Merge https://github.com/kubernetes-sigs/cluster-api:v1.13.2 (ebd807c) into master#288
Open
cloud-team-rebase-bot[bot] wants to merge 622 commits into
Open
Merge https://github.com/kubernetes-sigs/cluster-api:v1.13.2 (ebd807c) into master#288cloud-team-rebase-bot[bot] wants to merge 622 commits into
cloud-team-rebase-bot[bot] wants to merge 622 commits into
Conversation
…bot/github_actions/all-github-actions-2c6e677ddc 🌱 Bump actions/setup-go from 6.2.0 to 6.3.0 in the all-github-actions group
…bot/go_modules/all-go-mod-patch-and-minor-2fc94a814f 🌱 Bump the all-go-mod-patch-and-minor group across 3 directories with 8 updates
…es-status-addresses-even-further 🌱 api: relax validation for Machine .status.addresses to maximum of 256 instead of 128 items
* Postpone date when we stop serving v1beta1 * Address comments
Signed-off-by: Stefan Büringer buringerst@vmware.com
* Add rolloutAfter to cluster.spec.topology * Address comments
…eout-unset 🌱 Avoid unsetting nodeDeletionTimeoutSeconds during Machine deletion
apiserver Signed-off-by: Stefan Büringer buringerst@vmware.com
Signed-off-by: Stefan Büringer buringerst@vmware.com
…per-no-up-safeguard 🌱 Add safeguard to patchHelper to avoid sending empty patches to the apiserver
…utafter-uptodate 🐛 Fix UpToDate calculation for rolloutAfter
…dget factor for cluster and clusterclass
- Stop streaming when pod or container has terminated, but ensure we stream the logs at least once. - Add containerHasTerminated helper with tests. The current behavior is to try again every 2 seconds for terminated containers. This becomes silly for init containers particularly, since we fetch the logs from the beginning for each retry so that we end up with logs repeated again and again. Signed-off-by: Lennart Jern <lennart.jern@est.tech>
Signed-off-by: Stefan Büringer buringerst@vmware.com
Signed-off-by: Stefan Büringer buringerst@vmware.com
…helper-flake 🐛 Fix patchHelper unit test flakes
Signed-off-by: Stefan Büringer buringerst@vmware.com
…he-optimization ✨ Optimize cache configuration of CABPK & standardize cache/client setup
… 1 update Bumps the all-go-mod-patch-and-minor group with 1 update in the / directory: [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime). Bumps the all-go-mod-patch-and-minor group with 1 update in the /hack/tools directory: [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime). Bumps the all-go-mod-patch-and-minor group with 1 update in the /test directory: [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime). Updates `sigs.k8s.io/controller-runtime` from 0.23.1 to 0.23.3 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.23.1...v0.23.3) Updates `sigs.k8s.io/controller-runtime` from 0.23.1 to 0.23.3 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.23.1...v0.23.3) Updates `sigs.k8s.io/controller-runtime` from 0.23.1 to 0.23.3 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.23.1...v0.23.3) Updates `sigs.k8s.io/controller-runtime` from 0.23.1 to 0.23.3 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.23.1...v0.23.3) Updates `sigs.k8s.io/controller-runtime` from 0.23.1 to 0.23.3 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.23.1...v0.23.3) Updates `sigs.k8s.io/controller-runtime` from 0.23.1 to 0.23.3 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.23.1...v0.23.3) Updates `sigs.k8s.io/controller-runtime` from 0.23.1 to 0.23.3 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.23.1...v0.23.3) Updates `sigs.k8s.io/controller-runtime` from 0.23.1 to 0.23.3 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.23.1...v0.23.3) Updates `sigs.k8s.io/controller-runtime` from 0.23.1 to 0.23.3 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.23.1...v0.23.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.23.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-mod-patch-and-minor - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.23.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-mod-patch-and-minor - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.23.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-mod-patch-and-minor - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.23.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-mod-patch-and-minor - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.23.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-mod-patch-and-minor - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.23.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-mod-patch-and-minor - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.23.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-mod-patch-and-minor - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.23.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-mod-patch-and-minor - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.23.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-mod-patch-and-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…bot/go_modules/all-go-mod-patch-and-minor-f488d51061 🌱 Bump the all-go-mod-patch-and-minor group across 3 directories with 1 update
I should've just read the CAEP better, but this confounded me for a good few hours. Clarify that ClusterResourceSet is namespace-scoped and requires resources and clusters to be in the same namespace.
…bot/cherry-pick-13685-to-release-1.13 [release-1.13] 🌱 KCP cleanup etcd members not started after a machine is remediated
cloud-team-rebase-bot
Bot
changed the title
cloud-team-bot
Bot
force-pushed
the
rebase-bot-master
branch
from
e801fc2 to
fcbd711
Compare
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@Makefile`:
- Around line 180-183: The GOVULNCHECK target uses a versionless path so Make
doesn't rebuild when GOVULNCHECK_VER changes; change the GOVULNCHECK variable
and the build recipe to produce a versioned binary (e.g., include
$(GOVULNCHECK_VER) in the filename or directory) and make the $(GOVULNCHECK)
file target depend on GOVULNCHECK_VER (or use the versioned filename as the
target), then update any references (including verify-govulncheck) to point to
the new versioned path so bumps to GOVULNCHECK_VER force a rebuild of the
scanner.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 85cf6e0d-b412-4872-ae5b-28e44ac43f5b
⛔ Files ignored due to path filters (29)
api/bootstrap/kubeadm/v1beta1/zz_generated.conversion.gois excluded by!**/zz_generated*api/bootstrap/kubeadm/v1beta1/zz_generated.deepcopy.gois excluded by!**/zz_generated*api/bootstrap/kubeadm/v1beta2/zz_generated.deepcopy.gois excluded by!**/zz_generated*api/controlplane/kubeadm/v1beta1/zz_generated.conversion.gois excluded by!**/zz_generated*api/controlplane/kubeadm/v1beta1/zz_generated.deepcopy.gois excluded by!**/zz_generated*api/controlplane/kubeadm/v1beta2/zz_generated.deepcopy.gois excluded by!**/zz_generated*api/core/v1beta1/zz_generated.conversion.gois excluded by!**/zz_generated*api/core/v1beta1/zz_generated.deepcopy.gois excluded by!**/zz_generated*api/core/v1beta1/zz_generated.openapi.gois excluded by!**/zz_generated*api/core/v1beta2/zz_generated.deepcopy.gois excluded by!**/zz_generated*api/core/v1beta2/zz_generated.openapi.gois excluded by!**/zz_generated*api/runtime/hooks/v1alpha1/zz_generated.deepcopy.gois excluded by!**/zz_generated*api/runtime/hooks/v1alpha1/zz_generated.openapi.gois excluded by!**/zz_generated*docs/book/src/images/clusterclass-crd-relationships.svgis excluded by!**/*.svgdocs/book/src/images/kubeadm-control-plane-machines-resources.pngis excluded by!**/*.pngdocs/book/src/images/worker-machines-resources.pngis excluded by!**/*.pnggo.sumis excluded by!**/*.sumhack/tools/go.sumis excluded by!**/*.sumhack/tools/vendor/cloud.google.com/go/auth/CHANGES.mdis excluded by!**/vendor/**hack/tools/vendor/cloud.google.com/go/auth/credentials/detect.gois excluded by!**/vendor/**hack/tools/vendor/cloud.google.com/go/auth/credentials/filetypes.gois excluded by!**/vendor/**hack/tools/vendor/cloud.google.com/go/auth/credentials/internal/gdch/gdch.gois excluded by!**/vendor/**hack/tools/vendor/cloud.google.com/go/auth/grpctransport/grpctransport.gois excluded by!**/vendor/**hack/tools/vendor/cloud.google.com/go/auth/httptransport/httptransport.gois excluded by!**/vendor/**hack/tools/vendor/cloud.google.com/go/auth/httptransport/transport.gois excluded by!**/vendor/**hack/tools/vendor/cloud.google.com/go/auth/internal/credsfile/credsfile.gois excluded by!**/vendor/**hack/tools/vendor/cloud.google.com/go/auth/internal/credsfile/filetype.gois excluded by!**/vendor/**hack/tools/vendor/cloud.google.com/go/auth/internal/credsfile/parse.gois excluded by!**/vendor/**hack/tools/vendor/cloud.google.com/go/auth/internal/internal.gois excluded by!**/vendor/**
📒 Files selected for processing (271)
.dockerignore.github/workflows/pr-gh-workflow-approve.yaml.github/workflows/pr-md-link-check.yaml.github/workflows/release.yaml.github/workflows/weekly-md-link-check.yaml.github/workflows/weekly-security-scan.yaml.github/workflows/weekly-test-release.yaml.golangci-kal.yml.golangci.yml.trivyignoreCHANGELOG/v1.10.10.mdCHANGELOG/v1.10.9.mdCHANGELOG/v1.11.4.mdCHANGELOG/v1.11.5.mdCHANGELOG/v1.11.6.mdCHANGELOG/v1.11.7.mdCHANGELOG/v1.12.0-rc.1.mdCHANGELOG/v1.12.0.mdCHANGELOG/v1.12.1.mdCHANGELOG/v1.12.2.mdCHANGELOG/v1.12.3.mdCHANGELOG/v1.12.4.mdCHANGELOG/v1.13.0-beta.0.mdCHANGELOG/v1.13.0-beta.1.mdCHANGELOG/v1.13.0-rc.0.mdCONTRIBUTING.mdDockerfileMakefileTiltfileapi/bootstrap/kubeadm/v1beta1/conversion.goapi/bootstrap/kubeadm/v1beta1/kubeadm_types.goapi/bootstrap/kubeadm/v1beta1/kubeadmconfig_types.goapi/bootstrap/kubeadm/v1beta2/kubeadmconfig_types.goapi/controlplane/kubeadm/v1beta1/conversion.goapi/controlplane/kubeadm/v1beta1/kubeadm_control_plane_types.goapi/controlplane/kubeadm/v1beta1/kubeadmcontrolplanetemplate_types.goapi/controlplane/kubeadm/v1beta2/kubeadm_control_plane_types.goapi/controlplane/kubeadm/v1beta2/kubeadmcontrolplanetemplate_types.goapi/core/v1beta1/cluster_types.goapi/core/v1beta1/clusterclass_types.goapi/core/v1beta1/common_types.goapi/core/v1beta1/conversion.goapi/core/v1beta1/conversion_test.goapi/core/v1beta1/machine_types.goapi/core/v1beta1/machinehealthcheck_types.goapi/core/v1beta2/cluster_types.goapi/core/v1beta2/clusterclass_types.goapi/core/v1beta2/common_types.goapi/core/v1beta2/condition_types.goapi/core/v1beta2/machine_types.goapi/ipam/v1alpha1/conversion.goapi/runtime/hooks/v1alpha1/common_types.goapi/runtime/hooks/v1alpha1/lifecyclehooks_types.goapi/runtime/hooks/v1alpha1/topologymutation_types.goapi/runtime/hooks/v1alpha1/topologymutation_variable_types.gobootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigs.yamlbootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigtemplates.yamlbootstrap/kubeadm/config/crd/patches/webhook_in_kubeadmconfigs.yamlbootstrap/kubeadm/config/crd/patches/webhook_in_kubeadmconfigtemplates.yamlbootstrap/kubeadm/config/manager/manager.yamlbootstrap/kubeadm/config/webhook/manifests.yamlbootstrap/kubeadm/internal/cloudinit/cloudinit_test.gobootstrap/kubeadm/internal/cloudinit/disk_setup.gobootstrap/kubeadm/internal/cloudinit/utils.gobootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.gobootstrap/kubeadm/internal/controllers/suite_test.gobootstrap/kubeadm/internal/locking/control_plane_init_mutex.gobootstrap/kubeadm/internal/setup/setup.gobootstrap/kubeadm/internal/webhooks/kubeadmconfig.gobootstrap/kubeadm/internal/webhooks/kubeadmconfig_test.gobootstrap/kubeadm/internal/webhooks/kubeadmconfigtemplate.gobootstrap/kubeadm/internal/webhooks/kubeadmconfigtemplate_test.gobootstrap/kubeadm/main.gobootstrap/util/configowner_test.gobootstrap/util/suite_test.gocmd/clusterctl/Dockerfilecmd/clusterctl/client/cluster/cert_manager.gocmd/clusterctl/client/cluster/cert_manager_test.gocmd/clusterctl/client/cluster/mover.gocmd/clusterctl/client/cluster/template.gocmd/clusterctl/client/cluster/template_test.gocmd/clusterctl/client/cluster/upgrader.gocmd/clusterctl/client/cluster/upgrader_test.gocmd/clusterctl/client/config/imagemeta_client.gocmd/clusterctl/client/config/imagemeta_client_test.gocmd/clusterctl/client/config/providers_client.gocmd/clusterctl/client/config_test.gocmd/clusterctl/client/repository/repository_github.gocmd/clusterctl/client/repository/repository_github_test.gocmd/clusterctl/client/upgrade.gocmd/clusterctl/cmd/config_repositories_test.gocmd/clusterctl/cmd/describe_cluster.gocmd/clusterctl/cmd/upgrade_apply.gocmd/clusterctl/cmd/version_checker.gocmd/clusterctl/config/crd/bases/clusterctl.cluster.x-k8s.io_metadata.yamlcmd/clusterctl/config/crd/bases/clusterctl.cluster.x-k8s.io_providers.yamlcmd/clusterctl/config/manifest/clusterctl-api.yamlcmd/clusterctl/hack/create-local-repository.pycmd/clusterctl/internal/test/fake_github.gocmd/clusterctl/internal/test/fake_reader.goconfig/crd/bases/addons.cluster.x-k8s.io_clusterresourcesetbindings.yamlconfig/crd/bases/addons.cluster.x-k8s.io_clusterresourcesets.yamlconfig/crd/bases/cluster.x-k8s.io_clusterclasses.yamlconfig/crd/bases/cluster.x-k8s.io_clusters.yamlconfig/crd/bases/cluster.x-k8s.io_machinedeployments.yamlconfig/crd/bases/cluster.x-k8s.io_machinedrainrules.yamlconfig/crd/bases/cluster.x-k8s.io_machinehealthchecks.yamlconfig/crd/bases/cluster.x-k8s.io_machinepools.yamlconfig/crd/bases/cluster.x-k8s.io_machines.yamlconfig/crd/bases/cluster.x-k8s.io_machinesets.yamlconfig/crd/bases/ipam.cluster.x-k8s.io_ipaddressclaims.yamlconfig/crd/bases/ipam.cluster.x-k8s.io_ipaddresses.yamlconfig/crd/bases/runtime.cluster.x-k8s.io_extensionconfigs.yamlconfig/crd/patches/webhook_in_clusterclasses.yamlconfig/crd/patches/webhook_in_clusterresourcesetbindings.yamlconfig/crd/patches/webhook_in_clusterresourcesets.yamlconfig/crd/patches/webhook_in_clusters.yamlconfig/crd/patches/webhook_in_extensionconfigs.yamlconfig/crd/patches/webhook_in_ipaddressclaims.yamlconfig/crd/patches/webhook_in_ipaddresses.yamlconfig/crd/patches/webhook_in_machinedeployments.yamlconfig/crd/patches/webhook_in_machinedrainrules.yamlconfig/crd/patches/webhook_in_machinehealthchecks.yamlconfig/crd/patches/webhook_in_machinepools.yamlconfig/crd/patches/webhook_in_machines.yamlconfig/crd/patches/webhook_in_machinesets.yamlconfig/manager/manager.yamlconfig/metrics/crd-metrics-config.yamlconfig/webhook/manifests.yamlcontrollers/clustercache/cluster_accessor.gocontrollers/clustercache/cluster_accessor_client.gocontrollers/clustercache/cluster_accessor_test.gocontrollers/clustercache/cluster_cache.gocontrollers/clustercache/cluster_cache_test.gocontrollers/crdmigrator/crd_migrator.gocontrollers/crdmigrator/test/t1/crd/test.cluster.x-k8s.io_testclusters.yamlcontrollers/crdmigrator/test/t2/crd/test.cluster.x-k8s.io_testclusters.yamlcontrollers/crdmigrator/test/t3/crd/test.cluster.x-k8s.io_testclusters.yamlcontrollers/crdmigrator/test/t4/crd/test.cluster.x-k8s.io_testclusters.yamlcontrolplane/kubeadm/config/crd/bases/controlplane.cluster.x-k8s.io_kubeadmcontrolplanes.yamlcontrolplane/kubeadm/config/crd/bases/controlplane.cluster.x-k8s.io_kubeadmcontrolplanetemplates.yamlcontrolplane/kubeadm/config/crd/patches/webhook_in_kubeadmcontrolplanes.yamlcontrolplane/kubeadm/config/crd/patches/webhook_in_kubeadmcontrolplanetemplates.yamlcontrolplane/kubeadm/config/manager/manager.yamlcontrolplane/kubeadm/config/webhook/manifests.yamlcontrolplane/kubeadm/internal/cluster.gocontrolplane/kubeadm/internal/cluster_test.gocontrolplane/kubeadm/internal/clustercache_utils.gocontrolplane/kubeadm/internal/control_plane.gocontrolplane/kubeadm/internal/control_plane_test.gocontrolplane/kubeadm/internal/controllers/controller.gocontrolplane/kubeadm/internal/controllers/controller_test.gocontrolplane/kubeadm/internal/controllers/fakes_test.gocontrolplane/kubeadm/internal/controllers/helpers.gocontrolplane/kubeadm/internal/controllers/inplace.gocontrolplane/kubeadm/internal/controllers/inplace_canupdatemachine.gocontrolplane/kubeadm/internal/controllers/inplace_canupdatemachine_test.gocontrolplane/kubeadm/internal/controllers/inplace_trigger.gocontrolplane/kubeadm/internal/controllers/remediation.gocontrolplane/kubeadm/internal/controllers/remediation_test.gocontrolplane/kubeadm/internal/controllers/scale.gocontrolplane/kubeadm/internal/controllers/scale_test.gocontrolplane/kubeadm/internal/controllers/status.gocontrolplane/kubeadm/internal/controllers/status_test.gocontrolplane/kubeadm/internal/controllers/suite_test.gocontrolplane/kubeadm/internal/controllers/update.gocontrolplane/kubeadm/internal/controllers/update_test.gocontrolplane/kubeadm/internal/desiredstate/desired_state.gocontrolplane/kubeadm/internal/desiredstate/desired_state_test.gocontrolplane/kubeadm/internal/etcd/etcd_test.gocontrolplane/kubeadm/internal/etcd/fake/client.gocontrolplane/kubeadm/internal/setup/setup.gocontrolplane/kubeadm/internal/suite_test.gocontrolplane/kubeadm/internal/webhooks/kubeadmcontrolplane.gocontrolplane/kubeadm/internal/webhooks/kubeadmcontrolplane_test.gocontrolplane/kubeadm/internal/webhooks/kubeadmcontrolplanetemplate.gocontrolplane/kubeadm/internal/webhooks/scale.gocontrolplane/kubeadm/internal/workload_cluster.gocontrolplane/kubeadm/internal/workload_cluster_conditions.gocontrolplane/kubeadm/internal/workload_cluster_conditions_test.gocontrolplane/kubeadm/internal/workload_cluster_coredns.gocontrolplane/kubeadm/internal/workload_cluster_etcd.gocontrolplane/kubeadm/internal/workload_cluster_etcd_test.gocontrolplane/kubeadm/internal/workload_cluster_rbac.gocontrolplane/kubeadm/internal/workload_cluster_rbac_test.gocontrolplane/kubeadm/internal/workload_cluster_test.gocontrolplane/kubeadm/main.godocs/book/src/SUMMARY.mddocs/book/src/clusterctl/configuration.mddocs/book/src/developer/core/logging.mddocs/book/src/developer/core/tilt.mddocs/book/src/developer/providers/contracts/bootstrap-config.mddocs/book/src/developer/providers/contracts/clusterctl.mddocs/book/src/developer/providers/contracts/control-plane.mddocs/book/src/developer/providers/contracts/infra-cluster.mddocs/book/src/developer/providers/contracts/infra-machine.mddocs/book/src/developer/providers/contracts/infra-machinepool.mddocs/book/src/developer/providers/getting-started/webhooks.mddocs/book/src/developer/providers/migrations/v1.10-to-v1.11.mddocs/book/src/developer/providers/migrations/v1.12-to-v1.13.mddocs/book/src/developer/providers/migrations/v1.9-to-v1.10.mddocs/book/src/images/kubeadm-control-plane-machines-resources.plantumldocs/book/src/images/worker-machines-resources.plantumldocs/book/src/introduction.mddocs/book/src/reference/api/crd-api-reference-v1beta1.mddocs/book/src/reference/api/crd-api-reference.mddocs/book/src/reference/api/crd-relationships.mddocs/book/src/reference/api/reference.mddocs/book/src/reference/versions.mddocs/book/src/tasks/automated-machine-management/healthchecking.mddocs/book/src/tasks/automated-machine-management/scaling.mddocs/book/src/tasks/cluster-resource-set.mddocs/book/src/tasks/diagnostics.mddocs/book/src/tasks/experimental-features/cluster-class/write-clusterclass.mddocs/book/src/tasks/experimental-features/experimental-features.mddocs/book/src/tasks/experimental-features/machine-pools.mddocs/book/src/tasks/experimental-features/runtime-sdk/implement-extensions.mddocs/book/src/tasks/experimental-features/runtime-sdk/index.mddocs/book/src/tasks/external-etcd.mddocs/book/src/tasks/using-kustomize.mddocs/book/src/user/quick-start.mddocs/proposals/20200506-conditions.mddocs/proposals/20210310-opt-in-autoscaling-from-zero.mddocs/proposals/20220330-topology-mutation-hook.mddocs/proposals/20240916-improve-status-in-CAPI-resources.mddocs/proposals/20250124-From CAPD(docker) to CAPD(dev) .mddocs/release/releases/release-1.13.mddocs/release/role-handbooks/ci-signal/README.mddocs/release/role-handbooks/release-lead/README.mdexp/topology/desiredstate/desired_state.goexp/topology/desiredstate/desired_state_test.goexp/topology/desiredstate/lifecycle_hooks.goexp/topology/desiredstate/lifecycle_hooks_test.goexp/topology/desiredstate/upgrade_plan.goexp/topology/desiredstate/upgrade_plan_test.gofeature/feature.gogo.modhack/crd-ref-docs-config-v1beta1.yamlhack/crd-ref-docs-config-v1beta2.yamlhack/ensure-go.shhack/gogcflags.shhack/kind-install.shhack/observability/alloy/kustomization.yamlhack/observability/grafana/chart/kustomization.yamlhack/observability/grafana/dashboards/cluster-api-mgmt-apiserver-requests.jsonhack/observability/grafana/dashboards/cluster-api-performance.jsonhack/observability/grafana/dashboards/cluster-api-state.jsonhack/observability/grafana/dashboards/cluster-api-wl-apiserver-requests.jsonhack/observability/grafana/dashboards/controller-runtime.jsonhack/observability/grafana/dashboards/runtime-extensions.jsonhack/observability/kube-state-metrics/crd-sidecar-patch.yamlhack/observability/kube-state-metrics/kustomization.yamlhack/observability/loki/kustomization.yamlhack/observability/loki/values.yamlhack/observability/metrics-server/kustomization.yamlhack/observability/parca/values.yamlhack/observability/prometheus/kustomization.yamlhack/observability/prometheus/values.yamlhack/observability/tempo/kustomization.yamlhack/observability/visualizer/kustomization.yamlhack/tools/go.modhack/tools/govulncheck/.gitignorehack/tools/govulncheck/govulncheck.patchhack/tools/internal/tilt-prepare/main.gohack/tools/prowjob-gen/config.gohack/tools/prowjob-gen/test/test-configuration.yamlhack/tools/prowjob-gen/test/test-main.yaml.goldenhack/tools/prowjob-gen/test/test.yaml.tplhack/tools/release/internal/update_providers/provider_issues.gohack/tools/release/weekly/main.gohack/tools/runtime-openapi-gen/main.go
💤 Files with no reviewable changes (7)
- .github/workflows/pr-gh-workflow-approve.yaml
- bootstrap/util/suite_test.go
- .trivyignore
- controllers/clustercache/cluster_accessor_test.go
- config/webhook/manifests.yaml
- cmd/clusterctl/client/cluster/upgrader_test.go
- bootstrap/kubeadm/config/webhook/manifests.yaml
✅ Files skipped from review due to trivial changes (34)
- .github/workflows/pr-md-link-check.yaml
- bootstrap/kubeadm/config/crd/patches/webhook_in_kubeadmconfigs.yaml
- config/crd/bases/ipam.cluster.x-k8s.io_ipaddresses.yaml
- controllers/crdmigrator/test/t2/crd/test.cluster.x-k8s.io_testclusters.yaml
- config/crd/patches/webhook_in_machinedeployments.yaml
- CONTRIBUTING.md
- config/crd/patches/webhook_in_machinepools.yaml
- config/crd/patches/webhook_in_machinesets.yaml
- controllers/crdmigrator/test/t4/crd/test.cluster.x-k8s.io_testclusters.yaml
- CHANGELOG/v1.11.6.md
- .dockerignore
- config/crd/patches/webhook_in_ipaddresses.yaml
- bootstrap/kubeadm/internal/webhooks/kubeadmconfigtemplate_test.go
- cmd/clusterctl/config/crd/bases/clusterctl.cluster.x-k8s.io_providers.yaml
- controllers/crdmigrator/test/t1/crd/test.cluster.x-k8s.io_testclusters.yaml
- cmd/clusterctl/client/config/providers_client.go
- cmd/clusterctl/client/repository/repository_github_test.go
- CHANGELOG/v1.11.4.md
- config/crd/bases/ipam.cluster.x-k8s.io_ipaddressclaims.yaml
- api/core/v1beta2/condition_types.go
- CHANGELOG/v1.12.3.md
- config/crd/bases/cluster.x-k8s.io_machinedrainrules.yaml
- CHANGELOG/v1.10.9.md
- cmd/clusterctl/config/crd/bases/clusterctl.cluster.x-k8s.io_metadata.yaml
- cmd/clusterctl/cmd/config_repositories_test.go
- cmd/clusterctl/client/cluster/template_test.go
- CHANGELOG/v1.12.1.md
- .github/workflows/weekly-test-release.yaml
- CHANGELOG/v1.12.2.md
- cmd/clusterctl/hack/create-local-repository.py
- bootstrap/kubeadm/internal/locking/control_plane_init_mutex.go
- controllers/crdmigrator/test/t3/crd/test.cluster.x-k8s.io_testclusters.yaml
- CHANGELOG/v1.11.7.md
- CHANGELOG/v1.12.4.md
🚧 Files skipped from review as they are similar to previous changes (79)
- cmd/clusterctl/client/config_test.go
- bootstrap/kubeadm/config/crd/patches/webhook_in_kubeadmconfigtemplates.yaml
- CHANGELOG/v1.10.10.md
- CHANGELOG/v1.11.5.md
- cmd/clusterctl/client/cluster/cert_manager_test.go
- config/crd/patches/webhook_in_clusterclasses.yaml
- config/crd/patches/webhook_in_machinedrainrules.yaml
- config/crd/patches/webhook_in_ipaddressclaims.yaml
- config/crd/patches/webhook_in_machines.yaml
- bootstrap/kubeadm/config/manager/manager.yaml
- api/ipam/v1alpha1/conversion.go
- config/crd/patches/webhook_in_extensionconfigs.yaml
- bootstrap/kubeadm/internal/cloudinit/utils.go
- Dockerfile
- api/core/v1beta1/machinehealthcheck_types.go
- bootstrap/kubeadm/internal/cloudinit/disk_setup.go
- cmd/clusterctl/cmd/version_checker.go
- controllers/clustercache/cluster_cache_test.go
- api/core/v1beta2/common_types.go
- cmd/clusterctl/client/repository/repository_github.go
- controllers/crdmigrator/crd_migrator.go
- config/crd/patches/webhook_in_clusterresourcesets.yaml
- api/controlplane/kubeadm/v1beta1/kubeadmcontrolplanetemplate_types.go
- cmd/clusterctl/internal/test/fake_reader.go
- bootstrap/kubeadm/internal/webhooks/kubeadmconfig_test.go
- cmd/clusterctl/cmd/describe_cluster.go
- config/crd/patches/webhook_in_clusterresourcesetbindings.yaml
- api/core/v1beta2/clusterclass_types.go
- api/controlplane/kubeadm/v1beta1/kubeadm_control_plane_types.go
- cmd/clusterctl/client/upgrade.go
- api/controlplane/kubeadm/v1beta2/kubeadmcontrolplanetemplate_types.go
- api/core/v1beta2/machine_types.go
- config/crd/patches/webhook_in_clusters.yaml
- .golangci-kal.yml
- api/core/v1beta1/common_types.go
- bootstrap/kubeadm/internal/cloudinit/cloudinit_test.go
- api/bootstrap/kubeadm/v1beta1/kubeadmconfig_types.go
- config/metrics/crd-metrics-config.yaml
- bootstrap/util/configowner_test.go
- cmd/clusterctl/client/config/imagemeta_client_test.go
- api/core/v1beta1/conversion_test.go
- api/controlplane/kubeadm/v1beta1/conversion.go
- bootstrap/kubeadm/internal/setup/setup.go
- bootstrap/kubeadm/internal/controllers/suite_test.go
- api/runtime/hooks/v1alpha1/topologymutation_variable_types.go
- api/core/v1beta1/machine_types.go
- api/core/v1beta1/cluster_types.go
- api/bootstrap/kubeadm/v1beta1/kubeadm_types.go
- cmd/clusterctl/internal/test/fake_github.go
- .github/workflows/weekly-security-scan.yaml
- api/runtime/hooks/v1alpha1/topologymutation_types.go
- controllers/clustercache/cluster_accessor_client.go
- config/crd/bases/runtime.cluster.x-k8s.io_extensionconfigs.yaml
- api/bootstrap/kubeadm/v1beta1/conversion.go
- api/core/v1beta2/cluster_types.go
- cmd/clusterctl/cmd/upgrade_apply.go
- .github/workflows/release.yaml
- config/crd/bases/cluster.x-k8s.io_machinedeployments.yaml
- .golangci.yml
- api/bootstrap/kubeadm/v1beta2/kubeadmconfig_types.go
- api/controlplane/kubeadm/v1beta2/kubeadm_control_plane_types.go
- config/crd/bases/addons.cluster.x-k8s.io_clusterresourcesetbindings.yaml
- api/core/v1beta1/clusterclass_types.go
- cmd/clusterctl/client/cluster/upgrader.go
- bootstrap/kubeadm/internal/webhooks/kubeadmconfigtemplate.go
- cmd/clusterctl/client/cluster/template.go
- config/crd/bases/cluster.x-k8s.io_machinehealthchecks.yaml
- api/runtime/hooks/v1alpha1/lifecyclehooks_types.go
- controllers/clustercache/cluster_accessor.go
- cmd/clusterctl/Dockerfile
- config/crd/bases/cluster.x-k8s.io_machinepools.yaml
- bootstrap/kubeadm/internal/webhooks/kubeadmconfig.go
- config/crd/bases/cluster.x-k8s.io_machinesets.yaml
- bootstrap/kubeadm/main.go
- controllers/clustercache/cluster_cache.go
- bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go
- config/crd/bases/cluster.x-k8s.io_clusters.yaml
- config/crd/bases/cluster.x-k8s.io_machines.yaml
- config/crd/bases/cluster.x-k8s.io_clusterclasses.yaml
Comment on lines
+180
to
+183
| GOVULNCHECK_VER := v1.3.0 | ||
| GOVULNCHECK := $(abspath $(TOOLS_BIN_DIR)/$(GOVULNCHECK_BIN)) | ||
| GOVULNCHECK_DIR := hack/tools/govulncheck | ||
| GOVULNCHECK_TMP_DIR ?= $(GOVULNCHECK_DIR)/govulncheck.tmp |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
rg -n 'GOVULNCHECK_VER|GOVULNCHECK :=|verify-govulncheck:|\\.PHONY:.*GOVULNCHECK|go build -C .*govulncheck' MakefileRepository: openshift/cluster-api
Length of output: 681
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Find GOVULNCHECK_BIN definition
echo "=== GOVULNCHECK_BIN definition ==="
rg -n 'GOVULNCHECK_BIN\s*:=' Makefile
# Check if verify-govulncheck is marked .PHONY
echo "=== .PHONY declarations involving GOVULNCHECK ==="
rg -B 5 'verify-govulncheck:' Makefile | head -20
# Find the build target containing line 1534
echo "=== Build target structure around line 1534 ==="
sed -n '1510,1540p' Makefile | cat -nRepository: openshift/cluster-api
Length of output: 1864
Avoid stale govulncheck binaries across version bumps.
Line 181 defines a versionless tool path, and the $(GOVULNCHECK) build target (lines 1520–1534) outputs to that same versionless path. Since $(GOVULNCHECK) is a file target with no explicit prerequisites tracking GOVULNCHECK_VER, Make considers an existing binary up-to-date and skips rebuilding when the version changes. This allows verify-govulncheck to use an outdated scanner.
Proposed fix:
🔧 Solution
-GOVULNCHECK := $(abspath $(TOOLS_BIN_DIR)/$(GOVULNCHECK_BIN))
+GOVULNCHECK := $(abspath $(TOOLS_BIN_DIR)/$(GOVULNCHECK_BIN)-$(GOVULNCHECK_VER))And update the build output path to match:
- go build -C $(GOVULNCHECK_TMP_DIR) -o $(TOOLS_BIN_DIR)/$(GOVULNCHECK_BIN) ./cmd/govulncheck
+ go build -C $(GOVULNCHECK_TMP_DIR) -o $(GOVULNCHECK) ./cmd/govulncheck🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@Makefile` around lines 180 - 183, The GOVULNCHECK target uses a versionless
path so Make doesn't rebuild when GOVULNCHECK_VER changes; change the
GOVULNCHECK variable and the build recipe to produce a versioned binary (e.g.,
include $(GOVULNCHECK_VER) in the filename or directory) and make the
$(GOVULNCHECK) file target depend on GOVULNCHECK_VER (or use the versioned
filename as the target), then update any references (including
verify-govulncheck) to point to the new versioned path so bumps to
GOVULNCHECK_VER force a rebuild of the scanner.
Squash follow-up OWNERS sync into the initial OpenShift-specific carry since it updates the same initial ownership surface. # Conflicts: # .github/workflows/pr-dependabot.yaml # .github/workflows/pr-golangci-lint.yaml # .github/workflows/pr-verify.yaml # OWNERS_ALIASES
Squash the OWNERS-only carries into a single update to keep ownership churn in one focused commit.
Squash adjacent changes that iterate on OpenShift manifest tooling and metadata sync behavior in the same Makefile-driven flow.
Squash adjacent Dockerfile updates that refine the 4.21 image carry and manager binary naming.
Squash adjacent toolchain updates touching openshift/tools so kustomize alignment and IPAM pinning are applied together.
…olicy: Ignore Add functions to set the failurePolicy to Ignore for both mutating and validating webhooks handling IPAM resources. During bootstrap, the bootstrap node's Kube API Server receives IPAM create requests but is unable to reach the webhooks in the Cluster API namespace. This is because the bootstrap node doesn't have a route to the pods as it doesn't have access to the pod networks. If failurePolicy is set to Fail, the KAS cannot reach the webhook endpoints and the request fails, preventing creation of IPAddress and IPAddressClaim resources. This causes a chicken-and-egg problem as it prevents IPAM provisioning for the workers which won't start without their IP addresses being allocated. Setting failurePolicy to Ignore allows the resources to be created even when the webhooks are unreachable during bootstrap, matching what Machine API also does. More context: https://redhat-internal.slack.com/archives/C0A2M43S199/p1765540108488539
Squash ART image consistency updates into a single carry commit.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Squash adjacent carries that iterate over OpenShift manifests generation, IPAM kustomization, and Dockerfile image consistency.
… upstream rebase Squash the post-rebase regeneration steps into a single carry commit so the PR keeps one coherent update for generated manifests and dependency vendoring.
cloud-team-bot
Bot
force-pushed
the
rebase-bot-master
branch
from
fcbd711 to
df52f1a
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: cloud-team-rebase-bot[bot] The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
@cloud-team-rebase-bot[bot]: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
New Features
Bug Fixes
Documentation
Chores