chore(deps): Update testing-tools

[github-actions]

This PR contains the following updates:

Package	Type	Update	Change
kubernetes-sigs/kind	testing_tools	minor	0.31.0 → 0.32.0
nvkind	testing_tools	digest	56db9be → 24c190e
tilt-dev/ctlptl	testing_tools	patch	0.9.3 → 0.9.4

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

kubernetes-sigs/kind (kubernetes-sigs/kind)

v0.32.0

Compare Source

This release contains critical dependency updates, bug fixes, and defaults to Kubernetes 1.36.1.

Breaking Changes

• The default node image is now kindest/node:v1.36.1@​sha256:3489c7674813ba5d8b1a9977baea8a6e553784dab7b84759d1014dbd78f7ebd5
• New node images requiring upgrading kind to kind load ...: Due to a containerd upgrade, you must upgrade kind to this release or newer to use kind load ... with the newly published node images. As always, we cannot gurantee full compatibility of node images between kind releases. You can use the digests from previous releases, upgrade kind, or build your own node-images.
• kubeadm v1beta4 config format is now used for Kubernetes 1.36.0+ If you are using versioned config patches, you must update to target v1beta4. Unversioned patches kind will attempt to convert as needed (more below in New Features). This change is required for Kubernetes 1.37+ which drops kubeadm v1beta3 config.
• Adoption of Envoy for Load Balancing in multi-control-plane node clusters: HAProxy has been replaced by Envoy (docker.io/envoyproxy/envoy:v1.36.2) as the load balancer in multi-control-plane (HA) clusters. If you rely on custom HAProxy loadbalancer configurations or images, please note that Envoy is now used.
• cgroup v1 warning: A warning is now printed if cgroup v1 is detected on the host. Kubernetes has deprecated support for cgroup v1, and at some point in the future KIND releases / node-images will also drop support for cgroup v1.

New Features

• kubeadm v1beta4 configuration support: KIND now uses the v1beta4 config format for Kubernetes v1.36.0+ while maintaining v1beta3 for v1.23.0 up to v1.35.x, and v1beta2 for older versions.
• Custom Merging & Version-Awareness for Kubeadm Config Patches:
  • KIND now automatically translates old-style map-based extraArgs / kubeletExtraArgs patches to the list-based v1beta4 format when targeting v1beta4 configs.
  • Config patches now append to extraArgs / kubeletExtraArgs / certSANs reliably. To overwrite or make other more precise patching, use json6902 patches.
• Support for containerd config v4 format: Enabled support for containerd's config v4 format in kind load and snapshotter parsing, which is required for newer containerd versions.
• Building Node Images from CI Artifacts: Added support to build node images from Kubernetes CI artifacts (resolving endpoints like https://dl.k8s.io/ci/latest.txt or CI build prefixes).
• Support for containerd version-aware containerd config patching: Like kubeadmConfigPatches, containerd config patching is now aware of version and if specified in patches will only apply patches that match the containerd config being used.
• Assorted dependency updates.

Images pre-built for this release:

• v1.36.1: kindest/node:v1.36.1@​sha256:3489c7674813ba5d8b1a9977baea8a6e553784dab7b84759d1014dbd78f7ebd5
• v1.35.5: kindest/node:v1.35.5@​sha256:ce977ae6d65918d0b58a5f8b5e940429c2ce42fa3a5619ec2bbc60b949c0ac95
• v1.34.8: kindest/node:v1.34.8@​sha256:02722c2dedddcfc00febf5d27fbeb9b7b2c14294c82109ff4a85d89ac9ba3256
• v1.33.12: kindest/node:v1.33.12@​sha256:3f5c8443c620245e4d355cfe09e96a91ead32ceaa569d3f1ca9edf0cb2fe2ff4

NOTE: You must use the @sha256 digest to guarantee an image built for this release, until such a time as we switch to a different tagging scheme. Even then we will highly encourage digest pinning for security and reproducibility reasons.

Fixes

• Fix permission error when creating pods with hostUsers: false (Kubernetes 1.36+).
• Handle registry ports correctly in image normalization logic (e.g., registry running on ports like localhost:5000/...).
• Handle empty port mapping listen addresses correctly (defaults to wildcard address).
• Skip /dev/mapper mount on rootless Docker.
• Assorted documentation fixes and improvements.

See also:

• https://kind.sigs.k8s.io/docs/user/quick-start/#creating-a-cluster
• https://kind.sigs.k8s.io/docs/user/quick-start/#building-images

NOTE: These node images support amd64 and arm64, both of our supported platforms. You must use the same platform as your host, for more context see #​2718

Contributors

Committers for this release:

• @​AnjaliMishra1st
• @​aojea
• @​BenTheElder
• @​dependabot[bot]
• @​dims
• @​egypcio
• @​george-angel
• @​immanuwell
• @​k8s-ci-robot
• @​rjbrown57
• @​shwetha-s-poojary
• @​stmcginnis
• @​tmchow
• @​yesdeepakverma

We'd also like to thank everyone who touched the codebase, filed issues, and helped the community!

tilt-dev/ctlptl (tilt-dev/ctlptl)

v0.9.4

Compare Source

What's Changed

• vendor: update to k8s 1.36 by @​nicks in #​411
• vendor: update to kind 1.32 by @​nicks in #​416

Full Changelog: tilt-dev/ctlptl@v0.9.3...v0.9.4

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[github-actions]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: .settings.yaml

Post-upgrade command './tools/update-helmfile-checksums v1.5.2' has not been added to the allowed list in allowedCommands