kubernetes1.23-kubelet-1.23.17-150500.3.12.1<>,Ufp9|L? ~Zfid!4?MfmC@6IyB<{`:^/9^# ObLLJ?93\JGChvg_y~sP:7*6-٦)pH:< g MwKEtQM̬qtQ #IץR1[͎Od.Ӄ{"e]xz|&y]# BlIX%\ypH**>DL?Kd! / I! 7I`flx ~    $3Bp|(89@:BGFHGH(HH4IH@XHDYHPZH[H\H]H^HbIcIdJDeJIfJLlJNuJ`vJlwKDxKPyK\ zKKKKKKKKCkubernetes1.23-kubelet1.23.17150500.3.12.1Kubernetes kubelet daemonManage a cluster of Linux containers as a single system to accelerate Dev and simplify Ops. kubelet daemon (current version)fs390zl38 .SUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/System/Managementhttps://kubernetes.io/linuxs390x ,^A큤f fc25e7a844f58a4b13aac9664ec6828c2f7182c7d578e8296ab43458eae9a94eb0cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30rootrootrootrootrootrootkubernetes1.23-1.23.17-150500.3.12.1.src.rpmkubernetes-kubelet1.23kubernetes1.23-kubeletkubernetes1.23-kubelet(s390-64)@@@@@@@@@    cri-runtimekubernetes-kubelet-commonlibc.so.6()(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.2.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2)(64bit)libpthread.so.0(GLIBC_2.3.2)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)systemdsystemdsystemdsystemd3.0.4-14.6.0-14.0-15.2-14.14.3f@e}@e7@edd@d6@d!@d!@ddb֜b֜b֜b֜b֜b1@b a@a*@a@priyanka.saggu@suse.compriyanka.saggu@suse.comdimstar@opensuse.orgbwiedemann@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.compriyanka.saggu@suse.comrombert@apache.orgrombert@apache.orgpriyanka.saggu@suse.compriyanka.saggu@suse.comjkowalczyk@suse.comjkowalczyk@suse.comjkowalczyk@suse.comjkowalczyk@suse.comjkowalczyk@suse.comrbrown@suse.comdmueller@suse.comrbrown@suse.comrbrown@suse.comrbrown@suse.com- add new security patch for bypassing mountable secrets policy imposed by the ServiceAccount admission plugin, bsc#1222539, CVE-2024-3177 * patch file – bypass-mountable-secrets-policy-imposed-by-SA-admission-plugin.patch- add new patch to advance autoscaling v2 as the preferred API version, to fix bsc#1219964, CVE-2024-0793 * autoscaling-advance-v2-as-the-preferred-API-version.patch- Use %patch -P N instead of deprecated %patchN.- Add kubernetes-sort-custom-column-print-flags.patch for reproducible builds- Security Patch Fix for CVE-2023-2431 (bsc#1212493) * added patch: fix-seccomp-localhost-error-handling.patch * this new kubelet component patch returns an error when a Pod or Container's SecurityContext has a localhost seccomp type but an empty localhostProfile field.- Security Patch Fix for CVE-2023-2727 (bsc#1211630) and CVE-2023-2728 (bsc#1211631) * added patch: kube-apiserver-admission-plugin-policy.patch * this new kube-apiserver component patch prevents ephemeral containers: * * from using an image that is restricted by ImagePolicyWebhook (CVE-2023-2727) * * from bypassing the mountable secrets policy enforced by the ServiceAccount admission plugin (CVE-2023-2728)- add kubernetes1.18-client-common as conflicts with kubernetes-client-bash-completion- Stronger conflicts for completion packages- Split individual completions into separate packages- update patch files to reflect upstream registry changes from k8s.gcr.io to registry.k8s.io * kubeadm-opensuse-registry.patch * revert-coredns-image-renaming.patch- Update to version 1.23.17: * Release commit for Kubernetes v1.23.17 * releng: Update images, dependencies and version to Go 1.19.6 * Update golang.org/x/net to v0.7.0 * Pin golang.org/x/net to v0.4.0 * add scale test for probes * use custom dialer for http probes * use custom dialer for tcp probes * add custom dialer optimized for probes * egress_selector: prevent goroutines leak on connect() step. * tls.Dial() validates hostname, no need to do that manually * Fix issue that Audit Server could not correctly encode DeleteOption * Do not include scheduler name in the preemption event message * Do not leak cross namespace pod metadata in preemption events * pkg/controller/job: re-honor exponential backoff * releng: Update images, dependencies and version to Go 1.19.5 * Bump Konnectivity to v0.0.35 * Improve vendor verification works for each staging repo * Update to go1.19 * Adjust for os/exec changes in 1.19 * Update golangci-lint to 1.46.2 and fix errors * Match go1.17 defaults for SHA-1 and GC * update golangci-lint to 1.45.0 * kubelet: make the image pull time more accurate in event * change k8s.gcr.io/pause to registry.k8s.io/pause * use etcd 3.5.6-0 after promotion * changelog: CVE-2022-3294 and CVE-2022-3162 were fixed in v1.23.14 * Add CVE-2021-25749 to CHANGELOG-1.23.md * Add CVE-2022-3294 to CHANGELOG-1.23.md * kubeadm: use registry.k8s.io instead of k8s.gcr.io * etcd: Updated to v3.5.5 * Bump konnectivity network proxy to v0.0.33. Includes a couple bug fixes for better handling of dial failures. [Agent & Server](https://github.com/kubernetes-sigs/apiserver-network-proxy/commits/v0.0.33) include numerous other fixes. * kubeadm: allow RSA and ECDSA format keys in preflight check * Fixes kubelet log compression on Windows * Reduce default gzip compression level from 4 to 1 in apiserver * exec auth: support TLS config caching * Marshal MicroTime to json and proto at the same precision * Windows: ensure runAsNonRoot does case-insensitive comparison on user name * update structured-merge-diff to 4.2.3 * Add rate limiting when calling STS assume role API * Fixing issue in generatePodSandboxWindowsConfig for hostProcess containers by where pod sandbox won't have HostProcess bit set if pod does not have a security context but containers specify HostProcess.- Update to version 1.23.9: * Do not skip job requeue in conflict error * kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join * Bump cAdvisor to v0.43.1 * Fix: filter out unsatisfied nodes when calling AddPod in PodTopologySpread * kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join * GIT-110239: fix activeDeadlineSeconds enforcement bug * fix: --chunk-size with selector returns missing result * Fixed winkernel proxy failing to query v1 endpoints created by dockershim CNIs * Winkernel proxier cache HNS data to improve syncProxyRules performance * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.8 * apiserver: printers should use int64 * add missing error handling steps * add missing error handling steps * fix image pulling failure when IMDS is unavailalbe in kubelet startup * fix: exclude non-ready nodes and deleted nodes from azure load balancers * Avoid updating Services with stale specs Fix the bug that service specs in servicesToUpdate may have been updated by clients. - Require only BuildRequires: golang(API) = 1.17 pinned Go major version. Remove potentially conflicting BuildRequires: go >= x.y.z. The plan for future updates is BuildRequires: golang(API) >= 1.17 minimum Go major version.- Update to version 1.23.8: * Revert "Automated cherry pick of #109124: Winkernel proxier cache HNS data to improve syncProxyRules" * test: update graceful node shutdown e2e with watch * move the ignore logic higher up to the reconciler * Ignore EndpointSlices that are already marked for deletion * kubelet: Mark ready condition as false explicitly for terminal pods * agnhost: bump version 2.39 * Update Go to 1.17.11 * add service e2e tests * kubelet: add e2e test to verify probe readiness * kubelet: only shutdown probes for pods that are terminated * kubelet: Pod probes should be handled by pod worker * Enable resize feature * Reject proxy requests to 0.0.0.0 as well * ipvs: fix prevent concurrent map read and map write for 1.23 * cpu manager policy set to none, no one remove container id from container map, lead memory leak * fix audit union loop variables in closures * Updating e2e test to check EndpointSlices and Endpoints as well * e2e: services with evicted pods doesn't have endpoints * e2e test for evicted pods * endpoints controller: don't consider terminal endpoints * endpointslices: terminal pods doesn't receive enpoints * add pod util to verify pod is terminal * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.7 * Add test for checking ephemeral volume expansion * Fix resizing of ephemeral volumes * untangle fix with healthCheck feature * Winkernel proxier cache HNS data to improve syncProxyRules performance * Skip updating Endpoints and EndpointSlice if no relevant fields change- Update to version 1.23.7: * Fix requests scope classification * Update Go to 1.17.10 * authn: fix cache mutation by AuthenticatedGroupAdder * GCE: skip updating and deleting external loadbalancers if service is managed outside of service controller * Wait for cache to sync in job's TestWatchOrphanPods * Fix OpenAPI loading error caused by empty APIService * Test Foreground deletion in job integration * Fix removing finalizer from finished jobs * Don't mark job as failed until expectations are satisfied * Integration test for backoff limit and finalizers * component-base: replace url in rest client metrics * fix broken find command * Allow KUBE_TEST_REPO_LIST to be a remote url as well * Disable JobTrackingWithFinalizers due to unresolved bug * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.6 * Correct event registration for multiple scheduler plugins. * kubelet: rename closeAllConns to onHeartbeatFailure * kubelet apiserver: be gentle closing connections on heartbeat failures * fix: race detected in TestErrConnKilled * Replace hardcoded kubectl with kubectl.Name() * kubectl: fix hard-coded value in zsh completion * kubeadm: add etcd flag for member data consistency * Fix a bug that out-of-tree plugin is misplaced when using scheduler v1beta3 config * ipvs: remove port opener * iptables: remove port opener * azure_file: try to get secret namespace from ClaimRef * azure_file: add namespace tests for InTree to CSI conversion- Update to version 1.23.6: * Update Go to 1.17.9 * Fix: abort nominating a pod that was already scheduled to a node * Fix the overestimated cost of deletaged API requests in P&F * omit enums from static openapi snapshots used to generate clients * Drop enum tag from certificate request condition * Addresses the issue which caused #109115 * Add test for indexer with multiple values * Reduce number of pods in Job+GC tests * Adjust validation checks to pass for both client-side and server-side validation * Remove finalizer when orphaned * Fix: Clean job tracking finalizer from orphan pods * Add test for Background delete propagation * Add integration test for orphan pods when there is GC * Copy request in timeout handler * kube-up: use registry.k8s.io for containerd-related jobs * kubelet: If the container status is created, we are waiting * e2e: Wait only for the service account * e2e: Wait for kube-root-ca.crt to be created * client-go: update generated * default kubernetes agent for generated clients * Include pod UID in secret/configmap cache key * Move kubelet secret and configmap manager calls to sync_Pod functions * test: Verify that nodes do not transition to Failed while ready * test: Add E2E for job completions with cpu reservation * test: Add E2E for init container pod deletion * kubelet: Delay writing a terminal phase until the pod is terminated * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.5 * generated: make update * polish comments of non-enum values. * unmark non-validated types as enums.- Update to version 1.23.5: * Remove apf_fd from httplog * Update Go to 1.17.8 * cluster/gce: update konnectivity image tags to v0.0.30 * bump sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.0.30 * fix dryrun when ca file exists * fix regression introduced by PR 100320 * Add unit tests * Fix nodes volumesAttached status not updated * Fix default config flags * test/e2e/framework: include the new control plane taint * kubelet: Clean up a static pod that has been terminated before starting * Add an e2e test for updating a static pod while it restarts * cronjob_controllerv2: do not filter jobs to be reconciled by labels * kube-proxy: fix duplicate port opening * increase Azure ACR credential provider timeout * Updating EndpointSlice strategy to retain node name in topology until field is set * fix: do not return early in the node informer when there is no change of the topology label. * /test/e2e_kubeadm: adjust label checks for 1.23 * Ignore container notfound error while getPodstatuses * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.4 * Add PDB selector patch integration test * Revert v1beta1 PodDisruptionBudget select patchStrategy * test/e2e_kubeadm: fix matching UnversionedKubeletConfigMap defaults * kubeadm: fix the bug that 'kubeadm init --dry-run --upload-certs' command failed with 'secret not found' error * wrap error from RunCordonOrUncordon- Update to version 1.23.4: * Update Go to 1.17.7 * Use serializable struct for x-kubernetes-validations in openapi * Make JSON schema round tripping test more strict * ignore CRI PodSandboxNetworkStatus for host network pods * set secondary address on host-network pods * Deeply copy JSONSchemaProps.XValidations. * Ensure the execHostnameTest() compares hostnames * Revert "Fix comparison between FQDN and hostname" * service REST: Call Decorator(old) on update path * add namespace in azurefile volumeid * fix: azurefile volumeid conflict in csi migration * Mark device as uncertain if unmount device succeeds * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.3 * kubelet: fix podstatus not containing pod full name * Fix bug with node restriction blocking pvc.status.resizestatus change * Fix regression pruning array fields with x-kubernetes-preserve-unknown-fields: true * Set max results if its not set * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.2 * Update k/utils to v0.0.0-20211116205334-6203023598ed * [go] update to Go 1.17.6 * fix: remove outdated ipv4 route when the corresponding node is deleted * fix: delete non existing disk issue * Revert "Automated cherry pick of #107554: Correct the feature gate string for RBD migration." * fix containers order after applying * generated: ./hack/update-vendor.sh * upgrade sigs.k8s.io/structured-merge-diff/v4 to v4.2.1 * Execute sync before taking the snapshot * Correct the feature gate string for RBD migration. * fix: azuredisk parameter lowercase translation issue * removed unnecessary log line * kubectl: add integration test for result reporting * cli: let kubectl handle error printing * cli: avoid logging command line errors in more cases * Fix header mutation race in timeout filter * clear pod's .status.nominatedNodeName when necessary * use node informer to check volumes attachment status before backoff * When volume is not marked in-use, do not backoff * kubeadm: remove the restriction that the ca.crt can only contain one certificate * flake fix: remove the error handler for cronjob integration test * Fix the leak of vSphere client sessions * fix nil pointer in create secret commands * Fix order of commands in the snapshot tests for persistent volumes * client-go: Clear the ResourceVersionMatch on paged list calls * Improving performance of EndpointSlice controller metrics cache * fix the error when cleaning up jobs for cronjob * Update CHANGELOG to add missing release notes. * apf: ensure exempt request notes the classification * Enabling kube-proxy metrics on windows kernel mode * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.1 * add gce loadbalancer no-op finalizer and existingFwdRule tests * disable gce service handling if has rbs forwarding rule * add ELBRbsFinalizer * add gce elb rbs opt-in annotation * cherry pick of knp 0.0.27 * Remove JSON logging performance regression * Re-introduce removed kubectl --dry-run values. * Point flowcontrol users at v1beta2 * [go1.17] Update to go1.17.5 * dependencies: Update golang.org/x/net to v0.0.0-20211209124913-491a49abca63 * mount-utils: Detect potential stale file handle * Skip creating HNS loadbalancer with empty endpoints * Add regression test for CPUManager distribute NUMA algorithm * Add unit test for CPUManager distribute NUMA algorithm verifying fixes * Fix accounting bug in CPUManager distribute NUMA policy * Fix error handling in CPUManager distribute NUMA tests * Add a sum() helper to the CPUManager cpuassignment logic * Allow the map.Values() function in the CPUManager to take a set of keys * Fix CPUManager algo to calculate min NUMA nodes needed for distribution * Fix unit tests following bug fix in CPUManager for map functions (2/2) * Fix unit tests following bug fix in CPUManager for map functions (1/2) * Fix bug in CPUManager map.Keys() and map.Values() implementations * Ensure we balance across *all* NUMA nodes in NUMA distribution algo * Short-circuit CPUManager distribute NUMA algo for unusable cpuGroupSize * Round the CPUManager mean and stddev calculations to the nearest 1000th * updated deprecation messages from 1.23 to 1.24 * kubelet: set failed phase during graceful shutdown * kubeadm: avoid requiring a CA key during kubeconfig expiration checks * kubeadm: print the CA of kubeconfig files in "check expiration" * kubeadm: validate local etcd certficates during expiration checks * publishing-bot/doc: add component-helpers to the readme * publishing-bot/rules: remove non existing component-helpers branch 1.19 from the rules * Changelog: mention kube-scheduler bits deprication * rbd: initialize ceph monitors slice with an empty value. * Direct v2betaX users to migrate to HPA v2 * DelegateFSGroupToCSIDriver e2e: skip tests with chgrp * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.0 * [go1.17] Update to go1.17.4- avoid bashism in client-common postinstall script (bsc#1195391)- Increase _constraints to 13GB- Restore & rebase revert-coredns-image-renaming.patch from kubernetes1.22. Looks like it's still needed until all supported k8s versions allow us to change how we publish coredns containers- Initial Packagekubernetes-kubelet1.23s390zl38 17127617571.23.171.23.17-150500.3.12.11.23.17-150500.3.12.11.23.17kubelet1.23kubernetes1.23-kubeletLICENSE/usr/bin//usr/share/licenses//usr/share/licenses/kubernetes1.23-kubelet/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:33337/SUSE_SLE-15-SP5_Update/b3d79ff566f2129e54d173fc934fd546-kubernetes1.23.SUSE_SLE-15-SP5_Updatedrpmxz5s390x-suse-linuxELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=5424ba3467021a4ace71075f2e8eaaeeeb9513d6, for GNU/Linux 3.2.0, strippeddirectoryASCII text RRRRR R RRR cͶ|B?sJ$*}Csystemd-sysvcompatutf-84381b0babe917f29caaea9fbc926ce81f467ecefdacf6e06f1fa217bea26724d?7zXZ !t/]"k%]{~nt +f`K-ZeV4{ekODKʍrbyxlowgǘA!噑a*z׏7UE#l'_7p 'ML]+WX)MoC\mc#1GEP19z;VŬ ©*)W(үP\۠4_8̐9(&'}RYCI"O.` (%ޢWvM #fbjQPC秅M/ddHzᰣ\4t_ٮ}z.~/9YjiWE6O PkȠk9q_,%'/d_ ױf˸i؂~cT)n0Ć؀GtmM3!Mgx~ c)͏\tOVGD]@YEm?-W`2fPSdм jAP9;=O, Y)H8(hbdYZhN {\(&p?oMt-:ʫ+M]ء-&L7!bP !;s;~,[/}ծ,~ypVat9GzVؓrvϨgiV/qLS ~;OjQ2V &T ,^u^k*:_%fg{1 &"J=r?f) IgN4>\09]͆ gn?{K!@"ϬnYvY}PONֶ[[ŎTCxO5mޜ8={+'~bX Έʪ=s]: HKe(9%J @-$jkF.l +iȕ YZ