Update ansible

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
ansible (source)	11.12.0 → 13.3.0				major
community.general	11.4.1 → 12.3.0			galaxy-collection	major
containers.podman	1.18.0 → 1.19.0			galaxy-collection	minor
hcloud (changelog)	==2.9.0 → ==2.16.0				minor
hetzner.hcloud	6.0.0 → 6.7.0			galaxy-collection	minor
jmespath	==1.0.1 → ==1.1.0				minor
kubernetes	==34.1.0 → ==35.0.0				major
kubernetes-validate	==1.34.1 → ==1.35.0				minor
kubernetes.core	6.2.0 → 6.3.0			galaxy-collection	minor
library/python	3.13.11 → 3.14.3				minor

---

Release Notes

ansible-community/ansible-build-data (ansible)

v13.3.0

Compare Source

v13.2.0

Compare Source

v13.1.0

Compare Source

v13.0.0

Compare Source

v12.3.0

Compare Source

v12.2.0

Compare Source

v12.1.0

Compare Source

v12.0.0

Compare Source

v11.13.0

Compare Source

ansible-collections/community.general (community.general)

v12.3.0

Compare Source

See https://github.com/ansible-collections/community.general/blob/stable-12/CHANGELOG.md for all changes.

v12.2.0

Compare Source

See https://github.com/ansible-collections/community.general/blob/stable-12/CHANGELOG.md for all changes.

v12.1.0

Compare Source

See https://github.com/ansible-collections/community.general/blob/stable-12/CHANGELOG.md for all changes.

v12.0.1

Compare Source

See https://github.com/ansible-collections/community.general/blob/stable-12/CHANGELOG.md for all changes.

v12.0.0

Compare Source

See https://github.com/ansible-collections/community.general/blob/stable-12/CHANGELOG.md for all changes.

v11.4.4

Compare Source

See https://github.com/ansible-collections/community.general/blob/stable-11/CHANGELOG.md for all changes.

v11.4.3

Compare Source

See https://github.com/ansible-collections/community.general/blob/stable-11/CHANGELOG.md for all changes.

v11.4.2

Compare Source

See https://github.com/ansible-collections/community.general/blob/stable-11/CHANGELOG.md for all changes.

containers/ansible-podman-collections (containers.podman)

v1.19.0

Compare Source

=======

Release Summary

Add podman Quadlet modules

Major Changes

• Add podman Quadlet modules

New Modules

• containers.podman.podman_quadlet - Install or remove Podman Quadlets
• containers.podman.podman_quadlet_info - Gather information about Podman Quadlets

v1.18.2

Compare Source

=======

Release Summary

Fix deprecation warnings and improve CI

Minor Changes

• Fix tests for new Podman

Bugfixes

• Fix Ansible warning about test utils

v1.18.1

Compare Source

=======

Release Summary

New podman and buildah connections and bugfixes

Major Changes

• Rewrite podman and buildah connections

Minor Changes

• Add configuration for new Ansible release
• Fix CI of Podman Search modul
• add passthrough and none log driver options

Bugfixes

• Fix idempotency for tagging local images
• Fix image idempotency in pull
• Fix issue with --rm and service in Quadlet
• fix(podman_prune) set top-level changed status

hetznercloud/hcloud-python (hcloud)

v2.16.0

Compare Source

Storage Boxes support is now generally available

The experimental phase for Storage Boxes is over, and Storage Boxes support is now generally available.

Features

• servers: allow setting user_data for rebuild (#​627)
• Storage Box support no longer experimental (#​626)

v2.15.0

Compare Source

Features

• add name to Storage Box Subaccount (#​621)

v2.14.0

Compare Source

Features

• retry requests when the api returns a timeout error (#​617)

v2.13.0

Compare Source

Features

• add per primary ip actions list operations (#​608)
• deprecate datacenter in primary ips and servers (#​609)

v2.12.0

Compare Source

Storage Box API Experimental

This release adds support for the Storage Box API.

The Storage Box integration will be introduced as an experimental feature. This experimental phase is expected to last at least until 12 January 2026. During this period, upcoming minor releases of the project may include breaking changes to features related to Storage Boxes.

This release includes all changes from the recent Storage Box API changelog entry.

Examples

response = client.storage_boxes.create(
    name="string",
    location=Location(name="fsn1"),
    storage_box_type=StorageBoxType(name="bx11"),
    labels={
        "environment": "prod",
        "example.com/my": "label",
        "just-a-key": "",
    },
    password="my-password",
    access_settings=StorageBoxAccessSettings(
        reachable_externally=False,
        samba_enabled=False,
        ssh_enabled=False,
        webdav_enabled=False,
        zfs_enabled=False,
    ),
    ssh_keys=[SSHKey(public_key="ssh-rsa AAAjjk76kgf...Xt")],
)

response.action.wait_until_finished()

storage_box = response.storage_box

Features

• add update rrset records action to zone client (#​597)
• add support for Storage Boxes (#​524)

v2.11.1

Compare Source

Bug Fixes

• support reloading sub resource bound models (#​590)

v2.11.0

Compare Source

DNS API is now generally available

The DNS API is now generally available, as well as support for features in this project that are related to the DNS API.

To migrate existing zones to the new DNS API, see the DNS migration guide.

See the changelog for more details.

Features

• DNS support is now generally available (#​581)

v2.10.0

Compare Source

Features

• exp: add zone format txt record helper (#​578)
• add server and load balancer private_net_for helper method (#​580)

ansible-collections/hetzner.hcloud (hetzner.hcloud)

v6.7.0

Compare Source

======

Minor Changes

• floating_ip - Unassign Floating IP before deleting it.
• primary_ip - Unassign Primary IP before deleting it.

v6.6.0

Compare Source

======

Release Summary

The experimental phase for Storage Boxes is over, and Storage Boxes support is now generally available.

Minor Changes

• server - Rebuilding a Server now supports the user_data argument.
• storage_box - The module is no longer marked as experimental.
• storage_box_info - The module is no longer marked as experimental.
• storage_box_snapshot - The module is no longer marked as experimental.
• storage_box_snapshot_info - The module is no longer marked as experimental.
• storage_box_subaccount - The module is no longer marked as experimental.
• storage_box_subaccount_info - The module is no longer marked as experimental.
• storage_box_type_info - The module is no longer marked as experimental.

v6.5.0

Compare Source

======

Minor Changes

• All module_utils are now marked as private. None of the modules were intended for public use.
• storage_box_subaccount - Replace the label based name workaround, with the new Storage Box Subaccount name property in the API.
• storage_box_subaccount_info - Replace the label based name workaround, with the new Storage Box Subaccount name property in the API.

v6.4.0

Compare Source

======

Release Summary

This release is phasing out datacenters in Primary IPs and Servers.

We added a new location property to the request body and response of Servers and Primary IPs.
The same data was previously present under datacenter.location.

We deprecated the datacenter property in the request body and response of Servers and Primary IPs.
The removal will happen after 1 July 2026.

See our changelog_ for more details.

.. _changelog: https://docs.hetzner.cloud/changelog#2025-12-16-phasing-out-datacenters

Minor Changes

• primary_ip - Added the Primary IP location name to the return values (hcloud_primary_ip.location).
• primary_ip - Added the location argument to create a Primary IP in a specific location.
• primary_ip_info - Added the Primary IPs location name to the return values (hcloud_primary_ip_info[].location).

Deprecated Features

• hcloud inventory - The hcloud_datacenter host variable is deprecated and will be removed after 1 July 2026. Please use the hcloud_location host variable instead.
• network_info - The hcloud_network_info[].servers[].datacenter return value is deprecated and will be removed after 1 July 2026. Please use the hcloud_network_info[].servers[].location return value instead.
• primary_ip - The datacenter argument is deprecated and will be removed after 1 July 2026. Please use the location argument instead.
• primary_ip - The hcloud_primary_ip.datacenter return value is deprecated and will be removed after 1 July 2026. Please use the hcloud_primary_ip.location return value instead.
• primary_ip_info - The hcloud_primary_ip_info[].datacenter return value is deprecated and will be removed after 1 July 2026. Please use the hcloud_primary_ip_info[].location return value instead.
• server - The datacenter argument is deprecated and will be removed after 1 July 2026. Please use the location argument instead.
• server - The hcloud_server.datacenter return value is deprecated and will be removed after 1 July 2026. Please use the hcloud_server.location return value instead.
• server_info - The hcloud_server_info[].datacenter return value is deprecated and will be removed after 1 July 2026. Please use the hcloud_server_info[].location return value instead.

Bugfixes

• Invalid redirects for Storage Box modules are now fixed by using fully qualified module names.

v6.3.0

Compare Source

======

Release Summary

This release adds support for the new Storage Box API_.

Storage Box support is experimental, breaking changes may occur within minor releases.

See the experimental tracking issue_ for more details.

Examples

.. code:: yaml

- name: Create a Storage Box
  hetzner.hcloud.storage_box:
    name: backups
    storage_box_type: bx11
    location: fsn1
    password: my-secret
    access_settings:
      reachable_externally: true
      ssh_enabled: true
    state: present

- name: Create a Storage Box Subaccount
  hetzner.hcloud.storage_box_subaccount:
    storage_box: backups
    name: subaccount1
    home_directory: backups/subaccount1
    password: secret
    access_settings:
      readonly: true
    labels:
      env: prod
    state: present

- name: Take a Storage Box Snapshot
  hetzner.hcloud.storage_box_snapshot:
    storage_box: backups
    description: before app migration
    labels:
      env: prod
    state: present

.. _Storage Box API: https://docs.hetzner.cloud/reference/hetzner#storage-boxes
.. _experimental tracking issue: #​756

Minor Changes

• storage_box - New module to create and manage Storage Boxes in Hetzner.
• storage_box_info - New module to gather infos about Hetzner Storage Boxes.
• storage_box_snapshot - New module to create and manage Storage Box Snapshots in Hetzner.
• storage_box_snapshot_info - New module to gather infos about Hetzner Storage Box Snapshots.
• storage_box_subaccount - New module to create and manage Storage Box Subaccounts in Hetzner.
• storage_box_subaccount_info - New module to gather infos about Hetzner Storage Box Subaccounts.
• storage_box_type_info - New module to gather infos about Hetzner Storage Box Types.

v6.2.1

Compare Source

======

Bugfixes

• zone_rrset - Records order is not guaranteed, the module will not generate a diff if the order of records changes.
• zone_rrset - Records without comments will not generate a diff anymore.

v6.2.0

Compare Source

======

Release Summary

DNS API is now generally available

The DNS API is now generally available, as well as support for features
in this project that are related to the DNS API.

To migrate existing zones to the new DNS API, see the DNS migration guide <https://docs.hetzner.com/networking/dns/migration-to-hetzner-console/process/>__.

See the
changelog <https://docs.hetzner.cloud/changelog#2025-11-10-dns-ga>__
for more details.

Minor Changes

• DNS support is now generally available.

v6.1.0

Compare Source

======

Minor Changes

• load_balancer_network - Add ip_range argument to attach a load balancer to a specific subnet.
• server_network - Add ip_range argument to attach a load balancer to a specific subnet.
• txt_record - Add new txt_record filter to help format TXT , e.g. "{{ 'v=spf1 include:_spf.example.net ~all' | hetzner.hcloud.txt_record }}".

Bugfixes

• firewall - Ensure idempotency when using non canonical ipv6 representation in Firewall rules.

jmespath/jmespath.py (jmespath)

v1.1.0

Compare Source

=====

• Fix concurrency issue with cache
  (pr #&#8203;335 <https://github.com/jmespath/jmespath.py/pull/335>__)
• Added support for Python 3.12-3.14 (pr #&#8203;331 <https://github.com/jmespath/jmespath.py/pull/331>__)
• Removed support for Python 3.7-3.8 (pr #&#8203;335 <https://github.com/jmespath/jmespath.py/pull/335>__)

kubernetes-client/python (kubernetes)

v35.0.0

Compare Source

Kubernetes API Version: v1.35.0

API Change

• Added ObservedGeneration to CustomResourceDefinition conditions. (kubernetes/kubernetes#134984, @​michaelasp)

• Added WithOrigin within apis/core/validation with adjusted tests. (kubernetes/kubernetes#132825, @​PatrickLaabs)

• Added scoring for the prioritized list feature so nodes that best satisfy the highest-ranked subrequests were chosen. (kubernetes/kubernetes#134711, @​mortent) [SIG Node, Scheduling and Testing]

• Added the --min-compatibility-version flag to kube-apiserver, kube-controller-manager, and kube-scheduler. (kubernetes/kubernetes#133980, @​siyuanfoundation) [SIG API Machinery, Architecture, Cluster Lifecycle, Etcd, Scheduling and Testing]

• Added the StorageVersionMigration v1beta1 API and removed the v1alpha1 API.

  ACTION REQUIRED: The v1alpha1 API is no longer supported. Users must remove any v1alpha1 resources before upgrading. (kubernetes/kubernetes#134784, @​michaelasp) [SIG API Machinery, Apps, Auth, Etcd and Testing]

• Added validation to ensure log-flush-frequency is a positive value, returning an error instead of causing a panic. (kubernetes/kubernetes#133540, @​BenTheElder) [SIG Architecture, Instrumentation, Network and Node]

• All containers are restarted when a source container in a restart policy rule exits. This alpha feature is gated behind RestartAllContainersOnContainerExit. (kubernetes/kubernetes#134345, @​yuanwang04) [SIG Apps, Node and Testing]

• CSI drivers can now opt in to receive service account tokens via the secrets field instead of volume context by setting spec.serviceAccountTokenInSecrets: true in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the CSIServiceAccountTokenSecrets feature gate (beta in v1.35). (kubernetes/kubernetes#134826, @​aramase) [SIG API Machinery, Auth, Storage and Testing]

• Changed kuberc configuration schema. Two new optional fields added to kuberc configuration, credPluginPolicy and credPluginAllowlist. This is documented in KEP-3104 and documentation is added to the website by kubernetes/website#52877 (kubernetes/kubernetes#134870, @​pmengelbert) [SIG API Machinery, Architecture, Auth, CLI, Instrumentation and Testing]

• DRA device taints: DeviceTaintRule status provides information about the rule, including whether Pods still need to be evicted (EvictionInProgress condition). The newly added None effect can be used to preview what a DeviceTaintRule would do if it used the NoExecute effect and to taint devices (device health) without immediately affecting scheduling or running Pods. (kubernetes/kubernetes#134152, @​pohly) [SIG API Machinery, Apps, Auth, Node, Release, Scheduling and Testing]

• DRA: The DynamicResourceAllocation feature gate for the core functionality (GA in v1.34) has now been locked to enabled-by-default and cannot be disabled anymore. (kubernetes/kubernetes#134452, @​pohly) [SIG Auth, Node, Scheduling and Testing]

• Enabled kubectl get -o kyaml by default. To disable it, set KUBECTL_KYAML=false. (kubernetes/kubernetes#133327, @​thockin)

• Enabled in-place resizing of pod-level resources.

  • Added Resources in PodStatus to capture resources set in the pod-level cgroup.
  • Added AllocatedResources in PodStatus to capture resources requested in the PodSpec. (kubernetes/kubernetes#132919, @​ndixita) [SIG API Machinery, Apps, Architecture, Auth, CLI, Instrumentation, Node, Scheduling and Testing]

• Enabled the NominatedNodeNameForExpectation feature in kube-scheduler by default.

  • Enabled the ClearingNominatedNodeNameAfterBinding feature in kube-apiserver by default. (kubernetes/kubernetes#135103, @​ania-borowiec) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Scheduling, Storage and Testing]

• Enhanced discovery responses to merge API groups and resources from all peer apiservers when the UnknownVersionInteroperabilityProxy feature is enabled. (kubernetes/kubernetes#133648, @​richabanker) [SIG API Machinery, Auth, Cloud Provider, Node, Scheduling and Testing]

• Extended core/v1 Toleration to support numeric comparison operators (Gt,Lt). (kubernetes/kubernetes#134665, @​helayoty) [SIG API Machinery, Apps, Node, Scheduling, Testing and Windows]

• Feature gate dependencies are now explicit, and validated at startup. A feature can no longer be enabled if it depends on a disabled feature. In particular, this means that AllAlpha=true will no longer work without enabling disabled-by-default beta features that are depended on (either with AllBeta=true or explicitly enumerating the disabled dependencies). (kubernetes/kubernetes#133697, @​tallclair) [SIG API Machinery, Architecture, Cluster Lifecycle and Node]

• Generated OpenAPI model packages for API types into zz_generated.model_name.go files, accessible via the OpenAPIModelName() function. This allows API authors to declare desired OpenAPI model packages instead of relying on the Go package path of API types. (kubernetes/kubernetes#131755, @​jpbetz) [SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing]

• Implemented constrained impersonation as described in KEP-5284. (kubernetes/kubernetes#134803, @​enj) [SIG API Machinery, Auth and Testing]

• Introduced a new declarative validation tag +k8s:customUnique to control listmap uniqueness. (kubernetes/kubernetes#134279, @​yongruilin) [SIG API Machinery and Auth]

• Introduced a structured and versioned v1alpha1 response for the statusz endpoint. (kubernetes/kubernetes#134313, @​richabanker) [SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing]

• Introduced a structured and versioned v1alpha1 response format for the flagz endpoint. (kubernetes/kubernetes#134995, @​yongruilin) [SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing]

• Introduced the GangScheduling kube-scheduler plugin to support "all-or-nothing" scheduling using the scheduling.k8s.io/v1alpha1 Workload API. (kubernetes/kubernetes#134722, @​macsko) [SIG API Machinery, Apps, Auth, CLI, Etcd, Scheduling and Testing]

• Introduced the Node Declared Features capability (alpha), which includes:

  • A new Node.Status.DeclaredFeatures field for publishing node-specific features.
  • A component-helpers library for feature registration and inference.
  • A NodeDeclaredFeatures scheduler plugin to match pods with nodes that provide required features.
  • A NodeDeclaredFeatureValidator admission plugin to validate pod updates against a node's declared features. (kubernetes/kubernetes#133389, @​pravk03) [SIG API Machinery, Apps, Node, Release, Scheduling and Testing]

• Introduced the scheduling.k8s.io/v1alpha1 Workload API to express workload-level scheduling requirements and allow the kube-scheduler to act on them. (kubernetes/kubernetes#134564, @​macsko) [SIG API Machinery, Apps, CLI, Etcd, Scheduling and Testing]

• Introduced the alpha MutableSchedulingDirectivesForSuspendedJobs feature gate (disabled by default), which allows mutating a Job's scheduling directives while the Job is suspended.
  It also updates the Job controller to clears the status.startTime field for suspended Jobs. (kubernetes/kubernetes#135104, @​mimowo) [SIG Apps and Testing]

• Kube-apiserver: Fixed a v1.34 regression in CustomResourceDefinition handling that incorrectly warned about unrecognized formats on number and integer properties. (kubernetes/kubernetes#133896, @​yongruilin) [SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Contributor Experience, Network, Node and Scheduling]

• Kube-apiserver: Fixed a possible panic validating a custom resource whose CustomResourceDefinition indicates a status subresource exists, but which does not define a status property in the openAPIV3Schema. (kubernetes/kubernetes#133721, @​fusida) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing]

• Kubernetes API Go types removed runtime use of the github.com/gogo/protobuf library, and are no longer registered into the global gogo type registry. Kubernetes API Go types were not suitable for use with the google.golang.org/protobuf library, and no longer implement ProtoMessage() by default to avoid accidental incompatible use. If removal of these marker methods impacts your use, it can be re-enabled for one more release with a kubernetes_protomessage_one_more_release build tag, but will be removed in v1.36. (kubernetes/kubernetes#134256, @​liggitt) [SIG API Machinery, Apps, Architecture, Auth, CLI, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling and Storage]

• Made node affinity in Persistent Volume mutable. (kubernetes/kubernetes#134339, @​huww98) [SIG API Machinery, Apps and Node]

• Moved the ImagePullIntent and ImagePulledRecord objects used by the kubelet to track image pulls to the v1beta1 API version. (kubernetes/kubernetes#132579, @​stlaz) [SIG Auth and Node]

• Pod resize now only allows CPU and memory resources; other resource types are forbidden. (kubernetes/kubernetes#135084, @​tallclair) [SIG Apps, Node and Testing]

• Prevented Pods from being scheduled onto nodes that lack the required CSI driver. (kubernetes/kubernetes#135012, @​gnufied) [SIG API Machinery, Scheduling, Storage and Testing]

• Promoted HPA configurable tolerance to beta. The HPAConfigurableTolerance feature gate has now been enabled by default. (kubernetes/kubernetes#133128, @​jm-franc) [SIG API Machinery and Autoscaling]

• Promoted ReplicaSet and Deployment .status.terminatingReplicas tracking to beta. The DeploymentReplicaSetTerminatingReplicas feature gate is now enabled by default. (kubernetes/kubernetes#133087, @​atiratree) [SIG API Machinery, Apps and Testing]

• Promoted PodObservedGenerationTracking to GA. (kubernetes/kubernetes#134948, @​natasha41575) [SIG API Machinery, Apps, Node, Scheduling and Testing]

• Promoted the JobManagedBy feature to general availability. The JobManagedBy feature gate was locked to true and will be removed in a future Kubernetes release. (kubernetes/kubernetes#135080, @​dejanzele) [SIG API Machinery, Apps and Testing]

• Promoted the MaxUnavailableStatefulSet feature to beta and enabling it by default. (kubernetes/kubernetes#133153, @​helayoty) [SIG API Machinery and Apps]

• Removed the StrictCostEnforcementForVAP and StrictCostEnforcementForWebhooks feature gates, which were locked since v1.32. (kubernetes/kubernetes#134994, @​liggitt) [SIG API Machinery, Auth, Node and Testing]

• Scheduler: Added the bindingTimeout argument to the DynamicResources plugin configuration, allowing customization of the wait duration in PreBind for device binding conditions.
  Defaults to 10 minutes when DRADeviceBindingConditions and DRAResourceClaimDeviceStatus are both enabled. (kubernetes/kubernetes#134905, @​fj-naji) [SIG Node and Scheduling]

• The DRA device taints and toleration feature received a separate feature gate, DRADeviceTaintRules, which controlled support for DeviceTaintRules. This allowed disabling it while keeping DRADeviceTaints enabled so that tainting via ResourceSlices continued to work. (kubernetes/kubernetes#135068, @​pohly) [SIG API Machinery, Apps, Auth, Node, Scheduling and Testing]

• The Pod Certificates feature moved to beta. The PodCertificateRequest feature gate is set disabled by default. To use the feature, users must enable the certificates API groups in v1beta1 and enable the PodCertificateRequest feature gate. The UserAnnotations field was added to the PodCertificateProjection API and the corresponding UnverifiedUserAnnotations field was added to the PodCertificateRequest API. (kubernetes/kubernetes#134624, @​yt2985) [SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node and Testing]

• The KubeletEnsureSecretPulledImages feature was promoted to Beta and enabled by default. (kubernetes/kubernetes#135228, @​aramase) [SIG Auth, Node and Testing]

• The PreferSameZone and PreferSameNode values for the Service
  trafficDistribution field graduated to general availability. The
  PreferClose value is now deprecated in favor of the more explicit
  PreferSameZone. (kubernetes/kubernetes#134457, @​danwinship) [SIG API Machinery, Apps, Network and Testing]

• Updated ResourceQuota to count device class requests within a ResourceClaim as two additional quotas when the DRAExtendedResource feature is enabled:

  • requests.deviceclass.resource.k8s.io/<deviceclass> is charged based on the worst-case number of devices requested.
  • Device classes mapping to an extended resource now consume requests.<extended resource name>. (kubernetes/kubernetes#134210, @​yliaog) [SIG API Machinery, Apps, Node, Scheduling and Testing]

• Updated storage version for MutatingAdmissionPolicy to v1beta1. (kubernetes/kubernetes#133715, @​cici37) [SIG API Machinery, Etcd and Testing]

• Updated the Partitionable Devices feature to support referencing counter sets across ResourceSlices within the same resource pool. Devices from incomplete pools were no longer considered for allocation. This change introduced backwards-incompatible updates to the alpha feature, requiring any ResourceSlices using it to be removed before upgrading or downgrading between v1.34 and v1.35. (kubernetes/kubernetes#134189, @​mortent) [SIG API Machinery, Node, Scheduling and Testing]

• Upgraded the PodObservedGenerationTracking feature to beta in v1.34 and removed the alpha version description from the OpenAPI specification. (kubernetes/kubernetes#133883, @​yangjunmyfm192085)

• Add scoring for the prioritized list feature so that the node that can satisfy the best ranked subrequests are chosen. (kubernetes/kubernetes#134711, @​mortent) [SIG Node, Scheduling and Testing]

• Allows restart all containers when the source container exits with a matching restart policy rule. This is an alpha feature behind feature gate RestartAllContainersOnContainerExit. (kubernetes/kubernetes#134345, @​yuanwang04) [SIG Apps, Node and Testing]

• Changed kuberc configuration schema. Two new optional fields added to kuberc configuration, credPluginPolicy and credPluginAllowlist. This is documented in KEP-3104 and documentation is added to the website by kubernetes/website#52877 (kubernetes/kubernetes#134870, @​pmengelbert) [SIG API Machinery, Architecture, Auth, CLI, Instrumentation and Testing]

• Enhanced discovery response to support merged API groups/resources from all peer apiservers when UnknownVersionInteroperabilityProxy feature is enabled (kubernetes/kubernetes#133648, @​richabanker) [SIG API Machinery, Auth, Cloud Provider, Node, Scheduling and Testing]

• Extend core/v1 Toleration to support numeric comparison operators (Gt, Lt). (kubernetes/kubernetes#134665, @​helayoty) [SIG API Machinery, Apps, Node, Scheduling, Testing and Windows]

• Features: NominatedNodeNameForExpectation in kube-scheduler and CleaeringNominatedNodeNameAfterBinding in kube-apiserver are now enabled by default. (kubernetes/kubernetes#135103, @​ania-borowiec) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Scheduling, Storage and Testing]

• Implement changes to prevent pod scheduling to a node without CSI driver (kubernetes/kubernetes#135012, @​gnufied) [SIG API Machinery, Scheduling, Storage and Testing]

• Introduce scheduling.k8s.io/v1alpha1 Workload API to allow for expressing workload-level scheduling requirements and let kube-scheduler act on those. (kubernetes/kubernetes#134564, @​macsko) [SIG API Machinery, Apps, CLI, Etcd, Scheduling and Testing]

• Introduce the alpha MutableSchedulingDirectivesForSuspendedJobs feature gate (disabled by default) which:

  1. allows to mutate Job's scheduling directives for suspended Jobs
  2. makes the Job controller to clear the status.startTime field for suspended Jobs (kubernetes/kubernetes#135104, @​mimowo) [SIG Apps and Testing]

• Introduced GangScheduling kube-scheduler plugin to enable "all-or-nothing" scheduling. Workload API in scheduling.k8s.io/v1alpha1 is used to express the desired policy. (kubernetes/kubernetes#134722, @​macsko) [SIG API Machinery, Apps, Auth, CLI, Etcd, Scheduling and Testing]

• PV node affinity is now mutable. (kubernetes/kubernetes#134339, @​huww98) [SIG API Machinery, Apps and Node]

• ResourceQuota now counts device class requests within a ResourceClaim object as consuming two additional quotas when the DRAExtendedResource feature is enabled:

  • requests.deviceclass.resource.k8s.io/<deviceclass> with a quantity equal to the worst case count of devices requested
  • requests for device classes that map to an extended resource consume requests.<extended resource name> (kubernetes/kubernetes#134210, @​yliaog) [SIG API Machinery, Apps, Node, Scheduling and Testing]

• The DRA device taints and toleration feature now has a separate feature gate, DRADeviceTaintRules, which controls whether support for DeviceTaintRules is enabled. It is possible to disable that and keep DRADeviceTaints enabled, in which case tainting by DRA drivers through ResourceSlices continues to work. (kubernetes/kubernetes#135068, @​pohly) [SIG API Machinery, Apps, Auth, Node, Scheduling and Testing]

• The ImagePullIntent and ImagePulledRecord objects used by kubelet to store information about image pulls have been moved to the v1beta1 API version. (kubernetes/kubernetes#132579, @​stlaz) [SIG Auth and Node]

• The KubeletEnsureSecretPulledImages feature is now beta and enabled by default. (kubernetes/kubernetes#135228, @​aramase) [SIG Auth, Node and Testing]

• This change adds a new alpha feature Node Declared Features, which includes:

  • A new Node.Status.DeclaredFeatures field for Kubelet to publish node-specific features.
  • A library in component-helpers for feature registration and inference.
  • A scheduler plugin (NodeDeclaredFeatures) scheduler plugin to match pods with nodes that provide their required features.
  • An admission plugin (NodeDeclaredFeatureValidator) to validate pod updates against a node's declared features. (kubernetes/kubernetes#133389, @​pravk03) [SIG API Machinery, Apps, Node, Release, Scheduling and Testing]

• This change allows In Place Resize of Pod Level Resources

  • Add Resources in PodStatus to capture resources set at pod-level cgroup
  • Add AllocatedResources in PodStatus to capture resources requested in the PodSpec (kubernetes/kubernetes#132919, @​ndixita) [SIG API Machinery, Apps, Architecture, Auth, CLI, Instrumentation, Node, Scheduling and Testing]

• Updates to the Partitionable Devices feature which allows for referencing counter sets across different ResourceSlices within the same resource pool.

  Devices from incomplete pools are no longer considered for allocation.

  This contains backwards incompatible changes to the Partitionable Devices alpha feature, so any ResourceSlices that uses the feature should be removed prior to upgrading or downgrading between 1.34 and 1.35. (kubernetes/kubernetes#134189, @​mortent) [SIG API Machinery, Node, Scheduling and Testing]

• Add ObservedGeneration to CustomResourceDefinition Conditions. (kubernetes/kubernetes#134984, @​michaelasp) [SIG API Machinery]

• Add StorageVersionMigration v1beta1 api and remove the v1alpha API.

  Any use of the v1alpha1 api is no longer supported and
  users must remove any v1alpha1 resources prior to upgrade. (kubernetes/kubernetes#134784, @​michaelasp) [SIG API Machinery, Apps, Auth, Etcd and Testing]

• CSI drivers can now opt-in to receive service account tokens via the secrets field instead of volume context by setting spec.serviceAccountTokenInSecrets: true in the CSIDriver object. This prevents tokens from being exposed in logs and other outputs. The feature is gated by the CSIServiceAccountTokenSecrets feature gate (Beta in v1.35). (kubernetes/kubernetes#134826, @​aramase) [SIG API Machinery, Auth, Storage and Testing]

• DRA device taints: DeviceTaintRule status provided information about the rule, in particular whether pods still need to be evicted ("EvictionInProgress" condition). The new "None" effect can be used to preview what a DeviceTaintRule would do if it used the "NoExecute" effect and to taint devices ("device health") without immediately affecting scheduling or running pods. (kubernetes/kubernetes#134152, @​pohly) [SIG API Machinery, Apps, Auth, Node, Release, Scheduling and Testing]

• DRA: the DynamicResourceAllocation feature gate for the core functionality (GA in 1.34) is now locked to enabled-by-default and thus cannot be disabled anymore. (kubernetes/kubernetes#134452, @​pohly) [SIG Auth, Node, Scheduling and Testing]

• Forbid adding resources other than CPU & memory on pod resize. (kubernetes/kubernetes#135084, @​tallclair) [SIG Apps, Node and Testing]

• Implement constrained impersonation as described in https://kep.k8s.io/5284 (kubernetes/kubernetes#134803, @​enj) [SIG API Machinery, Auth and Testing]

• Introduces a structured and versioned v1alpha1 response for flagz (kubernetes/kubernetes#134995, @​yongruilin) [SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing]

• Introduces a structured and versioned v1alpha1 response for statusz (kubernetes/kubernetes#134313, @​richabanker) [SIG API Machinery, Architecture, Instrumentation, Network, Node, Scheduling and Testing]

• New --min-compatibility-version flag for apiserver, kcm and kube scheduler (kubernetes/kubernetes#133980, @​siyuanfoundation) [SIG API Machinery, Architecture, Cluster Lifecycle, Etcd, Scheduling and Testing]

• Promote PodObservedGenerationTracking to GA. (kubernetes/kubernetes#134948, @​natasha41575) [SIG API Machinery, Apps, Node, Scheduling and Testing]

• Promoted Job Managed By to general availability. The JobManagedBy feature gate is now locked to true, and will be removed in a future release of Kubernetes. (kubernetes/kubernetes#135080, @​dejanzele) [SIG API Machinery, Apps and Testing]

• Promoted ReplicaSet and Deployment .status.terminatingReplicas tracking to beta. The DeploymentReplicaSetTerminatingReplicas feature gate is now enabled by default. (kubernetes/kubernetes#133087, @​atiratree) [SIG API Machinery, Apps and Testing]

• Scheduler: added a new bindingTimeout argument to the DynamicResources plugin configuration.
  This allows customizing the wait duration in PreBind for device binding conditions.
  Defaults to 10 minutes when DRADeviceBindingConditions and DRAResourceClaimDeviceStatus are both enabled. ([scheduler: KEP-5007 Add BindingTimeout args to DynamicResources plugin kubernetes/kubernetes#134905](https://redirect.github.com/kubernete

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.