diff --git a/.go-version b/.go-version index eb716f77a7b8d..d6c68ad2d09b7 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.24.9 +1.24.11 diff --git a/CHANGELOG/CHANGELOG-1.32.md b/CHANGELOG/CHANGELOG-1.32.md index fe1ac62a5a584..1758123a79a30 100644 --- a/CHANGELOG/CHANGELOG-1.32.md +++ b/CHANGELOG/CHANGELOG-1.32.md @@ -1,13 +1,13 @@ -- [v1.32.9](#v1329) - - [Downloads for v1.32.9](#downloads-for-v1329) +- [v1.32.10](#v13210) + - [Downloads for v1.32.10](#downloads-for-v13210) - [Source Code](#source-code) - [Client Binaries](#client-binaries) - [Server Binaries](#server-binaries) - [Node Binaries](#node-binaries) - [Container Images](#container-images) - - [Changelog since v1.32.8](#changelog-since-v1328) + - [Changelog since v1.32.9](#changelog-since-v1329) - [Changes by Kind](#changes-by-kind) - [Feature](#feature) - [Bug or Regression](#bug-or-regression) @@ -16,213 +16,209 @@ - [Added](#added) - [Changed](#changed) - [Removed](#removed) -- [v1.32.8](#v1328) - - [Downloads for v1.32.8](#downloads-for-v1328) +- [v1.32.9](#v1329) + - [Downloads for v1.32.9](#downloads-for-v1329) - [Source Code](#source-code-1) - [Client Binaries](#client-binaries-1) - [Server Binaries](#server-binaries-1) - [Node Binaries](#node-binaries-1) - [Container Images](#container-images-1) - - [Changelog since v1.32.7](#changelog-since-v1327) - - [Important Security Information](#important-security-information) - - [CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference](#cve-2025-5187-nodes-can-delete-themselves-by-adding-an-ownerreference) + - [Changelog since v1.32.8](#changelog-since-v1328) - [Changes by Kind](#changes-by-kind-1) - [Feature](#feature-1) - [Bug or Regression](#bug-or-regression-1) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) - [Dependencies](#dependencies-1) - [Added](#added-1) - [Changed](#changed-1) - [Removed](#removed-1) -- [v1.32.7](#v1327) - - [Downloads for v1.32.7](#downloads-for-v1327) +- [v1.32.8](#v1328) + - [Downloads for v1.32.8](#downloads-for-v1328) - [Source Code](#source-code-2) - [Client Binaries](#client-binaries-2) - [Server Binaries](#server-binaries-2) - [Node Binaries](#node-binaries-2) - [Container Images](#container-images-2) - - [Changelog since v1.32.6](#changelog-since-v1326) + - [Changelog since v1.32.7](#changelog-since-v1327) + - [Important Security Information](#important-security-information) + - [CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference](#cve-2025-5187-nodes-can-delete-themselves-by-adding-an-ownerreference) - [Changes by Kind](#changes-by-kind-2) + - [Feature](#feature-2) - [Bug or Regression](#bug-or-regression-2) - [Dependencies](#dependencies-2) - [Added](#added-2) - [Changed](#changed-2) - [Removed](#removed-2) -- [v1.32.6](#v1326) - - [Downloads for v1.32.6](#downloads-for-v1326) +- [v1.32.7](#v1327) + - [Downloads for v1.32.7](#downloads-for-v1327) - [Source Code](#source-code-3) - [Client Binaries](#client-binaries-3) - [Server Binaries](#server-binaries-3) - [Node Binaries](#node-binaries-3) - [Container Images](#container-images-3) - - [Changelog since v1.32.5](#changelog-since-v1325) - - [Important Security Information](#important-security-information-1) - - [CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks](#cve-2025-4563-nodes-can-bypass-dynamic-resource-allocation-authorization-checks) + - [Changelog since v1.32.6](#changelog-since-v1326) - [Changes by Kind](#changes-by-kind-3) - - [Feature](#feature-2) - [Bug or Regression](#bug-or-regression-3) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) - [Dependencies](#dependencies-3) - [Added](#added-3) - [Changed](#changed-3) - [Removed](#removed-3) -- [v1.32.5](#v1325) - - [Downloads for v1.32.5](#downloads-for-v1325) +- [v1.32.6](#v1326) + - [Downloads for v1.32.6](#downloads-for-v1326) - [Source Code](#source-code-4) - [Client Binaries](#client-binaries-4) - [Server Binaries](#server-binaries-4) - [Node Binaries](#node-binaries-4) - [Container Images](#container-images-4) - - [Changelog since v1.32.4](#changelog-since-v1324) + - [Changelog since v1.32.5](#changelog-since-v1325) + - [Important Security Information](#important-security-information-1) + - [CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks](#cve-2025-4563-nodes-can-bypass-dynamic-resource-allocation-authorization-checks) - [Changes by Kind](#changes-by-kind-4) - [Feature](#feature-3) - [Bug or Regression](#bug-or-regression-4) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - [Dependencies](#dependencies-4) - [Added](#added-4) - [Changed](#changed-4) - [Removed](#removed-4) -- [v1.32.4](#v1324) - - [Downloads for v1.32.4](#downloads-for-v1324) +- [v1.32.5](#v1325) + - [Downloads for v1.32.5](#downloads-for-v1325) - [Source Code](#source-code-5) - [Client Binaries](#client-binaries-5) - [Server Binaries](#server-binaries-5) - [Node Binaries](#node-binaries-5) - [Container Images](#container-images-5) - - [Changelog since v1.32.3](#changelog-since-v1323) + - [Changelog since v1.32.4](#changelog-since-v1324) - [Changes by Kind](#changes-by-kind-5) + - [Feature](#feature-4) - [Bug or Regression](#bug-or-regression-5) - [Dependencies](#dependencies-5) - [Added](#added-5) - [Changed](#changed-5) - [Removed](#removed-5) -- [v1.32.3](#v1323) - - [Downloads for v1.32.3](#downloads-for-v1323) +- [v1.32.4](#v1324) + - [Downloads for v1.32.4](#downloads-for-v1324) - [Source Code](#source-code-6) - [Client Binaries](#client-binaries-6) - [Server Binaries](#server-binaries-6) - [Node Binaries](#node-binaries-6) - [Container Images](#container-images-6) - - [Changelog since v1.32.2](#changelog-since-v1322) + - [Changelog since v1.32.3](#changelog-since-v1323) - [Changes by Kind](#changes-by-kind-6) - - [API Change](#api-change) - [Bug or Regression](#bug-or-regression-6) - [Dependencies](#dependencies-6) - [Added](#added-6) - [Changed](#changed-6) - [Removed](#removed-6) -- [v1.32.2](#v1322) - - [Downloads for v1.32.2](#downloads-for-v1322) +- [v1.32.3](#v1323) + - [Downloads for v1.32.3](#downloads-for-v1323) - [Source Code](#source-code-7) - [Client Binaries](#client-binaries-7) - [Server Binaries](#server-binaries-7) - [Node Binaries](#node-binaries-7) - [Container Images](#container-images-7) - - [Changelog since v1.32.1](#changelog-since-v1321) - - [Important Security Information](#important-security-information-2) - - [CVE-2025-0426: Node Denial of Service via Kubelet Checkpoint API](#cve-2025-0426-node-denial-of-service-via-kubelet-checkpoint-api) + - [Changelog since v1.32.2](#changelog-since-v1322) - [Changes by Kind](#changes-by-kind-7) - - [Feature](#feature-4) + - [API Change](#api-change) - [Bug or Regression](#bug-or-regression-7) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - [Dependencies](#dependencies-7) - [Added](#added-7) - [Changed](#changed-7) - [Removed](#removed-7) -- [v1.32.1](#v1321) - - [Downloads for v1.32.1](#downloads-for-v1321) +- [v1.32.2](#v1322) + - [Downloads for v1.32.2](#downloads-for-v1322) - [Source Code](#source-code-8) - [Client Binaries](#client-binaries-8) - [Server Binaries](#server-binaries-8) - [Node Binaries](#node-binaries-8) - [Container Images](#container-images-8) - - [Changelog since v1.32.0](#changelog-since-v1320) - - [Important Security Information](#important-security-information-3) - - [CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API](#cve-2024-9042-command-injection-affecting-windows-nodes-via-nodeslogsquery-api) + - [Changelog since v1.32.1](#changelog-since-v1321) + - [Important Security Information](#important-security-information-2) + - [CVE-2025-0426: Node Denial of Service via Kubelet Checkpoint API](#cve-2025-0426-node-denial-of-service-via-kubelet-checkpoint-api) - [Changes by Kind](#changes-by-kind-8) - - [API Change](#api-change-1) - [Feature](#feature-5) - [Bug or Regression](#bug-or-regression-8) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) - [Dependencies](#dependencies-8) - [Added](#added-8) - [Changed](#changed-8) - [Removed](#removed-8) -- [v1.32.0](#v1320) - - [Downloads for v1.32.0](#downloads-for-v1320) +- [v1.32.1](#v1321) + - [Downloads for v1.32.1](#downloads-for-v1321) - [Source Code](#source-code-9) - [Client Binaries](#client-binaries-9) - [Server Binaries](#server-binaries-9) - [Node Binaries](#node-binaries-9) - [Container Images](#container-images-9) - - [Changelog since v1.31.0](#changelog-since-v1310) - - [Urgent Upgrade Notes](#urgent-upgrade-notes) + - [Changelog since v1.32.0](#changelog-since-v1320) + - [Important Security Information](#important-security-information-3) + - [CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API](#cve-2024-9042-command-injection-affecting-windows-nodes-via-nodeslogsquery-api) - [Changes by Kind](#changes-by-kind-9) - - [Deprecation](#deprecation) - - [API Change](#api-change-2) + - [API Change](#api-change-1) - [Feature](#feature-6) - - [Documentation](#documentation) - - [Failing Test](#failing-test) - [Bug or Regression](#bug-or-regression-9) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) - [Dependencies](#dependencies-9) - [Added](#added-9) - [Changed](#changed-9) - [Removed](#removed-9) -- [v1.32.0-rc.2](#v1320-rc2) - - [Downloads for v1.32.0-rc.2](#downloads-for-v1320-rc2) +- [v1.32.0](#v1320) + - [Downloads for v1.32.0](#downloads-for-v1320) - [Source Code](#source-code-10) - [Client Binaries](#client-binaries-10) - [Server Binaries](#server-binaries-10) - [Node Binaries](#node-binaries-10) - [Container Images](#container-images-10) - - [Changelog since v1.32.0-rc.1](#changelog-since-v1320-rc1) + - [Changelog since v1.31.0](#changelog-since-v1310) + - [Urgent Upgrade Notes](#urgent-upgrade-notes) - [Changes by Kind](#changes-by-kind-10) - - [API Change](#api-change-3) + - [Deprecation](#deprecation) + - [API Change](#api-change-2) + - [Feature](#feature-7) + - [Documentation](#documentation) + - [Failing Test](#failing-test) - [Bug or Regression](#bug-or-regression-10) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) - [Dependencies](#dependencies-10) - [Added](#added-10) - [Changed](#changed-10) - [Removed](#removed-10) -- [v1.32.0-rc.1](#v1320-rc1) - - [Downloads for v1.32.0-rc.1](#downloads-for-v1320-rc1) +- [v1.32.0-rc.2](#v1320-rc2) + - [Downloads for v1.32.0-rc.2](#downloads-for-v1320-rc2) - [Source Code](#source-code-11) - [Client Binaries](#client-binaries-11) - [Server Binaries](#server-binaries-11) - [Node Binaries](#node-binaries-11) - [Container Images](#container-images-11) - - [Changelog since v1.32.0-rc.0](#changelog-since-v1320-rc0) + - [Changelog since v1.32.0-rc.1](#changelog-since-v1320-rc1) + - [Changes by Kind](#changes-by-kind-11) + - [API Change](#api-change-3) + - [Bug or Regression](#bug-or-regression-11) - [Dependencies](#dependencies-11) - [Added](#added-11) - [Changed](#changed-11) - [Removed](#removed-11) -- [v1.32.0-rc.0](#v1320-rc0) - - [Downloads for v1.32.0-rc.0](#downloads-for-v1320-rc0) +- [v1.32.0-rc.1](#v1320-rc1) + - [Downloads for v1.32.0-rc.1](#downloads-for-v1320-rc1) - [Source Code](#source-code-12) - [Client Binaries](#client-binaries-12) - [Server Binaries](#server-binaries-12) - [Node Binaries](#node-binaries-12) - [Container Images](#container-images-12) - - [Changelog since v1.32.0-beta.0](#changelog-since-v1320-beta0) - - [Changes by Kind](#changes-by-kind-11) - - [API Change](#api-change-4) - - [Feature](#feature-7) - - [Bug or Regression](#bug-or-regression-11) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) + - [Changelog since v1.32.0-rc.0](#changelog-since-v1320-rc0) - [Dependencies](#dependencies-12) - [Added](#added-12) - [Changed](#changed-12) - [Removed](#removed-12) -- [v1.32.0-beta.0](#v1320-beta0) - - [Downloads for v1.32.0-beta.0](#downloads-for-v1320-beta0) +- [v1.32.0-rc.0](#v1320-rc0) + - [Downloads for v1.32.0-rc.0](#downloads-for-v1320-rc0) - [Source Code](#source-code-13) - [Client Binaries](#client-binaries-13) - [Server Binaries](#server-binaries-13) - [Node Binaries](#node-binaries-13) - [Container Images](#container-images-13) - - [Changelog since v1.32.0-alpha.3](#changelog-since-v1320-alpha3) - - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) + - [Changelog since v1.32.0-beta.0](#changelog-since-v1320-beta0) - [Changes by Kind](#changes-by-kind-12) - - [Deprecation](#deprecation-1) - - [API Change](#api-change-5) + - [API Change](#api-change-4) - [Feature](#feature-8) - [Bug or Regression](#bug-or-regression-12) - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) @@ -230,65 +226,191 @@ - [Added](#added-13) - [Changed](#changed-13) - [Removed](#removed-13) -- [v1.32.0-alpha.3](#v1320-alpha3) - - [Downloads for v1.32.0-alpha.3](#downloads-for-v1320-alpha3) +- [v1.32.0-beta.0](#v1320-beta0) + - [Downloads for v1.32.0-beta.0](#downloads-for-v1320-beta0) - [Source Code](#source-code-14) - [Client Binaries](#client-binaries-14) - [Server Binaries](#server-binaries-14) - [Node Binaries](#node-binaries-14) - [Container Images](#container-images-14) - - [Changelog since v1.32.0-alpha.2](#changelog-since-v1320-alpha2) + - [Changelog since v1.32.0-alpha.3](#changelog-since-v1320-alpha3) + - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) - [Changes by Kind](#changes-by-kind-13) - - [API Change](#api-change-6) + - [Deprecation](#deprecation-1) + - [API Change](#api-change-5) - [Feature](#feature-9) - - [Documentation](#documentation-1) - [Bug or Regression](#bug-or-regression-13) - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) - [Dependencies](#dependencies-14) - [Added](#added-14) - [Changed](#changed-14) - [Removed](#removed-14) -- [v1.32.0-alpha.2](#v1320-alpha2) - - [Downloads for v1.32.0-alpha.2](#downloads-for-v1320-alpha2) +- [v1.32.0-alpha.3](#v1320-alpha3) + - [Downloads for v1.32.0-alpha.3](#downloads-for-v1320-alpha3) - [Source Code](#source-code-15) - [Client Binaries](#client-binaries-15) - [Server Binaries](#server-binaries-15) - [Node Binaries](#node-binaries-15) - [Container Images](#container-images-15) - - [Changelog since v1.32.0-alpha.1](#changelog-since-v1320-alpha1) + - [Changelog since v1.32.0-alpha.2](#changelog-since-v1320-alpha2) - [Changes by Kind](#changes-by-kind-14) - - [API Change](#api-change-7) + - [API Change](#api-change-6) - [Feature](#feature-10) - - [Documentation](#documentation-2) + - [Documentation](#documentation-1) - [Bug or Regression](#bug-or-regression-14) - [Other (Cleanup or Flake)](#other-cleanup-or-flake-7) - [Dependencies](#dependencies-15) - [Added](#added-15) - [Changed](#changed-15) - [Removed](#removed-15) -- [v1.32.0-alpha.1](#v1320-alpha1) - - [Downloads for v1.32.0-alpha.1](#downloads-for-v1320-alpha1) +- [v1.32.0-alpha.2](#v1320-alpha2) + - [Downloads for v1.32.0-alpha.2](#downloads-for-v1320-alpha2) - [Source Code](#source-code-16) - [Client Binaries](#client-binaries-16) - [Server Binaries](#server-binaries-16) - [Node Binaries](#node-binaries-16) - [Container Images](#container-images-16) - - [Changelog since v1.31.0](#changelog-since-v1310-1) + - [Changelog since v1.32.0-alpha.1](#changelog-since-v1320-alpha1) - [Changes by Kind](#changes-by-kind-15) - - [Deprecation](#deprecation-2) - - [API Change](#api-change-8) + - [API Change](#api-change-7) - [Feature](#feature-11) - - [Documentation](#documentation-3) - - [Failing Test](#failing-test-1) + - [Documentation](#documentation-2) - [Bug or Regression](#bug-or-regression-15) - [Other (Cleanup or Flake)](#other-cleanup-or-flake-8) - [Dependencies](#dependencies-16) - [Added](#added-16) - [Changed](#changed-16) - [Removed](#removed-16) +- [v1.32.0-alpha.1](#v1320-alpha1) + - [Downloads for v1.32.0-alpha.1](#downloads-for-v1320-alpha1) + - [Source Code](#source-code-17) + - [Client Binaries](#client-binaries-17) + - [Server Binaries](#server-binaries-17) + - [Node Binaries](#node-binaries-17) + - [Container Images](#container-images-17) + - [Changelog since v1.31.0](#changelog-since-v1310-1) + - [Changes by Kind](#changes-by-kind-16) + - [Deprecation](#deprecation-2) + - [API Change](#api-change-8) + - [Feature](#feature-12) + - [Documentation](#documentation-3) + - [Failing Test](#failing-test-1) + - [Bug or Regression](#bug-or-regression-16) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-9) + - [Dependencies](#dependencies-17) + - [Added](#added-17) + - [Changed](#changed-17) + - [Removed](#removed-17) +# v1.32.10 + + +## Downloads for v1.32.10 + + + +### Source Code + +filename | sha512 hash +-------- | ----------- +[kubernetes.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes.tar.gz) | a78839f0496b1fa3d96c8f536cdc0e5ee063af564d94cef2df321a5efd31f58e8ee4e12c6ed97e607bdcb9f5567a06271f447495f65a690acb434ef4998a95b8 +[kubernetes-src.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-src.tar.gz) | 614cd7035384779d5370eb1499250ad33db8bc43aed46f5eb53b6f6fe0524e01209cbc4df3b56ec320daa190c6c9fc11109dc78168a25519bba0b91c69ffa8e7 + +### Client Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-client-darwin-amd64.tar.gz) | e425a10ba71e22857b80bae74d290dfc3794d08b1f214168bf2a4a76e04ead20cb684f4fa2684eec39108144082cd3cdd7767fef4bc7ca139025522ccb3cfc7e +[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-client-darwin-arm64.tar.gz) | b234d43a9fcf73f58751165e78d14b7f008fee8191b993517781412a6415ff1f1bf54b913a23df3b298575014b3724ad58b44658d98bbb129e2ed3d9617a090b +[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-client-linux-386.tar.gz) | 64e35e8bbaf5dda4585008fcb8af745ad1d2ae3b2187db2e5d92fdd933ffa1c8914897aea5b128422f7e7adb5c18d6a022064bca542b19a6534ba12eef02bc92 +[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-client-linux-amd64.tar.gz) | 6495623903a3dd2f42e65f4a90edbb28c60a6bff351cecec7eca74836af0465e62a253afa48ca6ef939d692ebe1d0d282494496776ae314645cb3cc6858ad666 +[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-client-linux-arm.tar.gz) | 7a870f1f8c2f15f4b4ca1e8bd07c24fb5efef03ba69b71b5f3da831167f9007828f6ae2ea4947fba323a282b7f3cd615eac116251557f097a38911e2b756dc06 +[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-client-linux-arm64.tar.gz) | 49f49ae3715595d7053975d0a1157d640794429882feed44c89df200eef9ea981c18f416df09c924176d5e7c87c6c81c94fddbc01e13d8193c45fcc03f4b8180 +[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-client-linux-ppc64le.tar.gz) | 78132e0e4e55935ba5f977fb0cc878f14e32d260f16a07f8cc7922d9f00321aa4db88d844ad72d2f94ffb0fffc9f15ba5ddff897fd64116c48b1f1c7b7768f0a +[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-client-linux-s390x.tar.gz) | 4ea7038bd2aaa1d8fe31f85ab078e3a8c20d8e7f2eb9d096cbbb1693a501a76937981cddb111359453693d0c07b98607322ca05f02a0dd96025ef4771ca14a56 +[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-client-windows-386.tar.gz) | b3b6c6c7f48ff7265f23502bc15faf0523cdc06215a561e9528e4002e65b815acaec14243092353f511e50d012dd656c21822c1b7f33892846d760451dd9072d +[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-client-windows-amd64.tar.gz) | 8ebac97032b64f01079f76035e867208d67a3372d1b1c72b94e76fd6eb5c82c7be6365c679cfcd1c07b81ac28572420f850cebe55deda5472eb286b04327c5c6 +[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-client-windows-arm64.tar.gz) | 591fe00592b4ec605b4a3cf0edea748fe68c8b8033f271757c0202242efb6806f3840b8184653716e66c35eb634d347004e63eedf67cc0d4ee783b9ed2a4dc43 + +### Server Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-server-linux-amd64.tar.gz) | eadc51664580896d50ed2241725c262185c1bc96da804ab9ceab73678e7c0038bd08508c93bf4c2d7ed2c285049252244e0c2e83fa613971f71872027870e188 +[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-server-linux-arm64.tar.gz) | d72b6952689c126f7db95f41abe9ccd31e69a514db158b1c2b603a3bdb2b854d8d55ff51f5329d6a009d66f07c5eac6eeda06f04e74cbafceffb5aea2d33f306 +[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-server-linux-ppc64le.tar.gz) | af234b76aafe8fe63078f95b01e685a5668c47e3207ce9a0e8d65663f495c604d040250abb97b9527ca4dd654f873293feed4a3dba82e5ea117aa2650bfd50a3 +[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-server-linux-s390x.tar.gz) | 01a7ffe86ac56f9a775137803b80fc51cae30f64f3baa07c4953f6135451b1a321abb9b97a818cb3a4097ec99dbe2fca5a04efd7c0e26b2cae99f10c41c44362 + +### Node Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-node-linux-amd64.tar.gz) | 12cc5f959ab61c63ff2434aa2000e4fa9bd2739cf9e31a521d712af9fb923cd7fa9a88d3eb9afb97ae8e907d6013fdeb122a4d6fe8084aba8f3909869f4a3362 +[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-node-linux-arm64.tar.gz) | f0aef1d3577ac6f41b2140ab3506b6f1693069922ff02ba143e6664346e183f8028b0aa599fccf6f8ac4a5acfa77c4415927f7e01aa93152186cb926bfa479b1 +[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-node-linux-ppc64le.tar.gz) | ab1e17a6ae538fed20a2b18a27324b3423a70c31567ca09c5287c79d02003c0ff4908540602efd13a04bd4bfb52bb9ee7402c8390e5181b12417636085edc3eb +[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-node-linux-s390x.tar.gz) | b5ee16af4c450a0811d04970a3f9ad0a1fae3b2f0f9c20f06d3812db52b5bb85a7399477e3061782acca097e677ab82fdb47319b590aad39aa9323f56861940e +[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.32.10/kubernetes-node-windows-amd64.tar.gz) | 580fc6b2d3d78746123abebe39478795736511c4ba8a1896ad56b882d547eb3e80ba83fb95eeb68c1277fc32a9974ed01be87e1f7d3a91734b0ea399e0491511 + +### Container Images + +All container images are available as manifest lists and support the described +architectures. It is also possible to pull a specific architecture directly by +adding the "-$ARCH" suffix to the container image name. + +name | architectures +---- | ------------- +[registry.k8s.io/conformance:v1.32.10](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-s390x) +[registry.k8s.io/kube-apiserver:v1.32.10](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-s390x) +[registry.k8s.io/kube-controller-manager:v1.32.10](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-s390x) +[registry.k8s.io/kube-proxy:v1.32.10](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-s390x) +[registry.k8s.io/kube-scheduler:v1.32.10](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-s390x) +[registry.k8s.io/kubectl:v1.32.10](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-s390x) + +## Changelog since v1.32.9 + +## Changes by Kind + +### Feature + +- Kubernetes is now built using Go 1.24.9 + - update setcap and debian-base to bookworm-v1.0.6 ([#134617](https://github.com/kubernetes/kubernetes/pull/134617), [@cpanato](https://github.com/cpanato)) [SIG Architecture, Auth, Cloud Provider, Etcd, Release, Storage and Testing] + +### Bug or Regression + +- Bump system-validators to v1.9.2: remove version-specific cgroup kernel config checks to avoid false failures on cgroup v2 systems when v1-only configs are missing. ([#134090](https://github.com/kubernetes/kubernetes/pull/134090), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] +- Fix Windows kube-proxy (winkernel) issue where stale RemoteEndpoints remained + when a Deployment was referenced by multiple Services due to premature clearing + of the terminatedEndpoints map. ([#135172](https://github.com/kubernetes/kubernetes/pull/135172), [@princepereira](https://github.com/princepereira)) [SIG Network and Windows] +- Fix Windows kube-proxy to prevent intermittent deletion of ClusterIP load balancers in HNS when internalTrafficPolicy=Local, ensuring stable service connectivity. ([#134033](https://github.com/kubernetes/kubernetes/pull/134033), [@princepereira](https://github.com/princepereira)) [SIG Network and Windows] +- Fix the bug which could result in Job status updates failing with the error: + status.startTime: Required value: startTime cannot be removed for unsuspended job + The error could be raised after a Job is resumed, if started and suspended previously. ([#135128](https://github.com/kubernetes/kubernetes/pull/135128), [@dejanzele](https://github.com/dejanzele)) [SIG Apps and Testing] +- Fix: The requests for a config FromClass in the status of a ResourceClaim were not referenced. ([#135109](https://github.com/kubernetes/kubernetes/pull/135109), [@LionelJouin](https://github.com/LionelJouin)) [SIG Node] +- Kubeadm: avoid panicing if the user has malformed the kubeconfig in the cluster-info config map to not include a valid current context. Include proper validation at the appropriate locations and throw errors instead. ([#134725](https://github.com/kubernetes/kubernetes/pull/134725), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] +- Kubeadm: fixed a bug where the node registration information for a given node was not fetched correctly during "kubeadm upgrade node" and the node name can end up being incorrect in cases where the node name is not the same as the host name. ([#134364](https://github.com/kubernetes/kubernetes/pull/134364), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] +- Kubeadm: fixes a preflight check that can fail hostname construction in IPV6 setups ([#134591](https://github.com/kubernetes/kubernetes/pull/134591), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Auth, Cloud Provider, Cluster Lifecycle and Testing] +- Reduce event spam during volume operation errors in Portworx in-tree driver ([#135193](https://github.com/kubernetes/kubernetes/pull/135193), [@gohilankit](https://github.com/gohilankit)) [SIG Storage] + +### Other (Cleanup or Flake) + +- Kubeadm: updated the supported etcd version to v3.5.24 for the skewed control plane version v1.33. ([#135019](https://github.com/kubernetes/kubernetes/pull/135019), [@hakman](https://github.com/hakman)) [SIG Cloud Provider, Cluster Lifecycle and Etcd] + +## Dependencies + +### Added +_Nothing has changed._ + +### Changed +- k8s.io/system-validators: v1.9.1 → v1.9.2 + +### Removed +_Nothing has changed._ + + + # v1.32.9 diff --git a/build/build-image/cross/VERSION b/build/build-image/cross/VERSION index 530e204da0289..8cafeb04b378e 100644 --- a/build/build-image/cross/VERSION +++ b/build/build-image/cross/VERSION @@ -1 +1 @@ -v1.32.0-go1.24.9-bullseye.0 +v1.32.0-go1.24.11-bullseye.0 diff --git a/build/common.sh b/build/common.sh index fc090b94a6539..0aeb19a43b7cc 100755 --- a/build/common.sh +++ b/build/common.sh @@ -97,8 +97,8 @@ readonly KUBE_RSYNC_PORT="${KUBE_RSYNC_PORT:-}" readonly KUBE_CONTAINER_RSYNC_PORT=8730 # These are the default versions (image tags) for their respective base images. -readonly __default_distroless_iptables_version=v0.7.11 -readonly __default_go_runner_version=v2.4.0-go1.24.9-bookworm.0 +readonly __default_distroless_iptables_version=v0.7.13 +readonly __default_go_runner_version=v2.4.0-go1.24.11-bookworm.0 readonly __default_setcap_version=bookworm-v1.0.6 # These are the base images for the Docker-wrapped binaries. @@ -621,7 +621,7 @@ function kube::build::start_rsyncd_container() { fi local container_ip - container_ip=$("${DOCKER[@]}" inspect --format '{{ .NetworkSettings.IPAddress }}' "${KUBE_RSYNC_CONTAINER_NAME}") + container_ip=$("${DOCKER[@]}" inspect --format '{{range .NetworkSettings.Networks}}{{.IPAddress}},{{end}}' "${KUBE_RSYNC_CONTAINER_NAME}" | cut -d',' -f1) # Sometimes we can reach rsync through localhost and a NAT'd port. Other # times (when we are running in another docker container on the Jenkins diff --git a/build/dependencies.yaml b/build/dependencies.yaml index 114ca1ed720c6..43453311ae68f 100644 --- a/build/dependencies.yaml +++ b/build/dependencies.yaml @@ -112,7 +112,7 @@ dependencies: # Golang - name: "golang: upstream version" - version: 1.24.9 + version: 1.24.11 refPaths: - path: .go-version - path: build/build-image/cross/VERSION @@ -137,7 +137,7 @@ dependencies: match: golang:([0-9]+\.[0-9]+).0-bullseye - name: "registry.k8s.io/kube-cross: dependents" - version: v1.32.0-go1.24.9-bullseye.0 + version: v1.32.0-go1.24.11-bullseye.0 refPaths: - path: build/build-image/cross/VERSION @@ -175,7 +175,7 @@ dependencies: match: registry\.k8s\.io\/build-image\/debian-base:[a-zA-Z]+\-v((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?) - name: "registry.k8s.io/distroless-iptables: dependents" - version: v0.7.11 + version: v0.7.13 refPaths: - path: build/common.sh match: __default_distroless_iptables_version= @@ -183,7 +183,7 @@ dependencies: match: configs\[DistrolessIptables\] = Config{list\.BuildImageRegistry, "distroless-iptables", "v([0-9]+)\.([0-9]+)\.([0-9]+)"} - name: "registry.k8s.io/go-runner: dependents" - version: v2.4.0-go1.24.9-bookworm.0 + version: v2.4.0-go1.24.11-bookworm.0 refPaths: - path: build/common.sh match: __default_go_runner_version= diff --git a/cluster/gce/config-default.sh b/cluster/gce/config-default.sh index 0d4b4d0f10eeb..ae28d5cf64240 100755 --- a/cluster/gce/config-default.sh +++ b/cluster/gce/config-default.sh @@ -88,7 +88,7 @@ fi # By default, the latest image from the image family will be used unless an # explicit image will be set. GCI_VERSION=${KUBE_GCI_VERSION:-} -IMAGE_FAMILY=${KUBE_IMAGE_FAMILY:-cos-109-lts} +IMAGE_FAMILY=${KUBE_IMAGE_FAMILY:-cos-121-lts} export MASTER_IMAGE=${KUBE_GCE_MASTER_IMAGE:-} export MASTER_IMAGE_FAMILY=${KUBE_GCE_MASTER_IMAGE_FAMILY:-${IMAGE_FAMILY}} export MASTER_IMAGE_PROJECT=${KUBE_GCE_MASTER_PROJECT:-cos-cloud} diff --git a/cluster/gce/config-test.sh b/cluster/gce/config-test.sh index 98e7b9a1ba362..f3fd32002a4f4 100755 --- a/cluster/gce/config-test.sh +++ b/cluster/gce/config-test.sh @@ -101,7 +101,7 @@ ALLOWED_NOTREADY_NODES=${ALLOWED_NOTREADY_NODES:-$(($(get-num-nodes) / 100))} # By default, the latest image from the image family will be used unless an # explicit image will be set. GCI_VERSION=${KUBE_GCI_VERSION:-} -IMAGE_FAMILY=${KUBE_IMAGE_FAMILY:-cos-109-lts} +IMAGE_FAMILY=${KUBE_IMAGE_FAMILY:-cos-121-lts} export MASTER_IMAGE=${KUBE_GCE_MASTER_IMAGE:-} export MASTER_IMAGE_FAMILY=${KUBE_GCE_MASTER_IMAGE_FAMILY:-${IMAGE_FAMILY}} export MASTER_IMAGE_PROJECT=${KUBE_GCE_MASTER_PROJECT:-cos-cloud} diff --git a/openshift-hack/images/hyperkube/Dockerfile.rhel b/openshift-hack/images/hyperkube/Dockerfile.rhel index 2ddcec7485303..bf20fffebc327 100644 --- a/openshift-hack/images/hyperkube/Dockerfile.rhel +++ b/openshift-hack/images/hyperkube/Dockerfile.rhel @@ -14,4 +14,4 @@ COPY --from=builder /tmp/build/* /usr/bin/ LABEL io.k8s.display-name="OpenShift Kubernetes Server Commands" \ io.k8s.description="OpenShift is a platform for developing, building, and deploying containerized applications." \ io.openshift.tags="openshift,hyperkube" \ - io.openshift.build.versions="kubernetes=1.32.10" \ No newline at end of file + io.openshift.build.versions="kubernetes=1.32.11" \ No newline at end of file diff --git a/pkg/kubelet/cm/devicemanager/plugin/v1beta1/server.go b/pkg/kubelet/cm/devicemanager/plugin/v1beta1/server.go index 312aa930a0f4b..cee0fecef2c2e 100644 --- a/pkg/kubelet/cm/devicemanager/plugin/v1beta1/server.go +++ b/pkg/kubelet/cm/devicemanager/plugin/v1beta1/server.go @@ -57,8 +57,8 @@ type server struct { chandler ClientHandler clients map[string]Client - // isStarted indicates whether the service has started successfully. - isStarted bool + // lastError records the last runtime error. A server is considered healthy till an actual error occurs. + lastError error } // NewServer returns an initialized device plugin registration server. @@ -117,7 +117,7 @@ func (s *server) Start() error { defer s.wg.Done() s.setHealthy() if err = s.grpc.Serve(ln); err != nil { - s.setUnhealthy() + s.setUnhealthy(err) klog.ErrorS(err, "Error while serving device plugin registration grpc server") } }() @@ -207,18 +207,19 @@ func (s *server) Name() string { } func (s *server) Check(_ *http.Request) error { - if s.isStarted { - return nil - } - return fmt.Errorf("device plugin registration gRPC server failed and no device plugins can register") + return s.lastError } // setHealthy sets the health status of the gRPC server. func (s *server) setHealthy() { - s.isStarted = true + s.lastError = nil } // setUnhealthy sets the health status of the gRPC server to unhealthy. -func (s *server) setUnhealthy() { - s.isStarted = false +func (s *server) setUnhealthy(err error) { + if err == nil { + s.lastError = fmt.Errorf("device registration error: device plugin registration gRPC server failed and no device plugins can register") + return + } + s.lastError = fmt.Errorf("device registration error: device plugin registration gRPC server failed and no device plugins can register: %w", err) } diff --git a/pkg/volume/csi/csi_block.go b/pkg/volume/csi/csi_block.go index 80c6b088ddc7a..3b1d0ac2ca996 100644 --- a/pkg/volume/csi/csi_block.go +++ b/pkg/volume/csi/csi_block.go @@ -68,7 +68,6 @@ package csi import ( "context" "errors" - "fmt" "os" "path/filepath" @@ -171,8 +170,8 @@ func (m *csiBlockMapper) stageVolumeForBlock( if csiSource.NodeStageSecretRef != nil { nodeStageSecrets, err = getCredentialsFromSecret(m.k8s, csiSource.NodeStageSecretRef) if err != nil { - return "", fmt.Errorf("failed to get NodeStageSecretRef %s/%s: %v", - csiSource.NodeStageSecretRef.Namespace, csiSource.NodeStageSecretRef.Name, err) + return "", volumetypes.NewTransientOperationFailure(log("failed to get NodeStageSecretRef %s/%s: %v", + csiSource.NodeStageSecretRef.Namespace, csiSource.NodeStageSecretRef.Name, err)) } } @@ -223,11 +222,11 @@ func (m *csiBlockMapper) publishVolumeForBlock( volAttribs := csiSource.VolumeAttributes podInfoEnabled, err := m.plugin.podInfoEnabled(string(m.driverName)) if err != nil { - return "", errors.New(log("blockMapper.publishVolumeForBlock failed to assemble volume attributes: %v", err)) + return "", volumetypes.NewTransientOperationFailure(log("blockMapper.publishVolumeForBlock failed to assemble volume attributes: %v", err)) } volumeLifecycleMode, err := m.plugin.getVolumeLifecycleMode(m.spec) if err != nil { - return "", errors.New(log("blockMapper.publishVolumeForBlock failed to get VolumeLifecycleMode: %v", err)) + return "", volumetypes.NewTransientOperationFailure(log("blockMapper.publishVolumeForBlock failed to get VolumeLifecycleMode: %v", err)) } if podInfoEnabled { volAttribs = mergeMap(volAttribs, getPodInfoAttrs(m.pod, volumeLifecycleMode)) @@ -237,7 +236,7 @@ func (m *csiBlockMapper) publishVolumeForBlock( if csiSource.NodePublishSecretRef != nil { nodePublishSecrets, err = getCredentialsFromSecret(m.k8s, csiSource.NodePublishSecretRef) if err != nil { - return "", errors.New(log("blockMapper.publishVolumeForBlock failed to get NodePublishSecretRef %s/%s: %v", + return "", volumetypes.NewTransientOperationFailure(log("blockMapper.publishVolumeForBlock failed to get NodePublishSecretRef %s/%s: %v", csiSource.NodePublishSecretRef.Namespace, csiSource.NodePublishSecretRef.Name, err)) } } @@ -304,7 +303,7 @@ func (m *csiBlockMapper) SetUpDevice() (string, error) { attachID := getAttachmentName(csiSource.VolumeHandle, csiSource.Driver, nodeName) attachment, err = m.k8s.StorageV1().VolumeAttachments().Get(context.TODO(), attachID, meta.GetOptions{}) if err != nil { - return "", errors.New(log("blockMapper.SetupDevice failed to get volume attachment [id=%v]: %v", attachID, err)) + return "", volumetypes.NewTransientOperationFailure(log("blockMapper.SetupDevice failed to get volume attachment [id=%v]: %v", attachID, err)) } } @@ -366,7 +365,7 @@ func (m *csiBlockMapper) MapPodDevice() (string, error) { attachID := getAttachmentName(csiSource.VolumeHandle, csiSource.Driver, nodeName) attachment, err = m.k8s.StorageV1().VolumeAttachments().Get(context.TODO(), attachID, meta.GetOptions{}) if err != nil { - return "", errors.New(log("blockMapper.MapPodDevice failed to get volume attachment [id=%v]: %v", attachID, err)) + return "", volumetypes.NewTransientOperationFailure(log("blockMapper.MapPodDevice failed to get volume attachment [id=%v]: %v", attachID, err)) } } diff --git a/pkg/volume/csi/csi_block_test.go b/pkg/volume/csi/csi_block_test.go index 3b06ff1c7c771..deffc6b39f902 100644 --- a/pkg/volume/csi/csi_block_test.go +++ b/pkg/volume/csi/csi_block_test.go @@ -18,6 +18,7 @@ package csi import ( "context" + "errors" "fmt" "os" "path/filepath" @@ -491,6 +492,46 @@ func TestBlockMapperMapPodDeviceNoClientError(t *testing.T) { } } +func TestBlockMapperMapPodDeviceGetStageSecretsError(t *testing.T) { + transientError := volumetypes.NewTransientOperationFailure("") + plug, tmpDir := newTestPlugin(t, nil) + defer func() { + if err := os.RemoveAll(tmpDir); err != nil { + t.Error(err) + } + }() + + csiMapper, _, pv, err := prepareBlockMapperTest(plug, "test-pv", t) + if err != nil { + t.Fatalf("Failed to make a new Mapper: %v", err) + } + + // set a stage secret for the pv + pv.Spec.PersistentVolumeSource.CSI.NodePublishSecretRef = &api.SecretReference{ + Name: "foo", + Namespace: "default", + } + pvName := pv.GetName() + nodeName := string(plug.host.GetNodeName()) + + csiMapper.csiClient = setupClient(t, true) + + attachID := getAttachmentName(csiMapper.volumeID, string(csiMapper.driverName), nodeName) + attachment := makeTestAttachment(attachID, nodeName, pvName) + attachment.Status.Attached = true + if _, err = csiMapper.k8s.StorageV1().VolumeAttachments().Create(context.Background(), attachment, metav1.CreateOptions{}); err != nil { + t.Fatalf("failed to setup VolumeAttachment: %v", err) + } + t.Log("created attachment ", attachID) + + _, err = csiMapper.MapPodDevice() + if err == nil { + t.Errorf("test should fail, but no error occurred") + } else if !errors.As(err, &transientError) { + t.Errorf("expected a transient error but got %v", err) + } +} + func TestBlockMapperTearDownDevice(t *testing.T) { plug, tmpDir := newTestPlugin(t, nil) defer os.RemoveAll(tmpDir) diff --git a/staging/publishing/rules.yaml b/staging/publishing/rules.yaml index e7337f14eff1d..b21d3f00eabc4 100644 --- a/staging/publishing/rules.yaml +++ b/staging/publishing/rules.yaml @@ -2900,4 +2900,4 @@ rules: - staging/src/k8s.io/externaljwt recursive-delete-patterns: - '*/.gitattributes' -default-go-version: 1.24.9 +default-go-version: 1.24.11 diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/generic/policy_matcher.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/generic/policy_matcher.go index d243b0710bc95..08ddcbf0a0a32 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/generic/policy_matcher.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/generic/policy_matcher.go @@ -17,6 +17,7 @@ limitations under the License. package generic import ( + "context" "fmt" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" @@ -41,8 +42,8 @@ type PolicyMatcher interface { BindingMatches(a admission.Attributes, o admission.ObjectInterfaces, binding BindingAccessor) (bool, error) // GetNamespace retrieves the Namespace resource by the given name. The name may be empty, in which case - // GetNamespace must return nil, nil - GetNamespace(name string) (*corev1.Namespace, error) + // GetNamespace must return nil, NotFound + GetNamespace(ctx context.Context, name string) (*corev1.Namespace, error) } type matcher struct { @@ -82,8 +83,8 @@ func (c *matcher) BindingMatches(a admission.Attributes, o admission.ObjectInter return isMatch, err } -func (c *matcher) GetNamespace(name string) (*corev1.Namespace, error) { - return c.Matcher.GetNamespace(name) +func (c *matcher) GetNamespace(ctx context.Context, name string) (*corev1.Namespace, error) { + return c.Matcher.GetNamespace(ctx, name) } var _ matching.MatchCriteria = &matchCriteria{} diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/matching/matching.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/matching/matching.go index eebe7694340d4..30a6cbebe9793 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/matching/matching.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/matching/matching.go @@ -17,6 +17,7 @@ limitations under the License. package matching import ( + "context" "fmt" v1 "k8s.io/api/admissionregistration/v1" @@ -44,8 +45,8 @@ type Matcher struct { objectMatcher *object.Matcher } -func (m *Matcher) GetNamespace(name string) (*corev1.Namespace, error) { - return m.namespaceMatcher.GetNamespace(name) +func (m *Matcher) GetNamespace(ctx context.Context, name string) (*corev1.Namespace, error) { + return m.namespaceMatcher.GetNamespace(ctx, name) } // NewMatcher initialize the matcher with dependencies requires diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/mutating/dispatcher.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/mutating/dispatcher.go index 918a07d0f7cab..61dfda11da3c1 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/mutating/dispatcher.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/mutating/dispatcher.go @@ -120,8 +120,12 @@ func (d *dispatcher) dispatchInvocations( // if it is cluster scoped, namespaceName will be empty // Otherwise, get the Namespace resource. if namespaceName != "" { - namespace, err = d.matcher.GetNamespace(namespaceName) + namespace, err = d.matcher.GetNamespace(ctx, namespaceName) if err != nil { + var statusError *k8serrors.StatusError + if errors.As(err, &statusError) { + return nil, statusError + } return nil, k8serrors.NewNotFound(schema.GroupResource{Group: "", Resource: "namespaces"}, namespaceName) } } diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/validating/admission_test.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/validating/admission_test.go index 14f33b175946c..03ddc31d8b750 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/validating/admission_test.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/validating/admission_test.go @@ -268,7 +268,7 @@ func (f *fakeMatcher) ValidateInitialization() error { return nil } -func (f *fakeMatcher) GetNamespace(name string) (*v1.Namespace, error) { +func (f *fakeMatcher) GetNamespace(ctx context.Context, name string) (*v1.Namespace, error) { return nil, nil } diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/validating/dispatcher.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/validating/dispatcher.go index 8f3e22f64dc28..0b5474b756422 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/validating/dispatcher.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/validating/dispatcher.go @@ -189,7 +189,7 @@ func (c *dispatcher) Dispatch(ctx context.Context, a admission.Attributes, o adm // if it is cluster scoped, namespaceName will be empty // Otherwise, get the Namespace resource. if namespaceName != "" { - namespace, err = c.matcher.GetNamespace(namespaceName) + namespace, err = c.matcher.GetNamespace(ctx, namespaceName) if err != nil { return err } diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace/matcher.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace/matcher.go index 6427bc67484a7..01d706bd41ac3 100644 --- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace/matcher.go +++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace/matcher.go @@ -44,8 +44,13 @@ type Matcher struct { Client clientset.Interface } -func (m *Matcher) GetNamespace(name string) (*v1.Namespace, error) { - return m.NamespaceLister.Get(name) +func (m *Matcher) GetNamespace(ctx context.Context, name string) (*v1.Namespace, error) { + ns, err := m.NamespaceLister.Get(name) + if apierrors.IsNotFound(err) && len(name) > 0 { + // in case of latency in our caches, make a call direct to storage to verify that it truly exists or not + ns, err = m.Client.CoreV1().Namespaces().Get(ctx, name, metav1.GetOptions{}) + } + return ns, err } // Validate checks if the Matcher has a NamespaceLister and Client. diff --git a/test/images/Makefile b/test/images/Makefile index 4cda4a67fcdf7..32f75796e2510 100644 --- a/test/images/Makefile +++ b/test/images/Makefile @@ -16,7 +16,7 @@ REGISTRY ?= registry.k8s.io/e2e-test-images GOARM ?= 7 DOCKER_CERT_BASE_PATH ?= QEMUVERSION=v5.1.0-2 -GOLANG_VERSION=1.24.9 +GOLANG_VERSION=1.24.11 export ifndef WHAT diff --git a/test/utils/image/manifest.go b/test/utils/image/manifest.go index cd25d986d94a8..4ee06c5e19ab9 100644 --- a/test/utils/image/manifest.go +++ b/test/utils/image/manifest.go @@ -223,7 +223,7 @@ func initImageConfigs(list RegistryList) (map[ImageID]Config, map[ImageID]Config configs[APIServer] = Config{list.PromoterE2eRegistry, "sample-apiserver", "1.29.2"} configs[AppArmorLoader] = Config{list.PromoterE2eRegistry, "apparmor-loader", "1.4"} configs[BusyBox] = Config{list.PromoterE2eRegistry, "busybox", "1.36.1-1"} - configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.7.11"} + configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.7.13"} configs[Etcd] = Config{list.GcEtcdRegistry, "etcd", "3.5.16-0"} configs[Httpd] = Config{list.PromoterE2eRegistry, "httpd", "2.4.38-4"} configs[HttpdNew] = Config{list.PromoterE2eRegistry, "httpd", "2.4.39-4"}