Pull Kubernetes v1.33.5 #181
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ss iptables Signed-off-by: Carlos Panato <[email protected]>
On Linux, mask "/proc/interrupts" and "/sys/devices/system/cpu/cpu<x>/thermal_throttle" inside containers by default. Privileged containers or containers started with --security-opt="systempaths=unconfined" are not affected. Mitigates potential Thermal Side-Channel Vulnerability Exploit (https://github.com/moby/moby/security/advisories/GHSA-6fw5-f8r9-fgfm). Also: improve integration test TestCreateWithCustomMaskedPaths() to ensure default masked paths don't apply to privileged containers. Refers to moby/moby#49560 Signed-off-by: Sascha Grunert <[email protected]>
[release-1.33][go] Bump dependencies, images and versions used to Go 1.24.5 and distroless iptables
…tial, add TODOs see: kubernetes#130271
…62-release-1.33 Cherrypick 133262 remove broken test that depends on expired credential onto Release 1.33
Signed-off-by: Min Jin <[email protected]>
…-pick-of-#132895-upstream-release-1.33 Automated cherry pick of kubernetes#132895: Fixes scheduler nil panic due to empty init container request&limit
…ease-1.33 Update NodeRestriction to prevent nodes from updating their OwnerReferences
…ss iptables Signed-off-by: Carlos Panato <[email protected]>
[release-1.33][go] Bump images, dependencies and versions to go 1.24.6 and distroless iptables
They were already listed in ineligible_endpoints.yaml, so we shouldn't be testing them here anyway.
The comparison of SELinux labels in KCM tolerates missing fields - the operating system is going to default them from its defaults, but in KCM we don't know what the defaults are. But the OS won't default the last component, "level", which includes also categories. Make sure that labels with a level set conflicts with level "", that's what will conflict on the OS too.
…-pick-of-#133513-upstream-release-1.33 Automated cherry pick of kubernetes#133513: Add missing conversion for timeoutForControlPlane
…rry-pick-of-#131018-base-release-1.33 Automated cherry pick of kubernetes#131018: Mask Linux thermal interrupt info in /proc and /sys.
…-pick-of-#133625-origin-release-1.33 Automated cherry pick of kubernetes#133625: Remove patch/update from ServiceCIDR API conformance test
…ick-of-#132891-upstream-release-1.33 Automated cherry pick of kubernetes#132891: Added NodeSelectors field to external DriverDefinition
…ick-of-#133425-release-1.33 Automated cherry pick of kubernetes#133425: Fix SELinux label comparison
Kubernetes official release v1.33.5
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
13 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
/kind feature
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes 3642
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: