b3d530fc6a
Update dependencies to v0.36.0-rc.1 tag
2026-04-15 03:14:40 +00:00
8f292ca341
Merge remote-tracking branch 'origin/master' into release-1.36
...
Kubernetes-commit: f52d1f45d35130c79cd7f1a2596b36325260efe4
2026-04-14 18:08:41 +00:00
1d35cd70a5
Update github.com/moby/spdystream from v0.5.0 to v0.5.1
...
Kubernetes-commit: 7e9c2c8eef26f99aa2f94d8e09d6d32de86c7769
Kubernetes-commit: f6209104d25a6c0ea7605a73b9ec4085aacbca03
2026-04-13 13:57:52 -04:00
e1ecb79ae5
dependencies: bump kube-openapi to drop ginkgo/gomega indirect deps
...
Bump k8s.io/kube-openapi to pick up kubernetes/kube-openapi#579 which
moved the last ginkgo/gomega tests to stdlib testing and ran go mod
tidy, removing ginkgo/gomega from kube-openapi's go.mod.
This drops ginkgo/gomega as indirect deps from apimachinery. It also
prunes Masterminds/semver, google/pprof, and golang.org/x/tools from
client-go and other staging modules where they were only needed
through kube-openapi's ginkgo/gomega chain.
Contributes to kubernetes/kubernetes#127888
Kubernetes-commit: 56cd74d879f1ba11aadcff95326f17a1cc2c82ef
2026-04-09 20:09:19 +00:00
6995a6dbb2
Merge pull request #136657 from Jefftree/sharding-test
...
[KEP-5866] Sharded List and Watch
Kubernetes-commit: e2abeef6cdf10dd026662047a828437f55b28246
2026-03-18 00:49:01 +00:00
7e83fd5ea7
Merge pull request #137298 from dims/dsri/cri-streaming-option-a-hardcut
...
cri streaming option a hardcut - add new staging repositories `streaming` and `cri-streaming`
Kubernetes-commit: 2bd6c7fe3cb8663804dc6e7672ff01aeebc97274
2026-03-17 10:54:03 +00:00
fbb57b8768
staging: extract CRI streaming modules with client-go compatibility
...
Extract streaming code into dedicated staging modules while keeping stable
compatibility APIs for external client-go consumers.
This commit:
- adds `k8s.io/cri-streaming` for CRI exec/attach/portforward server code
- adds `k8s.io/streaming` as the canonical home for shared transport
primitives (`httpstream`, `spdy`, `wsstream`, runtime helpers)
- switches in-tree transport consumers to `k8s.io/streaming`
- removes in-tree kubelet CRI streaming package
- preserves NO_PROXY/no_proxy CIDR handling in extracted SPDY proxier logic
- adds deprecated `k8s.io/apimachinery/pkg/util/httpstream` compatibility
wrappers (`httpstream`, `spdy`, `wsstream`) backed by `k8s.io/streaming`
- restores exported client-go SPDY/portforward API signatures to
apimachinery `httpstream` types for downstream compatibility
- adds streaming-native client-go adapters/constructors so in-tree callers
can use `k8s.io/streaming` without changing external compatibility APIs
- deduplicates SPDY-over-websocket dial negotiation shared by compat and
streaming tunneling dialers
- logs dropped unknown stream types in `RemoveStreams` adapter fallbacks to
improve compatibility-path debuggability
- adds integration coverage for the streaming-upgrader-to-client-go-compat
adapter path against a real cri-streaming exec endpoint
- clarifies kubectl streaming import aliasing to avoid `httpstream` package
ambiguity
- updates tests, import restrictions, publishing metadata, and vendor/module
metadata for the new staging modules
Signed-off-by: Davanum Srinivas <davanum@gmail.com >
Kubernetes-commit: 1ee1ff97fb7f9755a44d29bee0c80d2ccbed68dc
2026-02-28 19:40:07 -05:00
404001820a
Merge pull request #137495 from pohly/klog-update
...
dependencies: klog v2.140.0
Kubernetes-commit: 9d0495ec93f7942b9fd6482df79820376a447eee
2026-03-10 17:12:45 +00:00
8b7cc7520a
dependencies: klog v2.140.0
...
klog hasn't been updated in Kubernetes for a few releases. Several
enhancements have accumulated that are worth having.
Kubernetes-commit: 56e0565c113107bdea398b075aba5bdef43489ed
2026-03-06 17:43:11 +01:00
552c862a9a
Merge pull request #137456 from liggitt/go126
...
Update go.mod to go 1.26, fix 1.26 vet errors
Kubernetes-commit: 800a58b7c515b3d5e2677f6af37f9ece186b67c0
2026-03-06 08:56:41 +00:00
cc7947006d
Merge pull request #137473 from jpbetz/fix-set-transform
...
Fix SetTransform to correctly override per-informer transforms
Kubernetes-commit: 3dceb579f797c88564d03a7bdf91ba8108ffd820
2026-03-06 08:56:39 +00:00
06e7a6d9b1
Merge pull request #137451 from dims/update-google-protobuf-deadcode-fix
...
Update google.golang.org/protobuf to v1.36.12-0.20260120151049-f2248ac996af to prevent file size explosion in go 1.26
Kubernetes-commit: 77c013637cb40e1b5d2b26664dc7b297f1ff2693
2026-03-05 20:58:40 +00:00
489d4af143
Update google.golang.org/protobuf to v1.36.12-0.20260120151049-f2248ac996af
...
Pins google.golang.org/protobuf to HEAD commit f2248ac996afc39b3df0777cdcc269f6ade50b07
(v1.36.12-0.20260120151049-f2248ac996af) which includes fixes for dead code
elimination issues surfaced by Go 1.26's reflect changes.
Xref: https://github.com/golang/protobuf/issues/1704
Xref: https://github.com/kubernetes/kubernetes/issues/137445
Signed-off-by: Davanum Srinivas <davanum@gmail.com >
Kubernetes-commit: c8826e0d235fde75d02643bd700179ed79897ad6
2026-03-05 09:36:13 -05:00
92583927f0
Merge pull request #137349 from Jefftree/fix-model-name-bounding-dirs
...
Pass --readonly-pkg to openapi-gen in kube_codegen.sh
Kubernetes-commit: ef8a14f679491f858968f49a847c393a3a3fc5e2
2026-03-05 05:03:44 +00:00
404805e4e1
update kube-openapi
...
Kubernetes-commit: 721eea74e75dc95bafbfa450bb2309e494abf45c
2026-03-04 15:33:47 -05:00
6adacb47b9
Merge pull request #137286 from humblec/update-vendored-dependencies
...
Update vendored dependencies ( gomega/cadvisor)
Kubernetes-commit: 3f2ebc50eecfaeda23df4435dc82422fa65425ed
2026-02-27 17:15:45 +00:00
f96a2115f9
dependencies: bump gomega to v1.39.1 and ginkgo to v2.28.1
...
Kubernetes-commit: 600d188f2b02eea974509062c04186309065ff16
2026-02-27 15:48:21 +05:30
f302725b85
Merge pull request #134081 from sxllwx/try-to-fix-133656
...
chore(sample-controller): use reigster-gen
Kubernetes-commit: 5da88b908c92f7ae753e19b6a30bea2c45f8e431
2026-02-24 20:03:52 +00:00
5a57c65aa6
Bump to go 1.26
...
Kubernetes-commit: f291ae40b03afaaf49cca43b650bfbd05f4babee
2026-02-17 16:05:07 -05:00
a8896aaa29
Merge pull request #136392 from skitt/unsupported-typo
...
Align IsWatchListSemanticsUnSupported comment
Kubernetes-commit: 15a2107890558876c35db3e44420575d657ac3a0
2026-02-20 18:44:35 +00:00
4cfc7ddd3e
Merge pull request #136921 from dims/dump-from-utils
...
Move dump package from apimachinery to k8s.io/utils
Kubernetes-commit: 5b63a8c68e8e4d417ab3758c7a80118c2db27ac9
2026-02-12 21:25:53 +00:00
100f3ac540
Merge pull request #135395 from pohly/apimachinery-wait-for-cache-sync
...
apimachinery + client-go + device taint eviction unit test: context-aware Start/WaitFor, waiting through channels
Kubernetes-commit: eb09a3c23e3c3905c89e996fcec2c02ba8c4bb0e
2026-02-11 09:19:44 +00:00
b5e36fedcd
Merge pull request #136826 from alvaroaleman/bumpv0.32
...
Bump structured merge diff to v6.3.2
Kubernetes-commit: 65f09e605cb206b2e5fcff4d69a4ae8acf62dbc3
2026-02-10 22:08:40 +00:00
b9a13d422d
Move dump package from apimachinery to k8s.io/utils
...
Replace all imports of k8s.io/apimachinery/pkg/util/dump with
k8s.io/utils/dump across the repo. The apimachinery dump package
now contains deprecated wrapper functions that delegate to
k8s.io/utils/dump for backwards compatibility.
Signed-off-by: Davanum Srinivas <davanum@gmail.com >
Kubernetes-commit: 550cc8645bedcc8b187e0ebeb52ead29d5631a32
2026-02-10 15:20:41 -05:00
8202729143
Merge pull request #136455 from pohly/client-go-simpleclient-undeprecation
...
fake client-go: un-deprecate NewSimpleClientset
Kubernetes-commit: 09e1c9fe0ec3d3a61fa71c43610b42e1e3f53612
2026-02-10 00:34:08 +00:00
31c1b60160
Bump structured merge diff to v6.3.2
...
Diff: https://github.com/kubernetes-sigs/structured-merge-diff/compare/v6.3.1...v6.3.2
It's just one change that prevents a NPD when an embedded pointer to a
struct is encountered.
Kubernetes-commit: f59cfe60ef2063e2383ebef416f9da05196903d6
2026-02-07 13:49:48 -05:00
c59724d92f
Merge pull request #135782 from richabanker/fifo-identity-metric
...
Add identifier-based queue depth metrics for RealFIFO
Kubernetes-commit: 8972957668a174bbb589f167817130e0f2d352a9
2026-02-06 04:39:22 +00:00
5628993de5
Merge pull request #136747 from dims/use-k8s-utils-btree
...
Use btree from k8s.io/utils instead of github.com/google/btree
Kubernetes-commit: dc1ec1211e4f54064ba6dafd8aac46ac3d4379b4
2026-02-05 12:11:59 +00:00
5c2e83116d
Use btree from k8s.io/utils instead of github.com/google/btree
...
The google/btree package is deprecated, so switch to the maintained
fork in k8s.io/utils/third_party/forked/golang/btree.
API differences:
- NewG -> New
- BTreeG[T] -> BTree[T]
Signed-off-by: Davanum Srinivas <davanum@gmail.com >
Kubernetes-commit: a328ca88ad662119bbf129cd1107fabd8dd9f539
2026-02-04 09:19:58 -05:00
a102553d0e
Merge pull request #131068 from soltysh/sample_controller_scheme
...
Switch sample-controller to use NewClientset supporting applyconfiguration rather than deprecated NewSimpleClientset
Kubernetes-commit: a7b940cde27e7d736d309b02573a62c213cfa4fd
2026-01-30 10:33:16 +00:00
c7133c2f84
Generate applyconfigurations and openapi for sample-controller
...
Signed-off-by: Maciej Szulik <soltysh@gmail.com >
Kubernetes-commit: c45c6f184233227e49ab9bceacb709a229b756dd
2025-03-26 13:25:43 +01:00
75c8bbf84e
Merge pull request #136582 from yongruilin/master_kubeopenapi-format
...
Bump k8s.io/kube-openapi to latest and enable numeric format validation
Kubernetes-commit: b90909e4325d5375af7deb190585a5e9885c288d
2026-01-28 02:15:00 +00:00
b5243f3303
Bump k8s.io/kube-openapi to latest
...
Kubernetes-commit: 65b579a036fa3b230f9c5e22d449fe9e4790078e
2026-01-27 21:39:39 +00:00
50434c6a06
Merge pull request #136362 from dims/update-opentelemetry-v1.39.0
...
Update OpenTelemetry dependencies to latest versions
Kubernetes-commit: 69eb15ee58c9cb20b90007e9b064dfb78b66a867
2026-01-21 22:14:22 +00:00
a2aea51475
Update OpenTelemetry dependencies to latest versions
...
Core packages (opentelemetry-go):
- go.opentelemetry.io/otel: v1.38.0 → v1.39.0
- go.opentelemetry.io/otel/metric: v1.38.0 → v1.39.0
- go.opentelemetry.io/otel/trace: v1.38.0 → v1.39.0
- go.opentelemetry.io/otel/sdk: v1.38.0 → v1.39.0
Exporters:
- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.34.0 → v1.39.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.34.0 → v1.39.0
Contrib instrumentation (opentelemetry-go-contrib):
- go.opentelemetry.io/contrib/.../otelhttp: v0.61.0 → v0.64.0
- go.opentelemetry.io/contrib/.../otelrestful: v0.44.0 → v0.64.0
Protocol definitions (opentelemetry-proto-go):
- go.opentelemetry.io/proto/otlp: v1.5.0 → v1.9.0
Notable changes:
- Go 1.24 is now the minimum required version (Go 1.23 support dropped) for OTEL components
- Performance: ~4x improvement in histogram concurrent operations; xxhash
replaces fnv for attribute hashing
- Fixed goroutine leak in span processors when context is canceled
- otelrestful migrated semantic conventions from v1.20.0 to v1.34.0
(e.g., http.method → http.request.method)
- Partial OTLP export errors now surfaced instead of being silently dropped
- otelrestful no longer depends on json-iterator/go, modern-go/concurrent,
or modern-go/reflect2; unwanted-dependencies.json updated accordingly
Signed-off-by: Davanum Srinivas <davanum@gmail.com >
Kubernetes-commit: c40ea60b9f193fbead586f9fd6cc26f7b77312ff
2026-01-20 17:20:21 -05:00
2a236a856d
Merge pull request #136212 from dims/update-security-deps-jan2026-v2
...
Update security and stability dependencies
Kubernetes-commit: a94970c0c5de0fa56b0ed82823850db7e0257685
2026-01-16 14:04:42 +00:00
5594bf5680
Update security and stability dependencies
...
This PR updates several dependencies addressing security vulnerabilities,
stability fixes, and authentication improvements.
- golang.org/x/crypto: v0.46.0 -> v0.47.0
- Includes latest X509 root certificate bundle updates
- Security hardening for cryptographic operations
- Foundation dependency for TLS and authentication
- github.com/golang-jwt/jwt/v5: v5.2.2 -> v5.3.0
- IMPORTANT: v5.2.2 patched vulnerability GHSA-mh63-6h87-95cp (token
validation security issue) - this update ensures we have the fix
- Adds multiple audience validation support for JWT tokens
- Go 1.21 minimum requirement (code modernization)
- Replaced legacy interface{} with modern any keyword
- golang.org/x/net: v0.48.0 -> v0.49.0
- HTTP/2 priority scheduler improvements (RFC 9218)
- WebSocket security enhancements
- Network layer stability fixes
- go.uber.org/zap: v1.27.0 -> v1.27.1
- Fix: Prevent Object from panicking on nils (PR #1501 )
- Fix: Race condition in WithLazy (PR #1511 )
- Both fixes improve logging stability in concurrent scenarios
- github.com/godbus/dbus/v5: v5.2.0 -> v5.2.2
- Security: Disabled SHA1 authentication by default on non-Windows
platforms (v5.2.0 change now inherited)
- Performance: Multiple optimizations reducing memory allocations
- Fix: Alignment issues in decoder operations
- Fix: Allow more than 32 containers/struct fields in a signature
Signed-off-by: Davanum Srinivas <davanum@gmail.com >
Kubernetes-commit: 5b478645cdb3be5ed92a21d2f7b417b6328cfa6e
2026-01-13 23:08:03 -05:00
16cd5dbcd7
Merge pull request #136162 from dims/update-security-deps-jan2026
...
Update security-critical authentication and protobuf dependencies
Kubernetes-commit: c29a5d73a6fd04896033fe615c259f2949c5e94f
2026-01-14 02:05:02 +00:00
1aa4a38e16
Update security-critical authentication and protobuf dependencies
...
This PR updates security-critical dependencies addressing authentication
and data parsing vulnerabilities.
**Authentication Security:**
- github.com/coreos/go-oidc: v2.3.0 -> v2.5.0
- Security fix: Now verifies token signature BEFORE validating payload
- Prevents potential processing of tampered tokens before cryptographic
verification
- github.com/cyphar/filepath-securejoin: v0.6.0 -> v0.6.1
- Security fix: Fixed seccomp fallback logic - library now properly falls
back to safer O_PATH resolver when openat2(2) is denied by seccomp-bpf
- Fixed file descriptor leak in openat2 wrapper during RESOLVE_IN_ROOT
- cyphar.com/go-pathrs: v0.2.1 -> v0.2.2
- Companion update to filepath-securejoin
**Protobuf Security:**
- google.golang.org/protobuf: v1.36.8 -> v1.36.11
- Security fix: Added recursion limit check in lazy decoding validation
- Prevents potential stack exhaustion attacks via maliciously crafted
protobuf messages
- Also adds support for URL chars in type URLs in text-format
These updates are critical for:
- OIDC authentication in kube-apiserver
- Container filesystem path resolution (used by container runtimes)
- Protobuf message parsing throughout the codebase
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
Signed-off-by: Davanum Srinivas <davanum@gmail.com >
Kubernetes-commit: c825d80bbf2c82666192c329478a686fa3a1d5dc
2026-01-11 16:50:37 -05:00
81ae50c183
Merge pull request #136161 from dims/update-golang-x-deps-jan2026
...
Update golang.org/x dependencies to latest versions
Kubernetes-commit: 1c894014ebe25e0b042efa91698284f527493d90
2026-01-13 02:28:31 +00:00
17baec1178
Update golang.org/x dependencies to latest versions
...
updates the golang.org/x package family to newer releases:
- golang.org/x/crypto: v0.45.0 -> v0.46.0
- golang.org/x/net: v0.47.0 -> v0.48.0
- golang.org/x/sys: v0.38.0 -> v0.40.0
- golang.org/x/time: v0.9.0 -> v0.14.0
- golang.org/x/oauth2: v0.30.0 -> v0.34.0
- golang.org/x/text: v0.31.0 -> v0.33.0
- golang.org/x/term: v0.37.0 -> v0.39.0
- golang.org/x/sync: v0.18.0 -> v0.19.0
- golang.org/x/mod: v0.29.0 -> v0.32.0
- golang.org/x/tools: v0.38.0 -> v0.40.0
- golang.org/x/exp: 8a7402abbf56 -> 944ab1f22d93
Security & Stability:
- x/crypto: Updated X509 root certificate bundle
- x/net: HTTP/2 PING optimization to reduce DoS detection triggers,
data race fix in trace RenderEvents
- x/sys: Fixed out-of-bounds memory access in sockaddrIUCVToAny
- x/time: Fixed rate limiter overflow when using very low rates that
could cause the limiter to jam open
Performance:
- x/time: ~19% improvement in Sometimes.Do when no interval configured
Maintenance:
- Various vet diagnostic fixes for Go 1.26 compatibility
- Dependency updates across the golang.org/x ecosystem
Signed-off-by: Davanum Srinivas <davanum@gmail.com >
Kubernetes-commit: 0e67c56a8f26ace2889fd24e098b78e13f9bbffe
2026-01-11 16:25:45 -05:00
c5a510e1f3
Merge pull request #136108 from pohly/ginkgo-gomega-update
...
dependencies: ginkgo v2.27.4, gomega v1.39.0
Kubernetes-commit: 758ef0ffbce5cbca7a893d839dde892d79c2738f
2026-01-08 23:41:35 +00:00
268a6a7700
dependencies: ginkgo v2.27.4, gomega v1.39.0
...
Latest release of both. The CurrentTreeConstructionNodeReport fix
is needed before being able to use it in the E2E framework.
Kubernetes-commit: f8a0c80ed81711f6add7a765d22b56d2d41ac522
2026-01-08 16:53:03 +01:00
6cb24270b0
Merge pull request #135391 from jpbetz/smd-6_3_1
...
Bump structured-merge-diff to pick up flake fix and bug fixes
Kubernetes-commit: 6f92c01979b7666f6631a556a8626e21b88d1f2a
2025-12-23 15:00:23 +00:00
1d34da02ca
Merge pull request #135867 from dims/pin-versions-of-dbus-and-otelgrpc-to-avoid-breakage
...
Pin versions of dbus and otelgrpc to avoid breakage
Kubernetes-commit: dce2e8cef737ebce3a4d13d74654c50bcb244846
2025-12-21 02:58:32 +00:00
5eb3267611
updated to last known good dependencies for otelgrpc and dbus
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com >
Kubernetes-commit: 60cce0abd05d31f74ece404e584f53c915a7f3d5
2025-12-20 15:27:53 -05:00
af6ed48cf6
Merge pull request #135836 from pohly/ginkgo-gomega-update
...
dependencies: ginkgo v2.27.3 + gomega v1.38.3
Kubernetes-commit: 268bdbe214ac64b5a31a59cfae6b96f3a1585bd3
2025-12-19 18:59:06 +00:00
7eea9581c5
Merge pull request #135845 from skitt/drop-armon-circbuf
...
Replace armon/circbuf with k8s.io/utils/buffer
Kubernetes-commit: 0ea38248603ce745956d779787874cfd91ca29ae
2025-12-19 18:59:04 +00:00
061bfb601d
Replace armon/circbuf with k8s.io/utils/buffer
...
This uses the new generic fixed ring implementation in k8s.io/utils.
Signed-off-by: Stephen Kitt <skitt@redhat.com >
Kubernetes-commit: 3653ae2b9a7768da89e47ef84d503ae9cf0b910b
2025-12-19 09:59:41 +01:00
15740c5a3c
Merge pull request #135531 from pohly/golangci-lint-bump
...
golangci-lint: bump to v2.7.1
Kubernetes-commit: 430fef557f34c6145d4607f9d65d46ac5f7a7b66
2025-12-18 18:57:39 +00:00
Kubernetes Publisher