Bump the k8s-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the k8s-dependencies group with 3 updates in the / directory: k8s.io/apiextensions-apiserver, sigs.k8s.io/controller-runtime and sigs.k8s.io/kind.

Updates k8s.io/apiextensions-apiserver from 0.35.4 to 0.36.1

Commits

• 5b822b1 Update dependencies to v0.36.1 tag
• 4cd8c3d Merge remote-tracking branch 'origin/master' into release-1.36
• c2fd557 Merge pull request #138346 from dashpole/update_otel_prop
• 1daa309 Merge remote-tracking branch 'origin/master' into release-1.36
• 1551264 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• 6c97d2b update go.opentelemetry.io/otel to v1.41.0
• 862c52a update google.golang.org/grpc to v1.79.3
• abac065 Merge pull request #137849 from bryantbiggs/deps/update-kube-openapi
• 7acee75 Merge pull request #137843 from pacoxu/cobra-v1.10.2
• 612f1d8 dependencies: bump kube-openapi to drop ginkgo/gomega indirect deps
• Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.35.4 to 0.36.1

Commits

• 7af103a Update dependencies to v0.36.1 tag
• efb7f26 Merge remote-tracking branch 'origin/master' into release-1.36
• d966e56 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• 79b3632 Merge pull request #137864 from yongruilin/dv-dra-mismatch
• a8822f7 Add slice and map union member support with tests
• 7dba2d0 Use IsZero instead of IsNil for union ratcheting check
• d95710f Fix union validation ratcheting when oldObj is nil
• 729062d Merge pull request #137849 from bryantbiggs/deps/update-kube-openapi
• 13b12e6 dependencies: bump kube-openapi to drop ginkgo/gomega indirect deps
• 27f4670 Merge pull request #136657 from Jefftree/sharding-test
• Additional commits viewable in compare view

Updates k8s.io/client-go from 0.35.4 to 0.36.1

Commits

• 55ef15a Update dependencies to v0.36.1 tag
• f22a53e Merge remote-tracking branch 'origin/master' into release-1.36
• a948641 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• 7e44ffc Add Workload-Aware Preemption fields to Workload and PodGroup APIs
• df2d882 Merge pull request #136989 from nojnhuh/podgroup-resourceclaim
• 4eece52 Workload API: PodGroup ResourceClaims (KEP-5729)
• 3d35c51 Merge pull request #137190 from everpeace/KEP-5491-alpha
• 0434117 Merge pull request #137028 from nmn3m/feature/dra-resource-pool-status
• ba785be Drop CSR analogy, mark ObjectMeta +required,reduce limits (maxItems=500, maxL...
• 4a9c878 Add ResourcePoolStatusRequest API types and generated code
• Additional commits viewable in compare view

Updates sigs.k8s.io/controller-runtime from 0.23.3 to 0.24.1

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.24.1

What's Changed

• [release-0.24] 🐛 Fix regression in Apply typed error handling by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3516

Full Changelog: kubernetes-sigs/controller-runtime@v0.24.0...v0.24.1

v0.24.0

⚠️ Breaking Changes

• Dependencies: Update to k8s.io/* v1.36 (#3506 #3462 #3486 #3450)

🐛 Bug Fixes

• Cache: Fix IndexField blocking until informer is synced (#3445)
• Cache: Wait for cache sync when ReaderFailOnMissingInformer is true (#3425)
• Client: Update typed ApplyConfigurations with server response (#3475)
• Fakeclient: Fix SSA status patch resource version check (#3443)
• Fakeclient: Fix panic when using CRs with embedded pointer structs (#3431)
• Fakeclient: Fix status apply if existing object has managedFields set (#3430)
• Fakeclient: Retry GenerateName on AlreadyExists collisions (#3498)
• HTTP servers: Wire up base context into http servers (#3452)

🌱 Others

• Builder/Webhooks: Remove deprecated custom path function (#3465)
• Cache: Test cache reader waits for cache sync (#3434)
• Certwatcher: Deflake certwatcher tests (#3457)
• Dependencies: Use forked version of btree (#3449)
• Envtest: Ensure envtest stops the whole process group (#3447)
• Logging: Add missing space in zap-log-level flag description (#3492)
• Misc: Adopt new(x) over ptr.To(x) and re-enable newexpr lint (#3489)
• Owners: Cleanup (#3453)
• Recorder: Add logger into context for structured logging (#3454)
• Recorder: Switch to StartLogging for event debug logs (#3451)
• Scheme: Deprecate the scheme builder (#3461)
• Source/Kind: Improve logging for dynamic type kind source (#3494)
• Webhooks: Reduce memory usage of default webhooks (#3463 #3468)

🌱 CI & linters

• Chore: Update golangci-lint version to v2.8.0 (#3448)
• Chore: Update golangci-lint version to v2.10.1 (#3470)
• Chore: Update golangci-lint version to v2.11.3 (#3482)
• Migrate away from custom GitHub action approval workflow (#3491)
• Release: Auto-create git tags for the tools/setup-envtest submodule (#3476)

📖 Additionally, there has been 1 contribution to our documentation. (#3477)

Dependencies

... (truncated)

Commits

• 3be3f1b Merge pull request #3516 from k8s-infra-cherrypick-robot/cherry-pick-3515-to-...
• 0f7b33d Fix regression in Apply typed error handling
• d3eaef3 Merge pull request #3475 from alvaroaleman/fixfix
• 3296f32 🐛 Update typed Applyconfigurations with server response
• c8b4b9d Merge pull request #3506 from troy0820/troy0820/update-deps-k8s
• 557c314 update to k8s.io v1.36.0
• e4a998c Merge pull request #3499 from kubernetes-sigs/dependabot/github_actions/all-g...
• 1a31c56 Merge pull request #3498 from vieux/fix-fake-client-generatename-retry
• 80bc294 fakeclient: retry GenerateName on AlreadyExists collisions (match K8s 1.32 be...
• 77b730a 🌱 Bump the all-github-actions group with 2 updates
• Additional commits viewable in compare view

Updates sigs.k8s.io/kind from 0.31.0 to 0.32.0

Release notes

Sourced from sigs.k8s.io/kind's releases.

v0.32.0

This release contains critical dependency updates, bug fixes, and defaults to Kubernetes 1.36.1.

Breaking Changes

• The default node image is now kindest/node:v1.36.1@sha256:3489c7674813ba5d8b1a9977baea8a6e553784dab7b84759d1014dbd78f7ebd5
• New node images requiring upgrading kind to kind load ...: Due to a containerd upgrade, you must upgrade kind to this release or newer to use kind load ... with the newly published node images. As always, we cannot gurantee full compatibility of node images between kind releases. You can use the digests from previous releases, upgrade kind, or build your own node-images.
• kubeadm v1beta4 config format is now used for Kubernetes 1.36.0+ If you are using versioned config patches, you must update to target v1beta4. Unversioned patches kind will attempt to convert as needed (more below in New Features). This change is required for Kubernetes 1.37+ which drops kubeadm v1beta3 config.
• Adoption of Envoy for Load Balancing in multi-control-plane node clusters: HAProxy has been replaced by Envoy (docker.io/envoyproxy/envoy:v1.36.2) as the load balancer in multi-control-plane (HA) clusters. If you rely on custom HAProxy loadbalancer configurations or images, please note that Envoy is now used.
• cgroup v1 warning: A warning is now printed if cgroup v1 is detected on the host. Kubernetes has deprecated support for cgroup v1, and at some point in the future KIND releases / node-images will also drop support for cgroup v1.

New Features

• kubeadm v1beta4 configuration support: KIND now uses the v1beta4 config format for Kubernetes v1.36.0+ while maintaining v1beta3 for v1.23.0 up to v1.35.x, and v1beta2 for older versions.
• Custom Merging & Version-Awareness for Kubeadm Config Patches:
  • KIND now automatically translates old-style map-based extraArgs / kubeletExtraArgs patches to the list-based v1beta4 format when targeting v1beta4 configs.
  • Config patches now append to extraArgs / kubeletExtraArgs / certSANs reliably. To overwrite or make other more precise patching, use json6902 patches.
• Support for containerd config v4 format: Enabled support for containerd's config v4 format in kind load and snapshotter parsing, which is required for newer containerd versions.
• Building Node Images from CI Artifacts: Added support to build node images from Kubernetes CI artifacts (resolving endpoints like https://dl.k8s.io/ci/latest.txt or CI build prefixes).
• Support for containerd version-aware containerd config patching: Like kubeadmConfigPatches, containerd config patching is now aware of version and if specified in patches will only apply patches that match the containerd config being used.
• Assorted dependency updates.

Images pre-built for this release:

• v1.36.1: kindest/node:v1.36.1@sha256:3489c7674813ba5d8b1a9977baea8a6e553784dab7b84759d1014dbd78f7ebd5
• v1.35.5: kindest/node:v1.35.5@sha256:ce977ae6d65918d0b58a5f8b5e940429c2ce42fa3a5619ec2bbc60b949c0ac95
• v1.34.8: kindest/node:v1.34.8@sha256:02722c2dedddcfc00febf5d27fbeb9b7b2c14294c82109ff4a85d89ac9ba3256
• v1.33.12: kindest/node:v1.33.12@sha256:3f5c8443c620245e4d355cfe09e96a91ead32ceaa569d3f1ca9edf0cb2fe2ff4

NOTE: You must use the @sha256 digest to guarantee an image built for this release, until such a time as we switch to a different tagging scheme. Even then we will highly encourage digest pinning for security and reproducibility reasons.

Fixes

• Fix permission error when creating pods with hostUsers: false (Kubernetes 1.36+).
• Handle registry ports correctly in image normalization logic (e.g., registry running on ports like localhost:5000/...).
• Handle empty port mapping listen addresses correctly (defaults to wildcard address).
• Skip /dev/mapper mount on rootless Docker.
• Assorted documentation fixes and improvements.

See also:

• https://kind.sigs.k8s.io/docs/user/quick-start/#creating-a-cluster
• https://kind.sigs.k8s.io/docs/user/quick-start/#building-images

NOTE: These node images support amd64 and arm64, both of our supported platforms. You must use the same platform as your host, for more context see #2718

Contributors

Committers for this release:

• @​AnjaliMishra1st
• @​aojea

... (truncated)

Changelog

Sourced from sigs.k8s.io/kind's changelog.

kind Release Process

This document describes the steps to cut a new kind release. It is intended for maintainers who have push access to the upstream repository and the staging image registry.

Prerequisites

• GNU sed (macOS: brew install gnu-sed)
• Docker with buildx support
• crane installed (for image promotion to Docker Hub)
• Push access to github.com/kubernetes-sigs/kind
• Push access to gcr.io/k8s-staging-kind
• Push access to kindest on Docker Hub

---

Phase 1 - Publish Node Images

Node images must be built, tested, and promoted to Docker Hub before the kind release so their digest hashes are known and can be embedded in the release binary.

1.1 Build and push to staging

Use hack/release/push-node.sh for Kubernetes v1.31 and later:

./hack/release/push-node.sh v1.35.0

This builds amd64 and arm64 node images and pushes them to gcr.io/k8s-staging-kind/node:v1.35.0, then creates a multi-arch manifest list.

You can override the registry or add architectures:

REGISTRY=gcr.io/k8s-staging-kind ARCHES="amd64 arm64" ./hack/release/push-node.sh v1.35.0

1.2 Test with the staging image

Update the default image in pkg/apis/config/defaults/image.go to point to the staging image with its digest, then run CI to validate:

const Image = "gcr.io/k8s-staging-kind/node:v1.35.0@sha256:<digest-from-push>"

... (truncated)

Commits

• cda67ef version v0.32.0
• a335a9e Merge pull request #4182 from stmcginnis/kindest/node-v1.36.1
• 645b868 bump default image to kindest/node:v1.36.1
• d1b84e8 Merge pull request #4181 from BenTheElder/base-fix
• 25d94fa bump staging node image
• 088013a update base image with permissions fix
• 995e8fa Fix: Permission error when creating pod with hostUsers: false (#4179)
• b029a2b Merge pull request #4149 from BenTheElder/bump-images-asdf
• 140186f Merge pull request #4174 from BenTheElder/ci-builds
• 811ea84 Merge pull request #4173 from BenTheElder/kubeadm-v1beta4-special-patch
• Additional commits viewable in compare view

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a operator-framework member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[perdasilva]

@dependabot rebase

[perdasilva]

/ok-to-test

[perdasilva]

/hold @tmshort can we merge this?

[Copilot]

Pull request overview

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 58.75%. Comparing base (de59e21) to head (744dc66).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2002   +/-   ##
=======================================
  Coverage   58.75%   58.75%           
=======================================
  Files         141      141           
  Lines       13426    13426           
=======================================
+ Hits         7888     7889    +1     
+ Misses       4326     4325    -1     
  Partials     1212     1212           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.

[perdasilva]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: perdasilva, rashmigottipati

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [perdasilva]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[grokspawn]

Can we cut new releases from these repos after the go version bump and before the k8s bump? Many consumers may wish the former w/o the latter and they are not codependent.

[openshift-ci]

New changes are detected. LGTM label has been removed.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.