From 16dd861dbbfdc42fe3b747d55d5bf92f96d800a6 Mon Sep 17 00:00:00 2001 From: Kubernetes Release Robot Date: Thu, 15 May 2025 09:32:00 +0000 Subject: [PATCH 01/14] Update CHANGELOG/CHANGELOG-1.31.md for v1.31.9 --- CHANGELOG/CHANGELOG-1.31.md | 279 +++++++++++++++++++++++++----------- 1 file changed, 192 insertions(+), 87 deletions(-) diff --git a/CHANGELOG/CHANGELOG-1.31.md b/CHANGELOG/CHANGELOG-1.31.md index a20b25df229b9..1bd0c51238c34 100644 --- a/CHANGELOG/CHANGELOG-1.31.md +++ b/CHANGELOG/CHANGELOG-1.31.md @@ -1,270 +1,375 @@ -- [v1.31.8](#v1318) - - [Downloads for v1.31.8](#downloads-for-v1318) +- [v1.31.9](#v1319) + - [Downloads for v1.31.9](#downloads-for-v1319) - [Source Code](#source-code) - [Client Binaries](#client-binaries) - [Server Binaries](#server-binaries) - [Node Binaries](#node-binaries) - [Container Images](#container-images) - - [Changelog since v1.31.7](#changelog-since-v1317) + - [Changelog since v1.31.8](#changelog-since-v1318) - [Changes by Kind](#changes-by-kind) + - [Feature](#feature) - [Bug or Regression](#bug-or-regression) - [Dependencies](#dependencies) - [Added](#added) - [Changed](#changed) - [Removed](#removed) -- [v1.31.7](#v1317) - - [Downloads for v1.31.7](#downloads-for-v1317) +- [v1.31.8](#v1318) + - [Downloads for v1.31.8](#downloads-for-v1318) - [Source Code](#source-code-1) - [Client Binaries](#client-binaries-1) - [Server Binaries](#server-binaries-1) - [Node Binaries](#node-binaries-1) - [Container Images](#container-images-1) - - [Changelog since v1.31.6](#changelog-since-v1316) + - [Changelog since v1.31.7](#changelog-since-v1317) - [Changes by Kind](#changes-by-kind-1) - [Bug or Regression](#bug-or-regression-1) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake) - [Dependencies](#dependencies-1) - [Added](#added-1) - [Changed](#changed-1) - [Removed](#removed-1) -- [v1.31.6](#v1316) - - [Downloads for v1.31.6](#downloads-for-v1316) +- [v1.31.7](#v1317) + - [Downloads for v1.31.7](#downloads-for-v1317) - [Source Code](#source-code-2) - [Client Binaries](#client-binaries-2) - [Server Binaries](#server-binaries-2) - [Node Binaries](#node-binaries-2) - [Container Images](#container-images-2) - - [Changelog since v1.31.5](#changelog-since-v1315) - - [Important Security Information](#important-security-information) - - [CVE-2025-0426: Node Denial of Service via Kubelet Checkpoint API](#cve-2025-0426-node-denial-of-service-via-kubelet-checkpoint-api) + - [Changelog since v1.31.6](#changelog-since-v1316) - [Changes by Kind](#changes-by-kind-2) - - [Feature](#feature) - [Bug or Regression](#bug-or-regression-2) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake) - [Dependencies](#dependencies-2) - [Added](#added-2) - [Changed](#changed-2) - [Removed](#removed-2) -- [v1.31.5](#v1315) - - [Downloads for v1.31.5](#downloads-for-v1315) +- [v1.31.6](#v1316) + - [Downloads for v1.31.6](#downloads-for-v1316) - [Source Code](#source-code-3) - [Client Binaries](#client-binaries-3) - [Server Binaries](#server-binaries-3) - [Node Binaries](#node-binaries-3) - [Container Images](#container-images-3) - - [Changelog since v1.31.4](#changelog-since-v1314) - - [Important Security Information](#important-security-information-1) - - [CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API](#cve-2024-9042-command-injection-affecting-windows-nodes-via-nodeslogsquery-api) + - [Changelog since v1.31.5](#changelog-since-v1315) + - [Important Security Information](#important-security-information) + - [CVE-2025-0426: Node Denial of Service via Kubelet Checkpoint API](#cve-2025-0426-node-denial-of-service-via-kubelet-checkpoint-api) - [Changes by Kind](#changes-by-kind-3) - - [API Change](#api-change) - [Feature](#feature-1) - [Bug or Regression](#bug-or-regression-3) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) - [Dependencies](#dependencies-3) - [Added](#added-3) - [Changed](#changed-3) - [Removed](#removed-3) -- [v1.31.4](#v1314) - - [Downloads for v1.31.4](#downloads-for-v1314) +- [v1.31.5](#v1315) + - [Downloads for v1.31.5](#downloads-for-v1315) - [Source Code](#source-code-4) - [Client Binaries](#client-binaries-4) - [Server Binaries](#server-binaries-4) - [Node Binaries](#node-binaries-4) - [Container Images](#container-images-4) - - [Changelog since v1.31.3](#changelog-since-v1313) + - [Changelog since v1.31.4](#changelog-since-v1314) + - [Important Security Information](#important-security-information-1) + - [CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API](#cve-2024-9042-command-injection-affecting-windows-nodes-via-nodeslogsquery-api) - [Changes by Kind](#changes-by-kind-4) + - [API Change](#api-change) - [Feature](#feature-2) - [Bug or Regression](#bug-or-regression-4) - [Dependencies](#dependencies-4) - [Added](#added-4) - [Changed](#changed-4) - [Removed](#removed-4) -- [v1.31.3](#v1313) - - [Downloads for v1.31.3](#downloads-for-v1313) +- [v1.31.4](#v1314) + - [Downloads for v1.31.4](#downloads-for-v1314) - [Source Code](#source-code-5) - [Client Binaries](#client-binaries-5) - [Server Binaries](#server-binaries-5) - [Node Binaries](#node-binaries-5) - [Container Images](#container-images-5) - - [Changelog since v1.31.2](#changelog-since-v1312) + - [Changelog since v1.31.3](#changelog-since-v1313) - [Changes by Kind](#changes-by-kind-5) + - [Feature](#feature-3) - [Bug or Regression](#bug-or-regression-5) - [Dependencies](#dependencies-5) - [Added](#added-5) - [Changed](#changed-5) - [Removed](#removed-5) -- [v1.31.2](#v1312) - - [Downloads for v1.31.2](#downloads-for-v1312) +- [v1.31.3](#v1313) + - [Downloads for v1.31.3](#downloads-for-v1313) - [Source Code](#source-code-6) - [Client Binaries](#client-binaries-6) - [Server Binaries](#server-binaries-6) - [Node Binaries](#node-binaries-6) - [Container Images](#container-images-6) - - [Changelog since v1.31.1](#changelog-since-v1311) + - [Changelog since v1.31.2](#changelog-since-v1312) - [Changes by Kind](#changes-by-kind-6) - - [Feature](#feature-3) - [Bug or Regression](#bug-or-regression-6) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - - [Uncategorized](#uncategorized) - [Dependencies](#dependencies-6) - [Added](#added-6) - [Changed](#changed-6) - [Removed](#removed-6) -- [v1.31.1](#v1311) - - [Downloads for v1.31.1](#downloads-for-v1311) +- [v1.31.2](#v1312) + - [Downloads for v1.31.2](#downloads-for-v1312) - [Source Code](#source-code-7) - [Client Binaries](#client-binaries-7) - [Server Binaries](#server-binaries-7) - [Node Binaries](#node-binaries-7) - [Container Images](#container-images-7) - - [Changelog since v1.31.0](#changelog-since-v1310) + - [Changelog since v1.31.1](#changelog-since-v1311) - [Changes by Kind](#changes-by-kind-7) - - [Deprecation](#deprecation) - - [API Change](#api-change-1) - [Feature](#feature-4) - [Bug or Regression](#bug-or-regression-7) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) + - [Uncategorized](#uncategorized) - [Dependencies](#dependencies-7) - [Added](#added-7) - [Changed](#changed-7) - [Removed](#removed-7) -- [v1.31.0](#v1310) - - [Downloads for v1.31.0](#downloads-for-v1310) +- [v1.31.1](#v1311) + - [Downloads for v1.31.1](#downloads-for-v1311) - [Source Code](#source-code-8) - [Client Binaries](#client-binaries-8) - [Server Binaries](#server-binaries-8) - [Node Binaries](#node-binaries-8) - [Container Images](#container-images-8) - - [Changelog since v1.30.0](#changelog-since-v1300) - - [Urgent Upgrade Notes](#urgent-upgrade-notes) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) + - [Changelog since v1.31.0](#changelog-since-v1310) - [Changes by Kind](#changes-by-kind-8) - - [Deprecation](#deprecation-1) - - [API Change](#api-change-2) + - [Deprecation](#deprecation) + - [API Change](#api-change-1) - [Feature](#feature-5) - - [Failing Test](#failing-test) - [Bug or Regression](#bug-or-regression-8) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) - [Dependencies](#dependencies-8) - [Added](#added-8) - [Changed](#changed-8) - [Removed](#removed-8) -- [v1.31.0-rc.1](#v1310-rc1) - - [Downloads for v1.31.0-rc.1](#downloads-for-v1310-rc1) +- [v1.31.0](#v1310) + - [Downloads for v1.31.0](#downloads-for-v1310) - [Source Code](#source-code-9) - [Client Binaries](#client-binaries-9) - [Server Binaries](#server-binaries-9) - [Node Binaries](#node-binaries-9) - [Container Images](#container-images-9) - - [Changelog since v1.31.0-rc.0](#changelog-since-v1310-rc0) + - [Changelog since v1.30.0](#changelog-since-v1300) + - [Urgent Upgrade Notes](#urgent-upgrade-notes) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) - [Changes by Kind](#changes-by-kind-9) - - [API Change](#api-change-3) + - [Deprecation](#deprecation-1) + - [API Change](#api-change-2) - [Feature](#feature-6) + - [Failing Test](#failing-test) - [Bug or Regression](#bug-or-regression-9) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) - [Dependencies](#dependencies-9) - [Added](#added-9) - [Changed](#changed-9) - [Removed](#removed-9) -- [v1.31.0-rc.0](#v1310-rc0) - - [Downloads for v1.31.0-rc.0](#downloads-for-v1310-rc0) +- [v1.31.0-rc.1](#v1310-rc1) + - [Downloads for v1.31.0-rc.1](#downloads-for-v1310-rc1) - [Source Code](#source-code-10) - [Client Binaries](#client-binaries-10) - [Server Binaries](#server-binaries-10) - [Node Binaries](#node-binaries-10) - [Container Images](#container-images-10) - - [Changelog since v1.31.0-beta.0](#changelog-since-v1310-beta0) - - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) + - [Changelog since v1.31.0-rc.0](#changelog-since-v1310-rc0) - [Changes by Kind](#changes-by-kind-10) - - [Deprecation](#deprecation-2) - - [API Change](#api-change-4) + - [API Change](#api-change-3) - [Feature](#feature-7) - - [Failing Test](#failing-test-1) - [Bug or Regression](#bug-or-regression-10) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) - [Dependencies](#dependencies-10) - [Added](#added-10) - [Changed](#changed-10) - [Removed](#removed-10) -- [v1.31.0-beta.0](#v1310-beta0) - - [Downloads for v1.31.0-beta.0](#downloads-for-v1310-beta0) +- [v1.31.0-rc.0](#v1310-rc0) + - [Downloads for v1.31.0-rc.0](#downloads-for-v1310-rc0) - [Source Code](#source-code-11) - [Client Binaries](#client-binaries-11) - [Server Binaries](#server-binaries-11) - [Node Binaries](#node-binaries-11) - [Container Images](#container-images-11) - - [Changelog since v1.31.0-alpha.3](#changelog-since-v1310-alpha3) + - [Changelog since v1.31.0-beta.0](#changelog-since-v1310-beta0) + - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) - [Changes by Kind](#changes-by-kind-11) - - [API Change](#api-change-5) + - [Deprecation](#deprecation-2) + - [API Change](#api-change-4) - [Feature](#feature-8) + - [Failing Test](#failing-test-1) - [Bug or Regression](#bug-or-regression-11) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) - [Dependencies](#dependencies-11) - [Added](#added-11) - [Changed](#changed-11) - [Removed](#removed-11) -- [v1.31.0-alpha.3](#v1310-alpha3) - - [Downloads for v1.31.0-alpha.3](#downloads-for-v1310-alpha3) +- [v1.31.0-beta.0](#v1310-beta0) + - [Downloads for v1.31.0-beta.0](#downloads-for-v1310-beta0) - [Source Code](#source-code-12) - [Client Binaries](#client-binaries-12) - [Server Binaries](#server-binaries-12) - [Node Binaries](#node-binaries-12) - [Container Images](#container-images-12) - - [Changelog since v1.31.0-alpha.2](#changelog-since-v1310-alpha2) + - [Changelog since v1.31.0-alpha.3](#changelog-since-v1310-alpha3) - [Changes by Kind](#changes-by-kind-12) - - [API Change](#api-change-6) + - [API Change](#api-change-5) - [Feature](#feature-9) - [Bug or Regression](#bug-or-regression-12) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-7) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) - [Dependencies](#dependencies-12) - [Added](#added-12) - [Changed](#changed-12) - [Removed](#removed-12) -- [v1.31.0-alpha.2](#v1310-alpha2) - - [Downloads for v1.31.0-alpha.2](#downloads-for-v1310-alpha2) +- [v1.31.0-alpha.3](#v1310-alpha3) + - [Downloads for v1.31.0-alpha.3](#downloads-for-v1310-alpha3) - [Source Code](#source-code-13) - [Client Binaries](#client-binaries-13) - [Server Binaries](#server-binaries-13) - [Node Binaries](#node-binaries-13) - [Container Images](#container-images-13) - - [Changelog since v1.31.0-alpha.1](#changelog-since-v1310-alpha1) - - [Urgent Upgrade Notes](#urgent-upgrade-notes-2) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-2) + - [Changelog since v1.31.0-alpha.2](#changelog-since-v1310-alpha2) - [Changes by Kind](#changes-by-kind-13) - - [API Change](#api-change-7) + - [API Change](#api-change-6) - [Feature](#feature-10) - - [Failing Test](#failing-test-2) - [Bug or Regression](#bug-or-regression-13) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-8) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-7) - [Dependencies](#dependencies-13) - [Added](#added-13) - [Changed](#changed-13) - [Removed](#removed-13) -- [v1.31.0-alpha.1](#v1310-alpha1) - - [Downloads for v1.31.0-alpha.1](#downloads-for-v1310-alpha1) +- [v1.31.0-alpha.2](#v1310-alpha2) + - [Downloads for v1.31.0-alpha.2](#downloads-for-v1310-alpha2) - [Source Code](#source-code-14) - [Client Binaries](#client-binaries-14) - [Server Binaries](#server-binaries-14) - [Node Binaries](#node-binaries-14) - [Container Images](#container-images-14) - - [Changelog since v1.30.0](#changelog-since-v1300-1) - - [Urgent Upgrade Notes](#urgent-upgrade-notes-3) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-3) + - [Changelog since v1.31.0-alpha.1](#changelog-since-v1310-alpha1) + - [Urgent Upgrade Notes](#urgent-upgrade-notes-2) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-2) - [Changes by Kind](#changes-by-kind-14) - - [Deprecation](#deprecation-3) - - [API Change](#api-change-8) + - [API Change](#api-change-7) - [Feature](#feature-11) - - [Failing Test](#failing-test-3) + - [Failing Test](#failing-test-2) - [Bug or Regression](#bug-or-regression-14) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-9) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-8) - [Dependencies](#dependencies-14) - [Added](#added-14) - [Changed](#changed-14) - [Removed](#removed-14) +- [v1.31.0-alpha.1](#v1310-alpha1) + - [Downloads for v1.31.0-alpha.1](#downloads-for-v1310-alpha1) + - [Source Code](#source-code-15) + - [Client Binaries](#client-binaries-15) + - [Server Binaries](#server-binaries-15) + - [Node Binaries](#node-binaries-15) + - [Container Images](#container-images-15) + - [Changelog since v1.30.0](#changelog-since-v1300-1) + - [Urgent Upgrade Notes](#urgent-upgrade-notes-3) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-3) + - [Changes by Kind](#changes-by-kind-15) + - [Deprecation](#deprecation-3) + - [API Change](#api-change-8) + - [Feature](#feature-12) + - [Failing Test](#failing-test-3) + - [Bug or Regression](#bug-or-regression-15) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-9) + - [Dependencies](#dependencies-15) + - [Added](#added-15) + - [Changed](#changed-15) + - [Removed](#removed-15) +# v1.31.9 + + +## Downloads for v1.31.9 + + + +### Source Code + +filename | sha512 hash +-------- | ----------- +[kubernetes.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes.tar.gz) | 676c85394443681c6e96f2ade4575cdd85b611c577438a25c72fde414e4046a189aa81ca8bc0a1e136e9253b73a504327374891d82422648194e0e8f83bc3804 +[kubernetes-src.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-src.tar.gz) | b08533edd6651cd04ea497597a7b08efef58f09ad0abcd9a0b353a41e178b36a6087e73d5786a343e8afebdafc8b764833ad7643e646ebe2cb8093fcafd8c3ce + +### Client Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-client-darwin-amd64.tar.gz) | 70ebe37a79df7680a24a01c4007f3dff68e8e4fbc2d601d6be1313edf15612ea3894bdd6168c5cb303f9171f760ed43bd182959edaaaeef6c48db2376927dbd4 +[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-client-darwin-arm64.tar.gz) | e7117aa551b386eea2f152083ac61bbf0272a513fc5ce314ad351783d26ccfb11b26f1eea8b2954425219e54e0549fcb2c5a90fbaa84deb52576dd71a231fdfe +[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-client-linux-386.tar.gz) | b0744901ccb4a1d90f598719b1dd2aceb4743234db89f5916c8cbdba075803fd0e6ca05efd375fa9c48b0a1e5a62f4e491b27bc6b7645f5ee8a6f4408233d953 +[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-client-linux-amd64.tar.gz) | 1ba17ed3a8fba0d0965756c4265a1cfc9f47c8c621ead32a17c64b8b9700bb0d7374a23a8a066d7e49de784460bc249beae7d7960dbfde2230226a0c704f7dcf +[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-client-linux-arm.tar.gz) | c57c76a3cd1baf0370865fad689efcb20095291620b2888bdab864c448c8898b6eb786450a5220a3efddfbb6d86bdbf2da847585e406817e2ad1fbb96e5f12e4 +[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-client-linux-arm64.tar.gz) | 2d7c3c4cdce9ebfa2a9d25af9e3990d0c5ee7963a99a0b6e111ddf4f099cfe37d1c5e57de2e3176ae4dfceb4d7e5702ae0e3f9892573a1dcea6b749f40fa73ff +[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-client-linux-ppc64le.tar.gz) | 2c82ed6e60628afe30faed870d2f189322c70349600804b698a309b7f23a228505c0649fc7f1a6dd0209613839ecde5cf3653b24d1f343a429d2d832fb4ce3a2 +[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-client-linux-s390x.tar.gz) | b8865465cc8b441cc7b90470105c79e366e8eb61988a93a911d09f086fa163b84b5e910c250aa6e638aafbf7aa25662055d701a339f24ee761744b901bab86c2 +[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-client-windows-386.tar.gz) | 48c5142c612ca71560bf9fd6a9f4252a18fcf89ba9bc1b87701df76567d25fa8ccdc0b93da0b9cb7edc441d8b88223127b641be64c6c7bcc24a9c1261c261e43 +[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-client-windows-amd64.tar.gz) | 0a342fb159ada08d9f0e9c5541fd541373036c60dbc67a8eab766d8c34780fdbcb79873340956b3d15c294aff35ccaf9c0865c8e185723233b2e8d4030b75a80 +[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-client-windows-arm64.tar.gz) | 3552755421282822deb661f82a77ec5b77d0ff146b67ddd6890ce7dba16e108f5cbc602dbc26204918d22f3cfcc2fb62502536e7ca73842031f772dbf7d69f48 + +### Server Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-server-linux-amd64.tar.gz) | fe92208b7bf3f8bc366ddb1363857fffaccb58a6bba49d1e1628def2acee866685dc82fb630d2a017a5576b7395cd20d9a4ca6903f46b8f117a04247d1a82591 +[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-server-linux-arm64.tar.gz) | eca8b6ba5cde2c2bd66a697895c256da5c827b505a6a88652949b54f127e4689fff1e7361d3f8332947d23f6092d5e0936fbcfce367c70650fd226570e02e8a3 +[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-server-linux-ppc64le.tar.gz) | 8370f1a070fab066adfae2298b3f7158ae11e69832cabf19ef8cde3857c2ad569f81c36cfe5e1c52510154d459910c58f319420e1ecd8c054f851a9525502f24 +[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-server-linux-s390x.tar.gz) | d8c6de7861559ad38dc8a2be9ae64edc5c8f270a4c107710d4754258d668e645da68c49c4041ebe7199011375f0820ccd22ff2c5a36903b4d9f1e3c3dae7ccb0 + +### Node Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-node-linux-amd64.tar.gz) | abb2414da121bb2bf3b9e7f05edebfeec80d1b7b1707ad2afdcb0db2edcba62ef8a09421ac495afbe857525ff1e7a5c4f2ad72231a07f3b2c98313933c791e2b +[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-node-linux-arm64.tar.gz) | ffec2def4b39be098c97397e95dde3b4462693b3b931a19f9466f08ac9efdd050a985184c6500ea9a2d7c3b8669133b8fd38be2f8427fd83c9c1c02fabdea708 +[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-node-linux-ppc64le.tar.gz) | 01a89644aa8354cf69635151f6cd3c45752544723f767726337f2e2ea42bc6a53fbadbc1c4b4b46a07cb16efb0574d96e926d002f1d7a2efb0620c580c1fda09 +[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-node-linux-s390x.tar.gz) | 0126309337bb8d7a83e24ad6eaba76ccfccf425837c2fe5550d73977645ef2f4b788b12dd976c4cb775639c67efa6defa04018ed184c6ebcaa4187ddd5dc5291 +[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.31.9/kubernetes-node-windows-amd64.tar.gz) | 26a6338ea3bc4e542466a7af6f211cfda39fe9024401de9a2f3380cb542a4260c45cd7d8e0a2fdf173c6720943a6b20666617856819f0b360a795a22d75b8d68 + +### Container Images + +All container images are available as manifest lists and support the described +architectures. It is also possible to pull a specific architecture directly by +adding the "-$ARCH" suffix to the container image name. + +name | architectures +---- | ------------- +[registry.k8s.io/conformance:v1.31.9](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-s390x) +[registry.k8s.io/kube-apiserver:v1.31.9](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-s390x) +[registry.k8s.io/kube-controller-manager:v1.31.9](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-s390x) +[registry.k8s.io/kube-proxy:v1.31.9](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-s390x) +[registry.k8s.io/kube-scheduler:v1.31.9](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-s390x) +[registry.k8s.io/kubectl:v1.31.9](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-s390x) + +## Changelog since v1.31.8 + +## Changes by Kind + +### Feature + +- Kubernetes is now built with Go 1.23.8 ([#131537](https://github.com/kubernetes/kubernetes/pull/131537), [@ameukam](https://github.com/ameukam)) [SIG Release and Testing] + +### Bug or Regression + +- Check for newer resize fields when deciding recovery feature's status in kubelet ([#131439](https://github.com/kubernetes/kubernetes/pull/131439), [@gnufied](https://github.com/gnufied)) [SIG Storage] +- Resolve a regression introduced in version 1.31 on Windows Proxy, where the creation of HNS endpoints fails if remote HNS endpoints with the same IP address have already been created. ([#131429](https://github.com/kubernetes/kubernetes/pull/131429), [@princepereira](https://github.com/princepereira)) [SIG Network and Windows] + +## Dependencies + +### Added +_Nothing has changed._ + +### Changed +_Nothing has changed._ + +### Removed +_Nothing has changed._ + + + # v1.31.8 From e983d3f575901ff030db172d25e600768bc51c09 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 6 May 2025 14:54:55 +0200 Subject: [PATCH 02/14] userns: Use len to handle empty non-nil slices When using an old runtime like containerd 1.7, this message is not implemented and what we get here is an empty non-nil slice. Let's check the len of the slice instead. While we are there, let's just return false and no error. In the following commits we will wrap the error and we didn't find any more info to add here. Signed-off-by: Rodrigo Campos --- pkg/kubelet/kubelet_getters.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/kubelet/kubelet_getters.go b/pkg/kubelet/kubelet_getters.go index ec22cde4604e4..3e3532a3914fa 100644 --- a/pkg/kubelet/kubelet_getters.go +++ b/pkg/kubelet/kubelet_getters.go @@ -120,8 +120,9 @@ func (kl *Kubelet) ListPodsFromDisk() ([]types.UID, error) { // user namespaces. func (kl *Kubelet) HandlerSupportsUserNamespaces(rtHandler string) (bool, error) { rtHandlers := kl.runtimeState.runtimeHandlers() - if rtHandlers == nil { - return false, fmt.Errorf("runtime handlers are not set") + if len(rtHandlers) == 0 { + // The slice is empty if the runtime is old and doesn't support this message. + return false, nil } for _, h := range rtHandlers { if h.Name == rtHandler { From c0eb9e34337c15f2fb58cb0646ca38457c7abdf0 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 6 May 2025 14:58:32 +0200 Subject: [PATCH 03/14] userns: Improve error returned if userns is not supported This makes it clear the error comes due to a user namespace configuration. Otherwise the error returned looks too generic and is not clear. Before this PR, the error was: Warning FailedCreatePodSandBox 1s kubelet Failed to create pod sandbox: the handler "" is not known Now it is: Warning FailedCreatePodSandBox 1s kubelet Failed to create pod sandbox: runtime does not support user namespaces Signed-off-by: Rodrigo Campos --- pkg/kubelet/userns/userns_manager.go | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/pkg/kubelet/userns/userns_manager.go b/pkg/kubelet/userns/userns_manager.go index 73167783297f9..fe14ffc6e862a 100644 --- a/pkg/kubelet/userns/userns_manager.go +++ b/pkg/kubelet/userns/userns_manager.go @@ -411,10 +411,15 @@ func (m *UsernsManager) GetOrCreateUserNamespaceMappings(pod *v1.Pod, runtimeHan // From here onwards, hostUsers=false and the feature gate is enabled. // if the pod requested a user namespace and the runtime doesn't support user namespaces then return an error. - if handlerSupportsUserns, err := m.kl.HandlerSupportsUserNamespaces(runtimeHandler); err != nil { - return nil, err - } else if !handlerSupportsUserns { - return nil, fmt.Errorf("RuntimeClass handler %q does not support user namespaces", runtimeHandler) + if handlerSupportsUserns, err := m.kl.HandlerSupportsUserNamespaces(runtimeHandler); err != nil || !handlerSupportsUserns { + msg := "can't set `spec.hostUsers: false`, runtime does not support user namespaces" + if runtimeHandler != "" { + msg = fmt.Sprintf("can't set `spec.hostUsers: false`, RuntimeClass handler %q does not support user namespaces", runtimeHandler) + } + if err != nil { + return nil, fmt.Errorf("%v: %w", msg, err) + } + return nil, fmt.Errorf("%v", msg) } m.lock.Lock() From e8859863936a05d4f6b6f96e60f442075cbc4dc8 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 6 May 2025 15:01:32 +0200 Subject: [PATCH 04/14] userns: Wrap more errors Most errors where already wrapped, but these were missing. Signed-off-by: Rodrigo Campos --- pkg/kubelet/userns/userns_manager.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/kubelet/userns/userns_manager.go b/pkg/kubelet/userns/userns_manager.go index fe14ffc6e862a..cf407d852c1ba 100644 --- a/pkg/kubelet/userns/userns_manager.go +++ b/pkg/kubelet/userns/userns_manager.go @@ -434,12 +434,12 @@ func (m *UsernsManager) GetOrCreateUserNamespaceMappings(pod *v1.Pod, runtimeHan if string(content) != "" { userNs, err = m.parseUserNsFileAndRecord(pod.UID, content) if err != nil { - return nil, err + return nil, fmt.Errorf("user namespace: %w", err) } } else { userNs, err = m.createUserNs(pod) if err != nil { - return nil, err + return nil, fmt.Errorf("create user namespace: %w", err) } } @@ -490,7 +490,7 @@ func (m *UsernsManager) CleanupOrphanedPodUsernsAllocations(pods []*v1.Pod, runn allFound := sets.New[string]() found, err := m.kl.ListPodsFromDisk() if err != nil { - return err + return fmt.Errorf("user namespace: read pods from disk: %w", err) } for _, podUID := range found { From c88aef2d63a6b1dfb44f47eab6acb0475c951c70 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 18 Feb 2025 17:10:56 +0100 Subject: [PATCH 05/14] Revert "Switch hard error to a WARNING for kernel version check" This reverts commit fd06dcd604102ef3b06b71501e8e12fb51c11fab. The revert is not to make it a hard error again, this revert is needed to revert cleanly the commit that added this as an error in the first place. Signed-off-by: Rodrigo Campos --- pkg/kubelet/kubelet_pods.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/kubelet/kubelet_pods.go b/pkg/kubelet/kubelet_pods.go index 7d24a90b0e702..b44e0576f8354 100644 --- a/pkg/kubelet/kubelet_pods.go +++ b/pkg/kubelet/kubelet_pods.go @@ -138,8 +138,9 @@ func (kl *Kubelet) getKubeletMappings() (uint32, uint32, error) { features.UserNamespacesSupport, err) } if kernelVersion != nil && !kernelVersion.AtLeast(version.MustParseGeneric(utilkernel.UserNamespacesSupportKernelVersion)) { - klog.InfoS("WARNING: the kernel version is incompatible with the feature gate, which needs as a minimum kernel version", - "kernelVersion", kernelVersion, "feature", features.UserNamespacesSupport, "minKernelVersion", utilkernel.UserNamespacesSupportKernelVersion) + return 0, 0, fmt.Errorf( + "the kernel version (%s) is incompatible with the %s feature gate, which needs %s as a minimum kernel version", + kernelVersion, features.UserNamespacesSupport, utilkernel.UserNamespacesSupportKernelVersion) } } From 1e53e59c3ab1aaab9a924448593e2c064c50c588 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 18 Feb 2025 17:15:22 +0100 Subject: [PATCH 06/14] Revert "Enforce the Minimum Kernel Version 6.3 for UserNamespacesSupport feature" This reverts commit 8597b343fa49dcb491282eaa5e5887221a985905. I wrote in the Kubernetes documentation: In practice this means you need at least Linux 6.3, as tmpfs started supporting idmap mounts in that version. This is usually needed as several Kubernetes features use tmpfs (the service account token that is mounted by default uses a tmpfs, Secrets use a tmpfs, etc.) The check is wrong for several reasons: * Pods can use userns before 6.3, they will just need to be careful to not use a tmpfs (like a serviceaccount). MOST users will probably need 6.3, but it is possible to use earlier kernel versions. 5.19 probably works fine and with improvements in the runtime 5.12 can probably be supported too. * Several distros backport changes and the recommended way is usually to try the syscall instead of testing kernel versions. I expect support for simple fs like tmpfs will be backported in several distros, but with this check it can generate confusion. * Today a clear error is shown when the pod is created, so it's unlikely a user will not understand why it fails. * Returning an error if utilkernel fails to understand what kernel version is running is also too strict (as we are logging a warning even if it is not the expected version) * We are switching to enabled by default, which will log a warning on every user that runs on an older than 6.3 kernel, adding noise to the logs. For there reasons, let's just remove the hardcoded kernel version check. Signed-off-by: Rodrigo Campos --- pkg/kubelet/kubelet_pods.go | 13 ------------- pkg/util/kernel/constants.go | 4 ---- 2 files changed, 17 deletions(-) diff --git a/pkg/kubelet/kubelet_pods.go b/pkg/kubelet/kubelet_pods.go index b44e0576f8354..f4cbfe0177a37 100644 --- a/pkg/kubelet/kubelet_pods.go +++ b/pkg/kubelet/kubelet_pods.go @@ -41,7 +41,6 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/sets" utilvalidation "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/apimachinery/pkg/util/version" utilfeature "k8s.io/apiserver/pkg/util/feature" runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1" "k8s.io/klog/v2" @@ -62,7 +61,6 @@ import ( "k8s.io/kubernetes/pkg/kubelet/status" kubetypes "k8s.io/kubernetes/pkg/kubelet/types" utilfs "k8s.io/kubernetes/pkg/util/filesystem" - utilkernel "k8s.io/kubernetes/pkg/util/kernel" utilpod "k8s.io/kubernetes/pkg/util/pod" volumeutil "k8s.io/kubernetes/pkg/volume/util" "k8s.io/kubernetes/pkg/volume/util/hostutil" @@ -131,17 +129,6 @@ func (kl *Kubelet) getKubeletMappings() (uint32, uint32, error) { if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) { return defaultFirstID, defaultLen, nil - } else { - kernelVersion, err := utilkernel.GetVersion() - if err != nil { - return 0, 0, fmt.Errorf("failed to get kernel version, unable to determine if feature %s can be supported : %w", - features.UserNamespacesSupport, err) - } - if kernelVersion != nil && !kernelVersion.AtLeast(version.MustParseGeneric(utilkernel.UserNamespacesSupportKernelVersion)) { - return 0, 0, fmt.Errorf( - "the kernel version (%s) is incompatible with the %s feature gate, which needs %s as a minimum kernel version", - kernelVersion, features.UserNamespacesSupport, utilkernel.UserNamespacesSupportKernelVersion) - } } _, err := user.Lookup(kubeletUser) diff --git a/pkg/util/kernel/constants.go b/pkg/util/kernel/constants.go index 6775027e7a0f4..99c60a44bed62 100644 --- a/pkg/util/kernel/constants.go +++ b/pkg/util/kernel/constants.go @@ -44,10 +44,6 @@ const TCPFinTimeoutNamespacedKernelVersion = "4.6" // (ref: https://github.com/torvalds/linux/commit/35dfb013149f74c2be1ff9c78f14e6a3cd1539d1) const IPVSConnReuseModeFixedKernelVersion = "5.9" -// UserNamespacesSupportKernelVersion is the kernel version where idmap for tmpfs support was added -// (ref: https://github.com/torvalds/linux/commit/05e6295f7b5e05f09e369a3eb2882ec5b40fff20) -const UserNamespacesSupportKernelVersion = "6.3" - const TmpfsNoswapSupportKernelVersion = "6.4" // NFTablesKubeProxyKernelVersion is the lowest kernel version kube-proxy supports using From 156c80a613fa8821cc1d18904db5094c8ffc2ade Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 13 Mar 2025 19:32:31 +0100 Subject: [PATCH 07/14] pkg/kubelet: Fix userns tests on Windows Signed-off-by: Rodrigo Campos --- pkg/kubelet/kubelet_pods.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/kubelet/kubelet_pods.go b/pkg/kubelet/kubelet_pods.go index 7d24a90b0e702..5ce87a5ac04e1 100644 --- a/pkg/kubelet/kubelet_pods.go +++ b/pkg/kubelet/kubelet_pods.go @@ -143,6 +143,11 @@ func (kl *Kubelet) getKubeletMappings() (uint32, uint32, error) { } } + // Windows doesn't support user namespaces, let's return the default mappings. + if runtime.GOOS == "windows" { + return defaultFirstID, defaultLen, nil + } + _, err := user.Lookup(kubeletUser) if err != nil { var unknownUserErr user.UnknownUserError From 4c652757ade6ca7436b11aa927030f9c3200ca96 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 13 Mar 2025 19:50:24 +0100 Subject: [PATCH 08/14] pkg/kubelet/userns: Provide stub implementation for windows Signed-off-by: Rodrigo Campos --- pkg/kubelet/userns/types.go | 29 +++++++++++ pkg/kubelet/userns/userns_manager.go | 11 ++-- .../userns/userns_manager_disabled_test.go | 3 ++ .../userns/userns_manager_switch_test.go | 3 ++ pkg/kubelet/userns/userns_manager_test.go | 3 ++ pkg/kubelet/userns/userns_manager_windows.go | 50 +++++++++++++++++++ 6 files changed, 91 insertions(+), 8 deletions(-) create mode 100644 pkg/kubelet/userns/types.go create mode 100644 pkg/kubelet/userns/userns_manager_windows.go diff --git a/pkg/kubelet/userns/types.go b/pkg/kubelet/userns/types.go new file mode 100644 index 0000000000000..a0422d0042c92 --- /dev/null +++ b/pkg/kubelet/userns/types.go @@ -0,0 +1,29 @@ +/* +Copyright 2025 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package userns + +import "k8s.io/apimachinery/pkg/types" + +// Here go types that are common for all supported OS (windows, linux). + +type userNsPodsManager interface { + HandlerSupportsUserNamespaces(runtimeHandler string) (bool, error) + GetPodDir(podUID types.UID) string + ListPodsFromDisk() ([]types.UID, error) + GetKubeletMappings() (uint32, uint32, error) + GetMaxPods() int +} diff --git a/pkg/kubelet/userns/userns_manager.go b/pkg/kubelet/userns/userns_manager.go index 73167783297f9..fa528b3f8fb5a 100644 --- a/pkg/kubelet/userns/userns_manager.go +++ b/pkg/kubelet/userns/userns_manager.go @@ -1,3 +1,6 @@ +//go:build !windows +// +build !windows + /* Copyright 2022 The Kubernetes Authors. @@ -43,14 +46,6 @@ const userNsLength = (1 << 16) // since Go maps never free memory. const mapReInitializeThreshold = 1000 -type userNsPodsManager interface { - HandlerSupportsUserNamespaces(runtimeHandler string) (bool, error) - GetPodDir(podUID types.UID) string - ListPodsFromDisk() ([]types.UID, error) - GetKubeletMappings() (uint32, uint32, error) - GetMaxPods() int -} - type UsernsManager struct { used *allocator.AllocationBitmap usedBy map[types.UID]uint32 // Map pod.UID to range used diff --git a/pkg/kubelet/userns/userns_manager_disabled_test.go b/pkg/kubelet/userns/userns_manager_disabled_test.go index 5d97233e3d18a..a4099d0a79dc4 100644 --- a/pkg/kubelet/userns/userns_manager_disabled_test.go +++ b/pkg/kubelet/userns/userns_manager_disabled_test.go @@ -1,3 +1,6 @@ +//go:build !windows +// +build !windows + /* Copyright 2022 The Kubernetes Authors. diff --git a/pkg/kubelet/userns/userns_manager_switch_test.go b/pkg/kubelet/userns/userns_manager_switch_test.go index 9ce59971fb422..233b5c7fab32d 100644 --- a/pkg/kubelet/userns/userns_manager_switch_test.go +++ b/pkg/kubelet/userns/userns_manager_switch_test.go @@ -1,3 +1,6 @@ +//go:build !windows +// +build !windows + /* Copyright 2024 The Kubernetes Authors. diff --git a/pkg/kubelet/userns/userns_manager_test.go b/pkg/kubelet/userns/userns_manager_test.go index 6aa497b6c5a42..1631b23af052d 100644 --- a/pkg/kubelet/userns/userns_manager_test.go +++ b/pkg/kubelet/userns/userns_manager_test.go @@ -1,3 +1,6 @@ +//go:build !windows +// +build !windows + /* Copyright 2022 The Kubernetes Authors. diff --git a/pkg/kubelet/userns/userns_manager_windows.go b/pkg/kubelet/userns/userns_manager_windows.go new file mode 100644 index 0000000000000..bc40b7187987f --- /dev/null +++ b/pkg/kubelet/userns/userns_manager_windows.go @@ -0,0 +1,50 @@ +/* +Copyright 2025 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package userns + +import ( + v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" + runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1" + kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" +) + +type UsernsManager struct{} + +func MakeUserNsManager(kl userNsPodsManager) (*UsernsManager, error) { + return nil, nil +} + +// Release releases the user namespace allocated to the specified pod. +func (m *UsernsManager) Release(podUID types.UID) { + return +} + +func (m *UsernsManager) GetOrCreateUserNamespaceMappings(pod *v1.Pod, runtimeHandler string) (*runtimeapi.UserNamespace, error) { + return nil, nil +} + +// CleanupOrphanedPodUsernsAllocations reconciliates the state of user namespace +// allocations with the pods actually running. It frees any user namespace +// allocation for orphaned pods. +func (m *UsernsManager) CleanupOrphanedPodUsernsAllocations(pods []*v1.Pod, runningPods []*kubecontainer.Pod) error { + return nil +} + +func EnabledUserNamespacesSupport() bool { + return false +} From 2e0622bf234cc69027e29bc6431b19ee6d7a0cc1 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 13 Mar 2025 19:51:14 +0100 Subject: [PATCH 09/14] pkg/kubelet/userns: Wrap error to get mappings I needed to wrap the error for debugging, let's just keep this as it is useful. Signed-off-by: Rodrigo Campos --- pkg/kubelet/userns/userns_manager.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/kubelet/userns/userns_manager.go b/pkg/kubelet/userns/userns_manager.go index fa528b3f8fb5a..37528b94003c0 100644 --- a/pkg/kubelet/userns/userns_manager.go +++ b/pkg/kubelet/userns/userns_manager.go @@ -127,7 +127,7 @@ func (m *UsernsManager) readMappingsFromFile(pod types.UID) ([]byte, error) { func MakeUserNsManager(kl userNsPodsManager) (*UsernsManager, error) { kubeletMappingID, kubeletMappingLen, err := kl.GetKubeletMappings() if err != nil { - return nil, err + return nil, fmt.Errorf("kubelet mappings: %w", err) } if kubeletMappingID%userNsLength != 0 { From c9dbae7d069be1d5f73dfc743974a5038ec85a59 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 13 Mar 2025 21:22:42 +0100 Subject: [PATCH 10/14] pkg/kubelet/userns: Remove skip on windows We don't build these tests for Windows, let's remove this skip. We should have never added that skip, we should have skipped the entire suite on Windows. Signed-off-by: Rodrigo Campos --- pkg/kubelet/userns/userns_manager_test.go | 7 ------- 1 file changed, 7 deletions(-) diff --git a/pkg/kubelet/userns/userns_manager_test.go b/pkg/kubelet/userns/userns_manager_test.go index 1631b23af052d..0e6938c737e60 100644 --- a/pkg/kubelet/userns/userns_manager_test.go +++ b/pkg/kubelet/userns/userns_manager_test.go @@ -23,7 +23,6 @@ import ( "errors" "fmt" "os" - goruntime "runtime" "testing" "github.com/stretchr/testify/assert" @@ -292,7 +291,6 @@ func TestGetOrCreateUserNamespaceMappings(t *testing.T) { runtimeUserns bool runtimeHandler string success bool - skipOnWindows bool }{ { name: "no user namespace", @@ -326,7 +324,6 @@ func TestGetOrCreateUserNamespaceMappings(t *testing.T) { expMode: runtimeapi.NamespaceMode_POD, runtimeUserns: true, success: true, - skipOnWindows: true, }, { name: "user namespace, but no runtime support", @@ -351,10 +348,6 @@ func TestGetOrCreateUserNamespaceMappings(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - if tc.skipOnWindows && goruntime.GOOS == "windows" { - // TODO: remove skip once the failing test has been fixed. - t.Skip("Skip failing test on Windows.") - } // These tests will create the userns file, so use an existing podDir. testUserNsPodsManager := &testUserNsPodsManager{ podDir: t.TempDir(), From d67d7edfa18a5a4a49a6206c6798df272cea1ffa Mon Sep 17 00:00:00 2001 From: Carlos Panato Date: Fri, 23 May 2025 09:21:25 -0400 Subject: [PATCH 11/14] Bump images, dependencies and versions to go 1.23.9 and distroless iptables Signed-off-by: Carlos Panato --- .go-version | 2 +- build/build-image/cross/VERSION | 2 +- build/common.sh | 4 ++-- build/dependencies.yaml | 8 ++++---- staging/publishing/rules.yaml | 2 +- test/images/Makefile | 2 +- test/utils/image/manifest.go | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.go-version b/.go-version index 82bfa5ce3fc25..63f23d2af5599 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.23.8 +1.23.9 diff --git a/build/build-image/cross/VERSION b/build/build-image/cross/VERSION index 25131e83431b4..79a3f6b3f7e79 100644 --- a/build/build-image/cross/VERSION +++ b/build/build-image/cross/VERSION @@ -1 +1 @@ -v1.31.0-go1.23.8-bullseye.0 +v1.31.0-go1.23.9-bullseye.0 diff --git a/build/common.sh b/build/common.sh index 7047758a8f669..c537c09ae10ba 100755 --- a/build/common.sh +++ b/build/common.sh @@ -97,8 +97,8 @@ readonly KUBE_RSYNC_PORT="${KUBE_RSYNC_PORT:-}" readonly KUBE_CONTAINER_RSYNC_PORT=8730 # These are the default versions (image tags) for their respective base images. -readonly __default_distroless_iptables_version=v0.5.13 -readonly __default_go_runner_version=v2.4.0-go1.23.8-bookworm.0 +readonly __default_distroless_iptables_version=v0.6.10 +readonly __default_go_runner_version=v2.4.0-go1.23.9-bookworm.0 readonly __default_setcap_version=bookworm-v1.0.3 # These are the base images for the Docker-wrapped binaries. diff --git a/build/dependencies.yaml b/build/dependencies.yaml index 7540dd327009a..a4578d454c2d4 100644 --- a/build/dependencies.yaml +++ b/build/dependencies.yaml @@ -116,7 +116,7 @@ dependencies: # Golang - name: "golang: upstream version" - version: 1.23.8 + version: 1.23.9 refPaths: - path: .go-version - path: build/build-image/cross/VERSION @@ -139,7 +139,7 @@ dependencies: # match: minimum_go_version=go([0-9]+\.[0-9]+) - name: "registry.k8s.io/kube-cross: dependents" - version: v1.31.0-go1.23.8-bullseye.0 + version: v1.31.0-go1.23.9-bullseye.0 refPaths: - path: build/build-image/cross/VERSION @@ -177,7 +177,7 @@ dependencies: match: registry\.k8s\.io\/build-image\/debian-base:[a-zA-Z]+\-v((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?) - name: "registry.k8s.io/distroless-iptables: dependents" - version: v0.5.13 + version: v0.6.10 refPaths: - path: build/common.sh match: __default_distroless_iptables_version= @@ -185,7 +185,7 @@ dependencies: match: configs\[DistrolessIptables\] = Config{list\.BuildImageRegistry, "distroless-iptables", "v([0-9]+)\.([0-9]+)\.([0-9]+)"} - name: "registry.k8s.io/go-runner: dependents" - version: v2.4.0-go1.23.8-bookworm.0 + version: v2.4.0-go1.23.9-bookworm.0 refPaths: - path: build/common.sh match: __default_go_runner_version= diff --git a/staging/publishing/rules.yaml b/staging/publishing/rules.yaml index 6eac7292e0db9..721734755d879 100644 --- a/staging/publishing/rules.yaml +++ b/staging/publishing/rules.yaml @@ -2898,4 +2898,4 @@ rules: - staging/src/k8s.io/endpointslice recursive-delete-patterns: - '*/.gitattributes' -default-go-version: 1.23.8 +default-go-version: 1.23.9 diff --git a/test/images/Makefile b/test/images/Makefile index 65910b90e4af8..48ce2c4ad358b 100644 --- a/test/images/Makefile +++ b/test/images/Makefile @@ -16,7 +16,7 @@ REGISTRY ?= registry.k8s.io/e2e-test-images GOARM ?= 7 DOCKER_CERT_BASE_PATH ?= QEMUVERSION=v5.1.0-2 -GOLANG_VERSION=1.23.8 +GOLANG_VERSION=1.23.9 export ifndef WHAT diff --git a/test/utils/image/manifest.go b/test/utils/image/manifest.go index bfed2923255e0..e9fb96a708a74 100644 --- a/test/utils/image/manifest.go +++ b/test/utils/image/manifest.go @@ -229,7 +229,7 @@ func initImageConfigs(list RegistryList) (map[ImageID]Config, map[ImageID]Config configs[BusyBox] = Config{list.PromoterE2eRegistry, "busybox", "1.36.1-1"} configs[CudaVectorAdd] = Config{list.PromoterE2eRegistry, "cuda-vector-add", "1.0"} configs[CudaVectorAdd2] = Config{list.PromoterE2eRegistry, "cuda-vector-add", "2.3"} - configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.5.13"} + configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.6.10"} configs[Etcd] = Config{list.GcEtcdRegistry, "etcd", "3.5.15-0"} configs[Httpd] = Config{list.PromoterE2eRegistry, "httpd", "2.4.38-4"} configs[HttpdNew] = Config{list.PromoterE2eRegistry, "httpd", "2.4.39-4"} From 262df1aaccd51b6634bdd0ddc5b8babf2a633ea1 Mon Sep 17 00:00:00 2001 From: Carlos Panato Date: Wed, 11 Jun 2025 08:30:46 +0200 Subject: [PATCH 12/14] Bump images, dependencies and versions to go 1.23.10 and distroless iptables Signed-off-by: Carlos Panato --- .go-version | 2 +- build/build-image/cross/VERSION | 2 +- build/common.sh | 4 ++-- build/dependencies.yaml | 8 ++++---- staging/publishing/rules.yaml | 2 +- test/images/Makefile | 2 +- test/utils/image/manifest.go | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.go-version b/.go-version index 63f23d2af5599..b6773170a5f17 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.23.9 +1.23.10 diff --git a/build/build-image/cross/VERSION b/build/build-image/cross/VERSION index 79a3f6b3f7e79..6d86e0f4a236c 100644 --- a/build/build-image/cross/VERSION +++ b/build/build-image/cross/VERSION @@ -1 +1 @@ -v1.31.0-go1.23.9-bullseye.0 +v1.31.0-go1.23.10-bullseye.0 diff --git a/build/common.sh b/build/common.sh index c537c09ae10ba..98c6d309bd0e5 100755 --- a/build/common.sh +++ b/build/common.sh @@ -97,8 +97,8 @@ readonly KUBE_RSYNC_PORT="${KUBE_RSYNC_PORT:-}" readonly KUBE_CONTAINER_RSYNC_PORT=8730 # These are the default versions (image tags) for their respective base images. -readonly __default_distroless_iptables_version=v0.6.10 -readonly __default_go_runner_version=v2.4.0-go1.23.9-bookworm.0 +readonly __default_distroless_iptables_version=v0.6.11 +readonly __default_go_runner_version=v2.4.0-go1.23.10-bookworm.0 readonly __default_setcap_version=bookworm-v1.0.3 # These are the base images for the Docker-wrapped binaries. diff --git a/build/dependencies.yaml b/build/dependencies.yaml index a4578d454c2d4..5accdff482ba1 100644 --- a/build/dependencies.yaml +++ b/build/dependencies.yaml @@ -116,7 +116,7 @@ dependencies: # Golang - name: "golang: upstream version" - version: 1.23.9 + version: 1.23.10 refPaths: - path: .go-version - path: build/build-image/cross/VERSION @@ -139,7 +139,7 @@ dependencies: # match: minimum_go_version=go([0-9]+\.[0-9]+) - name: "registry.k8s.io/kube-cross: dependents" - version: v1.31.0-go1.23.9-bullseye.0 + version: v1.31.0-go1.23.10-bullseye.0 refPaths: - path: build/build-image/cross/VERSION @@ -177,7 +177,7 @@ dependencies: match: registry\.k8s\.io\/build-image\/debian-base:[a-zA-Z]+\-v((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?) - name: "registry.k8s.io/distroless-iptables: dependents" - version: v0.6.10 + version: v0.6.11 refPaths: - path: build/common.sh match: __default_distroless_iptables_version= @@ -185,7 +185,7 @@ dependencies: match: configs\[DistrolessIptables\] = Config{list\.BuildImageRegistry, "distroless-iptables", "v([0-9]+)\.([0-9]+)\.([0-9]+)"} - name: "registry.k8s.io/go-runner: dependents" - version: v2.4.0-go1.23.9-bookworm.0 + version: v2.4.0-go1.23.10-bookworm.0 refPaths: - path: build/common.sh match: __default_go_runner_version= diff --git a/staging/publishing/rules.yaml b/staging/publishing/rules.yaml index 721734755d879..1fa950ad40eb9 100644 --- a/staging/publishing/rules.yaml +++ b/staging/publishing/rules.yaml @@ -2898,4 +2898,4 @@ rules: - staging/src/k8s.io/endpointslice recursive-delete-patterns: - '*/.gitattributes' -default-go-version: 1.23.9 +default-go-version: 1.23.10 diff --git a/test/images/Makefile b/test/images/Makefile index 48ce2c4ad358b..a96a629816aa9 100644 --- a/test/images/Makefile +++ b/test/images/Makefile @@ -16,7 +16,7 @@ REGISTRY ?= registry.k8s.io/e2e-test-images GOARM ?= 7 DOCKER_CERT_BASE_PATH ?= QEMUVERSION=v5.1.0-2 -GOLANG_VERSION=1.23.9 +GOLANG_VERSION=1.23.10 export ifndef WHAT diff --git a/test/utils/image/manifest.go b/test/utils/image/manifest.go index e9fb96a708a74..eafaa37c2b0d2 100644 --- a/test/utils/image/manifest.go +++ b/test/utils/image/manifest.go @@ -229,7 +229,7 @@ func initImageConfigs(list RegistryList) (map[ImageID]Config, map[ImageID]Config configs[BusyBox] = Config{list.PromoterE2eRegistry, "busybox", "1.36.1-1"} configs[CudaVectorAdd] = Config{list.PromoterE2eRegistry, "cuda-vector-add", "1.0"} configs[CudaVectorAdd2] = Config{list.PromoterE2eRegistry, "cuda-vector-add", "2.3"} - configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.6.10"} + configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.6.11"} configs[Etcd] = Config{list.GcEtcdRegistry, "etcd", "3.5.15-0"} configs[Httpd] = Config{list.PromoterE2eRegistry, "httpd", "2.4.38-4"} configs[HttpdNew] = Config{list.PromoterE2eRegistry, "httpd", "2.4.39-4"} From 61183587c03f420214aac57f81dc0ecb43e1b0d6 Mon Sep 17 00:00:00 2001 From: Kubernetes Release Robot Date: Tue, 17 Jun 2025 18:33:34 +0000 Subject: [PATCH 13/14] Release commit for Kubernetes v1.31.10 From c0e67777c9a2dc48e8577b50b59fe18474e23983 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20K=C5=99epinsk=C3=BD?= Date: Thu, 26 Jun 2025 20:28:11 +0200 Subject: [PATCH 14/14] UPSTREAM: : hack/update-vendor.sh, make update and update image --- openshift-hack/images/hyperkube/Dockerfile.rhel | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openshift-hack/images/hyperkube/Dockerfile.rhel b/openshift-hack/images/hyperkube/Dockerfile.rhel index fea5ffc2041f7..d29df10228c2e 100644 --- a/openshift-hack/images/hyperkube/Dockerfile.rhel +++ b/openshift-hack/images/hyperkube/Dockerfile.rhel @@ -14,4 +14,4 @@ COPY --from=builder /tmp/build/* /usr/bin/ LABEL io.k8s.display-name="OpenShift Kubernetes Server Commands" \ io.k8s.description="OpenShift is a platform for developing, building, and deploying containerized applications." \ io.openshift.tags="openshift,hyperkube" \ - io.openshift.build.versions="kubernetes=1.31.9" + io.openshift.build.versions="kubernetes=1.31.10"