From 89f2beadc304bf666f4ca5f4b7c65d96dd2076e9 Mon Sep 17 00:00:00 2001 From: Kubernetes Release Robot Date: Wed, 20 Nov 2024 14:03:55 +0000 Subject: [PATCH 01/17] Update CHANGELOG/CHANGELOG-1.29.md for v1.29.11 --- CHANGELOG/CHANGELOG-1.29.md | 302 ++++++++++++++++++++++++------------ 1 file changed, 201 insertions(+), 101 deletions(-) diff --git a/CHANGELOG/CHANGELOG-1.29.md b/CHANGELOG/CHANGELOG-1.29.md index d3a060c8ff52a..0ea219614e3b6 100644 --- a/CHANGELOG/CHANGELOG-1.29.md +++ b/CHANGELOG/CHANGELOG-1.29.md @@ -1,291 +1,391 @@ -- [v1.29.10](#v12910) - - [Downloads for v1.29.10](#downloads-for-v12910) +- [v1.29.11](#v12911) + - [Downloads for v1.29.11](#downloads-for-v12911) - [Source Code](#source-code) - [Client Binaries](#client-binaries) - [Server Binaries](#server-binaries) - [Node Binaries](#node-binaries) - [Container Images](#container-images) - - [Changelog since v1.29.9](#changelog-since-v1299) + - [Changelog since v1.29.10](#changelog-since-v12910) - [Changes by Kind](#changes-by-kind) - - [Feature](#feature) - [Bug or Regression](#bug-or-regression) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake) - [Dependencies](#dependencies) - [Added](#added) - [Changed](#changed) - [Removed](#removed) -- [v1.29.9](#v1299) - - [Downloads for v1.29.9](#downloads-for-v1299) +- [v1.29.10](#v12910) + - [Downloads for v1.29.10](#downloads-for-v12910) - [Source Code](#source-code-1) - [Client Binaries](#client-binaries-1) - [Server Binaries](#server-binaries-1) - [Node Binaries](#node-binaries-1) - [Container Images](#container-images-1) - - [Changelog since v1.29.8](#changelog-since-v1298) + - [Changelog since v1.29.9](#changelog-since-v1299) - [Changes by Kind](#changes-by-kind-1) - - [Feature](#feature-1) + - [Feature](#feature) - [Bug or Regression](#bug-or-regression-1) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake) - [Dependencies](#dependencies-1) - [Added](#added-1) - [Changed](#changed-1) - [Removed](#removed-1) -- [v1.29.8](#v1298) - - [Downloads for v1.29.8](#downloads-for-v1298) +- [v1.29.9](#v1299) + - [Downloads for v1.29.9](#downloads-for-v1299) - [Source Code](#source-code-2) - [Client Binaries](#client-binaries-2) - [Server Binaries](#server-binaries-2) - [Node Binaries](#node-binaries-2) - [Container Images](#container-images-2) - - [Changelog since v1.29.7](#changelog-since-v1297) + - [Changelog since v1.29.8](#changelog-since-v1298) - [Changes by Kind](#changes-by-kind-2) - - [API Change](#api-change) + - [Feature](#feature-1) - [Bug or Regression](#bug-or-regression-2) - [Dependencies](#dependencies-2) - [Added](#added-2) - [Changed](#changed-2) - [Removed](#removed-2) -- [v1.29.7](#v1297) - - [Downloads for v1.29.7](#downloads-for-v1297) +- [v1.29.8](#v1298) + - [Downloads for v1.29.8](#downloads-for-v1298) - [Source Code](#source-code-3) - [Client Binaries](#client-binaries-3) - [Server Binaries](#server-binaries-3) - [Node Binaries](#node-binaries-3) - [Container Images](#container-images-3) - - [Changelog since v1.29.6](#changelog-since-v1296) - - [Important Security Information](#important-security-information) - - [CVE-2024-5321: Incorrect permissions on Windows containers logs](#cve-2024-5321-incorrect-permissions-on-windows-containers-logs) + - [Changelog since v1.29.7](#changelog-since-v1297) - [Changes by Kind](#changes-by-kind-3) - - [Feature](#feature-2) + - [API Change](#api-change) - [Bug or Regression](#bug-or-regression-3) - [Dependencies](#dependencies-3) - [Added](#added-3) - [Changed](#changed-3) - [Removed](#removed-3) -- [v1.29.6](#v1296) - - [Downloads for v1.29.6](#downloads-for-v1296) +- [v1.29.7](#v1297) + - [Downloads for v1.29.7](#downloads-for-v1297) - [Source Code](#source-code-4) - [Client Binaries](#client-binaries-4) - [Server Binaries](#server-binaries-4) - [Node Binaries](#node-binaries-4) - [Container Images](#container-images-4) - - [Changelog since v1.29.5](#changelog-since-v1295) + - [Changelog since v1.29.6](#changelog-since-v1296) + - [Important Security Information](#important-security-information) + - [CVE-2024-5321: Incorrect permissions on Windows containers logs](#cve-2024-5321-incorrect-permissions-on-windows-containers-logs) - [Changes by Kind](#changes-by-kind-4) - - [API Change](#api-change-1) - - [Feature](#feature-3) + - [Feature](#feature-2) - [Bug or Regression](#bug-or-regression-4) - [Dependencies](#dependencies-4) - [Added](#added-4) - [Changed](#changed-4) - [Removed](#removed-4) -- [v1.29.5](#v1295) - - [Downloads for v1.29.5](#downloads-for-v1295) +- [v1.29.6](#v1296) + - [Downloads for v1.29.6](#downloads-for-v1296) - [Source Code](#source-code-5) - [Client Binaries](#client-binaries-5) - [Server Binaries](#server-binaries-5) - [Node Binaries](#node-binaries-5) - [Container Images](#container-images-5) - - [Changelog since v1.29.4](#changelog-since-v1294) + - [Changelog since v1.29.5](#changelog-since-v1295) - [Changes by Kind](#changes-by-kind-5) + - [API Change](#api-change-1) + - [Feature](#feature-3) - [Bug or Regression](#bug-or-regression-5) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) - [Dependencies](#dependencies-5) - [Added](#added-5) - [Changed](#changed-5) - [Removed](#removed-5) -- [v1.29.4](#v1294) - - [Downloads for v1.29.4](#downloads-for-v1294) +- [v1.29.5](#v1295) + - [Downloads for v1.29.5](#downloads-for-v1295) - [Source Code](#source-code-6) - [Client Binaries](#client-binaries-6) - [Server Binaries](#server-binaries-6) - [Node Binaries](#node-binaries-6) - [Container Images](#container-images-6) - - [Changelog since v1.29.3](#changelog-since-v1293) - - [Important Security Information](#important-security-information-1) - - [CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin](#cve-2024-3177-bypassing-mountable-secrets-policy-imposed-by-the-serviceaccount-admission-plugin) + - [Changelog since v1.29.4](#changelog-since-v1294) - [Changes by Kind](#changes-by-kind-6) - - [Feature](#feature-4) - [Bug or Regression](#bug-or-regression-6) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) - [Dependencies](#dependencies-6) - [Added](#added-6) - [Changed](#changed-6) - [Removed](#removed-6) -- [v1.29.3](#v1293) - - [Downloads for v1.29.3](#downloads-for-v1293) +- [v1.29.4](#v1294) + - [Downloads for v1.29.4](#downloads-for-v1294) - [Source Code](#source-code-7) - [Client Binaries](#client-binaries-7) - [Server Binaries](#server-binaries-7) - [Node Binaries](#node-binaries-7) - [Container Images](#container-images-7) - - [Changelog since v1.29.2](#changelog-since-v1292) + - [Changelog since v1.29.3](#changelog-since-v1293) + - [Important Security Information](#important-security-information-1) + - [CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin](#cve-2024-3177-bypassing-mountable-secrets-policy-imposed-by-the-serviceaccount-admission-plugin) - [Changes by Kind](#changes-by-kind-7) - - [Feature](#feature-5) + - [Feature](#feature-4) - [Bug or Regression](#bug-or-regression-7) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - [Dependencies](#dependencies-7) - [Added](#added-7) - [Changed](#changed-7) - [Removed](#removed-7) -- [v1.29.2](#v1292) - - [Downloads for v1.29.2](#downloads-for-v1292) +- [v1.29.3](#v1293) + - [Downloads for v1.29.3](#downloads-for-v1293) - [Source Code](#source-code-8) - [Client Binaries](#client-binaries-8) - [Server Binaries](#server-binaries-8) - [Node Binaries](#node-binaries-8) - [Container Images](#container-images-8) - - [Changelog since v1.29.1](#changelog-since-v1291) + - [Changelog since v1.29.2](#changelog-since-v1292) - [Changes by Kind](#changes-by-kind-8) - - [Feature](#feature-6) + - [Feature](#feature-5) - [Bug or Regression](#bug-or-regression-8) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - [Dependencies](#dependencies-8) - [Added](#added-8) - [Changed](#changed-8) - [Removed](#removed-8) -- [v1.29.1](#v1291) - - [Downloads for v1.29.1](#downloads-for-v1291) +- [v1.29.2](#v1292) + - [Downloads for v1.29.2](#downloads-for-v1292) - [Source Code](#source-code-9) - [Client Binaries](#client-binaries-9) - [Server Binaries](#server-binaries-9) - [Node Binaries](#node-binaries-9) - [Container Images](#container-images-9) - - [Changelog since v1.29.0](#changelog-since-v1290) + - [Changelog since v1.29.1](#changelog-since-v1291) - [Changes by Kind](#changes-by-kind-9) - - [API Change](#api-change-2) - - [Feature](#feature-7) + - [Feature](#feature-6) - [Bug or Regression](#bug-or-regression-9) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) - [Dependencies](#dependencies-9) - [Added](#added-9) - [Changed](#changed-9) - [Removed](#removed-9) -- [v1.29.0](#v1290) - - [Downloads for v1.29.0](#downloads-for-v1290) +- [v1.29.1](#v1291) + - [Downloads for v1.29.1](#downloads-for-v1291) - [Source Code](#source-code-10) - [Client Binaries](#client-binaries-10) - [Server Binaries](#server-binaries-10) - [Node Binaries](#node-binaries-10) - [Container Images](#container-images-10) - - [Changelog since v1.28.0](#changelog-since-v1280) - - [Urgent Upgrade Notes](#urgent-upgrade-notes) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) + - [Changelog since v1.29.0](#changelog-since-v1290) - [Changes by Kind](#changes-by-kind-10) - - [Deprecation](#deprecation) - - [API Change](#api-change-3) - - [Feature](#feature-8) - - [Documentation](#documentation) - - [Failing Test](#failing-test) + - [API Change](#api-change-2) + - [Feature](#feature-7) - [Bug or Regression](#bug-or-regression-10) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) - [Dependencies](#dependencies-10) - [Added](#added-10) - [Changed](#changed-10) - [Removed](#removed-10) -- [v1.29.0-rc.2](#v1290-rc2) - - [Downloads for v1.29.0-rc.2](#downloads-for-v1290-rc2) +- [v1.29.0](#v1290) + - [Downloads for v1.29.0](#downloads-for-v1290) - [Source Code](#source-code-11) - [Client Binaries](#client-binaries-11) - [Server Binaries](#server-binaries-11) - [Node Binaries](#node-binaries-11) - [Container Images](#container-images-11) - - [Changelog since v1.29.0-rc.1](#changelog-since-v1290-rc1) + - [Changelog since v1.28.0](#changelog-since-v1280) + - [Urgent Upgrade Notes](#urgent-upgrade-notes) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) - [Changes by Kind](#changes-by-kind-11) - - [Feature](#feature-9) + - [Deprecation](#deprecation) + - [API Change](#api-change-3) + - [Feature](#feature-8) + - [Documentation](#documentation) + - [Failing Test](#failing-test) + - [Bug or Regression](#bug-or-regression-11) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) - [Dependencies](#dependencies-11) - [Added](#added-11) - [Changed](#changed-11) - [Removed](#removed-11) -- [v1.29.0-rc.1](#v1290-rc1) - - [Downloads for v1.29.0-rc.1](#downloads-for-v1290-rc1) +- [v1.29.0-rc.2](#v1290-rc2) + - [Downloads for v1.29.0-rc.2](#downloads-for-v1290-rc2) - [Source Code](#source-code-12) - [Client Binaries](#client-binaries-12) - [Server Binaries](#server-binaries-12) - [Node Binaries](#node-binaries-12) - [Container Images](#container-images-12) - - [Changelog since v1.29.0-rc.0](#changelog-since-v1290-rc0) + - [Changelog since v1.29.0-rc.1](#changelog-since-v1290-rc1) + - [Changes by Kind](#changes-by-kind-12) + - [Feature](#feature-9) - [Dependencies](#dependencies-12) - [Added](#added-12) - [Changed](#changed-12) - [Removed](#removed-12) -- [v1.29.0-rc.0](#v1290-rc0) - - [Downloads for v1.29.0-rc.0](#downloads-for-v1290-rc0) +- [v1.29.0-rc.1](#v1290-rc1) + - [Downloads for v1.29.0-rc.1](#downloads-for-v1290-rc1) - [Source Code](#source-code-13) - [Client Binaries](#client-binaries-13) - [Server Binaries](#server-binaries-13) - [Node Binaries](#node-binaries-13) - [Container Images](#container-images-13) - - [Changelog since v1.29.0-alpha.3](#changelog-since-v1290-alpha3) - - [Changes by Kind](#changes-by-kind-12) - - [API Change](#api-change-4) - - [Feature](#feature-10) - - [Bug or Regression](#bug-or-regression-11) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) + - [Changelog since v1.29.0-rc.0](#changelog-since-v1290-rc0) - [Dependencies](#dependencies-13) - [Added](#added-13) - [Changed](#changed-13) - [Removed](#removed-13) -- [v1.29.0-alpha.3](#v1290-alpha3) - - [Downloads for v1.29.0-alpha.3](#downloads-for-v1290-alpha3) +- [v1.29.0-rc.0](#v1290-rc0) + - [Downloads for v1.29.0-rc.0](#downloads-for-v1290-rc0) - [Source Code](#source-code-14) - [Client Binaries](#client-binaries-14) - [Server Binaries](#server-binaries-14) - [Node Binaries](#node-binaries-14) - [Container Images](#container-images-14) - - [Changelog since v1.29.0-alpha.2](#changelog-since-v1290-alpha2) - - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) + - [Changelog since v1.29.0-alpha.3](#changelog-since-v1290-alpha3) - [Changes by Kind](#changes-by-kind-13) - - [Deprecation](#deprecation-1) - - [API Change](#api-change-5) - - [Feature](#feature-11) - - [Documentation](#documentation-1) - - [Failing Test](#failing-test-1) + - [API Change](#api-change-4) + - [Feature](#feature-10) - [Bug or Regression](#bug-or-regression-12) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) - [Dependencies](#dependencies-14) - [Added](#added-14) - [Changed](#changed-14) - [Removed](#removed-14) -- [v1.29.0-alpha.2](#v1290-alpha2) - - [Downloads for v1.29.0-alpha.2](#downloads-for-v1290-alpha2) +- [v1.29.0-alpha.3](#v1290-alpha3) + - [Downloads for v1.29.0-alpha.3](#downloads-for-v1290-alpha3) - [Source Code](#source-code-15) - [Client Binaries](#client-binaries-15) - [Server Binaries](#server-binaries-15) - [Node Binaries](#node-binaries-15) - [Container Images](#container-images-15) - - [Changelog since v1.29.0-alpha.1](#changelog-since-v1290-alpha1) + - [Changelog since v1.29.0-alpha.2](#changelog-since-v1290-alpha2) + - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) - [Changes by Kind](#changes-by-kind-14) - - [Feature](#feature-12) - - [Failing Test](#failing-test-2) + - [Deprecation](#deprecation-1) + - [API Change](#api-change-5) + - [Feature](#feature-11) + - [Documentation](#documentation-1) + - [Failing Test](#failing-test-1) - [Bug or Regression](#bug-or-regression-13) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-7) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) - [Dependencies](#dependencies-15) - [Added](#added-15) - [Changed](#changed-15) - [Removed](#removed-15) -- [v1.29.0-alpha.1](#v1290-alpha1) - - [Downloads for v1.29.0-alpha.1](#downloads-for-v1290-alpha1) +- [v1.29.0-alpha.2](#v1290-alpha2) + - [Downloads for v1.29.0-alpha.2](#downloads-for-v1290-alpha2) - [Source Code](#source-code-16) - [Client Binaries](#client-binaries-16) - [Server Binaries](#server-binaries-16) - [Node Binaries](#node-binaries-16) - [Container Images](#container-images-16) - - [Changelog since v1.28.0](#changelog-since-v1280-1) + - [Changelog since v1.29.0-alpha.1](#changelog-since-v1290-alpha1) - [Changes by Kind](#changes-by-kind-15) + - [Feature](#feature-12) + - [Failing Test](#failing-test-2) + - [Bug or Regression](#bug-or-regression-14) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-7) + - [Dependencies](#dependencies-16) + - [Added](#added-16) + - [Changed](#changed-16) + - [Removed](#removed-16) +- [v1.29.0-alpha.1](#v1290-alpha1) + - [Downloads for v1.29.0-alpha.1](#downloads-for-v1290-alpha1) + - [Source Code](#source-code-17) + - [Client Binaries](#client-binaries-17) + - [Server Binaries](#server-binaries-17) + - [Node Binaries](#node-binaries-17) + - [Container Images](#container-images-17) + - [Changelog since v1.28.0](#changelog-since-v1280-1) + - [Changes by Kind](#changes-by-kind-16) - [Deprecation](#deprecation-2) - [API Change](#api-change-6) - [Feature](#feature-13) - [Documentation](#documentation-2) - [Failing Test](#failing-test-3) - - [Bug or Regression](#bug-or-regression-14) + - [Bug or Regression](#bug-or-regression-15) - [Other (Cleanup or Flake)](#other-cleanup-or-flake-8) - - [Dependencies](#dependencies-16) - - [Added](#added-16) - - [Changed](#changed-16) - - [Removed](#removed-16) + - [Dependencies](#dependencies-17) + - [Added](#added-17) + - [Changed](#changed-17) + - [Removed](#removed-17) +# v1.29.11 + + +## Downloads for v1.29.11 + + + +### Source Code + +filename | sha512 hash +-------- | ----------- +[kubernetes.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes.tar.gz) | 182a45834752dd36a0f379c6998f7b936beac1d44cd25985907774f2217a6e9d29c56ecaa893497508be2ca58fd5d8d424dc92c49ea64d1ecb9935029825f6c6 +[kubernetes-src.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-src.tar.gz) | 1ecfbcc9d7fee4c673d330e67a0329df2a2a8a4096c255ef65550e4631810f546ec4f8061ea829f0391d4845e22824998e6afe1bd0adf3c14ecda225bfdd1953 + +### Client Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-client-darwin-amd64.tar.gz) | 089e3a10b1474bff44c292ea678485e5f0a50b2b497ebe7a18a6bda01c6ea2a77718f6cb158fb9c958d3a0710c462c11cc13de312d95fb59158132b2180b52ca +[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-client-darwin-arm64.tar.gz) | 5f8d0aeaaa708fcde973f13a25df5d4182a72739d9988b2f6f8aac900882e0f3889c4d5b530c767f68456903d6b885aece9d68af2dc59ad541932e74c6099951 +[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-client-linux-386.tar.gz) | 7a50c7d36829961db8904c6677dc188dccbba0aec745ba701a6331d9e4048675ee9b116a079392a65b499a5b71c892775872fa9efe9e6e2f93705ae9c32c81e4 +[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-client-linux-amd64.tar.gz) | f7c03d1a110b7237de519778f3cb0cc9f7fdc2ec918a15f0577310224b86ab8ca1a4d0f98ff289d6d0a681d682942fe4665c2aa7b42eaa843596d44df9e7f195 +[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-client-linux-arm.tar.gz) | 41f9c1993df2affc61c133b9a089f5f09d360dafd7e7886336df70ebe2f74d58bbc731fbeeb4453756b3eaa576d779464e090749481d71288eb7646d169a52d3 +[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-client-linux-arm64.tar.gz) | c4d40381c096c75358d9eb053e0d17611dca31191c9b4035f124b0049bef2399ca1639eafa9f6d6c4af52224c62f0af453aa3e4e44b8f2959d89e643b5fd48eb +[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-client-linux-ppc64le.tar.gz) | f28e665cb637040042d946aadf6be93ae1df4ff0e4959e317b1099d96278e69c6a6b2f884ad7d496a82f7641129c481e913024a40e69bbc69f0d05e27ca9ff08 +[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-client-linux-s390x.tar.gz) | 99851487697f6796d87adcd0837c1882e833376cbf4f7fdeb549f786bdc72be6e11d3120bbe261bc151dc66c910bb1cb8ea41487d6030f0c3d282f2f1b03ba81 +[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-client-windows-386.tar.gz) | ef55ed00ccc849c01aac12ea58239f0e1f130de6e68e73da565cf56d969eb71bc48c2d1d0c60904b9b1c813e6b7a725e39b1618054258a6966377cbb4cbaa2ad +[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-client-windows-amd64.tar.gz) | 4502a5db2785bc1c8fee369ae1f263a9d52ff41edcb67b2809f38dad39dd48651c392834b8e69e0d4d65fd781c8bb4b51b30f00cff683ab958291ae46e6dab6e +[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-client-windows-arm64.tar.gz) | 65c9a24b52a3b133138aea7fdf106dad3afa168851652e813c6ae28f03501eff12705466f1046e860f1aa88070e9b4d092dc141c5f98d13ea7acb8b0befd4e6f + +### Server Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-server-linux-amd64.tar.gz) | 6b3bfc7ebfc7fbf6e98f8ef2d968ddd5ea8796b7f6ebb0af8f5d8d23238728995c0125b363373928655d65bb04b18a8bc09a6ef5950ef43afa10db763a3963a4 +[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-server-linux-arm64.tar.gz) | 5d2149909fb2f9e01f1f0a024fd73c8aad606ad1b356b502d780ae89533024d8d2494a4c65069433d2148169c1d225fa207ec8728f1f011ab29bf50ac35b883c +[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-server-linux-ppc64le.tar.gz) | 3225d1e9b6b00e7f459aac0a692d97856958e81e34b3fa4b6a07f71b49798d5b723525b5e195ee6fec6bf7a81212f57451a432ad0a5255c02a1e597f4d3d82ad +[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-server-linux-s390x.tar.gz) | 3f0250adf79d2a422df397492432cc0e9f56de44ba094cf3716457a1c3c710be1fcd6c1557cd8b553b614be469a23d21f9e6fea2340b83d9ce30d8191f4298e9 + +### Node Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-node-linux-amd64.tar.gz) | 060c625d6ff498acaea2e6dde1b5c07754993e9edc0a16133baa457aa597c38d1328920d4360d55c60711faeedf35e5e7416452daf417b45c7bd75eb4f936d60 +[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-node-linux-arm64.tar.gz) | f5a08d7c651c68f2794d55dea8e3326b5d0d6e717e9a6eaece044c2a3259514217dca6cdbcd02e20f07865e6306f91ad27b5e168ac7460235d8dde9d07c17c92 +[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-node-linux-ppc64le.tar.gz) | 6ef4daa9dc2fcf5558afece5e178bc549f396509e0be4f281b70aac4fdc5561024068d47dc1c8a07a4dcaed2e9af58b07935fbdafe0192f0246689b015bf4e12 +[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-node-linux-s390x.tar.gz) | c9e92f213698ba3d5c7e959f2308275f0081c393d2fe2ff39329fe981cc578fed9f2d7ce0b77e085bf97cca14e406d334f85f1eec46426eb55a907081c636451 +[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.29.11/kubernetes-node-windows-amd64.tar.gz) | f84f28ee41a51fa902979d828329bd17075c8ec5b9d1143b930941d7ce84e7cac590ed240c1da53ff33719885b1033dc8516741e64688619976be2a3b292cbcc + +### Container Images + +All container images are available as manifest lists and support the described +architectures. It is also possible to pull a specific architecture directly by +adding the "-$ARCH" suffix to the container image name. + +name | architectures +---- | ------------- +[registry.k8s.io/conformance:v1.29.11](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-s390x) +[registry.k8s.io/kube-apiserver:v1.29.11](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-s390x) +[registry.k8s.io/kube-controller-manager:v1.29.11](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-s390x) +[registry.k8s.io/kube-proxy:v1.29.11](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-s390x) +[registry.k8s.io/kube-scheduler:v1.29.11](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-s390x) +[registry.k8s.io/kubectl:v1.29.11](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-s390x) + +## Changelog since v1.29.10 + +## Changes by Kind + +### Bug or Regression + +- Fix a bug when the hostname label of a node does not match the node name, pods bound to a PV with nodeAffinity using the hostname may be scheduled to the wrong node or experience scheduling failures. ([#127586](https://github.com/kubernetes/kubernetes/pull/127586), [@AxeZhan](https://github.com/AxeZhan)) [SIG Scheduling and Storage] +- Fixed a suboptimal scheduler preemption behavior where potential preemption victims were violating Pod Disruption Budgets. ([#128435](https://github.com/kubernetes/kubernetes/pull/128435), [@NoicFank](https://github.com/NoicFank)) [SIG Scheduling] + +## Dependencies + +### Added +_Nothing has changed._ + +### Changed +_Nothing has changed._ + +### Removed +_Nothing has changed._ + + + # v1.29.10 @@ -368,7 +468,7 @@ name | architectures to deleted pods did not get cleaned up correctly, which could (among other things) cause DNS problems when DNS pods were restarted. ([#127808](https://github.com/kubernetes/kubernetes/pull/127808), [@danwinship](https://github.com/danwinship)) [SIG Network] - Kubeadm: fix wrong member list reported when removing an etcd member ([#127962](https://github.com/kubernetes/kubernetes/pull/127962), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- Kubeadm: when adding new control plane nodes with "kubeamd join", ensure that the etcd member addition is performed only if a given member URL does not already exist in the list of members. Similarly, on "kubeadm reset" only remove an etcd member if its ID exists. ([#127621](https://github.com/kubernetes/kubernetes/pull/127621), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] +- Kubeadm: when adding new control plane nodes with "kubeadm join", ensure that the etcd member addition is performed only if a given member URL does not already exist in the list of members. Similarly, on "kubeadm reset" only remove an etcd member if its ID exists. ([#127621](https://github.com/kubernetes/kubernetes/pull/127621), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] - The scheduling queue didn't notice any extenders' failures, it could miss some cluster events, and it could end up Pods rejected by Extenders stuck in unschedulable pod pool in 5min in the worst-case scenario. Now, the scheduling queue notices extenders' failures and requeue Pods rejected by Extenders appropriately. ([#122022](https://github.com/kubernetes/kubernetes/pull/122022), [@sanposhiho](https://github.com/sanposhiho)) [SIG Scheduling] From 0a3c63d03be543e1660596e7b96ccc63afc7b9f4 Mon Sep 17 00:00:00 2001 From: cpanato Date: Wed, 27 Nov 2024 17:23:39 +0100 Subject: [PATCH 02/17] skip TestCreateBlobDisk test Signed-off-by: cpanato --- .../azure/azure_blobDiskController_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/staging/src/k8s.io/legacy-cloud-providers/azure/azure_blobDiskController_test.go b/staging/src/k8s.io/legacy-cloud-providers/azure/azure_blobDiskController_test.go index dc6a1a16460fc..e4bc454187626 100644 --- a/staging/src/k8s.io/legacy-cloud-providers/azure/azure_blobDiskController_test.go +++ b/staging/src/k8s.io/legacy-cloud-providers/azure/azure_blobDiskController_test.go @@ -331,7 +331,10 @@ func TestFindSANameForDisk(t *testing.T) { assert.NoError(t, err) } +// Skipping this test due to failing ci but not removing to keep for future reference if needed +// GH Issue: https://github.com/kubernetes/kubernetes/issues/129007 func TestCreateBlobDisk(t *testing.T) { + t.Skip("skipping test due some Azure API changes and failing ci") ctrl := gomock.NewController(t) defer ctrl.Finish() b := GetTestBlobDiskController(t) From f1738630a6ee49a25a3602534cadfa66b75629e7 Mon Sep 17 00:00:00 2001 From: cpanato Date: Thu, 21 Nov 2024 15:02:05 +0100 Subject: [PATCH 03/17] Bump images, dependencies and versions to go 1.22.9 and distroless iptables Signed-off-by: cpanato --- .go-version | 2 +- build/build-image/cross/VERSION | 2 +- build/common.sh | 4 +-- build/dependencies.yaml | 8 ++--- staging/publishing/rules.yaml | 62 ++++++++++++++++----------------- test/images/Makefile | 2 +- test/utils/image/manifest.go | 2 +- 7 files changed, 41 insertions(+), 41 deletions(-) diff --git a/.go-version b/.go-version index 0793194ffc11d..23e932bdfe723 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.22.8 \ No newline at end of file +1.22.9 \ No newline at end of file diff --git a/build/build-image/cross/VERSION b/build/build-image/cross/VERSION index a619954978372..50595469bda18 100644 --- a/build/build-image/cross/VERSION +++ b/build/build-image/cross/VERSION @@ -1 +1 @@ -v1.29.0-go1.22.8-bullseye.0 +v1.29.0-go1.22.9-bullseye.0 diff --git a/build/common.sh b/build/common.sh index f8f687cc0d03c..7ed5db9eb477f 100755 --- a/build/common.sh +++ b/build/common.sh @@ -96,8 +96,8 @@ readonly KUBE_RSYNC_PORT="${KUBE_RSYNC_PORT:-}" readonly KUBE_CONTAINER_RSYNC_PORT=8730 # These are the default versions (image tags) for their respective base images. -readonly __default_distroless_iptables_version=v0.5.9 -readonly __default_go_runner_version=v2.3.1-go1.22.8-bookworm.0 +readonly __default_distroless_iptables_version=v0.5.10 +readonly __default_go_runner_version=v2.4.0-go1.22.9-bookworm.0 readonly __default_setcap_version=bookworm-v1.0.3 # These are the base images for the Docker-wrapped binaries. diff --git a/build/dependencies.yaml b/build/dependencies.yaml index 2dbad32dd4f24..5ad85ebc5d4fb 100644 --- a/build/dependencies.yaml +++ b/build/dependencies.yaml @@ -118,7 +118,7 @@ dependencies: # Golang - name: "golang: upstream version" - version: 1.22.8 + version: 1.22.9 refPaths: - path: .go-version - path: build/build-image/cross/VERSION @@ -141,7 +141,7 @@ dependencies: # match: minimum_go_version=go([0-9]+\.[0-9]+) - name: "registry.k8s.io/kube-cross: dependents" - version: v1.29.0-go1.22.8-bullseye.0 + version: v1.29.0-go1.22.9-bullseye.0 refPaths: - path: build/build-image/cross/VERSION @@ -179,7 +179,7 @@ dependencies: match: registry\.k8s\.io\/build-image\/debian-base:[a-zA-Z]+\-v((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?) - name: "registry.k8s.io/distroless-iptables: dependents" - version: v0.5.9 + version: v0.5.10 refPaths: - path: build/common.sh match: __default_distroless_iptables_version= @@ -187,7 +187,7 @@ dependencies: match: configs\[DistrolessIptables\] = Config{list\.BuildImageRegistry, "distroless-iptables", "v([0-9]+)\.([0-9]+)\.([0-9]+)"} - name: "registry.k8s.io/go-runner: dependents" - version: v2.3.1-go1.22.8-bookworm.0 + version: v2.4.0-go1.22.9-bookworm.0 refPaths: - path: build/common.sh match: __default_go_runner_version= diff --git a/staging/publishing/rules.yaml b/staging/publishing/rules.yaml index a8067ff2a9377..1c78ebc53e708 100644 --- a/staging/publishing/rules.yaml +++ b/staging/publishing/rules.yaml @@ -31,7 +31,7 @@ rules: dirs: - staging/src/k8s.io/code-generator - name: release-1.29 - go: 1.22.8 + go: 1.22.9 source: branch: release-1.29 dirs: @@ -68,7 +68,7 @@ rules: dirs: - staging/src/k8s.io/apimachinery - name: release-1.29 - go: 1.22.8 + go: 1.22.9 source: branch: release-1.29 dirs: @@ -121,7 +121,7 @@ rules: dirs: - staging/src/k8s.io/api - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -207,7 +207,7 @@ rules: go build -mod=mod ./... go test -mod=mod ./... - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -289,7 +289,7 @@ rules: dirs: - staging/src/k8s.io/component-base - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -369,7 +369,7 @@ rules: dirs: - staging/src/k8s.io/component-helpers - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -425,7 +425,7 @@ rules: dirs: - staging/src/k8s.io/kms - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -519,7 +519,7 @@ rules: dirs: - staging/src/k8s.io/apiserver - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -641,7 +641,7 @@ rules: dirs: - staging/src/k8s.io/kube-aggregator - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -791,7 +791,7 @@ rules: # assumes GO111MODULE=on go build -mod=mod . - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -918,7 +918,7 @@ rules: # assumes GO111MODULE=on go build -mod=mod . - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -1052,7 +1052,7 @@ rules: required-packages: - k8s.io/code-generator - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -1151,7 +1151,7 @@ rules: dirs: - staging/src/k8s.io/metrics - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -1233,7 +1233,7 @@ rules: dirs: - staging/src/k8s.io/cli-runtime - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: api branch: release-1.29 @@ -1323,7 +1323,7 @@ rules: dirs: - staging/src/k8s.io/sample-cli-plugin - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: api branch: release-1.29 @@ -1414,7 +1414,7 @@ rules: dirs: - staging/src/k8s.io/kube-proxy - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -1461,7 +1461,7 @@ rules: dirs: - staging/src/k8s.io/cri-api - name: release-1.29 - go: 1.22.8 + go: 1.22.9 source: branch: release-1.29 dirs: @@ -1556,7 +1556,7 @@ rules: dirs: - staging/src/k8s.io/kubelet - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -1654,7 +1654,7 @@ rules: dirs: - staging/src/k8s.io/kube-scheduler - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -1764,7 +1764,7 @@ rules: dirs: - staging/src/k8s.io/controller-manager - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: api branch: release-1.29 @@ -1898,7 +1898,7 @@ rules: dirs: - staging/src/k8s.io/cloud-provider - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: api branch: release-1.29 @@ -2046,7 +2046,7 @@ rules: dirs: - staging/src/k8s.io/kube-controller-manager - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -2128,7 +2128,7 @@ rules: dirs: - staging/src/k8s.io/cluster-bootstrap - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -2196,7 +2196,7 @@ rules: dirs: - staging/src/k8s.io/csi-translation-lib - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: api branch: release-1.29 @@ -2239,7 +2239,7 @@ rules: dirs: - staging/src/k8s.io/mount-utils - name: release-1.29 - go: 1.22.8 + go: 1.22.9 source: branch: release-1.29 dirs: @@ -2378,7 +2378,7 @@ rules: dirs: - staging/src/k8s.io/legacy-cloud-providers - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: api branch: release-1.29 @@ -2520,7 +2520,7 @@ rules: dirs: - staging/src/k8s.io/kubectl - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: api branch: release-1.29 @@ -2638,7 +2638,7 @@ rules: dirs: - staging/src/k8s.io/pod-security-admission - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: api branch: release-1.29 @@ -2735,7 +2735,7 @@ rules: dirs: - staging/src/k8s.io/dynamic-resource-allocation - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: apimachinery branch: release-1.29 @@ -2787,7 +2787,7 @@ rules: dirs: - staging/src/k8s.io/endpointslice - name: release-1.29 - go: 1.22.8 + go: 1.22.9 dependencies: - repository: api branch: release-1.29 @@ -2803,4 +2803,4 @@ rules: - staging/src/k8s.io/endpointslice recursive-delete-patterns: - '*/.gitattributes' -default-go-version: 1.22.8 +default-go-version: 1.22.9 diff --git a/test/images/Makefile b/test/images/Makefile index dfeec973f7900..b999cfdf9ca50 100644 --- a/test/images/Makefile +++ b/test/images/Makefile @@ -16,7 +16,7 @@ REGISTRY ?= registry.k8s.io/e2e-test-images GOARM ?= 7 DOCKER_CERT_BASE_PATH ?= QEMUVERSION=v5.1.0-2 -GOLANG_VERSION=1.22.8 +GOLANG_VERSION=1.22.9 export ifndef WHAT diff --git a/test/utils/image/manifest.go b/test/utils/image/manifest.go index 4e4118876e15f..67fd8ddf87dc8 100644 --- a/test/utils/image/manifest.go +++ b/test/utils/image/manifest.go @@ -241,7 +241,7 @@ func initImageConfigs(list RegistryList) (map[ImageID]Config, map[ImageID]Config configs[BusyBox] = Config{list.PromoterE2eRegistry, "busybox", "1.36.1-1"} configs[CudaVectorAdd] = Config{list.PromoterE2eRegistry, "cuda-vector-add", "1.0"} configs[CudaVectorAdd2] = Config{list.PromoterE2eRegistry, "cuda-vector-add", "2.3"} - configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.5.9"} + configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.5.10"} configs[Etcd] = Config{list.GcEtcdRegistry, "etcd", "3.5.16-0"} configs[Httpd] = Config{list.PromoterE2eRegistry, "httpd", "2.4.38-4"} configs[HttpdNew] = Config{list.PromoterE2eRegistry, "httpd", "2.4.39-4"} From 81d77f62c6e5594b04f2f1b2a45798dbebaa1289 Mon Sep 17 00:00:00 2001 From: carlory Date: Mon, 21 Oct 2024 15:01:45 +0800 Subject: [PATCH 04/17] kubelet: Fix the volume manager did't check the device mount state in the actual state of the world before marking the volume as detached. It may cause a pod to be stuck in the Terminating state due to the above issue when it was deleted. --- .../cache/actual_state_of_world.go | 17 +++++++++++++++++ .../reconciler/reconciler_common.go | 5 +++++ 2 files changed, 22 insertions(+) diff --git a/pkg/kubelet/volumemanager/cache/actual_state_of_world.go b/pkg/kubelet/volumemanager/cache/actual_state_of_world.go index 2741e459f32cd..96ceeb82c5eea 100644 --- a/pkg/kubelet/volumemanager/cache/actual_state_of_world.go +++ b/pkg/kubelet/volumemanager/cache/actual_state_of_world.go @@ -168,6 +168,11 @@ type ActualStateOfWorld interface { // or have a mount/unmount operation pending. GetAttachedVolumes() []AttachedVolume + // GetAttachedVolume returns the volume that is known to be attached to the node + // with the given volume name. If the volume is not found, the second return value + // is false. + GetAttachedVolume(volumeName v1.UniqueVolumeName) (AttachedVolume, bool) + // SyncReconstructedVolume check the volume.outerVolumeSpecName in asw and // the one populated from dsw, if they do not match, update this field from the value from dsw. SyncReconstructedVolume(volumeName v1.UniqueVolumeName, podName volumetypes.UniquePodName, outerVolumeSpecName string) @@ -1104,6 +1109,18 @@ func (asw *actualStateOfWorld) GetAttachedVolumes() []AttachedVolume { return allAttachedVolumes } +func (asw *actualStateOfWorld) GetAttachedVolume(volumeName v1.UniqueVolumeName) (AttachedVolume, bool) { + asw.RLock() + defer asw.RUnlock() + + volumeObj, ok := asw.attachedVolumes[volumeName] + if !ok { + return AttachedVolume{}, false + } + + return asw.newAttachedVolume(&volumeObj), true +} + func (asw *actualStateOfWorld) GetUnmountedVolumes() []AttachedVolume { asw.RLock() defer asw.RUnlock() diff --git a/pkg/kubelet/volumemanager/reconciler/reconciler_common.go b/pkg/kubelet/volumemanager/reconciler/reconciler_common.go index b895f943fd84c..11dc13cc77d1f 100644 --- a/pkg/kubelet/volumemanager/reconciler/reconciler_common.go +++ b/pkg/kubelet/volumemanager/reconciler/reconciler_common.go @@ -281,6 +281,11 @@ func (rc *reconciler) unmountDetachDevices() { // Check IsOperationPending to avoid marking a volume as detached if it's in the process of mounting. if !rc.desiredStateOfWorld.VolumeExists(attachedVolume.VolumeName, attachedVolume.SELinuxMountContext) && !rc.operationExecutor.IsOperationPending(attachedVolume.VolumeName, nestedpendingoperations.EmptyUniquePodName, nestedpendingoperations.EmptyNodeName) { + + // Re-read the actual state of the world, maybe the volume got mounted in the meantime. + // This is safe, because there is no pending operation (checked above) and no new operation + // could start in the meantime. The only goroutine that adds new operations is this reconciler. + attachedVolume, _ = rc.actualStateOfWorld.GetAttachedVolume(attachedVolume.VolumeName) if attachedVolume.DeviceMayBeMounted() { // Volume is globally mounted to device, unmount it klog.V(5).InfoS(attachedVolume.GenerateMsgDetailed("Starting operationExecutor.UnmountDevice", "")) From 9253c9bda3d8bd76848bb4a21b309c28c0aab2f7 Mon Sep 17 00:00:00 2001 From: Kubernetes Release Robot Date: Tue, 10 Dec 2024 11:27:07 +0000 Subject: [PATCH 05/17] Release commit for Kubernetes v1.29.12 From 430765723b177aa09c9c10c6776b2844bc2d8b74 Mon Sep 17 00:00:00 2001 From: Kubernetes Release Robot Date: Tue, 10 Dec 2024 12:00:11 +0000 Subject: [PATCH 06/17] Update CHANGELOG/CHANGELOG-1.29.md for v1.29.12 --- CHANGELOG/CHANGELOG-1.29.md | 315 +++++++++++++++++++++++------------- 1 file changed, 207 insertions(+), 108 deletions(-) diff --git a/CHANGELOG/CHANGELOG-1.29.md b/CHANGELOG/CHANGELOG-1.29.md index 0ea219614e3b6..310cb358036dc 100644 --- a/CHANGELOG/CHANGELOG-1.29.md +++ b/CHANGELOG/CHANGELOG-1.29.md @@ -1,305 +1,404 @@ -- [v1.29.11](#v12911) - - [Downloads for v1.29.11](#downloads-for-v12911) +- [v1.29.12](#v12912) + - [Downloads for v1.29.12](#downloads-for-v12912) - [Source Code](#source-code) - [Client Binaries](#client-binaries) - [Server Binaries](#server-binaries) - [Node Binaries](#node-binaries) - [Container Images](#container-images) - - [Changelog since v1.29.10](#changelog-since-v12910) + - [Changelog since v1.29.11](#changelog-since-v12911) - [Changes by Kind](#changes-by-kind) - - [Bug or Regression](#bug-or-regression) + - [Feature](#feature) - [Dependencies](#dependencies) - [Added](#added) - [Changed](#changed) - [Removed](#removed) -- [v1.29.10](#v12910) - - [Downloads for v1.29.10](#downloads-for-v12910) +- [v1.29.11](#v12911) + - [Downloads for v1.29.11](#downloads-for-v12911) - [Source Code](#source-code-1) - [Client Binaries](#client-binaries-1) - [Server Binaries](#server-binaries-1) - [Node Binaries](#node-binaries-1) - [Container Images](#container-images-1) - - [Changelog since v1.29.9](#changelog-since-v1299) + - [Changelog since v1.29.10](#changelog-since-v12910) - [Changes by Kind](#changes-by-kind-1) - - [Feature](#feature) - - [Bug or Regression](#bug-or-regression-1) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake) + - [Bug or Regression](#bug-or-regression) - [Dependencies](#dependencies-1) - [Added](#added-1) - [Changed](#changed-1) - [Removed](#removed-1) -- [v1.29.9](#v1299) - - [Downloads for v1.29.9](#downloads-for-v1299) +- [v1.29.10](#v12910) + - [Downloads for v1.29.10](#downloads-for-v12910) - [Source Code](#source-code-2) - [Client Binaries](#client-binaries-2) - [Server Binaries](#server-binaries-2) - [Node Binaries](#node-binaries-2) - [Container Images](#container-images-2) - - [Changelog since v1.29.8](#changelog-since-v1298) + - [Changelog since v1.29.9](#changelog-since-v1299) - [Changes by Kind](#changes-by-kind-2) - [Feature](#feature-1) - - [Bug or Regression](#bug-or-regression-2) + - [Bug or Regression](#bug-or-regression-1) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake) - [Dependencies](#dependencies-2) - [Added](#added-2) - [Changed](#changed-2) - [Removed](#removed-2) -- [v1.29.8](#v1298) - - [Downloads for v1.29.8](#downloads-for-v1298) +- [v1.29.9](#v1299) + - [Downloads for v1.29.9](#downloads-for-v1299) - [Source Code](#source-code-3) - [Client Binaries](#client-binaries-3) - [Server Binaries](#server-binaries-3) - [Node Binaries](#node-binaries-3) - [Container Images](#container-images-3) - - [Changelog since v1.29.7](#changelog-since-v1297) + - [Changelog since v1.29.8](#changelog-since-v1298) - [Changes by Kind](#changes-by-kind-3) - - [API Change](#api-change) - - [Bug or Regression](#bug-or-regression-3) + - [Feature](#feature-2) + - [Bug or Regression](#bug-or-regression-2) - [Dependencies](#dependencies-3) - [Added](#added-3) - [Changed](#changed-3) - [Removed](#removed-3) -- [v1.29.7](#v1297) - - [Downloads for v1.29.7](#downloads-for-v1297) +- [v1.29.8](#v1298) + - [Downloads for v1.29.8](#downloads-for-v1298) - [Source Code](#source-code-4) - [Client Binaries](#client-binaries-4) - [Server Binaries](#server-binaries-4) - [Node Binaries](#node-binaries-4) - [Container Images](#container-images-4) - - [Changelog since v1.29.6](#changelog-since-v1296) - - [Important Security Information](#important-security-information) - - [CVE-2024-5321: Incorrect permissions on Windows containers logs](#cve-2024-5321-incorrect-permissions-on-windows-containers-logs) + - [Changelog since v1.29.7](#changelog-since-v1297) - [Changes by Kind](#changes-by-kind-4) - - [Feature](#feature-2) - - [Bug or Regression](#bug-or-regression-4) + - [API Change](#api-change) + - [Bug or Regression](#bug-or-regression-3) - [Dependencies](#dependencies-4) - [Added](#added-4) - [Changed](#changed-4) - [Removed](#removed-4) -- [v1.29.6](#v1296) - - [Downloads for v1.29.6](#downloads-for-v1296) +- [v1.29.7](#v1297) + - [Downloads for v1.29.7](#downloads-for-v1297) - [Source Code](#source-code-5) - [Client Binaries](#client-binaries-5) - [Server Binaries](#server-binaries-5) - [Node Binaries](#node-binaries-5) - [Container Images](#container-images-5) - - [Changelog since v1.29.5](#changelog-since-v1295) + - [Changelog since v1.29.6](#changelog-since-v1296) + - [Important Security Information](#important-security-information) + - [CVE-2024-5321: Incorrect permissions on Windows containers logs](#cve-2024-5321-incorrect-permissions-on-windows-containers-logs) - [Changes by Kind](#changes-by-kind-5) - - [API Change](#api-change-1) - [Feature](#feature-3) - - [Bug or Regression](#bug-or-regression-5) + - [Bug or Regression](#bug-or-regression-4) - [Dependencies](#dependencies-5) - [Added](#added-5) - [Changed](#changed-5) - [Removed](#removed-5) -- [v1.29.5](#v1295) - - [Downloads for v1.29.5](#downloads-for-v1295) +- [v1.29.6](#v1296) + - [Downloads for v1.29.6](#downloads-for-v1296) - [Source Code](#source-code-6) - [Client Binaries](#client-binaries-6) - [Server Binaries](#server-binaries-6) - [Node Binaries](#node-binaries-6) - [Container Images](#container-images-6) - - [Changelog since v1.29.4](#changelog-since-v1294) + - [Changelog since v1.29.5](#changelog-since-v1295) - [Changes by Kind](#changes-by-kind-6) - - [Bug or Regression](#bug-or-regression-6) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) + - [API Change](#api-change-1) + - [Feature](#feature-4) + - [Bug or Regression](#bug-or-regression-5) - [Dependencies](#dependencies-6) - [Added](#added-6) - [Changed](#changed-6) - [Removed](#removed-6) -- [v1.29.4](#v1294) - - [Downloads for v1.29.4](#downloads-for-v1294) +- [v1.29.5](#v1295) + - [Downloads for v1.29.5](#downloads-for-v1295) - [Source Code](#source-code-7) - [Client Binaries](#client-binaries-7) - [Server Binaries](#server-binaries-7) - [Node Binaries](#node-binaries-7) - [Container Images](#container-images-7) - - [Changelog since v1.29.3](#changelog-since-v1293) - - [Important Security Information](#important-security-information-1) - - [CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin](#cve-2024-3177-bypassing-mountable-secrets-policy-imposed-by-the-serviceaccount-admission-plugin) + - [Changelog since v1.29.4](#changelog-since-v1294) - [Changes by Kind](#changes-by-kind-7) - - [Feature](#feature-4) - - [Bug or Regression](#bug-or-regression-7) + - [Bug or Regression](#bug-or-regression-6) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) - [Dependencies](#dependencies-7) - [Added](#added-7) - [Changed](#changed-7) - [Removed](#removed-7) -- [v1.29.3](#v1293) - - [Downloads for v1.29.3](#downloads-for-v1293) +- [v1.29.4](#v1294) + - [Downloads for v1.29.4](#downloads-for-v1294) - [Source Code](#source-code-8) - [Client Binaries](#client-binaries-8) - [Server Binaries](#server-binaries-8) - [Node Binaries](#node-binaries-8) - [Container Images](#container-images-8) - - [Changelog since v1.29.2](#changelog-since-v1292) + - [Changelog since v1.29.3](#changelog-since-v1293) + - [Important Security Information](#important-security-information-1) + - [CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin](#cve-2024-3177-bypassing-mountable-secrets-policy-imposed-by-the-serviceaccount-admission-plugin) - [Changes by Kind](#changes-by-kind-8) - [Feature](#feature-5) - - [Bug or Regression](#bug-or-regression-8) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) + - [Bug or Regression](#bug-or-regression-7) - [Dependencies](#dependencies-8) - [Added](#added-8) - [Changed](#changed-8) - [Removed](#removed-8) -- [v1.29.2](#v1292) - - [Downloads for v1.29.2](#downloads-for-v1292) +- [v1.29.3](#v1293) + - [Downloads for v1.29.3](#downloads-for-v1293) - [Source Code](#source-code-9) - [Client Binaries](#client-binaries-9) - [Server Binaries](#server-binaries-9) - [Node Binaries](#node-binaries-9) - [Container Images](#container-images-9) - - [Changelog since v1.29.1](#changelog-since-v1291) + - [Changelog since v1.29.2](#changelog-since-v1292) - [Changes by Kind](#changes-by-kind-9) - [Feature](#feature-6) - - [Bug or Regression](#bug-or-regression-9) + - [Bug or Regression](#bug-or-regression-8) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - [Dependencies](#dependencies-9) - [Added](#added-9) - [Changed](#changed-9) - [Removed](#removed-9) -- [v1.29.1](#v1291) - - [Downloads for v1.29.1](#downloads-for-v1291) +- [v1.29.2](#v1292) + - [Downloads for v1.29.2](#downloads-for-v1292) - [Source Code](#source-code-10) - [Client Binaries](#client-binaries-10) - [Server Binaries](#server-binaries-10) - [Node Binaries](#node-binaries-10) - [Container Images](#container-images-10) - - [Changelog since v1.29.0](#changelog-since-v1290) + - [Changelog since v1.29.1](#changelog-since-v1291) - [Changes by Kind](#changes-by-kind-10) - - [API Change](#api-change-2) - [Feature](#feature-7) - - [Bug or Regression](#bug-or-regression-10) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) + - [Bug or Regression](#bug-or-regression-9) - [Dependencies](#dependencies-10) - [Added](#added-10) - [Changed](#changed-10) - [Removed](#removed-10) -- [v1.29.0](#v1290) - - [Downloads for v1.29.0](#downloads-for-v1290) +- [v1.29.1](#v1291) + - [Downloads for v1.29.1](#downloads-for-v1291) - [Source Code](#source-code-11) - [Client Binaries](#client-binaries-11) - [Server Binaries](#server-binaries-11) - [Node Binaries](#node-binaries-11) - [Container Images](#container-images-11) - - [Changelog since v1.28.0](#changelog-since-v1280) - - [Urgent Upgrade Notes](#urgent-upgrade-notes) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) + - [Changelog since v1.29.0](#changelog-since-v1290) - [Changes by Kind](#changes-by-kind-11) - - [Deprecation](#deprecation) - - [API Change](#api-change-3) + - [API Change](#api-change-2) - [Feature](#feature-8) - - [Documentation](#documentation) - - [Failing Test](#failing-test) - - [Bug or Regression](#bug-or-regression-11) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) + - [Bug or Regression](#bug-or-regression-10) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) - [Dependencies](#dependencies-11) - [Added](#added-11) - [Changed](#changed-11) - [Removed](#removed-11) -- [v1.29.0-rc.2](#v1290-rc2) - - [Downloads for v1.29.0-rc.2](#downloads-for-v1290-rc2) +- [v1.29.0](#v1290) + - [Downloads for v1.29.0](#downloads-for-v1290) - [Source Code](#source-code-12) - [Client Binaries](#client-binaries-12) - [Server Binaries](#server-binaries-12) - [Node Binaries](#node-binaries-12) - [Container Images](#container-images-12) - - [Changelog since v1.29.0-rc.1](#changelog-since-v1290-rc1) + - [Changelog since v1.28.0](#changelog-since-v1280) + - [Urgent Upgrade Notes](#urgent-upgrade-notes) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) - [Changes by Kind](#changes-by-kind-12) + - [Deprecation](#deprecation) + - [API Change](#api-change-3) - [Feature](#feature-9) + - [Documentation](#documentation) + - [Failing Test](#failing-test) + - [Bug or Regression](#bug-or-regression-11) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) - [Dependencies](#dependencies-12) - [Added](#added-12) - [Changed](#changed-12) - [Removed](#removed-12) -- [v1.29.0-rc.1](#v1290-rc1) - - [Downloads for v1.29.0-rc.1](#downloads-for-v1290-rc1) +- [v1.29.0-rc.2](#v1290-rc2) + - [Downloads for v1.29.0-rc.2](#downloads-for-v1290-rc2) - [Source Code](#source-code-13) - [Client Binaries](#client-binaries-13) - [Server Binaries](#server-binaries-13) - [Node Binaries](#node-binaries-13) - [Container Images](#container-images-13) - - [Changelog since v1.29.0-rc.0](#changelog-since-v1290-rc0) + - [Changelog since v1.29.0-rc.1](#changelog-since-v1290-rc1) + - [Changes by Kind](#changes-by-kind-13) + - [Feature](#feature-10) - [Dependencies](#dependencies-13) - [Added](#added-13) - [Changed](#changed-13) - [Removed](#removed-13) -- [v1.29.0-rc.0](#v1290-rc0) - - [Downloads for v1.29.0-rc.0](#downloads-for-v1290-rc0) +- [v1.29.0-rc.1](#v1290-rc1) + - [Downloads for v1.29.0-rc.1](#downloads-for-v1290-rc1) - [Source Code](#source-code-14) - [Client Binaries](#client-binaries-14) - [Server Binaries](#server-binaries-14) - [Node Binaries](#node-binaries-14) - [Container Images](#container-images-14) - - [Changelog since v1.29.0-alpha.3](#changelog-since-v1290-alpha3) - - [Changes by Kind](#changes-by-kind-13) - - [API Change](#api-change-4) - - [Feature](#feature-10) - - [Bug or Regression](#bug-or-regression-12) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) + - [Changelog since v1.29.0-rc.0](#changelog-since-v1290-rc0) - [Dependencies](#dependencies-14) - [Added](#added-14) - [Changed](#changed-14) - [Removed](#removed-14) -- [v1.29.0-alpha.3](#v1290-alpha3) - - [Downloads for v1.29.0-alpha.3](#downloads-for-v1290-alpha3) +- [v1.29.0-rc.0](#v1290-rc0) + - [Downloads for v1.29.0-rc.0](#downloads-for-v1290-rc0) - [Source Code](#source-code-15) - [Client Binaries](#client-binaries-15) - [Server Binaries](#server-binaries-15) - [Node Binaries](#node-binaries-15) - [Container Images](#container-images-15) - - [Changelog since v1.29.0-alpha.2](#changelog-since-v1290-alpha2) - - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) + - [Changelog since v1.29.0-alpha.3](#changelog-since-v1290-alpha3) - [Changes by Kind](#changes-by-kind-14) - - [Deprecation](#deprecation-1) - - [API Change](#api-change-5) + - [API Change](#api-change-4) - [Feature](#feature-11) - - [Documentation](#documentation-1) - - [Failing Test](#failing-test-1) - - [Bug or Regression](#bug-or-regression-13) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) + - [Bug or Regression](#bug-or-regression-12) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) - [Dependencies](#dependencies-15) - [Added](#added-15) - [Changed](#changed-15) - [Removed](#removed-15) -- [v1.29.0-alpha.2](#v1290-alpha2) - - [Downloads for v1.29.0-alpha.2](#downloads-for-v1290-alpha2) +- [v1.29.0-alpha.3](#v1290-alpha3) + - [Downloads for v1.29.0-alpha.3](#downloads-for-v1290-alpha3) - [Source Code](#source-code-16) - [Client Binaries](#client-binaries-16) - [Server Binaries](#server-binaries-16) - [Node Binaries](#node-binaries-16) - [Container Images](#container-images-16) - - [Changelog since v1.29.0-alpha.1](#changelog-since-v1290-alpha1) + - [Changelog since v1.29.0-alpha.2](#changelog-since-v1290-alpha2) + - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) - [Changes by Kind](#changes-by-kind-15) + - [Deprecation](#deprecation-1) + - [API Change](#api-change-5) - [Feature](#feature-12) - - [Failing Test](#failing-test-2) - - [Bug or Regression](#bug-or-regression-14) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-7) + - [Documentation](#documentation-1) + - [Failing Test](#failing-test-1) + - [Bug or Regression](#bug-or-regression-13) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) - [Dependencies](#dependencies-16) - [Added](#added-16) - [Changed](#changed-16) - [Removed](#removed-16) -- [v1.29.0-alpha.1](#v1290-alpha1) - - [Downloads for v1.29.0-alpha.1](#downloads-for-v1290-alpha1) +- [v1.29.0-alpha.2](#v1290-alpha2) + - [Downloads for v1.29.0-alpha.2](#downloads-for-v1290-alpha2) - [Source Code](#source-code-17) - [Client Binaries](#client-binaries-17) - [Server Binaries](#server-binaries-17) - [Node Binaries](#node-binaries-17) - [Container Images](#container-images-17) - - [Changelog since v1.28.0](#changelog-since-v1280-1) + - [Changelog since v1.29.0-alpha.1](#changelog-since-v1290-alpha1) - [Changes by Kind](#changes-by-kind-16) + - [Feature](#feature-13) + - [Failing Test](#failing-test-2) + - [Bug or Regression](#bug-or-regression-14) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-7) + - [Dependencies](#dependencies-17) + - [Added](#added-17) + - [Changed](#changed-17) + - [Removed](#removed-17) +- [v1.29.0-alpha.1](#v1290-alpha1) + - [Downloads for v1.29.0-alpha.1](#downloads-for-v1290-alpha1) + - [Source Code](#source-code-18) + - [Client Binaries](#client-binaries-18) + - [Server Binaries](#server-binaries-18) + - [Node Binaries](#node-binaries-18) + - [Container Images](#container-images-18) + - [Changelog since v1.28.0](#changelog-since-v1280-1) + - [Changes by Kind](#changes-by-kind-17) - [Deprecation](#deprecation-2) - [API Change](#api-change-6) - - [Feature](#feature-13) + - [Feature](#feature-14) - [Documentation](#documentation-2) - [Failing Test](#failing-test-3) - [Bug or Regression](#bug-or-regression-15) - [Other (Cleanup or Flake)](#other-cleanup-or-flake-8) - - [Dependencies](#dependencies-17) - - [Added](#added-17) - - [Changed](#changed-17) - - [Removed](#removed-17) + - [Dependencies](#dependencies-18) + - [Added](#added-18) + - [Changed](#changed-18) + - [Removed](#removed-18) +# v1.29.12 + + +## Downloads for v1.29.12 + + + +### Source Code + +filename | sha512 hash +-------- | ----------- +[kubernetes.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes.tar.gz) | 3a4306000ad5af78fd871413f9b725fd5d1eb73f2ac7ea7e8e0e61a9e48f449143c5cf327ebdeea1a461c5e197a8c35c4661917872fff65f0ffef2e5f18c7e36 +[kubernetes-src.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-src.tar.gz) | e6a4b3851e70b43bdad6caa7c53210aafd64dc9ad58b8c348c175f09ca61b5a1ce3025e9da6e929013ca405fcd78583ec3f258024f4cd5e9fc825e532c279cf9 + +### Client Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-client-darwin-amd64.tar.gz) | 7b423d671ef3ce1c5eb0a4c7a44c45f7aa8ed3538b149bbb101ba994e2962dad9e7eb3a094bc7c2789fdfdf182536f2812bb2bc876c392b2b8a91052c73e7add +[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-client-darwin-arm64.tar.gz) | 9ad1015cf319710d6b3865ad78403327dc615d7be98f0d9939ad5b57cbb9cda45f07932e8c9065fa7d6911b79a31bd74ba31aab85ffa7c4cb704a35ff99ad683 +[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-client-linux-386.tar.gz) | 700b9d8bbf0ed8d8350620a732c47aedd70cbf8b7437445e475ea450d2ed13cc7e3f762e2e14e279eff5fc5279df5f95ebe33a29213bcd008f5f01754e3a628c +[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-client-linux-amd64.tar.gz) | 012a4bbf69e9f37605d47d4478fc77352e1c756749dd42cc7270bc2f5584e16bf3cf3e82bf4bd1dbc412d2249eef45ce9e4d608d2dae95101764585556c4aa80 +[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-client-linux-arm.tar.gz) | 98325965ccac078e0b9ec2aed4fd3a9d801aeb377ea2d6c8dcc0ce2229155094c6d598115cd49c30ae72a9f105b1b7225a8199beefd1ff46d98f6886aae21fd8 +[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-client-linux-arm64.tar.gz) | 9aae70e674df54f4ba2a948d142114a7a4df280e1c6733ed12de3673927ca0db69591ca949fe019de1cfe6940f5c4cfc8044d8c90bcb1312bdd3db1dfd72132a +[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-client-linux-ppc64le.tar.gz) | fb6353b4f4edae24cc80b649c24a10fa29de64514ce90764c4f983fc4b7bddd273b2ba1085093c92dddc6289ab8f4d5fdfa3632543bbcfc351b09db021125de0 +[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-client-linux-s390x.tar.gz) | 4ee95f3c568d646493f8014713f3b023fba112b20afb3d1f9d3a90dcaf699c124b69490966632390e81831581c2af0b3503b551731398009f68a3e5a93b18986 +[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-client-windows-386.tar.gz) | 59c789811b46b9f0385fea96877f461b2831102b1fe2fb326781490e9117158ea54c66571b37eb3c7d94cc353f3ef644f23b8e1f5b2d74c1bdbd55e9de93da36 +[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-client-windows-amd64.tar.gz) | e6710b0d75e3fcc7bb6e91827aa54bfcffd153350ab4bdcac47d4252c65948b37ebb02c29f95865dcd9bcf5c6c03f2720af5f7f48e0e43d03bcd3d66cbdde472 +[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-client-windows-arm64.tar.gz) | 01427330525ef13e38c09bd8eb29a71b473951c1c2910b2be5ec7df1d57bef6c55a73532ffe47c4cd9dd0ebeab581170fafce209496cbbad8efb929c9b721241 + +### Server Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-server-linux-amd64.tar.gz) | 1861ee1c3fe32878ce40d767cffa2fc142f7f1ba72645e0988a462f4c51bc6c7641d8d46e83c65f8c2a9df49ebc7b1ab56b05e8a290da999d70df73ed60858aa +[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-server-linux-arm64.tar.gz) | 5b4a565cd5f0cad7db5aa78766aac62fca08ecde1fdbf6e850a95583b9f115b4b9be38f6c9fa6bc1bbb08004dc40889f85731f3c4486a8fb2cf1d5019507effe +[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-server-linux-ppc64le.tar.gz) | 3213f22c31b6afa17c106c8544fa2adf588dfe102213d9cd17b227339c3fcf1bc0da308c9cdd49b6531871360b9219d5380422265865254f3b7b43037ff500aa +[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-server-linux-s390x.tar.gz) | 4edea06ec6cfe65fc46d3a1d76829951d76330001fbf1c197ffb56b435fff8783fcc756d80253a8ec19d01d940416c4de08ad10617ed5592c1dfb4e97727e401 + +### Node Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-node-linux-amd64.tar.gz) | 12600d4591086542a98bfc9bdba5d11f6ded0560e6e6f7322d0cc43cd4c7e41102270ca4e4c51293574627c676dc19ea5e4371071f0d34658183131029d27484 +[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-node-linux-arm64.tar.gz) | f06459ec7bb07d5677cc6d6bf9206ea324f9e1e2fd79c4582a33b588d245e66f0534eea74f4f843716cbec48eb9ea23349805cd72d7ee18dba72cba2a6f4dcd8 +[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-node-linux-ppc64le.tar.gz) | b346f385563545557aead6d994e52bb6224749d8c5703cee7a35ae5d3565a1b5608f412018f5e71e9d1c817edc6d433a2e08b4bbfebe671d6f2486bf9de69c14 +[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-node-linux-s390x.tar.gz) | ce6b7c07f67edc81d512df709605426a505bfe667908a5e735ee7c1a99b39d08900447b13064d43a9b373876e7812145b8ad2e7db8dbc7ce60f6572ae7a47c83 +[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.29.12/kubernetes-node-windows-amd64.tar.gz) | dd82f129d13e8b81d2d72b6f2cd06b69f7794092b3581a450efb749f2a40461ef8b0051a54ea2f063e46053d5ca09de19be9f317103d6856f80518c79616ef61 + +### Container Images + +All container images are available as manifest lists and support the described +architectures. It is also possible to pull a specific architecture directly by +adding the "-$ARCH" suffix to the container image name. + +name | architectures +---- | ------------- +[registry.k8s.io/conformance:v1.29.12](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-s390x) +[registry.k8s.io/kube-apiserver:v1.29.12](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-s390x) +[registry.k8s.io/kube-controller-manager:v1.29.12](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-s390x) +[registry.k8s.io/kube-proxy:v1.29.12](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-s390x) +[registry.k8s.io/kube-scheduler:v1.29.12](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-s390x) +[registry.k8s.io/kubectl:v1.29.12](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-s390x) + +## Changelog since v1.29.11 + +## Changes by Kind + +### Feature + +- Kubernetes is now built with go 1.22.9 ([#128914](https://github.com/kubernetes/kubernetes/pull/128914), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] + +## Dependencies + +### Added +_Nothing has changed._ + +### Changed +_Nothing has changed._ + +### Removed +_Nothing has changed._ + + + # v1.29.11 From 84c2c93d5a363c37b32fc90ba20316b90e59915b Mon Sep 17 00:00:00 2001 From: Roman Bednar Date: Tue, 15 Oct 2024 11:51:29 +0200 Subject: [PATCH 07/17] prevent unnecessary resolving of iscsi/fc devices to dm --- pkg/volume/util/device_util_linux.go | 7 +++- pkg/volume/util/device_util_linux_test.go | 42 +++++++++++++++++++---- 2 files changed, 41 insertions(+), 8 deletions(-) diff --git a/pkg/volume/util/device_util_linux.go b/pkg/volume/util/device_util_linux.go index 66ac77835c3e7..18cbec072f420 100644 --- a/pkg/volume/util/device_util_linux.go +++ b/pkg/volume/util/device_util_linux.go @@ -31,8 +31,13 @@ import ( "k8s.io/klog/v2" ) -// FindMultipathDeviceForDevice given a device name like /dev/sdx, find the devicemapper parent +// FindMultipathDeviceForDevice given a device name like /dev/sdx, find the devicemapper parent. If called with a device +// already resolved to devicemapper, do nothing. func (handler *deviceHandler) FindMultipathDeviceForDevice(device string) string { + if strings.HasPrefix(device, "/dev/dm-") { + return device + } + io := handler.getIo disk, err := findDeviceForPath(device, io) if err != nil { diff --git a/pkg/volume/util/device_util_linux_test.go b/pkg/volume/util/device_util_linux_test.go index ae1ee047e7a91..bb3d113f1a550 100644 --- a/pkg/volume/util/device_util_linux_test.go +++ b/pkg/volume/util/device_util_linux_test.go @@ -204,14 +204,42 @@ func (fi *fakeFileInfo) Sys() interface{} { } func TestFindMultipathDeviceForDevice(t *testing.T) { - mockDeviceUtil := NewDeviceHandler(&mockOsIOHandler{}) - dev := mockDeviceUtil.FindMultipathDeviceForDevice("/dev/disk/by-path/127.0.0.1:3260-eui.02004567A425678D-lun-0") - if dev != "/dev/dm-1" { - t.Fatalf("mpio device not found dm-1 expected got [%s]", dev) + tests := []struct { + name string + device string + expectedResult string + }{ + { + name: "Device is already a dm device", + device: "/dev/dm-1", + expectedResult: "/dev/dm-1", + }, + { + name: "Device has no multipath", + device: "/dev/sdc", + expectedResult: "", + }, + { + name: "Device has multipath", + device: "/dev/disk/by-path/127.0.0.1:3260-eui.02004567A425678D-lun-0", + expectedResult: "/dev/dm-1", + }, + { + name: "Invalid device path", + device: "/dev/nonexistent", + expectedResult: "", + }, } - dev = mockDeviceUtil.FindMultipathDeviceForDevice("/dev/disk/by-path/empty") - if dev != "" { - t.Fatalf("mpio device not found '' expected got [%s]", dev) + + mockDeviceUtil := NewDeviceHandler(&mockOsIOHandler{}) + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := mockDeviceUtil.FindMultipathDeviceForDevice(tt.device) + if result != tt.expectedResult { + t.Errorf("FindMultipathDeviceForDevice(%s) = %s, want %s", tt.device, result, tt.expectedResult) + } + }) } } From 781ee6b80f865c0a2efcd69fad236ced34d71984 Mon Sep 17 00:00:00 2001 From: upodroid Date: Thu, 5 Dec 2024 13:31:35 +0300 Subject: [PATCH 08/17] fetch cni plugins from GitHub releases --- test/e2e_node/remote/utils.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/e2e_node/remote/utils.go b/test/e2e_node/remote/utils.go index 48052e136b630..9d3f51e1a79e1 100644 --- a/test/e2e_node/remote/utils.go +++ b/test/e2e_node/remote/utils.go @@ -80,7 +80,7 @@ func getCNIURL() string { if builder.IsTargetArchArm64() { cniArch = "arm64" } - cniURL := fmt.Sprintf("https://storage.googleapis.com/k8s-artifacts-cni/release/%s/cni-plugins-linux-%s-%s.tgz", cniVersion, cniArch, cniVersion) + cniURL := fmt.Sprintf("https://github.com/containernetworking/plugins/releases/download/%s/cni-plugins-linux-%s-%s.tgz", cniVersion, cniArch, cniVersion) return cniURL } From 8c3d7887e203eb02559a0c78c57561ca77801bb9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arda=20G=C3=BC=C3=A7l=C3=BC?= Date: Thu, 19 Dec 2024 11:35:29 +0300 Subject: [PATCH 09/17] Do not attempt to truncate revision history if revisionHistoryLimit is negative --- .../statefulset/stateful_set_control.go | 2 +- .../statefulset/stateful_set_control_test.go | 35 +++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/pkg/controller/statefulset/stateful_set_control.go b/pkg/controller/statefulset/stateful_set_control.go index bebaebe64f069..56ac66eac11f6 100644 --- a/pkg/controller/statefulset/stateful_set_control.go +++ b/pkg/controller/statefulset/stateful_set_control.go @@ -195,7 +195,7 @@ func (ssc *defaultStatefulSetControl) truncateHistory( } historyLen := len(history) historyLimit := int(*set.Spec.RevisionHistoryLimit) - if historyLen <= historyLimit { + if historyLimit < 0 || historyLen <= historyLimit { return nil } // delete any non-live history to maintain the revision limit. diff --git a/pkg/controller/statefulset/stateful_set_control_test.go b/pkg/controller/statefulset/stateful_set_control_test.go index 9bffe064a7b43..a36a1e9dc4ece 100644 --- a/pkg/controller/statefulset/stateful_set_control_test.go +++ b/pkg/controller/statefulset/stateful_set_control_test.go @@ -51,6 +51,7 @@ import ( "k8s.io/kubernetes/pkg/controller" "k8s.io/kubernetes/pkg/controller/history" "k8s.io/kubernetes/pkg/features" + "k8s.io/utils/ptr" ) type invariantFunc func(set *apps.StatefulSet, om *fakeObjectManager) error @@ -2010,6 +2011,13 @@ func TestStatefulSetControlLimitsHistory(t *testing.T) { if err != nil { t.Fatalf("%s: %s", test.name, err) } + + if *set.Spec.RevisionHistoryLimit < 0 { + // If the revisionHistoryLimit is negative value, we don't truncate + // the revision history and it is incremental. + continue + } + if len(revisions) > int(*set.Spec.RevisionHistoryLimit)+2 { t.Fatalf("%s: %d greater than limit %d", test.name, len(revisions), *set.Spec.RevisionHistoryLimit) } @@ -2031,6 +2039,33 @@ func TestStatefulSetControlLimitsHistory(t *testing.T) { return burst(newStatefulSet(3)) }, }, + { + name: "zero revisionHistoryLimit", + invariants: assertMonotonicInvariants, + initial: func() *apps.StatefulSet { + sts := newStatefulSet(3) + sts.Spec.RevisionHistoryLimit = ptr.To(int32(0)) + return sts + }, + }, + { + name: "negative revisionHistoryLimit", + invariants: assertMonotonicInvariants, + initial: func() *apps.StatefulSet { + sts := newStatefulSet(3) + sts.Spec.RevisionHistoryLimit = ptr.To(int32(-2)) + return sts + }, + }, + { + name: "positive revisionHistoryLimit", + invariants: assertMonotonicInvariants, + initial: func() *apps.StatefulSet { + sts := newStatefulSet(3) + sts.Spec.RevisionHistoryLimit = ptr.To(int32(5)) + return sts + }, + }, } for i := range tests { testFn(t, &tests[i]) From 3e0dede86f7f94b561ff28fe8aa54d4595342c7a Mon Sep 17 00:00:00 2001 From: cpanato Date: Mon, 30 Dec 2024 09:19:36 +0100 Subject: [PATCH 10/17] Bump images, dependencies and versions to go 1.22.10 and distroless iptables Signed-off-by: cpanato --- .go-version | 2 +- build/build-image/cross/VERSION | 2 +- build/common.sh | 4 +-- build/dependencies.yaml | 8 ++--- staging/publishing/rules.yaml | 62 ++++++++++++++++----------------- test/images/Makefile | 2 +- test/utils/image/manifest.go | 2 +- 7 files changed, 41 insertions(+), 41 deletions(-) diff --git a/.go-version b/.go-version index 23e932bdfe723..3e8ee2aef0e30 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.22.9 \ No newline at end of file +1.22.10 \ No newline at end of file diff --git a/build/build-image/cross/VERSION b/build/build-image/cross/VERSION index 50595469bda18..dfe65a53cc789 100644 --- a/build/build-image/cross/VERSION +++ b/build/build-image/cross/VERSION @@ -1 +1 @@ -v1.29.0-go1.22.9-bullseye.0 +v1.29.0-go1.22.10-bullseye.0 diff --git a/build/common.sh b/build/common.sh index 7ed5db9eb477f..1d5b7fb663800 100755 --- a/build/common.sh +++ b/build/common.sh @@ -96,8 +96,8 @@ readonly KUBE_RSYNC_PORT="${KUBE_RSYNC_PORT:-}" readonly KUBE_CONTAINER_RSYNC_PORT=8730 # These are the default versions (image tags) for their respective base images. -readonly __default_distroless_iptables_version=v0.5.10 -readonly __default_go_runner_version=v2.4.0-go1.22.9-bookworm.0 +readonly __default_distroless_iptables_version=v0.5.11 +readonly __default_go_runner_version=v2.4.0-go1.22.10-bookworm.0 readonly __default_setcap_version=bookworm-v1.0.3 # These are the base images for the Docker-wrapped binaries. diff --git a/build/dependencies.yaml b/build/dependencies.yaml index 5ad85ebc5d4fb..4ac4952cda2ea 100644 --- a/build/dependencies.yaml +++ b/build/dependencies.yaml @@ -118,7 +118,7 @@ dependencies: # Golang - name: "golang: upstream version" - version: 1.22.9 + version: 1.22.10 refPaths: - path: .go-version - path: build/build-image/cross/VERSION @@ -141,7 +141,7 @@ dependencies: # match: minimum_go_version=go([0-9]+\.[0-9]+) - name: "registry.k8s.io/kube-cross: dependents" - version: v1.29.0-go1.22.9-bullseye.0 + version: v1.29.0-go1.22.10-bullseye.0 refPaths: - path: build/build-image/cross/VERSION @@ -179,7 +179,7 @@ dependencies: match: registry\.k8s\.io\/build-image\/debian-base:[a-zA-Z]+\-v((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?) - name: "registry.k8s.io/distroless-iptables: dependents" - version: v0.5.10 + version: v0.5.11 refPaths: - path: build/common.sh match: __default_distroless_iptables_version= @@ -187,7 +187,7 @@ dependencies: match: configs\[DistrolessIptables\] = Config{list\.BuildImageRegistry, "distroless-iptables", "v([0-9]+)\.([0-9]+)\.([0-9]+)"} - name: "registry.k8s.io/go-runner: dependents" - version: v2.4.0-go1.22.9-bookworm.0 + version: v2.4.0-go1.22.10-bookworm.0 refPaths: - path: build/common.sh match: __default_go_runner_version= diff --git a/staging/publishing/rules.yaml b/staging/publishing/rules.yaml index 1c78ebc53e708..3da50d8d64add 100644 --- a/staging/publishing/rules.yaml +++ b/staging/publishing/rules.yaml @@ -31,7 +31,7 @@ rules: dirs: - staging/src/k8s.io/code-generator - name: release-1.29 - go: 1.22.9 + go: 1.22.10 source: branch: release-1.29 dirs: @@ -68,7 +68,7 @@ rules: dirs: - staging/src/k8s.io/apimachinery - name: release-1.29 - go: 1.22.9 + go: 1.22.10 source: branch: release-1.29 dirs: @@ -121,7 +121,7 @@ rules: dirs: - staging/src/k8s.io/api - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -207,7 +207,7 @@ rules: go build -mod=mod ./... go test -mod=mod ./... - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -289,7 +289,7 @@ rules: dirs: - staging/src/k8s.io/component-base - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -369,7 +369,7 @@ rules: dirs: - staging/src/k8s.io/component-helpers - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -425,7 +425,7 @@ rules: dirs: - staging/src/k8s.io/kms - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -519,7 +519,7 @@ rules: dirs: - staging/src/k8s.io/apiserver - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -641,7 +641,7 @@ rules: dirs: - staging/src/k8s.io/kube-aggregator - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -791,7 +791,7 @@ rules: # assumes GO111MODULE=on go build -mod=mod . - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -918,7 +918,7 @@ rules: # assumes GO111MODULE=on go build -mod=mod . - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -1052,7 +1052,7 @@ rules: required-packages: - k8s.io/code-generator - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -1151,7 +1151,7 @@ rules: dirs: - staging/src/k8s.io/metrics - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -1233,7 +1233,7 @@ rules: dirs: - staging/src/k8s.io/cli-runtime - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: api branch: release-1.29 @@ -1323,7 +1323,7 @@ rules: dirs: - staging/src/k8s.io/sample-cli-plugin - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: api branch: release-1.29 @@ -1414,7 +1414,7 @@ rules: dirs: - staging/src/k8s.io/kube-proxy - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -1461,7 +1461,7 @@ rules: dirs: - staging/src/k8s.io/cri-api - name: release-1.29 - go: 1.22.9 + go: 1.22.10 source: branch: release-1.29 dirs: @@ -1556,7 +1556,7 @@ rules: dirs: - staging/src/k8s.io/kubelet - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -1654,7 +1654,7 @@ rules: dirs: - staging/src/k8s.io/kube-scheduler - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -1764,7 +1764,7 @@ rules: dirs: - staging/src/k8s.io/controller-manager - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: api branch: release-1.29 @@ -1898,7 +1898,7 @@ rules: dirs: - staging/src/k8s.io/cloud-provider - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: api branch: release-1.29 @@ -2046,7 +2046,7 @@ rules: dirs: - staging/src/k8s.io/kube-controller-manager - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -2128,7 +2128,7 @@ rules: dirs: - staging/src/k8s.io/cluster-bootstrap - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -2196,7 +2196,7 @@ rules: dirs: - staging/src/k8s.io/csi-translation-lib - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: api branch: release-1.29 @@ -2239,7 +2239,7 @@ rules: dirs: - staging/src/k8s.io/mount-utils - name: release-1.29 - go: 1.22.9 + go: 1.22.10 source: branch: release-1.29 dirs: @@ -2378,7 +2378,7 @@ rules: dirs: - staging/src/k8s.io/legacy-cloud-providers - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: api branch: release-1.29 @@ -2520,7 +2520,7 @@ rules: dirs: - staging/src/k8s.io/kubectl - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: api branch: release-1.29 @@ -2638,7 +2638,7 @@ rules: dirs: - staging/src/k8s.io/pod-security-admission - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: api branch: release-1.29 @@ -2735,7 +2735,7 @@ rules: dirs: - staging/src/k8s.io/dynamic-resource-allocation - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: apimachinery branch: release-1.29 @@ -2787,7 +2787,7 @@ rules: dirs: - staging/src/k8s.io/endpointslice - name: release-1.29 - go: 1.22.9 + go: 1.22.10 dependencies: - repository: api branch: release-1.29 @@ -2803,4 +2803,4 @@ rules: - staging/src/k8s.io/endpointslice recursive-delete-patterns: - '*/.gitattributes' -default-go-version: 1.22.9 +default-go-version: 1.22.10 diff --git a/test/images/Makefile b/test/images/Makefile index b999cfdf9ca50..929e01f5c5763 100644 --- a/test/images/Makefile +++ b/test/images/Makefile @@ -16,7 +16,7 @@ REGISTRY ?= registry.k8s.io/e2e-test-images GOARM ?= 7 DOCKER_CERT_BASE_PATH ?= QEMUVERSION=v5.1.0-2 -GOLANG_VERSION=1.22.9 +GOLANG_VERSION=1.22.10 export ifndef WHAT diff --git a/test/utils/image/manifest.go b/test/utils/image/manifest.go index 67fd8ddf87dc8..aef56a296fb70 100644 --- a/test/utils/image/manifest.go +++ b/test/utils/image/manifest.go @@ -241,7 +241,7 @@ func initImageConfigs(list RegistryList) (map[ImageID]Config, map[ImageID]Config configs[BusyBox] = Config{list.PromoterE2eRegistry, "busybox", "1.36.1-1"} configs[CudaVectorAdd] = Config{list.PromoterE2eRegistry, "cuda-vector-add", "1.0"} configs[CudaVectorAdd2] = Config{list.PromoterE2eRegistry, "cuda-vector-add", "2.3"} - configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.5.10"} + configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.5.11"} configs[Etcd] = Config{list.GcEtcdRegistry, "etcd", "3.5.16-0"} configs[Httpd] = Config{list.PromoterE2eRegistry, "httpd", "2.4.38-4"} configs[HttpdNew] = Config{list.PromoterE2eRegistry, "httpd", "2.4.39-4"} From bfce92e20fdfb17736496b32d4bca3ce23103541 Mon Sep 17 00:00:00 2001 From: Madhav Jivrajani Date: Mon, 30 Dec 2024 13:39:17 -0800 Subject: [PATCH 11/17] webhook: alter regex to account for x509sha1 GODEBUG removal go1.24 removes the x509sha1 GODEBUG variable, and with it the support for SHA-1 signed certs. This commit alters the regex in unit tests to account for that and prep for go1.24. Signed-off-by: Madhav Jivrajani --- staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go b/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go index 4b4357dea7f79..068c6821e5049 100644 --- a/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go +++ b/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go @@ -406,14 +406,14 @@ func TestTLSConfig(t *testing.T) { test: "server cert with SHA1 signature", clientCA: caCert, serverCert: append(append(sha1ServerCertInter, byte('\n')), caCertInter...), serverKey: serverKey, - errRegex: "x509: cannot verify signature: insecure algorithm SHA1-RSA \\(temporarily override with GODEBUG=x509sha1=1\\)", + errRegex: "x509: cannot verify signature: insecure algorithm SHA1-RSA", increaseSHA1SignatureWarnCounter: true, }, { test: "server cert signed by an intermediate CA with SHA1 signature", clientCA: caCert, serverCert: append(append(serverCertInterSHA1, byte('\n')), caCertInterSHA1...), serverKey: serverKey, - errRegex: "x509: cannot verify signature: insecure algorithm SHA1-RSA \\(temporarily override with GODEBUG=x509sha1=1\\)", + errRegex: "x509: cannot verify signature: insecure algorithm SHA1-RSA", increaseSHA1SignatureWarnCounter: true, }, } From 67b42bef156f3c2f2f6464facee1227004ce0be7 Mon Sep 17 00:00:00 2001 From: carlory Date: Wed, 22 May 2024 10:42:04 +0800 Subject: [PATCH 12/17] Fix kubelet on Windows fails if a pod has SecurityContext with RunAsUser. Co-authored-by: rphillips --- pkg/volume/util/atomic_writer.go | 3 +- pkg/volume/util/atomic_writer_linux.go | 27 ++++++++ pkg/volume/util/atomic_writer_unsupported.go | 33 ++++++++++ test/e2e/windows/security_context.go | 65 ++++++++++++++++++++ 4 files changed, 127 insertions(+), 1 deletion(-) create mode 100644 pkg/volume/util/atomic_writer_linux.go create mode 100644 pkg/volume/util/atomic_writer_unsupported.go diff --git a/pkg/volume/util/atomic_writer.go b/pkg/volume/util/atomic_writer.go index 7a1f0515e9ec1..69955db6746cf 100644 --- a/pkg/volume/util/atomic_writer.go +++ b/pkg/volume/util/atomic_writer.go @@ -426,7 +426,8 @@ func (w *AtomicWriter) writePayloadToDir(payload map[string]FileProjection, dir if fileProjection.FsUser == nil { continue } - if err := os.Chown(fullPath, int(*fileProjection.FsUser), -1); err != nil { + + if err := w.chown(fullPath, int(*fileProjection.FsUser), -1); err != nil { klog.Errorf("%s: unable to change file %s with owner %v: %v", w.logContext, fullPath, int(*fileProjection.FsUser), err) return err } diff --git a/pkg/volume/util/atomic_writer_linux.go b/pkg/volume/util/atomic_writer_linux.go new file mode 100644 index 0000000000000..c12a0f4cd317e --- /dev/null +++ b/pkg/volume/util/atomic_writer_linux.go @@ -0,0 +1,27 @@ +//go:build linux +// +build linux + +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package util + +import "os" + +// chown changes the numeric uid and gid of the named file. +func (w *AtomicWriter) chown(name string, uid, gid int) error { + return os.Chown(name, uid, gid) +} diff --git a/pkg/volume/util/atomic_writer_unsupported.go b/pkg/volume/util/atomic_writer_unsupported.go new file mode 100644 index 0000000000000..cdfb83e639725 --- /dev/null +++ b/pkg/volume/util/atomic_writer_unsupported.go @@ -0,0 +1,33 @@ +//go:build !linux +// +build !linux + +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package util + +import ( + "runtime" + + "k8s.io/klog/v2" +) + +// chown changes the numeric uid and gid of the named file. +// This is a no-op on unsupported platforms. +func (w *AtomicWriter) chown(name string, uid, _ /* gid */ int) error { + klog.Warningf("%s: skipping change of Linux owner %v for file %s; unsupported on %s", w.logContext, uid, name, runtime.GOOS) + return nil +} diff --git a/test/e2e/windows/security_context.go b/test/e2e/windows/security_context.go index 06501a857ed7b..8bacb4d3edfd6 100644 --- a/test/e2e/windows/security_context.go +++ b/test/e2e/windows/security_context.go @@ -28,15 +28,19 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/util/uuid" + "k8s.io/apimachinery/pkg/util/wait" clientset "k8s.io/client-go/kubernetes" + "k8s.io/client-go/kubernetes/scheme" "k8s.io/kubernetes/pkg/kubelet/events" "k8s.io/kubernetes/test/e2e/feature" "k8s.io/kubernetes/test/e2e/framework" e2epod "k8s.io/kubernetes/test/e2e/framework/pod" e2eoutput "k8s.io/kubernetes/test/e2e/framework/pod/output" testutils "k8s.io/kubernetes/test/utils" + "k8s.io/kubernetes/test/utils/format" imageutils "k8s.io/kubernetes/test/utils/image" admissionapi "k8s.io/pod-security-admission/api" + "k8s.io/utils/ptr" ) const runAsUserNameContainerName = "run-as-username-container" @@ -193,6 +197,67 @@ var _ = sigDescribe(feature.Windows, "SecurityContext", skipUnlessWindows(func() }) })) +var _ = sigDescribe(feature.Windows, "SecurityContext", skipUnlessWindows(func() { + f := framework.NewDefaultFramework("windows-with-unsupported-fields") + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged + + ginkgo.It("should be able to create pod and run containers", func(ctx context.Context) { + ginkgo.By("Creating 1 pods: run with unsupported fields") + + pod := &v1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "run-ignore-unsupported-fields", + Namespace: f.Namespace.Name, + }, + Spec: v1.PodSpec{ + NodeSelector: map[string]string{"kubernetes.io/os": "windows"}, + Containers: []v1.Container{ + { + Name: "test-container", + Image: imageutils.GetE2EImage(imageutils.Pause), + }, + }, + SecurityContext: &v1.PodSecurityContext{ + RunAsUser: ptr.To[int64](999), // windows does not support + RunAsGroup: ptr.To[int64](999), // windows does not support + RunAsNonRoot: ptr.To(true), + }, + RestartPolicy: v1.RestartPolicyNever, + }, + } + + pod, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Create(ctx, pod, metav1.CreateOptions{}) + framework.ExpectNoError(err, "Error creating pod") + + podErr := e2epod.WaitForPodRunningInNamespace(ctx, f.ClientSet, pod) + + // Get the logs and events before calling ExpectNoError, so we can debug any errors. + var logs string + var events *v1.EventList + if err := wait.PollUntilContextTimeout(ctx, 30*time.Second, 2*time.Minute, true, func(ctx context.Context) (done bool, err error) { + framework.Logf("polling logs") + logs, err = e2epod.GetPodLogs(ctx, f.ClientSet, f.Namespace.Name, pod.Name, pod.Spec.Containers[0].Name) + if err != nil { + framework.Logf("Error pulling logs: %v", err) + return false, nil + } + + events, err = f.ClientSet.CoreV1().Events(pod.Namespace).Search(scheme.Scheme, pod) + if err != nil { + return false, fmt.Errorf("error in listing events: %w", err) + } + return true, nil + }); err != nil { + framework.Failf("Unexpected error getting pod logs/events: %v", err) + } else { + framework.Logf("Pod logs: \n%v", logs) + framework.Logf("Pod events: \n%v", format.Object(events, 1)) + } + + framework.ExpectNoError(podErr) + }) +})) + func runAsUserNamePod(username *string) *v1.Pod { podName := "run-as-username-" + string(uuid.NewUUID()) return &v1.Pod{ From 1e458081bb4dd1e84c552d54ff96589b973c4e2e Mon Sep 17 00:00:00 2001 From: Aravindh Puthiyaparambil Date: Tue, 6 Aug 2024 15:46:15 -0700 Subject: [PATCH 13/17] kubelet: use env vars in node log query PS command - Use environment variables to pass string arguments in the node log query PS command - Split getLoggingCmd into getLoggingCmdEnv and getLoggingCmdArgs for better modularization --- pkg/features/kube_features.go | 3 +- pkg/generated/openapi/zz_generated.openapi.go | 2 +- pkg/kubelet/apis/config/types.go | 2 + pkg/kubelet/kubelet_server_journal.go | 3 +- pkg/kubelet/kubelet_server_journal_linux.go | 12 ++- pkg/kubelet/kubelet_server_journal_others.go | 4 +- pkg/kubelet/kubelet_server_journal_test.go | 49 +++++++-- pkg/kubelet/kubelet_server_journal_windows.go | 102 ++++++++++++++---- .../k8s.io/kubelet/config/v1beta1/types.go | 2 + 9 files changed, 142 insertions(+), 37 deletions(-) diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go index b0b12d6ebf774..07ca6b615626e 100644 --- a/pkg/features/kube_features.go +++ b/pkg/features/kube_features.go @@ -586,7 +586,8 @@ const ( // kep: http://kep.k8s.io/2271 // alpha: v1.27 // - // Enables querying logs of node services using the /logs endpoint + // Enables querying logs of node services using the /logs endpoint. Enabling this feature has security implications. + // The recommendation is to enable it on a need basis for debugging purposes and disabling otherwise. NodeLogQuery featuregate.Feature = "NodeLogQuery" // owner: @xing-yang @sonasingh46 diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index b0f10e9ddce02..79d82a3c9145b 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -57551,7 +57551,7 @@ func schema_k8sio_kubelet_config_v1beta1_KubeletConfiguration(ref common.Referen }, "enableSystemLogQuery": { SchemaProps: spec.SchemaProps{ - Description: "enableSystemLogQuery enables the node log query feature on the /logs endpoint. EnableSystemLogHandler has to be enabled in addition for this feature to work. Default: false", + Description: "enableSystemLogQuery enables the node log query feature on the /logs endpoint. EnableSystemLogHandler has to be enabled in addition for this feature to work. Enabling this feature has security implications. The recommendation is to enable it on a need basis for debugging purposes and disabling otherwise. Default: false", Type: []string{"boolean"}, Format: "", }, diff --git a/pkg/kubelet/apis/config/types.go b/pkg/kubelet/apis/config/types.go index a64724a58d11c..52e878db234e6 100644 --- a/pkg/kubelet/apis/config/types.go +++ b/pkg/kubelet/apis/config/types.go @@ -398,6 +398,8 @@ type KubeletConfiguration struct { EnableSystemLogHandler bool // EnableSystemLogQuery enables the node log query feature on the /logs endpoint. // EnableSystemLogHandler has to be enabled in addition for this feature to work. + // Enabling this feature has security implications. The recommendation is to enable it on a need basis for debugging + // purposes and disabling otherwise. // +featureGate=NodeLogQuery // +optional EnableSystemLogQuery bool diff --git a/pkg/kubelet/kubelet_server_journal.go b/pkg/kubelet/kubelet_server_journal.go index cd3a02649b273..25806b892d640 100644 --- a/pkg/kubelet/kubelet_server_journal.go +++ b/pkg/kubelet/kubelet_server_journal.go @@ -316,7 +316,7 @@ func (n *nodeLogQuery) splitNativeVsFileLoggers(ctx context.Context) ([]string, // copyServiceLogs invokes journalctl or Get-WinEvent with the provided args. Note that // services are explicitly passed here to account for the heuristics. func (n *nodeLogQuery) copyServiceLogs(ctx context.Context, w io.Writer, services []string, previousBoot int) { - cmdStr, args, err := getLoggingCmd(n, services) + cmdStr, args, cmdEnv, err := getLoggingCmd(n, services) if err != nil { fmt.Fprintf(w, "\nfailed to get logging cmd: %v\n", err) return @@ -324,6 +324,7 @@ func (n *nodeLogQuery) copyServiceLogs(ctx context.Context, w io.Writer, service cmd := exec.CommandContext(ctx, cmdStr, args...) cmd.Stdout = w cmd.Stderr = w + cmd.Env = append(os.Environ(), cmdEnv...) if err := cmd.Run(); err != nil { if _, ok := err.(*exec.ExitError); ok { diff --git a/pkg/kubelet/kubelet_server_journal_linux.go b/pkg/kubelet/kubelet_server_journal_linux.go index 29f982147130d..8568dfd8ecaa5 100644 --- a/pkg/kubelet/kubelet_server_journal_linux.go +++ b/pkg/kubelet/kubelet_server_journal_linux.go @@ -26,9 +26,13 @@ import ( ) // getLoggingCmd returns the journalctl cmd and arguments for the given nodeLogQuery and boot. Note that -// services are explicitly passed here to account for the heuristics -func getLoggingCmd(n *nodeLogQuery, services []string) (string, []string, error) { - args := []string{ +// services are explicitly passed here to account for the heuristics. +// The return values are: +// - cmd: the command to be executed +// - args: arguments to the command +// - cmdEnv: environment variables when the command will be executed +func getLoggingCmd(n *nodeLogQuery, services []string) (cmd string, args []string, cmdEnv []string, err error) { + args = []string{ "--utc", "--no-pager", "--output=short-precise", @@ -55,7 +59,7 @@ func getLoggingCmd(n *nodeLogQuery, services []string) (string, []string, error) args = append(args, "--boot", fmt.Sprintf("%d", *n.Boot)) } - return "journalctl", args, nil + return "journalctl", args, nil, nil } // checkForNativeLogger checks journalctl output for a service diff --git a/pkg/kubelet/kubelet_server_journal_others.go b/pkg/kubelet/kubelet_server_journal_others.go index 2f9e0ecb1a5df..9e4900710ea7d 100644 --- a/pkg/kubelet/kubelet_server_journal_others.go +++ b/pkg/kubelet/kubelet_server_journal_others.go @@ -24,8 +24,8 @@ import ( ) // getLoggingCmd on unsupported operating systems returns the echo command and a warning message (as strings) -func getLoggingCmd(n *nodeLogQuery, services []string) (string, []string, error) { - return "", []string{}, errors.New("Operating System Not Supported") +func getLoggingCmd(n *nodeLogQuery, services []string) (cmd string, args []string, cmdEnv []string, err error) { + return "", args, cmdEnv, errors.New("Operating System Not Supported") } // checkForNativeLogger on unsupported operating systems returns false diff --git a/pkg/kubelet/kubelet_server_journal_test.go b/pkg/kubelet/kubelet_server_journal_test.go index 430a73fc27cc1..9ac0b7010e07e 100644 --- a/pkg/kubelet/kubelet_server_journal_test.go +++ b/pkg/kubelet/kubelet_server_journal_test.go @@ -30,31 +30,62 @@ import ( ) func Test_getLoggingCmd(t *testing.T) { + var emptyCmdEnv []string tests := []struct { - name string - args nodeLogQuery - wantLinux []string - wantWindows []string - wantOtherOS []string + name string + args nodeLogQuery + services []string + wantLinux []string + wantWindows []string + wantLinuxCmdEnv []string + wantWindowsCmdEnv []string }{ { - args: nodeLogQuery{}, - wantLinux: []string{"--utc", "--no-pager", "--output=short-precise"}, - wantWindows: []string{"-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", "Get-WinEvent -FilterHashtable @{LogName='Application'} | Sort-Object TimeCreated | Format-Table -AutoSize -Wrap"}, + name: "basic", + args: nodeLogQuery{}, + services: []string{}, + wantLinux: []string{"--utc", "--no-pager", "--output=short-precise"}, + wantLinuxCmdEnv: emptyCmdEnv, + wantWindows: []string{"-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", "Get-WinEvent -FilterHashtable @{LogName='Application'} | Sort-Object TimeCreated | Format-Table -AutoSize -Wrap"}, + wantWindowsCmdEnv: emptyCmdEnv, + }, + { + name: "two providers", + args: nodeLogQuery{}, + services: []string{"p1", "p2"}, + wantLinux: []string{"--utc", "--no-pager", "--output=short-precise", "--unit=p1", "--unit=p2"}, + wantLinuxCmdEnv: emptyCmdEnv, + wantWindows: []string{"-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", "Get-WinEvent -FilterHashtable @{LogName='Application'; ProviderName=$Env:kubelet_provider0,$Env:kubelet_provider1} | Sort-Object TimeCreated | Format-Table -AutoSize -Wrap"}, + wantWindowsCmdEnv: []string{"kubelet_provider0=p1", "kubelet_provider1=p2"}, + }, + { + name: "empty provider", + args: nodeLogQuery{}, + services: []string{"p1", "", "p2"}, + wantLinux: []string{"--utc", "--no-pager", "--output=short-precise", "--unit=p1", "--unit=p2"}, + wantLinuxCmdEnv: emptyCmdEnv, + wantWindows: []string{"-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", "Get-WinEvent -FilterHashtable @{LogName='Application'; ProviderName=$Env:kubelet_provider0,$Env:kubelet_provider2} | Sort-Object TimeCreated | Format-Table -AutoSize -Wrap"}, + wantWindowsCmdEnv: []string{"kubelet_provider0=p1", "kubelet_provider2=p2"}, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - _, got, err := getLoggingCmd(&tt.args, []string{}) + _, got, gotCmdEnv, err := getLoggingCmd(&tt.args, tt.services) switch os := runtime.GOOS; os { case "linux": if !reflect.DeepEqual(got, tt.wantLinux) { t.Errorf("getLoggingCmd() = %v, want %v", got, tt.wantLinux) } + if !reflect.DeepEqual(gotCmdEnv, tt.wantLinuxCmdEnv) { + t.Errorf("gotCmdEnv %v, wantLinuxCmdEnv %v", gotCmdEnv, tt.wantLinuxCmdEnv) + } case "windows": if !reflect.DeepEqual(got, tt.wantWindows) { t.Errorf("getLoggingCmd() = %v, want %v", got, tt.wantWindows) } + if !reflect.DeepEqual(gotCmdEnv, tt.wantWindowsCmdEnv) { + t.Errorf("gotCmdEnv %v, wantWindowsCmdEnv %v", gotCmdEnv, tt.wantWindowsCmdEnv) + } default: if err == nil { t.Errorf("getLoggingCmd() = %v, want err", got) diff --git a/pkg/kubelet/kubelet_server_journal_windows.go b/pkg/kubelet/kubelet_server_journal_windows.go index a805cfc5453d8..ffe2df1772da6 100644 --- a/pkg/kubelet/kubelet_server_journal_windows.go +++ b/pkg/kubelet/kubelet_server_journal_windows.go @@ -27,43 +27,107 @@ import ( const powershellExe = "PowerShell.exe" -// getLoggingCmd returns the powershell cmd and arguments for the given nodeLogQuery and boot -func getLoggingCmd(n *nodeLogQuery, services []string) (string, []string, error) { - args := []string{ +// getLoggingCmd returns the powershell cmd, arguments, and environment variables for the given nodeLogQuery and boot. +// All string inputs are environment variables to stop subcommands expressions from being executed. +// The return values are: +// - cmd: the command to be executed +// - args: arguments to the command +// - cmdEnv: environment variables when the command will be executed +func getLoggingCmd(n *nodeLogQuery, services []string) (cmd string, args []string, cmdEnv []string, err error) { + cmdEnv = getLoggingCmdEnv(n, services) + + var includeSinceTime, includeUntilTime, includeTailLines, includePattern bool + if n.SinceTime != nil { + includeSinceTime = true + } + if n.UntilTime != nil { + includeUntilTime = true + } + if n.TailLines != nil { + includeTailLines = true + } + if len(n.Pattern) > 0 { + includePattern = true + } + + var includeServices []bool + for _, service := range services { + includeServices = append(includeServices, len(service) > 0) + } + + args = getLoggingCmdArgs(includeSinceTime, includeUntilTime, includeTailLines, includePattern, includeServices) + + return powershellExe, args, cmdEnv, nil +} + +// getLoggingCmdArgs returns arguments that need to be passed to powershellExe +func getLoggingCmdArgs(includeSinceTime, includeUntilTime, includeTailLines, includePattern bool, services []bool) (args []string) { + args = []string{ "-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", } - psCmd := "Get-WinEvent -FilterHashtable @{LogName='Application'" - if n.SinceTime != nil { - psCmd += fmt.Sprintf("; StartTime='%s'", n.SinceTime.Format(dateLayout)) + psCmd := `Get-WinEvent -FilterHashtable @{LogName='Application'` + + if includeSinceTime { + psCmd += fmt.Sprintf(`; StartTime="$Env:kubelet_sinceTime"`) } - if n.UntilTime != nil { - psCmd += fmt.Sprintf("; EndTime='%s'", n.UntilTime.Format(dateLayout)) + if includeUntilTime { + psCmd += fmt.Sprintf(`; EndTime="$Env:kubelet_untilTime"`) } + var providers []string - for _, service := range services { - if len(service) > 0 { - providers = append(providers, "'"+service+"'") + for i := range services { + if services[i] { + providers = append(providers, fmt.Sprintf("$Env:kubelet_provider%d", i)) } } + if len(providers) > 0 { psCmd += fmt.Sprintf("; ProviderName=%s", strings.Join(providers, ",")) } - psCmd += "}" - if n.TailLines != nil { - psCmd += fmt.Sprintf(" -MaxEvents %d", *n.TailLines) + + psCmd += `}` + if includeTailLines { + psCmd += fmt.Sprint(` -MaxEvents $Env:kubelet_tailLines`) } - psCmd += " | Sort-Object TimeCreated" - if len(n.Pattern) > 0 { - psCmd += fmt.Sprintf(" | Where-Object -Property Message -Match '%s'", n.Pattern) + psCmd += ` | Sort-Object TimeCreated` + + if includePattern { + psCmd += fmt.Sprintf(` | Where-Object -Property Message -Match "$Env:kubelet_pattern"`) } - psCmd += " | Format-Table -AutoSize -Wrap" + psCmd += ` | Format-Table -AutoSize -Wrap` args = append(args, psCmd) - return powershellExe, args, nil + return args +} + +// getLoggingCmdEnv returns the environment variables that will be present when powershellExe is executed +func getLoggingCmdEnv(n *nodeLogQuery, services []string) (cmdEnv []string) { + if n.SinceTime != nil { + cmdEnv = append(cmdEnv, fmt.Sprintf("kubelet_sinceTime=%s", n.SinceTime.Format(dateLayout))) + } + if n.UntilTime != nil { + cmdEnv = append(cmdEnv, fmt.Sprintf("kubelet_untilTime=%s", n.UntilTime.Format(dateLayout))) + } + + for i, service := range services { + if len(service) > 0 { + cmdEnv = append(cmdEnv, fmt.Sprintf("kubelet_provider%d=%s", i, service)) + } + } + + if n.TailLines != nil { + cmdEnv = append(cmdEnv, fmt.Sprintf("kubelet_tailLines=%d", *n.TailLines)) + } + + if len(n.Pattern) > 0 { + cmdEnv = append(cmdEnv, fmt.Sprintf("kubelet_pattern=%s", n.Pattern)) + } + + return cmdEnv } // checkForNativeLogger always returns true for Windows diff --git a/staging/src/k8s.io/kubelet/config/v1beta1/types.go b/staging/src/k8s.io/kubelet/config/v1beta1/types.go index fd1439e9ebf0f..e263a7b30bdf2 100644 --- a/staging/src/k8s.io/kubelet/config/v1beta1/types.go +++ b/staging/src/k8s.io/kubelet/config/v1beta1/types.go @@ -699,6 +699,8 @@ type KubeletConfiguration struct { EnableSystemLogHandler *bool `json:"enableSystemLogHandler,omitempty"` // enableSystemLogQuery enables the node log query feature on the /logs endpoint. // EnableSystemLogHandler has to be enabled in addition for this feature to work. + // Enabling this feature has security implications. The recommendation is to enable it on a need basis for debugging + // purposes and disabling otherwise. // Default: false // +featureGate=NodeLogQuery // +optional From 9a58e9398d4aa69d7ad40f40407e54b96025e0c5 Mon Sep 17 00:00:00 2001 From: Kubernetes Release Robot Date: Wed, 15 Jan 2025 14:33:42 +0000 Subject: [PATCH 14/17] Release commit for Kubernetes v1.29.13 From de57547217159908a3c28ecdc0c1c9abf3b1e5ad Mon Sep 17 00:00:00 2001 From: Jeremy Peterson Date: Thu, 6 Feb 2025 00:06:33 +0000 Subject: [PATCH 15/17] UPSTREAM: : manually resolve conflicts --- pkg/kubelet/kubelet_server_journal_linux.go | 12 ------------ pkg/kubelet/kubelet_server_journal_windows.go | 14 -------------- pkg/volume/util/atomic_writer.go | 9 --------- 3 files changed, 35 deletions(-) diff --git a/pkg/kubelet/kubelet_server_journal_linux.go b/pkg/kubelet/kubelet_server_journal_linux.go index f605499dc59c4..240c6c62e8a23 100644 --- a/pkg/kubelet/kubelet_server_journal_linux.go +++ b/pkg/kubelet/kubelet_server_journal_linux.go @@ -66,19 +66,7 @@ func getLoggingCmd(n *nodeLogQuery, services []string) (cmd string, args []strin args = append(args, "--boot", fmt.Sprintf("%d", *n.Boot)) } -<<<<<<< HEAD - var output string - if len(n.Format) > 0 { - output = n.Format - } else { - output = "short-precise" - } - args = append(args, fmt.Sprintf("--output=%s", output)) - - return "journalctl", args, nil -======= return "journalctl", args, nil, nil ->>>>>>> v1.29.13 } // checkForNativeLogger checks journalctl output for a service diff --git a/pkg/kubelet/kubelet_server_journal_windows.go b/pkg/kubelet/kubelet_server_journal_windows.go index b2c8129d7fe50..ffe2df1772da6 100644 --- a/pkg/kubelet/kubelet_server_journal_windows.go +++ b/pkg/kubelet/kubelet_server_journal_windows.go @@ -68,19 +68,6 @@ func getLoggingCmdArgs(includeSinceTime, includeUntilTime, includeTailLines, inc "-Command", } -<<<<<<< HEAD - psCmd := "Get-WinEvent -FilterHashtable @{LogName='Application'" - if len(n.Since) > 0 { - psCmd += fmt.Sprintf("; StartTime='%s'", n.Since) - } else if n.SinceTime != nil { - psCmd += fmt.Sprintf("; StartTime='%s'", n.SinceTime.Format(dateLayout)) - } - - if len(n.Until) > 0 { - psCmd += fmt.Sprintf("; EndTime='%s'", n.Until) - } else if n.UntilTime != nil { - psCmd += fmt.Sprintf("; EndTime='%s'", n.UntilTime.Format(dateLayout)) -======= psCmd := `Get-WinEvent -FilterHashtable @{LogName='Application'` if includeSinceTime { @@ -88,7 +75,6 @@ func getLoggingCmdArgs(includeSinceTime, includeUntilTime, includeTailLines, inc } if includeUntilTime { psCmd += fmt.Sprintf(`; EndTime="$Env:kubelet_untilTime"`) ->>>>>>> v1.29.13 } var providers []string diff --git a/pkg/volume/util/atomic_writer.go b/pkg/volume/util/atomic_writer.go index 72780b7f23518..69955db6746cf 100644 --- a/pkg/volume/util/atomic_writer.go +++ b/pkg/volume/util/atomic_writer.go @@ -399,7 +399,6 @@ func (w *AtomicWriter) newTimestampDir() (string, error) { // writePayloadToDir writes the given payload to the given directory. The // directory must exist. func (w *AtomicWriter) writePayloadToDir(payload map[string]FileProjection, dir string) error { - isNotWindows := runtime.GOOS != "windows" for userVisiblePath, fileProjection := range payload { content := fileProjection.Data mode := os.FileMode(fileProjection.Mode) @@ -427,18 +426,10 @@ func (w *AtomicWriter) writePayloadToDir(payload map[string]FileProjection, dir if fileProjection.FsUser == nil { continue } -<<<<<<< HEAD - if isNotWindows { - if err := os.Chown(fullPath, int(*fileProjection.FsUser), -1); err != nil { - klog.Errorf("%s: unable to change file %s with owner %v: %v", w.logContext, fullPath, int(*fileProjection.FsUser), err) - return err - } -======= if err := w.chown(fullPath, int(*fileProjection.FsUser), -1); err != nil { klog.Errorf("%s: unable to change file %s with owner %v: %v", w.logContext, fullPath, int(*fileProjection.FsUser), err) return err ->>>>>>> v1.29.13 } } From e8fc708516b51bf4b317e9a7cd4dbce8b077ca4a Mon Sep 17 00:00:00 2001 From: Jeremy Peterson Date: Thu, 6 Feb 2025 00:17:54 +0000 Subject: [PATCH 16/17] UPSTREAM: : hack/update-vendor.sh, make update and update image --- openshift-hack/images/hyperkube/Dockerfile.rhel | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openshift-hack/images/hyperkube/Dockerfile.rhel b/openshift-hack/images/hyperkube/Dockerfile.rhel index 6cc88dbe54e3a..dc05213930a5d 100644 --- a/openshift-hack/images/hyperkube/Dockerfile.rhel +++ b/openshift-hack/images/hyperkube/Dockerfile.rhel @@ -13,4 +13,4 @@ COPY --from=builder /tmp/build/* /usr/bin/ LABEL io.k8s.display-name="OpenShift Kubernetes Server Commands" \ io.k8s.description="OpenShift is a platform for developing, building, and deploying containerized applications." \ io.openshift.tags="openshift,hyperkube" \ - io.openshift.build.versions="kubernetes=1.29.11" + io.openshift.build.versions="kubernetes=1.29.13" From 903902218b4b4fca1339689bc02dfa55cabef3d9 Mon Sep 17 00:00:00 2001 From: Jeremy Peterson Date: Thu, 6 Feb 2025 02:33:16 +0000 Subject: [PATCH 17/17] Fix for Test_getLoggingCmd test --- pkg/kubelet/kubelet_server_journal_linux.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkg/kubelet/kubelet_server_journal_linux.go b/pkg/kubelet/kubelet_server_journal_linux.go index 240c6c62e8a23..6a6d8421c4754 100644 --- a/pkg/kubelet/kubelet_server_journal_linux.go +++ b/pkg/kubelet/kubelet_server_journal_linux.go @@ -52,6 +52,16 @@ func getLoggingCmd(n *nodeLogQuery, services []string) (cmd string, args []strin if n.TailLines != nil { args = append(args, "--pager-end", fmt.Sprintf("--lines=%d", *n.TailLines)) } + + var output string + if len(n.Format) > 0 { + output = n.Format + } else { + output = "short-precise" + } + + args = append(args, fmt.Sprintf("--output=%s", output)) + for _, service := range services { if len(service) > 0 { args = append(args, "--unit="+service)