| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: kubernetes1.30-kubelet | Distribution: openSUSE Tumbleweed |
| Version: 1.30.11 | Vendor: openSUSE |
| Release: 1.1 | Build date: Tue Mar 25 13:59:18 2025 |
| Group: System/Management | Build host: reproducible |
| Size: 114073710 | Source RPM: kubernetes1.30-1.30.11-1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://kubernetes.io/ | |
| Summary: Kubernetes kubelet daemon | |
Manage a cluster of Linux containers as a single system to accelerate Dev and simplify Ops. kubelet daemon (current version)
Apache-2.0
* Tue Mar 25 2025 Priyanka Saggu <priyanka.saggu@suse.com>
- CVE-2025-1767: GitRepo Volume Inadvertent Local Repository Access, bsc#1239643
* TL;DR: Please refer to the github issue for details on detecting and mitigating the CVE, if impacted:
https://github.com/kubernetes/kubernetes/issues/130786
* ***Important note to users and administrators****
* How do I mitigate this vulnerability?
To mitigate this vulnerability, you must use an init container to perform git clone operation and then mount the directory into the Pod's container. An example of this approach is provided here: https://gist.github.com/tallclair/849601a16cebeee581ef2be50c351841
Note: You can also restrict the use of gitRepo volumes in your cluster using policies such as ValidatingAdmissionPolicy or through Restricted pod security standard policy. You can use the following Common Expression Language (CEL) expression as part of a policy to reject use of gitRepo volumes:
`has(object.spec.volumes) || !object.spec.volumes.exists(v, has(v.gitRepo))`
* Detection:
To detect whether this vulnerability has been exploited, you can use the following command to list all pods that use the in-tree gitRepo volume and clones to a .git subdirectory.
```
kubectl get pods --all-namespaces -o json | jq '.items[] | select(.spec.volumes[].gitRepo.repository | test("^/")) | {name: .metadata.name, namespace: .metadata.namespace, repository: (.spec.volumes[] | select(.gitRepo) | .gitRepo.repository)}'
```
Please plan and consider migrating to Kubernetes v1.33 (~ Release Date: April 23, 2025).
Since starting v1.33, the impacted gitRepo volume plugin will be disabled by default.
Refer: https://github.com/kubernetes/kubernetes/pull/129923
No prior Kubernetes versions (v1.29 - v1.32), will receive any backport fixe patches for this CVE, since there isn't a fully non-code-breaking patch available.
* Wed Mar 12 2025 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.30.11:
* Update status before returning err
* Add the feature gate `OrderedNamespaceDeletion` for apiserver.
* kubeadm: fix panic when no UpgradeConfiguration was found in the config file
* proxy: should add PingPeriod for websocket translator
* Bump to build with go 1.23.6
* Honor KUBE_HACK_TOOLS_GOTOOLCHAIN
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.23.6`
* BuildRequires: golang(API) = 1.23
* ref: https://github.com/kubernetes/kubernetes/blob/v1.30.11/build/dependencies.yaml#L117-L139
* Tue Feb 18 2025 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.30.10:
* Bump images, dependencies and versions to go 1.22.12 and distroless iptables
* Kubelet server handler cleanup
* kubeadm: use the v1beta4 EtcdAPICall timeout for etcd calls
* Added check for multipath device mapper
* Fix Go vet errors for master golang
* Update pkg/controlplane/apiserver/config_test.go
* prioritize user EtcdOptions.StorageConfig.StorageObjectCountTracker
* Fix: StorageObjectCountTracker is nil, apf estimator got ObjectCountNotFoundErr
* bump cadvisor to v0.49.2 in release 1.30
* .*: fix lint errors
* hack: disable SA1006 check
* hack/tools: bump go-tools for go1.23.0
* Bump govulncheck to 1.1.2
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.12`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.30.10/build/dependencies.yaml#L117-L119
- version 1.30.10 contain fix for CVE-2025-0426, bsc#1237189
* Refer: https://github.com/kubernetes/kubernetes/issues/130016#issue-2836467448
* Thu Jan 16 2025 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.30.9:
* kubelet: use env vars in node log query PS command
* Fix kubelet on Windows fails if a pod has SecurityContext with RunAsUser.
* webhook: alter regex to account for x509sha1 GODEBUG removal
* Bump images, dependencies and versions to go 1.22.10 and distroless iptables
* Do not attempt to truncate revision history if revisionHistoryLimit is negative
* fetch cni plugins from GitHub releases
* Fix volume expansion offline
* prevent unnecessary resolving of iscsi/fc devices to dm
* kubelet: Fix the volume manager did't check the device mount state in the actual state of the world before marking the volume as detached. It may cause a pod to be stuck in the Terminating state due to the above issue when it was deleted.
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.10`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.30.9/build/dependencies.yaml#L117-L119
* Thu Dec 19 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.30.8:
* fix isLikelyNotMountPointStatx relative path issue
* Bump images, dependencies and versions to go 1.22.9 and distroless iptables
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.9`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.30.8/build/dependencies.yaml#L117-L119
* Thu Nov 28 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.30.7:
* server/config: assing system:apiserver user to system:authenticated group
* bugfix(scheduler): preemption picks wrong victim node with higher priority pod on it.
* tests for nodes with different nodeName and name
* manually revert #109877
* Mon Nov 04 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.30.6:
* bump golang to 1.22.8
* kubeadm: fix a bug where the RemoveMember function did not return the correct member list when the member to be removed did not exist
* Fix deleted UDP endpoint detection
* Fix daemonset to ensure old unhealthy pods are counted towards max unavailable budget.
* kubeadm: check the member list status before adding or removing an etcd member
* kubeadm: check whether the peer URL for the added etcd member already exists when the MemberAddAsLearner/MemberAdd fails
* bugfix: endpoints controller track resource version conrrectly
* define some default kube-apiserver flags for tests disabling unneded controllers
* Remove `socat` and `ebtables` from kubeadm preflight checks
* Add activeDeadlineSeconds to kubeadm upgrade-health-check job
* run update-vendor.sh and fix up broken go.sum(s)
* Fix verify-vendor script to check all go.mod and go.sum files
* fix memory leak from global MeterProvider
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.8`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.30.6/build/dependencies.yaml#L117-L119
* Tue Sep 24 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.30.5:
* Restart the init container to not be stuck in created state
* succeeded pod is being re-admitted
* Avoid SidecarContainers code path for non-sidecar pods
* Build etcd image of v3.5.15
* Update etcd from v3.5.14 to v3.5.15
* add missing RBAC to statefulset-controller for StatefulSetAutoDeletePVC feature
* Bump images, dependencies and versions to go 1.22.6 and distroless iptables
* Fix openapi-gen dependency.
* update coredns/corefile-migration to v1.0.24 to support coredns v1.11.3
* kubeadm: bump coredns to 1.11.3
* kube-up.sh: bump coreDNS to 1.11.3
* Add a new workqueue to endpointslice controller for updating topology cache and checking node topology distribution.
* fix a scheduler preemption issue that victim is not patched properly
* kube-proxy: initialization wait for service and endpoint handlers synced
* make PodIP.IP and HostIP.IP required.
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.6`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.30.5/build/dependencies.yaml#L117-L119
* Fri Aug 16 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.30.4:
* Updating kubelet on Windows to query uuid from registry
* Move APIServingWithRoutine to alpha and disabled by default.
* kubeadm: Add '--yes' flag to the list of allowed flags
* Terminate restartable init containers ignoring not-started containers
* Hot fix for panic on schema conversion.
* moving for easier cherry-pick
* Falls back to SPDY for gorilla/websocket https proxy error
* kubeadm: fix join bug where kubeletconfig was not patched in memory
* mount-utils: treat syscall.ENODEV as corrupted mount
* apiserver: fix watch namespace
* api: fix ValidatingAdmissionPolicyList json tag
* Fix that PodIP field is not set for terminal pod
* Use omitempty for optional fields in Job Pod Failure Policy
* Fixed metrics missing issue for metrics reference page
* kubeadm: fix a bug in v1beta3.JoinConfiguration.Discovery.Timeout
* Respect controllers on PVCs for retention policy
* Tue Aug 06 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.30.3:
* Add funcs in pkg/filesystem/util that can actually set file permissiosn on Windows and update container log dir perms to 660 on Windows
* Fix pv reclaim failed due to its phase is wrongly updated to the Failed state by kcm
* Mark a test case which sets up a sample-apiserver as serial due to potential conflicts with other test cases which do the same.
* defaultMaskedPaths must be kept in sync with moby/moby.
* gitRepo volume: directory must be max 1 level deep
* Bump images, dependencies and versions to go 1.22.5 and distroless iptables
* Fix endpoints status out-of-sync when the pod state changes rapidly
* fix: skip isPodWorthRequeuing only when SchedulingGates gates the pod
* Clean up the featureGates during the matchSuccessPolicy unit tests
* Initialize terminating field in the Job controller unit tests
* Job: Fix a bug that the SuccessCriteriaMet condition is added to the Job with successPolicy even if the JobSuccessPolicy featureGate is disabled
- Update .spec file to bump go version build requirements:
* `BuildRequires: go >= 1.22.5`
* ref: https://github.com/kubernetes/kubernetes/blob/v1.30.3/build/dependencies.yaml#L117-L119
* Wed Jun 26 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.30.2:
* Bump images, dependencies and versions to go 1.22.4 and distroless iptables/setcap/debian-base
* update driver installer
* Don't fill in NodeToStatusMap with UnschedulableAndUnresolvable
* Revert "scheduler: preallocation for NodeToStatusMap"
* kubeadm: use the actual configured kubelet healthz address:port
* kubectl create cronjobs: Manually set OwnerReferences
* add an integration test when nodeAffinity specifies a non-existent node.
* base on allNodes when calculating nextStartNodeIndex
* Fix printPod panic with spurious container statuses
* Adding the feature gates to fix cost for VAP and webhook matchConditions.
* cherry pick #124618 to 1.30
* fix requests tracker concurrency
* fix conflict race in statefulset rest update
* fix stateful set pod recreation and event spam
* fix pods tracking and internal error checking in statefulset tests
* Updated & added visibility to apiserver x509 test certificates expiring this year
* Fri May 17 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 1.30.1:
* Clean up PersistentVolumeLabel admission plugin
* scheduler: preallocation for NodeToStatusMap
* tag service.spec.TrafficDistribution field as alpha
* tag TrafficDistribution tests to avoid running on clusters without the feature enabled
* fix(api): make LocalObjectReference.Name and HostAlias.IP required (#124553)
* kubeadm: check for available nodes during 'CreateJob' preflight
* Idempotent transformers in scheduler & kcm
* kubeadm: fix bug of kubeletconfig not being downloaded on upgrade
* e2e framework: configure Ginkgo logger and klog consistently
* e2e node: fix -v support
* Update applyconfig-gen for pacakges where group and dir differ in name
* kube_codegen: expose applyconfig-openapi-schema flag for client generation
* Fri Apr 19 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- For linux/s390x platform: disabled building kubernetes binaries with `-buildmode=pie`
* `-buildmode=pie` with "internal linking" is not yet supported on linux/s390x platform
* ref: https://github.com/golang/go/blob/a63907808d14679c723e566cb83acc76fc8cafc2/src/internal/platform/supported.go#L223-L232
* ref: https://github.com/golang/go/issues/64875#issuecomment-1870734528
* Thu Apr 18 2024 Priyanka Saggu <priyanka.saggu@suse.com>
- initial package for Kubernetes v1.30.0
* Full changelog - https://github.com/kubernetes/kubernetes/blob/v1.30.0/CHANGELOG/CHANGELOG-1.30.md
/usr/bin/kubelet1.30 /usr/share/licenses/kubernetes1.30-kubelet /usr/share/licenses/kubernetes1.30-kubelet/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Mar 30 23:32:47 2025