From 811df220eb6715048f978679b2ed4d9b56fa88f9 Mon Sep 17 00:00:00 2001 From: Kubernetes Release Robot Date: Tue, 12 May 2026 10:01:17 +0000 Subject: [PATCH 1/9] Update CHANGELOG/CHANGELOG-1.34.md for v1.34.8 --- CHANGELOG/CHANGELOG-1.34.md | 277 +++++++++++++++++++++++++----------- 1 file changed, 192 insertions(+), 85 deletions(-) diff --git a/CHANGELOG/CHANGELOG-1.34.md b/CHANGELOG/CHANGELOG-1.34.md index e73c268d7dcf8..7cc2c284fa43a 100644 --- a/CHANGELOG/CHANGELOG-1.34.md +++ b/CHANGELOG/CHANGELOG-1.34.md @@ -1,258 +1,365 @@ -- [v1.34.7](#v1347) - - [Downloads for v1.34.7](#downloads-for-v1347) +- [v1.34.8](#v1348) + - [Downloads for v1.34.8](#downloads-for-v1348) - [Source Code](#source-code) - [Client Binaries](#client-binaries) - [Server Binaries](#server-binaries) - [Node Binaries](#node-binaries) - [Container Images](#container-images) - - [Changelog since v1.34.6](#changelog-since-v1346) + - [Changelog since v1.34.7](#changelog-since-v1347) - [Changes by Kind](#changes-by-kind) - - [Dependency](#dependency) - - [Feature](#feature) - [Bug or Regression](#bug-or-regression) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake) - [Dependencies](#dependencies) - [Added](#added) - [Changed](#changed) - [Removed](#removed) -- [v1.34.6](#v1346) - - [Downloads for v1.34.6](#downloads-for-v1346) +- [v1.34.7](#v1347) + - [Downloads for v1.34.7](#downloads-for-v1347) - [Source Code](#source-code-1) - [Client Binaries](#client-binaries-1) - [Server Binaries](#server-binaries-1) - [Node Binaries](#node-binaries-1) - [Container Images](#container-images-1) - - [Changelog since v1.34.5](#changelog-since-v1345) + - [Changelog since v1.34.6](#changelog-since-v1346) - [Changes by Kind](#changes-by-kind-1) + - [Dependency](#dependency) + - [Feature](#feature) - [Bug or Regression](#bug-or-regression-1) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake) - [Dependencies](#dependencies-1) - [Added](#added-1) - [Changed](#changed-1) - [Removed](#removed-1) -- [v1.34.5](#v1345) - - [Downloads for v1.34.5](#downloads-for-v1345) +- [v1.34.6](#v1346) + - [Downloads for v1.34.6](#downloads-for-v1346) - [Source Code](#source-code-2) - [Client Binaries](#client-binaries-2) - [Server Binaries](#server-binaries-2) - [Node Binaries](#node-binaries-2) - [Container Images](#container-images-2) - - [Changelog since v1.34.4](#changelog-since-v1344) + - [Changelog since v1.34.5](#changelog-since-v1345) - [Changes by Kind](#changes-by-kind-2) - - [Feature](#feature-1) + - [Bug or Regression](#bug-or-regression-2) - [Dependencies](#dependencies-2) - [Added](#added-2) - [Changed](#changed-2) - [Removed](#removed-2) -- [v1.34.4](#v1344) - - [Downloads for v1.34.4](#downloads-for-v1344) +- [v1.34.5](#v1345) + - [Downloads for v1.34.5](#downloads-for-v1345) - [Source Code](#source-code-3) - [Client Binaries](#client-binaries-3) - [Server Binaries](#server-binaries-3) - [Node Binaries](#node-binaries-3) - [Container Images](#container-images-3) - - [Changelog since v1.34.3](#changelog-since-v1343) + - [Changelog since v1.34.4](#changelog-since-v1344) - [Changes by Kind](#changes-by-kind-3) - - [Feature](#feature-2) - - [Bug or Regression](#bug-or-regression-2) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) + - [Feature](#feature-1) - [Dependencies](#dependencies-3) - [Added](#added-3) - [Changed](#changed-3) - [Removed](#removed-3) -- [v1.34.3](#v1343) - - [Downloads for v1.34.3](#downloads-for-v1343) +- [v1.34.4](#v1344) + - [Downloads for v1.34.4](#downloads-for-v1344) - [Source Code](#source-code-4) - [Client Binaries](#client-binaries-4) - [Server Binaries](#server-binaries-4) - [Node Binaries](#node-binaries-4) - [Container Images](#container-images-4) - - [Changelog since v1.34.2](#changelog-since-v1342) + - [Changelog since v1.34.3](#changelog-since-v1343) - [Changes by Kind](#changes-by-kind-4) - - [Feature](#feature-3) + - [Feature](#feature-2) - [Bug or Regression](#bug-or-regression-3) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) - [Dependencies](#dependencies-4) - [Added](#added-4) - [Changed](#changed-4) - [Removed](#removed-4) -- [v1.34.2](#v1342) - - [Downloads for v1.34.2](#downloads-for-v1342) +- [v1.34.3](#v1343) + - [Downloads for v1.34.3](#downloads-for-v1343) - [Source Code](#source-code-5) - [Client Binaries](#client-binaries-5) - [Server Binaries](#server-binaries-5) - [Node Binaries](#node-binaries-5) - [Container Images](#container-images-5) - - [Changelog since v1.34.1](#changelog-since-v1341) + - [Changelog since v1.34.2](#changelog-since-v1342) - [Changes by Kind](#changes-by-kind-5) - - [Feature](#feature-4) + - [Feature](#feature-3) - [Bug or Regression](#bug-or-regression-4) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - [Dependencies](#dependencies-5) - [Added](#added-5) - [Changed](#changed-5) - [Removed](#removed-5) -- [v1.34.1](#v1341) - - [Downloads for v1.34.1](#downloads-for-v1341) +- [v1.34.2](#v1342) + - [Downloads for v1.34.2](#downloads-for-v1342) - [Source Code](#source-code-6) - [Client Binaries](#client-binaries-6) - [Server Binaries](#server-binaries-6) - [Node Binaries](#node-binaries-6) - [Container Images](#container-images-6) - - [Changelog since v1.34.0](#changelog-since-v1340) + - [Changelog since v1.34.1](#changelog-since-v1341) - [Changes by Kind](#changes-by-kind-6) + - [Feature](#feature-4) - [Bug or Regression](#bug-or-regression-5) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) - [Dependencies](#dependencies-6) - [Added](#added-6) - [Changed](#changed-6) - [Removed](#removed-6) -- [v1.34.0](#v1340) - - [Downloads for v1.34.0](#downloads-for-v1340) +- [v1.34.1](#v1341) + - [Downloads for v1.34.1](#downloads-for-v1341) - [Source Code](#source-code-7) - [Client Binaries](#client-binaries-7) - [Server Binaries](#server-binaries-7) - [Node Binaries](#node-binaries-7) - [Container Images](#container-images-7) - - [Changelog since v1.33.0](#changelog-since-v1330) - - [Urgent Upgrade Notes](#urgent-upgrade-notes) - - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) + - [Changelog since v1.34.0](#changelog-since-v1340) - [Changes by Kind](#changes-by-kind-7) - - [Deprecation](#deprecation) - - [API Change](#api-change) - - [Feature](#feature-5) - - [Failing Test](#failing-test) - [Bug or Regression](#bug-or-regression-6) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) - [Dependencies](#dependencies-7) - [Added](#added-7) - [Changed](#changed-7) - [Removed](#removed-7) -- [v1.34.0-rc.2](#v1340-rc2) - - [Downloads for v1.34.0-rc.2](#downloads-for-v1340-rc2) +- [v1.34.0](#v1340) + - [Downloads for v1.34.0](#downloads-for-v1340) - [Source Code](#source-code-8) - [Client Binaries](#client-binaries-8) - [Server Binaries](#server-binaries-8) - [Node Binaries](#node-binaries-8) - [Container Images](#container-images-8) - - [Changelog since v1.34.0-rc.1](#changelog-since-v1340-rc1) + - [Changelog since v1.33.0](#changelog-since-v1330) + - [Urgent Upgrade Notes](#urgent-upgrade-notes) + - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) - [Changes by Kind](#changes-by-kind-8) - - [Feature](#feature-6) - - [Documentation](#documentation) + - [Deprecation](#deprecation) + - [API Change](#api-change) + - [Feature](#feature-5) + - [Failing Test](#failing-test) - [Bug or Regression](#bug-or-regression-7) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) - [Dependencies](#dependencies-8) - [Added](#added-8) - [Changed](#changed-8) - [Removed](#removed-8) -- [v1.34.0-rc.1](#v1340-rc1) - - [Downloads for v1.34.0-rc.1](#downloads-for-v1340-rc1) +- [v1.34.0-rc.2](#v1340-rc2) + - [Downloads for v1.34.0-rc.2](#downloads-for-v1340-rc2) - [Source Code](#source-code-9) - [Client Binaries](#client-binaries-9) - [Server Binaries](#server-binaries-9) - [Node Binaries](#node-binaries-9) - [Container Images](#container-images-9) - - [Changelog since v1.34.0-rc.0](#changelog-since-v1340-rc0) + - [Changelog since v1.34.0-rc.1](#changelog-since-v1340-rc1) - [Changes by Kind](#changes-by-kind-9) + - [Feature](#feature-6) + - [Documentation](#documentation) - [Bug or Regression](#bug-or-regression-8) - [Dependencies](#dependencies-9) - [Added](#added-9) - [Changed](#changed-9) - [Removed](#removed-9) -- [v1.34.0-rc.0](#v1340-rc0) - - [Downloads for v1.34.0-rc.0](#downloads-for-v1340-rc0) +- [v1.34.0-rc.1](#v1340-rc1) + - [Downloads for v1.34.0-rc.1](#downloads-for-v1340-rc1) - [Source Code](#source-code-10) - [Client Binaries](#client-binaries-10) - [Server Binaries](#server-binaries-10) - [Node Binaries](#node-binaries-10) - [Container Images](#container-images-10) - - [Changelog since v1.34.0-beta.0](#changelog-since-v1340-beta0) + - [Changelog since v1.34.0-rc.0](#changelog-since-v1340-rc0) - [Changes by Kind](#changes-by-kind-10) - - [Deprecation](#deprecation-1) - - [API Change](#api-change-1) - - [Feature](#feature-7) - - [Failing Test](#failing-test-1) - [Bug or Regression](#bug-or-regression-9) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) - [Dependencies](#dependencies-10) - [Added](#added-10) - [Changed](#changed-10) - [Removed](#removed-10) -- [v1.34.0-beta.0](#v1340-beta0) - - [Downloads for v1.34.0-beta.0](#downloads-for-v1340-beta0) +- [v1.34.0-rc.0](#v1340-rc0) + - [Downloads for v1.34.0-rc.0](#downloads-for-v1340-rc0) - [Source Code](#source-code-11) - [Client Binaries](#client-binaries-11) - [Server Binaries](#server-binaries-11) - [Node Binaries](#node-binaries-11) - [Container Images](#container-images-11) - - [Changelog since v1.34.0-alpha.3](#changelog-since-v1340-alpha3) + - [Changelog since v1.34.0-beta.0](#changelog-since-v1340-beta0) - [Changes by Kind](#changes-by-kind-11) - - [API Change](#api-change-2) - - [Feature](#feature-8) + - [Deprecation](#deprecation-1) + - [API Change](#api-change-1) + - [Feature](#feature-7) + - [Failing Test](#failing-test-1) - [Bug or Regression](#bug-or-regression-10) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) - [Dependencies](#dependencies-11) - [Added](#added-11) - [Changed](#changed-11) - [Removed](#removed-11) -- [v1.34.0-alpha.3](#v1340-alpha3) - - [Downloads for v1.34.0-alpha.3](#downloads-for-v1340-alpha3) +- [v1.34.0-beta.0](#v1340-beta0) + - [Downloads for v1.34.0-beta.0](#downloads-for-v1340-beta0) - [Source Code](#source-code-12) - [Client Binaries](#client-binaries-12) - [Server Binaries](#server-binaries-12) - [Node Binaries](#node-binaries-12) - [Container Images](#container-images-12) - - [Changelog since v1.34.0-alpha.2](#changelog-since-v1340-alpha2) + - [Changelog since v1.34.0-alpha.3](#changelog-since-v1340-alpha3) - [Changes by Kind](#changes-by-kind-12) - - [API Change](#api-change-3) - - [Feature](#feature-9) - - [Failing Test](#failing-test-2) + - [API Change](#api-change-2) + - [Feature](#feature-8) - [Bug or Regression](#bug-or-regression-11) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) - [Dependencies](#dependencies-12) - [Added](#added-12) - [Changed](#changed-12) - [Removed](#removed-12) -- [v1.34.0-alpha.2](#v1340-alpha2) - - [Downloads for v1.34.0-alpha.2](#downloads-for-v1340-alpha2) +- [v1.34.0-alpha.3](#v1340-alpha3) + - [Downloads for v1.34.0-alpha.3](#downloads-for-v1340-alpha3) - [Source Code](#source-code-13) - [Client Binaries](#client-binaries-13) - [Server Binaries](#server-binaries-13) - [Node Binaries](#node-binaries-13) - [Container Images](#container-images-13) - - [Changelog since v1.34.0-alpha.1](#changelog-since-v1340-alpha1) + - [Changelog since v1.34.0-alpha.2](#changelog-since-v1340-alpha2) - [Changes by Kind](#changes-by-kind-13) - - [Deprecation](#deprecation-2) - - [API Change](#api-change-4) - - [Feature](#feature-10) + - [API Change](#api-change-3) + - [Feature](#feature-9) + - [Failing Test](#failing-test-2) - [Bug or Regression](#bug-or-regression-12) - - [Other (Cleanup or Flake)](#other-cleanup-or-flake-7) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) - [Dependencies](#dependencies-13) - [Added](#added-13) - [Changed](#changed-13) - [Removed](#removed-13) -- [v1.34.0-alpha.1](#v1340-alpha1) - - [Downloads for v1.34.0-alpha.1](#downloads-for-v1340-alpha1) +- [v1.34.0-alpha.2](#v1340-alpha2) + - [Downloads for v1.34.0-alpha.2](#downloads-for-v1340-alpha2) - [Source Code](#source-code-14) - [Client Binaries](#client-binaries-14) - [Server Binaries](#server-binaries-14) - [Node Binaries](#node-binaries-14) - [Container Images](#container-images-14) + - [Changelog since v1.34.0-alpha.1](#changelog-since-v1340-alpha1) + - [Changes by Kind](#changes-by-kind-14) + - [Deprecation](#deprecation-2) + - [API Change](#api-change-4) + - [Feature](#feature-10) + - [Bug or Regression](#bug-or-regression-13) + - [Other (Cleanup or Flake)](#other-cleanup-or-flake-7) + - [Dependencies](#dependencies-14) + - [Added](#added-14) + - [Changed](#changed-14) + - [Removed](#removed-14) +- [v1.34.0-alpha.1](#v1340-alpha1) + - [Downloads for v1.34.0-alpha.1](#downloads-for-v1340-alpha1) + - [Source Code](#source-code-15) + - [Client Binaries](#client-binaries-15) + - [Server Binaries](#server-binaries-15) + - [Node Binaries](#node-binaries-15) + - [Container Images](#container-images-15) - [Changelog since v1.33.0](#changelog-since-v1330-1) - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) - - [Changes by Kind](#changes-by-kind-14) + - [Changes by Kind](#changes-by-kind-15) - [Deprecation](#deprecation-3) - [API Change](#api-change-5) - [Feature](#feature-11) - [Failing Test](#failing-test-3) - - [Bug or Regression](#bug-or-regression-13) + - [Bug or Regression](#bug-or-regression-14) - [Other (Cleanup or Flake)](#other-cleanup-or-flake-8) - - [Dependencies](#dependencies-14) - - [Added](#added-14) - - [Changed](#changed-14) - - [Removed](#removed-14) + - [Dependencies](#dependencies-15) + - [Added](#added-15) + - [Changed](#changed-15) + - [Removed](#removed-15) +# v1.34.8 + + +## Downloads for v1.34.8 + + + +### Source Code + +filename | sha512 hash +-------- | ----------- +[kubernetes.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes.tar.gz) | b639cb01ab2d0004afcaf0110b139f51947a38f099f32b804a8f3bcc9ff7b420f78e94bc546bba6e5236c2b740d4a972c7cb1e14be2e949a80927744440aabe0 +[kubernetes-src.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-src.tar.gz) | 2feacf12ec5e26b2e9980473e1ceb33c0047d75d173b86c736768464efd588baf956f18aed41e41a91ce465f80d33f7dcffc35e9743a184d1f1aa2f58182ae90 + +### Client Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-client-darwin-amd64.tar.gz) | 91bf0bac131a29dc7a30ab9871c9a5ca69f0f96c12602d9d0051d40283d9b53d25aeb3598db5888697f90fea2e0e147c11a8e6c45dbe3372292fc59ae3b6dd10 +[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-client-darwin-arm64.tar.gz) | ef38e4dc03a88aadc87fb67ae49177ab48d3855278a421fcc6d3e3c7acb8872ebcd47543ae769b8899100a3c3603034de3a6134446f6330b3e72c98f290f5156 +[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-client-linux-386.tar.gz) | f3839328d00beb65f1ee01ba525ec9bc3d7b4450516a656cab0254ce23c95f087738d7baa64c4cc28d35c89607017532942eaf510c0c8d414fe57250dc8a19b8 +[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-client-linux-amd64.tar.gz) | dbc7bf74cc617ee7db53cc0da449c0d6ab3f5208d13bc5ecce2d0da3acc613263eb6e4f361e1cee6d2b229fd7c6d46bf08719fed52f6f1ec688874d7be8bcae7 +[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-client-linux-arm.tar.gz) | a224f13195588c45ad16771de4447575f41b01430093ba83a2abe968bb5a11f2040a387f899a867e6e3039ad03ef7f368fdd5fd91aea2df11bef5d7352afe8e8 +[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-client-linux-arm64.tar.gz) | d7ca012dd2d9b5c9d295c378e890fcd56149f31cb9e79a777a4c3cd491f7ca91dabcf62b09ef518c23ba00ed8b4f460d453cb066466259093e513668d26d76e8 +[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-client-linux-ppc64le.tar.gz) | 047d2ce7f386a9ec9ec5a6209a5ba135ab10aa4dac233001ded50793c83222f5b5a9c73765f7410e31b1d6bfa86962b4e79f8f26ad93ced2d73217e53dc7e531 +[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-client-linux-s390x.tar.gz) | bbda085da1a27b6210a17f5de204343f437fb476958f86739e60019554d2b35851b82dbf76ed1dc7f32ad7b4993eda5ae06cbaad98fc04172f2165fd334fd740 +[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-client-windows-386.tar.gz) | 70f34068ce3f8d57839d7e720f40e345fc031f5b662a391488269f0339005e1526d6f527bb23e8d93e012ac83962157f17874d58c1a820e58a4b98da8bc6d0cf +[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-client-windows-amd64.tar.gz) | dce603e4d8c3327ea85cc9e3c1f4691d67d05f611eada73389e96e1aa5ac7e607e6fd22d257f127d6f35053e71724ac3bfd63d7cedee7c0ed29641d727b06160 +[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-client-windows-arm64.tar.gz) | d597b3338654eadb2c5480883e1c4fbb1897df79afd867e071c8ce0d848937fb6d95f0d69687a90fee09f1d02094b7179103941b64a451aadca3b77b2a2f5ff2 + +### Server Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-server-linux-amd64.tar.gz) | 0779f6cfedb4fc6e58c9014a310f392a92a234cb80cb2f6ac9fa9ee7af7349ae8e35c94116e1008aec06e969135a227377820786b436799c8fd48005db793ea5 +[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-server-linux-arm64.tar.gz) | 6d124a41ae0bfee4bbd8c0bb81f0c1f6d1e5cea1586cbecf23088793f82526713db7c85ef2ee3d500ee86734d88ba09ea05658f7674c0778bcc7116574b20ca8 +[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-server-linux-ppc64le.tar.gz) | 58ad3c25ae4fd6f95f0c0393fe5afdbf5e6c6d57a0ebb00e8b62bade103ea521116643a58aeb148ac8fc1bf7a9f2fc233d4aafec515a716dfce3bc5248fbedb9 +[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-server-linux-s390x.tar.gz) | 3823217027f8c87575d5f34c94685ed13e17ac9e278301e6bceced9ae3858f32ab188d57936b4daee446ca412d0b96ea7079381a8bb3bb0558f6a7fac8ff2451 + +### Node Binaries + +filename | sha512 hash +-------- | ----------- +[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-node-linux-amd64.tar.gz) | ccc5dc417a9d4deb7d40057eccbcd87c67c29737b8a913b37503d97b951e58f7368213b677ad7ab3b8a44c30d01a4f250e72626bb013ff7d8664b87d0a658ada +[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-node-linux-arm64.tar.gz) | cb9e7f4b4fb3622003d98a1f7cb4c1383bb53bfb5c6aa3e68ee8af52cd781e928e429c6c23136e584a99932f55e9d8ac7be9b2c2964ecfbf0af4b34d48a0c9f3 +[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-node-linux-ppc64le.tar.gz) | 9db8c4b540212241a6fa33f7cc66f1766a57f38e43c4df5794b28d4522ab5560ab3bedd0c3984110c2ae44777150a120fcd386d465c16ad33e46f9f5aa8f938c +[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-node-linux-s390x.tar.gz) | 4e61a53f0977f97274e4eb6dc835936d0633e97c0412c49b9f8b99cc0275811a61099c482d80a32217a8ca3653b2af221cc66e87342eb5244959d8de2268b94f +[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.34.8/kubernetes-node-windows-amd64.tar.gz) | 07883ccc283c734079080f6d9d06ce3cb7e168a0a0005f4ee10e9b1ca44de3f4da73372fc2c2d073e84d667bce2ddc2e448464509a7bddd6208cc0368ea0c33d + +### Container Images + +All container images are available as manifest lists and support the described +architectures. It is also possible to pull a specific architecture directly by +adding the "-$ARCH" suffix to the container image name. + +name | architectures +---- | ------------- +[registry.k8s.io/conformance:v1.34.8](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-s390x) +[registry.k8s.io/kube-apiserver:v1.34.8](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-s390x) +[registry.k8s.io/kube-controller-manager:v1.34.8](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-s390x) +[registry.k8s.io/kube-proxy:v1.34.8](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-s390x) +[registry.k8s.io/kube-scheduler:v1.34.8](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-s390x) +[registry.k8s.io/kubectl:v1.34.8](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kubectl-s390x) + +## Changelog since v1.34.7 + +## Changes by Kind + +### Bug or Regression + +- Fixed a bug where 64 bit IPv6 ServiceCIDRs allocated addresses outside the subnet range. ([#138385](https://github.com/kubernetes/kubernetes/pull/138385), [@hoskeri](https://github.com/hoskeri)) [SIG Network] +- Fixed a scheduler bug where replacing a Pod with the same name during a failed scheduling attempt could leave stale in-flight queue state and unbounded growth of in-flight event tracking. The scheduler now clears in-flight state using the UID from the scheduling attempt, not only the UID on the refreshed Pod object. ([#138435](https://github.com/kubernetes/kubernetes/pull/138435), [@Argh4k](https://github.com/Argh4k)) [SIG Scheduling] +- Fixed stale remote HNS endpoint cleanup on Windows when a pod IP is reused across nodes in L2Bridge networks, preventing DNS timeouts caused by traffic being routed to the wrong node. ([#138601](https://github.com/kubernetes/kubernetes/pull/138601), [@princepereira](https://github.com/princepereira)) [SIG Network and Windows] +- Kube-proxy does not perform full-sync operations when operation in large cluster mode (more than 1000 endpoints) ([#138637](https://github.com/kubernetes/kubernetes/pull/138637), [@aojea](https://github.com/aojea)) [SIG Network] +- Kubeadm: during 'kubeadm init', if the default 'admin.conf' and 'super-admin.conf' paths are used, load the files, but construct in memory kubeconfigs that point to the InitConfiguration.localAPIEndpoint instead of the ClusterConfiguration.controlPlaneEndpoint. This would resolve issues with delayed load balancers which are provisioned only after the first kube-apiserver instance starts. ([#138685](https://github.com/kubernetes/kubernetes/pull/138685), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] +- Kubeadm: skip LocalAPIEndpoint defaulting on 'kubeadm join' for worker nodes. ([#138804](https://github.com/kubernetes/kubernetes/pull/138804), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] +- Kubeadm: use a dedicated ClusterRole 'system:kubelet-api-admin' for the kube-apiserver kubelet client. ([#138960](https://github.com/kubernetes/kubernetes/pull/138960), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] +- Kubeadm: when checking the etcd cluster status use a quorum approach, instead of considering the health of all members. This would allow the check to not fail if there are sufficient healthy voting members. ([#138540](https://github.com/kubernetes/kubernetes/pull/138540), [@ahrtr](https://github.com/ahrtr)) [SIG Cluster Lifecycle] +- Kubelet_pod_start_sli_duration_seconds_bucket metric now matches pod startup latency SLI/SLO documentation. ([#138156](https://github.com/kubernetes/kubernetes/pull/138156), [@alimaazamat](https://github.com/alimaazamat)) [SIG Node] + +## Dependencies + +### Added +_Nothing has changed._ + +### Changed +_Nothing has changed._ + +### Removed +_Nothing has changed._ + + + # v1.34.7 From 1e8b97d1971933626943c16f816d59226ce95621 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Tue, 19 May 2026 16:29:03 -0400 Subject: [PATCH 2/9] Restore ability to plumb binary data through envvar values --- pkg/kubelet/container/runtime.go | 2 +- pkg/kubelet/kubelet_pods.go | 5 ++++- pkg/kubelet/kuberuntime/kuberuntime_container.go | 3 ++- staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go | 8 ++++---- staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto | 2 +- 5 files changed, 12 insertions(+), 8 deletions(-) diff --git a/pkg/kubelet/container/runtime.go b/pkg/kubelet/container/runtime.go index a6e8fa9c880b8..3ca2e79b2eb4d 100644 --- a/pkg/kubelet/container/runtime.go +++ b/pkg/kubelet/container/runtime.go @@ -454,7 +454,7 @@ type Image struct { // EnvVar represents the environment variable. type EnvVar struct { Name string - Value string + Value string // TODO: switch to []byte } // Annotation represents an annotation. diff --git a/pkg/kubelet/kubelet_pods.go b/pkg/kubelet/kubelet_pods.go index 9da9e5eacc415..5a41c950c01ba 100644 --- a/pkg/kubelet/kubelet_pods.go +++ b/pkg/kubelet/kubelet_pods.go @@ -758,7 +758,7 @@ func (kl *Kubelet) makeEnvironmentVariables(pod *v1.Pod, container *v1.Container var ( configMaps = make(map[string]*v1.ConfigMap) secrets = make(map[string]*v1.Secret) - tmpEnv = make(map[string]string) + tmpEnv = make(map[string]string) // TODO: switch to map[string][]byte ) // Env will override EnvFrom variables. @@ -790,6 +790,7 @@ func (kl *Kubelet) makeEnvironmentVariables(pod *v1.Pod, container *v1.Container k = envFrom.Prefix + k } + // TODO: validate no NUL bytes tmpEnv[k] = v } case envFrom.SecretRef != nil: @@ -817,6 +818,7 @@ func (kl *Kubelet) makeEnvironmentVariables(pod *v1.Pod, container *v1.Container k = envFrom.Prefix + k } + // TODO: validate no NUL bytes tmpEnv[k] = string(v) } } @@ -910,6 +912,7 @@ func (kl *Kubelet) makeEnvironmentVariables(pod *v1.Pod, container *v1.Container } return result, fmt.Errorf("couldn't find key %v in Secret %v/%v", key, pod.Namespace, name) } + // TODO: validate no NUL bytes runtimeVal = string(runtimeValBytes) case utilfeature.DefaultFeatureGate.Enabled(features.EnvFiles) && envVar.ValueFrom.FileKeyRef != nil: f := envVar.ValueFrom.FileKeyRef diff --git a/pkg/kubelet/kuberuntime/kuberuntime_container.go b/pkg/kubelet/kuberuntime/kuberuntime_container.go index a1d9453f8918d..2629094201414 100644 --- a/pkg/kubelet/kuberuntime/kuberuntime_container.go +++ b/pkg/kubelet/kuberuntime/kuberuntime_container.go @@ -34,6 +34,7 @@ import ( "time" codes "google.golang.org/grpc/codes" + crierror "k8s.io/cri-api/pkg/errors" "github.com/opencontainers/selinux/go-selinux" @@ -398,7 +399,7 @@ func (m *kubeGenericRuntimeManager) generateContainerConfig(ctx context.Context, e := opts.Envs[idx] envs[idx] = &runtimeapi.KeyValue{ Key: e.Name, - Value: e.Value, + Value: []byte(e.Value), } } config.Envs = envs diff --git a/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go b/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go index ab5bda03a6a57..98e3c33e1de4c 100644 --- a/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go +++ b/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go @@ -4078,7 +4078,7 @@ func (x *ImageSpec) GetRuntimeHandler() string { type KeyValue struct { state protoimpl.MessageState `protogen:"open.v1"` Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` - Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` + Value []byte `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -4120,11 +4120,11 @@ func (x *KeyValue) GetKey() string { return "" } -func (x *KeyValue) GetValue() string { +func (x *KeyValue) GetValue() []byte { if x != nil { return x.Value } - return "" + return nil } // LinuxContainerResources specifies Linux specific configuration for @@ -11571,7 +11571,7 @@ var file_staging_src_k8s_io_cri_api_pkg_apis_runtime_v1_api_proto_rawDesc = stri 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x32, 0x0a, 0x08, 0x4b, 0x65, 0x79, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x95, 0x04, 0x0a, 0x17, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x70, 0x75, 0x5f, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, diff --git a/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto b/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto index 9e7b26aa72e41..3649609bfc1e3 100644 --- a/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto +++ b/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto @@ -839,7 +839,7 @@ message ImageSpec { message KeyValue { string key = 1; - string value = 2; + bytes value = 2; } // LinuxContainerResources specifies Linux specific configuration for From 58b0072283aed1370d3400ebeea2530eeb3fa90d Mon Sep 17 00:00:00 2001 From: Anish Ramasekar Date: Wed, 13 May 2026 11:49:54 -0700 Subject: [PATCH 3/9] feat(volume): add IsRemount to MounterArgs Thread the reconciler's existing isRemount signal into MounterArgs so volume plugins can distinguish an initial publish from a republish (e.g. CSIDriver.spec.requiresRepublish=true). No behavior change. --- .../util/operationexecutor/operation_generator.go | 1 + pkg/volume/volume.go | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/pkg/volume/util/operationexecutor/operation_generator.go b/pkg/volume/util/operationexecutor/operation_generator.go index a79e6cb628b1a..9fd3eb7e2a9a6 100644 --- a/pkg/volume/util/operationexecutor/operation_generator.go +++ b/pkg/volume/util/operationexecutor/operation_generator.go @@ -586,6 +586,7 @@ func (og *operationGenerator) GenerateMountVolumeFunc( FSGroupChangePolicy: fsGroupChangePolicy, Recorder: og.recorder, SELinuxLabel: volumeToMount.SELinuxLabel, + IsRemount: isRemount, }) // Update actual state of world markOpts := MarkVolumeOpts{ diff --git a/pkg/volume/volume.go b/pkg/volume/volume.go index 36814591ccbce..eb269f8e3e503 100644 --- a/pkg/volume/volume.go +++ b/pkg/volume/volume.go @@ -138,6 +138,16 @@ type MounterArgs struct { // Optional interface that will be used to change the ownership of the volume, if specified. // mainly used by unit tests VolumeOwnershipApplicator VolumeOwnershipChanger + + // IsRemount is true when SetUp is being invoked on a volume that the + // reconciler considers already mounted to the pod, e.g. a periodic + // republish triggered by CSIDriver.spec.requiresRepublish=true. Volume + // plugins should use this to avoid destroying state (e.g. mount + // directories, volume metadata files) that the pod is currently + // observing through an existing bind mount, since teardown on a + // failed remount cannot be repaired by a subsequent successful + // remount and would leave the pod with stale contents. + IsRemount bool } type VolumeOwnershipChanger interface { From 1b82d45b7b0780b076f9a975d8d2ee9f69a31cf3 Mon Sep 17 00:00:00 2001 From: Anish Ramasekar Date: Wed, 13 May 2026 11:55:18 -0700 Subject: [PATCH 4/9] fix(csi): preserve mount dir on NodePublish error during remount On a remount (e.g. CSIDriver.spec.requiresRepublish=true), the volume is already published and the pod is observing the existing bind mount. Removing the mount dir on a NodePublish error left the pod with stale contents that subsequent successful republishes could not repair. --- pkg/volume/csi/csi_mounter.go | 6 ++- pkg/volume/csi/csi_mounter_test.go | 82 ++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+), 1 deletion(-) diff --git a/pkg/volume/csi/csi_mounter.go b/pkg/volume/csi/csi_mounter.go index fa8a8e5878989..b0803d3e71ac8 100644 --- a/pkg/volume/csi/csi_mounter.go +++ b/pkg/volume/csi/csi_mounter.go @@ -307,7 +307,11 @@ func (c *csiMountMgr) SetUpAt(dir string, mounterArgs volume.MounterArgs) error if csiRPCError != nil { // If operation finished with error then we can remove the mount directory. - if volumetypes.IsOperationFinishedError(csiRPCError) { + // Skip on remount (e.g. CSIDriver.spec.requiresRepublish=true): the volume + // was already published and the pod is observing the existing bind mount, + // so removing the mount dir here would leave the pod with stale contents + // that a subsequent successful republish cannot repair (#121271). + if volumetypes.IsOperationFinishedError(csiRPCError) && !mounterArgs.IsRemount { if removeMountDirErr := removeMountDir(c.plugin, dir); removeMountDirErr != nil { klog.Error(log("mounter.SetupAt failed to remove mount dir after a NodePublish() error [%s]: %v", dir, removeMountDirErr)) } diff --git a/pkg/volume/csi/csi_mounter_test.go b/pkg/volume/csi/csi_mounter_test.go index dedc6195f7f4b..5054af2f2a2e4 100644 --- a/pkg/volume/csi/csi_mounter_test.go +++ b/pkg/volume/csi/csi_mounter_test.go @@ -28,6 +28,8 @@ import ( "time" "github.com/google/go-cmp/cmp" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" authenticationv1 "k8s.io/api/authentication/v1" corev1 "k8s.io/api/core/v1" storage "k8s.io/api/storage/v1" @@ -1168,6 +1170,86 @@ func TestMounterSetUpWithFSGroup(t *testing.T) { } } +func TestMounterSetUpFWithNodePublishFinalError(t *testing.T) { + testCases := []struct { + name string + podUID types.UID + options []string + spec func(string, []string) *volume.Spec + isRemount bool + expectDataFileExists bool + }{ + { + // Regression test for https://github.com/kubernetes/kubernetes/issues/121271: + // when NodePublishVolume fails on a remount (e.g. a republish + // triggered by CSIDriver.spec.requiresRepublish=true), the + // mount directory and vol_data.json must be preserved so the + // pod continues to see the previously-published contents and + // a subsequent successful republish can refresh them in place. + name: "setup with remount preserves mount dir on final error", + podUID: types.UID(fmt.Sprintf("%08X", rand.Uint64())), + spec: func(fsType string, options []string) *volume.Spec { + pvSrc := makeTestPV("pv1", 20, testDriver, "vol1") + pvSrc.Spec.CSI.FSType = fsType + pvSrc.Spec.MountOptions = options + return volume.NewSpecFromPersistentVolume(pvSrc, false) + }, + isRemount: true, + expectDataFileExists: true, + }, + } + + for _, tc := range testCases { + volumeLifecycleModes := []storage.VolumeLifecycleMode{ + storage.VolumeLifecyclePersistent, + } + driver := getTestCSIDriver(testDriver, nil, nil, volumeLifecycleModes) + fakeClient := fakeclient.NewClientset(driver) + plug, tmpDir := newTestPlugin(t, fakeClient) + defer func() { + _ = os.RemoveAll(tmpDir) + }() + registerFakePlugin(testDriver, "endpoint", []string{"1.0.0"}, t) + t.Run(tc.name, func(t *testing.T) { + mounter, err := plug.NewMounter( + tc.spec("zfs", tc.options), + &corev1.Pod{ObjectMeta: meta.ObjectMeta{UID: tc.podUID, Namespace: testns}}, + ) + if mounter == nil || err != nil { + t.Fatal("failed to create CSI mounter") + } + + csiMounter := mounter.(*csiMountMgr) + csiMounter.csiClient = setupClient(t, true) + + attachID := getAttachmentName(csiMounter.volumeID, string(csiMounter.driverName), string(plug.host.GetNodeName())) + attachment := makeTestAttachment(attachID, "test-node", csiMounter.spec.Name()) + _, err = csiMounter.k8s.StorageV1().VolumeAttachments().Create(context.TODO(), attachment, meta.CreateOptions{}) + if err != nil { + t.Fatalf("failed to setup VolumeAttachment: %v", err) + } + + csiMounter.csiClient.(*fakeCsiDriverClient).nodeClient.SetNextError(status.Errorf(codes.InvalidArgument, "mount failed")) + + // Mounter.SetUp() + if err := csiMounter.SetUp(volume.MounterArgs{ + IsRemount: tc.isRemount, + }); err == nil { + t.Fatalf("mounter.Setup expected err but succeed") + } + + mountPath := csiMounter.GetPath() + volPath := filepath.Dir(mountPath) + dataFile := filepath.Join(volPath, volDataFileName) + _, statErr := os.Stat(dataFile) + exists := statErr == nil + if exists != tc.expectDataFileExists { + t.Errorf("volume file [%s]: exists=%v, want=%v (statErr=%v)", dataFile, exists, tc.expectDataFileExists, statErr) + } + }) + } +} + func TestUnmounterTeardown(t *testing.T) { plug, tmpDir := newTestPlugin(t, nil) defer os.RemoveAll(tmpDir) From b135fbae169b6d7d3597dfcb628be295c777e0b5 Mon Sep 17 00:00:00 2001 From: Rahul Date: Wed, 22 Apr 2026 13:48:04 -0700 Subject: [PATCH 5/9] fix(endpoint): avoid panic on services with empty IPFamilies Accessing svc.Spec.IPFamilies[0] without a bounds check panics when a service reaches the controller with an empty IPFamilies field. This can happen via watch events: the apiserver's defaultOnRead decorator populates IPFamilies on GET/LIST but not on watch (cachingObject wrapping bypasses the type assertion). Restore the inference logic removed in #130101: fall back to ClusterIP for headful services and pod IP for headless services. Signed-off-by: Rahul --- .../endpoint/endpoints_controller.go | 18 ++++- .../endpoint/endpoints_controller_test.go | 80 +++++++++++++++++++ 2 files changed, 96 insertions(+), 2 deletions(-) diff --git a/pkg/controller/endpoint/endpoints_controller.go b/pkg/controller/endpoint/endpoints_controller.go index 3624c1aa7d64d..f0bf0656d55c4 100644 --- a/pkg/controller/endpoint/endpoints_controller.go +++ b/pkg/controller/endpoint/endpoints_controller.go @@ -220,8 +220,22 @@ func (e *Controller) addPod(obj interface{}) { func podToEndpointAddressForService(svc *v1.Service, pod *v1.Pod) (*v1.EndpointAddress, error) { var endpointIP string - - wantIPv6 := svc.Spec.IPFamilies[0] == v1.IPv6Protocol + ipFamily := v1.IPv4Protocol + + // IPFamilies is expected to be populated by apiserver defaulting, but + // some services may reach this controller with an empty IPFamilies via + // watch events. Infer the family from ClusterIP or + // pod IP so we never panic on IPFamilies[0]. + if len(svc.Spec.IPFamilies) > 0 { + ipFamily = svc.Spec.IPFamilies[0] + } else if len(svc.Spec.ClusterIP) > 0 && svc.Spec.ClusterIP != v1.ClusterIPNone { + if utilnet.IsIPv6String(svc.Spec.ClusterIP) { + ipFamily = v1.IPv6Protocol + } + } else if utilnet.IsIPv6String(pod.Status.PodIP) { + ipFamily = v1.IPv6Protocol + } + wantIPv6 := ipFamily == v1.IPv6Protocol // Find an IP that matches the family. We parse and restringify the IP in case the // value on the Pod is in an irregular format. diff --git a/pkg/controller/endpoint/endpoints_controller_test.go b/pkg/controller/endpoint/endpoints_controller_test.go index 3ca945d6b1109..2334148ffb4b8 100644 --- a/pkg/controller/endpoint/endpoints_controller_test.go +++ b/pkg/controller/endpoint/endpoints_controller_test.go @@ -3167,3 +3167,83 @@ func TestSyncEndpointsAddDeletePorts(t *testing.T) { t.Fatalf("incorrect endpoints after deleting first port:\n%s", diff) } } + +func TestPodToEndpointAddressForServiceEmptyIPFamilies(t *testing.T) { + testCases := []struct { + name string + clusterIP string + podIPs []v1.PodIP + podIP string + wantErr bool + wantFamily v1.IPFamily + }{ + { + name: "headful IPv4, IPv4 pod", + clusterIP: "10.0.0.1", + podIPs: []v1.PodIP{{IP: "10.244.0.1"}}, + wantFamily: v1.IPv4Protocol, + }, + { + name: "headful IPv6, IPv6 pod", + clusterIP: "fd00::1", + podIPs: []v1.PodIP{{IP: "fd00::10"}}, + wantFamily: v1.IPv6Protocol, + }, + { + name: "headful IPv4, no matching pod IP", + clusterIP: "10.0.0.1", + podIPs: []v1.PodIP{{IP: "fd00::10"}}, + wantErr: true, + }, + { + name: "headless, IPv4 pod", + clusterIP: v1.ClusterIPNone, + podIPs: []v1.PodIP{{IP: "10.244.0.1"}}, + podIP: "10.244.0.1", + wantFamily: v1.IPv4Protocol, + }, + { + name: "headless, IPv6 pod", + clusterIP: v1.ClusterIPNone, + podIPs: []v1.PodIP{{IP: "fd00::10"}}, + podIP: "fd00::10", + wantFamily: v1.IPv6Protocol, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + svc := &v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, + Spec: v1.ServiceSpec{ + // Intentionally leave IPFamilies empty. + ClusterIP: tc.clusterIP, + }, + } + pod := &v1.Pod{ + ObjectMeta: metav1.ObjectMeta{Name: "foo-pod", Namespace: "bar", UID: "uid-1"}, + Spec: v1.PodSpec{NodeName: "node-1"}, + Status: v1.PodStatus{PodIP: tc.podIP, PodIPs: tc.podIPs}, + } + + addr, err := podToEndpointAddressForService(svc, pod) + if tc.wantErr { + if err == nil { + t.Fatalf("expected error but got addr=%v", addr) + } + return + } + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if addr == nil { + t.Fatal("expected an address but got nil") + } + isV6 := utilnet.IsIPv6String(addr.IP) + wantV6 := tc.wantFamily == v1.IPv6Protocol + if isV6 != wantV6 { + t.Errorf("got IP %q (IPv6=%v), want family %v", addr.IP, isV6, tc.wantFamily) + } + }) + } +} From 718d9e6d53f8105a5f39678d2d9a98fd5cb352ba Mon Sep 17 00:00:00 2001 From: "bo.jiang" Date: Thu, 28 May 2026 12:43:17 +0800 Subject: [PATCH 6/9] kubeadm: fix dry-run CA copy paths in init certs Signed-off-by: bo.jiang --- cmd/kubeadm/app/cmd/phases/init/certs.go | 14 +++-- cmd/kubeadm/app/cmd/phases/init/certs_test.go | 55 +++++++++++++++++++ 2 files changed, 65 insertions(+), 4 deletions(-) diff --git a/cmd/kubeadm/app/cmd/phases/init/certs.go b/cmd/kubeadm/app/cmd/phases/init/certs.go index 5d1df7453f09d..84280e52d9e83 100644 --- a/cmd/kubeadm/app/cmd/phases/init/certs.go +++ b/cmd/kubeadm/app/cmd/phases/init/certs.go @@ -18,6 +18,7 @@ package phases import ( "fmt" + "os" "path/filepath" "strings" @@ -216,20 +217,25 @@ func runCAPhase(ca *certsphase.KubeadmCert) func(c workflow.RunData) error { if cert, err := pkiutil.TryLoadCertFromDisk(data.CertificateDir(), ca.BaseName); err == nil { certsphase.CheckCertificatePeriodValidity(ca.BaseName, cert) + srcCertPath, srcKeyPath := pkiutil.PathsForCertAndKey(data.CertificateDir(), ca.BaseName) + dryRunCertPath, dryRunKeyPath := pkiutil.PathsForCertAndKey(data.CertificateWriteDir(), ca.BaseName) // If CA Cert existed while dryrun, copy CA Cert to dryrun dir for later use if data.DryRun() { - err := kubeadmutil.CopyFile(filepath.Join(data.CertificateDir(), kubeadmconstants.CACertName), filepath.Join(data.CertificateWriteDir(), kubeadmconstants.CACertName)) + if err := os.MkdirAll(filepath.Dir(dryRunCertPath), os.FileMode(0700)); err != nil { + return errors.Wrapf(err, "failed to create directory %s", filepath.Dir(dryRunCertPath)) + } + err := kubeadmutil.CopyFile(srcCertPath, dryRunCertPath) if err != nil { - return errors.Wrapf(err, "could not copy %s to dry run directory %s", kubeadmconstants.CACertName, data.CertificateWriteDir()) + return errors.Wrapf(err, "could not copy %s to dry run directory %s", fmt.Sprintf("%s.crt", ca.BaseName), data.CertificateWriteDir()) } } if _, err := pkiutil.TryLoadKeyFromDisk(data.CertificateDir(), ca.BaseName); err == nil { // If CA Key existed while dryrun, copy CA Key to dryrun dir for later use if data.DryRun() { - err := kubeadmutil.CopyFile(filepath.Join(data.CertificateDir(), kubeadmconstants.CAKeyName), filepath.Join(data.CertificateWriteDir(), kubeadmconstants.CAKeyName)) + err := kubeadmutil.CopyFile(srcKeyPath, dryRunKeyPath) if err != nil { - return errors.Wrapf(err, "could not copy %s to dry run directory %s", kubeadmconstants.CAKeyName, data.CertificateWriteDir()) + return errors.Wrapf(err, "could not copy %s to dry run directory %s", fmt.Sprintf("%s.key", ca.BaseName), data.CertificateWriteDir()) } } fmt.Printf("[certs] Using existing %s certificate authority\n", ca.BaseName) diff --git a/cmd/kubeadm/app/cmd/phases/init/certs_test.go b/cmd/kubeadm/app/cmd/phases/init/certs_test.go index 7ee76b6459c1a..fb8d3a97dc7ed 100644 --- a/cmd/kubeadm/app/cmd/phases/init/certs_test.go +++ b/cmd/kubeadm/app/cmd/phases/init/certs_test.go @@ -17,13 +17,17 @@ limitations under the License. package phases import ( + "os" + "path/filepath" "testing" "github.com/spf13/cobra" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" "k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow" + certsphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/certs" certstestutil "k8s.io/kubernetes/cmd/kubeadm/app/util/certs" + "k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil" pkiutiltesting "k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil/testing" testutil "k8s.io/kubernetes/cmd/kubeadm/test" ) @@ -33,10 +37,19 @@ type testCertsData struct { cfg *kubeadmapi.InitConfiguration } +type testDryRunCertsData struct { + testCertsData + certificateDir string + certificateWriteDir string +} + func (t *testCertsData) Cfg() *kubeadmapi.InitConfiguration { return t.cfg } func (t *testCertsData) ExternalCA() bool { return false } func (t *testCertsData) CertificateDir() string { return t.cfg.CertificatesDir } func (t *testCertsData) CertificateWriteDir() string { return t.cfg.CertificatesDir } +func (t *testDryRunCertsData) DryRun() bool { return true } +func (t *testDryRunCertsData) CertificateDir() string { return t.certificateDir } +func (t *testDryRunCertsData) CertificateWriteDir() string { return t.certificateWriteDir } func TestCreateSparseCerts(t *testing.T) { for _, test := range certstestutil.GetSparseCertTestCases(t) { @@ -63,3 +76,45 @@ func TestCreateSparseCerts(t *testing.T) { }) } } + +func TestRunCAPhaseCopiesExistingCAFilesToDryRunDir(t *testing.T) { + for _, ca := range []*certsphase.KubeadmCert{ + certsphase.KubeadmCertRootCA(), + certsphase.KubeadmCertFrontProxyCA(), + certsphase.KubeadmCertEtcdCA(), + } { + t.Run(ca.Name, func(t *testing.T) { + pkiutiltesting.Reset() + + sourceDir := t.TempDir() + writeDir := t.TempDir() + caCert, caKey := certstestutil.SetupCertificateAuthority(t) + certPath, _ := pkiutil.PathsForCertAndKey(sourceDir, ca.BaseName) + if err := os.MkdirAll(filepath.Dir(certPath), os.FileMode(0700)); err != nil { + t.Fatalf("failed to create source directory for %s: %v", ca.BaseName, err) + } + if err := pkiutil.WriteCertAndKey(sourceDir, ca.BaseName, caCert, caKey); err != nil { + t.Fatalf("failed to write source CA files for %s: %v", ca.BaseName, err) + } + + cfg := testutil.GetDefaultInternalConfig(t) + cfg.CertificatesDir = sourceDir + data := &testDryRunCertsData{ + testCertsData: testCertsData{cfg: cfg}, + certificateDir: sourceDir, + certificateWriteDir: writeDir, + } + + if err := runCAPhase(ca)(data); err != nil { + t.Fatalf("runCAPhase(%s) returned error: %v", ca.Name, err) + } + + if _, err := pkiutil.TryLoadCertFromDisk(writeDir, ca.BaseName); err != nil { + t.Fatalf("expected copied cert for %s in dry-run dir: %v", ca.BaseName, err) + } + if _, err := pkiutil.TryLoadKeyFromDisk(writeDir, ca.BaseName); err != nil { + t.Fatalf("expected copied key for %s in dry-run dir: %v", ca.BaseName, err) + } + }) + } +} From 2a666d32a12da3ab0a9211ecdc5079fd78d0398c Mon Sep 17 00:00:00 2001 From: Carlos Panato Date: Tue, 9 Jun 2026 15:17:32 +0200 Subject: [PATCH 7/9] Bump images and versions to go 1.25.11 and distroless iptables Signed-off-by: Carlos Panato --- .go-version | 2 +- build/build-image/cross/VERSION | 2 +- build/common.sh | 4 +- build/dependencies.yaml | 6 +- staging/publishing/rules.yaml | 126 ++++++++++++++++---------------- test/utils/image/manifest.go | 2 +- 6 files changed, 71 insertions(+), 71 deletions(-) diff --git a/.go-version b/.go-version index 0e0c284d88ab0..4fd1625308000 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.25.9 +1.25.11 diff --git a/build/build-image/cross/VERSION b/build/build-image/cross/VERSION index dad2fd49c4d51..6b39d3127b3b4 100644 --- a/build/build-image/cross/VERSION +++ b/build/build-image/cross/VERSION @@ -1 +1 @@ -v1.34.0-go1.25.9-bullseye.0 +v1.34.0-go1.25.11-bullseye.0 diff --git a/build/common.sh b/build/common.sh index 12b7a0960d4e2..d7f72ad2dace6 100755 --- a/build/common.sh +++ b/build/common.sh @@ -97,8 +97,8 @@ readonly KUBE_RSYNC_PORT="${KUBE_RSYNC_PORT:-}" readonly KUBE_CONTAINER_RSYNC_PORT=8730 # These are the default versions (image tags) for their respective base images. -readonly __default_distroless_iptables_version=v0.8.9 -readonly __default_go_runner_version=v2.4.0-go1.25.9-bookworm.0 +readonly __default_distroless_iptables_version=v0.8.11 +readonly __default_go_runner_version=v2.4.0-go1.25.11-bookworm.0 readonly __default_setcap_version=bookworm-v1.0.6 # These are the base images for the Docker-wrapped binaries. diff --git a/build/dependencies.yaml b/build/dependencies.yaml index 0d3b2aee10582..23ef831fca4ad 100644 --- a/build/dependencies.yaml +++ b/build/dependencies.yaml @@ -118,7 +118,7 @@ dependencies: # should also be updated, but go-runner is much harder to exploit and has # far less relevancy to go updates for Kubernetes more generally. - name: "registry.k8s.io/kube-cross: dependents" - version: v1.34.0-go1.25.9-bullseye.0 + version: v1.34.0-go1.25.11-bullseye.0 refPaths: - path: build/build-image/cross/VERSION @@ -166,7 +166,7 @@ dependencies: match: registry\.k8s\.io\/build-image\/debian-base:[a-zA-Z]+\-v((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?) - name: "registry.k8s.io/distroless-iptables: dependents" - version: v0.8.9 + version: v0.8.11 refPaths: - path: build/common.sh match: __default_distroless_iptables_version= @@ -174,7 +174,7 @@ dependencies: match: configs\[DistrolessIptables\] = Config{list\.BuildImageRegistry, "distroless-iptables", "v([0-9]+)\.([0-9]+)\.([0-9]+)"} - name: "registry.k8s.io/go-runner: dependents" - version: v2.4.0-go1.25.9-bookworm.0 + version: v2.4.0-go1.25.11-bookworm.0 refPaths: - path: build/common.sh match: __default_go_runner_version= diff --git a/staging/publishing/rules.yaml b/staging/publishing/rules.yaml index d24a43ae74669..b8f9de9e7e35d 100644 --- a/staging/publishing/rules.yaml +++ b/staging/publishing/rules.yaml @@ -19,13 +19,13 @@ rules: dirs: - staging/src/k8s.io/apimachinery - name: release-1.33 - go: 1.25.9 + go: 1.25.11 source: branch: release-1.33 dirs: - staging/src/k8s.io/apimachinery - name: release-1.34 - go: 1.25.9 + go: 1.25.11 source: branch: release-1.34 dirs: @@ -60,7 +60,7 @@ rules: dirs: - staging/src/k8s.io/api - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -69,7 +69,7 @@ rules: dirs: - staging/src/k8s.io/api - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -125,7 +125,7 @@ rules: go build -mod=mod ./... go test -mod=mod ./... - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -140,7 +140,7 @@ rules: go build -mod=mod ./... go test -mod=mod ./... - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -184,7 +184,7 @@ rules: dirs: - staging/src/k8s.io/code-generator - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -193,7 +193,7 @@ rules: dirs: - staging/src/k8s.io/code-generator - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -242,7 +242,7 @@ rules: dirs: - staging/src/k8s.io/component-base - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -255,7 +255,7 @@ rules: dirs: - staging/src/k8s.io/component-base - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -309,7 +309,7 @@ rules: dirs: - staging/src/k8s.io/component-helpers - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -322,7 +322,7 @@ rules: dirs: - staging/src/k8s.io/component-helpers - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -364,7 +364,7 @@ rules: dirs: - staging/src/k8s.io/kms - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -373,7 +373,7 @@ rules: dirs: - staging/src/k8s.io/kms - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -435,7 +435,7 @@ rules: dirs: - staging/src/k8s.io/apiserver - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -452,7 +452,7 @@ rules: dirs: - staging/src/k8s.io/apiserver - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -534,7 +534,7 @@ rules: dirs: - staging/src/k8s.io/kube-aggregator - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -555,7 +555,7 @@ rules: dirs: - staging/src/k8s.io/kube-aggregator - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -655,7 +655,7 @@ rules: # assumes GO111MODULE=on go build -mod=mod . - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -681,7 +681,7 @@ rules: # assumes GO111MODULE=on go build -mod=mod . - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -768,7 +768,7 @@ rules: # assumes GO111MODULE=on go build -mod=mod . - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -788,7 +788,7 @@ rules: # assumes GO111MODULE=on go build -mod=mod . - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -878,7 +878,7 @@ rules: required-packages: - k8s.io/code-generator - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -901,7 +901,7 @@ rules: required-packages: - k8s.io/code-generator - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -970,7 +970,7 @@ rules: dirs: - staging/src/k8s.io/metrics - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -985,7 +985,7 @@ rules: dirs: - staging/src/k8s.io/metrics - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -1041,7 +1041,7 @@ rules: dirs: - staging/src/k8s.io/cli-runtime - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.33 @@ -1054,7 +1054,7 @@ rules: dirs: - staging/src/k8s.io/cli-runtime - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.34 @@ -1114,7 +1114,7 @@ rules: dirs: - staging/src/k8s.io/sample-cli-plugin - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.33 @@ -1129,7 +1129,7 @@ rules: dirs: - staging/src/k8s.io/sample-cli-plugin - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.34 @@ -1190,7 +1190,7 @@ rules: dirs: - staging/src/k8s.io/kube-proxy - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -1205,7 +1205,7 @@ rules: dirs: - staging/src/k8s.io/kube-proxy - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -1240,13 +1240,13 @@ rules: dirs: - staging/src/k8s.io/cri-api - name: release-1.33 - go: 1.25.9 + go: 1.25.11 source: branch: release-1.33 dirs: - staging/src/k8s.io/cri-api - name: release-1.34 - go: 1.25.9 + go: 1.25.11 source: branch: release-1.34 dirs: @@ -1305,7 +1305,7 @@ rules: dirs: - staging/src/k8s.io/cri-client - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.33 @@ -1322,7 +1322,7 @@ rules: dirs: - staging/src/k8s.io/cri-client - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.34 @@ -1404,7 +1404,7 @@ rules: dirs: - staging/src/k8s.io/kubelet - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -1425,7 +1425,7 @@ rules: dirs: - staging/src/k8s.io/kubelet - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -1493,7 +1493,7 @@ rules: dirs: - staging/src/k8s.io/kube-scheduler - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -1508,7 +1508,7 @@ rules: dirs: - staging/src/k8s.io/kube-scheduler - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -1582,7 +1582,7 @@ rules: dirs: - staging/src/k8s.io/controller-manager - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.33 @@ -1601,7 +1601,7 @@ rules: dirs: - staging/src/k8s.io/controller-manager - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.34 @@ -1691,7 +1691,7 @@ rules: dirs: - staging/src/k8s.io/cloud-provider - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.33 @@ -1714,7 +1714,7 @@ rules: dirs: - staging/src/k8s.io/cloud-provider - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.34 @@ -1814,7 +1814,7 @@ rules: dirs: - staging/src/k8s.io/kube-controller-manager - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -1839,7 +1839,7 @@ rules: dirs: - staging/src/k8s.io/kube-controller-manager - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -1899,7 +1899,7 @@ rules: dirs: - staging/src/k8s.io/cluster-bootstrap - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -1910,7 +1910,7 @@ rules: dirs: - staging/src/k8s.io/cluster-bootstrap - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -1956,7 +1956,7 @@ rules: dirs: - staging/src/k8s.io/csi-translation-lib - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.33 @@ -1967,7 +1967,7 @@ rules: dirs: - staging/src/k8s.io/csi-translation-lib - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.34 @@ -1998,13 +1998,13 @@ rules: dirs: - staging/src/k8s.io/mount-utils - name: release-1.33 - go: 1.25.9 + go: 1.25.11 source: branch: release-1.33 dirs: - staging/src/k8s.io/mount-utils - name: release-1.34 - go: 1.25.9 + go: 1.25.11 source: branch: release-1.34 dirs: @@ -2081,7 +2081,7 @@ rules: dirs: - staging/src/k8s.io/kubectl - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.33 @@ -2104,7 +2104,7 @@ rules: dirs: - staging/src/k8s.io/kubectl - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.34 @@ -2186,7 +2186,7 @@ rules: dirs: - staging/src/k8s.io/pod-security-admission - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.33 @@ -2205,7 +2205,7 @@ rules: dirs: - staging/src/k8s.io/pod-security-admission - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.34 @@ -2301,7 +2301,7 @@ rules: dirs: - staging/src/k8s.io/dynamic-resource-allocation - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.33 @@ -2326,7 +2326,7 @@ rules: dirs: - staging/src/k8s.io/dynamic-resource-allocation - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: apimachinery branch: release-1.34 @@ -2397,7 +2397,7 @@ rules: dirs: - staging/src/k8s.io/endpointslice - name: release-1.33 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.33 @@ -2412,7 +2412,7 @@ rules: dirs: - staging/src/k8s.io/endpointslice - name: release-1.34 - go: 1.25.9 + go: 1.25.11 dependencies: - repository: api branch: release-1.34 @@ -2440,17 +2440,17 @@ rules: dirs: - staging/src/k8s.io/externaljwt - name: release-1.33 - go: 1.25.9 + go: 1.25.11 source: branch: release-1.33 dirs: - staging/src/k8s.io/externaljwt - name: release-1.34 - go: 1.25.9 + go: 1.25.11 source: branch: release-1.34 dirs: - staging/src/k8s.io/externaljwt recursive-delete-patterns: - '*/.gitattributes' -default-go-version: 1.25.9 +default-go-version: 1.25.11 diff --git a/test/utils/image/manifest.go b/test/utils/image/manifest.go index e7b79abbc7527..09ba581d60dd2 100644 --- a/test/utils/image/manifest.go +++ b/test/utils/image/manifest.go @@ -226,7 +226,7 @@ func initImageConfigs(list RegistryList) (map[ImageID]Config, map[ImageID]Config configs[APIServer] = Config{list.PromoterE2eRegistry, "sample-apiserver", "1.29.2"} configs[AppArmorLoader] = Config{list.PromoterE2eRegistry, "apparmor-loader", "1.4"} configs[BusyBox] = Config{list.PromoterE2eRegistry, "busybox", "1.37.0-1"} - configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.8.9"} + configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.8.11"} configs[Etcd] = Config{list.GcEtcdRegistry, "etcd", "3.6.4-0"} configs[Httpd] = Config{list.PromoterE2eRegistry, "httpd", "2.4.38-4"} configs[HttpdNew] = Config{list.PromoterE2eRegistry, "httpd", "2.4.39-4"} From ad7c7374b74c04d07ea041d367ecb1a526bdf758 Mon Sep 17 00:00:00 2001 From: Kubernetes Release Robot Date: Thu, 11 Jun 2026 17:37:08 +0000 Subject: [PATCH 8/9] Release commit for Kubernetes v1.34.9 From 28b33e80d50e4713d6e37d70c530a95529f481a2 Mon Sep 17 00:00:00 2001 From: John Sampson Date: Fri, 26 Jun 2026 15:59:33 -0400 Subject: [PATCH 9/9] UPSTREAM: : hack/update-vendor.sh, make update and update image --- openshift-hack/images/hyperkube/Dockerfile.rhel | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openshift-hack/images/hyperkube/Dockerfile.rhel b/openshift-hack/images/hyperkube/Dockerfile.rhel index e07acfe3bf84a..fe30be10c9a07 100644 --- a/openshift-hack/images/hyperkube/Dockerfile.rhel +++ b/openshift-hack/images/hyperkube/Dockerfile.rhel @@ -14,4 +14,4 @@ COPY --from=builder /tmp/build/* /usr/bin/ LABEL io.k8s.display-name="OpenShift Kubernetes Server Commands" \ io.k8s.description="OpenShift is a platform for developing, building, and deploying containerized applications." \ io.openshift.tags="openshift,hyperkube" \ - io.openshift.build.versions="kubernetes=1.34.8" + io.openshift.build.versions="kubernetes=1.34.9"