From 53c7d3576e0293e849530bfe611128a3b70c1b98 Mon Sep 17 00:00:00 2001 From: andyzhangx Date: Wed, 8 Nov 2023 03:47:32 +0000 Subject: [PATCH] fix: CVE-2023-3676 --- go.mod | 76 +++++++++--------- go.sum | 68 ++++++++-------- .../net/http/otelhttp/handler.go | 8 +- .../net/http/otelhttp/version.go | 2 +- .../api/apidiscovery/v2beta1/generated.proto | 4 +- .../k8s.io/api/apidiscovery/v2beta1/types.go | 4 +- vendor/k8s.io/api/batch/v1/generated.proto | 1 + vendor/k8s.io/api/batch/v1/types.go | 1 + vendor/k8s.io/api/core/v1/types.go | 10 +++ .../apimachinery/pkg/runtime/converter.go | 4 +- .../apimachinery/pkg/util/runtime/runtime.go | 15 ++-- .../plugin/webhook/mutating/dispatcher.go | 18 +++-- .../apiserver/pkg/features/kube_features.go | 20 +++++ .../discovery/aggregated_discovery.go | 6 +- .../tools/events/event_broadcaster.go | 30 ++++--- vendor/k8s.io/client-go/tools/record/event.go | 3 + vendor/k8s.io/client-go/util/cert/cert.go | 34 ++++++-- .../k8s.io/kubernetes/pkg/apis/batch/types.go | 1 + .../kubernetes/pkg/features/kube_features.go | 2 + .../pkg/volume/util/atomic_writer.go | 48 +++++++---- .../volume/util/subpath/subpath_windows.go | 12 ++- .../k8s.io/kubernetes/pkg/volume/util/util.go | 12 ++- .../kubernetes/test/utils/image/manifest.go | 2 +- .../kubernetes/test/utils/pki_helpers.go | 4 +- vendor/k8s.io/mount-utils/mount_linux.go | 57 +++++++------ vendor/k8s.io/mount-utils/mount_windows.go | 24 ++++-- vendor/modules.txt | 80 +++++++++---------- 27 files changed, 337 insertions(+), 209 deletions(-) diff --git a/go.mod b/go.mod index 5ec26482f..d0a3b8a1d 100644 --- a/go.mod +++ b/go.mod @@ -21,13 +21,13 @@ require ( golang.org/x/net v0.17.0 google.golang.org/grpc v1.59.0 google.golang.org/protobuf v1.31.0 - k8s.io/api v0.26.6 - k8s.io/apimachinery v0.26.6 - k8s.io/client-go v0.26.6 - k8s.io/component-base v0.26.6 + k8s.io/api v0.26.10 + k8s.io/apimachinery v0.26.10 + k8s.io/client-go v0.26.10 + k8s.io/component-base v0.26.10 k8s.io/klog/v2 v2.80.1 - k8s.io/kubernetes v1.26.6 - k8s.io/mount-utils v0.26.6 + k8s.io/kubernetes v1.26.10 + k8s.io/mount-utils v0.26.10 k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 sigs.k8s.io/cloud-provider-azure v1.26.1-0.20230118112841-6e3f8e03247e sigs.k8s.io/yaml v1.3.0 @@ -42,8 +42,8 @@ require ( github.com/onsi/ginkgo/v2 v2.9.2 github.com/pkg/errors v0.9.1 github.com/satori/go.uuid v1.2.0 - k8s.io/apiserver v0.26.6 - k8s.io/pod-security-admission v0.26.6 + k8s.io/apiserver v0.26.10 + k8s.io/pod-security-admission v0.26.10 ) require ( @@ -102,7 +102,7 @@ require ( github.com/prometheus/procfs v0.8.0 // indirect github.com/spf13/cobra v1.6.1 // indirect github.com/spf13/pflag v1.0.5 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1 // indirect go.opentelemetry.io/otel v1.10.0 // indirect go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0 // indirect @@ -126,11 +126,11 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/apiextensions-apiserver v0.0.0 // indirect - k8s.io/cloud-provider v0.26.6 // indirect - k8s.io/component-helpers v0.26.6 // indirect + k8s.io/cloud-provider v0.26.10 // indirect + k8s.io/component-helpers v0.26.10 // indirect k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect k8s.io/kubectl v0.0.0 // indirect - k8s.io/kubelet v0.26.6 // indirect + k8s.io/kubelet v0.26.10 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.37 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect @@ -139,31 +139,31 @@ require ( replace ( github.com/niemeyer/pretty => github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e go.etcd.io/etcd => go.etcd.io/etcd v0.0.0-20200410171415-59f5fb25a533 - k8s.io/api => k8s.io/api v0.26.6 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.6 - k8s.io/apimachinery => k8s.io/apimachinery v0.26.6 - k8s.io/apiserver => k8s.io/apiserver v0.26.6 - k8s.io/cli-runtime => k8s.io/cli-runtime v0.26.6 - k8s.io/client-go => k8s.io/client-go v0.26.6 - k8s.io/cloud-provider => k8s.io/cloud-provider v0.26.6 - k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.26.6 + k8s.io/api => k8s.io/api v0.26.10 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.10 + k8s.io/apimachinery => k8s.io/apimachinery v0.26.10 + k8s.io/apiserver => k8s.io/apiserver v0.26.10 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.26.10 + k8s.io/client-go => k8s.io/client-go v0.26.10 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.26.10 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.26.10 k8s.io/code-generator => k8s.io/code-generator v0.20.0 - k8s.io/component-base => k8s.io/component-base v0.26.6 - k8s.io/component-helpers => k8s.io/component-helpers v0.26.6 - k8s.io/controller-manager => k8s.io/controller-manager v0.26.6 - k8s.io/cri-api => k8s.io/cri-api v0.26.6 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.26.6 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.26.6 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.26.6 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.26.6 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.26.6 - k8s.io/kubectl => k8s.io/kubectl v0.26.6 - k8s.io/kubelet => k8s.io/kubelet v0.26.6 - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.26.6 - k8s.io/metrics => k8s.io/metrics v0.26.6 - k8s.io/mount-utils => k8s.io/mount-utils v0.26.6 - k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.26.6 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.26.6 - k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.26.6 - k8s.io/sample-controller => k8s.io/sample-controller v0.26.6 + k8s.io/component-base => k8s.io/component-base v0.26.10 + k8s.io/component-helpers => k8s.io/component-helpers v0.26.10 + k8s.io/controller-manager => k8s.io/controller-manager v0.26.10 + k8s.io/cri-api => k8s.io/cri-api v0.26.10 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.26.10 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.26.10 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.26.10 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.26.10 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.26.10 + k8s.io/kubectl => k8s.io/kubectl v0.26.10 + k8s.io/kubelet => k8s.io/kubelet v0.26.10 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.26.10 + k8s.io/metrics => k8s.io/metrics v0.26.10 + k8s.io/mount-utils => k8s.io/mount-utils v0.26.10 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.26.10 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.26.10 + k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.26.10 + k8s.io/sample-controller => k8s.io/sample-controller v0.26.10 ) diff --git a/go.sum b/go.sum index 184362f53..de4fe9887 100644 --- a/go.sum +++ b/go.sum @@ -452,8 +452,8 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.0 h1:Ajldaqhxqw/gNzQA45IKFWLdG7jZuXX/wBW1d5qvbUI= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.0/go.mod h1:9NiG9I2aHTKkcxqCILhjtyNA1QEiCjdBACv4IvrFQ+c= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1 h1:sxoY9kG1s1WpSYNyzm24rlwH4lnRYFXUVVBmKMBfRgw= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1/go.mod h1:9NiG9I2aHTKkcxqCILhjtyNA1QEiCjdBACv4IvrFQ+c= go.opentelemetry.io/otel v1.8.0/go.mod h1:2pkj+iMj0o03Y+cW6/m8Y4WkRdYN3AvCXCnzRMp9yvM= go.opentelemetry.io/otel v1.10.0 h1:Y7DTJMR6zs1xkS/upamJYk0SxxN4C9AqRd77jmZnyY4= go.opentelemetry.io/otel v1.10.0/go.mod h1:NbvWjCthWHKBEUMpf0/v8ZRZlni86PpGFEMA9pnQSnQ= @@ -570,7 +570,7 @@ golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -656,14 +656,15 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -676,7 +677,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -878,23 +880,23 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.26.6 h1:RZsJGP5p/qdWuFVqj/JFyt+6ttfgL+8/K8gtyi7riuo= -k8s.io/api v0.26.6/go.mod h1:Z+i6M3de4+LJiXtIiWSz/yLpnG+YjxAkeW6cgZqoxn4= -k8s.io/apiextensions-apiserver v0.26.6 h1:BrrWb5gQlWuwvqGJs1xMV1Qtr+xQS6ri6A1QBT4rnz8= -k8s.io/apiextensions-apiserver v0.26.6/go.mod h1:T6zbudRhmwN0sxg9lD51co/3Ah3JuCduz0nbtxyRXrk= -k8s.io/apimachinery v0.26.6 h1:OT04J9US8G+AqfqvcJZZ8s3WUQkWbc3t6ePPWieDN6I= -k8s.io/apimachinery v0.26.6/go.mod h1:qYzLkrQ9lhrZRh0jNKo2cfvf/R1/kQONnSiyB7NUJU0= -k8s.io/apiserver v0.26.6 h1:gM6Ai7L4Kv+4iYeJhEd8VgP8KrdMjJNGrH9iEcnqB4c= -k8s.io/apiserver v0.26.6/go.mod h1:Lfs3EMXwKERf8PUa3a+jpb23lJAFtJPDj/xKDxYktFo= -k8s.io/client-go v0.26.6 h1:CtC0wOxkAwjYyG2URGzdEKo0nLILopSDYn5AmzOkdi4= -k8s.io/client-go v0.26.6/go.mod h1:HDjbQGY7XzFYFUWOPAfAsIYhvFXyc9l6Ne0pO0bOQ7o= -k8s.io/cloud-provider v0.26.6 h1:byNR1IYs4ykPAqreq7icYmoGiy7ViupWtT5cz7W1pfQ= -k8s.io/cloud-provider v0.26.6/go.mod h1:zJd8Em72WezikROPVJiq+xZ44vUfYDR+OuIQE7CqCro= -k8s.io/component-base v0.26.6 h1:/Tm16Z8l/ruLFcw1XbFKTRSuxD6gQULQxxYgmar8PI0= -k8s.io/component-base v0.26.6/go.mod h1:fsv8CPnT5gumGxRbiQvK1j8IGvqSNwqZaJS5XTlLM1s= -k8s.io/component-helpers v0.26.6 h1:PeLFHv52Q4KwrwiMB5G6TP6R8kqB0AY7i+7UTJnEKCA= -k8s.io/component-helpers v0.26.6/go.mod h1:B2gSbLdkn6exoHr28wSYS8F3g8+7HQgtsQz1zLI0kZo= -k8s.io/csi-translation-lib v0.26.6 h1:lIgfnC0rJvrxA6yzJtQBQ8vt3lDOkBsJkddrZUim8Gs= +k8s.io/api v0.26.10 h1:skTnrDR0r8dg4MMLf6YZIzugxNM0BjFsWKPkNc5kOvk= +k8s.io/api v0.26.10/go.mod h1:ou/H3yviqrHtP/DSPVTfsc7qNfmU06OhajytJfYXkXw= +k8s.io/apiextensions-apiserver v0.26.10 h1:wAriTUc6l7gUqJKOxhmXnYo/VNJzk4oh4QLCUR4Uq+k= +k8s.io/apiextensions-apiserver v0.26.10/go.mod h1:N2qhlxkhJLSoC4f0M1/1lNG627b45SYqnOPEVFoQXw4= +k8s.io/apimachinery v0.26.10 h1:aE+J2KIbjctFqPp3Y0q4Wh2PD+l1p2g3Zp4UYjSvtGU= +k8s.io/apimachinery v0.26.10/go.mod h1:iT1ZP4JBP34wwM+ZQ8ByPEQ81u043iqAcsJYftX9amM= +k8s.io/apiserver v0.26.10 h1:gradpIHygzZN87yK+o6V3gpbCSF78HZ0hejLZQQwdDs= +k8s.io/apiserver v0.26.10/go.mod h1:TGrQKQWUfQcotK3P4TtoVZxXOWklFF36QZlA5wufLs4= +k8s.io/client-go v0.26.10 h1:4mDzl+1IrfRxh4Ro0s65JRGJp14w77gSMUTjACYWVRo= +k8s.io/client-go v0.26.10/go.mod h1:sh74ig838gCckU4ElYclWb24lTesPdEDPnlyg5vcbkA= +k8s.io/cloud-provider v0.26.10 h1:KEKR5IN508u6qKTIp8hiQshdwjp2vAmUf1dq00YeqwE= +k8s.io/cloud-provider v0.26.10/go.mod h1:s8jaxZgFcipPVnGMxLzWbCG46BYK8ExpBaqMjtUswVg= +k8s.io/component-base v0.26.10 h1:vl3Gfe5aC09mNxfnQtTng7u3rnBVrShOK3MAkqEleb0= +k8s.io/component-base v0.26.10/go.mod h1:/IDdENUHG5uGxqcofZajovYXE9KSPzJ4yQbkYQt7oN0= +k8s.io/component-helpers v0.26.10 h1:KEwLNxzTE65R2kNz4UZ26h1G9O8xd6+iXVz7jkLgEYc= +k8s.io/component-helpers v0.26.10/go.mod h1:HYtL0UXL9zrYuuAmweYvHX/iQ0d0MURnvTOL3emC/r0= +k8s.io/csi-translation-lib v0.26.10 h1:YWshcixVgN9kJPCf/EYkEZ/KQnojSEagdXNyBb8TJ+A= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= @@ -902,16 +904,16 @@ k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E= k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= -k8s.io/kubectl v0.26.6 h1:8w/13HZ+kb7tKFoZ55Ci96L3RvjTFFuLPBEYYSOP0rA= -k8s.io/kubectl v0.26.6/go.mod h1:q9wFF+QoE0tOQnJvPbxCXnjKuot/0v/eFXNBjheEsgY= -k8s.io/kubelet v0.26.6 h1:i7ULqYJBtxk5qU8GyRLL3Hp6i3W9QvvnOxUDwRv1WU8= -k8s.io/kubelet v0.26.6/go.mod h1:Zmn/I8E1cIGkpLYy66KEGiRIkMEM8D4luz2hg7/kvfo= -k8s.io/kubernetes v1.26.6 h1:wj7+e03hcuEsrs2sA1YTGAdC+L/U0QVmnRkaCRO0Fh4= -k8s.io/kubernetes v1.26.6/go.mod h1:baNC1jjusIrvJBaOYmefaoZNklGLvIYfOfScJ25KENw= -k8s.io/mount-utils v0.26.6 h1:VDAqrOImXRHRFRQPxl+7yMLml0PLAxb5VAOuCmQNqzQ= -k8s.io/mount-utils v0.26.6/go.mod h1:S+09/ujdtdKRo3bzSQXonHpIEKc+svPe8SNgBUJBj8E= -k8s.io/pod-security-admission v0.26.6 h1:ORkKYeEC7C9ZfCGUoL+LMNa7U8qMyIagOmTcwrHM/6o= -k8s.io/pod-security-admission v0.26.6/go.mod h1:rdGiHiobFFJHmWer956ySg/rDEivPi+icbZw/AYGuP8= +k8s.io/kubectl v0.26.10 h1:UoHA2Apb/Ack+B3evJjokbQ1shq6WdAmVi9AtWiY1B8= +k8s.io/kubectl v0.26.10/go.mod h1:U8Zb+jkWVI3H/LSbCDHQ0d70uYmOJtNQk9V2fmg7tGw= +k8s.io/kubelet v0.26.10 h1:/ChL4fCohFNPEvZbpt6qFXMrwFgLw0dgRaseMQ1wehw= +k8s.io/kubelet v0.26.10/go.mod h1:CptPtpIILi3Z0Z2522hMBF+gnDW/rwWGTg3fteoK0Qk= +k8s.io/kubernetes v1.26.10 h1:0px6+62d5Z3pcRPYl3Fc00t3W7BtBjqkjcRarp597Lk= +k8s.io/kubernetes v1.26.10/go.mod h1:FJGPRZLL8WHUDq5XAPs4Ut4jCB0f08R7MKTRP8CGpvI= +k8s.io/mount-utils v0.26.10 h1:symeTUgJj+dZRy6xrpTmKQ4O2ozqMePfNAR1YEhFj1s= +k8s.io/mount-utils v0.26.10/go.mod h1:iueAuIucD6q4SQ1xgOG1VlhzoSh7TItL45cZEMDl/00= +k8s.io/pod-security-admission v0.26.10 h1:D2MF9JbMRu3pB7Onx26DHm6MHJRh3s6ZK0UKoRRD2to= +k8s.io/pod-security-admission v0.26.10/go.mod h1:AurbRHBkqh8GSj+nDgsY0NLefkiGCmZJbzMJXQZpte8= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y= diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go index 4c037f1d8..5b7d9daaf 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go @@ -164,10 +164,10 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { } var bw bodyWrapper - // if request body is nil we don't want to mutate the body as it will affect - // the identity of it in an unforeseeable way because we assert ReadCloser - // fulfills a certain interface and it is indeed nil. - if r.Body != nil { + // if request body is nil or NoBody, we don't want to mutate the body as it + // will affect the identity of it in an unforeseeable way because we assert + // ReadCloser fulfills a certain interface and it is indeed nil or NoBody. + if r.Body != nil && r.Body != http.NoBody { bw.ReadCloser = r.Body bw.record = readRecordFunc r.Body = &bw diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go index 56e473606..210ee0b78 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go @@ -16,7 +16,7 @@ package otelhttp // import "go.opentelemetry.io/contrib/instrumentation/net/http // Version is the current release version of the otelhttp instrumentation. func Version() string { - return "0.35.0" + return "0.35.1" // This string is updated by the pre_release.sh script during release } diff --git a/vendor/k8s.io/api/apidiscovery/v2beta1/generated.proto b/vendor/k8s.io/api/apidiscovery/v2beta1/generated.proto index aa08b4978..a09af750b 100644 --- a/vendor/k8s.io/api/apidiscovery/v2beta1/generated.proto +++ b/vendor/k8s.io/api/apidiscovery/v2beta1/generated.proto @@ -71,7 +71,7 @@ message APIResourceDiscovery { // responseKind describes the group, version, and kind of the serialization schema for the object type this endpoint typically returns. // APIs may return other objects types at their discretion, such as error conditions, requests for alternate representations, or other operation specific behavior. - // This value will be null if an APIService reports subresources but supports no operations on the parent resource + // This value will be null or empty if an APIService reports subresources but supports no operations on the parent resource optional k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionKind responseKind = 2; // scope indicates the scope of a resource, either Cluster or Namespaced @@ -111,7 +111,7 @@ message APISubresourceDiscovery { optional string subresource = 1; // responseKind describes the group, version, and kind of the serialization schema for the object type this endpoint typically returns. - // Some subresources do not return normal resources, these will have null return types. + // Some subresources do not return normal resources, these will have null or empty return types. optional k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionKind responseKind = 2; // acceptedTypes describes the kinds that this endpoint accepts. diff --git a/vendor/k8s.io/api/apidiscovery/v2beta1/types.go b/vendor/k8s.io/api/apidiscovery/v2beta1/types.go index 1aff3e370..834293773 100644 --- a/vendor/k8s.io/api/apidiscovery/v2beta1/types.go +++ b/vendor/k8s.io/api/apidiscovery/v2beta1/types.go @@ -92,7 +92,7 @@ type APIResourceDiscovery struct { Resource string `json:"resource" protobuf:"bytes,1,opt,name=resource"` // responseKind describes the group, version, and kind of the serialization schema for the object type this endpoint typically returns. // APIs may return other objects types at their discretion, such as error conditions, requests for alternate representations, or other operation specific behavior. - // This value will be null if an APIService reports subresources but supports no operations on the parent resource + // This value will be null or empty if an APIService reports subresources but supports no operations on the parent resource ResponseKind *v1.GroupVersionKind `json:"responseKind,omitempty" protobuf:"bytes,2,opt,name=responseKind"` // scope indicates the scope of a resource, either Cluster or Namespaced Scope ResourceScope `json:"scope" protobuf:"bytes,3,opt,name=scope"` @@ -141,7 +141,7 @@ type APISubresourceDiscovery struct { // for this resource across all versions. Subresource string `json:"subresource" protobuf:"bytes,1,opt,name=subresource"` // responseKind describes the group, version, and kind of the serialization schema for the object type this endpoint typically returns. - // Some subresources do not return normal resources, these will have null return types. + // Some subresources do not return normal resources, these will have null or empty return types. ResponseKind *v1.GroupVersionKind `json:"responseKind,omitempty" protobuf:"bytes,2,opt,name=responseKind"` // acceptedTypes describes the kinds that this endpoint accepts. // Subresources may accept the standard content types or define diff --git a/vendor/k8s.io/api/batch/v1/generated.proto b/vendor/k8s.io/api/batch/v1/generated.proto index 09144d586..5e8159731 100644 --- a/vendor/k8s.io/api/batch/v1/generated.proto +++ b/vendor/k8s.io/api/batch/v1/generated.proto @@ -464,6 +464,7 @@ message PodFailurePolicyRule { // as a list of pod condition patterns. The requirement is satisfied if at // least one pattern matches an actual pod condition. At most 20 elements are allowed. // +listType=atomic + // +optional repeated PodFailurePolicyOnPodConditionsPattern onPodConditions = 3; } diff --git a/vendor/k8s.io/api/batch/v1/types.go b/vendor/k8s.io/api/batch/v1/types.go index f6361391b..d298a02f2 100644 --- a/vendor/k8s.io/api/batch/v1/types.go +++ b/vendor/k8s.io/api/batch/v1/types.go @@ -190,6 +190,7 @@ type PodFailurePolicyRule struct { // as a list of pod condition patterns. The requirement is satisfied if at // least one pattern matches an actual pod condition. At most 20 elements are allowed. // +listType=atomic + // +optional OnPodConditions []PodFailurePolicyOnPodConditionsPattern `json:"onPodConditions" protobuf:"bytes,3,opt,name=onPodConditions"` } diff --git a/vendor/k8s.io/api/core/v1/types.go b/vendor/k8s.io/api/core/v1/types.go index 257fde1ab..bfb3b1d97 100644 --- a/vendor/k8s.io/api/core/v1/types.go +++ b/vendor/k8s.io/api/core/v1/types.go @@ -4405,6 +4405,9 @@ const ( // LoadBalancerPortsError represents the condition of the requested ports // on the cloud load balancer instance. LoadBalancerPortsError = "LoadBalancerPortsError" + // LoadBalancerPortsErrorReason reason in ServiceStatus condition LoadBalancerPortsError + // means the LoadBalancer was not able to be configured correctly. + LoadBalancerPortsErrorReason = "LoadBalancerMixedProtocolNotSupported" ) // ServiceStatus represents the current status of a service. @@ -6761,6 +6764,13 @@ const ( PortForwardRequestIDHeader = "requestID" ) +const ( + // MixedProtocolNotSupported error in PortStatus means that the cloud provider + // can't publish the port on the load balancer because mixed values of protocols + // on the same LoadBalancer type of Service are not supported by the cloud provider. + MixedProtocolNotSupported = "MixedProtocolNotSupported" +) + // PortStatus represents the error condition of a service port type PortStatus struct { diff --git a/vendor/k8s.io/apimachinery/pkg/runtime/converter.go b/vendor/k8s.io/apimachinery/pkg/runtime/converter.go index 90bf487e3..62eb27afc 100644 --- a/vendor/k8s.io/apimachinery/pkg/runtime/converter.go +++ b/vendor/k8s.io/apimachinery/pkg/runtime/converter.go @@ -231,7 +231,7 @@ func (c *fromUnstructuredContext) pushKey(key string) { } -// FromUnstructuredWIthValidation converts an object from map[string]interface{} representation into a concrete type. +// FromUnstructuredWithValidation converts an object from map[string]interface{} representation into a concrete type. // It uses encoding/json/Unmarshaler if object implements it or reflection if not. // It takes a validationDirective that indicates how to behave when it encounters unknown fields. func (c *unstructuredConverter) FromUnstructuredWithValidation(u map[string]interface{}, obj interface{}, returnUnknownFields bool) error { @@ -465,7 +465,7 @@ func sliceFromUnstructured(sv, dv reflect.Value, ctx *fromUnstructuredContext) e } dv.SetBytes(data) } else { - dv.Set(reflect.Zero(dt)) + dv.Set(reflect.MakeSlice(dt, 0, 0)) } return nil } diff --git a/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go b/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go index d738725ca..3674914f7 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go +++ b/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go @@ -126,14 +126,17 @@ type rudimentaryErrorBackoff struct { // OnError will block if it is called more often than the embedded period time. // This will prevent overly tight hot error loops. func (r *rudimentaryErrorBackoff) OnError(error) { + now := time.Now() // start the timer before acquiring the lock r.lastErrorTimeLock.Lock() - defer r.lastErrorTimeLock.Unlock() - d := time.Since(r.lastErrorTime) - if d < r.minPeriod { - // If the time moves backwards for any reason, do nothing - time.Sleep(r.minPeriod - d) - } + d := now.Sub(r.lastErrorTime) r.lastErrorTime = time.Now() + r.lastErrorTimeLock.Unlock() + + // Do not sleep with the lock held because that causes all callers of HandleError to block. + // We only want the current goroutine to block. + // A negative or zero duration causes time.Sleep to return immediately. + // If the time moves backwards for any reason, do nothing. + time.Sleep(r.minPeriod - d) } // GetCaller returns the caller of the function that calls it. diff --git a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go index cadf753e3..3a252f998 100644 --- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go +++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go @@ -20,6 +20,7 @@ package mutating import ( "context" + "errors" "fmt" "time" @@ -149,7 +150,10 @@ func (a *mutatingDispatcher) Dispatch(ctx context.Context, attr admission.Attrib case *webhookutil.ErrCallingWebhook: if !ignoreClientCallFailures { rejected = true - admissionmetrics.Metrics.ObserveWebhookRejection(ctx, hook.Name, "admit", string(versionedAttr.Attributes.GetOperation()), admissionmetrics.WebhookRejectionCallingWebhookError, int(err.Status.ErrStatus.Code)) + // Ignore context cancelled from webhook metrics + if !errors.Is(err.Reason, context.Canceled) { + admissionmetrics.Metrics.ObserveWebhookRejection(ctx, hook.Name, "admit", string(versionedAttr.Attributes.GetOperation()), admissionmetrics.WebhookRejectionCallingWebhookError, int(err.Status.ErrStatus.Code)) + } } admissionmetrics.Metrics.ObserveWebhook(ctx, hook.Name, time.Since(t), rejected, versionedAttr.Attributes, "admit", int(err.Status.ErrStatus.Code)) case *webhookutil.ErrWebhookRejection: @@ -178,10 +182,14 @@ func (a *mutatingDispatcher) Dispatch(ctx context.Context, attr admission.Attrib if callErr, ok := err.(*webhookutil.ErrCallingWebhook); ok { if ignoreClientCallFailures { - klog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr) - admissionmetrics.Metrics.ObserveWebhookFailOpen(ctx, hook.Name, "admit") - annotator.addFailedOpenAnnotation() - + // Ignore context cancelled from webhook metrics + if errors.Is(callErr.Reason, context.Canceled) { + klog.Warningf("Context canceled when calling webhook %v", hook.Name) + } else { + klog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr) + admissionmetrics.Metrics.ObserveWebhookFailOpen(ctx, hook.Name, "admit") + annotator.addFailedOpenAnnotation() + } utilruntime.HandleError(callErr) select { diff --git a/vendor/k8s.io/apiserver/pkg/features/kube_features.go b/vendor/k8s.io/apiserver/pkg/features/kube_features.go index aa903587d..d51dbe59a 100644 --- a/vendor/k8s.io/apiserver/pkg/features/kube_features.go +++ b/vendor/k8s.io/apiserver/pkg/features/kube_features.go @@ -177,6 +177,24 @@ const ( // Enables server-side field validation. ServerSideFieldValidation featuregate.Feature = "ServerSideFieldValidation" + // owner: @enj + // beta: v1.29 + // + // Enables http2 DOS mitigations for unauthenticated clients. + // + // Some known reasons to disable these mitigations: + // + // An API server that is fronted by an L7 load balancer that is set up + // to mitigate http2 attacks may opt to disable this protection to prevent + // unauthenticated clients from disabling connection reuse between the load + // balancer and the API server (many incoming connections could share the + // same backend connection). + // + // An API server that is on a private network may opt to disable this + // protection to prevent performance regressions for unauthenticated + // clients. + UnauthenticatedHTTP2DOSMitigation featuregate.Feature = "UnauthenticatedHTTP2DOSMitigation" + // owner: @caesarxuchao @roycaihw // alpha: v1.20 // @@ -248,5 +266,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS StorageVersionHash: {Default: true, PreRelease: featuregate.Beta}, + UnauthenticatedHTTP2DOSMitigation: {Default: false, PreRelease: featuregate.Beta}, + WatchBookmark: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, } diff --git a/vendor/k8s.io/client-go/discovery/aggregated_discovery.go b/vendor/k8s.io/client-go/discovery/aggregated_discovery.go index 7470259dc..f72c42051 100644 --- a/vendor/k8s.io/client-go/discovery/aggregated_discovery.go +++ b/vendor/k8s.io/client-go/discovery/aggregated_discovery.go @@ -111,6 +111,8 @@ func convertAPIGroup(g apidiscovery.APIGroupDiscovery) ( return group, gvResources, failedGVs } +var emptyKind = metav1.GroupVersionKind{} + // convertAPIResource tranforms a APIResourceDiscovery to an APIResource. We are // resilient to missing GVK, since this resource might be the parent resource // for a subresource. If the parent is missing a GVK, it is not returned in @@ -125,7 +127,7 @@ func convertAPIResource(in apidiscovery.APIResourceDiscovery) (metav1.APIResourc Categories: in.Categories, } var err error - if in.ResponseKind != nil { + if in.ResponseKind != nil && (*in.ResponseKind) != emptyKind { result.Group = in.ResponseKind.Group result.Version = in.ResponseKind.Version result.Kind = in.ResponseKind.Kind @@ -140,7 +142,7 @@ func convertAPIResource(in apidiscovery.APIResourceDiscovery) (metav1.APIResourc // convertAPISubresource tranforms a APISubresourceDiscovery to an APIResource. func convertAPISubresource(parent metav1.APIResource, in apidiscovery.APISubresourceDiscovery) (metav1.APIResource, error) { result := metav1.APIResource{} - if in.ResponseKind == nil { + if in.ResponseKind == nil || (*in.ResponseKind) == emptyKind { return result, fmt.Errorf("subresource %s/%s missing GVK", parent.Name, in.Subresource) } result.Name = fmt.Sprintf("%s/%s", parent.Name, in.Subresource) diff --git a/vendor/k8s.io/client-go/tools/events/event_broadcaster.go b/vendor/k8s.io/client-go/tools/events/event_broadcaster.go index 951965e95..d2f313778 100644 --- a/vendor/k8s.io/client-go/tools/events/event_broadcaster.go +++ b/vendor/k8s.io/client-go/tools/events/event_broadcaster.go @@ -181,22 +181,24 @@ func (e *eventBroadcasterImpl) recordToSink(event *eventsv1.Event, clock clock.C return nil } isomorphicEvent.Series = &eventsv1.EventSeries{ - Count: 1, + Count: 2, LastObservedTime: metav1.MicroTime{Time: clock.Now()}, } - return isomorphicEvent + // Make a copy of the Event to make sure that recording it + // doesn't mess with the object stored in cache. + return isomorphicEvent.DeepCopy() } e.eventCache[eventKey] = eventCopy - return eventCopy + // Make a copy of the Event to make sure that recording it doesn't + // mess with the object stored in cache. + return eventCopy.DeepCopy() }() if evToRecord != nil { - recordedEvent := e.attemptRecording(evToRecord) - if recordedEvent != nil { - recordedEventKey := getKey(recordedEvent) - e.mu.Lock() - defer e.mu.Unlock() - e.eventCache[recordedEventKey] = recordedEvent - } + // TODO: Add a metric counting the number of recording attempts + e.attemptRecording(evToRecord) + // We don't want the new recorded Event to be reflected in the + // client's cache because server-side mutations could mess with the + // aggregation mechanism used by the client. } }() } @@ -248,6 +250,14 @@ func recordEvent(sink EventSink, event *eventsv1.Event) (*eventsv1.Event, bool) return nil, false case *errors.StatusError: if errors.IsAlreadyExists(err) { + // If we tried to create an Event from an EventSerie, it means that + // the original Patch request failed because the Event we were + // trying to patch didn't exist. If the creation failed because the + // Event now exists, it is safe to retry. This occurs when a new + // Event is emitted twice in a very short period of time. + if isEventSeries { + return nil, true + } klog.V(5).Infof("Server rejected event '%#v': '%v' (will not retry!)", event, err) } else { klog.Errorf("Server rejected event '%#v': '%v' (will not retry!)", event, err) diff --git a/vendor/k8s.io/client-go/tools/record/event.go b/vendor/k8s.io/client-go/tools/record/event.go index 998bf8dfb..926605975 100644 --- a/vendor/k8s.io/client-go/tools/record/event.go +++ b/vendor/k8s.io/client-go/tools/record/event.go @@ -344,6 +344,9 @@ func (recorder *recorderImpl) generateEvent(object runtime.Object, annotations m event := recorder.makeEvent(ref, annotations, eventtype, reason, message) event.Source = recorder.source + event.ReportingInstance = recorder.source.Host + event.ReportingController = recorder.source.Component + // NOTE: events should be a non-blocking operation, but we also need to not // put this in a goroutine, otherwise we'll race to write to a closed channel // when we go to shut down this broadcaster. Just drop events if we get overloaded, diff --git a/vendor/k8s.io/client-go/util/cert/cert.go b/vendor/k8s.io/client-go/util/cert/cert.go index 7196cf890..4ef02f09f 100644 --- a/vendor/k8s.io/client-go/util/cert/cert.go +++ b/vendor/k8s.io/client-go/util/cert/cert.go @@ -25,6 +25,7 @@ import ( "crypto/x509/pkix" "encoding/pem" "fmt" + "math" "math/big" "net" "os" @@ -44,6 +45,7 @@ type Config struct { Organization []string AltNames AltNames Usages []x509.ExtKeyUsage + NotBefore time.Time } // AltNames contains the domain names and IP addresses that will be added @@ -57,14 +59,24 @@ type AltNames struct { // NewSelfSignedCACert creates a CA certificate func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error) { now := time.Now() + // returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max). + serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1)) + if err != nil { + return nil, err + } + serial = new(big.Int).Add(serial, big.NewInt(1)) + notBefore := now.UTC() + if !cfg.NotBefore.IsZero() { + notBefore = cfg.NotBefore.UTC() + } tmpl := x509.Certificate{ - SerialNumber: new(big.Int).SetInt64(0), + SerialNumber: serial, Subject: pkix.Name{ CommonName: cfg.CommonName, Organization: cfg.Organization, }, DNSNames: []string{cfg.CommonName}, - NotBefore: now.UTC(), + NotBefore: notBefore, NotAfter: now.Add(duration365d * 10).UTC(), KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, BasicConstraintsValid: true, @@ -116,9 +128,14 @@ func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, a if err != nil { return nil, nil, err } - + // returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max). + serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1)) + if err != nil { + return nil, nil, err + } + serial = new(big.Int).Add(serial, big.NewInt(1)) caTemplate := x509.Certificate{ - SerialNumber: big.NewInt(1), + SerialNumber: serial, Subject: pkix.Name{ CommonName: fmt.Sprintf("%s-ca@%d", host, time.Now().Unix()), }, @@ -144,9 +161,14 @@ func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, a if err != nil { return nil, nil, err } - + // returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max). + serial, err = cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1)) + if err != nil { + return nil, nil, err + } + serial = new(big.Int).Add(serial, big.NewInt(1)) template := x509.Certificate{ - SerialNumber: big.NewInt(2), + SerialNumber: serial, Subject: pkix.Name{ CommonName: fmt.Sprintf("%s@%d", host, time.Now().Unix()), }, diff --git a/vendor/k8s.io/kubernetes/pkg/apis/batch/types.go b/vendor/k8s.io/kubernetes/pkg/apis/batch/types.go index cd3dd9656..c87b8ca5e 100644 --- a/vendor/k8s.io/kubernetes/pkg/apis/batch/types.go +++ b/vendor/k8s.io/kubernetes/pkg/apis/batch/types.go @@ -212,6 +212,7 @@ type PodFailurePolicyRule struct { // as a list of pod condition patterns. The requirement is satisfied if at // least one pattern matches an actual pod condition. At most 20 elements are allowed. // +listType=atomic + // +optional OnPodConditions []PodFailurePolicyOnPodConditionsPattern } diff --git a/vendor/k8s.io/kubernetes/pkg/features/kube_features.go b/vendor/k8s.io/kubernetes/pkg/features/kube_features.go index 2ad904d6f..99f7a55b7 100644 --- a/vendor/k8s.io/kubernetes/pkg/features/kube_features.go +++ b/vendor/k8s.io/kubernetes/pkg/features/kube_features.go @@ -1184,6 +1184,8 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS genericfeatures.ServerSideFieldValidation: {Default: true, PreRelease: featuregate.Beta}, + genericfeatures.UnauthenticatedHTTP2DOSMitigation: {Default: false, PreRelease: featuregate.Beta}, + // features that enable backwards compatibility but are scheduled to be removed // ... HPAScaleToZero: {Default: false, PreRelease: featuregate.Alpha}, diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/atomic_writer.go b/vendor/k8s.io/kubernetes/pkg/volume/util/atomic_writer.go index 94428f6ff..91ee77a9f 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/util/atomic_writer.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/util/atomic_writer.go @@ -86,11 +86,16 @@ const ( // Write does an atomic projection of the given payload into the writer's target // directory. Input paths must not begin with '..'. +// setPerms is an optional pointer to a function that caller can provide to set the +// permissions of the newly created files before they are published. The function is +// passed subPath which is the name of the timestamped directory that was created +// under target directory. // // The Write algorithm is: // // 1. The payload is validated; if the payload is invalid, the function returns -// 2.  The current timestamped directory is detected by reading the data directory +// +// 2. The current timestamped directory is detected by reading the data directory // symlink // // 3. The old version of the volume is walked to determine whether any @@ -98,13 +103,19 @@ const ( // // 4. The data in the current timestamped directory is compared to the projected // data to determine if an update is required. -// 5.  A new timestamped dir is created // -// 6. The payload is written to the new timestamped directory -// 7.  A symlink to the new timestamped directory ..data_tmp is created that will -// become the new data directory -// 8.  The new data directory symlink is renamed to the data directory; rename is atomic -// 9.  Symlinks and directory for new user-visible files are created (if needed). +// 5. A new timestamped dir is created. +// +// 6. The payload is written to the new timestamped directory. +// +// 7. Permissions are set (if setPerms is not nil) on the new timestamped directory and files. +// +// 8. A symlink to the new timestamped directory ..data_tmp is created that will +// become the new data directory. +// +// 9. The new data directory symlink is renamed to the data directory; rename is atomic. +// +// 10. Symlinks and directory for new user-visible files are created (if needed). // // For example, consider the files: // /podName @@ -123,9 +134,10 @@ const ( // linking everything else. On Windows, if a target does not exist, the created symlink // will not work properly if the target ends up being a directory. // -// 10. Old paths are removed from the user-visible portion of the target directory -// 11.  The previous timestamped directory is removed, if it exists -func (w *AtomicWriter) Write(payload map[string]FileProjection) error { +// 11. Old paths are removed from the user-visible portion of the target directory. +// +// 12. The previous timestamped directory is removed, if it exists. +func (w *AtomicWriter) Write(payload map[string]FileProjection, setPerms func(subPath string) error) error { // (1) cleanPayload, err := validatePayload(payload) if err != nil { @@ -185,6 +197,14 @@ func (w *AtomicWriter) Write(payload map[string]FileProjection) error { klog.V(4).Infof("%s: performed write of new data to ts data directory: %s", w.logContext, tsDir) // (7) + if setPerms != nil { + if err := setPerms(tsDirName); err != nil { + klog.Errorf("%s: error applying ownership settings: %v", w.logContext, err) + return err + } + } + + // (8) newDataDirPath := filepath.Join(w.targetDir, newDataDirName) if err = os.Symlink(tsDirName, newDataDirPath); err != nil { os.RemoveAll(tsDir) @@ -192,7 +212,7 @@ func (w *AtomicWriter) Write(payload map[string]FileProjection) error { return err } - // (8) + // (9) if runtime.GOOS == "windows" { os.Remove(dataDirPath) err = os.Symlink(tsDirName, dataDirPath) @@ -207,19 +227,19 @@ func (w *AtomicWriter) Write(payload map[string]FileProjection) error { return err } - // (9) + // (10) if err = w.createUserVisibleFiles(cleanPayload); err != nil { klog.Errorf("%s: error creating visible symlinks in %s: %v", w.logContext, w.targetDir, err) return err } - // (10) + // (11) if err = w.removeUserVisiblePaths(pathsToRemove); err != nil { klog.Errorf("%s: error removing old visible symlinks: %v", w.logContext, err) return err } - // (11) + // (12) if len(oldTsDir) > 0 { if err = os.RemoveAll(oldTsPath); err != nil { klog.Errorf("%s: error removing old data directory %s: %v", w.logContext, oldTsDir, err) diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_windows.go b/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_windows.go index 7d40ce590..bf02de632 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_windows.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_windows.go @@ -76,8 +76,10 @@ func getUpperPath(path string) string { // Check whether a directory/file is a link type or not // LinkType could be SymbolicLink, Junction, or HardLink func isLinkPath(path string) (bool, error) { - cmd := fmt.Sprintf("(Get-Item -LiteralPath %q).LinkType", path) - output, err := exec.Command("powershell", "/c", cmd).CombinedOutput() + cmd := exec.Command("powershell", "/c", "$ErrorActionPreference = 'Stop'; (Get-Item -Force -LiteralPath $env:linkpath).LinkType") + cmd.Env = append(os.Environ(), fmt.Sprintf("linkpath=%s", path)) + klog.V(8).Infof("Executing command: %q", cmd.String()) + output, err := cmd.CombinedOutput() if err != nil { return false, err } @@ -115,8 +117,10 @@ func evalSymlink(path string) (string, error) { } // This command will give the target path of a given symlink // The -Force parameter will allow Get-Item to also evaluate hidden folders, like AppData. - cmd := fmt.Sprintf("(Get-Item -Force -LiteralPath %q).Target", upperpath) - output, err := exec.Command("powershell", "/c", cmd).CombinedOutput() + cmd := exec.Command("powershell", "/c", "$ErrorActionPreference = 'Stop'; (Get-Item -Force -LiteralPath $env:linkpath).Target") + cmd.Env = append(os.Environ(), fmt.Sprintf("linkpath=%s", upperpath)) + klog.V(8).Infof("Executing command: %q", cmd.String()) + output, err := cmd.CombinedOutput() if err != nil { return "", err } diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/util.go b/vendor/k8s.io/kubernetes/pkg/volume/util/util.go index f6f5a3f99..bc7be6eda 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/util/util.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/util/util.go @@ -672,11 +672,15 @@ func HasMountRefs(mountPath string, mountRefs []string) bool { func WriteVolumeCache(deviceMountPath string, exec utilexec.Interface) error { // If runtime os is windows, execute Write-VolumeCache powershell command on the disk if runtime.GOOS == "windows" { - cmd := fmt.Sprintf("Get-Volume -FilePath %s | Write-Volumecache", deviceMountPath) - output, err := exec.Command("powershell", "/c", cmd).CombinedOutput() - klog.Infof("command (%q) execeuted: %v, output: %q", cmd, err, string(output)) + cmdString := "Get-Volume -FilePath $env:mountpath | Write-Volumecache" + cmd := exec.Command("powershell", "/c", cmdString) + env := append(os.Environ(), fmt.Sprintf("mountpath=%s", deviceMountPath)) + cmd.SetEnv(env) + klog.V(8).Infof("Executing command: %q", cmdString) + output, err := cmd.CombinedOutput() + klog.Infof("command (%q) execeuted: %v, output: %q", cmdString, err, string(output)) if err != nil { - return fmt.Errorf("command (%q) failed: %v, output: %q", cmd, err, string(output)) + return fmt.Errorf("command (%q) failed: %v, output: %q", cmdString, err, string(output)) } } // For linux runtime, it skips because unmount will automatically flush disk data diff --git a/vendor/k8s.io/kubernetes/test/utils/image/manifest.go b/vendor/k8s.io/kubernetes/test/utils/image/manifest.go index 974c21af8..eedd8d34d 100644 --- a/vendor/k8s.io/kubernetes/test/utils/image/manifest.go +++ b/vendor/k8s.io/kubernetes/test/utils/image/manifest.go @@ -241,7 +241,7 @@ func initImageConfigs(list RegistryList) (map[ImageID]Config, map[ImageID]Config configs[CudaVectorAdd] = Config{list.PromoterE2eRegistry, "cuda-vector-add", "1.0"} configs[CudaVectorAdd2] = Config{list.PromoterE2eRegistry, "cuda-vector-add", "2.2"} configs[DistrolessIptables] = Config{list.BuildImageRegistry, "distroless-iptables", "v0.1.2"} - configs[Etcd] = Config{list.GcEtcdRegistry, "etcd", "3.5.6-0"} + configs[Etcd] = Config{list.GcEtcdRegistry, "etcd", "3.5.9-0"} configs[GlusterDynamicProvisioner] = Config{list.PromoterE2eRegistry, "glusterdynamic-provisioner", "v1.3"} configs[Httpd] = Config{list.PromoterE2eRegistry, "httpd", "2.4.38-4"} configs[HttpdNew] = Config{list.PromoterE2eRegistry, "httpd", "2.4.39-4"} diff --git a/vendor/k8s.io/kubernetes/test/utils/pki_helpers.go b/vendor/k8s.io/kubernetes/test/utils/pki_helpers.go index 06c329049..c96e5855c 100644 --- a/vendor/k8s.io/kubernetes/test/utils/pki_helpers.go +++ b/vendor/k8s.io/kubernetes/test/utils/pki_helpers.go @@ -53,10 +53,12 @@ func EncodeCertPEM(cert *x509.Certificate) []byte { // NewSignedCert creates a signed certificate using the given CA certificate and key func NewSignedCert(cfg *certutil.Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error) { - serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64)) + // returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max). + serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1)) if err != nil { return nil, err } + serial = new(big.Int).Add(serial, big.NewInt(1)) if len(cfg.CommonName) == 0 { return nil, fmt.Errorf("must specify a CommonName") } diff --git a/vendor/k8s.io/mount-utils/mount_linux.go b/vendor/k8s.io/mount-utils/mount_linux.go index 1752d11f6..9d6474685 100644 --- a/vendor/k8s.io/mount-utils/mount_linux.go +++ b/vendor/k8s.io/mount-utils/mount_linux.go @@ -362,19 +362,7 @@ func (mounter *Mounter) Unmount(target string) error { command := exec.Command("umount", target) output, err := command.CombinedOutput() if err != nil { - if err.Error() == errNoChildProcesses { - if command.ProcessState.Success() { - // We don't consider errNoChildProcesses an error if the process itself succeeded (see - k/k issue #103753). - return nil - } - // Rewrite err with the actual exit error of the process. - err = &exec.ExitError{ProcessState: command.ProcessState} - } - if mounter.withSafeNotMountedBehavior && strings.Contains(string(output), errNotMounted) { - klog.V(4).Infof("ignoring 'not mounted' error for %s", target) - return nil - } - return fmt.Errorf("unmount failed: %v\nUnmounting arguments: %s\nOutput: %s", err, target, string(output)) + return checkUmountError(target, command, output, err, mounter.withSafeNotMountedBehavior) } return nil } @@ -382,11 +370,11 @@ func (mounter *Mounter) Unmount(target string) error { // UnmountWithForce unmounts given target but will retry unmounting with force option // after given timeout. func (mounter *Mounter) UnmountWithForce(target string, umountTimeout time.Duration) error { - err := tryUnmount(target, umountTimeout) + err := tryUnmount(target, mounter.withSafeNotMountedBehavior, umountTimeout) if err != nil { if err == context.DeadlineExceeded { klog.V(2).Infof("Timed out waiting for unmount of %s, trying with -f", target) - err = forceUmount(target) + err = forceUmount(target, mounter.withSafeNotMountedBehavior) } return err } @@ -774,13 +762,13 @@ func (mounter *Mounter) IsMountPoint(file string) (bool, error) { } // tryUnmount calls plain "umount" and waits for unmountTimeout for it to finish. -func tryUnmount(path string, unmountTimeout time.Duration) error { - klog.V(4).Infof("Unmounting %s", path) +func tryUnmount(target string, withSafeNotMountedBehavior bool, unmountTimeout time.Duration) error { + klog.V(4).Infof("Unmounting %s", target) ctx, cancel := context.WithTimeout(context.Background(), unmountTimeout) defer cancel() - cmd := exec.CommandContext(ctx, "umount", path) - out, cmderr := cmd.CombinedOutput() + command := exec.CommandContext(ctx, "umount", target) + output, err := command.CombinedOutput() // CombinedOutput() does not return DeadlineExceeded, make sure it's // propagated on timeout. @@ -788,18 +776,35 @@ func tryUnmount(path string, unmountTimeout time.Duration) error { return ctx.Err() } - if cmderr != nil { - return fmt.Errorf("unmount failed: %v\nUnmounting arguments: %s\nOutput: %s", cmderr, path, string(out)) + if err != nil { + return checkUmountError(target, command, output, err, withSafeNotMountedBehavior) } return nil } -func forceUmount(path string) error { - cmd := exec.Command("umount", "-f", path) - out, cmderr := cmd.CombinedOutput() +func forceUmount(target string, withSafeNotMountedBehavior bool) error { + command := exec.Command("umount", "-f", target) + output, err := command.CombinedOutput() - if cmderr != nil { - return fmt.Errorf("unmount failed: %v\nUnmounting arguments: %s\nOutput: %s", cmderr, path, string(out)) + if err != nil { + return checkUmountError(target, command, output, err, withSafeNotMountedBehavior) } return nil } + +// checkUmountError checks a result of umount command and determine a return value. +func checkUmountError(target string, command *exec.Cmd, output []byte, err error, withSafeNotMountedBehavior bool) error { + if err.Error() == errNoChildProcesses { + if command.ProcessState.Success() { + // We don't consider errNoChildProcesses an error if the process itself succeeded (see - k/k issue #103753). + return nil + } + // Rewrite err with the actual exit error of the process. + err = &exec.ExitError{ProcessState: command.ProcessState} + } + if withSafeNotMountedBehavior && strings.Contains(string(output), errNotMounted) { + klog.V(4).Infof("ignoring 'not mounted' error for %s", target) + return nil + } + return fmt.Errorf("unmount failed: %v\nUnmounting arguments: %s\nOutput: %s", err, target, string(output)) +} diff --git a/vendor/k8s.io/mount-utils/mount_windows.go b/vendor/k8s.io/mount-utils/mount_windows.go index 7c7b396e5..efa8335a6 100644 --- a/vendor/k8s.io/mount-utils/mount_windows.go +++ b/vendor/k8s.io/mount-utils/mount_windows.go @@ -287,14 +287,20 @@ func (mounter *SafeFormatAndMount) formatAndMountSensitive(source string, target fstype = "NTFS" } - // format disk if it is unformatted(raw) - formatOptionsUnwrapped := "" if len(formatOptions) > 0 { - formatOptionsUnwrapped = " " + strings.Join(formatOptions, " ") + return fmt.Errorf("diskMount: formatOptions are not supported on Windows") } - cmd := fmt.Sprintf("Get-Disk -Number %s | Where partitionstyle -eq 'raw' | Initialize-Disk -PartitionStyle GPT -PassThru"+ - " | New-Partition -UseMaximumSize | Format-Volume -FileSystem %s -Confirm:$false%s", source, fstype, formatOptionsUnwrapped) - if output, err := mounter.Exec.Command("powershell", "/c", cmd).CombinedOutput(); err != nil { + + cmdString := "Get-Disk -Number $env:source | Where partitionstyle -eq 'raw' | Initialize-Disk -PartitionStyle GPT -PassThru" + + " | New-Partition -UseMaximumSize | Format-Volume -FileSystem $env:fstype -Confirm:$false" + cmd := mounter.Exec.Command("powershell", "/c", cmdString) + env := append(os.Environ(), + fmt.Sprintf("source=%s", source), + fmt.Sprintf("fstype=%s", fstype), + ) + cmd.SetEnv(env) + klog.V(8).Infof("Executing command: %q", cmdString) + if output, err := cmd.CombinedOutput(); err != nil { return fmt.Errorf("diskMount: format disk failed, error: %v, output: %q", err, string(output)) } klog.V(4).Infof("diskMount: Disk successfully formatted, disk: %q, fstype: %q", source, fstype) @@ -316,8 +322,10 @@ func (mounter *SafeFormatAndMount) formatAndMountSensitive(source string, target // ListVolumesOnDisk - returns back list of volumes(volumeIDs) in the disk (requested in diskID). func listVolumesOnDisk(diskID string) (volumeIDs []string, err error) { - cmd := fmt.Sprintf("(Get-Disk -DeviceId %s | Get-Partition | Get-Volume).UniqueId", diskID) - output, err := exec.Command("powershell", "/c", cmd).CombinedOutput() + cmd := exec.Command("powershell", "/c", "(Get-Disk -DeviceId $env:diskID | Get-Partition | Get-Volume).UniqueId") + cmd.Env = append(os.Environ(), fmt.Sprintf("diskID=%s", diskID)) + klog.V(8).Infof("Executing command: %q", cmd.String()) + output, err := cmd.CombinedOutput() klog.V(4).Infof("listVolumesOnDisk id from %s: %s", diskID, string(output)) if err != nil { return []string{}, fmt.Errorf("error list volumes on disk. cmd: %s, output: %s, error: %v", cmd, string(output), err) diff --git a/vendor/modules.txt b/vendor/modules.txt index 0702d88f4..fd82906f1 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -387,7 +387,7 @@ github.com/spf13/pflag ## explicit; go 1.13 github.com/stretchr/testify/assert github.com/stretchr/testify/require -# go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.0 +# go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1 ## explicit; go 1.17 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp # go.opentelemetry.io/otel v1.10.0 @@ -627,7 +627,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.6 => k8s.io/api v0.26.6 +# k8s.io/api v0.26.10 => k8s.io/api v0.26.10 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -682,11 +682,11 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.0.0 => k8s.io/apiextensions-apiserver v0.26.6 +# k8s.io/apiextensions-apiserver v0.0.0 => k8s.io/apiextensions-apiserver v0.26.10 ## explicit; go 1.19 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 -# k8s.io/apimachinery v0.26.6 => k8s.io/apimachinery v0.26.6 +# k8s.io/apimachinery v0.26.10 => k8s.io/apimachinery v0.26.10 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -742,7 +742,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.26.6 => k8s.io/apiserver v0.26.6 +# k8s.io/apiserver v0.26.10 => k8s.io/apiserver v0.26.10 ## explicit; go 1.19 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/configuration @@ -780,7 +780,7 @@ k8s.io/apiserver/pkg/util/feature k8s.io/apiserver/pkg/util/webhook k8s.io/apiserver/pkg/util/x509metrics k8s.io/apiserver/pkg/warning -# k8s.io/client-go v0.26.6 => k8s.io/client-go v0.26.6 +# k8s.io/client-go v0.26.10 => k8s.io/client-go v0.26.10 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -1093,7 +1093,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.26.6 => k8s.io/cloud-provider v0.26.6 +# k8s.io/cloud-provider v0.26.10 => k8s.io/cloud-provider v0.26.10 ## explicit; go 1.19 k8s.io/cloud-provider k8s.io/cloud-provider/api @@ -1102,7 +1102,7 @@ k8s.io/cloud-provider/service/helpers k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers -# k8s.io/component-base v0.26.6 => k8s.io/component-base v0.26.6 +# k8s.io/component-base v0.26.10 => k8s.io/component-base v0.26.10 ## explicit; go 1.19 k8s.io/component-base/cli/flag k8s.io/component-base/featuregate @@ -1116,7 +1116,7 @@ k8s.io/component-base/metrics/testutil k8s.io/component-base/tracing k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version -# k8s.io/component-helpers v0.26.6 => k8s.io/component-helpers v0.26.6 +# k8s.io/component-helpers v0.26.10 => k8s.io/component-helpers v0.26.10 ## explicit; go 1.19 k8s.io/component-helpers/node/util k8s.io/component-helpers/node/util/sysctl @@ -1145,14 +1145,14 @@ k8s.io/kube-openapi/pkg/schemamutation k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.26.6 +# k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.26.10 ## explicit; go 1.19 k8s.io/kubectl/pkg/scale k8s.io/kubectl/pkg/util/podutils -# k8s.io/kubelet v0.26.6 => k8s.io/kubelet v0.26.6 +# k8s.io/kubelet v0.26.10 => k8s.io/kubelet v0.26.10 ## explicit; go 1.19 k8s.io/kubelet/pkg/apis/stats/v1alpha1 -# k8s.io/kubernetes v1.26.6 +# k8s.io/kubernetes v1.26.10 ## explicit; go 1.19 k8s.io/kubernetes/pkg/api/legacyscheme k8s.io/kubernetes/pkg/api/service @@ -1220,10 +1220,10 @@ k8s.io/kubernetes/test/e2e/testing-manifests k8s.io/kubernetes/test/utils k8s.io/kubernetes/test/utils/image k8s.io/kubernetes/test/utils/kubeconfig -# k8s.io/mount-utils v0.26.6 => k8s.io/mount-utils v0.26.6 +# k8s.io/mount-utils v0.26.10 => k8s.io/mount-utils v0.26.10 ## explicit; go 1.19 k8s.io/mount-utils -# k8s.io/pod-security-admission v0.26.6 => k8s.io/pod-security-admission v0.26.6 +# k8s.io/pod-security-admission v0.26.10 => k8s.io/pod-security-admission v0.26.10 ## explicit; go 1.19 k8s.io/pod-security-admission/api k8s.io/pod-security-admission/policy @@ -1321,30 +1321,30 @@ sigs.k8s.io/structured-merge-diff/v4/value sigs.k8s.io/yaml # github.com/niemeyer/pretty => github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e # go.etcd.io/etcd => go.etcd.io/etcd v0.0.0-20200410171415-59f5fb25a533 -# k8s.io/api => k8s.io/api v0.26.6 -# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.6 -# k8s.io/apimachinery => k8s.io/apimachinery v0.26.6 -# k8s.io/apiserver => k8s.io/apiserver v0.26.6 -# k8s.io/cli-runtime => k8s.io/cli-runtime v0.26.6 -# k8s.io/client-go => k8s.io/client-go v0.26.6 -# k8s.io/cloud-provider => k8s.io/cloud-provider v0.26.6 -# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.26.6 +# k8s.io/api => k8s.io/api v0.26.10 +# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.10 +# k8s.io/apimachinery => k8s.io/apimachinery v0.26.10 +# k8s.io/apiserver => k8s.io/apiserver v0.26.10 +# k8s.io/cli-runtime => k8s.io/cli-runtime v0.26.10 +# k8s.io/client-go => k8s.io/client-go v0.26.10 +# k8s.io/cloud-provider => k8s.io/cloud-provider v0.26.10 +# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.26.10 # k8s.io/code-generator => k8s.io/code-generator v0.20.0 -# k8s.io/component-base => k8s.io/component-base v0.26.6 -# k8s.io/component-helpers => k8s.io/component-helpers v0.26.6 -# k8s.io/controller-manager => k8s.io/controller-manager v0.26.6 -# k8s.io/cri-api => k8s.io/cri-api v0.26.6 -# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.26.6 -# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.26.6 -# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.26.6 -# k8s.io/kube-proxy => k8s.io/kube-proxy v0.26.6 -# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.26.6 -# k8s.io/kubectl => k8s.io/kubectl v0.26.6 -# k8s.io/kubelet => k8s.io/kubelet v0.26.6 -# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.26.6 -# k8s.io/metrics => k8s.io/metrics v0.26.6 -# k8s.io/mount-utils => k8s.io/mount-utils v0.26.6 -# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.26.6 -# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.26.6 -# k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.26.6 -# k8s.io/sample-controller => k8s.io/sample-controller v0.26.6 +# k8s.io/component-base => k8s.io/component-base v0.26.10 +# k8s.io/component-helpers => k8s.io/component-helpers v0.26.10 +# k8s.io/controller-manager => k8s.io/controller-manager v0.26.10 +# k8s.io/cri-api => k8s.io/cri-api v0.26.10 +# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.26.10 +# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.26.10 +# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.26.10 +# k8s.io/kube-proxy => k8s.io/kube-proxy v0.26.10 +# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.26.10 +# k8s.io/kubectl => k8s.io/kubectl v0.26.10 +# k8s.io/kubelet => k8s.io/kubelet v0.26.10 +# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.26.10 +# k8s.io/metrics => k8s.io/metrics v0.26.10 +# k8s.io/mount-utils => k8s.io/mount-utils v0.26.10 +# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.26.10 +# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.26.10 +# k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.26.10 +# k8s.io/sample-controller => k8s.io/sample-controller v0.26.10