upstream/kubectl
1
0
Fork 0
mirror of https://github.com/kubernetes/kubectl.git synced 2026-02-03 20:39:39 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
4028 commits 24 branches 1276 tags 85 MiB
Commit graph

4028 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kubernetes Publisher
3c2d5800e1 Merge pull request #135790 from 0x5457/fix/attach-reattach-message-missing-namespace 
Fix missing namespace flag in attach reattach message

Kubernetes-commit: c04907b02556add29458563b181d66aed6a11a51
 2026-01-30 22:38:16 +00:00
Kubernetes Publisher
50e13d0d42 Merge pull request #136643 from ardaguclu/kubectl-kuberc-beta 
Promote kubectl kuberc commands to beta

Kubernetes-commit: 22e1ea92cd9395e6ee24ed8355eb9f61299f54a4
 2026-01-30 18:40:42 +00:00
Arda Güçlü
10d2309a74 Promote kubectl kuberc commands to beta 
Kubernetes-commit: 4e47d34a0d2d7d420f2bf511a28b86da88e54213
 2026-01-30 09:23:14 +03:00
Kubernetes Publisher
53611777af Merge pull request #136534 from dmaizel/fix/nil-map-panic-maxResourceList 
fix: handle nil ResourceList in max() to prevent panic

Kubernetes-commit: 03c362c9b18784387f334605d13bf297f4659165
 2026-01-28 18:45:14 +00:00
Daniel Maizel
8ec1b93d42 fix: handle nil ResourceList in max() to prevent panic 
Kubernetes-commit: 7d5b4710bda738ec34f5bff23e02e930f09a0687
 2026-01-28 16:07:25 +02:00
kfess
3ebaf84cd8 Add missing tests for kubectl describe commands (#136461) 
* Add missing tests for kubectl describe commands

* fix linter error

Kubernetes-commit: 3a0744ce6d9b6f747b00f19eb086485d003aa075
 2026-01-28 20:07:52 +09:00
Kubernetes Publisher
17176eacef Merge pull request #136582 from yongruilin/master_kubeopenapi-format 
Bump k8s.io/kube-openapi to latest and enable numeric format validation

Kubernetes-commit: b90909e4325d5375af7deb190585a5e9885c288d
 2026-01-28 02:45:48 +00:00
yongruilin
ed4a0a062d Bump k8s.io/kube-openapi to latest 
Kubernetes-commit: 65b579a036fa3b230f9c5e22d449fe9e4790078e
 2026-01-27 21:39:39 +00:00
Kubernetes Publisher
da94a05fbb Merge pull request #136362 from dims/update-opentelemetry-v1.39.0 
Update OpenTelemetry dependencies to latest versions

Kubernetes-commit: 69eb15ee58c9cb20b90007e9b064dfb78b66a867
 2026-01-21 22:43:46 +00:00
Davanum Srinivas
e4de583378 Update OpenTelemetry dependencies to latest versions 
Core packages (opentelemetry-go):
- go.opentelemetry.io/otel: v1.38.0 → v1.39.0
- go.opentelemetry.io/otel/metric: v1.38.0 → v1.39.0
- go.opentelemetry.io/otel/trace: v1.38.0 → v1.39.0
- go.opentelemetry.io/otel/sdk: v1.38.0 → v1.39.0

Exporters:
- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.34.0 → v1.39.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.34.0 → v1.39.0

Contrib instrumentation (opentelemetry-go-contrib):
- go.opentelemetry.io/contrib/.../otelhttp: v0.61.0 → v0.64.0
- go.opentelemetry.io/contrib/.../otelrestful: v0.44.0 → v0.64.0

Protocol definitions (opentelemetry-proto-go):
- go.opentelemetry.io/proto/otlp: v1.5.0 → v1.9.0

Notable changes:
- Go 1.24 is now the minimum required version (Go 1.23 support dropped) for OTEL components
- Performance: ~4x improvement in histogram concurrent operations; xxhash
  replaces fnv for attribute hashing
- Fixed goroutine leak in span processors when context is canceled
- otelrestful migrated semantic conventions from v1.20.0 to v1.34.0
  (e.g., http.method → http.request.method)
- Partial OTLP export errors now surfaced instead of being silently dropped
- otelrestful no longer depends on json-iterator/go, modern-go/concurrent,
  or modern-go/reflect2; unwanted-dependencies.json updated accordingly

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: c40ea60b9f193fbead586f9fd6cc26f7b77312ff
 2026-01-20 17:20:21 -05:00
Kubernetes Publisher
ebb9e96a24 Merge pull request #136227 from dims/update-grpc-ecosystem-deps-jan2026 
Update gRPC ecosystem dependencies

Kubernetes-commit: 8f76dbf79bc972bfc886980aca3a5d8188f63826
 2026-01-20 18:37:57 +00:00
Kubernetes Publisher
eb067c5cd6 Merge pull request #136010 from olamilekan000/fix-k8s-losing-some-line-of-logs 
fix kubectl interactive mode losing some line of logs

Kubernetes-commit: 9ea678d860d410f7a929f6b077f6d2bf1b6ecfc9
 2026-01-19 22:32:20 +00:00
Kubernetes Publisher
d4872b694a Merge pull request #135874 from mochizuki875/make_general_profile_default 
kubectl debug: make general profile default

Kubernetes-commit: 49f5ecc02cd36fb41e28d3157c0c8a65e92404c9
 2026-01-16 22:21:57 +00:00
Kubernetes Publisher
a887594ae3 Merge pull request #135744 from ali-a-a/describe-service-app-protocol 
Add appProtocol to the service describe output

Kubernetes-commit: 9bbfe74defb5875f537b93f4dff70485b195b026
 2026-01-16 22:21:56 +00:00
Keita Mochizuki
a6e555e5b2 Update staging/src/k8s.io/kubectl/pkg/cmd/debug/debug.go 
Co-authored-by: Maciej Szulik <soltysh@gmail.com>

Kubernetes-commit: 211e77a9967f241edff1c6f0116369b2d1200455
 2026-01-16 23:45:12 +09:00
Kubernetes Publisher
4c393220d1 Merge pull request #136212 from dims/update-security-deps-jan2026-v2 
Update security and stability dependencies

Kubernetes-commit: a94970c0c5de0fa56b0ed82823850db7e0257685
 2026-01-16 14:35:09 +00:00
Davanum Srinivas
7c4f59ad76 Update gRPC ecosystem dependencies 
Update the gRPC ecosystem to pick up performance improvements,
bug fixes, and maintain compatibility with the latest protobuf
and OpenTelemetry releases.

Notable changes in grpc v1.78.0:
- mem.Reader interface changed to struct
- Legacy pick_first load balancer policy removed (pickfirstleaf)
- Improved connection state management

Updated dependencies:
- grpc-gateway/v2: v2.27.4 (2025-12-26)
- go-grpc-middleware/v2: v2.3.3 (2025-11-04)
- go-grpc-middleware/providers/prometheus: v1.1.0 (2025-06-16)
- google.golang.org/grpc: v1.78.0 (2025-12-23)
- genproto/googleapis/api: v0.0.0-20260112192933-99fd39fd28a9 (2026-01-12)
- genproto/googleapis/rpc: v0.0.0-20260112192933-99fd39fd28a9 (2026-01-12)

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: f727e938dc95ac1a95a2536e7d01220172022a71
 2026-01-14 09:18:21 -05:00
Davanum Srinivas
f3dd744682 Update security and stability dependencies 
This PR updates several dependencies addressing security vulnerabilities,
stability fixes, and authentication improvements.

- golang.org/x/crypto: v0.46.0 -> v0.47.0
  - Includes latest X509 root certificate bundle updates
  - Security hardening for cryptographic operations
  - Foundation dependency for TLS and authentication

- github.com/golang-jwt/jwt/v5: v5.2.2 -> v5.3.0
  - IMPORTANT: v5.2.2 patched vulnerability GHSA-mh63-6h87-95cp (token
    validation security issue) - this update ensures we have the fix
  - Adds multiple audience validation support for JWT tokens
  - Go 1.21 minimum requirement (code modernization)
  - Replaced legacy interface{} with modern any keyword

- golang.org/x/net: v0.48.0 -> v0.49.0
  - HTTP/2 priority scheduler improvements (RFC 9218)
  - WebSocket security enhancements
  - Network layer stability fixes

- go.uber.org/zap: v1.27.0 -> v1.27.1
  - Fix: Prevent Object from panicking on nils (PR #1501)
  - Fix: Race condition in WithLazy (PR #1511)
  - Both fixes improve logging stability in concurrent scenarios

- github.com/godbus/dbus/v5: v5.2.0 -> v5.2.2
  - Security: Disabled SHA1 authentication by default on non-Windows
    platforms (v5.2.0 change now inherited)
  - Performance: Multiple optimizations reducing memory allocations
  - Fix: Alignment issues in decoder operations
  - Fix: Allow more than 32 containers/struct fields in a signature

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 5b478645cdb3be5ed92a21d2f7b417b6328cfa6e
 2026-01-13 23:08:03 -05:00
Kubernetes Publisher
22c39ba421 Merge pull request #136143 from pohly/client-go-fake-list-and-watch-fix 
client-go testing: fix List+Watch support

Kubernetes-commit: 8392659d3c90fea03be805968b53ec7a05dea183
 2026-01-15 18:28:42 +00:00
Kubernetes Publisher
3a767404cb Merge pull request #135563 from yangjunmyfm192085/fixkubectl 
When using kubectl to delete multiple sts pods simultaneously, it gets stuck and won't exit

Kubernetes-commit: 2c677fe0345d510f48e2fe2863deaa502f73d2a6
 2026-01-15 18:28:37 +00:00
Patrick Ohly
efa6958ce8 client-go testing: start ResourceVersion at 1 for empty set 
List should never return "0", that has a special meaning in queries.

Kubernetes-commit: 3783a720e7278466859fe140d2bfbbfb054f5313
 2026-01-14 12:19:32 +01:00
Kubernetes Publisher
daa9ed2d23 Merge pull request #136162 from dims/update-security-deps-jan2026 
Update security-critical authentication and protobuf dependencies

Kubernetes-commit: c29a5d73a6fd04896033fe615c259f2949c5e94f
 2026-01-14 02:36:07 +00:00
Davanum Srinivas
6d8fe8db3e Update security-critical authentication and protobuf dependencies 
This PR updates security-critical dependencies addressing authentication
and data parsing vulnerabilities.

**Authentication Security:**
- github.com/coreos/go-oidc: v2.3.0 -> v2.5.0
  - Security fix: Now verifies token signature BEFORE validating payload
  - Prevents potential processing of tampered tokens before cryptographic
    verification

- github.com/cyphar/filepath-securejoin: v0.6.0 -> v0.6.1
  - Security fix: Fixed seccomp fallback logic - library now properly falls
    back to safer O_PATH resolver when openat2(2) is denied by seccomp-bpf
  - Fixed file descriptor leak in openat2 wrapper during RESOLVE_IN_ROOT

- cyphar.com/go-pathrs: v0.2.1 -> v0.2.2
  - Companion update to filepath-securejoin

**Protobuf Security:**
- google.golang.org/protobuf: v1.36.8 -> v1.36.11
  - Security fix: Added recursion limit check in lazy decoding validation
  - Prevents potential stack exhaustion attacks via maliciously crafted
    protobuf messages
  - Also adds support for URL chars in type URLs in text-format

These updates are critical for:
- OIDC authentication in kube-apiserver
- Container filesystem path resolution (used by container runtimes)
- Protobuf message parsing throughout the codebase

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: c825d80bbf2c82666192c329478a686fa3a1d5dc
 2026-01-11 16:50:37 -05:00
Kubernetes Publisher
fdacba02e1 Merge pull request #136161 from dims/update-golang-x-deps-jan2026 
Update golang.org/x dependencies to latest versions

Kubernetes-commit: 1c894014ebe25e0b042efa91698284f527493d90
 2026-01-13 03:15:56 +00:00
Kubernetes Publisher
b597402c65 Merge pull request #135759 from Abhigyan-Shekhar/fix-cel-race-condition 
FIX: Deep copy MapType in CEL composition to prevent data race

Kubernetes-commit: 477b99a8d880847938c141239bafdfc35eee45bb
 2026-01-12 22:22:48 +00:00
Davanum Srinivas
46548fc97c Update golang.org/x dependencies to latest versions 
updates the golang.org/x package family to newer releases:

- golang.org/x/crypto: v0.45.0 -> v0.46.0
- golang.org/x/net: v0.47.0 -> v0.48.0
- golang.org/x/sys: v0.38.0 -> v0.40.0
- golang.org/x/time: v0.9.0 -> v0.14.0
- golang.org/x/oauth2: v0.30.0 -> v0.34.0
- golang.org/x/text: v0.31.0 -> v0.33.0
- golang.org/x/term: v0.37.0 -> v0.39.0
- golang.org/x/sync: v0.18.0 -> v0.19.0
- golang.org/x/mod: v0.29.0 -> v0.32.0
- golang.org/x/tools: v0.38.0 -> v0.40.0
- golang.org/x/exp: 8a7402abbf56 -> 944ab1f22d93

Security & Stability:
- x/crypto: Updated X509 root certificate bundle
- x/net: HTTP/2 PING optimization to reduce DoS detection triggers,
  data race fix in trace RenderEvents
- x/sys: Fixed out-of-bounds memory access in sockaddrIUCVToAny
- x/time: Fixed rate limiter overflow when using very low rates that
  could cause the limiter to jam open

Performance:
- x/time: ~19% improvement in Sometimes.Do when no interval configured

Maintenance:
- Various vet diagnostic fixes for Go 1.26 compatibility
- Dependency updates across the golang.org/x ecosystem

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 0e67c56a8f26ace2889fd24e098b78e13f9bbffe
 2026-01-11 16:25:45 -05:00
Kubernetes Publisher
0d27056628 Merge pull request #136108 from pohly/ginkgo-gomega-update 
dependencies: ginkgo v2.27.4, gomega v1.39.0

Kubernetes-commit: 758ef0ffbce5cbca7a893d839dde892d79c2738f
 2026-01-09 00:35:14 +00:00
Kubernetes Publisher
8cec898302 Merge pull request #136110 from liggitt/kyaml-watch-event 
Fix kyaml output of watch events

Kubernetes-commit: 228e56eddcc7a1f458480becdcad32fbc98a8ead
 2026-01-09 00:35:12 +00:00
Jordan Liggitt
7a5dbbdd2d Fix kyaml output of watch events 
Kubernetes-commit: c280c22ea49d99921f50b19d1d45bb970ae1fa85
 2026-01-08 12:14:41 -05:00
Patrick Ohly
b104ad731d dependencies: ginkgo v2.27.4, gomega v1.39.0 
Latest release of both. The CurrentTreeConstructionNodeReport fix
is needed before being able to use it in the E2E framework.

Kubernetes-commit: f8a0c80ed81711f6add7a765d22b56d2d41ac522
 2026-01-08 16:53:03 +01:00
Kubernetes Publisher
8fe28cb66f Merge pull request #135664 from pohly/dra-upgrade-downgrade-refactor 
DRA e2e: upgrade/downgrade refactor

Kubernetes-commit: 26fd963327e4c15ab22a07bfccafdebc444d3e5a
 2026-01-08 15:34:46 +00:00
Kubernetes Publisher
515fd34812 Merge pull request #136100 from soltysh/remove_dead_api 
Remove dead api

Kubernetes-commit: c4881eae3b680ffa527e7927c5f82a641cebf2fc
 2026-01-08 15:34:44 +00:00
Kubernetes Publisher
2bec2d4946 Merge pull request #135986 from scaliby/simplify-describe-lookups 
Refactor describe to inline client calls

Kubernetes-commit: 7e8e8a71beb076ea724b890af5dec4c1e4a0601b
 2026-01-08 15:34:43 +00:00
Kubernetes Publisher
9c08159fc1 Merge pull request #135888 from scaliby/deduplicate-client-creation 
Deduplicate client creation in describe tests

Kubernetes-commit: 3fb97a0c8beb5f66d26a95e198c41295de3d31f3
 2026-01-08 15:34:41 +00:00
Maciej Szulik
9ffe258025 Drop describers for batch/v1beta1 CronJob and extensions/v1beta1 Ingress resources 
Signed-off-by: Maciej Szulik <soltysh@gmail.com>

Kubernetes-commit: cfe5cb2e0336e390f0249a2449e142cd2411428a
 2026-01-08 11:54:54 +01:00
Abhigyan Shekhar
29b2482d8e FIX: Deep copy MapType in CEL composition to prevent data race 
This commit fixes a fatal crash (concurrent map read/write) in
NewCompositedCompilerFromTemplate by:

- Refactoring CEL EnvSet composition to eliminate cloning and symbol conflicts
- Adding NewCompositedCompilerForTypeChecking for typechecking
- Removing deprecated CompositionEnv type and functions
- Adding regression test for concurrency race condition
- Using mustExtend helper function for clearer intent

Kubernetes-commit: 7bc62e74ab39048b00194b8ef6ead09c2dfb5e98
 2026-01-08 07:39:15 +05:30
Kubernetes Publisher
741a38a3fb Merge pull request #135959 from pohly/client-go-testing-list-and-watch-race 
client-go testing: support List+Watch with ResourceVersion

Kubernetes-commit: fe36b79c2ab54cd7cc10733ca50e5642e2304f86
 2026-01-07 15:36:20 +00:00
olalekan odukoya
dc1910f50a fix kubectl in interactive mode losing some line of logs 
Signed-off-by: olalekan odukoya <odukoyaonline@gmail.com>

Kubernetes-commit: f338a70f252123aa0a01cb4d53087d88295b0d41
 2026-01-03 01:38:00 +01:00
Konrad Kaim
fadd02a347 feat: simplify describe lookups 
Kubernetes-commit: 73307ba402df8b05ef43f7021dc5c4b1093f3934
 2025-12-31 08:21:32 +00:00
Patrick Ohly
e9f6aad68f client-go testing: support List+Watch with ResourceVersion 
Quite a lot of unit tests set up informers with a fake client, do
informerFactory.WaitForCacheSync, then create or modify objects. Such tests
suffered from a race: because the fake client only delivered objects to the
watch after the watch has been created, creating an object too early caused
that object to not get delivered to the informer.

Usually the timing worked out okay because WaitForCacheSync typically slept a
bit while polling, giving the Watch call time to complete, but this race has
also gone wrong occasionally. Now with WaitForCacheSync returning more promptly
without polling (work in progress), the race goes wrong more often.

Instead of working around this in unit tests it's better to improve the fake
client such that List+Watch works reliably, regardless of the timing. The fake
client has traditionally not touched ResourceVersion in stored objects and
doing so now might break unit tests, so the added support for ResourceVersion
is intentionally limited to List+Watch.

The test simulates "real" usage of informers. It runs in a synctest bubble and
completes quickly:

    go  test -v .
    === RUN   TestListAndWatch
        listandwatch_test.go:67: I0101 01:00:00.000000] Listed configMaps="&ConfigMapList{ListMeta:{ 1  <nil>},Items:[]ConfigMap{ConfigMap{ObjectMeta:{cm1  default    0 0001-01-01 00:00:00 +0000 UTC <nil> <nil> map[] map[] [] [] []},Data:map[string]string{},BinaryData:map[string][]byte{},Immutable:nil,},},}" err=null
        listandwatch_test.go:79: I0101 01:00:00.000000] Delaying Watch...
        listandwatch_test.go:90: I0101 01:00:00.100000] Caches synced
        listandwatch_test.go:107: I0101 01:00:00.100000] Created second ConfigMap
        listandwatch_test.go:81: I0101 01:00:00.100000] Continuing Watch...
    --- PASS: TestListAndWatch (0.00s)
    PASS
    ok  	k8s.io/client-go/testing/internal	0.009s

Some users of the fake client need to be updated to avoid test failures:
- ListMeta comparisons have to be updated.
- Optional: pass ListOptions into tracker.Watch. It's optional because
  the implementation behaves as before when options are missing,
  but the List+Watch race fix only works when options are passed.

Kubernetes-commit: 56448506075c3db1d16b5bbf0c581b833a4646f1
 2025-12-27 21:57:54 +01:00
Kubernetes Publisher
c67c93567c Merge pull request #135918 from MarcosDaNight/fix/kubectl-exec-panic 
kubectl: Fix panic in exec terminal size queue

Kubernetes-commit: 15673d04e30c711a7bb0f0efe6abf4baead1463b
 2025-12-24 12:52:31 +05:30
Marcos Guillermo
de9c08efa2 kubectl: Fix panic in exec terminal size queue 
Check if delegate is nil before calling Next() in terminalSizeQueueAdapter
to prevent a nil pointer dereference.

Kubernetes-commit: 5f675740442edc32f2dcbbe1453f49484440e7a8
 2025-12-23 17:37:59 -03:00
mochizuki875
4b1d211ade make general profile default 
Kubernetes-commit: 8e420e0b3ac1e6c770a265eb2e69476576a58d43
 2025-12-23 15:50:14 +00:00
Kubernetes Publisher
6f1e4558bb Merge pull request #135886 from sonikaarora/fix-typos-kubectl-comments 
Fix typos kubectl comments

Kubernetes-commit: d04610bbfb8a16b01ee1266ee9c58a9e7f202efd
 2025-12-23 15:28:27 +00:00
Kubernetes Publisher
9c4f2708d3 Merge pull request #135391 from jpbetz/smd-6_3_1 
Bump structured-merge-diff to pick up flake fix and bug fixes

Kubernetes-commit: 6f92c01979b7666f6631a556a8626e21b88d1f2a
 2025-12-23 15:28:26 +00:00
Konrad Kaim
7830ae3b5a fix: linter 
Kubernetes-commit: ef476fa19e4721917ea2c5410c24ae795c08036f
 2025-12-22 16:48:48 +00:00
Konrad Kaim
1184cca613 feat: dedupe client creation 
Kubernetes-commit: 96d47f1383d024f74481e28cc490dd9cd70e677f
 2025-12-22 16:01:20 +00:00
Sonika Arora
e3aecb126e Fix typos in kubectl package comments 
- Fix 'Prefrences' -> 'Preferences' in kuberc.go
- Fix 'formating' -> 'formatting' in humanreadable_flags.go

Kubernetes-commit: 7b6fbc9677afc703e058f9a9079805026af76745
 2025-12-21 23:17:37 -08:00
Kubernetes Publisher
cfb5f02d16 Merge pull request #135867 from dims/pin-versions-of-dbus-and-otelgrpc-to-avoid-breakage 
Pin versions of dbus and otelgrpc to avoid breakage

Kubernetes-commit: dce2e8cef737ebce3a4d13d74654c50bcb244846
 2025-12-21 03:24:34 +00:00
Davanum Srinivas
4d392309c0 updated to last known good dependencies for otelgrpc and dbus 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 60cce0abd05d31f74ece404e584f53c915a7f3d5
 2025-12-20 15:27:53 -05:00