Allow kubernetes and kubernetes_asyncio client 36.x in cncf.kubernetes#68041
Merged
Conversation
kaxil
requested review from
hussein-awala,
jedcunningham and
jscheffl
as code owners
boring-cyborg
Bot
added
area:providers
kind:documentation
provider:cncf-kubernetes
2 tasks
bugraoz93
approved these changes
Jun 4, 2026
potiuk
approved these changes
Jun 4, 2026
35.0.0 is the only release in the previous [35.0.0, 36.0.0) range and it ignores NO_PROXY (kubernetes-client/python#2520): in-cluster API traffic is forced through HTTP(S)_PROXY, so KubernetesPodOperator, the hooks and the Kubernetes executor time out behind a corporate proxy. The fix is only in the 36.x client. Allow the 36.x line and exclude 36.0.0, which shipped an in-cluster auth regression (kubernetes-client/python#2582) fixed in 36.0.1. kubernetes_asyncio 36.1.0 is now available, so the async bound can align with the sync one. Related: apache#67845
kaxil
force-pushed
the
bump-cncf-kubernetes-36
branch
from
a956211 to
b42c7ba
Compare
1 task
potiuk
pushed a commit
that referenced
this pull request
Jun 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Allow the
kubernetesandkubernetes_asyncioclients on the 36.x line in thecncf.kubernetesprovider:kubernetes:>=35.0.0,<36.0.0->>=35.0.0,!=36.0.0,<37.0.0kubernetes_asyncio:>=32.0.0,<36.0.0->>=32.0.0,<37.0.0Why
35.0.0is the only release in the previous[35.0.0, 36.0.0)range, and it ignoresNO_PROXY/no_proxy:Configuration.__init__loads the value from the environment and then resets it toNone(kubernetes-client/python#2520). Behind a corporate proxy this forces in-cluster API-server traffic throughHTTP(S)_PROXY, soKubernetesPodOperator, the hooks, and the Kubernetes executor time out reaching the cluster. The fix only landed in the 36.x client, which the previous bound excluded, so there was no proxy-respecting version installable in range.36.0.0is excluded from the range: it shipped an in-cluster auth regression whereload_incluster_config()writesapi_key['authorization']whileauth_settings()expectsapi_key['BearerToken'], sending in-cluster calls unauthenticated (#2582, #2584). It is fixed in36.0.1.kubernetes_asynciocould not move before because it had no 36.x release;36.1.0is now available, so the async bound aligns with the sync one.Validation
The provider unit suite passes against
kubernetes==36.0.1+kubernetes_asyncio==36.1.0(1111 passed, 17 skipped; all provider modules import; 1128 tests collected with no errors). CI integration tests exercise the real-cluster paths (watch, auth, serialization) that the unit tests mock.Closed #67845