chore(deps): update dependency kubernetes-asyncio to v31 #886
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==29.0.0->==31.1.0Release Notes
tomplus/kubernetes_asyncio (kubernetes-asyncio)
v31.1.0Compare Source
Breaking changes:
Websocket connect method returns an asynchronous context manager instead of a websocket (#328, @olivier-matz-6wind)
Example:
v30.3.1Compare Source
v30.3.0Compare Source
API Change
StrictCostEnforcementForVAPandStrictCostEnforcementForWebhooksto enforce the strct cost calculation for CEL extended libraries. It is strongly recommended to turn on the feature gates as early as possible. (#124676, @cici37) [SIG API Machinery, Auth, Node and Testing]For developers of out-of-tree PostFilter plugins, note that the semantics of NodeToStatusMap are changing: A node with an absent value in the NodeToStatusMap should be interpreted as having an UnschedulableAndUnresolvable status (#125306, @gabesaba) [SIG Scheduling]
v30.1.1Compare Source
v30.1.0Compare Source
API Change
Fixes a 1.30.0 regression in openapi descriptions of imagePullSecrets and hostAliases fields to mark the fields used as keys in those lists as either defaulted or required. (kubernetes/kubernetes#124553, @pmalek) [SIG API Machinery]
Fixes a 1.30.0 regression in openapi descriptions of imagePullSecrets and hostAliases fields to mark the fields used as keys in those lists as either defaulted or required. (kubernetes/kubernetes#124694, @pmalek) [SIG API Machinery]
Added (alpha) support for the
managedByfield on Jobs. Jobs with a custom value of this field - any value other thankubernetes.io/job-controller- were skipped by the job controller, and their reconciliation was delegated to an external controller, indicated by the value of the field. Jobs that didn't have this field at all, or where the field value was the reserved stringkubernetes.io/job-controller, were reconciled by the built-in job controller.(kubernetes/kubernetes#123273, @mimowo)
Added alpha-level support for the SuccessPolicy in Jobs.
(kubernetes/kubernetes#123412, @tenzen-y)
Added the
CELlibrary for IP Addresses and CIDRs. This was made available for use starting from version1.31.(kubernetes/kubernetes#121912, @JoelSpeed)
Allowed container runtimes to fix an image garbage collection bug by adding an
image_idfield to the CRI Container message.(kubernetes/kubernetes#123508, @saschagrunert)
Dynamic Resource Allocation: DRA drivers can now use "structured parameters" to let the scheduler handle claim allocation.
(kubernetes/kubernetes#123516, @pohly)
Fixed accidental enablement of the new alpha
optionalOldSelfAPI field inCustomResourceDefinitionvalidation rules, which should only have been allowed to be set when theCRDValidationRatchetingfeature gate is enabled.(kubernetes/kubernetes#122329, @jpbetz)
Implemented the
prescoreextension point for thevolumeBindingplugin. It now returns skip if it doesn't do anything in Score.(kubernetes/kubernetes#115768, @AxeZhan)
Kubelet would fail if NodeSwap was used with LimitedSwap and cgroupv1 node.
(kubernetes/kubernetes#123738, @kannon92)
Promoted
AdmissionWebhookMatchConditionsto GA. The feature is now stable, and the feature gate is now locked to default.(kubernetes/kubernetes#123560, @ivelichkovich)
Structured Authentication Configuration now supports
DiscoveryURL. If specified,discoveryURLoverrides the URL used to fetch discovery information. This is for scenarios where the well-known and jwks endpoints are hosted at a different location than the issuer (such as locally in the cluster).(kubernetes/kubernetes#123527, @aramase)
The
StorageVersionMigrationAPI, previously available as a Custom Resource Definition (CRD), is now a built-in API in Kubernetes.(kubernetes/kubernetes#123344, @nilekhc)
When configuring a JWT authenticator:
If
username.expressionused 'claims.email', then 'claims.email_verified' must have been used inusername.expressionorextra[*].valueExpressionorclaimValidationRules[*].expression. An example claim validation rule expression that matches the validation automatically applied whenusername.claimis set to 'email' is 'claims.?email_verified.orValue(true)'.(kubernetes/kubernetes#123737, @enj)
readOnlyvolumes now support recursive read-only mounts for kernel versions >= 5.12."(kubernetes/kubernetes#123180, @AkihiroSuda)
cri-api: Implemented KEP-3857: Recursive Read-only (RRO) mounts.
(kubernetes/kubernetes#123272, @AkihiroSuda)
kube-apiserver: the AuthenticationConfiguration type accepted in
--authentication-configfiles has been promoted toapiserver.config.k8s.io/v1beta1.(kubernetes/kubernetes#123696, @aramase)
kubelet allowed specifying a custom root directory for pod logs (instead of the default /var/log/pods) using the
podLogsDirkey in kubelet configuration.(kubernetes/kubernetes#112957, @mxpv)
resource.k8s.io/ResourceClaim (alpha API): The strategic merge patch strategy for the
status.reservedForarray was changed so that a strategic-merge-patch can now add individual entries. This change may break clients using strategic merge patch to update status, which rely on the previous behavior (replacing the entire array).(kubernetes/kubernetes#122276, @pohly)
Added a CBOR implementation of
runtime.Serializer. Until CBOR graduates to Alpha, API servers will refuse to start if configured with CBOR support. (kubernetes/kubernetes#122881, @benluddy)Added a alpha feature, behind the
RelaxedEnvironmentVariableValidationfeature gate.When that gate is enabled, Kubernetes allows almost all printable ASCII characters to be used in the names
of environment variables for containers in Pods. (kubernetes/kubernetes#123385, @HirazawaUi)
Added a new (alpha) field,
trafficDistribution, to the Servicespecto express preferences for traffic distribution to endpoints. Enabled through theServiceTrafficDistributionfeature gate. (kubernetes/kubernetes#123487, @gauravkghildiyal)Added audienceMatchPolicy field to AuthenticationConfiguration and support for configuring multiple audiences.
The "audienceMatchPolicy" can be empty (or unset) when a single audience is specified in the "audiences" field.
The "audienceMatchPolicy" must be set to "MatchAny" when multiple audiences are specified in the "audiences" field. (kubernetes/kubernetes#123165, @aramase)
Added consistent vanity import to files and provided tooling for verifying and updating them. (kubernetes/kubernetes#120642, @jcchavezs)
Added the
disable-force-detachCLI option forkube-controller-manager. By default, it's set tofalse. When enabled, it prevents force detaching volumes based on maximum unmount time and node status. If activated, the non-graceful node shutdown feature must be used to recover from node failure. Additionally, if a pod needs to be forcibly terminated at the risk of corruption, the appropriate VolumeAttachment object must be deleted. (kubernetes/kubernetes#120344, @rohitssingh)Added to
MutableFeatureGatethe ability to override the default setting of feature gates, to allow default-enabling a feature on a component-by-component basis instead of for all affected components simultaneously. (kubernetes/kubernetes#122647, @benluddy)Aggregated discovery supports both
v2beta1and v2 types and feature is promoted to GA. (kubernetes/kubernetes#122882, @Jefftree)Alpha support for field selectors on custom resources has been added. With the
CustomResourceFieldSelectorsfeature gate enabled, the CustomResourceDefinition API now allows specifyingselectableFields. Listing a field there enables filtering custom resources for that CustomResourceDefinition in list or watch requests. (kubernetes/kubernetes#122717, @jpbetz)AppArmor profiles can now be configured through fields on the
PodSecurityContextand containerSecurityContext. The beta AppArmor annotations are deprecated, and AppArmor status is no longer included in the node ready condition. (kubernetes/kubernetes#123435, @tallclair)Contextual logging is now in beta and enabled by default. Check out the KEP and official documentation for more details. (kubernetes/kubernetes#122589, @pohly)
Enabled concurrent log rotation in kubelet. You can now configure the maximum number of concurrent rotations with the
containerLogMaxWorkerssetting, and adjust the monitoring interval withcontainerLogMonitorInterval. (kubernetes/kubernetes#114301, @harshanarayana)Graduated pod scheduling gates to general availability.
The
PodSchedulingReadinessfeature gate no longer has any effect, and the.spec.schedulingGatesfield is always available within the Pod and PodTemplate APIs. (kubernetes/kubernetes#123575, @Huang-Wei)Graduated support for
minDomainsin pod topology spread constraints, to general availability.The
MinDomainsInPodTopologySpreadfeature gate no longer has any effect, and the field isalways available within the Pod and PodTemplate APIs. (kubernetes/kubernetes#123481, @sanposhiho)
In kubelet configuration, the
.memorySwap.swapBehaviorfield now accepts a new valueNoSwap, which becomes the default if unspecified. The previously acceptedUnlimitedSwapvalue has been dropped.(kubernetes/kubernetes#122745, @kannon92)
Kube-apiserver: the AuthorizationConfiguration type accepted in
--authorization-configfiles has been promoted toapiserver.config.k8s.io/v1beta1. (kubernetes/kubernetes#123640, @liggitt)OIDC authentication will now fail if the username asserted based on a CEL expression config is the empty string. Previously the request would be authenticated with the username set to the empty string. (kubernetes/kubernetes#123568, @enj)
Removed note that
hostAliasesare not supported on hostNetwork Pods from the PodSpec API. The feature has been supported since v1.8. (kubernetes/kubernetes#122422, @neolit123)Structured Authentication Configuration now supports configuring multiple JWT authenticators. The maximum allowed JWT authenticators in the authentication configuration is 64. (kubernetes/kubernetes#123431, @aramase)
Text logging in Kubernetes components now uses textlogger. The same split streams of info and error log entries with buffering of info entries is now also supported for text output (off by default, alpha feature). Previously, this was only supported for JSON. Performance is better also without split streams. (kubernetes/kubernetes#114672, @pohly)
The API server now detects and fails on startup if there are conflicting issuers between JWT authenticators and service account configurations. Previously, such configurations would run but could be inconsistently effective depending on the credential. (kubernetes/kubernetes#123561, @enj)
The JWT authenticator configuration set via the
--authentication-configflag is now dynamically reloaded as the file changes on disk. (kubernetes/kubernetes#123525, @enj)The
StructuredAuthenticationConfigurationfeature is now beta and enabled. (kubernetes/kubernetes#123719, @enj)The
kube_codegentool now ignores the vendor folder during code generation.(kubernetes/kubernetes#122729, @jparrill)
The kubernetes repo now uses Go workspaces. This should not impact end users at all, but does have impact for developers of downstream projects. Switching to workspaces caused some breaking changes in the flags to the various k8s.io/code-generator tools. Downstream consumers should look at staging/src/k8s.io/code-generator/kube_codegen.sh to see the changes. (kubernetes/kubernetes#123529, @thockin)
Updated an audit annotation key used by the
…/serviceaccounts/<name>/tokenresource handler.The annotation used to persist the issued credential identifier is now
authentication.kubernetes.io/issued-credential-id. (kubernetes/kubernetes#123098, @munnerz) [SIG Auth]Users are now allowed to mutate
FSGroupPolicyandPodInfoOnMountinCSIDriver.Spec. (kubernetes/kubernetes#116209, @haoruan)ValidatingAdmissionPolicy was promoted to GA and will be
enabledby default. (kubernetes/kubernetes#123405, @cici37)When scheduling a mix of pods using
ResourceClaimsand others that don't, scheduling a pod withResourceClaimshas a lower impact on scheduling latency. (kubernetes/kubernetes#121876, @pohly)When working with client-go events, it's now recommended to use
NewEventBroadcasterAdapterWithContextinstead ofNewEventBroadcasterAdapterif contextual logging support is needed. (kubernetes/kubernetes#122142, @pohly)A new (alpha) field,
trafficDistribution, has been added to the Servicespec.This field provides a way to express preferences for how traffic is distributed to the endpoints for a Service.
It can be enabled through the
ServiceTrafficDistributionfeature gate. (kubernetes/kubernetes#123487, @gauravkghildiyal) [SIG API Machinery, Apps and Network]Add alpha-level support for the SuccessPolicy in Jobs (kubernetes/kubernetes#123412, @tenzen-y) [SIG API Machinery, Apps and Testing]
Added (alpha) support for the managedBy field on Jobs. Jobs with a custom value of this field - any
value other than
kubernetes.io/job-controller- are skipped by the job controller, and theirreconciliation is delegated to an external controller, indicated by the value of the field. Jobs that
don't have this field at all, or where the field value is the reserved string
kubernetes.io/job-controller,are reconciled by the built-in job controller. (kubernetes/kubernetes#123273, @mimowo) [SIG API Machinery, Apps and Testing]
Added a alpha feature, behind the
RelaxedEnvironmentVariableValidationfeature gate.When that gate is enabled, Kubernetes allows almost all printable ASCII characters to be used in the names
of environment variables for containers in Pods. (kubernetes/kubernetes#123385, @HirazawaUi) [SIG Apps, Node and Testing]
Added alpha support for field selectors on custom resources.
Provided that the
CustomResourceFieldSelectorsfeature gate is enabled, the CustomResourceDefinitionAPI now lets you specify
selectableFields. Listing a field there allows filtering custom resources for thatCustomResourceDefinition in list or watch requests. (kubernetes/kubernetes#122717, @jpbetz) [SIG API Machinery]
Added support for configuring multiple JWT authenticators in Structured Authentication Configuration. The maximum allowed JWT authenticators in the authentication configuration is 64. (kubernetes/kubernetes#123431, @aramase) [SIG Auth and Testing]
Aggregated discovery supports both v2beta1 and v2 types and feature is promoted to GA (kubernetes/kubernetes#122882, @Jefftree) [SIG API Machinery and Testing]
Allowing container runtimes to fix an image garbage collection bug by adding an
image_idfield to the CRI Container message. (kubernetes/kubernetes#123508, @saschagrunert) [SIG Node]AppArmor profiles can now be configured through fields on the PodSecurityContext and container SecurityContext.
Conflicting issuers between JWT authenticators and service account config are now detected and fail on API server startup. Previously such a config would run but would be inconsistently effective depending on the credential. (kubernetes/kubernetes#123561, @enj) [SIG API Machinery and Auth]
Dynamic Resource Allocation: DRA drivers may now use "structured parameters" to let the scheduler handle claim allocation. (kubernetes/kubernetes#123516, @pohly) [SIG API Machinery, Apps, Auth, CLI, Cluster Lifecycle, Instrumentation, Node, Release, Scheduling, Storage and Testing]
Graduated pod scheduling gates to general availability.
The
PodSchedulingReadinessfeature gate no longer has any effect, and the.spec.schedulingGatesfield is always available within the Pod and PodTemplate APIs. (kubernetes/kubernetes#123575, @Huang-Wei) [SIG API Machinery, Apps, Node, Scheduling and Testing]Graduated support for
minDomainsin pod topology spread constraints, to general availability.The
MinDomainsInPodTopologySpreadfeature gate no longer has any effect, and the field isalways available within the Pod and PodTemplate APIs. (kubernetes/kubernetes#123481, @sanposhiho) [SIG API Machinery, Apps, Scheduling and Testing]
JWT authenticator config set via the --authentication-config flag is now dynamically reloaded as the file changes on disk. (kubernetes/kubernetes#123525, @enj) [SIG API Machinery, Auth and Testing]
Kube-apiserver: the AuthenticationConfiguration type accepted in
--authentication-configfiles has been promoted toapiserver.config.k8s.io/v1beta1. (kubernetes/kubernetes#123696, @aramase) [SIG API Machinery, Auth and Testing]Kube-apiserver: the AuthorizationConfiguration type accepted in
--authorization-configfiles has been promoted toapiserver.config.k8s.io/v1beta1. (kubernetes/kubernetes#123640, @liggitt) [SIG Auth and Testing]Kubelet should fail if NodeSwap is used with LimitedSwap and cgroupv1 node. (kubernetes/kubernetes#123738, @kannon92) [SIG API Machinery, Node and Testing]
Kubelet: a custom root directory for pod logs (instead of default /var/log/pods) can be specified using the
podLogsDirkey in kubelet configuration. (kubernetes/kubernetes#112957, @mxpv) [SIG API Machinery, Node, Scalability and Testing]
Kubelet: the
.memorySwap.swapBehaviorfield in kubelet configuration accepts a new valueNoSwapand makes this the default if unspecified; the previously acceptedUnlimitedSwapvalue has been dropped. (kubernetes/kubernetes#122745, @kannon92) [SIG API Machinery, Node and Testing]OIDC authentication will now fail if the username asserted based on a CEL expression config is the empty string. Previously the request would be authenticated with the username set to the empty string. (kubernetes/kubernetes#123568, @enj) [SIG API Machinery, Auth and Testing]
PodSpec API: remove note that hostAliases are not supported on hostNetwork Pods. The feature has been supported since v1.8. (kubernetes/kubernetes#122422, @neolit123) [SIG API Machinery and Apps]
Promote AdmissionWebhookMatchConditions to GA. The feature is now stable and the feature gate is now locked to default. (kubernetes/kubernetes#123560, @ivelichkovich) [SIG API Machinery and Testing]
Structured Authentication Configuration now supports
DiscoveryURL.discoveryURL if specified, overrides the URL used to fetch discovery information.
This is for scenarios where the well-known and jwks endpoints are hosted at a different
location than the issuer (such as locally in the cluster). (kubernetes/kubernetes#123527, @aramase) [SIG API Machinery, Auth and Testing]
Support Recursive Read-only (RRO) mounts (KEP-3857) (kubernetes/kubernetes#123180, @AkihiroSuda) [SIG API Machinery, Apps, Node and Testing]
The StructuredAuthenticationConfiguration feature is now beta and enabled by default. (kubernetes/kubernetes#123719, @enj) [SIG API Machinery and Auth]
The
StorageVersionMigrationAPI, which was previously available as a Custom Resource Definition (CRD), is now a built-in API in Kubernetes. (kubernetes/kubernetes#123344, @nilekhc) [SIG API Machinery, Apps, Auth, CLI and Testing]The kubernetes repo now uses Go workspaces. This should not impact end users at all, but does have impact for developers of downstream projects. Switching to workspaces caused some breaking changes in the flags to the various k8s.io/code-generator tools. Downstream consumers should look at staging/src/k8s.io/code-generator/kube_codegen.sh to see the changes. (kubernetes/kubernetes#123529, @thockin) [SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Storage and Testing]
ValidatingAdmissionPolicy is promoted to GA and will be enabled by default. (kubernetes/kubernetes#123405, @cici37) [SIG API Machinery, Apps, Auth and Testing]
When configuring a JWT authenticator:
If username.expression uses 'claims.email', then 'claims.email_verified' must be used in
username.expression or extra[].valueExpression or claimValidationRules[].expression.
An example claim validation rule expression that matches the validation automatically
applied when username.claim is set to 'email' is 'claims.?email_verified.orValue(true)'. (kubernetes/kubernetes#123737, @enj) [SIG API Machinery and Auth]
Added a CBOR implementation of
runtime.Serializer. Until CBOR graduates to Alpha, API servers will refuse to start if configured with CBOR support. (kubernetes/kubernetes#122881, @benluddy) [SIG API Machinery]Added audienceMatchPolicy field to AuthenticationConfiguration and support for configuring multiple audiences.
Contextual logging is now beta and enabled by default. (kubernetes/kubernetes#122589, @pohly) [SIG Instrumentation]
Cri-api: KEP-3857: Recursive Read-only (RRO) mounts (kubernetes/kubernetes#123272, @AkihiroSuda) [SIG Node]
Enabled a mechanism for concurrent log rotatation via
kubeletusing a configuration entity ofcontainerLogMaxWorkerswhich controls the maximum number of concurrent rotation that can be performed and an interval configuration ofcontainerLogMonitorIntervalthat can aid is configuring the monitoring duration to best suite your cluster's log generation standards. (kubernetes/kubernetes#114301, @harshanarayana) [SIG API Machinery, Node and Testing]Text logging in Kubernetes components now uses textlogger. The same split streams of info and error log entries with buffering of info entries is now also supported for text output (off by default, alpha feature). Previously, this was only supported for JSON. Performance is better also without split streams. (kubernetes/kubernetes#114672, @pohly) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Storage and Testing]
This change adds the following CLI option for
kube-controller-manager:disable-force-detach(defaults tofalse): Prevent force detaching volumes based on maximum unmount time and node status. If enabled, the non-graceful node shutdown feature must be used to recover from node failure (see https://kubernetes.io/blog/2023/08/16/kubernetes-1-28-non-graceful-node-shutdown-ga/). If enabled and a pod must be forcibly terminated at the risk of corruption, then the appropriate VolumeAttachment object (see here: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/volume-attachment-v1/) must be deleted. (kubernetes/kubernetes#120344, @rohitssingh) [SIG API Machinery, Apps, Storage and Testing]Updated an audit annotation key used by the
…/serviceaccounts/<name>/tokenresource handler.The annotation used to persist the issued credential identifier is now
authentication.kubernetes.io/issued-credential-id. (kubernetes/kubernetes#123098, @munnerz) [SIG Auth]Add CEL library for IP Addresses and CIDRs. This will not be available for use until 1.31. (kubernetes/kubernetes#121912, @JoelSpeed) [SIG API Machinery]
Added to MutableFeatureGate the ability to override the default setting of feature gates, to allow default-enabling a feature on a component-by-component basis instead of for all affected components simultaneously. (kubernetes/kubernetes#122647, @benluddy) [SIG API Machinery and Cluster Lifecycle]
Adds a rule on the kube_codegen tool to ignore vendor folder during the code generation. (kubernetes/kubernetes#122729, @jparrill) [SIG API Machinery and Cluster Lifecycle]
Allow users to mutate FSGroupPolicy and PodInfoOnMount in CSIDriver.Spec (kubernetes/kubernetes#116209, @haoruan) [SIG API Machinery, Storage and Testing]
Client-go events:
NewEventBroadcasterAdapterWithContextshould be used instead ofNewEventBroadcasterAdapterif the goal is to support contextual logging. (kubernetes/kubernetes#122142, @pohly) [SIG API Machinery, Instrumentation and Scheduling]Fixes accidental enablement of the new alpha
optionalOldSelfAPI field in CustomResourceDefinition validation rules, which should only be allowed to be set when the CRDValidationRatcheting feature gate is enabled. (kubernetes/kubernetes#122329, @jpbetz) [SIG API Machinery]Implement
prescoreextension point forvolumeBindingplugin. Return skip if it doesn't do anything in Score. (kubernetes/kubernetes#115768, @AxeZhan) [SIG Scheduling, Storage and Testing]Resource.k8s.io/ResourceClaim (alpha API): the strategic merge patch strategy for the
status.reservedForarray was changed such that a strategic-merge-patch can add individual entries. This breaks clients using strategic merge patch to update status which rely on the previous behavior (replacing the entire array). (kubernetes/kubernetes#122276, @pohly) [SIG API Machinery]When scheduling a mixture of pods using ResourceClaims and others which don't, scheduling a pod with ResourceClaims impacts scheduling latency less. (kubernetes/kubernetes#121876, @pohly) [SIG API Machinery, Node, Scheduling and Testing]
v29.0.1Compare Source
Configuration
📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.