/openshift/cluster-policy-controller v0.0.0-20250922125535-5c0dd7a1b366 ## explicit; go 1.24.0 github.com/openshift/cluster-policy-controller/pkg/client/genericinformers github.com/openshift/cluster-policy-controller/pkg/cmd/cluster-policy-controller @@ -718,7 +718,7 @@ github.com/openshift/library-go/pkg/route/validation github.com/openshift/library-go/pkg/security/ldaputil github.com/openshift/library-go/pkg/security/uid github.com/openshift/library-go/pkg/serviceability -# github.com/openshift/route-controller-manager v0.0.0-20250725082216-bf2fa662f57f +# github.com/openshift/route-controller-manager v0.0.0-20250923162243-9f4b06c555c1 ## explicit; go 1.24.0 github.com/openshift/route-controller-manager/pkg/cmd/controller github.com/openshift/route-controller-manager/pkg/cmd/route-controller-manager @@ -1186,7 +1186,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/api +# k8s.io/api v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/api ## explicit; go 1.24.0 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1248,7 +1248,7 @@ k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 k8s.io/api/storagemigration/v1alpha1 -# k8s.io/apiextensions-apiserver v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver +# k8s.io/apiextensions-apiserver v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver ## explicit; go 1.24.0 k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1295,7 +1295,7 @@ k8s.io/apiextensions-apiserver/pkg/generated/openapi k8s.io/apiextensions-apiserver/pkg/registry/customresource k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition -# k8s.io/apimachinery v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery +# k8s.io/apimachinery v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery ## explicit; go 1.24.0 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1373,7 +1373,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiserver +# k8s.io/apiserver v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiserver ## explicit; go 1.24.0 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/configuration @@ -1558,13 +1558,13 @@ k8s.io/apiserver/plugin/pkg/authenticator/token/oidc k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook/metrics -# k8s.io/cli-runtime v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime +# k8s.io/cli-runtime v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime ## explicit; go 1.24.0 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/genericiooptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go +# k8s.io/client-go v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go ## explicit; go 1.24.0 k8s.io/client-go/applyconfigurations k8s.io/client-go/applyconfigurations/admissionregistration/v1 @@ -1933,7 +1933,7 @@ k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/watchlist k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider +# k8s.io/cloud-provider v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider ## explicit; go 1.24.0 k8s.io/cloud-provider k8s.io/cloud-provider/api @@ -1952,14 +1952,14 @@ k8s.io/cloud-provider/service/helpers k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers -# k8s.io/cluster-bootstrap v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap +# k8s.io/cluster-bootstrap v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap ## explicit; go 1.24.0 k8s.io/cluster-bootstrap/token/api k8s.io/cluster-bootstrap/token/jws k8s.io/cluster-bootstrap/token/util k8s.io/cluster-bootstrap/util/secrets k8s.io/cluster-bootstrap/util/tokens -# k8s.io/component-base v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-base +# k8s.io/component-base v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-base ## explicit; go 1.24.0 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -1998,7 +1998,7 @@ k8s.io/component-base/zpages/features k8s.io/component-base/zpages/flagz k8s.io/component-base/zpages/httputil k8s.io/component-base/zpages/statusz -# k8s.io/component-helpers v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers +# k8s.io/component-helpers v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers ## explicit; go 1.24.0 k8s.io/component-helpers/apimachinery/lease k8s.io/component-helpers/apps/poddisruptionbudget @@ -2012,7 +2012,7 @@ k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/ephemeral k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager +# k8s.io/controller-manager v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager ## explicit; go 1.24.0 k8s.io/controller-manager/app k8s.io/controller-manager/config @@ -2029,22 +2029,22 @@ k8s.io/controller-manager/pkg/informerfactory k8s.io/controller-manager/pkg/leadermigration k8s.io/controller-manager/pkg/leadermigration/config k8s.io/controller-manager/pkg/leadermigration/options -# k8s.io/cri-api v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cri-api +# k8s.io/cri-api v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cri-api ## explicit; go 1.24.0 k8s.io/cri-api/pkg/apis k8s.io/cri-api/pkg/apis/runtime/v1 k8s.io/cri-api/pkg/errors -# k8s.io/cri-client v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cri-client +# k8s.io/cri-client v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cri-client ## explicit; go 1.24.0 k8s.io/cri-client/pkg k8s.io/cri-client/pkg/internal k8s.io/cri-client/pkg/logs k8s.io/cri-client/pkg/util -# k8s.io/csi-translation-lib v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib +# k8s.io/csi-translation-lib v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib ## explicit; go 1.24.0 k8s.io/csi-translation-lib k8s.io/csi-translation-lib/plugins -# k8s.io/dynamic-resource-allocation v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation +# k8s.io/dynamic-resource-allocation v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation ## explicit; go 1.24.0 k8s.io/dynamic-resource-allocation/api k8s.io/dynamic-resource-allocation/cel @@ -2052,14 +2052,14 @@ k8s.io/dynamic-resource-allocation/internal/queue k8s.io/dynamic-resource-allocation/resourceclaim k8s.io/dynamic-resource-allocation/resourceslice/tracker k8s.io/dynamic-resource-allocation/structured -# k8s.io/endpointslice v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice +# k8s.io/endpointslice v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice ## explicit; go 1.24.0 k8s.io/endpointslice k8s.io/endpointslice/metrics k8s.io/endpointslice/topologycache k8s.io/endpointslice/trafficdist k8s.io/endpointslice/util -# k8s.io/externaljwt v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/externaljwt +# k8s.io/externaljwt v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/externaljwt ## explicit; go 1.24.0 k8s.io/externaljwt/apis/v1alpha1 # k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7 @@ -2080,13 +2080,13 @@ k8s.io/klog/v2/internal/severity k8s.io/klog/v2/internal/sloghandler k8s.io/klog/v2/internal/verbosity k8s.io/klog/v2/textlogger -# k8s.io/kms v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kms +# k8s.io/kms v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kms ## explicit; go 1.24.0 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2 k8s.io/kms/pkg/service k8s.io/kms/pkg/util -# k8s.io/kube-aggregator v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator +# k8s.io/kube-aggregator v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator ## explicit; go 1.24.0 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install @@ -2119,7 +2119,7 @@ k8s.io/kube-aggregator/pkg/controllers/status/remote k8s.io/kube-aggregator/pkg/registry/apiservice k8s.io/kube-aggregator/pkg/registry/apiservice/etcd k8s.io/kube-aggregator/pkg/registry/apiservice/rest -# k8s.io/kube-controller-manager v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager +# k8s.io/kube-controller-manager v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager ## explicit; go 1.24.0 k8s.io/kube-controller-manager/config/v1alpha1 # k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff @@ -2153,11 +2153,11 @@ k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson k8s.io/kube-openapi/pkg/validation/validate -# k8s.io/kube-scheduler v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler +# k8s.io/kube-scheduler v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler ## explicit; go 1.24.0 k8s.io/kube-scheduler/config/v1 k8s.io/kube-scheduler/extender/v1 -# k8s.io/kubectl v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubectl +# k8s.io/kubectl v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubectl ## explicit; go 1.24.0 k8s.io/kubectl/pkg/apps k8s.io/kubectl/pkg/cmd/apiresources @@ -2192,7 +2192,7 @@ k8s.io/kubectl/pkg/util/storage k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubelet +# k8s.io/kubelet v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubelet ## explicit; go 1.24.0 k8s.io/kubelet/config/v1 k8s.io/kubelet/config/v1alpha1 @@ -2214,7 +2214,7 @@ k8s.io/kubelet/pkg/cri/streaming k8s.io/kubelet/pkg/cri/streaming/portforward k8s.io/kubelet/pkg/cri/streaming/remotecommand k8s.io/kubelet/pkg/types -# k8s.io/kubernetes v1.33.4 => ./deps/github.com/openshift/kubernetes +# k8s.io/kubernetes v1.33.5 => ./deps/github.com/openshift/kubernetes ## explicit; go 1.24.0 k8s.io/kubernetes/cmd/kube-apiserver/app k8s.io/kubernetes/cmd/kube-apiserver/app/options @@ -3044,7 +3044,7 @@ k8s.io/kubernetes/third_party/forked/gonum/graph/simple k8s.io/kubernetes/third_party/forked/gonum/graph/traverse k8s.io/kubernetes/third_party/forked/libcontainer/apparmor k8s.io/kubernetes/third_party/forked/libcontainer/utils -# k8s.io/metrics v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/metrics +# k8s.io/metrics v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/metrics ## explicit; go 1.24.0 k8s.io/metrics/pkg/apis/custom_metrics k8s.io/metrics/pkg/apis/custom_metrics/v1beta1 @@ -3059,10 +3059,10 @@ k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1 k8s.io/metrics/pkg/client/custom_metrics k8s.io/metrics/pkg/client/custom_metrics/scheme k8s.io/metrics/pkg/client/external_metrics -# k8s.io/mount-utils v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils +# k8s.io/mount-utils v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils ## explicit; go 1.24.0 k8s.io/mount-utils -# k8s.io/pod-security-admission v1.33.4 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission +# k8s.io/pod-security-admission v1.33.5 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission ## explicit; go 1.24.0 k8s.io/pod-security-admission/admission k8s.io/pod-security-admission/admission/api