kubernetes1.24-kubeadm-1.24.17-150500.3.24.1<>,Hfp9|N i:@9{8L1#{.Qo@,P7?̺3lM a<QRD#ÔK;κr}VŚ RAspt؏fTc/mͳΔN&$UI.?Ezk5Vv~)ă" u0)S7_чk!ںwhn^݃uT@~IfuqLwiWSyU|gg_6^7ikeaX h[>I\?Ld! / U% ;Mdjr8ww w w w %Cw %w'w)w,>,lw.H..0#0T0X0t(0u80|90:3>BFGwHwIwX8YDZx[|\w]\w^ bcdeflu,wvwwxwyzHCkubernetes1.24-kubeadm1.24.17150500.3.24.1Kubernetes kubeadm bootstrapping toolManage a cluster of Linux containers as a single system to accelerate Dev and simplify Ops. kubeadm bootstrapping toolfh04-armsrv1ޥSUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/System/Managementhttps://kubernetes.io/linuxaarch64# Check if sysctl command is available if [ -x /usr/sbin/sysctl ]; then # Run sysctl --system after the package installation /usr/sbin/sysctl -p /usr/lib/sysctl.d/90-kubeadm.conf || true fiA8*34 [,^Ms9UTU.N=9\f3SV&  xWc7={\1L .9w; q^2=WWV kA큤A큤A큤f|fffffd旿d旿d旿fd旿ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff5d98296b7a311ddf9431a47be70dfdb9bace2d8039815d987c2a11bc88047e0995e65be69caa159cb42fc9430135aa29ee4bb62fb07318ec05bfc9660e6a89575f49eab5bfbb68772cb4b2cc32f8192063a15aa834c0707b554dd5871443f58077a3279b190288856b004e7eee6abb0f7118faaa94e1e448fd9dc6b1c5d4c1a65a528a434fb62a7edaf069a887f1e441fb0873c3ace674a37a658feed50d64c6639af1c94c39ded3a781d1f82c7075b6af898b7bb6d284ea0313278568c54231ecd8ae86f67b8215c9e99d6d69d3645ab4527673c167e3f1f199d3c98b17994acfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d3065b13a1ff7ee1f3d5e6e289676c4eff70966de91255194e5fee5c778f949346417bbfd84fab4e33510bf18513adba634b3dedd797a738402ef82eff1d2450ad84dfe4201231f92d9a1d4aeb18b0b2ce987ffdd5158a9efd2704cf967fdca5084e1a9ee81225e3cfc4fe5eb4f828ca8d907c15e8aa22db3a3867cebc82b15af35ffb85ed7dd7dec7dfbf0e43e39c1106f578f10f4b54040ee6dcd8d999d61109cde639c0d53410442adbb72c3785d802687d5f90952fd41067a32d481250686c9d90c18bfad638f8f86ea55ec567e127988516413aae613e4627ae7f6c59a3c74d92669d3d57c59e0d76e77f0c1279302ada17327587406b43bd632281a9fd1b8ca6347c797a0246bb64f1336b7b9a3128a151759e5719b08923739a3ecca41f49094bd34bc37976c09db8adc62137f1ed0b73e4849f160bc517c435bc527142084cb681647546e5b724c9e394bc83c688b993d111cfeabbdb4c4d6f926784d6a69686392643d3f7b2f3b9a7d2d3e934e645cba5562d408b233f7c76f2989836ee65bdf4c67a6680f8575b96ed877fc76195f7b29f56c5ebdee6136eb19a8b184dedc5d38490caf3f330ab9c5b887ce75432769423bfb9005d91874d112c57519cf033a8026d2f2a139b24db16737c65d636f212a3b077786d13f37bb4f769a9b915912c23621c66dc78ca09b70f0a58909068fb015205e096e9583451470bea7d5dde6dfd4eb73abb4ca1046e7fbdc3692eec44acf778fa82a8661c152f6dc386379f6127468937746ae0f4094aec0455125cb42f4a0687ad75e862f9de2160019c590a1903113bcfac290df6ce6502294f03ee4316d0b124eaaf9f93b1db463da2ce2f15d06d8427071ca892c8873a7b467ef76d17322a62d6f460aedbef1843a5aee97f0997b9d9eb85947e7b23a9e32c03b007a24b0dc61c2322e691882478a3f6a3424fe174389d9d5f50c57cef379a028ac57bbceaa35e42aa08bd602df68ec6ddd72a88209fc6ca5692ae70c74734a5240e2e77a6e5178345f2054ef8618b1b6c77548b0266ce71f9ec9ad2798178058dae93afab94ec1a188e82af0f95a82ec230a71c7bc3a3ea339982b7fbdf081211450847f2990cfb1963f2384efb3662316b09105c0ada4f7ffdb1ad41a00792d605d49213e0904113f97eacca28fb041ab0b3a014b5fd899c44b583547e18172c5713486a7eddf85013a35fdcfa4cdf3a9fc2f63a20f7b7d11559f3c34b8d166490c2df2ea2be5e96077befdf8a2267f21f206c240d2420bccefcbf2e1ba137470e495bdb7bbe7730e2acef67f44203b43fe7269737d56556aa344134791b253bae6f60838ed3061fe14ada8ab90528d59f1f0efc9a55e8ea46a3ab54b28292339c1fd7c487021c6e64a51536f75047de50fd7b4606849ba3b0797bd8d7b9787ac6c62913571fadf8c80c7b02d28874ed4f38a7ea71925afc3eaabbc9979279097bd836348608628c0119760a1e17f632e028589d0e51aac6b67db23be1a31b8a70302288136869a56e9ca4f21e11fb0be40fde74a43b79bf8b5a7c47669c3445fb5ad5fdc3e09c7e6b1a38468a42ce953b5697e41372262a9afd9fb68498aed486c1b98ac81a7f104975f56ee472980b250a421dc05c138cc4b53d7b2def3033f318b89c968ec31748ed196250d0b7fd5981e42667fbe90867bb3985f3adbf401a36414fd31f24ea254e69153d077424aa5b30f212c55ba0272baeec74255e500122338757fd512e1145b642d2ec36c79c6eee24b4e5886a658e02bdb329769b674baf69d5a02f6dac1fd565bd942567d76c061cb9b35b270d4b53587b701d5c0675aa79b489a7e4780ac81867698f9e0d1c8336b7c7514af3280fcac0731e247cf9e8417698509b07455bb4bea40cfe6ea59b419199a04ac4377b388048f474467b596dd5d8c4255377272e757c84abb35222e903bfdc0bef5391b4f7351aaa7a2018a7e9fed533368c49781396dd71b554380e9e1ccc9acf575087f83ca29b3f7325389c8c06fe0dba1874bceaa71e8163e682763648f8bf8b361a23ccaef078e44e775faf725b40e701167b33fdc7951e7790cc80d4a709eb617cef21efd2e6fb071e997f5232f421132d01e2a11057a922d94d3f62cb3086167488eaaf86d4daadde605c1292a1cac52e540b71c1b38d7555907c12709f781d03f2457d116362324b11854eb53862da9df55ccc248bcf01caa47034c0ffd6c1787d96e6135fa62e3d3ea1071fe0493097127c7c7d1bc1f15c2cc0c1645d41ecf0690fe7dc9af3549b78b17fb3a12178e89dd2214e40311a4caa0d7c70ebe495db4bf464967117fad71caf73b809eab5708a9a78a40686c8f070adc3bf5685304137bc542b70fd7894d4d403ceb339f988320eb61b2653b87bc555609fb44df9481ebdd3257feac1b8549cc40c0a9c799ccbfcd2dc3bcdd24c2e0c4246bd010e744e8fd3349cf2ce3670c6cded191c8f1263a6145f5e8397a5d015159e9685f0f5420298125aa8b366cb0a66432923bb054eb8222ed2ab9b7a816ce1d37917e7b96d64e1dcb36a0e65fd171bf978693b77ccc7e9f551bb3381493334e168675b297aaaf5e8ba4e1dc3835ffb30b7d100db2c368420e29841704955df5a2d51712686d19a749ac3e61aafa525eac007b85cba576cd2ae5751e9ea4f4db944f4a3aa7dee2719101334207ac533659e4e63dbbfcbc1e94950e750a61aab0e80717939832cf6b9e2510bd2d117c4a3ad9b925f6668c1e80e0797e1e34d28258e3f7b820e8dee8b8abe23a304355737f78f27e403b16db3d04154045aad7aa57def84214404647cd2ced84c06cb532fd18c67a4578876f856d34c88279c445fc483b8ef79009a85341d81a49ea1ad548b013ccbad69e5e21a447514ffdc6947e43588a00d8168163f2c0c57efa900b67b17585f1fa55a2f4b4815902eafd0f18c3e57c0355c07fa36d546c86d5b27f33d154e92e18b964ca27c498351315879ded49f1158c5549991afeb333af9bec8e8b6f331c0504b9644203f494e1e5c5cca50c01aaebd3d862dd9eca0895580ccad694ec4bd48e04f2e1f4b95177a1c3200f44f906285fd051bee47f811107555378fd291dbbfc76e12728a2a18f9125e84aa3bdfc6a62b13b3d828fb36e3b97ce5d840d621da91caa1e5a11027f97ce27dffa1ae98813061770ec14db642475c0b4fcf5073e2eb63cf6278a9a9a8b4617ad40ba12cae730194bde8713a8e05b25433fb37ce2268beee55de6bf8f89c8d00ec9e5f1f75be33a811ebd65ee5bacfe8bfde19c9359d2deadecc8d36cc8f3a87ee4d1136dc5f03d608e8a5d1e8207222ed9bf065d4bac6b10fec2c219d9742b4f8fba32392f65a0a29c08c4dbb11a24a7a696df79ff6935bd64797ca6b84fa6966cb313de9db0b30476cfa4dd25da4d88cb447d6f248f195f784b03fa5ec5723c6e8eca17cdd3bb403b17d077b21fc8affe05894801e431e13b54cd11ba627eca268ed73a3b7ca100587ca8220588e8df5669f1f4eef4d36a73e242047c30b120fa9b50ba9e8ba1fa22cdb75147678565a8ac63b56dbd87e70966bd2a9d4dfaed9acd09d6d072638a8d48004f25e912ac62b04268d4f74c03e6286e600a3e942e4f10a038624ddc628d18381f36f810deca060d6b9b183107a17637b5f99c7ca61ebe9ac2818c7d0dc9b4e9b2daff3c6f13c01023613da3ac5ee057fdaf7ef9f087b8874d71812315967a20f550175319895b83cf92952c4bf7c4c51d08d8f24dabd55e97e4636df79d876ec15923d64e232a597a58f75556d762e2b98c88b65c89e520e07097abb3b2b5f98969a89dfd01b5d09c4efc5b54fc07927fc9982c6072981c890174cd3ca94b0b8097238992b414a3efa9ad888522250850cebb91ea6aa7543de0e2a0603809657eafcd2e0e8923a4e34706f4f52c2f782a0d6fa84481d9b39b2afd90ab29db008ead46beef5e576ac34ade70fb0db52f255359d7d77b8afce1b7b43a46bed8ded045aa5db4186ff7766a6ca300c31b7eff11123e849259a9daf5b49966b821502da0f8d349672c5447f8671732a3c8fdeebecfe93409dcb745c90f962f1f0703ccd8096b2e51dbc94798e602c0d4b8632d1b362923105f910b3586d7ec400b7445dad7d3041e3eb260cb5b4dc997e91123a41a9d93558495354e3a7fd15327481a9cffee194b478530ce9fc41f97fa0811711b40ee86686e1b9a2d69d2d7ff8424f957950cde85231a7212e4c88df554ade7395c2f005eac67dac1a169fe1cc0f116dea26400f5ace79a6d6bab877ee0c8a7c62674283f7467683dee23237ae274e7cc8b9fd6d791e26edeb404ce99ccf6d360fa7999b1af7db80f32f8ce51565016dbb0c4f97e13832444d8c2cdd48ff0c539d5e3c958da77ca788e37910465cdec2432831942713cfff8864417f5a36cbc1a96dd7f4a3822ac99e89df747b47c080e08ca89372ac6369b8821ab3f89737f549ada8c838e276734a0756b179de020c86e6badd91aa5669a406fb5ad1331aa67dc320d790ef18c59e4b47dc6328d2468e06ea6b2c673e496c0df8526c95830ccd7cc00bf0c3c9f6e1ea87c38467f8dda8bc8628d30fa08e6ce9e821353c58a9e1a39c413862f5b488ac835c02294e7792f4c5e088cb0052ee9559428a97de8c87f96f115dbe915c82771610a8b85970001beb6bdfabfb40674399a66c7167cf27c40356aca9674126fc1a311f68e87fbbd404d0efbcdb102ee6fcb1feb17fcdcc90224d9a3881845c95eec4fafd126f09a484cec680d809aded789e1ab5800e377335cfd43c882da6b794f66a0e2fbc7cae79cf0edad6f15318ae00600ead01f795c82e013c18e30fabb8741b51fb41b46f238226erootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootkubernetes1.24-1.24.17-150500.3.24.1.src.rpmkubernetes-kubeadm-providerkubernetes1.24-kubeadmkubernetes1.24-kubeadm(aarch-64)@@     (kmod(br_netfilter.ko) if kernel)(kmod(overlay.ko) if kernel)(kubernetes1.24-kubelet or kubernetes1.23-kubelet)/bin/shcri-runtimecri-toolsebtablesethtoolkubernetes-kubeadm-criconfigrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rpmlib(RichDependencies)shadowsocat3.0.4-14.6.0-14.0-15.2-14.12.0-1kubernetes-kubeadm-provider4.14.3f)@ffff@f@e}@e7@eL@e eRd dd@dddJcd7d6@d!@d!@d@d@d @ddb֜b@bbs@priyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.comdimstar@opensuse.orgbwiedemann@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.comrombert@apache.orgrombert@apache.orgpriyanka.saggu@suse.comrombert@apache.orgrombert@apache.orgpriyanka.saggu@suse.compriyanka.saggu@suse.comjkowalczyk@suse.comjkowalczyk@suse.comjkowalczyk@suse.comjkowalczyk@suse.com- Security fix for bsc#1229869 * New Patches: - prevent-rapid-reset-http2-DOS-on-API-server.patch, - bump-golang-org-grpc-to-v1_56_3.patch, - expose-DisableHTTP2-flag-in-SecureServingOptions.patch * Mitigates http/2 DOS vulnerabilities for CVE-2023-44487 and CVE-2023-39325 for the API server when the client is unauthenticated. The mitigation may be disabled by setting the `UnauthenticatedHTTP2DOSMitigation` feature gate to `false` (it is enabled by default). An API server fronted by an L7 load balancer that already mitigates these http/2 attacks may choose to disable the kube-apiserver mitigation to avoid disrupting load balancer → kube-apiserver connections if http/2 requests from multiple clients share the same backend connection. An API server on a private network may opt to disable the kube-apiserver mitigation to prevent performance regressions for unauthenticated clients. Authenticated requests rely on the fix in golang.org/x/net v0.17.0 alone. https://issue.k8s.io/121197 tracks further mitigation of http/2 attacks by authenticated clients.- Update .spec file to bump go version build requirements (per requested in bsc#1229858) * `BuildRequires: go >= 1.22.5` * `BuildRequires: golang(API) = 1.22` - Follow up changes after go version bump to 1.22: - For ppc64le platform: disabled `export GOLDFLAGS='-linkmode=external'`. * to fix the build failure error: `-linkmode=external requires external (cgo) linking, but cgo is not enabled` - For linux/s390x platform: disabled building kubernetes binaries with `-buildmode=pie` * `-buildmode=pie` with "internal linking" is not yet supported on linux/s390x platform * ref: https://github.com/golang/go/blob/a63907808d14679c723e566cb83acc76fc8cafc2/src/internal/platform/supported.go#L223-L232 * ref: https://github.com/golang/go/issues/64875#issuecomment-1870734528- Security fix for bsc#1229869 * New Patch: bump-x-net-to-v0_23_0.patch - golang.org/x/net is bumped to v0.23.0 to address CVE-2023-45288- Security fix for bsc#1229867 * New Patch: bump-golang-protobuf-to-v1_5_4.patch - [CVE-2024-24786] Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0- add new security patch to escape terminal special characters in kubectl output, bsc#1194400, CVE-2021-25743 * patch file - escape-terminal-special-characters-in-kubectl-112553.patch- add new security patch for bypassing mountable secrets policy imposed by the ServiceAccount admission plugin, bsc#1222539, CVE-2024-3177 * patch file – bypass-mountable-secrets-policy-imposed-by-SA-admission-plugin.patch- add new patch to advance autoscaling v2 as the preferred API version, to fix bsc#1219964, CVE-2024-0793 * autoscaling-advance-v2-as-the-preferred-API-version.patch- Use %patch -P N instead of deprecated %patchN.- Add kubernetes-trimpath.patch for reproducible builds (boo#1062303)- fixes for bsc#1214406 - update `Wants` directive in [Unit] section of `kubelet.service`: * add: `containerd.service` * remove: `docker.service` - updating container runtime prerequisites: (Refer: k8s.io/docs/setup/production-environment/container-runtimes/#install-and-configure-prerequisites) * update `90-kubeadm.conf` to add below iptables rules: - net.bridge.bridge-nf-call-iptables = 1 - net.bridge.bridge-nf-call-ip6tables = 1 * update `kubeadm.conf` to add `overlay` kernel module * update .spec file to: - add post-installation scriptlet for `kubeadm` package to enable iptables rules defined in `90-kubeadm.conf` using sysctl - add conditional checks to load kernel modules (br_netfilter, overlay) in `kubelet-common` package post-installation scriptlet - update `kubelet-common` post scriptlet to correctly update `KUBELET_VER` var in `/etc/sysconfig/kubelet` file based on fillup template - add below to `kubelet` subpackage to recommend installing correct version of package providing `kubernetes-kubelet-common` : * `Recommends: kubernetes-kubelet-common = %{version}` - add below to `kubeadm` subpackage to recommend installing correct version of `kubelet` and `kubelet-common` packages: * `Recommends: kubernetes%{baseversion}-kubelet`- Update .spec file to bump go version build requirements: * `BuildRequires: go >= 1.20.7` - Update to version 1.24.17: * Release commit for Kubernetes v1.24.17 * Use environment varaibles for parameters in Powershell * Use env varaibles for passing path * Fix capture loop vars in parallel or ginkgo tests * Update protoc check for verify-generated-kms * [release-1.24] releng/go: Bump images, versions and deps to use Go 1.20.7 * Update CHANGELOG/CHANGELOG-1.24.md for v1.24.16 * kmsv1: attempt AES-GCM before AES-CBC on reads- Update: `BuildRequires: go >= 1.20.6` - Update: `BuildRequires: golang(API) = 1.20` - Update to version 1.24.16: * [release-1.24] releng/go: Bump images, versions and deps to use Go 1.20.6 * Fix the converts an empty string to nil. * Only declare job as finished after removing all finalizers * Fix deadlock in ready test * deps: Bump to cAdvisor v0.44.2 * Fix the git-repo test error caused by the correct use of loop variables * kubeadm: remove function pointer comparison in phase test * test server side apply patch * don't process unsupported loadbalancers with mixed protocols * make MixedProtocolNotSupported public- remove: kube-apiserver-admission-plugin-policy.patch * patch included upstream in the v1.24.15 patch version release - remove: kubernetes1.24.13.obscpio- v1.24.15 includes Security Patch Fix for CVE-2023-2727 (bsc#1211630) and CVE-2023-2728 (bsc#1211631) - Update: `BuildRequires: go >= 1.19.10` - Update to version 1.24.15: * Release commit for Kubernetes v1.24.15 * update-vendor: update vendored go.sums * [release-1.24] releng/go: Update images, deps and ver to go 1.19.10 * kube-proxy avoid race condition using LocalModeNodeCIDR * Add ephemeralcontainer to imagepolicy securityaccount admission plugin * Switch to assert.ErrorEquals from assert.Equal to check error equality * kubeadm: Make etcd member removal idempotent * kubeadm: Add etcd client unit tests * kubeadm: Use internal etcd client through an interface * update webhook test to go 1.21 * Test APIService safe handling at startup * Fix waiting for CRD sync at server start * kubeadm: fix a bug where the static pod changes detection logic is inconsistent with kubelet * Update CHANGELOG/CHANGELOG-1.24.md for v1.24.14 * vclib: Modify x509.UnknownAuthorityError unwrap check * vsphere: Adapt to govmomi version bumps * *: Bump version of vmware/govmomi- Update BuildRequires: `go >= 1.19.9` - Update to version 1.24.14: * Release commit for Kubernetes v1.24.14 * [1.24] vendor: bump runc to 1.1.6 * benchmark test to evaluate the overhead of podMatchesScopeFunc * Fix incorrect calculation for ResourceQuota with PriorityClass as its scope * releng/go: Update images, dependencies and version to Go 1.19.9 * Fix directory mismatch for `volume.SetVolumeOwnership()` * use case-insensitive header keys for http probes * add log includes pod preemption details * fix: the volume is not detached after the pod and PVC objects are deleted * Bump konnectivity-client to 0.0.37 * Do not look at VPC-related resources outside the cluster's network * kubelet: Do not mutate pods in the pod manager * Logging, remove LookPath in detectSafeNotMountedBehavior * Take canSafelySkipMountPointCheck package-private, reduce log visibility for removePath. * Add test for detectSafeNotMountedBehavior. * Add test for CanSafelySkipMountPointCheck * Correct detection of 'not mounted' behavior -- umount will exit with a non-zero code. * Skip mount point checks when possible during mount cleanup. * Return error for localhost seccomp type with no localhost profile definedSecurity Patch Fix for CVE-2023-2727 (bsc#1211630) and CVE-2023-2728 (bsc#1211631) * added patch: kube-apiserver-admission-plugin-policy.patch * this new kube-apiserver component patch prevents ephemeral containers: * * from using an image that is restricted by ImagePolicyWebhook (CVE-2023-2727) * * from bypassing the mountable secrets policy enforced by the ServiceAccount admission plugin (CVE-2023-2728)- Update `Requires` in the "kubernetes1.24-client" pkg to: * Requires: kubernetes%{baseversion}-client-common - Remove following `Obsoletes` from the "kubernetes1.24-client-common" pkg: * Obsoletes: kubernetes%{baseversionminus1}-client-common- Update to version 1.24.13: * Release commit for Kubernetes v1.24.13 * releng/go: Update images, dependencies and version to Go 1.19.8 * wait again on pending state * cacher allow context cancellation if not ready * Drop development dependencies from test targets * apiserver cacher: don't accept requests if stopped * Clear front proxy headers after authentication is complete * Make prerelease tag optional in CI versions * Annotate CI version regexes * Drop unused regex grouping * Delete unused version regex function * kubelet: Fix fs quota monitoring on volumes * fsquota: only generate pod uuid is nil * Change where transformers are called. * Route controller should update routes with NodeIP changed When a node reboots or kubelet restarts, it is possible that its IP is changed. In this case, node route should be updated with the correct IP. In this PR, it checks if the IP in an existing route is the same as the actual one. If not, it marks it as "update" so the old route will be deleted and a new one will be created. There's a new field EnableNodeAddresses, which is a feature gate for specific cloud providers to enable after they update their cloud provider code for CreateRoute(). * client-go/cache: update Replace comment to be more clear * client-go/cache: rewrite Replace to check queue first * client-go/cache: merge ReplaceMakesDeletionsForObjectsInQueue tests * client-go/cache: fix missing delete event on replace without knownObjects * client-go/cache: fix missing delete event on replace * Bump konnectivity-client to v0.0.36 * test: demote service ClientIP affinity timeout tests from conformance- add kubernetes1.18-client-common as conflicts with kubernetes-client-bash-completion- Stronger conflicts for completion packages- Add proper obsoletes for completion packages- Update to version 1.24.12: * Release commit for Kubernetes v1.24.12 * One lock among PodNominator and SchedulingQueue * releng/go: Update images, dependencies and version to Go 1.19.7 * Fix for windows kube-proxy: 'externalTrafficPolicy: Local' results in no clusterIP entry in windows node. * Re-enable label selector * Add integration test for diff --prune --selector * Use label selector for filtering out resources when pruning. Matches same behavior as for kubectl apply * scheduler/framework/plugins/volumebinding: fix inaccurate log for when a volume is bound to a claim * Remove check for CSI driver running on node for CSI migration attach operations * Simplify construction of /metrics request * Move CSI json file saving to SetUpAt() * Fix for issue with Loadbalancer policy creation for IPV6 endpoints in Dualstack mode. * Invoke gimme from kube::golang::verify_go_version * Defer builds to test-cmd and test-integration targets * Carefully compute request path for metrics- Split individual completions into separate packages- Use upstream fish completions and obsolete external package- update patch files to reflect upstream registry changes from k8s.gcr.io to registry.k8s.io * kubeadm-opensuse-registry.patch * revert-coredns-image-renaming.patch- Update to version 1.24.11: * Release commit for Kubernetes v1.24.11 * releng: Update images, dependencies and version to Go 1.19.6 * Update golang.org/x/net to v0.7.0 * Pin golang.org/x/net to v0.4.0 in 1.24 * kubelet/client: collapse transport wiring onto standard approach * apiserver: remove 34s from DELETECOLLECTION rest handler * update prev succeeded indexes for indexed jobs unconditionally * use custom dialer for http probes * use custom dialer for tcp probes * add custom dialer optimized for probes * bump honnef.co/go/tools to support go1.20 * Fix issue that Audit Server could not correctly encode DeleteOption * Do not include scheduler name in the preemption event message * Do not leak cross namespace pod metadata in preemption events * pkg/controller/job: re-honor exponential backoff * releng: Update images, dependencies and version to Go 1.19.5 * Explicitly call rand.Seed() method * Improve vendor verification works for each staging repo * Bump Konnectivity to v0.0.35 * Add pod to dsw if termination is not completed during reconstruction #issues/113979 * integration: migrate taint tests * integration: migrate scoring tests * integration: migrate preemption tests * integration: migrate plugings tests * integration: migrate extender tests * integration: scheduler: migrate PDB from v1beta1 to v1 * Fix issues in volumesnapshot test for ephemeral storage * update golangci-lint for go 1.19 * golang: Update to 1.19 * Adjust for os/exec changes in 1.19 * Update golangci-lint to 1.46.2 and fix errors * Windows Kube-Proxy implementation for internal traffic policy. * Fix a regression that scheduler always go through all Filter plugins * Fix SPDY proxy authentication with special chars * Creating Ingress IP loadbalancer alone when all the endpoints are terminating. KEP1669 * change k8s.gcr.io/pause to registry.k8s.io/pause * Update golang.org/x/net 1e63c2f * image pull event include duration with waiting * kubelet: make the image pull time more accurate in event * update structured-merge-diff to 4.2.3 * regression test for exponential recursion bug on CRDs * Fix endpoint reconciler failing to delete masterlease * kubeadm: remove v1.25 etcd "3.5.6-0" for v1.24 * use etcd 3.5.6-0 after promotion * changelog: CVE-2022-3294 and CVE-2022-3162 were fixed in v1.23.14 * upgrade system-validators to v1.8.0 for a bugfix of cgroupv2 io check * Introducing LoadbalancerPortMapping flags for VipExternalIP * egress_selector: prevent goroutines leak on connect() step. * Merge pull request #113133 from sxllwx:automated-cherry-pick-of-#113133-upstream-release-1.25 * Fixed (CVE-2022-27664) Bump golang.org/x/net to v0.1.1-0.20221027164007-c63010009c80 * Add CVE-2022-3162 to CHANGELOG-1.24.md * tls.Dial() validates hostname, no need to do that manually * e2e: use custom timeouts in GetSnapshotContentFromSnapshot() * test/e2e/storage: replace hardcoded value with custom timeout in cleanup routine * StatefulSet: Cleanup the complex defer function updating the status * Be sure to update the status of StatefulSet even if the new replica creation fails * added retries to winkernel proxy rules deletion * added backend hashing to winkernel proxier * kubelet: fix pod log line corruption when using timestamps and long lines * kubeadm: mutate ClusterConfiguration.imageRepository to "registry.k8s.io" * kubeadm: use registry.k8s.io instead of k8s.gcr.io * add GetAllocatableCPUs test in cpumanager * fix GetAllocatableCPUs in cpumanager * e2e: restore volume lifecycle checks for csi-hostpath driver * kubelet: fix volume reconstruction for CSI ephemeral volumes * NodeLifecycleController: Remove race condition * kube-proxy wait for cluster cidr skip delete events * kube-proxy handle node PodCIDR changs * kube-proxy: gate topology correctly * service update event should be triggered when appProtocol in port is changed. * filter out terminated containers in cadvisor_stats_provider * Fix winkernel proxier setting the wrong HNS loadbalancer ID for ingress IP * Bump konnectivity-client to v0.0.33 * Fix list estimator for lists that are executed as gets * kubeadm: allow RSA and ECDSA format keys in preflight check * Limit redirect proxy handling to redirected responses * Make sure auto-mounted subpath mount source is already mounted * Call SetupDevice only if Volume is not globally Mounted * Fixes kubelet log compression on Windows * Add zone field to vsphere test cloudconfig * Reduce default gzip compression level from 4 to 1 in apiserver * exec auth: support TLS config caching * Add an option for aggregator * Update go-runner to v2.3.1-go1.18.6-bullseye.0 * Update kube-cross image to v1.24.0-go1.18.6-bullseye.0 * Fix problem in updating VolumeAttached in node status * Call queueSet::boundNextDispatchLocked enough * Always log APF InitialSeats and FinalSeats values * Marshal MicroTime to json and proto at the same precision * Windows: ensure runAsNonRoot does case-insensitive comparison on user name * Tolerate sub-microsecond eventTime changes on update * Improve kubectl display of invalid errors * fix unmatch reason when updating pod status * fix nestedPendingOperations mount and umount parallel bug * client-go/rest: check if url is nil to prevent nil pointer dereference * Revert "client-go: remove no longer used finalURLTemplate" * Skip "instance not found" error for LB backend address pools * Update cel-go to v0.10.2. * fix a memory leak problem when calling DryRunPreemption * Fix JobTrackingWithFinalizers when a pod succeeds after the job fails * Use CheckAndMarkAsUncertainViaReconstruction for uncertain volumes * Remove volume from found during reconstruction if mounted * Add unit test for verifying if processReconstructedVolumes works as expected * Fix code to process volumes which were skipped during reconstruction * Keep track of each pod that uses a volume during reconstruction * allow namespace admins to use leases to encourage migration off of configmaps * Fix: filter out unsatisfied nodes when calling AddPod in PodTopologySpread * Fix `kubeadm upgrade plan` issue with FQDN nodes names * Add rate limiting when calling STS assume role API * Fix kubelet panic when accessing metrics/resource endpoint * Fixing issue in generatePodSandboxWindowsConfig for hostProcess containers by where pod sandbox won't have HostProcess bit set if pod does not have a security context but containers specify HostProcess. * Add retry logic for Unix Domain sockets on Windows * Execute the Run function of kubelet, no log output after failure * Prune defaults for CRD serving- Update to version 1.24.3: * Do not skip job requeue in conflict error * kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join * endpointslices: node missing on Pod scenario * fix metrics for placeholder slice * fix a bug on endpointslices tests comparing the wrong metrics * kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join * GIT-110239: fix activeDeadlineSeconds enforcement bug * kubeadm: handle dup unix:// prefix in node annotaiton * fix: --chunk-size with selector returns missing result * Fix unnecessary recreation of placeholder EndpointSlice * kubeadm: fix error adding extra prefix unix:// * e2e: add storage capability for offline volume expansion * add missing error handling steps * Update CHANGELOG/CHANGELOG-1.24.md for v1.24.2 * apiserver: printers should use int64 * fix image pulling failure when IMDS is unavailalbe in kubelet startup * e2e: ensure single image for populator containers * fix: exclude non-ready nodes and deleted nodes from azure load balancers - Require only BuildRequires: golang(API) = 1.18 pinned Go major version. Remove potentially conflicting BuildRequires: go >= x.y.z. The plan for future updates is BuildRequires: golang(API) >= 1.18 minimum Go major version.- Update to version 1.24.2: * move the ignore logic higher up to the reconciler * Ignore EndpointSlices that are already marked for deletion * test: update graceful node shutdown e2e with watch * kubelet: Mark ready condition as false explicitly for terminal pods * agnhost: bump version 2.39 * Update Go to 1.18.3 * add service e2e tests * kubelet: add e2e test to verify probe readiness * kubelet: only shutdown probes for pods that are terminated * kubelet: Pod probes should be handled by pod worker * cpu manager policy set to none, no one remove container id from container map, lead memory leak * fix audit union loop variables in closures * Updating e2e test to check EndpointSlices and Endpoints as well * e2e: services with evicted pods doesn't have endpoints * e2e test for evicted pods * endpoints controller: don't consider terminal endpoints * endpointslices: terminal pods doesn't receive enpoints * add pod util to verify pod is terminal * Update CHANGELOG/CHANGELOG-1.24.md for v1.24.1 * Add test for checking ephemeral volume expansion * Fix resizing of ephemeral volumes * Winkernel proxier cache HNS data to improve syncProxyRules performance * GCE Windows: Copy the CNI binaries from the right folder- Update to version 1.24.1: * kubeadm: remove checking legacy taint for kubeadm-kinder-latest-on-1-24 * Fix requests scope classification * Update Go to 1.18.2 * Integration test for openapi scale & status * Remove warning log for merging meta and scale type * authn: fix cache mutation by AuthenticatedGroupAdder * GCE: skip updating and deleting external loadbalancers if service is managed outside of service controller * Wait for cache to sync in job's TestWatchOrphanPods * Fix ServiceIPStaticSubrange assigns duplicate IP addresses * Fix OpenAPI loading error caused by empty APIService * kubeadm: only taint CP nodes when the legacy "master" taint is present * Test Foreground deletion in job integration * Fix removing finalizer from finished jobs * Don't mark job as failed until expectations are satisfied * Integration test for backoff limit and finalizers * Update CHANGELOG/CHANGELOG-1.24.md for v1.24.0 * Do not wrap lines if we can't read term size- Initial package/bin/shkubernetes1.23-kubeadmh04-armsrv1 1727179918  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvw1.24.171.24.17-150500.3.24.11.24.17-150500.3.24.1 kubeadmmodules-load.dkubeadm.conf90-kubeadm.conf10-kubeadm.confkubernetes1.24-kubeadmCHANGELOG-1.24.mdCONTRIBUTING.mdREADME.mdkubernetes1.24-kubeadmLICENSEkubeadm-alpha.1.gzkubeadm-certs-certificate-key.1.gzkubeadm-certs-check-expiration.1.gzkubeadm-certs-generate-csr.1.gzkubeadm-certs-renew-admin.conf.1.gzkubeadm-certs-renew-all.1.gzkubeadm-certs-renew-apiserver-etcd-client.1.gzkubeadm-certs-renew-apiserver-kubelet-client.1.gzkubeadm-certs-renew-apiserver.1.gzkubeadm-certs-renew-controller-manager.conf.1.gzkubeadm-certs-renew-etcd-healthcheck-client.1.gzkubeadm-certs-renew-etcd-peer.1.gzkubeadm-certs-renew-etcd-server.1.gzkubeadm-certs-renew-front-proxy-client.1.gzkubeadm-certs-renew-scheduler.conf.1.gzkubeadm-certs-renew.1.gzkubeadm-certs.1.gzkubeadm-completion.1.gzkubeadm-config-images-list.1.gzkubeadm-config-images-pull.1.gzkubeadm-config-images.1.gzkubeadm-config-migrate.1.gzkubeadm-config-print-init-defaults.1.gzkubeadm-config-print-join-defaults.1.gzkubeadm-config-print.1.gzkubeadm-config.1.gzkubeadm-init-phase-addon-all.1.gzkubeadm-init-phase-addon-coredns.1.gzkubeadm-init-phase-addon-kube-proxy.1.gzkubeadm-init-phase-addon.1.gzkubeadm-init-phase-bootstrap-token.1.gzkubeadm-init-phase-certs-all.1.gzkubeadm-init-phase-certs-apiserver-etcd-client.1.gzkubeadm-init-phase-certs-apiserver-kubelet-client.1.gzkubeadm-init-phase-certs-apiserver.1.gzkubeadm-init-phase-certs-ca.1.gzkubeadm-init-phase-certs-etcd-ca.1.gzkubeadm-init-phase-certs-etcd-healthcheck-client.1.gzkubeadm-init-phase-certs-etcd-peer.1.gzkubeadm-init-phase-certs-etcd-server.1.gzkubeadm-init-phase-certs-front-proxy-ca.1.gzkubeadm-init-phase-certs-front-proxy-client.1.gzkubeadm-init-phase-certs-sa.1.gzkubeadm-init-phase-certs.1.gzkubeadm-init-phase-control-plane-all.1.gzkubeadm-init-phase-control-plane-apiserver.1.gzkubeadm-init-phase-control-plane-controller-manager.1.gzkubeadm-init-phase-control-plane-scheduler.1.gzkubeadm-init-phase-control-plane.1.gzkubeadm-init-phase-etcd-local.1.gzkubeadm-init-phase-etcd.1.gzkubeadm-init-phase-kubeconfig-admin.1.gzkubeadm-init-phase-kubeconfig-all.1.gzkubeadm-init-phase-kubeconfig-controller-manager.1.gzkubeadm-init-phase-kubeconfig-kubelet.1.gzkubeadm-init-phase-kubeconfig-scheduler.1.gzkubeadm-init-phase-kubeconfig.1.gzkubeadm-init-phase-kubelet-finalize-all.1.gzkubeadm-init-phase-kubelet-finalize-experimental-cert-rotation.1.gzkubeadm-init-phase-kubelet-finalize.1.gzkubeadm-init-phase-kubelet-start.1.gzkubeadm-init-phase-mark-control-plane.1.gzkubeadm-init-phase-preflight.1.gzkubeadm-init-phase-upload-certs.1.gzkubeadm-init-phase-upload-config-all.1.gzkubeadm-init-phase-upload-config-kubeadm.1.gzkubeadm-init-phase-upload-config-kubelet.1.gzkubeadm-init-phase-upload-config.1.gzkubeadm-init-phase.1.gzkubeadm-init.1.gzkubeadm-join-phase-control-plane-join-all.1.gzkubeadm-join-phase-control-plane-join-etcd.1.gzkubeadm-join-phase-control-plane-join-mark-control-plane.1.gzkubeadm-join-phase-control-plane-join-update-status.1.gzkubeadm-join-phase-control-plane-join.1.gzkubeadm-join-phase-control-plane-prepare-all.1.gzkubeadm-join-phase-control-plane-prepare-certs.1.gzkubeadm-join-phase-control-plane-prepare-control-plane.1.gzkubeadm-join-phase-control-plane-prepare-download-certs.1.gzkubeadm-join-phase-control-plane-prepare-kubeconfig.1.gzkubeadm-join-phase-control-plane-prepare.1.gzkubeadm-join-phase-kubelet-start.1.gzkubeadm-join-phase-preflight.1.gzkubeadm-join-phase.1.gzkubeadm-join.1.gzkubeadm-kubeconfig-user.1.gzkubeadm-kubeconfig.1.gzkubeadm-reset-phase-cleanup-node.1.gzkubeadm-reset-phase-preflight.1.gzkubeadm-reset-phase-remove-etcd-member.1.gzkubeadm-reset-phase.1.gzkubeadm-reset.1.gzkubeadm-token-create.1.gzkubeadm-token-delete.1.gzkubeadm-token-generate.1.gzkubeadm-token-list.1.gzkubeadm-token.1.gzkubeadm-upgrade-apply.1.gzkubeadm-upgrade-diff.1.gzkubeadm-upgrade-node-phase-control-plane.1.gzkubeadm-upgrade-node-phase-kubelet-config.1.gzkubeadm-upgrade-node-phase-preflight.1.gzkubeadm-upgrade-node-phase.1.gzkubeadm-upgrade-node.1.gzkubeadm-upgrade-plan.1.gzkubeadm-upgrade.1.gzkubeadm-version.1.gzkubeadm.1.gz/usr/bin//usr/lib//usr/lib/modules-load.d//usr/lib/sysctl.d//usr/lib/systemd/system/kubelet.service.d//usr/share/doc/packages//usr/share/doc/packages/kubernetes1.24-kubeadm//usr/share/licenses//usr/share/licenses/kubernetes1.24-kubeadm//usr/share/man/man1/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:35821/SUSE_SLE-15-SP5_Update/e6890fc7caa5f01661704902edf53b00-kubernetes1.24.SUSE_SLE-15-SP5_Updatedrpmxz5aarch64-suse-linuxELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, strippeddirectoryASCII textexported SGML document, UTF-8 Unicode text, with very long linestroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix)RR"!&0%_fkubernetes1.24-kubeletutf-8275e5dad59efde0a27c5b0ccdaa7f0e32ba5547b8f0c6ebecb356d91e9f3dcf3?p7zXZ !t/]"k%]{~"r X ;O=E=I@Jn4LSkgwNеUΏ=nMYӛ_!ϵde< λ7Fy(ia˅-qYô͢ @3]^Bg[L=wZ>)7< Q-Kc7r4~J5 6ԯg.2ΟS݋1QH#C6F vȒ٥"_keh؇v¢N>Pgu..MIӨMc`m'l;BjLI Ug3Vijˌ;(H;>bfC/qVm5Du>MH xVX՝ xS}zo.}$L}΀{L=>{; =j%8FLf+>'cB^|l9c\>3"TIWf6p΂JMeWh6#&DDF5Qư-X}\Ͷ9T͂ py(QKH/! @khQGu;S+CNQ.@B=rWU8G?foZf!sdQFCQa$섋ЕBAL1c\fi X29EQPWdlhu-,Ii^I9=W jU6)o%ɿnJMj=Z%kNX /*Eu[ROp)$x5I!XFfvTdy@{"ڈrPMΫ™f =Klf9IET7_(kQX-̹9Lb8[vFNyHEzk)i:S>7d(/?~63XÅOt6jT ЃVLՓ5cR˦1e*5xhXp?Ӝ{c|*$5݊u9_@e.P&9%iɢ!rSȪR:嬠&lx(a}'K:je8 Yl=dA6DC-@Wiht⁲r?ḥ)ۉYnbm)qֻ@&NϤO_o R>!oUCtSIvq7Z۠(0t=k6'YN˶o T' lPMS-Y$0d۶amwY֜HunCOޝ;Xˈ'f~ѷۯZtnRKa2kMׂ~Јʧs[}~RO=Qcz}63^]/ tqIZ)fiz_+wf? _)bی%C$CձojƂZ+&lμ2I L 3K$C>dNJ5ؤ=p :b~Lx )| YZ