fix(deps): pin kubernetes!=36.0.0 due to broken bearer-token auth

[myakove]

What

Pin kubernetes dependency to >=31.0.0,!=36.0.0 to avoid a broken bearer-token auth regression in v36.0.0.

Why

kubernetes v36.0.0 has a regression where Configuration.auth_settings() no longer recognizes the authorization key in api_key, silently dropping the Authorization header from all API requests. This causes 401/403 errors for any authenticated API call.

The upstream fix (kubernetes-client/python#2585) is merged but not yet released. Exclude 36.0.0 until a patched v36.x ships.

Ref: kubernetes-client/python#2582

Done

• Pin kubernetes!=36.0.0 in pyproject.toml
• Add inline comment explaining the pin with issue URL
• Run uv lock --upgrade

[qodo-code-review]

Review Summary by Qodo

Pin kubernetes!=36.0.0 to avoid broken bearer-token auth

🐞 Bug fix

Walkthroughs

Description

• Pin kubernetes dependency to exclude v36.0.0 due to bearer-token auth regression
• v36.0.0 breaks Authorization header handling in API requests
• Upstream fix merged but not yet released in v36.x
• Added inline comment with issue reference for future removal

Diagram

flowchart LR
  A["kubernetes v36.0.0<br/>broken bearer-token auth"] -->|"regression in<br/>auth_settings()"| B["Authorization header<br/>silently dropped"]
  B -->|"causes"| C["401/403 errors<br/>on API calls"]
  D["Pin kubernetes<br/>!=36.0.0"] -->|"excludes"| A
  D -->|"allows"| E["v31.0.0 to v35.x<br/>and v36.0.1+"]

Loading

File Changes

1. pyproject.toml Dependencies +1/-1

Exclude kubernetes v36.0.0 with explanatory comment

• Updated kubernetes dependency constraint from >=31.0.0 to >=31.0.0,!=36.0.0
• Added inline comment explaining the exclusion with reference to upstream issue #2582
• Comment notes that the pin should be removed once v36.0.1+ ships with the fix

pyproject.toml

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0)

Great, no issues found!

Qodo reviewed your code and found no material issues that require review

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5dca03e5-5150-4cb2-900b-254fc5fc4675

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/pin-k8s-ne-36-backport-419

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rh-bot-1]

Report bugs in Issues

Welcome! 🎉

This pull request will be automatically processed with the following features:

🔄 Automatic Actions

• Reviewer Assignment: Reviewers are automatically assigned based on the OWNERS file in the repository root
• Size Labeling: PR size labels (XS, S, M, L, XL, XXL) are automatically applied based on changes
• Issue Creation: Disabled for this repository
• Branch Labeling: Branch-specific labels are applied to track the target branch
• Auto-verification: Auto-verified users have their PRs automatically marked as verified
• Labels: All label categories are enabled (default configuration)

📋 Available Commands

PR Status Management

• /wip - Mark PR as work in progress (adds WIP: prefix to title)
• /wip cancel - Remove work in progress status
• /hold - Block PR merging (approvers only)
• /hold cancel - Unblock PR merging
• /verified - Mark PR as verified
• /verified cancel - Remove verification status
• /reprocess - Trigger complete PR workflow reprocessing (useful if webhook failed or configuration changed)
• /regenerate-welcome - Regenerate this welcome message

Review & Approval

• /lgtm - Approve changes (looks good to me)
• /approve - Approve PR (approvers only)
• /automerge - Enable automatic merging when all requirements are met (maintainers and approvers only)
• /assign-reviewers - Assign reviewers based on OWNERS file
• /assign-reviewer @username - Assign specific reviewer
• /check-can-merge - Check if PR meets merge requirements

Testing & Validation

• /retest tox - Run Python test suite with tox
• /retest python-module-install - Test Python package installation
• /retest conventional-title - Validate commit message format
• /retest all - Run all available tests

Cherry-pick Operations

• /cherry-pick <branch> - Schedule cherry-pick to target branch when PR is merged
  • Multiple branches: /cherry-pick branch1 branch2 branch3

Label Management

• /<label-name> - Add a label to the PR
• /<label-name> cancel - Remove a label from the PR

✅ Merge Requirements

This PR will be automatically approved when the following conditions are met:

1. Approval: /approve from at least one approver
2. Status Checks: All required status checks must pass
3. No Blockers: No wip, hold, has-conflicts labels and PR must be mergeable (no conflicts)
4. Verified: PR must be marked as verified

📊 Review Process

Approvers and Reviewers

Approvers:

• myakove
• rnetser

Reviewers:

• dbasunag
• myakove
• rnetser

Available Labels

• hold
• verified
• wip
• lgtm
• approve
• automerge

AI Features

• Conventional Title: Mode: fix (claude/claude-opus-4-6[1m])
• Cherry-Pick Conflict Resolution: Enabled (claude/claude-opus-4-6[1m])

💡 Tips

• WIP Status: Use /wip when your PR is not ready for review
• Verification: The verified label is removed on new commits unless the push is detected as a clean rebase
• Cherry-picking: Cherry-pick labels are processed when the PR is merged
• Permission Levels: Some commands require approver permissions
• Auto-verified Users: Certain users have automatic verification and merge privileges

For more information, please refer to the project documentation or contact the maintainers.