From aa5ee67244f117bdbbffc56ba88b9be2d661408b Mon Sep 17 00:00:00 2001 From: Evgeny Slutsky Date: Thu, 2 Apr 2026 11:51:37 +0200 Subject: [PATCH 01/11] update last_rebase.sh --- scripts/auto-rebase/last_rebase.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index e241229ab9..8cddc768b7 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.22.0-0.nightly-2026-03-29-173136" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.22.0-0.nightly-arm64-2026-03-31-033117" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.22.0-0.nightly-2026-04-01-151631" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.22.0-0.nightly-arm64-2026-04-02-033117" From 08b96e0759e1932401ce7a5ce6fcd3e701ef94b4 Mon Sep 17 00:00:00 2001 From: Evgeny Slutsky Date: Thu, 2 Apr 2026 11:51:38 +0200 Subject: [PATCH 02/11] update changelog --- scripts/auto-rebase/changelog.txt | 142 +++++++++++++++++++++++++++++- scripts/auto-rebase/commits.txt | 32 +++---- 2 files changed, 156 insertions(+), 18 deletions(-) diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index 852d45a2e9..d4b3c53473 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,4 +1,100 @@ -- ovn-kubernetes image-arm64 cca0923d6f0ea9d09e77a8085d83a32e35055af0 to ee514f9f66a328f4dd4b583709a8e411b515fa5f +- api embedded-component 1e7cd4b531e7ce17efdb1d541013e0c55362bfa5 to 80fcf457ee87d9a81075bcc4e6deac506448195f + - 13f1241f 2026-03-30T05:58:11-04:00 Add ConfidentialCluster to the feature gate + - 77316367 2026-03-27T15:41:06Z Add OCP 4.15 (K8s 1.28) envtest release + - 76aebe7f 2026-03-27T10:04:00-04:00 Added new feature gate VSphereMultiVCenterDay2 + - c67875d7 2026-03-24T00:17:28-04:00 Promote AzureClusterHostedDNS to default + - ff9d1de3 2026-03-20T11:59:51Z Add OCP 4.16 (K8s 1.29) envtest release + +- cluster-ingress-operator embedded-component dde7a93953d8b82faf492b759cc48763645b7039 to dfec6c028e2d4eaf7dd161cdc0e75740894df421 + - d1de5cb 2026-03-31T12:47:25-04:00 add a commment to why BTLS test is skipped + - 5f91d10 2026-03-31T12:31:40-04:00 remove BTLS test + - 6895ca2 2026-03-31T11:03:44-04:00 Update conformance script version + - 2bfa9f7 2026-03-31T11:03:44-04:00 Bump to OSSM 3.3.1 and Istio v1.28.5 + - b1bbbb7 2026-03-30T09:09:56-04:00 Remove SetImageDefaults that overrode CSV image SHAs + - 43c978a 2026-03-30T09:09:53-04:00 NE-2519: Move Sail Library to official release branch + - 6b6d84c 2026-03-27T12:10:43-04:00 Implement configurationManagement API + - 5374dab 2026-03-27T12:06:37-04:00 Bump openshift/api for configurationManagement API + - b088953 2026-03-26T16:15:23-04:00 OCPBUGS-79667: Use feature-gate annotation for Sail Library RBAC + - 9fe57a5 2026-03-26T11:48:51-04:00 fix(log): Add INFO logs alongside event recorder calls + - 6d2c6c8 2026-03-25T12:00:58-04:00 OCPBUGS-79467: Change default log level from DEBUG to INFO + - 7e92761 2026-03-16T21:00:19+01:00 OCPBUGS-78541: Move TestIngressControllerCustomEndpoints to run last + +- cluster-kube-apiserver-operator embedded-component ece488fe8612a58b95add127413a2c6f33210445 to de2a3ebcb3ceea0ea411a6fbb9b5b52c18c27e06 + - 697f4d8 2026-04-01T12:35:57+05:30 update bouncpod functions + - 22d6e51 2026-04-01T08:28:56+05:30 update feedback + - 31f9a8f 2026-03-31T10:48:22+05:30 Fix TestBoundTokenOperatorSecretDeletion stability and monitor failures + - 03dbc35 2026-03-11T10:47:18Z Restart operator when TLS config changes + +- cluster-network-operator embedded-component 5ce0f713f24815bc508207b265d4a44d9c11a2d2 to 594de43f4f1567e5ce55be2eff7c0cf28d1e09e7 + - 067feb9 2026-03-20T09:40:14+01:00 Fix ManagementState being reset on operator restart + +- kubernetes embedded-component 2b19898a979eb1ff0cd87ec5d49106e555e70ce6 to 9193b12ab88e006723c8605bea1659bfcbe7d638 + - 429a52821 2026-03-27T14:29:55-04:00 UPSTREAM: : Register OpenShift cloud providers in k8s-tests-ext + - 39a9d96ad 2026-03-20T17:46:12-04:00 UPSTREAM: : hack/update-vendor.sh, make update and update image + - 78f7230b0 2026-03-20T15:17:52+01:00 UPSTREAM: 137926: KEP-961: demote maxUnavailable feature in statefulset to off by default + - 6c1cd99ae 2026-03-18T18:30:07Z Release commit for Kubernetes v1.35.3 + - b57e146ae 2026-03-09T10:14:05-04:00 cmd/kubeadm: ignore EINVAL error during unmount + - af6488c9d 2026-03-04T18:02:34+05:30 Use localhost image reference in PodObservedGenerationTracking test + - 61003ad14 2026-03-03T14:33:21-08:00 drop publishing rules from dependencies.yaml on release branch + - b9be60a8c 2026-03-03T16:21:08+05:30 start scheduler after creating binding/non-binding slices + - 659d489e8 2026-03-03T16:21:08+05:30 dra: stabilize DeviceBindingConditions BasicFlow by creating without-binding slice first + - 02115b6ee 2026-02-26T20:14:22Z Update CHANGELOG/CHANGELOG-1.35.md for v1.35.2 + - 1c0c911c3 2026-02-26T10:28:59Z kubeadm: do not add learner member to etcd client endpoints + - d05c50653 2026-02-16T15:29:03+05:30 Fix flake TestDeviceTaintRule test by adjusting event hanlder status update logic Co-authored-by: Pohly + - 2371267d2 2026-02-10T15:18:30-08:00 add dockerized go cache to `make clean` + - bd3999173 2026-02-10T10:07:55+01:00 fake client-go: un-deprecate NewSimpleClientset + - 0a9d14b01 2026-01-21T18:32:52+05:30 Fix flaky TestApplyCRDuringCRDFinalization test + +- machine-config-operator embedded-component 540dfc0e51cd7324d8860b53a50b1b19e23e1aaf to 39ca98383d9b1aedf6147f9ff89e69b5a23541be + - 52ce5d6e 2026-03-30T13:19:07-04:00 operator: add skew doc links + - 162428e6 2026-03-30T15:13:20+05:30 reuse the func + - 83659461 2026-03-26T11:08:10Z NO-ISSUE: In extended tests, disable Skew when disabling the bootimages update + - afe3c608 2026-03-26T15:26:20+05:30 refactor: extract helper functions for PinnedImageSet test (OCP-88378) + - 7d41f94e 2026-03-26T12:24:51+05:30 duplicate images within a single PinnedImageSet (same image listed twice in the pinnedImages array) + - 69f31d0f 2026-03-23T12:18:23+05:30 test: add OCP-88378 Deleting a PinnedImageSet does not affect images pinned by another PinnedImageSet + +- operator-framework-olm embedded-component 3a864ce8343abf8877d7e20b0f5cff08d9e156f9 to 438f0e600e4ae75c8b7854afba5be963061eb2a1 + - 26c54c87 2026-03-31T10:42:47+02:00 UPSTREAM: : Add pedjak and fgiudici as reviewers + - 8abbc327 2026-03-29T00:09:49Z Bump the k8s-dependencies group with 4 updates (#482) + - a5ea82ce 2026-03-29T00:09:08Z Bump google.golang.org/grpc from 1.78.0 to 1.79.3 (#481) + - 0e595339 2026-03-29T00:08:55Z Bump sigs.k8s.io/controller-runtime in the k8s-dependencies group (#480) + - 22670f68 2026-03-29T00:08:41Z Bump the k8s-dependencies group with 4 updates (#479) + - 21327766 2026-03-29T00:08:23Z Bump codecov/codecov-action from 5 to 6 (#1941) + - dab356b9 2026-03-29T00:08:08Z Bump github.com/operator-framework/api from 0.41.0 to 0.42.0 (#1940) + - 44de9cef 2026-03-29T00:07:52Z render package-level info from channel head in semver template (#1933) + - 114e8933 2026-03-29T00:07:35Z Bump github.com/docker/cli (#1939) + - fa03ec8e 2026-03-29T00:07:19Z Bump github.com/grpc-ecosystem/grpc-health-probe from 0.4.46 to 0.4.47 (#1937) + - ce8abe8a 2026-03-29T00:07:03Z Bump the k8s-dependencies group with 4 updates (#1936) + - 1f861d7f 2026-03-29T00:06:46Z Bump google.golang.org/grpc from 1.79.2 to 1.79.3 (#1935) + - a494f856 2026-03-29T00:06:30Z Bump github.com/mattn/go-sqlite3 from 1.14.34 to 1.14.37 (#1934) + - 2c8e7a36 2026-03-29T00:06:15Z chore(lint): Upgrade golanglint from v2.7.2 to v2.8.0 and fix lint issues" (#1898) + - db577836 2026-03-29T00:06:00Z Bump the golang-x-deps group with 2 updates (#1932) + - 1701c434 2026-03-29T00:05:45Z Bump google.golang.org/grpc from 1.79.1 to 1.79.2 (#1930) + - 12352445 2026-03-29T00:05:30Z Bump github.com/grpc-ecosystem/grpc-health-probe from 0.4.45 to 0.4.46 (#1929) + - dc43e19e 2026-03-29T00:05:14Z Bump the golang-x-deps group with 2 updates (#1928) + - 975835e0 2026-03-29T00:04:59Z Bump docker/setup-buildx-action from 3 to 4 (#1927) + - 5bed99d5 2026-03-29T00:04:44Z Bump github.com/docker/cli (#1926) + - 2cdb1b90 2026-03-29T00:04:29Z Bump sigs.k8s.io/controller-runtime in the k8s-dependencies group (#1925) + - 1239ec3c 2026-03-29T00:04:14Z Bump docker/login-action from 3 to 4 (#1924) + - 68780955 2026-03-29T00:03:58Z Bump docker/setup-qemu-action from 3 to 4 (#1923) + - 60eb57b6 2026-03-29T00:03:42Z Bump the k8s-dependencies group with 4 updates (#1922) + - b30a6661 2026-03-29T00:03:24Z Update o-f/api and o-f/operator-registry dependencies (#3804) + - 5feab6f0 2026-03-29T00:03:06Z Migrate from klog v1 to klog/v2 v2.140.0 and honor stderrthreshold (#3801) + - c592d5ea 2026-03-29T00:02:51Z 🌱 Bump the k8s-dependencies group with 8 updates (#3802) + - 083fd342 2026-03-29T00:02:30Z :seedling: Bump google.golang.org/grpc from 1.79.2 to 1.79.3 (#3799) + +- service-ca-operator embedded-component dda95b7cb4e6810b5f604599d99c64af6c2d56cf to 951ea66067b4d69c868470e26a5a1a9f689be23e + - 8fe334e 2026-03-26T14:07:11-04:00 vendor: update + - e4f58c5 2026-03-26T14:07:11-04:00 bindata: replace `go-bindata` with `embed.FS` + +- oc image-amd64 c268e49f1f3b68b830472e2244f0aeef2cca9d2c to 12f8fce897cae737720309a894dac856d221485e + - b7c53a30 2026-03-30T15:31:21+02:00 claude: Turn pr-review skill into code-reviewer agent + - d10aa258 2026-03-23T11:41:30+01:00 must-gather: Handle signals properly + +- router image-amd64 235e224fe1acd6626f70bb4a21289d0f5173246a to 896390778ebe15f57f87e6ca78f11c96e64c2652 + - 8997b3d 2026-03-27T19:55:43Z Add support for configurable SSL curves in HAProxy configuration + +- ovn-kubernetes image-amd64 cca0923d6f0ea9d09e77a8085d83a32e35055af0 to ee514f9f66a328f4dd4b583709a8e411b515fa5f - 979d3db2 2026-03-25T22:24:14-07:00 openshift: update module path and deps for upstream package rename - e2237ef1 2026-03-25T17:33:01-07:00 services,node,cni: update OCP hack imports for module rename - c24c2e38 2026-03-25T17:32:24-07:00 services: resolve merge conflict in lb_config.go @@ -185,7 +281,49 @@ - be75e912 2026-02-20T12:25:22-08:00 e2e: add e2e test for multiple attachments to the same localnet NAD - 88b276ba 2026-02-20T12:01:35-08:00 support multiple interfaces on the same localnet network -- service-ca-operator image-arm64 dda95b7cb4e6810b5f604599d99c64af6c2d56cf to 951ea66067b4d69c868470e26a5a1a9f689be23e +- kubernetes image-amd64 2b19898a979eb1ff0cd87ec5d49106e555e70ce6 to 9193b12ab88e006723c8605bea1659bfcbe7d638 + - 429a52821 2026-03-27T14:29:55-04:00 UPSTREAM: : Register OpenShift cloud providers in k8s-tests-ext + - 39a9d96ad 2026-03-20T17:46:12-04:00 UPSTREAM: : hack/update-vendor.sh, make update and update image + - 78f7230b0 2026-03-20T15:17:52+01:00 UPSTREAM: 137926: KEP-961: demote maxUnavailable feature in statefulset to off by default + - 6c1cd99ae 2026-03-18T18:30:07Z Release commit for Kubernetes v1.35.3 + - b57e146ae 2026-03-09T10:14:05-04:00 cmd/kubeadm: ignore EINVAL error during unmount + - af6488c9d 2026-03-04T18:02:34+05:30 Use localhost image reference in PodObservedGenerationTracking test + - 61003ad14 2026-03-03T14:33:21-08:00 drop publishing rules from dependencies.yaml on release branch + - b9be60a8c 2026-03-03T16:21:08+05:30 start scheduler after creating binding/non-binding slices + - 659d489e8 2026-03-03T16:21:08+05:30 dra: stabilize DeviceBindingConditions BasicFlow by creating without-binding slice first + - 02115b6ee 2026-02-26T20:14:22Z Update CHANGELOG/CHANGELOG-1.35.md for v1.35.2 + - 1c0c911c3 2026-02-26T10:28:59Z kubeadm: do not add learner member to etcd client endpoints + - d05c50653 2026-02-16T15:29:03+05:30 Fix flake TestDeviceTaintRule test by adjusting event hanlder status update logic Co-authored-by: Pohly + - 2371267d2 2026-02-10T15:18:30-08:00 add dockerized go cache to `make clean` + - bd3999173 2026-02-10T10:07:55+01:00 fake client-go: un-deprecate NewSimpleClientset + - 0a9d14b01 2026-01-21T18:32:52+05:30 Fix flaky TestApplyCRDuringCRDFinalization test + +- service-ca-operator image-amd64 dda95b7cb4e6810b5f604599d99c64af6c2d56cf to 951ea66067b4d69c868470e26a5a1a9f689be23e - 8fe334e 2026-03-26T14:07:11-04:00 vendor: update - e4f58c5 2026-03-26T14:07:11-04:00 bindata: replace `go-bindata` with `embed.FS` +- oc image-arm64 c268e49f1f3b68b830472e2244f0aeef2cca9d2c to f835dae3a861b593c4dd8b688394a61614dd6663 + - b2332831 2026-03-31T14:21:43-04:00 NO-ISSUE: recover the context in upgrade + - b7c53a30 2026-03-30T15:31:21+02:00 claude: Turn pr-review skill into code-reviewer agent + - d10aa258 2026-03-23T11:41:30+01:00 must-gather: Handle signals properly + +- router image-arm64 235e224fe1acd6626f70bb4a21289d0f5173246a to 896390778ebe15f57f87e6ca78f11c96e64c2652 + - 8997b3d 2026-03-27T19:55:43Z Add support for configurable SSL curves in HAProxy configuration + +- kubernetes image-arm64 2b19898a979eb1ff0cd87ec5d49106e555e70ce6 to 9193b12ab88e006723c8605bea1659bfcbe7d638 + - 429a52821 2026-03-27T14:29:55-04:00 UPSTREAM: : Register OpenShift cloud providers in k8s-tests-ext + - 39a9d96ad 2026-03-20T17:46:12-04:00 UPSTREAM: : hack/update-vendor.sh, make update and update image + - 78f7230b0 2026-03-20T15:17:52+01:00 UPSTREAM: 137926: KEP-961: demote maxUnavailable feature in statefulset to off by default + - 6c1cd99ae 2026-03-18T18:30:07Z Release commit for Kubernetes v1.35.3 + - b57e146ae 2026-03-09T10:14:05-04:00 cmd/kubeadm: ignore EINVAL error during unmount + - af6488c9d 2026-03-04T18:02:34+05:30 Use localhost image reference in PodObservedGenerationTracking test + - 61003ad14 2026-03-03T14:33:21-08:00 drop publishing rules from dependencies.yaml on release branch + - b9be60a8c 2026-03-03T16:21:08+05:30 start scheduler after creating binding/non-binding slices + - 659d489e8 2026-03-03T16:21:08+05:30 dra: stabilize DeviceBindingConditions BasicFlow by creating without-binding slice first + - 02115b6ee 2026-02-26T20:14:22Z Update CHANGELOG/CHANGELOG-1.35.md for v1.35.2 + - 1c0c911c3 2026-02-26T10:28:59Z kubeadm: do not add learner member to etcd client endpoints + - d05c50653 2026-02-16T15:29:03+05:30 Fix flake TestDeviceTaintRule test by adjusting event hanlder status update logic Co-authored-by: Pohly + - 2371267d2 2026-02-10T15:18:30-08:00 add dockerized go cache to `make clean` + - bd3999173 2026-02-10T10:07:55+01:00 fake client-go: un-deprecate NewSimpleClientset + - 0a9d14b01 2026-01-21T18:32:52+05:30 Fix flaky TestApplyCRDuringCRDFinalization test + diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index 67802b4638..dc8de117f5 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -1,35 +1,35 @@ -https://github.com/openshift/api embedded-component 1e7cd4b531e7ce17efdb1d541013e0c55362bfa5 +https://github.com/openshift/api embedded-component 80fcf457ee87d9a81075bcc4e6deac506448195f https://github.com/openshift/cluster-csi-snapshot-controller-operator embedded-component 98d8223ebe55a0ddc10bb485e7603deb2c0acbb9 https://github.com/openshift/cluster-dns-operator embedded-component 3d2141182243cde1ec6417bd005c76d29aa88a01 -https://github.com/openshift/cluster-ingress-operator embedded-component dde7a93953d8b82faf492b759cc48763645b7039 -https://github.com/openshift/cluster-kube-apiserver-operator embedded-component ece488fe8612a58b95add127413a2c6f33210445 +https://github.com/openshift/cluster-ingress-operator embedded-component dfec6c028e2d4eaf7dd161cdc0e75740894df421 +https://github.com/openshift/cluster-kube-apiserver-operator embedded-component de2a3ebcb3ceea0ea411a6fbb9b5b52c18c27e06 https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component 7df2876085ac1d76ac11bf476c0538876110c9f0 https://github.com/openshift/cluster-kube-scheduler-operator embedded-component ddbfddb8a0c77b03c1d7c994991caa031d99c330 -https://github.com/openshift/cluster-network-operator embedded-component 5ce0f713f24815bc508207b265d4a44d9c11a2d2 +https://github.com/openshift/cluster-network-operator embedded-component 594de43f4f1567e5ce55be2eff7c0cf28d1e09e7 https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component e0d28ec9e1c91b0b72ff66c98f7a3b126f4480ad https://github.com/openshift/cluster-policy-controller embedded-component 44985a1306411101c84dd5081598fc928b432321 https://github.com/openshift/csi-external-snapshotter embedded-component d1bc3ffaa9759c13a06c2ec61c541342e71bd109 https://github.com/openshift/etcd embedded-component d8d67b8ce849f816d6d23c904098336632e2348f -https://github.com/openshift/kubernetes embedded-component 2b19898a979eb1ff0cd87ec5d49106e555e70ce6 +https://github.com/openshift/kubernetes embedded-component 9193b12ab88e006723c8605bea1659bfcbe7d638 https://github.com/openshift/kubernetes-kube-storage-version-migrator embedded-component 72835e43c7754356645e41031f3a99926b4d42e6 -https://github.com/openshift/machine-config-operator embedded-component 540dfc0e51cd7324d8860b53a50b1b19e23e1aaf +https://github.com/openshift/machine-config-operator embedded-component 39ca98383d9b1aedf6147f9ff89e69b5a23541be https://github.com/openshift/openshift-controller-manager embedded-component 26d20feae8892f648f5b06ed3f5492fe6ffb4532 -https://github.com/openshift/operator-framework-olm embedded-component 3a864ce8343abf8877d7e20b0f5cff08d9e156f9 +https://github.com/openshift/operator-framework-olm embedded-component 438f0e600e4ae75c8b7854afba5be963061eb2a1 https://github.com/openshift/route-controller-manager embedded-component 624742d93f3a7885cf7f70985f1e23ff60da580d -https://github.com/openshift/service-ca-operator embedded-component dda95b7cb4e6810b5f604599d99c64af6c2d56cf -https://github.com/openshift/oc image-amd64 c268e49f1f3b68b830472e2244f0aeef2cca9d2c +https://github.com/openshift/service-ca-operator embedded-component 951ea66067b4d69c868470e26a5a1a9f689be23e +https://github.com/openshift/oc image-amd64 12f8fce897cae737720309a894dac856d221485e https://github.com/openshift/coredns image-amd64 0dded2d232dab43c107b1dab9d0d9fdfd8259622 https://github.com/openshift/csi-external-snapshotter image-amd64 d1bc3ffaa9759c13a06c2ec61c541342e71bd109 -https://github.com/openshift/router image-amd64 235e224fe1acd6626f70bb4a21289d0f5173246a +https://github.com/openshift/router image-amd64 896390778ebe15f57f87e6ca78f11c96e64c2652 https://github.com/openshift/kube-rbac-proxy image-amd64 d12e274605248f6c59373240a7eae7a7a357dcb3 -https://github.com/openshift/ovn-kubernetes image-amd64 cca0923d6f0ea9d09e77a8085d83a32e35055af0 -https://github.com/openshift/kubernetes image-amd64 2b19898a979eb1ff0cd87ec5d49106e555e70ce6 -https://github.com/openshift/service-ca-operator image-amd64 dda95b7cb4e6810b5f604599d99c64af6c2d56cf -https://github.com/openshift/oc image-arm64 c268e49f1f3b68b830472e2244f0aeef2cca9d2c +https://github.com/openshift/ovn-kubernetes image-amd64 ee514f9f66a328f4dd4b583709a8e411b515fa5f +https://github.com/openshift/kubernetes image-amd64 9193b12ab88e006723c8605bea1659bfcbe7d638 +https://github.com/openshift/service-ca-operator image-amd64 951ea66067b4d69c868470e26a5a1a9f689be23e +https://github.com/openshift/oc image-arm64 f835dae3a861b593c4dd8b688394a61614dd6663 https://github.com/openshift/coredns image-arm64 0dded2d232dab43c107b1dab9d0d9fdfd8259622 https://github.com/openshift/csi-external-snapshotter image-arm64 d1bc3ffaa9759c13a06c2ec61c541342e71bd109 -https://github.com/openshift/router image-arm64 235e224fe1acd6626f70bb4a21289d0f5173246a +https://github.com/openshift/router image-arm64 896390778ebe15f57f87e6ca78f11c96e64c2652 https://github.com/openshift/kube-rbac-proxy image-arm64 d12e274605248f6c59373240a7eae7a7a357dcb3 https://github.com/openshift/ovn-kubernetes image-arm64 ee514f9f66a328f4dd4b583709a8e411b515fa5f -https://github.com/openshift/kubernetes image-arm64 2b19898a979eb1ff0cd87ec5d49106e555e70ce6 +https://github.com/openshift/kubernetes image-arm64 9193b12ab88e006723c8605bea1659bfcbe7d638 https://github.com/openshift/service-ca-operator image-arm64 951ea66067b4d69c868470e26a5a1a9f689be23e From 96ab81493642dbc979d522bdb364a4f02c91c8df Mon Sep 17 00:00:00 2001 From: Evgeny Slutsky Date: Thu, 2 Apr 2026 11:52:04 +0200 Subject: [PATCH 03/11] update microshift/go.mod --- go.mod | 56 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/go.mod b/go.mod index 2d1e2bd8c9..7ba2a10a32 100644 --- a/go.mod +++ b/go.mod @@ -38,17 +38,17 @@ require ( github.com/prometheus/prometheus v0.302.1 github.com/squat/generic-device-plugin v0.0.0-20251019101956-043a51e18f31 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v1.35.2 - k8s.io/apiextensions-apiserver v1.35.2 - k8s.io/apimachinery v1.35.2 - k8s.io/apiserver v1.35.2 - k8s.io/cli-runtime v1.35.2 - k8s.io/client-go v1.35.2 - k8s.io/cloud-provider v1.35.2 - k8s.io/component-base v1.35.2 - k8s.io/kube-aggregator v1.35.2 - k8s.io/kubectl v1.35.2 - k8s.io/kubelet v1.35.2 + k8s.io/api v1.35.3 + k8s.io/apiextensions-apiserver v1.35.3 + k8s.io/apimachinery v1.35.3 + k8s.io/apiserver v1.35.3 + k8s.io/cli-runtime v1.35.3 + k8s.io/client-go v1.35.3 + k8s.io/cloud-provider v1.35.3 + k8s.io/component-base v1.35.3 + k8s.io/kube-aggregator v1.35.3 + k8s.io/kubectl v1.35.3 + k8s.io/kubelet v1.35.3 k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 sigs.k8s.io/kustomize/api v0.20.1 @@ -171,22 +171,22 @@ require ( gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect - k8s.io/cluster-bootstrap v1.35.2 // indirect - k8s.io/component-helpers v1.35.2 // indirect - k8s.io/controller-manager v1.35.2 // indirect - k8s.io/cri-api v1.35.2 // indirect - k8s.io/cri-client v1.35.2 // indirect - k8s.io/csi-translation-lib v1.35.2 // indirect - k8s.io/dynamic-resource-allocation v1.35.2 // indirect - k8s.io/endpointslice v1.35.2 // indirect - k8s.io/externaljwt v1.35.2 // indirect - k8s.io/kms v1.35.2 // indirect - k8s.io/kube-controller-manager v1.35.2 // indirect - k8s.io/kube-proxy v1.35.2 // indirect - k8s.io/kube-scheduler v1.35.2 // indirect - k8s.io/metrics v1.35.2 // indirect - k8s.io/mount-utils v1.35.2 // indirect - k8s.io/pod-security-admission v1.35.2 // indirect + k8s.io/cluster-bootstrap v1.35.3 // indirect + k8s.io/component-helpers v1.35.3 // indirect + k8s.io/controller-manager v1.35.3 // indirect + k8s.io/cri-api v1.35.3 // indirect + k8s.io/cri-client v1.35.3 // indirect + k8s.io/csi-translation-lib v1.35.3 // indirect + k8s.io/dynamic-resource-allocation v1.35.3 // indirect + k8s.io/endpointslice v1.35.3 // indirect + k8s.io/externaljwt v1.35.3 // indirect + k8s.io/kms v1.35.3 // indirect + k8s.io/kube-controller-manager v1.35.3 // indirect + k8s.io/kube-proxy v1.35.3 // indirect + k8s.io/kube-scheduler v1.35.3 // indirect + k8s.io/metrics v1.35.3 // indirect + k8s.io/mount-utils v1.35.3 // indirect + k8s.io/pod-security-admission v1.35.3 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/randfill v1.0.0 // indirect @@ -226,7 +226,7 @@ require ( google.golang.org/protobuf v1.36.11 // indirect k8s.io/gengo/v2 v2.0.0-20250922181213-ec3ebc5fd46b // indirect k8s.io/klog/v2 v2.140.0 - k8s.io/kubernetes v1.35.2 + k8s.io/kubernetes v1.35.3 ) replace ( From cebc51a9b9c7597026bd05991fef0ab2141d2e7c Mon Sep 17 00:00:00 2001 From: Evgeny Slutsky Date: Thu, 2 Apr 2026 11:52:05 +0200 Subject: [PATCH 04/11] update microshift/deps --- .../kubernetes/CHANGELOG/CHANGELOG-1.35.md | 203 +++++++++++++----- .../openshift/kubernetes/build/common.sh | 3 + .../kubernetes/build/dependencies.yaml | 9 - .../app/cmd/phases/reset/unmount_linux.go | 6 + .../cmd/kubeadm/app/util/etcd/etcd.go | 6 +- .../cmd/k8s-tests-ext/provider.go | 23 ++ .../images/hyperkube/Dockerfile.rhel | 2 +- .../device_taint_eviction.go | 28 ++- .../device_taint_eviction_test.go | 88 +++++--- .../kubernetes/pkg/features/kube_features.go | 2 +- .../versioned/fake/clientset_generated.go | 8 +- .../clientset/fake/clientset_generated.go | 8 +- .../test/integration/finalization_test.go | 43 ++-- .../kubernetes/fake/clientset_generated.go | 8 +- .../fake/generator_fake_for_clientset.go | 8 +- .../versioned/fake/clientset_generated.go | 8 +- .../versioned/fake/clientset_generated.go | 8 +- .../versioned/fake/clientset_generated.go | 4 - .../versioned/fake/clientset_generated.go | 8 +- .../versioned/fake/clientset_generated.go | 8 +- .../clientset/fake/clientset_generated.go | 4 - .../versioned/fake/clientset_generated.go | 4 - .../versioned/fake/clientset_generated.go | 8 +- .../versioned/fake/clientset_generated.go | 4 - .../reference/versioned_feature_list.yaml | 2 +- .../kubernetes/test/e2e/node/pods.go | 2 +- .../dra/binding_conditions_test.go | 2 +- 27 files changed, 339 insertions(+), 168 deletions(-) diff --git a/deps/github.com/openshift/kubernetes/CHANGELOG/CHANGELOG-1.35.md b/deps/github.com/openshift/kubernetes/CHANGELOG/CHANGELOG-1.35.md index 65c8392736..d0a45e27c7 100644 --- a/deps/github.com/openshift/kubernetes/CHANGELOG/CHANGELOG-1.35.md +++ b/deps/github.com/openshift/kubernetes/CHANGELOG/CHANGELOG-1.35.md @@ -1,148 +1,247 @@ -- [v1.35.1](#v1351) - - [Downloads for v1.35.1](#downloads-for-v1351) +- [v1.35.2](#v1352) + - [Downloads for v1.35.2](#downloads-for-v1352) - [Source Code](#source-code) - [Client Binaries](#client-binaries) - [Server Binaries](#server-binaries) - [Node Binaries](#node-binaries) - [Container Images](#container-images) - - [Changelog since v1.35.0](#changelog-since-v1350) + - [Changelog since v1.35.1](#changelog-since-v1351) - [Changes by Kind](#changes-by-kind) - [Feature](#feature) - - [Bug or Regression](#bug-or-regression) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake) - [Dependencies](#dependencies) - [Added](#added) - [Changed](#changed) - [Removed](#removed) -- [v1.35.0](#v1350) - - [Downloads for v1.35.0](#downloads-for-v1350) +- [v1.35.1](#v1351) + - [Downloads for v1.35.1](#downloads-for-v1351) - [Source Code](#source-code-1) - [Client Binaries](#client-binaries-1) - [Server Binaries](#server-binaries-1) - [Node Binaries](#node-binaries-1) - [Container Images](#container-images-1) - - [Changelog since v1.34.0](#changelog-since-v1340) - - [Urgent Upgrade Notes](#urgent-upgrade-notes) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) + - [Changelog since v1.35.0](#changelog-since-v1350) - [Changes by Kind](#changes-by-kind-1) - - [Deprecation](#deprecation) - - [API Change](#api-change) - [Feature](#feature-1) - - [Documentation](#documentation) - - [Bug or Regression](#bug-or-regression-1) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) + - [Bug or Regression](#bug-or-regression) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake) - [Dependencies](#dependencies-1) - [Added](#added-1) - [Changed](#changed-1) - [Removed](#removed-1) -- [v1.35.0-rc.1](#v1350-rc1) - - [Downloads for v1.35.0-rc.1](#downloads-for-v1350-rc1) +- [v1.35.0](#v1350) + - [Downloads for v1.35.0](#downloads-for-v1350) - [Source Code](#source-code-2) - [Client Binaries](#client-binaries-2) - [Server Binaries](#server-binaries-2) - [Node Binaries](#node-binaries-2) - [Container Images](#container-images-2) - - [Changelog since v1.35.0-rc.0](#changelog-since-v1350-rc0) + - [Changelog since v1.34.0](#changelog-since-v1340) + - [Urgent Upgrade Notes](#urgent-upgrade-notes) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) - [Changes by Kind](#changes-by-kind-2) + - [Deprecation](#deprecation) + - [API Change](#api-change) - [Feature](#feature-2) - - [Bug or Regression](#bug-or-regression-2) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) + - [Documentation](#documentation) + - [Bug or Regression](#bug-or-regression-1) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) - [Dependencies](#dependencies-2) - [Added](#added-2) - [Changed](#changed-2) - [Removed](#removed-2) -- [v1.35.0-rc.0](#v1350-rc0) - - [Downloads for v1.35.0-rc.0](#downloads-for-v1350-rc0) +- [v1.35.0-rc.1](#v1350-rc1) + - [Downloads for v1.35.0-rc.1](#downloads-for-v1350-rc1) - [Source Code](#source-code-3) - [Client Binaries](#client-binaries-3) - [Server Binaries](#server-binaries-3) - [Node Binaries](#node-binaries-3) - [Container Images](#container-images-3) - - [Changelog since v1.35.0-beta.0](#changelog-since-v1350-beta0) + - [Changelog since v1.35.0-rc.0](#changelog-since-v1350-rc0) - [Changes by Kind](#changes-by-kind-3) - [Feature](#feature-3) - - [Bug or Regression](#bug-or-regression-3) + - [Bug or Regression](#bug-or-regression-2) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - [Dependencies](#dependencies-3) - [Added](#added-3) - [Changed](#changed-3) - [Removed](#removed-3) -- [v1.35.0-beta.0](#v1350-beta0) - - [Downloads for v1.35.0-beta.0](#downloads-for-v1350-beta0) +- [v1.35.0-rc.0](#v1350-rc0) + - [Downloads for v1.35.0-rc.0](#downloads-for-v1350-rc0) - [Source Code](#source-code-4) - [Client Binaries](#client-binaries-4) - [Server Binaries](#server-binaries-4) - [Node Binaries](#node-binaries-4) - [Container Images](#container-images-4) - - [Changelog since v1.35.0-alpha.3](#changelog-since-v1350-alpha3) + - [Changelog since v1.35.0-beta.0](#changelog-since-v1350-beta0) - [Changes by Kind](#changes-by-kind-4) - - [API Change](#api-change-1) - [Feature](#feature-4) - - [Bug or Regression](#bug-or-regression-4) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) + - [Bug or Regression](#bug-or-regression-3) - [Dependencies](#dependencies-4) - [Added](#added-4) - [Changed](#changed-4) - [Removed](#removed-4) -- [v1.35.0-alpha.3](#v1350-alpha3) - - [Downloads for v1.35.0-alpha.3](#downloads-for-v1350-alpha3) +- [v1.35.0-beta.0](#v1350-beta0) + - [Downloads for v1.35.0-beta.0](#downloads-for-v1350-beta0) - [Source Code](#source-code-5) - [Client Binaries](#client-binaries-5) - [Server Binaries](#server-binaries-5) - [Node Binaries](#node-binaries-5) - [Container Images](#container-images-5) - - [Changelog since v1.35.0-alpha.2](#changelog-since-v1350-alpha2) - - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) + - [Changelog since v1.35.0-alpha.3](#changelog-since-v1350-alpha3) - [Changes by Kind](#changes-by-kind-5) - - [API Change](#api-change-2) + - [API Change](#api-change-1) - [Feature](#feature-5) - - [Bug or Regression](#bug-or-regression-5) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) + - [Bug or Regression](#bug-or-regression-4) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) - [Dependencies](#dependencies-5) - [Added](#added-5) - [Changed](#changed-5) - [Removed](#removed-5) -- [v1.35.0-alpha.2](#v1350-alpha2) - - [Downloads for v1.35.0-alpha.2](#downloads-for-v1350-alpha2) +- [v1.35.0-alpha.3](#v1350-alpha3) + - [Downloads for v1.35.0-alpha.3](#downloads-for-v1350-alpha3) - [Source Code](#source-code-6) - [Client Binaries](#client-binaries-6) - [Server Binaries](#server-binaries-6) - [Node Binaries](#node-binaries-6) - [Container Images](#container-images-6) - - [Changelog since v1.35.0-alpha.1](#changelog-since-v1350-alpha1) + - [Changelog since v1.35.0-alpha.2](#changelog-since-v1350-alpha2) + - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) - [Changes by Kind](#changes-by-kind-6) - - [Deprecation](#deprecation-1) - - [API Change](#api-change-3) + - [API Change](#api-change-2) - [Feature](#feature-6) - - [Documentation](#documentation-1) - - [Bug or Regression](#bug-or-regression-6) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) + - [Bug or Regression](#bug-or-regression-5) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) - [Dependencies](#dependencies-6) - [Added](#added-6) - [Changed](#changed-6) - [Removed](#removed-6) -- [v1.35.0-alpha.1](#v1350-alpha1) - - [Downloads for v1.35.0-alpha.1](#downloads-for-v1350-alpha1) +- [v1.35.0-alpha.2](#v1350-alpha2) + - [Downloads for v1.35.0-alpha.2](#downloads-for-v1350-alpha2) - [Source Code](#source-code-7) - [Client Binaries](#client-binaries-7) - [Server Binaries](#server-binaries-7) - [Node Binaries](#node-binaries-7) - [Container Images](#container-images-7) - - [Changelog since v1.34.0](#changelog-since-v1340-1) + - [Changelog since v1.35.0-alpha.1](#changelog-since-v1350-alpha1) - [Changes by Kind](#changes-by-kind-7) - - [API Change](#api-change-4) + - [Deprecation](#deprecation-1) + - [API Change](#api-change-3) - [Feature](#feature-7) - - [Bug or Regression](#bug-or-regression-7) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) + - [Documentation](#documentation-1) + - [Bug or Regression](#bug-or-regression-6) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) - [Dependencies](#dependencies-7) - [Added](#added-7) - [Changed](#changed-7) - [Removed](#removed-7) +- [v1.35.0-alpha.1](#v1350-alpha1) + - [Downloads for v1.35.0-alpha.1](#downloads-for-v1350-alpha1) + - [Source Code](#source-code-8) + - [Client Binaries](#client-binaries-8) + - [Server Binaries](#server-binaries-8) + - [Node Binaries](#node-binaries-8) + - [Container Images](#container-images-8) + - [Changelog since v1.34.0](#changelog-since-v1340-1) + - [Changes by Kind](#changes-by-kind-8) + - [API Change](#api-change-4) + - [Feature](#feature-8) + - [Bug or Regression](#bug-or-regression-7) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) + - [Dependencies](#dependencies-8) + - [Added](#added-8) + - [Changed](#changed-8) + - [Removed](#removed-8) +# v1.35.2 + + +## Downloads for v1.35.2 + + + +### Source Code + +filename | sha512 hash +-------- | ----------- +[kubernetes.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes.tar.gz) | 0264ce8adcc15926e7a4701f4e25b9dd477d1f9242e05dcfd885d0803951ccafe8ada789961de7ad0e0a2813bca668b717a6c658ba905800dc86acd6da59854b +[kubernetes-src.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-src.tar.gz) | 5489905c35cd35084130613a636423a2743a92d2a76047371398f1530700353c255b88eef99228b210f6a8590c18c2e5d5eb153ea8adc6ef6554e899fcc43f76 + +### Client Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-client-darwin-amd64.tar.gz) | 570d84f1c248d543fe185751d029c6bc2f7a3644f9b7b45e49ca34b29adf7d03b07349f63d6104570a70e04ab68f5f05046bac7b84b9a2770bc52e953d192354 +[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-client-darwin-arm64.tar.gz) | eacc6860b6afecb15d9facdd69d6514c7234404ad7793b6203bb7b5efffbda67aaf2cd0dc0608d2f2debdf8b19e9767c4a9cab4ba2890fc021993a408df6a9d0 +[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-client-linux-386.tar.gz) | a4b447153432fdc21e1c718edbdd763e94c57d786191c74d03172f56f17e141c164eb5586245720c6d48cb831de04200064e29f3efa7a4d3570a09037e020e56 +[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-client-linux-amd64.tar.gz) | c16cad61183e84a8dd6247ba6b163a830dc9490a06e86f452d8406c8d877620688557695f89b70b87672bb4a8922889e8aea8ca8f085f7cf68c1cbee9db63c92 +[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-client-linux-arm.tar.gz) | d3c2e63f752211e3fd86bb0cffd3dbbb2304da2da168fd6ab5e75d28543e7e40ad8472dac631d879f0654d9bf33d2d26f10d5fbd3b7cda8ef33baf5a39f32929 +[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-client-linux-arm64.tar.gz) | 93b001ffeb829b3984270686ad254f395a2c87b0ff9c07a60ed86c47286de721b786983f199d3ea375c87f801d68cc397a8efa4b4d4bd816576102dd0d157fa3 +[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-client-linux-ppc64le.tar.gz) | 33920d2f3bf811a67281190dbe9d6efd7164d8aa4e6a26453330663b6e281ce69b464ed95214d354eee91d8804d7027a020acd84e1436ea8a00828ca0b4a1062 +[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-client-linux-s390x.tar.gz) | e0410769c2a7054eac0f80c620bef093ea01231ed978bbc94688319c19b6d6b107d9a0bdef5d45f987eaa295658aa143bdb833910ba6e84c9d138dd275d7c7a0 +[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-client-windows-386.tar.gz) | 480270e7bb0bf8912b193c6f884e516c6182e64a0e08720992e876f104ee21840ba726dd5ba785bed1c097740ba8414f7f444a028bb1fab4c7a502911c2b4400 +[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-client-windows-amd64.tar.gz) | cfe1f65379dc52628fd6c1b2b75b13a7f1000bf6b9992ad689620157eb783ca8622a94e0b2a13343b05acd561952228956bb5e45411d135af9004717d97de259 +[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-client-windows-arm64.tar.gz) | 13085cb4bf3c99276b4bece38cc17824020ca7708df35ae0d3e81feae01a416794088d36688958b8bbfdd8942c5b15d70dde234e1af4757c75a940818abaf71d + +### Server Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-server-linux-amd64.tar.gz) | 73b7e15267995f488159628f27b1742199de97a673e0728bf9c539a06d9454d3e9725516bf5d6c05cea7d4c8b847fe44fe835d39e0d7eeedc453833918022296 +[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-server-linux-arm64.tar.gz) | 4a8e10c02e3667494bd9d73e5d8ecc30e3015ff3c95c97c68523c2a8cf87f3d735ae7448e172d0125d9692b26254ae4e9a394178b01d83b7d37781e8f0ee2e34 +[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-server-linux-ppc64le.tar.gz) | 962b8d37eef1a267bc42196d7198bb4fa9b87f506b344af8c8a86c7e1480d26dcfa0d78f0c206379d293314d304c94a20218ed44fad763ea7c2667689f79d05b +[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-server-linux-s390x.tar.gz) | 5d283e8d153892d124580aebfb7730d92435e7052ed8679d8f4ba7bdf7f04e4e300e5c8d54d8eb55db650fe1a70bb3e9d1167a4c96acf2c0581148f93238e6ce + +### Node Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-node-linux-amd64.tar.gz) | 499a61b38dbcddb7105a89cac0f63e1d9a08178c051d693a8095de65939deb4e12ff4a11116d69ec69e14da0d929c8344bbb8ea8ad06cc65d749d327ee0c7c55 +[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-node-linux-arm64.tar.gz) | 91cbbb1002d78a5c49a17c3492e8e3f933856e6e008c74ec0853a3183349f4fb7b093b40424df457890989eaf10752a3337dad3a2bf89db7b5fb02978f3ffb7d +[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-node-linux-ppc64le.tar.gz) | 1dcef6733b943b8fd76011c98af680f27249a3d28a663d52c8ddd54f1ac847e068c84d10115683322ce55aed314f2af8f489fed63907d035713f40bb4e5b61a5 +[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-node-linux-s390x.tar.gz) | cab84f226e8cc4d77f4b92c7a768115485705476783aa290606116aa1008dce62918ccda6c153f0ba14487c58c8b3dfffdeb67932e8d5a19d36831404f575cf4 +[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.35.2/kubernetes-node-windows-amd64.tar.gz) | 0b6092275cb6027086909f871f64bac876a22c8d714b50d8250e16fa1d9afbcda32c22bec47f83b99716dcb902e210fc22976e7b8f42b7a7b24e7e9409ef876f + +### Container Images + +All container images are available as manifest lists and support the described +architectures. It is also possible to pull a specific architecture directly by +adding the "-$ARCH" suffix to the container image name. + +name | architectures +---- | ------------- +[registry.k8s.io/conformance:v1.35.2](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-s390x) +[registry.k8s.io/kube-apiserver:v1.35.2](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-s390x) +[registry.k8s.io/kube-controller-manager:v1.35.2](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-s390x) +[registry.k8s.io/kube-proxy:v1.35.2](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-s390x) +[registry.k8s.io/kube-scheduler:v1.35.2](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-s390x) +[registry.k8s.io/kubectl:v1.35.2](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-s390x) + +## Changelog since v1.35.1 + +## Changes by Kind + +### Feature + +- Kubernetes is now built using Go 1.25.7 ([#136985](https://github.com/kubernetes/kubernetes/pull/136985), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] + +## Dependencies + +### Added +_Nothing has changed._ + +### Changed +_Nothing has changed._ + +### Removed +_Nothing has changed._ + + + # v1.35.1 diff --git a/deps/github.com/openshift/kubernetes/build/common.sh b/deps/github.com/openshift/kubernetes/build/common.sh index ebe6d35458..fca3077811 100755 --- a/deps/github.com/openshift/kubernetes/build/common.sh +++ b/deps/github.com/openshift/kubernetes/build/common.sh @@ -348,6 +348,9 @@ function kube::build::clean() { if [[ -d "${LOCAL_OUTPUT_ROOT}/local/go/cache" ]]; then chmod -R +w "${LOCAL_OUTPUT_ROOT}/local/go/cache" fi + if [[ -d "${LOCAL_OUTPUT_ROOT}/dockerized/go/cache" ]]; then + chmod -R +w "${LOCAL_OUTPUT_ROOT}/dockerized/go/cache" + fi rm -rf "${LOCAL_OUTPUT_ROOT}" fi } diff --git a/deps/github.com/openshift/kubernetes/build/dependencies.yaml b/deps/github.com/openshift/kubernetes/build/dependencies.yaml index f048200f01..5db5b3c4da 100644 --- a/deps/github.com/openshift/kubernetes/build/dependencies.yaml +++ b/deps/github.com/openshift/kubernetes/build/dependencies.yaml @@ -114,15 +114,6 @@ dependencies: - path: cluster/images/etcd/Makefile match: 'GOLANG_VERSION := \d+.\d+(alpha|beta|rc)?\.?(\d+)?' - # Golang - # TODO: this should really be eliminated and controlled by .go-version - - name: "golang: upstream version" - version: 1.25.7 - refPaths: - - path: .go-version - - path: staging/publishing/rules.yaml - match: 'default-go-version\: \d+.\d+(alpha|beta|rc)?\.?(\d+)?' - # This should ideally be updated to match the golang version # but we can dynamically fetch go if the base image is out of date. # This allows us to ship go updates more quickly. diff --git a/deps/github.com/openshift/kubernetes/cmd/kubeadm/app/cmd/phases/reset/unmount_linux.go b/deps/github.com/openshift/kubernetes/cmd/kubeadm/app/cmd/phases/reset/unmount_linux.go index dc16209afb..7cab7a6431 100644 --- a/deps/github.com/openshift/kubernetes/cmd/kubeadm/app/cmd/phases/reset/unmount_linux.go +++ b/deps/github.com/openshift/kubernetes/cmd/kubeadm/app/cmd/phases/reset/unmount_linux.go @@ -70,6 +70,12 @@ func unmountKubeletDirectory(kubeletRunDirectory string, flags []string) error { } klog.V(5).Infof("[reset] Unmounting %q", m[1]) if err := syscall.Unmount(m[1], flagsInt); err != nil { + // EINVAL is expected here if a duplicate mount entry + // was already unmounted via its shared peer. + if err == syscall.EINVAL { + klog.Warningf("[reset] Ignoring EINVAL error while unmounting %q", m[1]) + continue + } errList = append(errList, errors.WithMessagef(err, "failed to unmount %q", m[1])) } } diff --git a/deps/github.com/openshift/kubernetes/cmd/kubeadm/app/util/etcd/etcd.go b/deps/github.com/openshift/kubernetes/cmd/kubeadm/app/util/etcd/etcd.go index d89e648a93..3ac966c70b 100644 --- a/deps/github.com/openshift/kubernetes/cmd/kubeadm/app/util/etcd/etcd.go +++ b/deps/github.com/openshift/kubernetes/cmd/kubeadm/app/util/etcd/etcd.go @@ -533,8 +533,10 @@ func (c *Client) addMember(name string, peerAddrs string, isLearner bool) ([]Mem ret = append(ret, Member{Name: memberName, PeerURL: m.PeerURLs[0]}) } - // Add the new member client address to the list of endpoints - c.Endpoints = append(c.Endpoints, GetClientURLByIP(parsedPeerAddrs.Hostname())) + if !isLearner { + // Add the new member client address to the list of endpoints + c.Endpoints = append(c.Endpoints, GetClientURLByIP(parsedPeerAddrs.Hostname())) + } return ret, nil } diff --git a/deps/github.com/openshift/kubernetes/openshift-hack/cmd/k8s-tests-ext/provider.go b/deps/github.com/openshift/kubernetes/openshift-hack/cmd/k8s-tests-ext/provider.go index e64c46fbb7..6de10f937d 100644 --- a/deps/github.com/openshift/kubernetes/openshift-hack/cmd/k8s-tests-ext/provider.go +++ b/deps/github.com/openshift/kubernetes/openshift-hack/cmd/k8s-tests-ext/provider.go @@ -32,6 +32,29 @@ import ( _ "k8s.io/kubernetes/test/e2e/lifecycle" ) +func init() { + // Register OpenShift-specific cloud providers that are not part of upstream + // Kubernetes. Without these registrations, k8s-tests-ext crashes with + // "Unknown provider" when openshift-tests passes a provider like "ibmcloud". + // These providers don't need any special setup for running upstream kube + // tests, so a NullProvider is sufficient. + for _, name := range []string{ + "baremetal", + "ovirt", + "kubevirt", + "alibabacloud", + "nutanix", + "ibmcloud", + "external", + } { + func(n string) { + framework.RegisterProvider(n, func() (framework.ProviderInterface, error) { + return framework.NullProvider{}, nil + }) + }(name) + } +} + // Initialize a good enough test context for generating e2e tests, // so they can be listed and filtered. func initializeCommonTestFramework() error { diff --git a/deps/github.com/openshift/kubernetes/openshift-hack/images/hyperkube/Dockerfile.rhel b/deps/github.com/openshift/kubernetes/openshift-hack/images/hyperkube/Dockerfile.rhel index 2a21d7169f..eb3aba07df 100644 --- a/deps/github.com/openshift/kubernetes/openshift-hack/images/hyperkube/Dockerfile.rhel +++ b/deps/github.com/openshift/kubernetes/openshift-hack/images/hyperkube/Dockerfile.rhel @@ -15,4 +15,4 @@ COPY --from=builder /tmp/build/* /usr/bin/ LABEL io.k8s.display-name="OpenShift Kubernetes Server Commands" \ io.k8s.description="OpenShift is a platform for developing, building, and deploying containerized applications." \ io.openshift.tags="openshift,hyperkube" \ - io.openshift.build.versions="kubernetes=1.35.2" \ No newline at end of file + io.openshift.build.versions="kubernetes=1.35.3" \ No newline at end of file diff --git a/deps/github.com/openshift/kubernetes/pkg/controller/devicetainteviction/device_taint_eviction.go b/deps/github.com/openshift/kubernetes/pkg/controller/devicetainteviction/device_taint_eviction.go index d6075e98b3..b80042080c 100644 --- a/deps/github.com/openshift/kubernetes/pkg/controller/devicetainteviction/device_taint_eviction.go +++ b/deps/github.com/openshift/kubernetes/pkg/controller/devicetainteviction/device_taint_eviction.go @@ -434,6 +434,7 @@ func (tc *Controller) maybeDeletePod(ctx context.Context, podRef tainteviction.N // Doing this immediately is not useful because // it would just race with the informers update // (rule status reads from cache!). + tc.logger.V(5).Info("Adding delayed status update because of pod eviction", "deviceTaintRule", klog.KObj(reason.rule), "delay", ruleStatusPeriod) tc.workqueue.AddAfter(workItemForRule(reason.rule), ruleStatusPeriod) } } @@ -1016,7 +1017,14 @@ func (tc *Controller) Run(ctx context.Context, numWorkers int) error { func (tc *Controller) evictPod(podRef tainteviction.NamespacedObject, eviction evictionAndReason) { tc.deletePodAt[podRef] = eviction now := time.Now() - tc.workqueue.AddAfter(workItem{podRef: podRef}, eviction.when.Sub(now)) + delay := eviction.when.Sub(now) + if delay <= 0 { + tc.logger.V(3).Info("Adding immediate pod eviction", "pod", podRef, "eviction", eviction) + tc.workqueue.Add(workItem{podRef: podRef}) + } else { + tc.logger.V(3).Info("Adding delayed pod eviction", "pod", podRef, "eviction", eviction, "delay", delay) + tc.workqueue.AddAfter(workItem{podRef: podRef}, delay) + } if tc.evictPodHook != nil { tc.evictPodHook(podRef, eviction) @@ -1275,7 +1283,8 @@ func (tc *Controller) handleRuleChange(oldRule, newRule *resourcealpha.DeviceTai } if oldRule == nil { - // Update the status at least once. + // Update the status at least once, immediately and before evicting any pods. + tc.logger.V(5).Info("Adding immediate status update because of new rule", "deviceTaintRule", klog.KObj(newRule)) tc.workqueue.Add(workItemForRule(newRule)) } @@ -1289,9 +1298,13 @@ func (tc *Controller) handleRuleChange(oldRule, newRule *resourcealpha.DeviceTai if oldRule != nil && newRule != nil && - oldRule.UID == newRule.UID && - apiequality.Semantic.DeepEqual(&oldRule.Spec, &newRule.Spec) { - return + oldRule.UID == newRule.UID { + if apiequality.Semantic.DeepEqual(&oldRule.Spec, &newRule.Spec) { + return + } + // Update the status at least once, immediately and before evicting any pods. + tc.logger.V(5).Info("Adding immediate status update because of modified rule spec", "deviceTaintRule", klog.KObj(newRule)) + tc.workqueue.Add(workItemForRule(newRule)) } // Rule spec changes should be rare. Simply do a brute-force re-evaluation of all allocated claims. @@ -1475,13 +1488,14 @@ func (tc *Controller) handlePod(pod *v1.Pod) { return } - tc.logger.V(3).Info("Going to evict pod", "pod", podRef, "eviction", eviction) tc.evictPod(podRef, *eviction) // If any reason is because of a taint, then eviction is in progress and the status may need to be updated. + // But don't do it immediately because more pod changes may be coming in. for _, reason := range eviction.reason { if reason.rule != nil { - tc.workqueue.Add(workItemForRule(reason.rule)) + tc.logger.V(5).Info("Adding delayed status update because of pod change", "deviceTaintRule", klog.KObj(reason.rule), "delay", ruleStatusPeriod) + tc.workqueue.AddAfter(workItemForRule(reason.rule), ruleStatusPeriod) } } } diff --git a/deps/github.com/openshift/kubernetes/pkg/controller/devicetainteviction/device_taint_eviction_test.go b/deps/github.com/openshift/kubernetes/pkg/controller/devicetainteviction/device_taint_eviction_test.go index 3549be58ab..3da7d197e8 100644 --- a/deps/github.com/openshift/kubernetes/pkg/controller/devicetainteviction/device_taint_eviction_test.go +++ b/deps/github.com/openshift/kubernetes/pkg/controller/devicetainteviction/device_taint_eviction_test.go @@ -854,7 +854,7 @@ func TestController(t *testing.T) { finalState: state{ allocatedClaims: l(ac(inUseClaim, newEvictionTime(taintTime, ruleEvict))), deletePodAt: evictMap{newObject(podWithClaimName): *newEvictionTime(taintTime, ruleEvict)}, - queued: MockState[workItem]{Ready: newWorkItems(ruleEvict, podWithClaimName)}, + queued: MockState[workItem]{Ready: newWorkItems(ruleEvict, podWithClaimName), Later: newDelayedWorkItems(ruleEvict, ruleStatusPeriod)}, }, process: []step{ { @@ -882,23 +882,31 @@ func TestController(t *testing.T) { finalState: state{ allocatedClaims: l(ac(inUseClaimWithToleration, newEvictionTime(metav1Time(taintTime.Add(tolerationDuration)), ruleEvict))), deletePodAt: evictMap{newObject(podWithClaimName): *newEvictionTime(metav1Time(taintTime.Add(tolerationDuration)), ruleEvict)}, - queued: MockState[workItem]{Ready: newWorkItems(ruleEvict), Later: newDelayedWorkItems(podWithClaimName, tolerationDuration)}, + queued: MockState[workItem]{Ready: newWorkItems(ruleEvict), Later: newDelayedWorkItems(podWithClaimName, tolerationDuration, ruleEvict, ruleStatusPeriod)}, }, process: []step{ { // Initial update. - deletePodAt: evictMap{newObject(podWithClaimName): *newEvictionTime(metav1Time(taintTime.Add(tolerationDuration)), ruleEvict)}, - pods: l(podWithClaimName), - rules: l(inProgress(ruleEvict, true, "PodsPendingEviction", "1 pod needs to be evicted in 1 namespace.", taintTime)), - - queuedProcessed: MockState[workItem]{Later: newDelayedWorkItems(podWithClaimName, tolerationDuration)}, - advance: tolerationDuration, + deletePodAt: evictMap{newObject(podWithClaimName): *newEvictionTime(metav1Time(taintTime.Add(tolerationDuration)), ruleEvict)}, + pods: l(podWithClaimName), + rules: l(inProgress(ruleEvict, true, "PodsPendingEviction", "1 pod needs to be evicted in 1 namespace.", taintTime)), + queuedProcessed: MockState[workItem]{Later: newDelayedWorkItems(podWithClaimName, tolerationDuration, ruleEvict, ruleStatusPeriod)}, + advance: ruleStatusPeriod, + queuedShifted: MockState[workItem]{Ready: newWorkItems(ruleEvict), Later: newDelayedWorkItems(podWithClaimName, tolerationDuration-ruleStatusPeriod)}, + }, + { + // Process the pod eviction. + deletePodAt: evictMap{newObject(podWithClaimName): *newEvictionTime(metav1Time(taintTime.Add(tolerationDuration)), ruleEvict)}, + pods: l(podWithClaimName), + rules: l(inProgress(ruleEvict, true, "PodsPendingEviction", "1 pod needs to be evicted in 1 namespace.", metav1Time(taintTime.Add(ruleStatusPeriod)))), + queuedProcessed: MockState[workItem]{Later: newDelayedWorkItems(podWithClaimName, tolerationDuration-ruleStatusPeriod)}, + advance: tolerationDuration - ruleStatusPeriod, queuedShifted: MockState[workItem]{Ready: newWorkItems(podWithClaimName)}, }, { // Deleted, but condition not updated yet. ruleStats: map[types.UID]taintRuleStats{ruleEvict.UID: {numEvictedPods: 1}}, - rules: l(inProgress(ruleEvict, true, "PodsPendingEviction", "1 pod needs to be evicted in 1 namespace.", taintTime)), + rules: l(inProgress(ruleEvict, true, "PodsPendingEviction", "1 pod needs to be evicted in 1 namespace.", metav1Time(taintTime.Add(ruleStatusPeriod)))), queuedProcessed: MockState[workItem]{Later: newDelayedWorkItems(ruleEvict, ruleStatusPeriod)}, advance: ruleStatusPeriod, queuedShifted: MockState[workItem]{Ready: newWorkItems(ruleEvict)}, @@ -922,7 +930,7 @@ func TestController(t *testing.T) { finalState: state{ allocatedClaims: l(ac(inUseClaim, newEvictionTime(taintTime, ruleEvict)), ac(inUseClaimOtherNamespace, newEvictionTime(taintTime, ruleEvict))), deletePodAt: evictMap{newObject(podWithClaimName): *newEvictionTime(taintTime, ruleEvict), newObject(podWithClaimNameOtherNamespace): *newEvictionTime(taintTime, ruleEvict)}, - queued: MockState[workItem]{Ready: newWorkItems(ruleEvict, podWithClaimName, podWithClaimNameOtherNamespace)}, + queued: MockState[workItem]{Ready: newWorkItems(ruleEvict, podWithClaimName, podWithClaimNameOtherNamespace), Later: newDelayedWorkItems(ruleEvict, ruleStatusPeriod)}, }, process: []step{ { @@ -952,7 +960,7 @@ func TestController(t *testing.T) { finalState: state{ allocatedClaims: l(ac(inUseClaim, newEvictionTime(taintTime, ruleEvict)), ac(inUseClaimOtherName, newEvictionTime(taintTime, ruleEvict))), deletePodAt: evictMap{newObject(podWithClaimName): *newEvictionTime(taintTime, ruleEvict), newObject(podWithClaimNameOtherName): *newEvictionTime(taintTime, ruleEvict)}, - queued: MockState[workItem]{Ready: newWorkItems(ruleEvict, podWithClaimName, podWithClaimNameOtherName)}, + queued: MockState[workItem]{Ready: newWorkItems(ruleEvict, podWithClaimName, podWithClaimNameOtherName), Later: newDelayedWorkItems(ruleEvict, ruleStatusPeriod)}, }, process: []step{ { @@ -1038,7 +1046,7 @@ func TestController(t *testing.T) { finalState: state{ allocatedClaims: l(ac(inUseClaim, newEvictionTime(taintTime, ruleEvict)), ac(inUseClaimOtherNameShared, newEvictionTime(taintTime, ruleEvict))), deletePodAt: evictMap{newObject(podWithTwoClaimNames): *newEvictionTime(taintTime, ruleEvict)}, - queued: MockState[workItem]{Ready: newWorkItems(ruleEvict, podWithTwoClaimNames)}, + queued: MockState[workItem]{Ready: newWorkItems(ruleEvict, podWithTwoClaimNames), Later: newDelayedWorkItems(ruleEvict, ruleStatusPeriod)}, }, process: []step{ { @@ -1078,7 +1086,7 @@ func TestController(t *testing.T) { finalState: state{ allocatedClaims: l(ac(inUseClaim, newEvictionTime(taintTime, ruleEvictInstance1)), ac(inUseClaimOtherNameShared, newEvictionTime(taintTimeLater, ruleEvictInstance2Later))), deletePodAt: evictMap{newObject(podWithTwoClaimNames): *newEvictionTime(taintTime, ruleEvictInstance1, ruleEvictInstance2Later)}, - queued: MockState[workItem]{Ready: newWorkItems(ruleEvictInstance1, ruleEvictInstance2Later, podWithTwoClaimNames)}, + queued: MockState[workItem]{Ready: newWorkItems(ruleEvictInstance1, ruleEvictInstance2Later, podWithTwoClaimNames), Later: newDelayedWorkItems(ruleEvictInstance1, ruleStatusPeriod, ruleEvictInstance2Later, ruleStatusPeriod)}, }, process: []step{ { @@ -1110,7 +1118,7 @@ func TestController(t *testing.T) { finalState: state{ allocatedClaims: l(ac(inUseClaim, newEvictionTime(taintTime, ruleEvictInstance1)), ac(inUseClaimOtherNameShared, newEvictionTime(taintTimeLater, ruleEvictInstance2Later))), deletePodAt: evictMap{newObject(podWithTwoClaimNames): *newEvictionTime(taintTime, ruleEvictInstance1, ruleEvictInstance2Later)}, - queued: MockState[workItem]{Ready: newWorkItems(ruleEvictInstance1, ruleEvictInstance2Later, podWithTwoClaimNames), Later: newDelayedWorkItems(podWithTwoClaimNames, ruleEvictInstance2Later.Spec.Taint.TimeAdded.Sub(taintTime.Time))}, + queued: MockState[workItem]{Ready: newWorkItems(ruleEvictInstance1, ruleEvictInstance2Later, podWithTwoClaimNames), Later: newDelayedWorkItems(podWithTwoClaimNames, ruleEvictInstance2Later.Spec.Taint.TimeAdded.Sub(taintTime.Time), ruleEvictInstance2Later, ruleStatusPeriod, ruleEvictInstance1, ruleStatusPeriod)}, }, process: []step{ // The pod is scheduled for much later and time needs to advance a few times before it gets processed. @@ -1118,7 +1126,7 @@ func TestController(t *testing.T) { ruleStats: map[types.UID]taintRuleStats{ruleEvictInstance1.UID: {numEvictedPods: 1}, ruleEvictInstance2Later.UID: {numEvictedPods: 1}}, // Initial update of both rules before eviction. rules: l(inProgress(ruleEvictInstance1, true, "PodsPendingEviction", "1 pod needs to be evicted in 1 namespace.", taintTime), inProgress(ruleEvictInstance2Later, true, "PodsPendingEviction", "1 pod needs to be evicted in 1 namespace.", taintTime)), - queuedProcessed: MockState[workItem]{Later: newDelayedWorkItems(podWithTwoClaimNames, ruleEvictInstance2Later.Spec.Taint.TimeAdded.Sub(taintTime.Time), ruleEvictInstance1, ruleStatusPeriod, ruleEvictInstance2Later, ruleStatusPeriod)}, + queuedProcessed: MockState[workItem]{Later: newDelayedWorkItems(podWithTwoClaimNames, ruleEvictInstance2Later.Spec.Taint.TimeAdded.Sub(taintTime.Time), ruleEvictInstance2Later, ruleStatusPeriod, ruleEvictInstance1, ruleStatusPeriod)}, advance: ruleStatusPeriod, queuedShifted: MockState[workItem]{Ready: newWorkItems(ruleEvictInstance1, ruleEvictInstance2Later), Later: newDelayedWorkItems(podWithTwoClaimNames, ruleEvictInstance2Later.Spec.Taint.TimeAdded.Sub(taintTime.Time)-ruleStatusPeriod)}, }, @@ -1495,22 +1503,30 @@ func TestController(t *testing.T) { return claim }(), newEvictionTime(metav1Time(taintTime.Add(30*time.Second)), ruleEvict, ruleEvictOther, sliceTaintedTwice, sliceTaintedTwice.Spec.Devices[0].Name, 0, sliceTaintedTwice, sliceTaintedTwice.Spec.Devices[0].Name, 1))), deletePodAt: evictMap{newObject(podWithClaimName): *newEvictionTime(metav1Time(taintTime.Add(30*time.Second)), ruleEvict, ruleEvictOther, sliceTaintedTwice, sliceTaintedTwice.Spec.Devices[0].Name, 0, sliceTaintedTwice, sliceTaintedTwice.Spec.Devices[0].Name, 1)}, - queued: MockState[workItem]{Ready: newWorkItems(ruleEvict, ruleEvictOther), Later: newDelayedWorkItems(podWithClaimName, 30*time.Second)}, + queued: MockState[workItem]{Ready: newWorkItems(ruleEvict, ruleEvictOther), Later: newDelayedWorkItems(podWithClaimName, 30*time.Second, ruleEvict, ruleStatusPeriod, ruleEvictOther, ruleStatusPeriod)}, }, process: []step{ - // First advance time, then delete. { deletePodAt: evictMap{newObject(podWithClaimName): *newEvictionTime(metav1Time(taintTime.Add(30*time.Second)), ruleEvict, ruleEvictOther, sliceTaintedTwice, sliceTaintedTwice.Spec.Devices[0].Name, 0, sliceTaintedTwice, sliceTaintedTwice.Spec.Devices[0].Name, 1)}, pods: l(podWithClaimName), rules: l(inProgress(ruleEvict, true, "PodsPendingEviction", "1 pod needs to be evicted in 1 namespace.", taintTime), inProgress(ruleEvictOther, true, "PodsPendingEviction", "1 pod needs to be evicted in 1 namespace.", taintTime)), - queuedProcessed: MockState[workItem]{Later: newDelayedWorkItems(podWithClaimName, 30*time.Second)}, - advance: 30 * time.Second, + queuedProcessed: MockState[workItem]{Later: newDelayedWorkItems(podWithClaimName, 30*time.Second, ruleEvict, ruleStatusPeriod, ruleEvictOther, ruleStatusPeriod)}, + advance: ruleStatusPeriod, + queuedShifted: MockState[workItem]{Ready: newWorkItems(ruleEvict, ruleEvictOther), Later: newDelayedWorkItems(podWithClaimName, 30*time.Second-ruleStatusPeriod)}, + }, + // First advance time, then delete. + { + deletePodAt: evictMap{newObject(podWithClaimName): *newEvictionTime(metav1Time(taintTime.Add(30*time.Second)), ruleEvict, ruleEvictOther, sliceTaintedTwice, sliceTaintedTwice.Spec.Devices[0].Name, 0, sliceTaintedTwice, sliceTaintedTwice.Spec.Devices[0].Name, 1)}, + pods: l(podWithClaimName), + rules: l(inProgress(ruleEvict, true, "PodsPendingEviction", "1 pod needs to be evicted in 1 namespace.", metav1Time(taintTime.Add(ruleStatusPeriod))), inProgress(ruleEvictOther, true, "PodsPendingEviction", "1 pod needs to be evicted in 1 namespace.", metav1Time(taintTime.Add(ruleStatusPeriod)))), + queuedProcessed: MockState[workItem]{Later: newDelayedWorkItems(podWithClaimName, 20*time.Second)}, + advance: 20 * time.Second, queuedShifted: MockState[workItem]{Ready: newWorkItems(podWithClaimName)}, }, { ruleStats: map[types.UID]taintRuleStats{ruleEvict.UID: {numEvictedPods: 1}, ruleEvictOther.UID: {numEvictedPods: 1}}, // Not updated yet. - rules: l(inProgress(ruleEvict, true, "PodsPendingEviction", "1 pod needs to be evicted in 1 namespace.", taintTime), inProgress(ruleEvictOther, true, "PodsPendingEviction", "1 pod needs to be evicted in 1 namespace.", taintTime)), + rules: l(inProgress(ruleEvict, true, "PodsPendingEviction", "1 pod needs to be evicted in 1 namespace.", metav1Time(taintTime.Add(ruleStatusPeriod))), inProgress(ruleEvictOther, true, "PodsPendingEviction", "1 pod needs to be evicted in 1 namespace.", metav1Time(taintTime.Add(ruleStatusPeriod)))), queuedProcessed: MockState[workItem]{Later: newDelayedWorkItems(ruleEvict, ruleStatusPeriod, ruleEvictOther, ruleStatusPeriod)}, advance: ruleStatusPeriod, queuedShifted: MockState[workItem]{Ready: newWorkItems(ruleEvict, ruleEvictOther)}, @@ -1935,6 +1951,11 @@ func testHandlers(tContext *testContext, tc testCase) { } } + queueCmpOpts := []cmp.Option{ + cmpopts.SortSlices(compareWorkItems), + cmpopts.SortSlices(compareDelayedWorkItems), + } + assertEqual(tContext, tc.finalState.ruleStats, tContext.taintRuleStats, "taintRuleStats") assertEqual(tContext, tc.finalState.deletePodAt, tContext.deletePodAt, "deletePodAt") assertEqual(tContext, tc.finalState.allocatedClaimsAsMap(), tContext.allocatedClaims, "allocated claims") @@ -1943,7 +1964,7 @@ func testHandlers(tContext *testContext, tc testCase) { assert.Equal(tContext, tc.finalState.slicesAsMap()[key], tContext.pools[key], "pool") } } - assertEqual(tContext, tc.finalState.queued, tContext.mockQueue.State(), "work queue after event handlers", cmpopts.SortSlices(compareWorkItems)) + assertEqual(tContext, tc.finalState.queued, tContext.mockQueue.State(), "work queue after event handlers", queueCmpOpts...) assert.Empty(tContext, tc.finalState.pods, "pods not checked for final state") assert.Empty(tContext, tc.finalState.rules, "rules not checked for final state") @@ -1972,13 +1993,14 @@ func testHandlers(tContext *testContext, tc testCase) { assertEqual(tContext, state.rules, actualRules, prefix+"rules after flushing work queue") // Advance time and potentially make pending work items ready. - assertEqual(tContext, state.queuedProcessed, tContext.mockQueue.State(), prefix+"work queue after processing", cmpopts.SortSlices(compareWorkItems)) + assertEqual(tContext, state.queuedProcessed, tContext.mockQueue.State(), prefix+"work queue after processing", queueCmpOpts...) time.Sleep(state.advance) for _, item := range tContext.mockQueue.State().Later { + fmt.Println(item.Item, item.Duration) tContext.mockQueue.CancelAfter(item.Item) tContext.mockQueue.AddAfter(item.Item, item.Duration-state.advance) } - assertEqual(tContext, state.queuedShifted, tContext.mockQueue.State(), prefix+"work queue after moving time forward", cmpopts.SortSlices(compareWorkItems)) + assertEqual(tContext, state.queuedShifted, tContext.mockQueue.State(), prefix+"work queue after moving time forward", queueCmpOpts...) } assertEqual(tContext, tc.wantEvents, tContext.recorder.Events, "overall events", @@ -2002,6 +2024,17 @@ func compareWorkItems(a, b workItem) int { return strings.Compare(string(a.ruleRef.UID), string(b.ruleRef.UID)) } +func compareDelayedWorkItems(a, b MockDelayedItem[workItem]) int { + delta := a.Duration - b.Duration + if delta > 0 { + return 1 + } + if delta < 0 { + return -1 + } + return compareWorkItems(a.Item, b.Item) +} + func applyEventPair(tContext *testContext, event any) { switch pair := event.(type) { case [2]*resourceapi.ResourceSlice: @@ -2393,7 +2426,9 @@ func testDeviceTaintRule(tCtx ktesting.TContext) { wg.Wait() }() wg.Go(func() { - assert.NoError(tCtx, controller.Run(tCtx, 10 /* workers */), "eviction controller failed") + // Run with 1 worker to ensure sequential execution. Concurrent workers cause + // non-deterministic ordering of status updates, leading to flakes in Status assertions. + assert.NoError(tCtx, controller.Run(tCtx, 1 /* workers */), "eviction controller failed") }) // Eventually the controller should have synced it's informers. @@ -2425,10 +2460,11 @@ func testDeviceTaintRule(tCtx ktesting.TContext) { rule, err := tCtx.Client().ResourceV1alpha3().DeviceTaintRules().Update(tCtx, rule, metav1.UpdateOptions{}) tCtx.ExpectNoError(err, "update rule") - // Wait for eviction. The rule gets updated with another delay. + // Wait for eviction. tCtx.Wait() evicted := metav1.Now() tCtx.Logf("TIME: eviction done at %s", evicted) + // The rule status got updated once before evicting pods, but not yet after evicting it. check(tCtx, "evict: ", l(inProgress(rule, true, "PodsPendingEviction", "1 pod needs to be evicted in 1 namespace.", &evicted)), nil) // AddAfter does not move time forward. Do it ourselves... @@ -2438,7 +2474,7 @@ func testDeviceTaintRule(tCtx ktesting.TContext) { tCtx.Wait() done := metav1.Now() tCtx.Logf("TIME: done at %s", done) - check(tCtx, "done: ", l(inProgress(rule, false, "Completed", "1 pod evicted since starting the controller.", &slept)), nil) + check(tCtx, "done: ", l(inProgress(rule, false, "Completed", "1 pod evicted since starting the controller.", &done)), nil) assertEqual(tCtx, map[types.UID]taintRuleStats{rule.UID: {numEvictedPods: 1}}, controller.taintRuleStats, "taint rule statistics should have counted the pod") // Delete the rule and verify that we don't leak memory by still tracking it. diff --git a/deps/github.com/openshift/kubernetes/pkg/features/kube_features.go b/deps/github.com/openshift/kubernetes/pkg/features/kube_features.go index 5a6ee84351..bff6faf524 100644 --- a/deps/github.com/openshift/kubernetes/pkg/features/kube_features.go +++ b/deps/github.com/openshift/kubernetes/pkg/features/kube_features.go @@ -1514,7 +1514,7 @@ var defaultVersionedKubernetesFeatureGates = map[featuregate.Feature]featuregate MaxUnavailableStatefulSet: { {Version: version.MustParse("1.24"), Default: false, PreRelease: featuregate.Alpha}, - {Version: version.MustParse("1.35"), Default: true, PreRelease: featuregate.Beta}, + {Version: version.MustParse("1.35"), Default: false, PreRelease: featuregate.Beta}, }, MemoryManager: { diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver/examples/client-go/pkg/client/clientset/versioned/fake/clientset_generated.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver/examples/client-go/pkg/client/clientset/versioned/fake/clientset_generated.go index cfddc15ac9..07601ef8e6 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver/examples/client-go/pkg/client/clientset/versioned/fake/clientset_generated.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver/examples/client-go/pkg/client/clientset/versioned/fake/clientset_generated.go @@ -35,10 +35,6 @@ import ( // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. -// -// Deprecated: NewClientset replaces this with support for field management, which significantly improves -// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. -// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { @@ -99,6 +95,10 @@ func (c *Clientset) IsWatchListSemanticsUnSupported() bool { // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. +// +// Compared to NewSimpleClientset, the Clientset returned here supports field tracking and thus +// server-side apply. Beware though that support in that for CRDs is missing +// (https://github.com/kubernetes/kubernetes/issues/126850). func NewClientset(objects ...runtime.Object) *Clientset { o := testing.NewFieldManagedObjectTracker( scheme, diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/fake/clientset_generated.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/fake/clientset_generated.go index 76295e745e..88f7f242b6 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/fake/clientset_generated.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/fake/clientset_generated.go @@ -37,10 +37,6 @@ import ( // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. -// -// Deprecated: NewClientset replaces this with support for field management, which significantly improves -// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. -// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { @@ -101,6 +97,10 @@ func (c *Clientset) IsWatchListSemanticsUnSupported() bool { // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. +// +// Compared to NewSimpleClientset, the Clientset returned here supports field tracking and thus +// server-side apply. Beware though that support in that for CRDs is missing +// (https://github.com/kubernetes/kubernetes/issues/126850). func NewClientset(objects ...runtime.Object) *Clientset { o := testing.NewFieldManagedObjectTracker( scheme, diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver/test/integration/finalization_test.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver/test/integration/finalization_test.go index 11435f45c2..a440b33284 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver/test/integration/finalization_test.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver/test/integration/finalization_test.go @@ -23,6 +23,7 @@ import ( "github.com/stretchr/testify/require" + apiextensionshelpers "k8s.io/apiextensions-apiserver/pkg/apihelpers" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apiextensions-apiserver/test/integration/fixtures" "k8s.io/apimachinery/pkg/api/errors" @@ -30,6 +31,11 @@ import ( "k8s.io/apimachinery/pkg/util/wait" ) +const ( + testNamespace = "not-the-default" + testFinalizer = "noxu.example.com/finalizer" +) + func TestFinalization(t *testing.T) { tearDown, apiExtensionClient, dynamicClient, err := fixtures.StartDefaultServerWithClients(t) require.NoError(t, err) @@ -39,12 +45,12 @@ func TestFinalization(t *testing.T) { noxuDefinition, err = fixtures.CreateNewV1CustomResourceDefinition(noxuDefinition, apiExtensionClient, dynamicClient) require.NoError(t, err) - ns := "not-the-default" + ns := testNamespace name := "foo123" noxuResourceClient := newNamespacedCustomResourceClient(ns, dynamicClient, noxuDefinition) instance := fixtures.NewNoxuInstance(ns, name) - instance.SetFinalizers([]string{"noxu.example.com/finalizer"}) + instance.SetFinalizers([]string{testFinalizer}) createdNoxuInstance, err := instantiateCustomResource(t, instance, noxuResourceClient, noxuDefinition) require.NoError(t, err) @@ -104,12 +110,12 @@ func TestFinalizationAndDeletion(t *testing.T) { require.NoError(t, err) // Create a CR with a finalizer. - ns := "not-the-default" + ns := testNamespace name := "foo123" noxuResourceClient := newNamespacedCustomResourceClient(ns, dynamicClient, noxuDefinition) instance := fixtures.NewNoxuInstance(ns, name) - instance.SetFinalizers([]string{"noxu.example.com/finalizer"}) + instance.SetFinalizers([]string{testFinalizer}) createdNoxuInstance, err := instantiateCustomResource(t, instance, noxuResourceClient, noxuDefinition) require.NoError(t, err) @@ -171,7 +177,7 @@ func TestApplyCRDuringCRDFinalization(t *testing.T) { // Create a CRD with a finalizer which will stall deletion noxuDefinition := fixtures.NewNoxuV1CustomResourceDefinition(apiextensionsv1.ClusterScoped) - noxuDefinition.SetFinalizers([]string{"noxu.example.com/finalizer"}) + noxuDefinition.SetFinalizers([]string{testFinalizer}) noxuDefinition, err = fixtures.CreateNewV1CustomResourceDefinition(noxuDefinition, apiExtensionClient, dynamicClient) require.NoError(t, err) @@ -179,20 +185,27 @@ func TestApplyCRDuringCRDFinalization(t *testing.T) { err = apiExtensionClient.ApiextensionsV1().CustomResourceDefinitions().Delete(t.Context(), noxuDefinition.Name, metav1.DeleteOptions{}) require.NoError(t, err) + // Wait for the CRD to have the Terminating condition set to True. + // The handler checks IsCRDConditionTrue(crd, apiextensionsv1.Terminating) to block + // CR creation, and this condition is set asynchronously by the CRD finalizer controller + // after it observes the DeletionTimestamp. Without this wait, the Apply could succeed + // if it races ahead of the controller setting the condition. + err = wait.PollUntilContextTimeout(t.Context(), 100*time.Millisecond, wait.ForeverTestTimeout, true, func(ctx context.Context) (bool, error) { + crd, err := apiExtensionClient.ApiextensionsV1().CustomResourceDefinitions().Get(ctx, noxuDefinition.Name, metav1.GetOptions{}) + if err != nil { + return false, err + } + return apiextensionshelpers.IsCRDConditionTrue(crd, apiextensionsv1.Terminating), nil + }) + require.NoError(t, err, "timed out waiting for CRD Terminating condition to be set") + // Try to create a CR using SSA. This should fail due to the CRD validation - ns := "not-the-default" + ns := testNamespace name := "foo123" noxuResourceClient := newNamespacedCustomResourceClient(ns, dynamicClient, noxuDefinition) - err = wait.PollUntilContextTimeout(t.Context(), 100*time.Millisecond, wait.ForeverTestTimeout, true, func(ctx context.Context) (bool, error) { - instance := fixtures.NewNoxuInstance(ns, name) - _, err := noxuResourceClient.Apply(ctx, name, instance, metav1.ApplyOptions{DryRun: []string{"All"}, FieldManager: "manager"}) - if err == nil { - t.Log("apply was not blocked, retrying...") - return false, nil - } - return true, err - }) + instance := fixtures.NewNoxuInstance(ns, name) + _, err = noxuResourceClient.Apply(t.Context(), name, instance, metav1.ApplyOptions{DryRun: []string{"All"}, FieldManager: "manager"}) wantErr := `create not allowed while custom resource definition is terminating` require.ErrorContains(t, err, wantErr) } diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/kubernetes/fake/clientset_generated.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/kubernetes/fake/clientset_generated.go index f729718bfb..c101c28306 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/kubernetes/fake/clientset_generated.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go/kubernetes/fake/clientset_generated.go @@ -143,10 +143,6 @@ import ( // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. -// -// Deprecated: NewClientset replaces this with support for field management, which significantly improves -// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. -// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { @@ -207,6 +203,10 @@ func (c *Clientset) IsWatchListSemanticsUnSupported() bool { // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. +// +// Compared to NewSimpleClientset, the Clientset returned here supports field tracking and thus +// server-side apply. Beware though that support in that for CRDs is missing +// (https://github.com/kubernetes/kubernetes/issues/126850). func NewClientset(objects ...runtime.Object) *Clientset { o := testing.NewFieldManagedObjectTracker( scheme, diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/cmd/client-gen/generators/fake/generator_fake_for_clientset.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/cmd/client-gen/generators/fake/generator_fake_for_clientset.go index c5df71d666..9391908f23 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/cmd/client-gen/generators/fake/generator_fake_for_clientset.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/cmd/client-gen/generators/fake/generator_fake_for_clientset.go @@ -124,6 +124,10 @@ var managedFieldsClientset = ` // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. +// +// Compared to NewSimpleClientset, the Clientset returned here supports field tracking and thus +// server-side apply. Beware though that support in that for CRDs is missing +// (https://github.com/kubernetes/kubernetes/issues/126850). func NewClientset(objects ...runtime.Object) *Clientset { o := testing.NewFieldManagedObjectTracker( scheme, @@ -162,10 +166,6 @@ var common = ` // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. -// -// Deprecated: NewClientset replaces this with support for field management, which significantly improves -// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. -// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/HyphenGroup/clientset/versioned/fake/clientset_generated.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/HyphenGroup/clientset/versioned/fake/clientset_generated.go index e7219ba44e..4d7e13bb1c 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/HyphenGroup/clientset/versioned/fake/clientset_generated.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/HyphenGroup/clientset/versioned/fake/clientset_generated.go @@ -35,10 +35,6 @@ import ( // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. -// -// Deprecated: NewClientset replaces this with support for field management, which significantly improves -// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. -// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { @@ -99,6 +95,10 @@ func (c *Clientset) IsWatchListSemanticsUnSupported() bool { // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. +// +// Compared to NewSimpleClientset, the Clientset returned here supports field tracking and thus +// server-side apply. Beware though that support in that for CRDs is missing +// (https://github.com/kubernetes/kubernetes/issues/126850). func NewClientset(objects ...runtime.Object) *Clientset { o := testing.NewFieldManagedObjectTracker( scheme, diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/MixedCase/clientset/versioned/fake/clientset_generated.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/MixedCase/clientset/versioned/fake/clientset_generated.go index 7f3eae52a7..a152ce9f18 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/MixedCase/clientset/versioned/fake/clientset_generated.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/MixedCase/clientset/versioned/fake/clientset_generated.go @@ -35,10 +35,6 @@ import ( // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. -// -// Deprecated: NewClientset replaces this with support for field management, which significantly improves -// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. -// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { @@ -99,6 +95,10 @@ func (c *Clientset) IsWatchListSemanticsUnSupported() bool { // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. +// +// Compared to NewSimpleClientset, the Clientset returned here supports field tracking and thus +// server-side apply. Beware though that support in that for CRDs is missing +// (https://github.com/kubernetes/kubernetes/issues/126850). func NewClientset(objects ...runtime.Object) *Clientset { o := testing.NewFieldManagedObjectTracker( scheme, diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/apiserver/clientset/versioned/fake/clientset_generated.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/apiserver/clientset/versioned/fake/clientset_generated.go index 0ac684823a..9ae0dd7c14 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/apiserver/clientset/versioned/fake/clientset_generated.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/apiserver/clientset/versioned/fake/clientset_generated.go @@ -40,10 +40,6 @@ import ( // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. -// -// Deprecated: NewClientset replaces this with support for field management, which significantly improves -// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. -// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/crd/clientset/versioned/fake/clientset_generated.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/crd/clientset/versioned/fake/clientset_generated.go index 982ffd605c..c14bdff76d 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/crd/clientset/versioned/fake/clientset_generated.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/crd/clientset/versioned/fake/clientset_generated.go @@ -41,10 +41,6 @@ import ( // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. -// -// Deprecated: NewClientset replaces this with support for field management, which significantly improves -// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. -// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { @@ -105,6 +101,10 @@ func (c *Clientset) IsWatchListSemanticsUnSupported() bool { // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. +// +// Compared to NewSimpleClientset, the Clientset returned here supports field tracking and thus +// server-side apply. Beware though that support in that for CRDs is missing +// (https://github.com/kubernetes/kubernetes/issues/126850). func NewClientset(objects ...runtime.Object) *Clientset { o := testing.NewFieldManagedObjectTracker( scheme, diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/single/clientset/versioned/fake/clientset_generated.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/single/clientset/versioned/fake/clientset_generated.go index 14c4a2df62..f30bfa095e 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/single/clientset/versioned/fake/clientset_generated.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/code-generator/examples/single/clientset/versioned/fake/clientset_generated.go @@ -35,10 +35,6 @@ import ( // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. -// -// Deprecated: NewClientset replaces this with support for field management, which significantly improves -// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. -// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { @@ -99,6 +95,10 @@ func (c *Clientset) IsWatchListSemanticsUnSupported() bool { // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. +// +// Compared to NewSimpleClientset, the Clientset returned here supports field tracking and thus +// server-side apply. Beware though that support in that for CRDs is missing +// (https://github.com/kubernetes/kubernetes/issues/126850). func NewClientset(objects ...runtime.Object) *Clientset { o := testing.NewFieldManagedObjectTracker( scheme, diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/fake/clientset_generated.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/fake/clientset_generated.go index 534d62d119..4ea47bd4c8 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/fake/clientset_generated.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/fake/clientset_generated.go @@ -36,10 +36,6 @@ import ( // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. -// -// Deprecated: NewClientset replaces this with support for field management, which significantly improves -// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. -// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/metrics/pkg/client/clientset/versioned/fake/clientset_generated.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/metrics/pkg/client/clientset/versioned/fake/clientset_generated.go index be4bb94e56..0748ac12ce 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/metrics/pkg/client/clientset/versioned/fake/clientset_generated.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/metrics/pkg/client/clientset/versioned/fake/clientset_generated.go @@ -36,10 +36,6 @@ import ( // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. -// -// Deprecated: NewClientset replaces this with support for field management, which significantly improves -// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. -// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver/pkg/generated/clientset/versioned/fake/clientset_generated.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver/pkg/generated/clientset/versioned/fake/clientset_generated.go index a2a7930853..7b4403bf97 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver/pkg/generated/clientset/versioned/fake/clientset_generated.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver/pkg/generated/clientset/versioned/fake/clientset_generated.go @@ -37,10 +37,6 @@ import ( // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. -// -// Deprecated: NewClientset replaces this with support for field management, which significantly improves -// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. -// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { @@ -101,6 +97,10 @@ func (c *Clientset) IsWatchListSemanticsUnSupported() bool { // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. +// +// Compared to NewSimpleClientset, the Clientset returned here supports field tracking and thus +// server-side apply. Beware though that support in that for CRDs is missing +// (https://github.com/kubernetes/kubernetes/issues/126850). func NewClientset(objects ...runtime.Object) *Clientset { o := testing.NewFieldManagedObjectTracker( scheme, diff --git a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller/pkg/generated/clientset/versioned/fake/clientset_generated.go b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller/pkg/generated/clientset/versioned/fake/clientset_generated.go index 4fe43173e3..23aba26f37 100644 --- a/deps/github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller/pkg/generated/clientset/versioned/fake/clientset_generated.go +++ b/deps/github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller/pkg/generated/clientset/versioned/fake/clientset_generated.go @@ -34,10 +34,6 @@ import ( // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. -// -// Deprecated: NewClientset replaces this with support for field management, which significantly improves -// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. -// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { diff --git a/deps/github.com/openshift/kubernetes/test/compatibility_lifecycle/reference/versioned_feature_list.yaml b/deps/github.com/openshift/kubernetes/test/compatibility_lifecycle/reference/versioned_feature_list.yaml index 8cbe2d3425..a803c87a98 100644 --- a/deps/github.com/openshift/kubernetes/test/compatibility_lifecycle/reference/versioned_feature_list.yaml +++ b/deps/github.com/openshift/kubernetes/test/compatibility_lifecycle/reference/versioned_feature_list.yaml @@ -1053,7 +1053,7 @@ lockToDefault: false preRelease: Alpha version: "1.24" - - default: true + - default: false lockToDefault: false preRelease: Beta version: "1.35" diff --git a/deps/github.com/openshift/kubernetes/test/e2e/node/pods.go b/deps/github.com/openshift/kubernetes/test/e2e/node/pods.go index 2cbf75c654..c3f78eb8f4 100644 --- a/deps/github.com/openshift/kubernetes/test/e2e/node/pods.go +++ b/deps/github.com/openshift/kubernetes/test/e2e/node/pods.go @@ -695,7 +695,7 @@ var _ = SIGDescribe("Pods Extended (pod generation)", func() { // Set the pod image to something that doesn't exist to induce a pull error // to start with. agnImage := pod.Spec.Containers[0].Image - pod.Spec.Containers[0].Image = "some-image-that-doesnt-exist" + pod.Spec.Containers[0].Image = "localhost/some-image-that-doesnt-exist" ginkgo.By("submitting the pod to kubernetes") pod, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Create(ctx, pod, metav1.CreateOptions{}) diff --git a/deps/github.com/openshift/kubernetes/test/integration/dra/binding_conditions_test.go b/deps/github.com/openshift/kubernetes/test/integration/dra/binding_conditions_test.go index 35041c685d..2f1b00fd18 100644 --- a/deps/github.com/openshift/kubernetes/test/integration/dra/binding_conditions_test.go +++ b/deps/github.com/openshift/kubernetes/test/integration/dra/binding_conditions_test.go @@ -60,7 +60,6 @@ func testDeviceBindingConditions(tCtx ktesting.TContext, enabled bool) { func testDeviceBindingConditionsBasicFlow(tCtx ktesting.TContext, enabled bool) { namespace := createTestNamespace(tCtx, nil) class, driverName := createTestClass(tCtx, namespace) - startScheduler(tCtx) slice := &resourceapi.ResourceSlice{ ObjectMeta: metav1.ObjectMeta{ @@ -117,6 +116,7 @@ func testDeviceBindingConditionsBasicFlow(tCtx ktesting.TContext, enabled bool) _, err = tCtx.Client().ResourceV1().ResourceSlices().Create(tCtx, sliceWithoutBinding, metav1.CreateOptions{FieldValidation: "Strict"}) tCtx.ExpectNoError(err, "create slice without binding conditions") + startScheduler(tCtx) // Schedule first pod and wait for the scheduler to reach the binding phase, which marks the claim as allocated. start := time.Now() claim1 := createClaim(tCtx, namespace, "-a", class, claim) From 158b9eaa7e95ae797c41a7d403a6769564367e04 Mon Sep 17 00:00:00 2001 From: Evgeny Slutsky Date: Thu, 2 Apr 2026 11:52:10 +0200 Subject: [PATCH 05/11] update microshift/vendor --- .../kubernetes/fake/clientset_generated.go | 8 +-- .../device_taint_eviction.go | 28 +++++++--- .../kubernetes/pkg/features/kube_features.go | 2 +- vendor/modules.txt | 56 +++++++++---------- 4 files changed, 54 insertions(+), 40 deletions(-) diff --git a/vendor/k8s.io/client-go/kubernetes/fake/clientset_generated.go b/vendor/k8s.io/client-go/kubernetes/fake/clientset_generated.go index f729718bfb..c101c28306 100644 --- a/vendor/k8s.io/client-go/kubernetes/fake/clientset_generated.go +++ b/vendor/k8s.io/client-go/kubernetes/fake/clientset_generated.go @@ -143,10 +143,6 @@ import ( // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. -// -// Deprecated: NewClientset replaces this with support for field management, which significantly improves -// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. -// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { @@ -207,6 +203,10 @@ func (c *Clientset) IsWatchListSemanticsUnSupported() bool { // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, // without applying any validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. +// +// Compared to NewSimpleClientset, the Clientset returned here supports field tracking and thus +// server-side apply. Beware though that support in that for CRDs is missing +// (https://github.com/kubernetes/kubernetes/issues/126850). func NewClientset(objects ...runtime.Object) *Clientset { o := testing.NewFieldManagedObjectTracker( scheme, diff --git a/vendor/k8s.io/kubernetes/pkg/controller/devicetainteviction/device_taint_eviction.go b/vendor/k8s.io/kubernetes/pkg/controller/devicetainteviction/device_taint_eviction.go index d6075e98b3..b80042080c 100644 --- a/vendor/k8s.io/kubernetes/pkg/controller/devicetainteviction/device_taint_eviction.go +++ b/vendor/k8s.io/kubernetes/pkg/controller/devicetainteviction/device_taint_eviction.go @@ -434,6 +434,7 @@ func (tc *Controller) maybeDeletePod(ctx context.Context, podRef tainteviction.N // Doing this immediately is not useful because // it would just race with the informers update // (rule status reads from cache!). + tc.logger.V(5).Info("Adding delayed status update because of pod eviction", "deviceTaintRule", klog.KObj(reason.rule), "delay", ruleStatusPeriod) tc.workqueue.AddAfter(workItemForRule(reason.rule), ruleStatusPeriod) } } @@ -1016,7 +1017,14 @@ func (tc *Controller) Run(ctx context.Context, numWorkers int) error { func (tc *Controller) evictPod(podRef tainteviction.NamespacedObject, eviction evictionAndReason) { tc.deletePodAt[podRef] = eviction now := time.Now() - tc.workqueue.AddAfter(workItem{podRef: podRef}, eviction.when.Sub(now)) + delay := eviction.when.Sub(now) + if delay <= 0 { + tc.logger.V(3).Info("Adding immediate pod eviction", "pod", podRef, "eviction", eviction) + tc.workqueue.Add(workItem{podRef: podRef}) + } else { + tc.logger.V(3).Info("Adding delayed pod eviction", "pod", podRef, "eviction", eviction, "delay", delay) + tc.workqueue.AddAfter(workItem{podRef: podRef}, delay) + } if tc.evictPodHook != nil { tc.evictPodHook(podRef, eviction) @@ -1275,7 +1283,8 @@ func (tc *Controller) handleRuleChange(oldRule, newRule *resourcealpha.DeviceTai } if oldRule == nil { - // Update the status at least once. + // Update the status at least once, immediately and before evicting any pods. + tc.logger.V(5).Info("Adding immediate status update because of new rule", "deviceTaintRule", klog.KObj(newRule)) tc.workqueue.Add(workItemForRule(newRule)) } @@ -1289,9 +1298,13 @@ func (tc *Controller) handleRuleChange(oldRule, newRule *resourcealpha.DeviceTai if oldRule != nil && newRule != nil && - oldRule.UID == newRule.UID && - apiequality.Semantic.DeepEqual(&oldRule.Spec, &newRule.Spec) { - return + oldRule.UID == newRule.UID { + if apiequality.Semantic.DeepEqual(&oldRule.Spec, &newRule.Spec) { + return + } + // Update the status at least once, immediately and before evicting any pods. + tc.logger.V(5).Info("Adding immediate status update because of modified rule spec", "deviceTaintRule", klog.KObj(newRule)) + tc.workqueue.Add(workItemForRule(newRule)) } // Rule spec changes should be rare. Simply do a brute-force re-evaluation of all allocated claims. @@ -1475,13 +1488,14 @@ func (tc *Controller) handlePod(pod *v1.Pod) { return } - tc.logger.V(3).Info("Going to evict pod", "pod", podRef, "eviction", eviction) tc.evictPod(podRef, *eviction) // If any reason is because of a taint, then eviction is in progress and the status may need to be updated. + // But don't do it immediately because more pod changes may be coming in. for _, reason := range eviction.reason { if reason.rule != nil { - tc.workqueue.Add(workItemForRule(reason.rule)) + tc.logger.V(5).Info("Adding delayed status update because of pod change", "deviceTaintRule", klog.KObj(reason.rule), "delay", ruleStatusPeriod) + tc.workqueue.AddAfter(workItemForRule(reason.rule), ruleStatusPeriod) } } } diff --git a/vendor/k8s.io/kubernetes/pkg/features/kube_features.go b/vendor/k8s.io/kubernetes/pkg/features/kube_features.go index 5a6ee84351..bff6faf524 100644 --- a/vendor/k8s.io/kubernetes/pkg/features/kube_features.go +++ b/vendor/k8s.io/kubernetes/pkg/features/kube_features.go @@ -1514,7 +1514,7 @@ var defaultVersionedKubernetesFeatureGates = map[featuregate.Feature]featuregate MaxUnavailableStatefulSet: { {Version: version.MustParse("1.24"), Default: false, PreRelease: featuregate.Alpha}, - {Version: version.MustParse("1.35"), Default: true, PreRelease: featuregate.Beta}, + {Version: version.MustParse("1.35"), Default: false, PreRelease: featuregate.Beta}, }, MemoryManager: { diff --git a/vendor/modules.txt b/vendor/modules.txt index 1c9848d0e1..9445195321 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1240,7 +1240,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/api +# k8s.io/api v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/api ## explicit; go 1.25.0 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1302,7 +1302,7 @@ k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 k8s.io/api/storagemigration/v1beta1 -# k8s.io/apiextensions-apiserver v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver +# k8s.io/apiextensions-apiserver v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver ## explicit; go 1.25.0 k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1349,7 +1349,7 @@ k8s.io/apiextensions-apiserver/pkg/generated/openapi k8s.io/apiextensions-apiserver/pkg/registry/customresource k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition -# k8s.io/apimachinery v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery +# k8s.io/apimachinery v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery ## explicit; go 1.25.0 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1431,7 +1431,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiserver +# k8s.io/apiserver v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiserver ## explicit; go 1.25.0 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/configuration @@ -1625,13 +1625,13 @@ k8s.io/apiserver/plugin/pkg/authenticator/token/oidc k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook/metrics -# k8s.io/cli-runtime v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime +# k8s.io/cli-runtime v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime ## explicit; go 1.25.0 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/genericiooptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go +# k8s.io/client-go v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go ## explicit; go 1.25.0 k8s.io/client-go/applyconfigurations k8s.io/client-go/applyconfigurations/admissionregistration/v1 @@ -2000,7 +2000,7 @@ k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/watchlist k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider +# k8s.io/cloud-provider v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider ## explicit; go 1.25.0 k8s.io/cloud-provider k8s.io/cloud-provider/api @@ -2018,14 +2018,14 @@ k8s.io/cloud-provider/service/helpers k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers -# k8s.io/cluster-bootstrap v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap +# k8s.io/cluster-bootstrap v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap ## explicit; go 1.25.0 k8s.io/cluster-bootstrap/token/api k8s.io/cluster-bootstrap/token/jws k8s.io/cluster-bootstrap/token/util k8s.io/cluster-bootstrap/util/secrets k8s.io/cluster-bootstrap/util/tokens -# k8s.io/component-base v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-base +# k8s.io/component-base v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-base ## explicit; go 1.25.0 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -2062,7 +2062,7 @@ k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version k8s.io/component-base/version/verflag k8s.io/component-base/zpages/features -# k8s.io/component-helpers v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers +# k8s.io/component-helpers v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers ## explicit; go 1.25.0 k8s.io/component-helpers/apimachinery/lease k8s.io/component-helpers/apps/poddisruptionbudget @@ -2080,7 +2080,7 @@ k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/ephemeral k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager +# k8s.io/controller-manager v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager ## explicit; go 1.25.0 k8s.io/controller-manager/app k8s.io/controller-manager/config @@ -2097,22 +2097,22 @@ k8s.io/controller-manager/pkg/informerfactory k8s.io/controller-manager/pkg/leadermigration k8s.io/controller-manager/pkg/leadermigration/config k8s.io/controller-manager/pkg/leadermigration/options -# k8s.io/cri-api v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cri-api +# k8s.io/cri-api v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cri-api ## explicit; go 1.25.0 k8s.io/cri-api/pkg/apis k8s.io/cri-api/pkg/apis/runtime/v1 k8s.io/cri-api/pkg/errors -# k8s.io/cri-client v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cri-client +# k8s.io/cri-client v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/cri-client ## explicit; go 1.25.0 k8s.io/cri-client/pkg k8s.io/cri-client/pkg/internal k8s.io/cri-client/pkg/logs k8s.io/cri-client/pkg/util -# k8s.io/csi-translation-lib v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib +# k8s.io/csi-translation-lib v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib ## explicit; go 1.25.0 k8s.io/csi-translation-lib k8s.io/csi-translation-lib/plugins -# k8s.io/dynamic-resource-allocation v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation +# k8s.io/dynamic-resource-allocation v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation ## explicit; go 1.25.0 k8s.io/dynamic-resource-allocation/api k8s.io/dynamic-resource-allocation/cel @@ -2125,14 +2125,14 @@ k8s.io/dynamic-resource-allocation/structured/internal/experimental k8s.io/dynamic-resource-allocation/structured/internal/incubating k8s.io/dynamic-resource-allocation/structured/internal/stable k8s.io/dynamic-resource-allocation/structured/schedulerapi -# k8s.io/endpointslice v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice +# k8s.io/endpointslice v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice ## explicit; go 1.25.0 k8s.io/endpointslice k8s.io/endpointslice/metrics k8s.io/endpointslice/topologycache k8s.io/endpointslice/trafficdist k8s.io/endpointslice/util -# k8s.io/externaljwt v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/externaljwt +# k8s.io/externaljwt v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/externaljwt ## explicit; go 1.25.0 k8s.io/externaljwt/apis/v1 # k8s.io/gengo/v2 v2.0.0-20250922181213-ec3ebc5fd46b @@ -2154,13 +2154,13 @@ k8s.io/klog/v2/internal/severity k8s.io/klog/v2/internal/sloghandler k8s.io/klog/v2/internal/verbosity k8s.io/klog/v2/textlogger -# k8s.io/kms v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kms +# k8s.io/kms v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kms ## explicit; go 1.25.0 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2 k8s.io/kms/pkg/service k8s.io/kms/pkg/util -# k8s.io/kube-aggregator v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator +# k8s.io/kube-aggregator v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator ## explicit; go 1.25.0 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install @@ -2193,7 +2193,7 @@ k8s.io/kube-aggregator/pkg/controllers/status/remote k8s.io/kube-aggregator/pkg/registry/apiservice k8s.io/kube-aggregator/pkg/registry/apiservice/etcd k8s.io/kube-aggregator/pkg/registry/apiservice/rest -# k8s.io/kube-controller-manager v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager +# k8s.io/kube-controller-manager v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager ## explicit; go 1.25.0 k8s.io/kube-controller-manager/config/v1alpha1 # k8s.io/kube-openapi v0.0.0-20260304202019-5b3e3fdb0acf @@ -2227,15 +2227,15 @@ k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson k8s.io/kube-openapi/pkg/validation/validate -# k8s.io/kube-proxy v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy +# k8s.io/kube-proxy v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy ## explicit; go 1.25.0 k8s.io/kube-proxy/config/v1alpha1 -# k8s.io/kube-scheduler v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler +# k8s.io/kube-scheduler v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler ## explicit; go 1.25.0 k8s.io/kube-scheduler/config/v1 k8s.io/kube-scheduler/extender/v1 k8s.io/kube-scheduler/framework -# k8s.io/kubectl v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubectl +# k8s.io/kubectl v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubectl ## explicit; go 1.25.0 k8s.io/kubectl/pkg/apps k8s.io/kubectl/pkg/cmd/apiresources @@ -2273,7 +2273,7 @@ k8s.io/kubectl/pkg/util/storage k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubelet +# k8s.io/kubelet v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubelet ## explicit; go 1.25.0 k8s.io/kubelet/config/v1 k8s.io/kubelet/config/v1alpha1 @@ -2296,7 +2296,7 @@ k8s.io/kubelet/pkg/cri/streaming k8s.io/kubelet/pkg/cri/streaming/portforward k8s.io/kubelet/pkg/cri/streaming/remotecommand k8s.io/kubelet/pkg/types -# k8s.io/kubernetes v1.35.2 => ./deps/github.com/openshift/kubernetes +# k8s.io/kubernetes v1.35.3 => ./deps/github.com/openshift/kubernetes ## explicit; go 1.25.0 k8s.io/kubernetes/cmd/kube-apiserver/app k8s.io/kubernetes/cmd/kube-apiserver/app/options @@ -3140,7 +3140,7 @@ k8s.io/kubernetes/third_party/forked/gonum/graph/simple k8s.io/kubernetes/third_party/forked/gonum/graph/traverse k8s.io/kubernetes/third_party/forked/libcontainer/apparmor k8s.io/kubernetes/third_party/forked/libcontainer/utils -# k8s.io/metrics v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/metrics +# k8s.io/metrics v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/metrics ## explicit; go 1.25.0 k8s.io/metrics/pkg/apis/custom_metrics k8s.io/metrics/pkg/apis/custom_metrics/v1beta1 @@ -3155,10 +3155,10 @@ k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1 k8s.io/metrics/pkg/client/custom_metrics k8s.io/metrics/pkg/client/custom_metrics/scheme k8s.io/metrics/pkg/client/external_metrics -# k8s.io/mount-utils v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils +# k8s.io/mount-utils v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils ## explicit; go 1.25.0 k8s.io/mount-utils -# k8s.io/pod-security-admission v1.35.2 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission +# k8s.io/pod-security-admission v1.35.3 => ./deps/github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission ## explicit; go 1.25.0 k8s.io/pod-security-admission/admission k8s.io/pod-security-admission/admission/api From 7052b7e839c03bee62576b01d2f384df225cbed6 Mon Sep 17 00:00:00 2001 From: Evgeny Slutsky Date: Thu, 2 Apr 2026 11:52:10 +0200 Subject: [PATCH 06/11] update etcd/go.mod --- etcd/go.mod | 18 +++++++++--------- etcd/go.sum | 4 ++-- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/etcd/go.mod b/etcd/go.mod index 87e070fb3d..04d82f8b40 100644 --- a/etcd/go.mod +++ b/etcd/go.mod @@ -5,16 +5,16 @@ go 1.25.0 replace github.com/openshift/microshift => ../ require ( - github.com/openshift/api v0.0.0-20260317095243-5c75e62da3e7 + github.com/openshift/api v0.0.0-20260402091533-d0af9d722390 github.com/openshift/build-machinery-go v0.0.0-20251023084048-5d77c1a5e5af github.com/openshift/microshift v0.0.0-00010101000000-000000000000 github.com/spf13/cobra v1.10.2 go.etcd.io/etcd/server/v3 v3.6.5 - k8s.io/apimachinery v1.35.2 - k8s.io/cli-runtime v1.35.2 - k8s.io/component-base v1.35.2 + k8s.io/apimachinery v1.35.3 + k8s.io/cli-runtime v1.35.3 + k8s.io/component-base v1.35.3 k8s.io/klog/v2 v2.140.0 - k8s.io/kubectl v1.35.2 + k8s.io/kubectl v1.35.3 sigs.k8s.io/yaml v1.6.0 ) @@ -98,11 +98,11 @@ require ( google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171 // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - k8s.io/api v1.35.2 // indirect - k8s.io/apiserver v1.35.2 // indirect - k8s.io/client-go v1.35.2 // indirect + k8s.io/api v1.35.3 // indirect + k8s.io/apiserver v1.35.3 // indirect + k8s.io/client-go v1.35.3 // indirect k8s.io/kube-openapi v0.0.0-20260304202019-5b3e3fdb0acf // indirect - k8s.io/kubelet v1.35.2 // indirect + k8s.io/kubelet v1.35.3 // indirect k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 // indirect sigs.k8s.io/kustomize/api v0.20.1 // indirect sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect diff --git a/etcd/go.sum b/etcd/go.sum index 8d39623c10..7ea290207d 100644 --- a/etcd/go.sum +++ b/etcd/go.sum @@ -152,8 +152,8 @@ github.com/oklog/run v1.2.0 h1:O8x3yXwah4A73hJdlrwo/2X6J62gE5qTMusH0dvz60E= github.com/oklog/run v1.2.0/go.mod h1:mgDbKRSwPhJfesJ4PntqFUbKQRZ50NgmZTSPlFA0YFk= github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= -github.com/openshift/api v0.0.0-20260317095243-5c75e62da3e7 h1:Da2wB3SciGmbtRx1rRChfoNzuNrn7knzdYWGfkbup1o= -github.com/openshift/api v0.0.0-20260317095243-5c75e62da3e7/go.mod h1:pyVjK0nZ4sRs4fuQVQ4rubsJdahI1PB94LnQ8sGdvxo= +github.com/openshift/api v0.0.0-20260402091533-d0af9d722390 h1:tzmI6HyEB/2gQu3NEo/qzFsy2IMyuYaSy64Sg8vv5UI= +github.com/openshift/api v0.0.0-20260402091533-d0af9d722390/go.mod h1:pyVjK0nZ4sRs4fuQVQ4rubsJdahI1PB94LnQ8sGdvxo= github.com/openshift/build-machinery-go v0.0.0-20251023084048-5d77c1a5e5af h1:UiYYMi/CCV+kwWrXuXfuUSOY2yNXOpWpNVgHc6aLQlE= github.com/openshift/build-machinery-go v0.0.0-20251023084048-5d77c1a5e5af/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE= github.com/openshift/etcd/api/v3 v3.5.0-alpha.0.0.20260312150232-d8d67b8ce849 h1:em2blvFukNrVPlEZuMA1rHioi0eFjSk5qvV/Yp02HxQ= From c36f82f21f114a1d75205ad622bf2a3dfe493df5 Mon Sep 17 00:00:00 2001 From: Evgeny Slutsky Date: Thu, 2 Apr 2026 11:52:12 +0200 Subject: [PATCH 07/11] update etcd/vendor --- .../openshift/api/config/v1/types.go | 5 + .../api/config/v1/types_authentication.go | 9 +- .../openshift/api/config/v1/types_dns.go | 9 +- .../api/config/v1/types_infrastructure.go | 9 +- .../api/config/v1/zz_generated.deepcopy.go | 1 + ..._generated.featuregated-crd-manifests.yaml | 6 +- .../v1/zz_generated.swagger_doc_generated.go | 10 +- .../operator/v1/types_csi_cluster_driver.go | 10 +- .../api/operator/v1/types_ingress.go | 43 +++++++ .../api/operator/v1/types_network.go | 115 ++++++++++++++++++ .../api/operator/v1/zz_generated.deepcopy.go | 34 ++++++ ..._generated.featuregated-crd-manifests.yaml | 7 +- .../v1/zz_generated.swagger_doc_generated.go | 26 +++- etcd/vendor/modules.txt | 18 +-- 14 files changed, 270 insertions(+), 32 deletions(-) diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types.go b/etcd/vendor/github.com/openshift/api/config/v1/types.go index 3e17ca0ccb..e7106ef7ab 100644 --- a/etcd/vendor/github.com/openshift/api/config/v1/types.go +++ b/etcd/vendor/github.com/openshift/api/config/v1/types.go @@ -284,7 +284,12 @@ type ClientConnectionOverrides struct { } // GenericControllerConfig provides information to configure a controller +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type GenericControllerConfig struct { + metav1.TypeMeta `json:",inline"` + // servingInfo is the HTTP serving information for the controller's endpoints ServingInfo HTTPServingInfo `json:"servingInfo"` diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_authentication.go b/etcd/vendor/github.com/openshift/api/config/v1/types_authentication.go index 64d0f399b0..75e57c3709 100644 --- a/etcd/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -618,6 +618,7 @@ type OIDCClientReference struct { // +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC,rule="has(self.claim)",message="claim is required" // +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUIDAndExtraClaimMappings,rule="has(self.claim)",message="claim is required" // +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUpstreamParity,rule="has(self.claim) ? !has(self.expression) : has(self.expression)",message="precisely one of claim or expression must be set" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUpstreamParity,rule="has(self.expression) && size(self.expression) > 0 ? !has(self.prefixPolicy) || self.prefixPolicy != 'Prefix' : true",message="prefixPolicy must not be set to 'Prefix' when expression is set" type UsernameClaimMapping struct { // claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. // claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. @@ -650,11 +651,9 @@ type UsernameClaimMapping struct { // Allowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string). // // When set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. - // // The prefix field must be set when prefixPolicy is 'Prefix'. - // + // Must not be set to 'Prefix' when expression is set. // When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. - // // When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. // Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'. // @@ -710,12 +709,14 @@ type UsernamePrefix struct { // PrefixedClaimMapping configures a claim mapping // that allows for an optional prefix. +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUpstreamParity,rule="has(self.expression) && size(self.expression) > 0 ? (!has(self.prefix) || size(self.prefix) == 0) : true",message="prefix must not be set to a non-empty value when expression is set" type PrefixedClaimMapping struct { TokenClaimMapping `json:",inline"` // prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes. // - // When omitted (""), no prefix is applied to the cluster identity attribute. + // When omitted or set to an empty string (""), no prefix is applied to the cluster identity attribute. + // Must not be set to a non-empty value when expression is set. // // Example: if `prefix` is set to "myoidc:" and the `claim` in JWT contains an array of strings "a", "b" and "c", the mapping will result in an array of string "myoidc:a", "myoidc:b" and "myoidc:c". // diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_dns.go b/etcd/vendor/github.com/openshift/api/config/v1/types_dns.go index 06eb75ccf7..efbdc3ae54 100644 --- a/etcd/vendor/github.com/openshift/api/config/v1/types_dns.go +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_dns.go @@ -134,7 +134,14 @@ type AWSDNSSpec struct { // privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing // operations on the cluster's private hosted zone specified in the cluster DNS config. // When left empty, no role should be assumed. - // +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$` + // + // The ARN must follow the format: arn::iam:::role/, where: + // is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), + // is a 12-digit numeric identifier for the AWS account, + // is the IAM role name. + // + // +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule=`matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$')`,message=`privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/` + // +openshift:validation:FeatureGateAwareXValidation:featureGate=AWSEuropeanSovereignCloudInstall,rule=`matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$')`,message=`privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/` // +optional PrivateZoneIAMRole string `json:"privateZoneIAMRole"` } diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/etcd/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 369ba1e7a0..c579be3a11 100644 --- a/etcd/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -102,11 +102,11 @@ type InfrastructureStatus struct { // and the operators should not configure the operand for highly-available operation // The 'External' mode indicates that the control plane is hosted externally to the cluster and that // its components are not visible within the cluster. + // The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes + // that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum. // +kubebuilder:default=HighlyAvailable - // +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=HighlyAvailable;SingleReplica;External - // +openshift:validation:FeatureGateAwareEnum:featureGate=HighlyAvailableArbiter,enum=HighlyAvailable;HighlyAvailableArbiter;SingleReplica;External - // +openshift:validation:FeatureGateAwareEnum:featureGate=DualReplica,enum=HighlyAvailable;SingleReplica;DualReplica;External - // +openshift:validation:FeatureGateAwareEnum:requiredFeatureGate=HighlyAvailableArbiter;DualReplica,enum=HighlyAvailable;HighlyAvailableArbiter;SingleReplica;DualReplica;External + // +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=HighlyAvailable;HighlyAvailableArbiter;SingleReplica;External + // +openshift:validation:FeatureGateAwareEnum:featureGate=DualReplica,enum=HighlyAvailable;HighlyAvailableArbiter;SingleReplica;DualReplica;External // +optional ControlPlaneTopology TopologyMode `json:"controlPlaneTopology"` @@ -787,7 +787,6 @@ type GCPPlatformStatus struct { // // +default={"dnsType": "PlatformDefault"} // +kubebuilder:default={"dnsType": "PlatformDefault"} - // +openshift:enable:FeatureGate=GCPClusterHostedDNSInstall // +optional // +nullable CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"` diff --git a/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 30b85b78e9..a604d2f634 100644 --- a/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -2560,6 +2560,7 @@ func (in *GenericAPIServerConfig) DeepCopy() *GenericAPIServerConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GenericControllerConfig) DeepCopyInto(out *GenericControllerConfig) { *out = *in + out.TypeMeta = in.TypeMeta in.ServingInfo.DeepCopyInto(&out.ServingInfo) out.LeaderElection = in.LeaderElection out.Authentication = in.Authentication diff --git a/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml index 4b768c3898..84c1443d44 100644 --- a/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -206,7 +206,8 @@ dnses.config.openshift.io: CRDName: dnses.config.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - AWSEuropeanSovereignCloudInstall FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -372,9 +373,6 @@ infrastructures.config.openshift.io: - AzureDualStackInstall - DualReplica - DyanmicServiceEndpointIBMCloud - - GCPClusterHostedDNSInstall - - HighlyAvailableArbiter - - HighlyAvailableArbiter+DualReplica - NutanixMultiSubnets - OnPremDNSRecords - VSphereHostVMGroupZonal diff --git a/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index a30061c252..4a5346dba8 100644 --- a/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -137,7 +137,7 @@ func (GenericAPIServerConfig) SwaggerDoc() map[string]string { } var map_GenericControllerConfig = map[string]string{ - "": "GenericControllerConfig provides information to configure a controller", + "": "GenericControllerConfig provides information to configure a controller\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "servingInfo": "servingInfo is the HTTP serving information for the controller's endpoints", "leaderElection": "leaderElection provides information to elect a leader. Only override this if you have a specific need", "authentication": "authentication allows configuration of authentication for the endpoints", @@ -459,7 +459,7 @@ func (OIDCProvider) SwaggerDoc() map[string]string { var map_PrefixedClaimMapping = map[string]string{ "": "PrefixedClaimMapping configures a claim mapping that allows for an optional prefix.", - "prefix": "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted (\"\"), no prefix is applied to the cluster identity attribute.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", + "prefix": "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted or set to an empty string (\"\"), no prefix is applied to the cluster identity attribute. Must not be set to a non-empty value when expression is set.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", } func (PrefixedClaimMapping) SwaggerDoc() map[string]string { @@ -550,7 +550,7 @@ func (TokenUserValidationRule) SwaggerDoc() map[string]string { var map_UsernameClaimMapping = map[string]string{ "claim": "claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. When the ExternalOIDCWithUpstreamParity feature gate is enabled, claim must not be set when expression is set.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.", "expression": "expression is an optional CEL expression used to derive the username from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length. expression must not be set when claim is set.", - "prefixPolicy": "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim.\n\nThe prefix field must be set when prefixPolicy is 'Prefix'.\n\nWhen set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim.\n\nWhen omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'.\n\nAs an example, consider the following scenario:\n\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", + "prefixPolicy": "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. The prefix field must be set when prefixPolicy is 'Prefix'. Must not be set to 'Prefix' when expression is set. When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'.\n\nAs an example, consider the following scenario:\n\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", "prefix": "prefix configures the prefix that should be prepended to the value of the JWT claim.\n\nprefix must be set when prefixPolicy is set to 'Prefix' and must be unset otherwise.", } @@ -988,7 +988,7 @@ func (ConsoleStatus) SwaggerDoc() map[string]string { var map_AWSDNSSpec = map[string]string{ "": "AWSDNSSpec contains DNS configuration specific to the Amazon Web Services cloud provider.", - "privateZoneIAMRole": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.", + "privateZoneIAMRole": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.\n\nThe ARN must follow the format: arn::iam:::role/, where: is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), is a 12-digit numeric identifier for the AWS account, is the IAM role name.", } func (AWSDNSSpec) SwaggerDoc() map[string]string { @@ -1754,7 +1754,7 @@ var map_InfrastructureStatus = map[string]string{ "etcdDiscoveryDomain": "etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.", "apiServerURL": "apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.", "apiServerInternalURI": "apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.", - "controlPlaneTopology": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster.", + "controlPlaneTopology": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum.", "infrastructureTopology": "infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.", "cpuPartitioning": "cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are \"None\" and \"AllNodes\". When omitted, the default value is \"None\". The default value of \"None\" indicates that no nodes will be setup with CPU partitioning. The \"AllNodes\" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API.", } diff --git a/etcd/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/etcd/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index 53c71aabb6..52f5db78d5 100644 --- a/etcd/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/etcd/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -163,7 +163,15 @@ type AWSCSIDriverConfigSpec struct { // kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, // rather than the default KMS key used by AWS. // The value may be either the ARN or Alias ARN of a KMS key. - // +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$` + // + // The ARN must follow the format: arn::kms:::(key|alias)/, where: + // is the AWS partition (aws, aws-cn, aws-us-gov, aws-iso, aws-iso-b, aws-iso-e, aws-iso-f, or aws-eusc), + // is the AWS region, + // is a 12-digit numeric identifier for the AWS account, + // is the KMS key ID or alias name. + // + // +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule=`matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$')`,message=`kmsKeyARN must be a valid AWS KMS key ARN in the format: arn::kms:::(key|alias)/` + // +openshift:validation:FeatureGateAwareXValidation:featureGate=AWSEuropeanSovereignCloudInstall,rule=`matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$')`,message=`kmsKeyARN must be a valid AWS KMS key ARN in the format: arn::kms:::(key|alias)/` // +optional KMSKeyARN string `json:"kmsKeyARN,omitempty"` diff --git a/etcd/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/etcd/vendor/github.com/openshift/api/operator/v1/types_ingress.go index d54352f2ce..0c5cf919e1 100644 --- a/etcd/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/etcd/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -2068,8 +2068,51 @@ type IngressControllerTuningOptions struct { // +kubebuilder:validation:Type:=string // +optional ReloadInterval metav1.Duration `json:"reloadInterval,omitempty"` + + // configurationManagement specifies how OpenShift router should update + // the HAProxy configuration. The following values are valid for this + // field: + // + // * "ForkAndReload". + // * "Dynamic". + // + // Omitting this field means that the user has no opinion and the + // platform may choose a reasonable default. This default is subject to + // change over time. The current default is "ForkAndReload". + // + // "ForkAndReload" means that OpenShift router should rewrite the + // HAProxy configuration file and instruct HAProxy to fork and reload. + // This is OpenShift router's traditional approach. + // + // "Dynamic" means that OpenShift router may use HAProxy's control + // socket for some configuration updates and fall back to fork and + // reload for other configuration updates. This is a newer approach, + // which may be less mature than ForkAndReload. This setting can + // improve load-balancing fairness and metrics accuracy and reduce CPU + // and memory usage if HAProxy has frequent configuration updates for + // route and endpoints updates. + // + // Note: The "Dynamic" option is currently experimental and should not + // be enabled on production clusters. + // + // +openshift:enable:FeatureGate=IngressControllerDynamicConfigurationManager + // +optional + ConfigurationManagement IngressControllerConfigurationManagement `json:"configurationManagement,omitempty"` } +// IngressControllerConfigurationManagement specifies whether always to use +// fork-and-reload to update the HAProxy configuration or whether to use +// HAProxy's control socket for some configuration updates. +// +// +enum +// +kubebuilder:validation:Enum=Dynamic;ForkAndReload +type IngressControllerConfigurationManagement string + +const ( + IngressControllerConfigurationManagementDynamic IngressControllerConfigurationManagement = "Dynamic" + IngressControllerConfigurationManagementForkAndReload IngressControllerConfigurationManagement = "ForkAndReload" +) + // HTTPEmptyRequestsPolicy indicates how HTTP connections for which no request // is received should be handled. // +kubebuilder:validation:Enum=Respond;Ignore diff --git a/etcd/vendor/github.com/openshift/api/operator/v1/types_network.go b/etcd/vendor/github.com/openshift/api/operator/v1/types_network.go index 1cf56f549b..cd2e2f9e38 100644 --- a/etcd/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/etcd/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -398,6 +398,12 @@ type OpenShiftSDNConfig struct { // ovnKubernetesConfig contains the configuration parameters for networks // using the ovn-kubernetes network project +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self.?transport.orValue('') == 'NoOverlay' ? self.?routeAdvertisements.orValue('') == 'Enabled' : true",message="routeAdvertisements must be Enabled when transport is NoOverlay" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self.?transport.orValue('') == 'NoOverlay' ? has(self.noOverlayConfig) : !has(self.noOverlayConfig)",message="noOverlayConfig must be set if transport is NoOverlay, and is forbidden otherwise" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self.?noOverlayConfig.routing.orValue('') == 'Managed' ? has(self.bgpManagedConfig) : true",message="bgpManagedConfig is required when noOverlayConfig.routing is Managed" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(self.transport) || self.transport == 'Geneve' || has(oldSelf.transport)",message="transport can only be set to Geneve after installation" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(oldSelf.transport) || has(self.transport)",message="transport may not be removed once set" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(oldSelf.noOverlayConfig) || has(self.noOverlayConfig)",message="noOverlayConfig may not be removed once set" type OVNKubernetesConfig struct { // mtu is the MTU to use for the tunnel interface. This must be 100 // bytes smaller than the uplink mtu. @@ -466,6 +472,38 @@ type OVNKubernetesConfig struct { // current default is "Disabled". // +optional RouteAdvertisements RouteAdvertisementsEnablement `json:"routeAdvertisements,omitempty"` + + // transport sets the transport mode for pods on the default network. + // Allowed values are "NoOverlay" and "Geneve". + // "NoOverlay" avoids tunnel encapsulation, routing pod traffic directly between nodes. + // "Geneve" encapsulates pod traffic using Geneve tunnels between nodes. + // When omitted, this means the user has no opinion and the platform chooses + // a reasonable default which is subject to change over time. + // The current default is "Geneve". + // "NoOverlay" can only be set at installation time and cannot be changed afterwards. + // "Geneve" may be set explicitly at any time to lock in the current default. + // +openshift:enable:FeatureGate=NoOverlayMode + // +kubebuilder:validation:Enum=NoOverlay;Geneve + // +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self == oldSelf",message="transport is immutable once set" + // +optional + Transport TransportOption `json:"transport,omitempty"` + + // noOverlayConfig contains configuration for no-overlay mode. + // This configuration applies to the default network only. + // It is required when transport is "NoOverlay". + // When omitted, this means the user does not configure no-overlay mode options. + // +openshift:enable:FeatureGate=NoOverlayMode + // +optional + NoOverlayConfig NoOverlayConfig `json:"noOverlayConfig,omitzero,omitempty"` + + // bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) + // in no-overlay mode that specify routing="Managed" in their noOverlayConfig. + // It is required when noOverlayConfig.routing is set to "Managed". + // When omitted, this means the user does not configure BGP for managed routing. + // This field can be set at installation time or on day 2, and can be modified at any time. + // +openshift:enable:FeatureGate=NoOverlayMode + // +optional + BGPManagedConfig BGPManagedConfig `json:"bgpManagedConfig,omitzero,omitempty"` } type IPv4OVNKubernetesConfig struct { @@ -896,3 +934,80 @@ type AdditionalRoutingCapabilities struct { // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x == y))" Providers []RoutingCapabilitiesProvider `json:"providers"` } + +// TransportOption is the type for network transport options +type TransportOption string + +// SNATOption is the type for SNAT configuration options +type SNATOption string + +// RoutingOption is the type for routing configuration options +type RoutingOption string + +// BGPTopology is the type for BGP topology configuration +type BGPTopology string + +const ( + // TransportOptionNoOverlay indicates the network operates in no-overlay mode + TransportOptionNoOverlay TransportOption = "NoOverlay" + // TransportOptionGeneve indicates the network uses Geneve overlay + TransportOptionGeneve TransportOption = "Geneve" + + // SNATEnabled indicates outbound SNAT is enabled + SNATEnabled SNATOption = "Enabled" + // SNATDisabled indicates outbound SNAT is disabled + SNATDisabled SNATOption = "Disabled" + + // RoutingManaged indicates routing is managed by OVN-Kubernetes + RoutingManaged RoutingOption = "Managed" + // RoutingUnmanaged indicates routing is managed by users + RoutingUnmanaged RoutingOption = "Unmanaged" + + // BGPTopologyFullMesh indicates a full mesh BGP topology where every node peers directly with every other node + BGPTopologyFullMesh BGPTopology = "FullMesh" +) + +// NoOverlayConfig contains configuration options for networks operating in no-overlay mode. +type NoOverlayConfig struct { + // outboundSNAT defines the SNAT behavior for outbound traffic from pods. + // Allowed values are "Enabled" and "Disabled". + // When set to "Enabled", SNAT is performed on outbound traffic from pods. + // When set to "Disabled", SNAT is not performed and pod IPs are preserved in outbound traffic. + // This field is required when the network operates in no-overlay mode. + // This field can be set to any value at installation time and can be changed afterwards. + // +kubebuilder:validation:Enum=Enabled;Disabled + // +required + OutboundSNAT SNATOption `json:"outboundSNAT,omitempty"` + + // routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. + // Allowed values are "Managed" and "Unmanaged". + // When set to "Managed", OVN-Kubernetes manages the pod network routing configuration through BGP. + // When set to "Unmanaged", users are responsible for configuring the pod network routing. + // This field is required when the network operates in no-overlay mode. + // This field is immutable once set. + // +kubebuilder:validation:Enum=Managed;Unmanaged + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="routing is immutable once set" + // +required + Routing RoutingOption `json:"routing,omitempty"` +} + +// BGPManagedConfig contains configuration options for BGP when routing is "Managed". +type BGPManagedConfig struct { + // asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) + // to be used in the generated FRR configuration. + // Valid values are 1 to 4294967295. + // When omitted, this defaults to 64512. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=4294967295 + // +default=64512 + // +optional + ASNumber int64 `json:"asNumber,omitempty"` + + // bgpTopology defines the BGP topology to be used. + // Allowed values are "FullMesh". + // When set to "FullMesh", every node peers directly with every other node via BGP. + // This field is required when BGPManagedConfig is specified. + // +kubebuilder:validation:Enum=FullMesh + // +required + BGPTopology BGPTopology `json:"bgpTopology,omitempty"` +} diff --git a/etcd/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/etcd/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index 3bc6b81de4..3d3c8f4f82 100644 --- a/etcd/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/etcd/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -390,6 +390,22 @@ func (in *AzureDiskEncryptionSet) DeepCopy() *AzureDiskEncryptionSet { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BGPManagedConfig) DeepCopyInto(out *BGPManagedConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BGPManagedConfig. +func (in *BGPManagedConfig) DeepCopy() *BGPManagedConfig { + if in == nil { + return nil + } + out := new(BGPManagedConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BootImageSkewEnforcementConfig) DeepCopyInto(out *BootImageSkewEnforcementConfig) { *out = *in @@ -3665,6 +3681,22 @@ func (in *NetworkStatus) DeepCopy() *NetworkStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NoOverlayConfig) DeepCopyInto(out *NoOverlayConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NoOverlayConfig. +func (in *NoOverlayConfig) DeepCopy() *NoOverlayConfig { + if in == nil { + return nil + } + out := new(NoOverlayConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeDisruptionPolicyClusterStatus) DeepCopyInto(out *NodeDisruptionPolicyClusterStatus) { *out = *in @@ -4158,6 +4190,8 @@ func (in *OVNKubernetesConfig) DeepCopyInto(out *OVNKubernetesConfig) { *out = new(IPv6OVNKubernetesConfig) **out = **in } + out.NoOverlayConfig = in.NoOverlayConfig + out.BGPManagedConfig = in.BGPManagedConfig return } diff --git a/etcd/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/etcd/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml index 1c552b0c0e..aaf0972908 100644 --- a/etcd/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/etcd/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -69,6 +69,7 @@ clustercsidrivers.operator.openshift.io: Capability: "" Category: "" FeatureGates: + - AWSEuropeanSovereignCloudInstall - VSphereConfigurableMaxAllowedBlockVolumesPerNode FilenameOperatorName: csi-driver FilenameOperatorOrdering: "01" @@ -175,7 +176,8 @@ ingresscontrollers.operator.openshift.io: CRDName: ingresscontrollers.operator.openshift.io Capability: Ingress Category: "" - FeatureGates: [] + FeatureGates: + - IngressControllerDynamicConfigurationManager FilenameOperatorName: ingress FilenameOperatorOrdering: "00" FilenameRunLevel: "0000_50" @@ -326,7 +328,8 @@ networks.operator.openshift.io: CRDName: networks.operator.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - NoOverlayMode FilenameOperatorName: network FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_70" diff --git a/etcd/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/etcd/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index 64aac26eb3..c3ed726028 100644 --- a/etcd/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/etcd/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -466,7 +466,7 @@ func (Theme) SwaggerDoc() map[string]string { var map_AWSCSIDriverConfigSpec = map[string]string{ "": "AWSCSIDriverConfigSpec defines properties that can be configured for the AWS CSI driver.", - "kmsKeyARN": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.", + "kmsKeyARN": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.\n\nThe ARN must follow the format: arn::kms:::(key|alias)/, where: is the AWS partition (aws, aws-cn, aws-us-gov, aws-iso, aws-iso-b, aws-iso-e, aws-iso-f, or aws-eusc), is the AWS region, is a 12-digit numeric identifier for the AWS account, is the KMS key ID or alias name.", "efsVolumeMetrics": "efsVolumeMetrics sets the configuration for collecting metrics from EFS volumes used by the EFS CSI Driver.", } @@ -1121,6 +1121,7 @@ var map_IngressControllerTuningOptions = map[string]string{ "healthCheckInterval": "healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends. This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation \"router.openshift.io/haproxy.health.check.interval\".\n\nExpects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nSetting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms. Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven't yet been detected as such.\n\nAn empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s.\n\nCurrently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days). Both are subject to change over time.", "maxConnections": "maxConnections defines the maximum number of simultaneous connections that can be established per HAProxy process. Increasing this value allows each ingress controller pod to handle more connections but at the cost of additional system resources being consumed.\n\nPermitted values are: empty, 0, -1, and the range 2000-2000000.\n\nIf this field is empty or 0, the IngressController will use the default value of 50000, but the default is subject to change in future releases.\n\nIf the value is -1 then HAProxy will dynamically compute a maximum value based on the available ulimits in the running container. Selecting -1 (i.e., auto) will result in a large value being computed (~520000 on OpenShift >=4.10 clusters) and therefore each HAProxy process will incur significant memory usage compared to the current default of 50000.\n\nSetting a value that is greater than the current operating system limit will prevent the HAProxy process from starting.\n\nIf you choose a discrete value (e.g., 750000) and the router pod is migrated to a new node, there's no guarantee that that new node has identical ulimits configured. In such a scenario the pod would fail to start. If you have nodes with different ulimits configured (e.g., different tuned profiles) and you choose a discrete value then the guidance is to use -1 and let the value be computed dynamically at runtime.\n\nYou can monitor memory usage for router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'.\n\nYou can monitor memory usage of individual HAProxy processes in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'.", "reloadInterval": "reloadInterval defines the minimum interval at which the router is allowed to reload to accept new changes. Increasing this value can prevent the accumulation of HAProxy processes, depending on the scenario. Increasing this interval can also lessen load imbalance on a backend's servers when using the roundrobin balancing algorithm. Alternatively, decreasing this value may decrease latency since updates to HAProxy's configuration can take effect more quickly.\n\nThe value must be a time duration value; see . Currently, the minimum value allowed is 1s, and the maximum allowed value is 120s. Minimum and maximum allowed values may change in future versions of OpenShift. Note that if a duration outside of these bounds is provided, the value of reloadInterval will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to 120s; the IngressController will not reject and replace this disallowed value with the default).\n\nA zero value for reloadInterval tells the IngressController to choose the default, which is currently 5s and subject to change without notice.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nNote: Setting a value significantly larger than the default of 5s can cause latency in observing updates to routes and their endpoints. HAProxy's configuration will be reloaded less frequently, and newly created routes will not be served until the subsequent reload.", + "configurationManagement": "configurationManagement specifies how OpenShift router should update the HAProxy configuration. The following values are valid for this field:\n\n* \"ForkAndReload\". * \"Dynamic\".\n\nOmitting this field means that the user has no opinion and the platform may choose a reasonable default. This default is subject to change over time. The current default is \"ForkAndReload\".\n\n\"ForkAndReload\" means that OpenShift router should rewrite the HAProxy configuration file and instruct HAProxy to fork and reload. This is OpenShift router's traditional approach.\n\n\"Dynamic\" means that OpenShift router may use HAProxy's control socket for some configuration updates and fall back to fork and reload for other configuration updates. This is a newer approach, which may be less mature than ForkAndReload. This setting can improve load-balancing fairness and metrics accuracy and reduce CPU and memory usage if HAProxy has frequent configuration updates for route and endpoints updates.\n\nNote: The \"Dynamic\" option is currently experimental and should not be enabled on production clusters.", } func (IngressControllerTuningOptions) SwaggerDoc() map[string]string { @@ -1669,6 +1670,16 @@ func (AdditionalRoutingCapabilities) SwaggerDoc() map[string]string { return map_AdditionalRoutingCapabilities } +var map_BGPManagedConfig = map[string]string{ + "": "BGPManagedConfig contains configuration options for BGP when routing is \"Managed\".", + "asNumber": "asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) to be used in the generated FRR configuration. Valid values are 1 to 4294967295. When omitted, this defaults to 64512.", + "bgpTopology": "bgpTopology defines the BGP topology to be used. Allowed values are \"FullMesh\". When set to \"FullMesh\", every node peers directly with every other node via BGP. This field is required when BGPManagedConfig is specified.", +} + +func (BGPManagedConfig) SwaggerDoc() map[string]string { + return map_BGPManagedConfig +} + var map_ClusterNetworkEntry = map[string]string{ "": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks", } @@ -1896,6 +1907,16 @@ func (NetworkStatus) SwaggerDoc() map[string]string { return map_NetworkStatus } +var map_NoOverlayConfig = map[string]string{ + "": "NoOverlayConfig contains configuration options for networks operating in no-overlay mode.", + "outboundSNAT": "outboundSNAT defines the SNAT behavior for outbound traffic from pods. Allowed values are \"Enabled\" and \"Disabled\". When set to \"Enabled\", SNAT is performed on outbound traffic from pods. When set to \"Disabled\", SNAT is not performed and pod IPs are preserved in outbound traffic. This field is required when the network operates in no-overlay mode. This field can be set to any value at installation time and can be changed afterwards.", + "routing": "routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. Allowed values are \"Managed\" and \"Unmanaged\". When set to \"Managed\", OVN-Kubernetes manages the pod network routing configuration through BGP. When set to \"Unmanaged\", users are responsible for configuring the pod network routing. This field is required when the network operates in no-overlay mode. This field is immutable once set.", +} + +func (NoOverlayConfig) SwaggerDoc() map[string]string { + return map_NoOverlayConfig +} + var map_OVNKubernetesConfig = map[string]string{ "": "ovnKubernetesConfig contains the configuration parameters for networks using the ovn-kubernetes network project", "mtu": "mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400", @@ -1910,6 +1931,9 @@ var map_OVNKubernetesConfig = map[string]string{ "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", "routeAdvertisements": "routeAdvertisements determines if the functionality to advertise cluster network routes through a dynamic routing protocol, such as BGP, is enabled or not. This functionality is configured through the ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing capability provider to be enabled as an additional routing capability. Allowed values are \"Enabled\", \"Disabled\" and ommited. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is \"Disabled\".", + "transport": "transport sets the transport mode for pods on the default network. Allowed values are \"NoOverlay\" and \"Geneve\". \"NoOverlay\" avoids tunnel encapsulation, routing pod traffic directly between nodes. \"Geneve\" encapsulates pod traffic using Geneve tunnels between nodes. When omitted, this means the user has no opinion and the platform chooses a reasonable default which is subject to change over time. The current default is \"Geneve\". \"NoOverlay\" can only be set at installation time and cannot be changed afterwards. \"Geneve\" may be set explicitly at any time to lock in the current default.", + "noOverlayConfig": "noOverlayConfig contains configuration for no-overlay mode. This configuration applies to the default network only. It is required when transport is \"NoOverlay\". When omitted, this means the user does not configure no-overlay mode options.", + "bgpManagedConfig": "bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) in no-overlay mode that specify routing=\"Managed\" in their noOverlayConfig. It is required when noOverlayConfig.routing is set to \"Managed\". When omitted, this means the user does not configure BGP for managed routing. This field can be set at installation time or on day 2, and can be modified at any time.", } func (OVNKubernetesConfig) SwaggerDoc() map[string]string { diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt index 2991cb9472..d30f71fd9b 100644 --- a/etcd/vendor/modules.txt +++ b/etcd/vendor/modules.txt @@ -197,7 +197,7 @@ github.com/munnerz/goautoneg # github.com/oklog/run v1.2.0 ## explicit; go 1.20 github.com/oklog/run -# github.com/openshift/api v0.0.0-20260317095243-5c75e62da3e7 +# github.com/openshift/api v0.0.0-20260402091533-d0af9d722390 ## explicit; go 1.25.0 github.com/openshift/api/config/v1 github.com/openshift/api/operator/v1 @@ -664,7 +664,7 @@ gopkg.in/inf.v0 # gopkg.in/natefinch/lumberjack.v2 v2.2.1 ## explicit; go 1.13 gopkg.in/natefinch/lumberjack.v2 -# k8s.io/api v1.35.2 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/api +# k8s.io/api v1.35.3 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/api ## explicit; go 1.25.0 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -726,7 +726,7 @@ k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 k8s.io/api/storagemigration/v1beta1 -# k8s.io/apimachinery v1.35.2 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery +# k8s.io/apimachinery v1.35.3 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery ## explicit; go 1.25.0 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -785,18 +785,18 @@ k8s.io/apimachinery/pkg/version k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v1.35.2 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiserver +# k8s.io/apiserver v1.35.3 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/apiserver ## explicit; go 1.25.0 k8s.io/apiserver/pkg/apis/audit k8s.io/apiserver/pkg/apis/audit/v1 k8s.io/apiserver/pkg/authentication/user -# k8s.io/cli-runtime v1.35.2 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime +# k8s.io/cli-runtime v1.35.3 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime ## explicit; go 1.25.0 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/genericiooptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v1.35.2 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go +# k8s.io/client-go v1.35.3 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/client-go ## explicit; go 1.25.0 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -951,7 +951,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/workqueue -# k8s.io/component-base v1.35.2 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-base +# k8s.io/component-base v1.35.3 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/component-base ## explicit; go 1.25.0 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -989,7 +989,7 @@ k8s.io/kube-openapi/pkg/util k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/util/proto/validation k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubectl v1.35.2 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubectl +# k8s.io/kubectl v1.35.3 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubectl ## explicit; go 1.25.0 k8s.io/kubectl/pkg/cmd/util k8s.io/kubectl/pkg/scheme @@ -999,7 +999,7 @@ k8s.io/kubectl/pkg/util/openapi k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v1.35.2 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubelet +# k8s.io/kubelet v1.35.3 => ../deps/github.com/openshift/kubernetes/staging/src/k8s.io/kubelet ## explicit; go 1.25.0 k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1 # k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 From ef4aea0b24ae9f8e0d0ffc5b96f0f73bc55b8892 Mon Sep 17 00:00:00 2001 From: Evgeny Slutsky Date: Thu, 2 Apr 2026 11:52:12 +0200 Subject: [PATCH 08/11] update component images --- packaging/crio.conf.d/10-microshift_amd64.conf | 2 +- packaging/crio.conf.d/10-microshift_arm64.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/crio.conf.d/10-microshift_amd64.conf b/packaging/crio.conf.d/10-microshift_amd64.conf index 066438aa8d..78afa1834d 100644 --- a/packaging/crio.conf.d/10-microshift_amd64.conf +++ b/packaging/crio.conf.d/10-microshift_amd64.conf @@ -2,6 +2,6 @@ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:99e3448beed2df93641fced98f2cfd9e1ffe02901da9e7fae2ea54b5ce63cf16" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fb8d06e3e46118e7921331871891a4bea62ff086e084781b6c772569314bd45f" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/packaging/crio.conf.d/10-microshift_arm64.conf b/packaging/crio.conf.d/10-microshift_arm64.conf index 89c5e1b0a5..39826fb65b 100644 --- a/packaging/crio.conf.d/10-microshift_arm64.conf +++ b/packaging/crio.conf.d/10-microshift_arm64.conf @@ -2,6 +2,6 @@ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ac628fe7cc2515e11d50b708fc69a77258640fc44cd073ad2891e997030c4d35" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0eee7f97711c71d3a4c559c0063d9752ccddc563e196b6a876a5184402495a86" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" From fa2ab439e04fd773709dbcb018846648e3e5d4a1 Mon Sep 17 00:00:00 2001 From: Evgeny Slutsky Date: Thu, 2 Apr 2026 11:52:14 +0200 Subject: [PATCH 09/11] update manifests --- .../multus/kustomization.aarch64.yaml | 4 ++-- .../multus/release-multus-aarch64.json | 6 +++--- .../multus/release-multus-x86_64.json | 2 +- .../kustomization.aarch64.yaml | 10 +++++----- .../kustomization.x86_64.yaml | 8 ++++---- .../release-olm-aarch64.json | 8 ++++---- .../release-olm-x86_64.json | 6 +++--- assets/release/release-aarch64.json | 18 +++++++++--------- assets/release/release-x86_64.json | 12 ++++++------ 9 files changed, 37 insertions(+), 37 deletions(-) diff --git a/assets/components/multus/kustomization.aarch64.yaml b/assets/components/multus/kustomization.aarch64.yaml index 85885ad6c0..6036fc726b 100644 --- a/assets/components/multus/kustomization.aarch64.yaml +++ b/assets/components/multus/kustomization.aarch64.yaml @@ -2,7 +2,7 @@ images: - name: multus-cni-microshift newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:bbe8926551e22ba1c6ea275ddf2c42857ce737b00bb0cfbb548eb2ade4269ebd + digest: sha256:bfb904a68e228e2fc306f4b69646c3a733cff4c10e6fda7fe75df3174c818ae2 - name: containernetworking-plugins-microshift newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:7677885ccb9c85656453106dd79ff2d05a7401484a0fa194261b96bdfebe29a0 + digest: sha256:6ad7f1c820b2b007971c60cdcf85dff0f20bc2f2b3c8b1fe5226522322b2792d diff --git a/assets/components/multus/release-multus-aarch64.json b/assets/components/multus/release-multus-aarch64.json index 1243fb160b..df748740ec 100644 --- a/assets/components/multus/release-multus-aarch64.json +++ b/assets/components/multus/release-multus-aarch64.json @@ -1,9 +1,9 @@ { "release": { - "base": "4.22.0-0.nightly-arm64-2026-03-31-033117" + "base": "4.22.0-0.nightly-arm64-2026-04-02-033117" }, "images": { - "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bbe8926551e22ba1c6ea275ddf2c42857ce737b00bb0cfbb548eb2ade4269ebd", - "containernetworking-plugins-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7677885ccb9c85656453106dd79ff2d05a7401484a0fa194261b96bdfebe29a0" + "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bfb904a68e228e2fc306f4b69646c3a733cff4c10e6fda7fe75df3174c818ae2", + "containernetworking-plugins-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6ad7f1c820b2b007971c60cdcf85dff0f20bc2f2b3c8b1fe5226522322b2792d" } } diff --git a/assets/components/multus/release-multus-x86_64.json b/assets/components/multus/release-multus-x86_64.json index 5ad1e4ebed..f0625f93af 100644 --- a/assets/components/multus/release-multus-x86_64.json +++ b/assets/components/multus/release-multus-x86_64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.22.0-0.nightly-2026-03-29-173136" + "base": "4.22.0-0.nightly-2026-04-01-151631" }, "images": { "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c123ce760a9ee7b0a3995a5e06a578943aff20a4b3e03f7aa6d442d6015e62a8", diff --git a/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml b/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml index 0722e30f4c..20bf82baa4 100644 --- a/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml +++ b/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml @@ -2,13 +2,13 @@ images: - name: quay.io/operator-framework/olm newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:7e7241ecc8ef072108b4043be3d0ce8d804e68964203fe002c9c2a8f2396a7f6 + digest: sha256:ff87b8ca01872de4f6fddf890f0e7a243b179376f200567300b1c2c1918e5402 - name: quay.io/operator-framework/configmap-operator-registry newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:71b5473e79c9ef7da9989e2c235a705a06732233636b7977459cf94e4eaa7bd4 + digest: sha256:00f42ea149e7b5ab62b08da79da65bcd7e0785442bd5ee0314b924fbeb0df975 - name: quay.io/openshift/origin-kube-rbac-proxy newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:379f906d6e3970fca176447c41e5b3e4b140986e47bedda5876b850726aa6a6d + digest: sha256:b2a0c592a6105fcba0299bcebf9c6079015f533bc2ebb8791e7953b26861c788 patches: - patch: |- @@ -16,12 +16,12 @@ patches: path: /spec/template/spec/containers/0/env/- value: name: OPERATOR_REGISTRY_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:71b5473e79c9ef7da9989e2c235a705a06732233636b7977459cf94e4eaa7bd4 + value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00f42ea149e7b5ab62b08da79da65bcd7e0785442bd5ee0314b924fbeb0df975 - op: add path: /spec/template/spec/containers/0/env/- value: name: OLM_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7e7241ecc8ef072108b4043be3d0ce8d804e68964203fe002c9c2a8f2396a7f6 + value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ff87b8ca01872de4f6fddf890f0e7a243b179376f200567300b1c2c1918e5402 target: kind: Deployment labelSelector: app=catalog-operator diff --git a/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml b/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml index e5603e4d8d..7b9b5cc905 100644 --- a/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml +++ b/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml @@ -2,10 +2,10 @@ images: - name: quay.io/operator-framework/olm newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:56682799a336de6e590352644ca872ff5c08aef3166248230e0b00c4751abe74 + digest: sha256:46aeacb2c570ef9e7b6099fde06e8246465d29f2b30c635157d7403d4161d50b - name: quay.io/operator-framework/configmap-operator-registry newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:f9c5792b24f2e335975bc7e82dadbf415e96e7f317fe9f17e19c67b97aea2d6c + digest: sha256:0221168a5fc4bdc4801e7cf031bbc93eb282a5f41bebce26c1cd57493cd02537 - name: quay.io/openshift/origin-kube-rbac-proxy newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev digest: sha256:b24b10973a22c0dad43644e033ece7a1ec2bf3b2469ca390260ee94a32f1630c @@ -16,12 +16,12 @@ patches: path: /spec/template/spec/containers/0/env/- value: name: OPERATOR_REGISTRY_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f9c5792b24f2e335975bc7e82dadbf415e96e7f317fe9f17e19c67b97aea2d6c + value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0221168a5fc4bdc4801e7cf031bbc93eb282a5f41bebce26c1cd57493cd02537 - op: add path: /spec/template/spec/containers/0/env/- value: name: OLM_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:56682799a336de6e590352644ca872ff5c08aef3166248230e0b00c4751abe74 + value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:46aeacb2c570ef9e7b6099fde06e8246465d29f2b30c635157d7403d4161d50b target: kind: Deployment labelSelector: app=catalog-operator diff --git a/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json b/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json index 64a663bf1b..e666d13581 100644 --- a/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json +++ b/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json @@ -1,10 +1,10 @@ { "release": { - "base": "4.22.0-0.nightly-arm64-2026-03-31-033117" + "base": "4.22.0-0.nightly-arm64-2026-04-02-033117" }, "images": { - "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7e7241ecc8ef072108b4043be3d0ce8d804e68964203fe002c9c2a8f2396a7f6", - "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:71b5473e79c9ef7da9989e2c235a705a06732233636b7977459cf94e4eaa7bd4", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:379f906d6e3970fca176447c41e5b3e4b140986e47bedda5876b850726aa6a6d" + "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ff87b8ca01872de4f6fddf890f0e7a243b179376f200567300b1c2c1918e5402", + "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00f42ea149e7b5ab62b08da79da65bcd7e0785442bd5ee0314b924fbeb0df975", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b2a0c592a6105fcba0299bcebf9c6079015f533bc2ebb8791e7953b26861c788" } } diff --git a/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json b/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json index 7ea7084466..16473a08c3 100644 --- a/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json +++ b/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json @@ -1,10 +1,10 @@ { "release": { - "base": "4.22.0-0.nightly-2026-03-29-173136" + "base": "4.22.0-0.nightly-2026-04-01-151631" }, "images": { - "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:56682799a336de6e590352644ca872ff5c08aef3166248230e0b00c4751abe74", - "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f9c5792b24f2e335975bc7e82dadbf415e96e7f317fe9f17e19c67b97aea2d6c", + "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:46aeacb2c570ef9e7b6099fde06e8246465d29f2b30c635157d7403d4161d50b", + "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0221168a5fc4bdc4801e7cf031bbc93eb282a5f41bebce26c1cd57493cd02537", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b24b10973a22c0dad43644e033ece7a1ec2bf3b2469ca390260ee94a32f1630c" } } diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 981ce6e34f..ea02699bff 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.22.0-0.nightly-arm64-2026-03-31-033117" + "base": "4.22.0-0.nightly-arm64-2026-04-02-033117" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e27439092ba192070359a268fe8dc7949e2c57bd9a45e954a3ac85201bca8534", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b628d002923ae8208304f6d4bfa507af754cc773dc1d5b222fc7c065ddb1894e", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:927782656b13a97853d0026b921aa422671761955fcf91c9e3dac855ba6fb206", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:379f906d6e3970fca176447c41e5b3e4b140986e47bedda5876b850726aa6a6d", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eef7bdf15087595b1931f230697e0e28bd44f099a730f64d47c43a23452a1663", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ac628fe7cc2515e11d50b708fc69a77258640fc44cd073ad2891e997030c4d35", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:545b886030911f9992d828943c8dfb84b5ca74bc257a3101e6a0a19fd85b1efe", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c7906bd45f977ef8c43a2dd65c3cad1c0098b61d4a0c4646e4e373dd159688b1", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7abb8320c380cfc7d75599f01e96907d1b9562a1be4a5e800c25b62de24eff62", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fdb988f8075078798dc00de52f75d4b9c7aa9d80ffdd202fd7476a5de7430c91", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b2a0c592a6105fcba0299bcebf9c6079015f533bc2ebb8791e7953b26861c788", + "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef9cad701c4c04fc7677bce9bdae0f39609f5c3578feb97c95c4ea0d5d9b8573", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0eee7f97711c71d3a4c559c0063d9752ccddc563e196b6a876a5184402495a86", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:433aa7050a25cf8eacbca42a490c715334f42ddb8c894036dfb3bed430a3a92e", "lvms_operator": "registry.redhat.io/lvms4/lvms-rhel9-operator@sha256:3766640b19c336b443619ecdb35f36b479c79ea71b21de97febf024a5eaf6c84", - "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cea3031aafbf72710d2417451e7171bc4843d01d78d6143ad016765786613183" + "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:dc954461f464bb9a26fbfa41aa3f9275d382fe0e529185827b829f5e1b075eb5" } } diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 1f354c0c1a..1a510332f1 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,15 +1,15 @@ { "release": { - "base": "4.22.0-0.nightly-2026-03-29-173136" + "base": "4.22.0-0.nightly-2026-04-01-151631" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:342b870f3c887288c985007c756ac589662c3e6058c69ddcdafa04b7efac5d40", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7ad3ce5124bdb658eff859a78a616f41714324245f13c6d0cd77ecfe20ae64e1", "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:df026456d0a6a79d09c561ee382e9f5997de6196691038e0e050c4bce6a4af2c", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bec267008a9b95e4a4d0667b0948beecec9b0f5e76ff0dadaba72139d18a9c86", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:aecc401a907f4f40c41ed677e91a966876fe72ea0142e05bf0551187bd10d16e", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b24b10973a22c0dad43644e033ece7a1ec2bf3b2469ca390260ee94a32f1630c", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:443665f687873dbb4b3fe1a9fa4cef654d263f4f715d7fee946d57d115178040", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:99e3448beed2df93641fced98f2cfd9e1ffe02901da9e7fae2ea54b5ce63cf16", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4acf7689bcf12bd09e0c729f29121ad2b8ad42819d609dc4111eeeffa3256d56", + "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:96b29defdb6e7cae2553a6834e7e7528ecea1e25b19565b096ab49c48a598ca5", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fb8d06e3e46118e7921331871891a4bea62ff086e084781b6c772569314bd45f", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:86152fb19c42d74ce3c0f62ead0927a01c23d8452d61d0ac19ce8a785d1ed969", "lvms_operator": "registry.redhat.io/lvms4/lvms-rhel9-operator@sha256:58804d8baf922927b66cec9424d431a3bdb341d207024ce40cc8f0123bac03ee", "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7e6cd34ecd2cae602fbd1ae770d9b8090ab2d50766ef539daaef5ccfc1db98d5" } From 0d0a275fd303e8507a2b8facf026773749305faf Mon Sep 17 00:00:00 2001 From: Evgeny Slutsky Date: Thu, 2 Apr 2026 11:52:15 +0200 Subject: [PATCH 10/11] update buildfiles --- Makefile.kube_git.var | 4 ++-- Makefile.version.aarch64.var | 2 +- Makefile.version.x86_64.var | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var index c38baeb346..a91d1393c9 100644 --- a/Makefile.kube_git.var +++ b/Makefile.kube_git.var @@ -1,5 +1,5 @@ KUBE_GIT_MAJOR=1 KUBE_GIT_MINOR=35 -KUBE_GIT_VERSION=v1.35.2 -KUBE_GIT_COMMIT=2b19898a979eb1ff0cd87ec5d49106e555e70ce6 +KUBE_GIT_VERSION=v1.35.3 +KUBE_GIT_COMMIT=9193b12ab88e006723c8605bea1659bfcbe7d638 KUBE_GIT_TREE_STATE=clean diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index 39573f2343..c8e5dbf7f8 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.22.0-0.nightly-arm64-2026-03-31-033117 +OCP_VERSION := 4.22.0-0.nightly-arm64-2026-04-02-033117 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index 934b73bd74..ff6da23894 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 4.22.0-0.nightly-2026-03-29-173136 +OCP_VERSION := 4.22.0-0.nightly-2026-04-01-151631 From b100fd3023dc2adf3ed2847752424f5d71f39b48 Mon Sep 17 00:00:00 2001 From: Evgeny Slutsky Date: Thu, 2 Apr 2026 11:59:37 +0200 Subject: [PATCH 11/11] fix service-ca-operator assets directory Signed-off-by: Evgeny Slutsky --- scripts/auto-rebase/assets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/auto-rebase/assets.yaml b/scripts/auto-rebase/assets.yaml index 705c8ca1c1..99b9e56772 100644 --- a/scripts/auto-rebase/assets.yaml +++ b/scripts/auto-rebase/assets.yaml @@ -89,7 +89,7 @@ assets: - file: daemonset.yaml - dir: components/service-ca/ - src: service-ca-operator/bindata/v4.0.0/controller/ + src: service-ca-operator/bindata/assets files: - file: clusterrole.yaml - file: clusterrolebinding.yaml