kubernetes1.27-kubelet-common-1.27.16-150400.9.12.1<>,ȉf]p9|rꐦW(l`Zk 5`XX,!\O)* 3/cFx{H[QJs#hCvjI?ݽWgx9%@C%wF}[[*^[9_v1 ^ڭʇ0AQ]ήB8TӟYҀ뒇/WH6q82AHEYCo8 CJ\MbeB\e؄ %&RaM9`j's;2s1+>Iy?yd ( 6 P  +=TZb 0x    Z tpH t " HLf(g8p9:=rY>ra?ri@rqFryGrHrIs Xs4Ys@\st]s^tbv#cvdwUewZfw]lw_uwtvwwxxxyy(zy,y<y@yFyCkubernetes1.27-kubelet-common1.27.16150400.9.12.1Kubernetes kubelet daemonManage a cluster of Linux containers as a single system to accelerate Dev and simplify Ops. kubelet daemonf]h01-armsrv2cySUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/System/Managementhttps://kubernetes.io/linuxaarch64 if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in kubelet.service ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi PNAME=kubelet SUBPNAME=-kubernetes1.27 SYSC_TEMPLATE=/usr/share/fillup-templates/sysconfig.$PNAME$SUBPNAME # If template not in new /usr/share/fillup-templates, fallback to old TEMPLATE_DIR if [ ! -f $SYSC_TEMPLATE ] ; then TEMPLATE_DIR=/var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME$SUBPNAME fi SD_NAME="" if [ -x /bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating /etc/sysconfig/$SD_NAME$PNAME ..." mkdir -p /etc/sysconfig/$SD_NAME touch /etc/sysconfig/$SD_NAME$PNAME /bin/fillup -q /etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "/etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi # Check if /etc/sysconfig/kubelet exists if [ -e "/etc/sysconfig/kubelet" ]; then # Extract the value from the fillup file UPDATED_KUBELET_VER=$(grep '^KUBELET_VER=' /usr/share/fillup-templates/sysconfig.kubelet-kubernetes1.27 | cut -d '=' -f2) # Update the value in the sysconfig file sed -i "s/^KUBELET_VER=.*/KUBELET_VER=$UPDATED_KUBELET_VER/" /etc/sysconfig/kubelet fi if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in kubelet.service ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi if [ $1 -eq 1 ]; then # Check if modprobe command is available [ ! -x /sbin/modprobe ] || { /sbin/modprobe br_netfilter && /sbin/modprobe overlay; } || true fi [ -z "${TRANSACTIONAL_UPDATE}" -a -x /usr/bin/systemd-tmpfiles ] && /usr/bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/kubelet.conf || : test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable kubelet.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop kubelet.service ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ $1 -eq 0 ]; then # Package removal for service in kubelet.service ; do sysv_service="${service%.*}" rm -f "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart kubelet.service ) || : fi fi$.D ,^AAA큤A큤A큤A큤AAfYfYf\dqfYfYfYfYf\f!f!f!fYf\f!fXfYfY99d46822bfd663c2fce039b3520e3498cbd5b984d507be6ff98dc258fed2eb582a5eb122b76d408d6249fe87fe01b18bfd37f61c858da1d4966525001e61aabfe9767f9b208f06da2b25422284782b5f26aeac4a37354d59a43890e559d2fc474ee3c9af208d98697165ce6c81744a42ce7edbdc6a6336ca262641523cc2dc50639af1c94c39ded3a781d1f82c7075b6af898b7bb6d284ea0313278568c542319d211837e467a4f807e50582778f879365feee41597ee5da30dc639e61bfb8def8525802cfb1c762e685546a88f7d68ba4650f78e7f9504385b11576e56bad61cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30f699b44def6f812f9a80203fea7f7d7cc0376a561e3aead09bc7cc5766a4c058service@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootkubernetes1.27-1.27.16-150400.9.12.1.src.rpmkubernetes-kubelet-commonkubernetes1.27-kubelet-commonkubernetes1.27-kubelet-common(aarch-64) @    /bin/sh/bin/sh/bin/sh/bin/sh/bin/shcri-runtimekubernetes-kubelet1.27rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-1kubernetes-kubelet-common4.14.3f@f@f|fGFf! @f@f@e}@e7@eee`@e:Te e eRdd d@ddK@dK@d6@d6@priyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.comdimstar@opensuse.orgpriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.comeich@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.com- Follow up changes after go version bump to 1.22: - For ppc64le platform: disabled `export GOLDFLAGS='-linkmode=external'`. * to fix the build failure error: `-linkmode=external requires external (cgo) linking, but cgo is not enabled` - For linux/s390x platform: disabled building kubernetes binaries with `-buildmode=pie` * `-buildmode=pie` with "internal linking" is not yet supported on linux/s390x platform * ref: https://github.com/golang/go/blob/a63907808d14679c723e566cb83acc76fc8cafc2/src/internal/platform/supported.go#L223-L232 * ref: https://github.com/golang/go/issues/64875#issuecomment-1870734528- Update to version 1.27.16: * Add funcs in pkg/filesystem/util that can actually set file permissiosn on Windows and update container log dir perms to 660 on Windows * Bump images, dependencies and versions to go 1.22.5 and distroless iptables - Update .spec file to bump go version build requirements: * `BuildRequires: go >= 1.22.5` * `BuildRequires: golang(API) = 1.22` * ref: https://github.com/kubernetes/kubernetes/blob/v1.27.16/build/dependencies.yaml#L96-L98- Update to version 1.27.15: * Bump images, dependencies and versions to go 1.21.11 and distroless iptables * Don't fill in NodeToStatusMap with UnschedulableAndUnresolvable * Revert "scheduler: preallocation for NodeToStatusMap" * add an integration test when nodeAffinity specifies a non-existent node. * base on allNodes when calculating nextStartNodeIndex * backport verify-govulncheck.sh * Cherry pick #124618 to 1.27 * Fix NFS related issues on GCP/Ubuntu * Updated & added visibility to apiserver x509 test certificates expiring this year- Update to version 1.27.14: * scheduler: preallocation for NodeToStatusMap * add e2e test when a plugin (in-tree or out-of-tree) return non-existent/illegal nodes, the pod should be scheduled normally if suitable nodes exists * test to catch illegal nodeNames returned by PreFilterResult * add integration test for pod with pvc has node-affinity to non-existent/existent nodes * hotfix when a plugin (in-tree or out-of-tree) return non-existent/illegal nodes, the pod scheduling flow will abort immediately. * Fix PersistentVolumeLabel admission plugin on Azure * cluster/gce: upgrade cos-97-lts -> cos-109-lts * storage e2e: update hostpath and mock images * gce: fix test for non-existing instance in cloud * cloud-node-lifecycle controller: add fallback for empty providerID in shutdown- Update to version 1.27.13: * Add envFrom to serviceaccount admission plugin * [go] Bump images, dependencies and versions to go 1.21.9 and distroless iptables * [CVE-2023-45288] .*: bump x/net to v0.23.0, bsc#1229869 * Use the right feature gate when updating uncertain volumes * fix panic with SIGSEGV in kubeadm certs check-expiration * hack/tools: bump honnef.co/go/tools to v0.4.6 * Serve watch without resourceVersion from cache and introduce a WatchFromStorageWithoutResourceVersion feature gate to allow serving watch from storage. * Use DBG=1 for conformance verification * build: use -trimpath in non-DBG mode - Update .spec file to bump go version build requirements: * `BuildRequires: go >= 1.21.9` * ref: https://github.com/kubernetes/kubernetes/blob/v1.27.13/build/dependencies.yaml#L96-L98- update .spec file to set FORCE_HOST_GO env variable, to force k8s build scripts use the local GOTOOLCHAIN version from the build pipeline (i.e. GOTOOLCHAIN='local') * ref: https://github.com/kubernetes/kubernetes/blob/9791f0d1f39f3f1e0796add7833c1059325d5098/hack/lib/golang.sh#L507- Update to version 1.27.12: * keep existing PDB conditions when updating status * remove --v arg from kubetest2-tester-ginkgo test args * ci: bump kind to latest for kms jobs * [go] Bump images, dependencies and versions to go 1.21.8 / distroless-iptables to v0.4.6 * [CVE-2024-24786] Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0, bsc#1229867 * fix UT failure TestPrintIPAddressList * e2e_node: replace `registry.k8s.io/stress:v1` with agnhost * promote agnhost to v2.47 * fixing issue with GetCPUUsageNanoCores on Windows * Fix cleanup of file subpaths * etcd: Update to version 3.5.12 * build etcd image v3.5.12 - Update .spec file to bump go version build requirements: * `BuildRequires: go >= 1.21.8` * ref: https://github.com/kubernetes/kubernetes/blob/v1.27.12/build/dependencies.yaml#L96-L98- Update to version 1.27.11: * [go] Bump images, dependencies and versions to go 1.21.7 / distroless-iptables to v0.4.5 * Revert "kubeadm: fix a bug where the uploaded kubelet configuration in kube-system/kubelet-config ConfigMap does not respect user patch" * Add processStartTime in metrics/slis * If a pvc has an empty storageclass name, don't try to assign a default StorageClass to it. * Drop PendingChanges methods from change trackers, move into UpdateResults * Squash some unnecessarily-chained methods in the change trackers - Update .spec file to bump go version build requirements: * `BuildRequires: golang(API) = 1.21`- Use %patch -P N instead of deprecated %patchN.- Update .spec file to remove go version build requirements: * above build requirement causing build failures with following error: - `go: download go1.20.13 for linux/amd64: toolchain not available` - ref: https://go.dev/doc/toolchain - Update to version 1.27.10: * Revert "Graduate Evented PLEG to Beta" * [go] Bump images, dependencies and versions to go 1.20.13 and distroless iptables to 0.2.9 * e2e framework: adapt unit test to Go 1.22 * Handle edge cases in seat demand stats * .*: bump golang.org/x/tools to v0.16.1 * fix: 119921 * Use a separate function for checking if device was reconstructed * Add tests for checking of uncertain device paths * Fix device uncertain errors on reboot * fix(scheduler): fix incorrect loop logic in MultiPoint to avoid a plugin being loaded multiple times * etcd: Update to version 3.5.10 * fix: smb file share unavailable issue when it's deleted- Update to version 1.27.9: * run update-vendor script * [go] Bump images, dependencies and versions to go 1.20.12 * pass GOTOOLCHAIN to build containers * handle GOTOOLCHAIN in kube::golang::verify_go_version * Move adding GroupVersion log until after an update is confirmed * fix: requeue pods rejected by Extenders properly * Bump distroless-iptables to 0.2.8 based on Go 1.20.11 * Make StatefulSet restart pods with phase Succeeded * run hack scripts to update cyphar/filepath-securejoin to v0.2.4 correctly * update filepath-securejoin dependency to 0.2.4 to fix security vulnerability * Fix panic when process RunScorePlugins for cap out of range * e2e: bootstrap vsphere tests earlier- Update .spec file to bump go version build requirements: * `BuildRequires: go >= 1.20.11` - Update to version 1.27.8: * Use golang library instead of mklink * [go] Bump images, dependencies and versions to go 1.20.11 * Fixing attempt to deploy past allocatable memory limits test on Windows * bump golang.org/grpc to v1.56.3 * Add more test cases ensuring nextScheduleTimeDuration is never < 0 * Modify mostRecentScheduleTime to return more detailed information about missed schedules * Fixing gmsa-webhook install steps for Windows GMSA full tests * removing the import of "k8s.io/utils/ptr" because it was introduced after 1.28 * Fixing CurrentReplicas and CurrentRevision in completeRollingUpdate * KCCM: fix GCP ILB by reintroducing readiness predicate for eTP:Local * Use Patch instead of SSA for Pod Disruption condition * service controller: improve node lifecycle updates * Fix panic testing intree vSphere dynamic PV. * Retry operations if CSI Driver Isn't Found by Treating this Error as Transient- Update .spec file to bump go version build requirements: * `BuildRequires: go >= 1.20.10` - Update to version 1.27.7: * Release commit for Kubernetes v1.27.7 * Register UnauthenticatedHTTP2DOSMitigation into kube components (CVE-2023-44487, CVE-2023-39325), bsc#1229869 * Skip TestUnauthenticatedHTTP2ClientConnectionClose http1 tests (CVE-2023-44487, CVE-2023-39325), bsc#1229869 * Disable UnauthenticatedHTTP2DOSMitigation by default (CVE-2023-44487, CVE-2023-39325), bsc#1229869 * Prevent rapid reset http2 DOS on API server (CVE-2023-44487, CVE-2023-39325), bsc#1229869 * Fix concurrent write when filling PVC labels * Modify test PVC to detect concurrent map write bug * [go] Bump images, dependencies and versions to go 1.20.10 * Fix to honor PDB with an empty selector `{}` * .: bump golang.org/x/net to v0.17.0 * Mark a volume as uncertain-attached after detach error * Add nil checks for hpa object target type values * [go] Bump images, versions and deps to use Go 1.20.9 * bump etcd cluster image to 3.5.9 * cronjob controller: ensure already existing jobs are added to Active list of cronjobs * change rolling update logic to exclude sunsetting nodes * vsphere: adapt to govmomi bump * .: bump govmomi to v0.30.6 * move check for noop managed field timestamp updates * mount-utils: fix flaky test 'TestFormat' * Increase range of job_sync_duration_seconds * sync Service API status rest storage * updating dependencies.yaml for etcd v3.5.9 version * use upstream etcd github path instead of redirecting one * update etcd version in install.sh to 3.5.9 * Update CHANGELOG/CHANGELOG-1.27.md for v1.27.6 * fixup patcher test to include field manager * remove checks for fieldmanager from handlers * include apiextensions types in apiextensions generated openapi * fix scale not being given gvk in CRD openapi schemas * add OpenAPIV3 config to tests and server options * add error for attempting to initialize field manager with nil typeconverter * supply deduced typeconverter to apiserver tests * Throw error if OpenAPIV3 config is not provided * e2e pods: fix WaitForPodsResponding retry * scheduler: start scheduling attempt with clean UnschedulablePlugins- fixes for bsc#1214406 - update `Wants` directive in [Unit] section of `kubelet.service`: * add: `containerd.service` * remove: `docker.service` - updating container runtime prerequisites: (Refer: k8s.io/docs/setup/production-environment/container-runtimes/#install-and-configure-prerequisites) * update `90-kubeadm.conf` to add below iptables rules: - net.bridge.bridge-nf-call-iptables = 1 - net.bridge.bridge-nf-call-ip6tables = 1 * update `kubeadm.conf` to add `overlay` kernel module * update .spec file to: - add post-installation scriptlet for `kubeadm` package to enable iptables rules defined in `90-kubeadm.conf` using sysctl - add conditional checks to load kernel modules (br_netfilter, overlay) in `kubelet-common` package post-installation scriptlet - update `kubelet-common` post scriptlet to correctly update `KUBELET_VER` var in `/etc/sysconfig/kubelet` file based on fillup template - add below to `kubelet` subpackage to recommend installing correct version of package providing `kubernetes-kubelet-common` : * `Recommends: kubernetes-kubelet-common = %{version}` - add below to `kubeadm` subpackage to recommend installing correct version of `kubelet` and `kubelet-common` packages: * `Recommends: kubernetes%{baseversion}-kubelet`- Update .spec file to bump go version build requirements: * `BuildRequires: go >= 1.20.8` - Update to version 1.27.6: * Release commit for Kubernetes v1.27.6 * [go] Bump images, versions and deps to use Go 1.20.8 * fix: concurrent map writes in e2e test * Automated cherry pick of #119776: Fix a job quota related deadlock (#120320) * Fix OpenAPI aggregation cleanup * Fallback to legacy discovery on a wider range of conditions in aggregator * apiextensions-apiserver: generate applyconfigurations * TopologyAwareHints: Take lock in HasPopulatedHints * Mark Job onPodConditions as optional in pod failure policy * Update CHANGELOG/CHANGELOG-1.27.md for v1.27.5 * Incorporating feedback on 119341 * check for overflow * Fix CEL cost handling of zero length replacement strings * generate ReportingInstance and ReportingController in Event * Pass Pinned field to kubecontainer.Image * prep for go1.21: use -e in go list * Skip apiserver_admission_webhook_request_total during context-canceled * Ignore context canceled from validate and mutate webhook failopen metric * kubeadm: fix nil pointer when etcd member is already removed * update to golangci-lint v1.54.1 + go-ruleguard v0.4.0 * fix: when PreFilter returns UnschedulableAndUnresolvable, copy the state in all nodes in statusmap * Fix a bug that PostFilter plugin may not function if previous PreFilter plugins return Skip * Issue 4230: remove readiness check for cache exclusion * add test for apiservices.apiregistration.k8s.io discoverability in openapi/v3 * update openapi * expose apiregistration.k8s.io into OpenAPIV3 * fix openapi/v3 non local apiservices aggregation * node: devicemgr: topomgr: add logs * e2e: node: add test to check device-requiring pods are cleaned up * e2e: node: devices: improve the node reboot test * e2e: node: devicemanager: update tests * kubelet: devices: skip allocation for running pods * Add test coverage of result size of string operations * Bump cel-go to v0.12.7- Update .spec file to bump go version build requirements: * `BuildRequires: go >= 1.20.7` - Update to version 1.27.5: * Use environment varaibles for parameters in Powershell * Use env varaibles for passing path * Avoid returning nil responseKind in v1beta1 aggregated discovery * [release-1.27] releng/go: Bump images, versions and deps to use Go 1.20.7 * e2e_node: move getSampleDevicePluginPod to device_plugin_test.go * fix 'pod' in kubelet prober metrics * priority & fairness: support dynamically configuring work estimator max seats * Add mininumKubelet tag into ReadWriteOncePod test * Include ignored pods when computing backoff delay for Job pod failures * Adjust the algorithm for computing the pod finish time * Rename updateReconstructedFromAPIServer * Rename volumesNeedDevicePath * Update volumesInUse after attachability is confirmed * Add uncertain state of volume attach-ability * Refactor FindAttachablePluginBySpec out of CSI code path * kubeadm: backdate generated CAs by 5 minutes * client-go: allow to set NotBefore in NewSelfSignedCACert() * e2e: fix flaky test 'should contain OpenAPI V3 for Aggregated APIServer' * Fix a data race in TopologyCache * Fix TopologyAwareHint not working when zone label is added after Node creation- Restore the correct content of the kublet wrapper script (boo#1213829).- Update: `BuildRequires: go >= 1.20.6` - Update to version 1.27.4: * [release-1.27] releng/go: Bump images, versions and deps to use Go 1.20.6 * Fix the converts an empty string to nil. * Add unit tests for parallel StatefulSet create & delete * Parallel StatefulSet pod create & delete * Refactor StatefulSet controller update logic * Only declare job as finished after removing all finalizers * Automated cherry pick of #118716 upstream release 1.27 (#118911) * Hide numberOfMissedSchedules as an algorithm internal number * Update schedule logic to properly calculate missed schedules * Automated cherry pick of #118805: test comment should match the code in podgc (#118913) * call ./hack/update-vendor.sh * kubeadm: remove function pointer comparison in phase test * CHANGELOG-1.27: Add note for AWS in-tree provider removal * Updating the nodeAffinity of gated pods having nil affinity should be allowed * fix the existing problem (0 SerialNumber in all certificate) as part of this PR in a separate commit * update serial number to a valid non-zero number in ca certificate * Delete CRDs created during field validation tests. * kubectl explain should work for both cluster and namespace resources and without a GET method * always execute condition for wait.PollUntilContextTimeout with immediate=true * Review remarks to improve HandlePodCleanups in kubelet * Fix the deletion of rejected pods * Unset gated pod info timestamp in addToActiveQ * deps: Bump to cAdvisor v0.47.2 * Make etcd component status consistent with health probes * e2e storage: terminate worker quietly on test completion * Fix flaky persistent volumes e2e test * Set the node-ips annotation correctly with CloudDualStackNodeIPs * Fix the git-repo test error caused by the correct use of loop variables * dra scheduler plugin test: fix loopvar bug and "reserve" expected data * Add node check to vSphere cloud provider * Adding additional validations to queried endpoint list iteration.- Update: `BuildRequires: go >= 1.20.5` - Update to version 1.27.3: * Release commit for Kubernetes v1.27.3 * update-vendor: update vendored go.sums * releng/go: Update images, dependencies and version to Go 1.20.5 * kube-proxy avoid race condition using LocalModeNodeCIDR * Add ephemeralcontainer to imagepolicy securityaccount admission plugin * supported version of etcd 3.5.7-0 for Kubernetes v1.27.0-rc.0 * e2e framework retry on Service unavailable errors * e2e: apply timeout for CSI Storage Capacity test only to node * Add DisruptionTarget condition when preempting for critical pod * update webhook test to go 1.21 * Test APIService safe handling at startup * Fix waiting for CRD sync at server start * kubeadm: fix a bug where the static pod changes detection logic is inconsistent with kubelet * kubeadm: Make etcd member removal idempotent * kubeadm: Add etcd client unit tests * kubeadm: Use internal etcd client through an interface- Update: `BuildRequires: go >= 1.20.4` - Update to version 1.27.2: * Release commit for Kubernetes v1.27.2 * OpenAPI V3 invalid document checks * QueryParamVerifier falls back on invalid v3 document * QueryParamVerifierV3 resilient to minimal OpenAPI V3 documents * kubeadm: fix a bug where file copy(backup) could not be executed correctly on Windows platform during upgrade * benchmark test to evaluate the overhead of podMatchesScopeFunc * Fix incorrect calculation for ResourceQuota with PriorityClass as its scope * Update podFailurePolicy comments from alpha-level to beta * Disable NewVolumeManagerReconstruction feature gate * releng/go: Update images, dependencies and version to Go 1.20.4 * Bump konnectivity-client to v0.1.2 * Kube-proxy/ipvs: accept access to healthCheckNodePort on LbIP * node: device-plugin: e2e: Additional test cases * node: device-plugin: add node reboot test scenario * node: device-plugin: e2e: Capture pod admission failure * node: device-mgr: e2e: adapt to sample device plugin refactoring * node: device-mgr: e2e: Update the e2e test to reproduce issue:109595 * node: device-mgr: e2e: Implement End to end test * node: device-mgr: Handle recovery by checking if healthy devices exist * node: device-plugin: e2e: Add test case for kubelet restart * node: device-plugin: e2e: Provide sleep intervals via constants * node: device-plugin: e2e: Update test description to make it explicit * node: device-plugin: e2e: Isolate test to pod restart scenario * node: device-plugin: e2e: Annotate device check with error message * node: device-plugins: e2e: s/devLen/expectedSampleDevsAmount * node: device-plugins: e2e: Refactor parse log to return string and error * Update kube-openapi to fix race * Use absolute path instead requestURI in openapiv3 discovery * proxy/ipvs: don't bind nodeips to the dummy device * proxy/ipvs: add a GetAllLocalAddressesExcept() function * Refactors discovery content-type and helper functions * Fix scheduler performance regression after adding plugin metrics * Update staging/src/k8s.io/apiserver/pkg/cel/common/values.go * Fix bug where CEL listOfString.join() results in unexpected error * Fix directory mismatch for `volume.SetVolumeOwnership()` * Fix stomping os env in kubectl e2e tests * KCCM: add providerID predicate to service controller * Re-work logic in shouldSyncUpdatedNode * add log includes pod preemption details * verifyVolumeNoStatusUpdateNeeded may cause flake and so only keep the last ones * deflake: Add retry with timeout to wait for final conditions * kubelet: Mark new terminal pods as non-finished in pod worker * test: Add node e2e to restart kubelet while pod is terminating * kubelet: Ensure pods that have not started track a pendingUpdate * changelog: fix formatting issue with v1.27 change log * Update CHANGELOG/CHANGELOG-1.27.md for v1.27.1 * use case-insensitive header keys for http probes * kube-aggregator: correctly use client-go TLS cache with custom dialer * api: encode NamespacedName with lower case in JSON * Do not look at VPC-related resources outside the cluster's network * Fix azure disk e2e after migration * vendor: bump runc to 1.1.6 * CVE-2023-27561: Bump runc go module v1.1.4 -> v1.1.5 * fix: the volume is not detached after the pod and PVC objects are deleted * Return error for localhost seccomp type with no localhost profile defined- Update `Requires` in the "kubernetes1.27-client" pkg to: * Requires: kubernetes%{baseversion}-client-common - Remove following `Obsoletes` from the "kubernetes1.27-client-common" pkg: * Obsoletes: kubernetes%{baseversionminus1}-client-common- Update to version 1.27.1: * Release commit for Kubernetes v1.27.1 * fix: add the bug as a known issue o on the v1.26 release note * Revert "Optimization on running prePreEnqueuePlugins before adding pods into activeQ" * Revert "Merge pull request #113151 from ncdc/refactor-crd-conversion" * Revert "CR conversion: protect from converter input edits" * kubelet: Do not mutate pods in the pod manager * Update CHANGELOG/CHANGELOG-1.27.md for v1.27.0- update patches: * kubeadm-opensuse-registry.patch * revert-coredns-image-renaming.patch- initial package for Kubernetes v1.27.0/bin/sh/bin/sh/bin/sh/bin/shh01-armsrv2 1727179613 1.27.161.27.16-150400.9.12.11.27.16-150400.9.12.1 kubernetes1.27manifestskubernetes1.27kubeletkubelet.servicekubelet.service.dkubelet.confrckubeletkubernetes1.27-kubelet-commonCHANGELOG-1.27.mdCONTRIBUTING.mdREADME.mdsysconfig.kubelet-kubernetes1.27kubernetes1.27-kubelet-commonLICENSEkubelet.1.gzkubeletvolume-plugin/etc//etc/kubernetes1.27//run//usr/bin//usr/lib/systemd/system//usr/lib/tmpfiles.d//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/kubernetes1.27-kubelet-common//usr/share/fillup-templates//usr/share/licenses//usr/share/licenses/kubernetes1.27-kubelet-common//usr/share/man/man1//var/lib//var/lib/kubelet/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:35819/SUSE_SLE-15-SP4_Update/1571d27e092dd24659a0e69b66fac0f6-kubernetes1.27.SUSE_SLE-15-SP4_Updatedrpmxz5aarch64-suse-linuxdirectoryPOSIX shell script, ASCII text executableASCII textexported SGML document, UTF-8 Unicode text, with very long linestroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)R}fJbQutf-8712bf345a179cdbb3dca1c3031533bb21bd27095acc5e119bb64848681098650?p7zXZ !t/4]"k%ӻ]{~5 #3 tsO֮QˮjD(|]$3bzC'mr'G@< `|^TO3C({?'{#75uc=%LSn_~9u)k޿ >Wt|D@|EsSt"={.pyLf)M]+C1͕<-f5(EQF[9Ԩe9ΔwfoDۑLDv";)Ւxj(YkUvh=pګҋ4%XdZt\}n9s!!Rro Z0R\<eD3z癙6{]~z`-4]*& 8y19HMI&X%h+Ix 16?({w|uVVBʤ;]^l? \`s2`:JoW9Z/׿h:2:EV+bm)dy:\~ZzS 'XG6q1:7uveG#>'}&S5-kSAtA)TѸ}Z}ÆTp*jakFv2g.uqk cg/ *YB!6)e˄кw"S}mo x!1A}ee(Ku.!QdF>cO{&t"״=l8'b#C}Rl$RA0m̭ MpNҳ'GLǡQzdUOȇ=~K2׃_yP2Ha4c^i/o17r8,Y+eHͪcOF=~ ؆?`;5 $SV;v -БZq=myb$oB3س+XYgXTt b-I ㋠UD tVWUi;sfLIOn P'_"Kb,Zw%y| YZ