Changelog for
kubernetes1.24-proxy-1.24.17-3.2.x86_64.rpm :
* Mon Feb 26 2024 Priyanka Saggu
- add new patch to advance autoscaling v2 as the preferred API version, to fix bsc#1219964, CVE-2024-0793
* autoscaling-advance-v2-as-the-preferred-API-version.patch
* Thu Feb 22 2024 Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN.
* Wed Jan 03 2024 Bernhard Wiedemann - Add kubernetes-trimpath.patch for reproducible builds (boo#1062303)
* Wed Sep 20 2023 Priyanka Saggu - fixes for bsc#1214406- update `Wants` directive in [Unit] section of `kubelet.service`:
* add: `containerd.service`
* remove: `docker.service`- updating container runtime prerequisites: (Refer: k8s.io/docs/setup/production-environment/container-runtimes/#install-and-configure-prerequisites)
* update `90-kubeadm.conf` to add below iptables rules: - net.bridge.bridge-nf-call-iptables = 1 - net.bridge.bridge-nf-call-ip6tables = 1
* update `kubeadm.conf` to add `overlay` kernel module
* update .spec file to: - add post-installation scriptlet for `kubeadm` package to enable iptables rules defined in `90-kubeadm.conf` using sysctl - add conditional checks to load kernel modules (br_netfilter, overlay) in `kubelet-common` package post-installation scriptlet - update `kubelet-common` post scriptlet to correctly update `KUBELET_VER` var in `/etc/sysconfig/kubelet` file based on fillup template- add below to `kubelet` subpackage to recommend installing correct version of package providing `kubernetes-kubelet-common` :
* `Recommends: kubernetes-kubelet-common = %{version}`- add below to `kubeadm` subpackage to recommend installing correct version of `kubelet` and `kubelet-common` packages:
* `Recommends: kubernetes%{baseversion}-kubelet`
* Tue Sep 12 2023 priyanka.sagguAATTsuse.com- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.20.7`- Update to version 1.24.17:
* Release commit for Kubernetes v1.24.17
* Use environment varaibles for parameters in Powershell
* Use env varaibles for passing path
* Fix capture loop vars in parallel or ginkgo tests
* Update protoc check for verify-generated-kms
* [release-1.24] releng/go: Bump images, versions and deps to use Go 1.20.7
* Update CHANGELOG/CHANGELOG-1.24.md for v1.24.16
* kmsv1: attempt AES-GCM before AES-CBC on reads
* Wed Jul 26 2023 Priyanka Saggu - Update: `BuildRequires: go >= 1.20.6`- Update: `BuildRequires: golang(API) = 1.20`- Update to version 1.24.16:
* [release-1.24] releng/go: Bump images, versions and deps to use Go 1.20.6
* Fix the converts an empty string to nil.
* Only declare job as finished after removing all finalizers
* Fix deadlock in ready test
* deps: Bump to cAdvisor v0.44.2
* Fix the git-repo test error caused by the correct use of loop variables
* kubeadm: remove function pointer comparison in phase test
* test server side apply patch
* don\'t process unsupported loadbalancers with mixed protocols
* make MixedProtocolNotSupported public
* Tue Jun 20 2023 Priyanka Saggu - remove: kube-apiserver-admission-plugin-policy.patch
* patch included upstream in the v1.24.15 patch version release- remove: kubernetes1.24.13.obscpio
* Thu Jun 15 2023 Priyanka Saggu - v1.24.15 includes Security Patch Fix for CVE-2023-2727 (bsc#1211630) and CVE-2023-2728 (bsc#1211631)- Update: `BuildRequires: go >= 1.19.10`- Update to version 1.24.15:
* Release commit for Kubernetes v1.24.15
* update-vendor: update vendored go.sums
* [release-1.24] releng/go: Update images, deps and ver to go 1.19.10
* kube-proxy avoid race condition using LocalModeNodeCIDR
* Add ephemeralcontainer to imagepolicy securityaccount admission plugin
* Switch to assert.ErrorEquals from assert.Equal to check error equality
* kubeadm: Make etcd member removal idempotent
* kubeadm: Add etcd client unit tests
* kubeadm: Use internal etcd client through an interface
* update webhook test to go 1.21
* Test APIService safe handling at startup
* Fix waiting for CRD sync at server start
* kubeadm: fix a bug where the static pod changes detection logic is inconsistent with kubelet
* Update CHANGELOG/CHANGELOG-1.24.md for v1.24.14
* vclib: Modify x509.UnknownAuthorityError unwrap check
* vsphere: Adapt to govmomi version bumps
*
*: Bump version of vmware/govmomi
* Mon Jun 12 2023 Priyanka Saggu - Update BuildRequires: `go >= 1.19.9`- Update to version 1.24.14:
* Release commit for Kubernetes v1.24.14
* [1.24] vendor: bump runc to 1.1.6
* benchmark test to evaluate the overhead of podMatchesScopeFunc
* Fix incorrect calculation for ResourceQuota with PriorityClass as its scope
* releng/go: Update images, dependencies and version to Go 1.19.9
* Fix directory mismatch for `volume.SetVolumeOwnership()`
* use case-insensitive header keys for http probes
* add log includes pod preemption details
* fix: the volume is not detached after the pod and PVC objects are deleted
* Bump konnectivity-client to 0.0.37
* Do not look at VPC-related resources outside the cluster\'s network
* kubelet: Do not mutate pods in the pod manager
* Logging, remove LookPath in detectSafeNotMountedBehavior
* Take canSafelySkipMountPointCheck package-private, reduce log visibility for removePath.
* Add test for detectSafeNotMountedBehavior.
* Add test for CanSafelySkipMountPointCheck
* Correct detection of \'not mounted\' behavior -- umount will exit with a non-zero code.
* Skip mount point checks when possible during mount cleanup.
* Return error for localhost seccomp type with no localhost profile defined
* Thu Jun 08 2023 Priyanka Saggu Security Patch Fix for CVE-2023-2727 (bsc#1211630) and CVE-2023-2728 (bsc#1211631)
* added patch: kube-apiserver-admission-plugin-policy.patch
* this new kube-apiserver component patch prevents ephemeral containers:
*
* from using an image that is restricted by ImagePolicyWebhook (CVE-2023-2727)
*
* from bypassing the mountable secrets policy enforced by the ServiceAccount admission plugin (CVE-2023-2728)
* Thu Apr 27 2023 Priyanka Saggu - Update `Requires` in the \"kubernetes1.24-client\" pkg to:
* Requires: kubernetes%{baseversion}-client-common- Remove following `Obsoletes` from the \"kubernetes1.24-client-common\" pkg:
* Obsoletes: kubernetes%{baseversionminus1}-client-common
* Thu Apr 13 2023 Priyanka Saggu - Update to version 1.24.13:
* Release commit for Kubernetes v1.24.13
* releng/go: Update images, dependencies and version to Go 1.19.8
* wait again on pending state
* cacher allow context cancellation if not ready
* Drop development dependencies from test targets
* apiserver cacher: don\'t accept requests if stopped
* Clear front proxy headers after authentication is complete
* Make prerelease tag optional in CI versions
* Annotate CI version regexes
* Drop unused regex grouping
* Delete unused version regex function
* kubelet: Fix fs quota monitoring on volumes
* fsquota: only generate pod uuid is nil
* Change where transformers are called.
* Route controller should update routes with NodeIP changed When a node reboots or kubelet restarts, it is possible that its IP is changed. In this case, node route should be updated with the correct IP. In this PR, it checks if the IP in an existing route is the same as the actual one. If not, it marks it as \"update\" so the old route will be deleted and a new one will be created. There\'s a new field EnableNodeAddresses, which is a feature gate for specific cloud providers to enable after they update their cloud provider code for CreateRoute().
* client-go/cache: update Replace comment to be more clear
* client-go/cache: rewrite Replace to check queue first
* client-go/cache: merge ReplaceMakesDeletionsForObjectsInQueue tests
* client-go/cache: fix missing delete event on replace without knownObjects
* client-go/cache: fix missing delete event on replace
* Bump konnectivity-client to v0.0.36
* test: demote service ClientIP affinity timeout tests from conformance
* Wed Apr 12 2023 Priyanka Saggu - add kubernetes1.18-client-common as conflicts with kubernetes-client-bash-completion
* Mon Mar 27 2023 Robert Munteanu - Stronger conflicts for completion packages
* Mon Mar 27 2023 Robert Munteanu - Add proper obsoletes for completion packages
* Tue Mar 21 2023 Priyanka Saggu - Update to version 1.24.12:
* Release commit for Kubernetes v1.24.12
* One lock among PodNominator and SchedulingQueue
* releng/go: Update images, dependencies and version to Go 1.19.7
* Fix for windows kube-proxy: \'externalTrafficPolicy: Local\' results in no clusterIP entry in windows node.
* Re-enable label selector
* Add integration test for diff --prune --selector
* Use label selector for filtering out resources when pruning. Matches same behavior as for kubectl apply
* scheduler/framework/plugins/volumebinding: fix inaccurate log for when a volume is bound to a claim
* Remove check for CSI driver running on node for CSI migration attach operations
* Simplify construction of /metrics request
* Move CSI json file saving to SetUpAt()
* Fix for issue with Loadbalancer policy creation for IPV6 endpoints in Dualstack mode.
* Invoke gimme from kube::golang::verify_go_version
* Defer builds to test-cmd and test-integration targets
* Carefully compute request path for metrics
* Wed Mar 15 2023 Robert Munteanu - Split individual completions into separate packages
* Thu Mar 09 2023 Robert Munteanu - Use upstream fish completions and obsolete external package
* Thu Mar 02 2023 Priyanka Saggu - update patch files to reflect upstream registry changes from k8s.gcr.io to registry.k8s.io
* kubeadm-opensuse-registry.patch
* revert-coredns-image-renaming.patch
* Thu Mar 02 2023 Priyanka Saggu - Update to version 1.24.11:
* Release commit for Kubernetes v1.24.11
* releng: Update images, dependencies and version to Go 1.19.6
* Update golang.org/x/net to v0.7.0
* Pin golang.org/x/net to v0.4.0 in 1.24
* kubelet/client: collapse transport wiring onto standard approach
* apiserver: remove 34s from DELETECOLLECTION rest handler
* update prev succeeded indexes for indexed jobs unconditionally
* use custom dialer for http probes
* use custom dialer for tcp probes
* add custom dialer optimized for probes
* bump honnef.co/go/tools to support go1.20
* Fix issue that Audit Server could not correctly encode DeleteOption
* Do not include scheduler name in the preemption event message
* Do not leak cross namespace pod metadata in preemption events
* pkg/controller/job: re-honor exponential backoff
* releng: Update images, dependencies and version to Go 1.19.5
* Explicitly call rand.Seed() method
* Improve vendor verification works for each staging repo
* Bump Konnectivity to v0.0.35
* Add pod to dsw if termination is not completed during reconstruction #issues/113979
* integration: migrate taint tests
* integration: migrate scoring tests
* integration: migrate preemption tests
* integration: migrate plugings tests
* integration: migrate extender tests
* integration: scheduler: migrate PDB from v1beta1 to v1
* Fix issues in volumesnapshot test for ephemeral storage
* update golangci-lint for go 1.19
* golang: Update to 1.19
* Adjust for os/exec changes in 1.19
* Update golangci-lint to 1.46.2 and fix errors
* Windows Kube-Proxy implementation for internal traffic policy.
* Fix a regression that scheduler always go through all Filter plugins
* Fix SPDY proxy authentication with special chars
* Creating Ingress IP loadbalancer alone when all the endpoints are terminating. KEP1669
* change k8s.gcr.io/pause to registry.k8s.io/pause
* Update golang.org/x/net 1e63c2f
* image pull event include duration with waiting
* kubelet: make the image pull time more accurate in event
* update structured-merge-diff to 4.2.3
* regression test for exponential recursion bug on CRDs
* Fix endpoint reconciler failing to delete masterlease
* kubeadm: remove v1.25 etcd \"3.5.6-0\" for v1.24
* use etcd 3.5.6-0 after promotion
* changelog: CVE-2022-3294 and CVE-2022-3162 were fixed in v1.23.14
* upgrade system-validators to v1.8.0 for a bugfix of cgroupv2 io check
* Introducing LoadbalancerPortMapping flags for VipExternalIP
* egress_selector: prevent goroutines leak on connect() step.
* Merge pull request #113133 from sxllwx:automated-cherry-pick-of-#113133-upstream-release-1.25
* Fixed (CVE-2022-27664) Bump golang.org/x/net to v0.1.1-0.20221027164007-c63010009c80
* Add CVE-2022-3162 to CHANGELOG-1.24.md
* tls.Dial() validates hostname, no need to do that manually
* e2e: use custom timeouts in GetSnapshotContentFromSnapshot()
* test/e2e/storage: replace hardcoded value with custom timeout in cleanup routine
* StatefulSet: Cleanup the complex defer function updating the status
* Be sure to update the status of StatefulSet even if the new replica creation fails
* added retries to winkernel proxy rules deletion
* added backend hashing to winkernel proxier
* kubelet: fix pod log line corruption when using timestamps and long lines
* kubeadm: mutate ClusterConfiguration.imageRepository to \"registry.k8s.io\"
* kubeadm: use registry.k8s.io instead of k8s.gcr.io
* add GetAllocatableCPUs test in cpumanager
* fix GetAllocatableCPUs in cpumanager
* e2e: restore volume lifecycle checks for csi-hostpath driver
* kubelet: fix volume reconstruction for CSI ephemeral volumes
* NodeLifecycleController: Remove race condition
* kube-proxy wait for cluster cidr skip delete events
* kube-proxy handle node PodCIDR changs
* kube-proxy: gate topology correctly
* service update event should be triggered when appProtocol in port is changed.
* filter out terminated containers in cadvisor_stats_provider
* Fix winkernel proxier setting the wrong HNS loadbalancer ID for ingress IP
* Bump konnectivity-client to v0.0.33
* Fix list estimator for lists that are executed as gets
* kubeadm: allow RSA and ECDSA format keys in preflight check
* Limit redirect proxy handling to redirected responses
* Make sure auto-mounted subpath mount source is already mounted
* Call SetupDevice only if Volume is not globally Mounted
* Fixes kubelet log compression on Windows
* Add zone field to vsphere test cloudconfig
* Reduce default gzip compression level from 4 to 1 in apiserver
* exec auth: support TLS config caching
* Add an option for aggregator
* Update go-runner to v2.3.1-go1.18.6-bullseye.0
* Update kube-cross image to v1.24.0-go1.18.6-bullseye.0
* Fix problem in updating VolumeAttached in node status
* Call queueSet::boundNextDispatchLocked enough
* Always log APF InitialSeats and FinalSeats values
* Marshal MicroTime to json and proto at the same precision
* Windows: ensure runAsNonRoot does case-insensitive comparison on user name
* Tolerate sub-microsecond eventTime changes on update
* Improve kubectl display of invalid errors
* fix unmatch reason when updating pod status
* fix nestedPendingOperations mount and umount parallel bug
* client-go/rest: check if url is nil to prevent nil pointer dereference
* Revert \"client-go: remove no longer used finalURLTemplate\"
* Skip \"instance not found\" error for LB backend address pools
* Update cel-go to v0.10.2.
* fix a memory leak problem when calling DryRunPreemption
* Fix JobTrackingWithFinalizers when a pod succeeds after the job fails
* Use CheckAndMarkAsUncertainViaReconstruction for uncertain volumes
* Remove volume from found during reconstruction if mounted
* Add unit test for verifying if processReconstructedVolumes works as expected
* Fix code to process volumes which were skipped during reconstruction
* Keep track of each pod that uses a volume during reconstruction
* allow namespace admins to use leases to encourage migration off of configmaps
* Fix: filter out unsatisfied nodes when calling AddPod in PodTopologySpread
* Fix `kubeadm upgrade plan` issue with FQDN nodes names
* Add rate limiting when calling STS assume role API
* Fix kubelet panic when accessing metrics/resource endpoint
* Fixing issue in generatePodSandboxWindowsConfig for hostProcess containers by where pod sandbox won\'t have HostProcess bit set if pod does not have a security context but containers specify HostProcess.
* Add retry logic for Unix Domain sockets on Windows
* Execute the Run function of kubelet, no log output after failure
* Prune defaults for CRD serving
* Tue Jul 19 2022 jkowalczykAATTsuse.com- Update to version 1.24.3:
* Do not skip job requeue in conflict error
* kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join
* endpointslices: node missing on Pod scenario
* fix metrics for placeholder slice
* fix a bug on endpointslices tests comparing the wrong metrics
* kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join
* GIT-110239: fix activeDeadlineSeconds enforcement bug
* kubeadm: handle dup unix:// prefix in node annotaiton
* fix: --chunk-size with selector returns missing result
* Fix unnecessary recreation of placeholder EndpointSlice
* kubeadm: fix error adding extra prefix unix://
* e2e: add storage capability for offline volume expansion
* add missing error handling steps
* Update CHANGELOG/CHANGELOG-1.24.md for v1.24.2
* apiserver: printers should use int64
* fix image pulling failure when IMDS is unavailalbe in kubelet startup
* e2e: ensure single image for populator containers
* fix: exclude non-ready nodes and deleted nodes from azure load balancers- Require only BuildRequires: golang(API) = 1.18 pinned Go major version. Remove potentially conflicting BuildRequires: go >= x.y.z. The plan for future updates is BuildRequires: golang(API) >= 1.18 minimum Go major version.
* Wed Jun 22 2022 jkowalczykAATTsuse.com- Update to version 1.24.2:
* move the ignore logic higher up to the reconciler
* Ignore EndpointSlices that are already marked for deletion
* test: update graceful node shutdown e2e with watch
* kubelet: Mark ready condition as false explicitly for terminal pods
* agnhost: bump version 2.39
* Update Go to 1.18.3
* add service e2e tests
* kubelet: add e2e test to verify probe readiness
* kubelet: only shutdown probes for pods that are terminated
* kubelet: Pod probes should be handled by pod worker
* cpu manager policy set to none, no one remove container id from container map, lead memory leak
* fix audit union loop variables in closures
* Updating e2e test to check EndpointSlices and Endpoints as well
* e2e: services with evicted pods doesn\'t have endpoints
* e2e test for evicted pods
* endpoints controller: don\'t consider terminal endpoints
* endpointslices: terminal pods doesn\'t receive enpoints
* add pod util to verify pod is terminal
* Update CHANGELOG/CHANGELOG-1.24.md for v1.24.1
* Add test for checking ephemeral volume expansion
* Fix resizing of ephemeral volumes
* Winkernel proxier cache HNS data to improve syncProxyRules performance
* GCE Windows: Copy the CNI binaries from the right folder
* Tue Jun 21 2022 jkowalczykAATTsuse.com- Update to version 1.24.1:
* kubeadm: remove checking legacy taint for kubeadm-kinder-latest-on-1-24
* Fix requests scope classification
* Update Go to 1.18.2
* Integration test for openapi scale & status
* Remove warning log for merging meta and scale type
* authn: fix cache mutation by AuthenticatedGroupAdder
* GCE: skip updating and deleting external loadbalancers if service is managed outside of service controller
* Wait for cache to sync in job\'s TestWatchOrphanPods
* Fix ServiceIPStaticSubrange assigns duplicate IP addresses
* Fix OpenAPI loading error caused by empty APIService
* kubeadm: only taint CP nodes when the legacy \"master\" taint is present
* Test Foreground deletion in job integration
* Fix removing finalizer from finished jobs
* Don\'t mark job as failed until expectations are satisfied
* Integration test for backoff limit and finalizers
* Update CHANGELOG/CHANGELOG-1.24.md for v1.24.0
* Do not wrap lines if we can\'t read term size
* Thu May 05 2022 Jeff Kowalczyk - Initial package