Skip to content

CNTRLPLANE-1676: Update to Kubernetes v1.34.2 #170

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Nov 20, 2025
Merged

CNTRLPLANE-1676: Update to Kubernetes v1.34.2 #170

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
dd95c42
chore: Switch from k8s.io/apimachinery/pkg/util/diff to github.com/go…
vincentdephily Nov 18, 2025
05344cd
chore: Update deps for k8s 1.34.2
vincentdephily Nov 18, 2025
2c5b01d
chore: go mod vendor
vincentdephily Nov 18, 2025
a082c48
doc: Fix links, simplify wording, split into sections, add rebase ins…
vincentdephily Nov 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
24 changes: 17 additions & 7 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,32 @@
## cluster-policy-controller
# cluster-policy-controller
The cluster-policy-controller is responsible for maintaining policy resources necessary to create pods in a cluster.
Controllers managed by cluster-policy-controller are:
* cluster quota reconcilion - manages cluster quota usage
* namespace SCC allocation controller - allocates UIDs and SELinux labels for namespaces
* cluster csr approver controller - csr approver for monitoring scraping
* podsecurity admission label syncer controller - configure the PodSecurity admission namespace label for namespaces with "security.openshift.io/scc.podSecurityLabelSync: true" label

## Run
The `cluster-policy-controller` runs as a container in the `openshift-kube-controller-manager namespace`, in the kube-controller-manager static pod.
This pod is defined and managed by the [`kube-controller-manager`](https://github.com/openshift/cluster-kube-controller-manager-operator/)
[OpenShift ClusterOperator](https://github.com/openshift/enhancements/blob/master/enhancements/dev-guide/operators.md#what-is-an-openshift-clusteroperator).
[OpenShift ClusterOperator](https://github.com/openshift/enhancements/blob/master/dev-guide/operators.md#what-is-an-openshift-clusteroperator).
that installs and maintains the KubeControllerManager [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) in a cluster. It can be viewed with:
```
oc get clusteroperator kube-controller-manager -o yaml
```

Many OpenShift ClusterOperators and Operands share common build, test, deployment, and update methods.
For more information about how to build, deploy, test, update, and develop OpenShift ClusterOperators, see
[OpenShift ClusterOperator and Operand Developer Document](https://github.com/openshift/enhancements/blob/master/enhancements/dev-guide/operators.md#how-do-i-buildupdateverifyrun-unit-tests)
## Test
Many OpenShift ClusterOperators and Operands share common build, test, deployment, and update methods, see [How do I build|update|verify|run unit-tests](https://github.com/openshift/enhancements/blob/master/dev-guide/operators.md#how-do-i-buildupdateverifyrun-unit-tests).

This section explains how to deploy OpenShift with your test `cluster-kube-controller-manager-operator` and `cluster-policy-controller` images:
[Testing a ClusterOperator/Operand image in a cluster](https://github.com/openshift/enhancements/blob/master/enhancements/dev-guide/operators.md#how-can-i-test-changes-to-an-openshift-operatoroperandrelease-component)
See [How can I test changes to an OpenShift operator/operand/release component?](https://github.com/openshift/enhancements/blob/master/dev-guide/operators.md#how-can-i-test-changes-to-an-openshift-operatoroperandrelease-component) to deploy OpenShift with your test `cluster-kube-controller-manager-operator` and `cluster-policy-controller` images.

## Rebase
Follow this checklist and copy into the PR:

- [ ] Select the desired [kubernetes release branch](https://github.com/kubernetes/kubernetes/branches), and use its `go.mod` and `CHANGELOG` as references for the rest of the work.
- [ ] Bump go version, all `k8s.io/`, `github.com/openshift/`, and any other relevant dependencies as needed.
- [ ] Run `go mod vendor && go mod tidy`, commit that separately from all other changes.
- [ ] Bump image versions (Dockerfile, ci...) if needed.
- [ ] Run `make build verify test`.
- [ ] Make code changes as needed until the above pass.
- [ ] Any other minor update, like documentation.
160 changes: 81 additions & 79 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,27 +6,27 @@ require (
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
github.com/go-bindata/go-bindata v3.1.2+incompatible
github.com/google/go-cmp v0.7.0
github.com/openshift/api v0.0.0-20250710082954-674ad74beffc
github.com/openshift/build-machinery-go v0.0.0-20250602125535-1b6d00b8c37c
github.com/openshift/client-go v0.0.0-20250710075018-396b36f983ee
github.com/openshift/library-go v0.0.0-20250711143941-47604345e7ea
github.com/openshift/api v0.0.0-20251117165054-348370f055bf
github.com/openshift/build-machinery-go v0.0.0-20251023084048-5d77c1a5e5af
github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235
github.com/openshift/library-go v0.0.0-20251112091634-ab97ebb73f0f
github.com/prometheus/client_golang v1.22.0
github.com/spf13/cobra v1.8.1
github.com/spf13/cobra v1.9.1
github.com/stretchr/testify v1.10.0
k8s.io/api v0.33.2
k8s.io/apimachinery v0.33.2
k8s.io/apiserver v0.33.2
k8s.io/client-go v0.33.2
k8s.io/component-base v0.33.2
k8s.io/controller-manager v0.33.2
k8s.io/api v0.34.2
k8s.io/apimachinery v0.34.2
k8s.io/apiserver v0.34.2
k8s.io/client-go v0.34.2
k8s.io/component-base v0.34.2
k8s.io/controller-manager v0.34.2
k8s.io/klog/v2 v2.130.1
k8s.io/kubernetes v1.33.2
k8s.io/pod-security-admission v0.33.2
k8s.io/utils v0.0.0-20241210054802-24370beab758
k8s.io/kubernetes v1.34.2
k8s.io/pod-security-admission v0.34.2
k8s.io/utils v0.0.0-20251002143259-bc988d571ff4
)

require (
cel.dev/expr v0.19.1 // indirect
cel.dev/expr v0.24.0 // indirect
github.com/NYTimes/gziphandler v1.1.1 // indirect
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
Expand All @@ -36,11 +36,11 @@ require (
github.com/coreos/go-semver v0.3.1 // indirect
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/emicklei/go-restful/v3 v3.12.2 // indirect
github.com/felixge/fgprof v0.9.4 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
github.com/fsnotify/fsnotify v1.9.0 // indirect
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/jsonpointer v0.21.0 // indirect
Expand All @@ -49,19 +49,19 @@ require (
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/btree v1.1.3 // indirect
github.com/google/cel-go v0.23.2 // indirect
github.com/google/gnostic-models v0.6.9 // indirect
github.com/google/cel-go v0.26.0 // indirect
github.com/google/gnostic-models v0.7.0 // indirect
github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/kylelemons/godebug v1.1.0 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/pkg/errors v0.9.1 // indirect
Expand All @@ -72,84 +72,86 @@ require (
github.com/prometheus/procfs v0.15.1 // indirect
github.com/robfig/cron v1.2.0 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/spf13/pflag v1.0.6 // indirect
github.com/stoewer/go-strcase v1.3.0 // indirect
github.com/x448/float16 v0.8.4 // indirect
go.etcd.io/etcd/api/v3 v3.5.21 // indirect
go.etcd.io/etcd/client/pkg/v3 v3.5.21 // indirect
go.etcd.io/etcd/client/v3 v3.5.21 // indirect
go.etcd.io/etcd/api/v3 v3.6.4 // indirect
go.etcd.io/etcd/client/pkg/v3 v3.6.4 // indirect
go.etcd.io/etcd/client/v3 v3.6.4 // indirect
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
go.opentelemetry.io/otel v1.33.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 // indirect
go.opentelemetry.io/otel/metric v1.33.0 // indirect
go.opentelemetry.io/otel/sdk v1.33.0 // indirect
go.opentelemetry.io/otel/trace v1.33.0 // indirect
go.opentelemetry.io/proto/otlp v1.4.0 // indirect
go.opentelemetry.io/otel v1.35.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0 // indirect
go.opentelemetry.io/otel/metric v1.35.0 // indirect
go.opentelemetry.io/otel/sdk v1.34.0 // indirect
go.opentelemetry.io/otel/trace v1.35.0 // indirect
go.opentelemetry.io/proto/otlp v1.5.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
golang.org/x/crypto v0.36.0 // indirect
go.yaml.in/yaml/v2 v2.4.2 // indirect
go.yaml.in/yaml/v3 v3.0.4 // indirect
golang.org/x/crypto v0.42.0 // indirect
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
golang.org/x/net v0.38.0 // indirect
golang.org/x/net v0.43.0 // indirect
golang.org/x/oauth2 v0.27.0 // indirect
golang.org/x/sync v0.12.0 // indirect
golang.org/x/sys v0.31.0 // indirect
golang.org/x/term v0.30.0 // indirect
golang.org/x/text v0.23.0 // indirect
golang.org/x/sync v0.17.0 // indirect
golang.org/x/sys v0.36.0 // indirect
golang.org/x/term v0.35.0 // indirect
golang.org/x/text v0.29.0 // indirect
golang.org/x/time v0.9.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect
google.golang.org/grpc v1.68.1 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb // indirect
google.golang.org/grpc v1.72.1 // indirect
google.golang.org/protobuf v1.36.5 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiextensions-apiserver v0.33.2 // indirect
k8s.io/apiextensions-apiserver v0.34.1 // indirect
k8s.io/component-helpers v0.33.2 // indirect
k8s.io/kms v0.33.2 // indirect
k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
k8s.io/kms v0.34.2 // indirect
k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect
k8s.io/kubelet v0.30.1 // indirect
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 // indirect
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
sigs.k8s.io/randfill v1.0.0 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
sigs.k8s.io/yaml v1.6.0 // indirect
)

// pin dependencies for k8s.io/kubernetes
replace (
k8s.io/api => k8s.io/api v0.33.2
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.33.2
k8s.io/apimachinery => k8s.io/apimachinery v0.33.2
k8s.io/apiserver => k8s.io/apiserver v0.33.2
k8s.io/cli-runtime => k8s.io/cli-runtime v0.33.2
k8s.io/client-go => k8s.io/client-go v0.33.2
k8s.io/cloud-provider => k8s.io/cloud-provider v0.33.2
k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.33.2
k8s.io/code-generator => k8s.io/code-generator v0.33.2
k8s.io/component-base => k8s.io/component-base v0.33.2
k8s.io/component-helpers => k8s.io/component-helpers v0.33.2
k8s.io/controller-manager => k8s.io/controller-manager v0.33.2
k8s.io/cri-api => k8s.io/cri-api v0.33.2
k8s.io/cri-client => k8s.io/cri-client v0.33.2
k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.33.2
k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.33.2
k8s.io/endpointslice => k8s.io/endpointslice v0.33.2
k8s.io/externaljwt => k8s.io/externaljwt v0.33.2
k8s.io/kms => k8s.io/kms v0.33.2
k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.33.2
k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.33.2
k8s.io/kube-proxy => k8s.io/kube-proxy v0.33.2
k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.33.2
k8s.io/kubectl => k8s.io/kubectl v0.33.2
k8s.io/kubelet => k8s.io/kubelet v0.33.2
k8s.io/metrics => k8s.io/metrics v0.33.2
k8s.io/mount-utils => k8s.io/mount-utils v0.33.2
k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.33.2
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.33.2
k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.33.2
k8s.io/sample-controller => k8s.io/sample-controller v0.33.2
k8s.io/api => k8s.io/api v0.34.2
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.34.2
k8s.io/apimachinery => k8s.io/apimachinery v0.34.2
k8s.io/apiserver => k8s.io/apiserver v0.34.2
k8s.io/cli-runtime => k8s.io/cli-runtime v0.34.2
k8s.io/client-go => k8s.io/client-go v0.34.2
k8s.io/cloud-provider => k8s.io/cloud-provider v0.34.2
k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.34.2
k8s.io/code-generator => k8s.io/code-generator v0.34.2
k8s.io/component-base => k8s.io/component-base v0.34.2
k8s.io/component-helpers => k8s.io/component-helpers v0.34.2
k8s.io/controller-manager => k8s.io/controller-manager v0.34.2
k8s.io/cri-api => k8s.io/cri-api v0.34.2
k8s.io/cri-client => k8s.io/cri-client v0.34.2
k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.34.2
k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.34.2
k8s.io/endpointslice => k8s.io/endpointslice v0.34.2
k8s.io/externaljwt => k8s.io/externaljwt v0.34.2
k8s.io/kms => k8s.io/kms v0.34.2
k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.34.2
k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.34.2
k8s.io/kube-proxy => k8s.io/kube-proxy v0.34.2
k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.34.2
k8s.io/kubectl => k8s.io/kubectl v0.34.2
k8s.io/kubelet => k8s.io/kubelet v0.34.2
k8s.io/metrics => k8s.io/metrics v0.34.2
k8s.io/mount-utils => k8s.io/mount-utils v0.34.2
k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.34.2
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.34.2
k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.34.2
k8s.io/sample-controller => k8s.io/sample-controller v0.34.2
)
Loading