Update dependencies to v0.32.4 tag

Merge pull request #129598 from aravindhp/automated-cherry-pick-of-#129595-upstream-release-1.32
Automated cherry pick of #129595: kubelet: use env vars in node log query PS command Kubernetes-commit: 5fe148234f8ab1184f26069c4f7bef6c37efe347
2025-04-23 08:51:34 +00:00 · 2025-01-14 22:51:21 +00:00 · 2024-08-06 15:46:15 -07:00 · 2024-12-06 19:41:22 +00:00 · 2024-12-06 02:40:53 -05:00 · 2024-12-05 03:31:45 +00:00
31 changed files with 153 additions and 762 deletions
--- a/config/v1/doc.go
+++ b/config/v1/doc.go
@ -18,4 +18,4 @@ limitations under the License.
 // +k8s:openapi-gen=true
 // +groupName=kubelet.config.k8s.io

-package v1
+package v1 // import "k8s.io/kubelet/config/v1"
--- a/config/v1/types.go
+++ b/config/v1/types.go
@ -32,7 +32,7 @@ type CredentialProviderConfig struct {
 	// Multiple providers may match against a single image, in which case credentials
 	// from all providers will be returned to the kubelet. If multiple providers are called
 	// for a single image, the results are combined. If providers return overlapping
-	// auth keys, the value from the provider earlier in this list is attempted first.
+	// auth keys, the value from the provider earlier in this list is used.
 	Providers []CredentialProvider `json:"providers"`
 }

@ -42,7 +42,6 @@ type CredentialProvider struct {
 	// name is the required name of the credential provider. It must match the name of the
 	// provider executable as seen by the kubelet. The executable must be in the kubelet's
 	// bin directory (set by the --image-credential-provider-bin-dir flag).
-	// Required to be unique across all providers.
 	Name string `json:"name"`

 	// matchImages is a required list of strings used to match against images in order to
@ -88,69 +87,6 @@ type CredentialProvider struct {
 	// to pass argument to the plugin.
 	// +optional
 	Env []ExecEnvVar `json:"env,omitempty"`
-
-	// tokenAttributes is the configuration for the service account token that will be passed to the plugin.
-	// The credential provider opts in to using service account tokens for image pull by setting this field.
-	// When this field is set, kubelet will generate a service account token bound to the pod for which the
-	// image is being pulled and pass to the plugin as part of CredentialProviderRequest along with other
-	// attributes required by the plugin.
-	//
-	// The service account metadata and token attributes will be used as a dimension to cache
-	// the credentials in kubelet. The cache key is generated by combining the service account metadata
-	// (namespace, name, UID, and annotations key+value for the keys defined in
-	// serviceAccountTokenAttribute.requiredServiceAccountAnnotationKeys and serviceAccountTokenAttribute.optionalServiceAccountAnnotationKeys).
-	// The pod metadata (namespace, name, UID) that are in the service account token are not used as a dimension
-	// to cache the credentials in kubelet. This means workloads that are using the same service account
-	// could end up using the same credentials for image pull. For plugins that don't want this behavior, or
-	// plugins that operate in pass-through mode; i.e., they return the service account token as-is, they
-	// can set the credentialProviderResponse.cacheDuration to 0. This will disable the caching of
-	// credentials in kubelet and the plugin will be invoked for every image pull. This does result in
-	// token generation overhead for every image pull, but it is the only way to ensure that the
-	// credentials are not shared across pods (even if they are using the same service account).
-	// +optional
-	TokenAttributes *ServiceAccountTokenAttributes `json:"tokenAttributes,omitempty"`
-}
-
-// ServiceAccountTokenAttributes is the configuration for the service account token that will be passed to the plugin.
-type ServiceAccountTokenAttributes struct {
-	// serviceAccountTokenAudience is the intended audience for the projected service account token.
-	// +required
-	ServiceAccountTokenAudience string `json:"serviceAccountTokenAudience"`
-
-	// requireServiceAccount indicates whether the plugin requires the pod to have a service account.
-	// If set to true, kubelet will only invoke the plugin if the pod has a service account.
-	// If set to false, kubelet will invoke the plugin even if the pod does not have a service account
-	// and will not include a token in the CredentialProviderRequest in that scenario. This is useful for plugins that
-	// are used to pull images for pods without service accounts (e.g., static pods).
-	// +required
-	RequireServiceAccount *bool `json:"requireServiceAccount"`
-
-	// requiredServiceAccountAnnotationKeys is the list of annotation keys that the plugin is interested in
-	// and that are required to be present in the service account.
-	// The keys defined in this list will be extracted from the corresponding service account and passed
-	// to the plugin as part of the CredentialProviderRequest. If any of the keys defined in this list
-	// are not present in the service account, kubelet will not invoke the plugin and will return an error.
-	// This field is optional and may be empty. Plugins may use this field to extract
-	// additional information required to fetch credentials or allow workloads to opt in to
-	// using service account tokens for image pull.
-	// If non-empty, requireServiceAccount must be set to true.
-	// Keys in this list must be unique.
-	// This list needs to be mutually exclusive with optionalServiceAccountAnnotationKeys.
-	// +optional
-	// +listType=set
-	RequiredServiceAccountAnnotationKeys []string `json:"requiredServiceAccountAnnotationKeys,omitempty"`
-
-	// optionalServiceAccountAnnotationKeys is the list of annotation keys that the plugin is interested in
-	// and that are optional to be present in the service account.
-	// The keys defined in this list will be extracted from the corresponding service account and passed
-	// to the plugin as part of the CredentialProviderRequest. The plugin is responsible for validating
-	// the existence of annotations and their values.
-	// This field is optional and may be empty. Plugins may use this field to extract
-	// additional information required to fetch credentials.
-	// Keys in this list must be unique.
-	// +optional
-	// +listType=set
-	OptionalServiceAccountAnnotationKeys []string `json:"optionalServiceAccountAnnotationKeys,omitempty"`
 }

 // ExecEnvVar is used for setting environment variables when executing an exec-based
--- a/config/v1/zz_generated.deepcopy.go
+++ b/config/v1/zz_generated.deepcopy.go
@ -49,11 +49,6 @@ func (in *CredentialProvider) DeepCopyInto(out *CredentialProvider) {
 		*out = make([]ExecEnvVar, len(*in))
 		copy(*out, *in)
 	}
-	if in.TokenAttributes != nil {
-		in, out := &in.TokenAttributes, &out.TokenAttributes
-		*out = new(ServiceAccountTokenAttributes)
-		(*in).DeepCopyInto(*out)
-	}
 	return
 }

@ -114,34 +109,3 @@ func (in *ExecEnvVar) DeepCopy() *ExecEnvVar {
 	in.DeepCopyInto(out)
 	return out
 }
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ServiceAccountTokenAttributes) DeepCopyInto(out *ServiceAccountTokenAttributes) {
-	*out = *in
-	if in.RequireServiceAccount != nil {
-		in, out := &in.RequireServiceAccount, &out.RequireServiceAccount
-		*out = new(bool)
-		**out = **in
-	}
-	if in.RequiredServiceAccountAnnotationKeys != nil {
-		in, out := &in.RequiredServiceAccountAnnotationKeys, &out.RequiredServiceAccountAnnotationKeys
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.OptionalServiceAccountAnnotationKeys != nil {
-		in, out := &in.OptionalServiceAccountAnnotationKeys, &out.OptionalServiceAccountAnnotationKeys
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountTokenAttributes.
-func (in *ServiceAccountTokenAttributes) DeepCopy() *ServiceAccountTokenAttributes {
-	if in == nil {
-		return nil
-	}
-	out := new(ServiceAccountTokenAttributes)
-	in.DeepCopyInto(out)
-	return out
-}
--- a/config/v1alpha1/doc.go
+++ b/config/v1alpha1/doc.go
@ -18,4 +18,4 @@ limitations under the License.
 // +k8s:openapi-gen=true
 // +groupName=kubelet.config.k8s.io

-package v1alpha1
+package v1alpha1 // import "k8s.io/kubelet/config/v1alpha1"
--- a/config/v1alpha1/register.go
+++ b/config/v1alpha1/register.go
@ -38,8 +38,6 @@ var (
 func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&CredentialProviderConfig{},
-		&ImagePullIntent{},
-		&ImagePulledRecord{},
 	)
 	return nil
 }
--- a/config/v1alpha1/types.go
+++ b/config/v1alpha1/types.go
@ -32,7 +32,7 @@ type CredentialProviderConfig struct {
 	// Multiple providers may match against a single image, in which case credentials
 	// from all providers will be returned to the kubelet. If multiple providers are called
 	// for a single image, the results are combined. If providers return overlapping
-	// auth keys, the value from the provider earlier in this list is attempted first.
+	// auth keys, the value from the provider earlier in this list is used.
 	Providers []CredentialProvider `json:"providers"`
 }

@ -42,7 +42,6 @@ type CredentialProvider struct {
 	// name is the required name of the credential provider. It must match the name of the
 	// provider executable as seen by the kubelet. The executable must be in the kubelet's
 	// bin directory (set by the --image-credential-provider-bin-dir flag).
-	// Required to be unique across all providers.
 	Name string `json:"name"`

 	// matchImages is a required list of strings used to match against images in order to
@ -96,75 +95,3 @@ type ExecEnvVar struct {
 	Name  string `json:"name"`
 	Value string `json:"value"`
 }
-
-// ImagePullIntent is a record of the kubelet attempting to pull an image.
-//
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-type ImagePullIntent struct {
-	metav1.TypeMeta `json:",inline"`
-
-	// Image is the image spec from a Container's `image` field.
-	// The filename is a SHA-256 hash of this value. This is to avoid filename-unsafe
-	// characters like ':' and '/'.
-	Image string `json:"image"`
-}
-
-// ImagePullRecord is a record of an image that was pulled by the kubelet.
-//
-// If there are no records in the `kubernetesSecrets` field and both `nodeWideCredentials`
-// and `anonymous` are `false`, credentials must be re-checked the next time an
-// image represented by this record is being requested.
-//
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-type ImagePulledRecord struct {
-	metav1.TypeMeta `json:",inline"`
-
-	// LastUpdatedTime is the time of the last update to this record
-	LastUpdatedTime metav1.Time `json:"lastUpdatedTime"`
-
-	// ImageRef is a reference to the image represented by this file as received
-	// from the CRI.
-	// The filename is a SHA-256 hash of this value. This is to avoid filename-unsafe
-	// characters like ':' and '/'.
-	ImageRef string `json:"imageRef"`
-
-	// CredentialMapping maps `image` to the set of credentials that it was
-	// previously pulled with.
-	// `image` in this case is the content of a pod's container `image` field that's
-	// got its tag/digest removed.
-	//
-	// Example:
-	//   Container requests the `hello-world:latest@sha256:91fb4b041da273d5a3273b6d587d62d518300a6ad268b28628f74997b93171b2` image:
-	//     "credentialMapping": {
-	//       "hello-world": { "nodePodsAccessible": true }
-	//     }
-	CredentialMapping map[string]ImagePullCredentials `json:"credentialMapping,omitempty"`
-}
-
-// ImagePullCredentials describe credentials that can be used to pull an image.
-type ImagePullCredentials struct {
-	// KuberneteSecretCoordinates is an index of coordinates of all the kubernetes
-	// secrets that were used to pull the image.
-	// +optional
-	// +listType=set
-	KubernetesSecrets []ImagePullSecret `json:"kubernetesSecrets"`
-
-	// NodePodsAccessible is a flag denoting the pull credentials are accessible
-	// by all the pods on the node, or that no credentials are needed for the pull.
-	//
-	// If true, it is mutually exclusive with the `kubernetesSecrets` field.
-	// +optional
-	NodePodsAccessible bool `json:"nodePodsAccessible,omitempty"`
-}
-
-// ImagePullSecret is a representation of a Kubernetes secret object coordinates along
-// with a credential hash of the pull secret credentials this object contains.
-type ImagePullSecret struct {
-	UID       string `json:"uid"`
-	Namespace string `json:"namespace"`
-	Name      string `json:"name"`
-
-	// CredentialHash is a SHA-256 retrieved by hashing the image pull credentials
-	// content of the secret specified by the UID/Namespace/Name coordinates.
-	CredentialHash string `json:"credentialHash"`
-}
--- a/config/v1alpha1/zz_generated.deepcopy.go
+++ b/config/v1alpha1/zz_generated.deepcopy.go
@ -109,98 +109,3 @@ func (in *ExecEnvVar) DeepCopy() *ExecEnvVar {
 	in.DeepCopyInto(out)
 	return out
 }
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ImagePullCredentials) DeepCopyInto(out *ImagePullCredentials) {
-	*out = *in
-	if in.KubernetesSecrets != nil {
-		in, out := &in.KubernetesSecrets, &out.KubernetesSecrets
-		*out = make([]ImagePullSecret, len(*in))
-		copy(*out, *in)
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePullCredentials.
-func (in *ImagePullCredentials) DeepCopy() *ImagePullCredentials {
-	if in == nil {
-		return nil
-	}
-	out := new(ImagePullCredentials)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ImagePullIntent) DeepCopyInto(out *ImagePullIntent) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePullIntent.
-func (in *ImagePullIntent) DeepCopy() *ImagePullIntent {
-	if in == nil {
-		return nil
-	}
-	out := new(ImagePullIntent)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *ImagePullIntent) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ImagePullSecret) DeepCopyInto(out *ImagePullSecret) {
-	*out = *in
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePullSecret.
-func (in *ImagePullSecret) DeepCopy() *ImagePullSecret {
-	if in == nil {
-		return nil
-	}
-	out := new(ImagePullSecret)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ImagePulledRecord) DeepCopyInto(out *ImagePulledRecord) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.LastUpdatedTime.DeepCopyInto(&out.LastUpdatedTime)
-	if in.CredentialMapping != nil {
-		in, out := &in.CredentialMapping, &out.CredentialMapping
-		*out = make(map[string]ImagePullCredentials, len(*in))
-		for key, val := range *in {
-			(*out)[key] = *val.DeepCopy()
-		}
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePulledRecord.
-func (in *ImagePulledRecord) DeepCopy() *ImagePulledRecord {
-	if in == nil {
-		return nil
-	}
-	out := new(ImagePulledRecord)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *ImagePulledRecord) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
--- a/config/v1beta1/doc.go
+++ b/config/v1beta1/doc.go
@ -18,4 +18,4 @@ limitations under the License.
 // +k8s:openapi-gen=true
 // +groupName=kubelet.config.k8s.io

-package v1beta1
+package v1beta1 // import "k8s.io/kubelet/config/v1beta1"
--- a/config/v1beta1/types.go
+++ b/config/v1beta1/types.go
@ -83,25 +83,6 @@ const (
 	StaticMemoryManagerPolicy = "Static"
 )

-// ImagePullCredentialsVerificationPolicy is an enum for the policy that is enforced
-// when pod is requesting an image that appears on the system
-type ImagePullCredentialsVerificationPolicy string
-
-const (
-	// NeverVerify will never require credential verification for images that
-	// already exist on the node
-	NeverVerify ImagePullCredentialsVerificationPolicy = "NeverVerify"
-	// NeverVerifyPreloadedImages does not require credential verification for images
-	// pulled outside the kubelet process
-	NeverVerifyPreloadedImages ImagePullCredentialsVerificationPolicy = "NeverVerifyPreloadedImages"
-	// NeverVerifyAllowlistedImages does not require credential verification for
-	// a list of images that were pulled outside the kubelet process
-	NeverVerifyAllowlistedImages ImagePullCredentialsVerificationPolicy = "NeverVerifyAllowlistedImages"
-	// AlwaysVerify requires credential verification for accessing any image on the
-	// node irregardless how it was pulled
-	AlwaysVerify ImagePullCredentialsVerificationPolicy = "AlwaysVerify"
-)
-
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

 // KubeletConfiguration contains the configuration for the Kubelet
@ -229,28 +210,6 @@ type KubeletConfiguration struct {
 	// Default: 10
 	// +optional
 	RegistryBurst int32 `json:"registryBurst,omitempty"`
-	// imagePullCredentialsVerificationPolicy determines how credentials should be
-	// verified when pod requests an image that is already present on the node:
-	//   - NeverVerify
-	//       - anyone on a node can use any image present on the node
-	//   - NeverVerifyPreloadedImages
-	//       - images that were pulled to the node by something else than the kubelet
-	//         can be used without reverifying pull credentials
-	//   - NeverVerifyAllowlistedImages
-	//       - like "NeverVerifyPreloadedImages" but only node images from
-	//         `preloadedImagesVerificationAllowlist` don't require reverification
-	//   - AlwaysVerify
-	//       - all images require credential reverification
-	// +optional
-	ImagePullCredentialsVerificationPolicy ImagePullCredentialsVerificationPolicy `json:"imagePullCredentialsVerificationPolicy,omitempty"`
-	// preloadedImagesVerificationAllowlist specifies a list of images that are
-	// exempted from credential reverification for the "NeverVerifyAllowlistedImages"
-	// `imagePullCredentialsVerificationPolicy`.
-	// The list accepts a full path segment wildcard suffix "/*".
-	// Only use image specs without an image tag or digest.
-	// +optional
-	// +listType=set
-	PreloadedImagesVerificationAllowlist []string `json:"preloadedImagesVerificationAllowlist,omitempty"`
 	// eventRecordQPS is the maximum event creations per second. If 0, there
 	// is no limit enforced. The value cannot be a negative number.
 	// Default: 50
@ -391,6 +350,7 @@ type KubeletConfiguration struct {
 	// +optional
 	CgroupDriver string `json:"cgroupDriver,omitempty"`
 	// cpuManagerPolicy is the name of the policy to use.
+	// Requires the CPUManager feature gate to be enabled.
 	// Default: "None"
 	// +optional
 	CPUManagerPolicy string `json:"cpuManagerPolicy,omitempty"`
@ -405,10 +365,12 @@ type KubeletConfiguration struct {
 	SingleProcessOOMKill *bool `json:"singleProcessOOMKill,omitempty"`
 	// cpuManagerPolicyOptions is a set of key=value which 	allows to set extra options
 	// to fine tune the behaviour of the cpu manager policies.
+	// Requires  both the "CPUManager" and "CPUManagerPolicyOptions" feature gates to be enabled.
 	// Default: nil
 	// +optional
 	CPUManagerPolicyOptions map[string]string `json:"cpuManagerPolicyOptions,omitempty"`
 	// cpuManagerReconcilePeriod is the reconciliation period for the CPU Manager.
+	// Requires the CPUManager feature gate to be enabled.
 	// Default: "10s"
 	// +optional
 	CPUManagerReconcilePeriod metav1.Duration `json:"cpuManagerReconcilePeriod,omitempty"`
@ -568,7 +530,6 @@ type KubeletConfiguration struct {
 	EvictionSoftGracePeriod map[string]string `json:"evictionSoftGracePeriod,omitempty"`
 	// evictionPressureTransitionPeriod is the duration for which the kubelet has to wait
 	// before transitioning out of an eviction pressure condition.
-	// A duration of 0s will be converted to the default value of 5m
 	// Default: "5m"
 	// +optional
 	EvictionPressureTransitionPeriod metav1.Duration `json:"evictionPressureTransitionPeriod,omitempty"`
@ -585,16 +546,6 @@ type KubeletConfiguration struct {
 	// Default: nil
 	// +optional
 	EvictionMinimumReclaim map[string]string `json:"evictionMinimumReclaim,omitempty"`
-	// mergeDefaultEvictionSettings indicates that defaults for the evictionHard, evictionSoft, evictionSoftGracePeriod, and evictionMinimumReclaim
-	// fields should be merged into values specified for those fields in this configuration.
-	// Signals specified in this configuration take precedence.
-	// Signals not specified in this configuration inherit their defaults.
-	// If false, and if any signal is specified in this configuration then other signals that
-	// are not specified in this configuration will be set to 0.
-	// It applies to merging the fields for which the default exists, and currently only evictionHard has default values.
-	// Default: false
-	// +optional
-	MergeDefaultEvictionSettings *bool `json:"mergeDefaultEvictionSettings,omitempty"`
 	// podsPerCore is the maximum number of pods per core. Cannot exceed maxPods.
 	// The value must be a non-negative integer.
 	// If 0, there is no limit on the number of Pods.
@ -921,11 +872,6 @@ type KubeletConfiguration struct {
 	// Default: false
 	// +optional
 	FailCgroupV1 *bool `json:"failCgroupV1,omitempty"`
-
-	// UserNamespaces contains User Namespace configurations.
-	// +featureGate=UserNamespacesSupport
-	// +optional
-	UserNamespaces *UserNamespaces `json:"userNamespaces,omitempty"`
 }

 type KubeletAuthorizationMode string
@ -1057,7 +1003,7 @@ type CredentialProviderConfig struct {
 	// Multiple providers may match against a single image, in which case credentials
 	// from all providers will be returned to the kubelet. If multiple providers are called
 	// for a single image, the results are combined. If providers return overlapping
-	// auth keys, the value from the provider earlier in this list is attempted first.
+	// auth keys, the value from the provider earlier in this list is used.
 	Providers []CredentialProvider `json:"providers"`
 }

@ -1067,7 +1013,6 @@ type CredentialProvider struct {
 	// name is the required name of the credential provider. It must match the name of the
 	// provider executable as seen by the kubelet. The executable must be in the kubelet's
 	// bin directory (set by the --image-credential-provider-bin-dir flag).
-	// Required to be unique across all providers.
 	Name string `json:"name"`

 	// matchImages is a required list of strings used to match against images in order to
@ -1121,17 +1066,3 @@ type ExecEnvVar struct {
 	Name  string `json:"name"`
 	Value string `json:"value"`
 }
-
-// UserNamespaces contains User Namespace configurations.
-type UserNamespaces struct {
-	// IDsPerPod is the mapping length of UIDs and GIDs.
-	// The length must be a multiple of 65536, and must be less than 1<<32.
-	// On non-linux such as windows, only null / absent is allowed.
-	//
-	// Changing the value may require recreating all containers on the node.
-	//
-	// Default: 65536
-	// +featureGate=UserNamespacesSupport
-	// +optional
-	IDsPerPod *int64 `json:"idsPerPod,omitempty"`
-}
--- a/config/v1beta1/zz_generated.deepcopy.go
+++ b/config/v1beta1/zz_generated.deepcopy.go
@ -229,11 +229,6 @@ func (in *KubeletConfiguration) DeepCopyInto(out *KubeletConfiguration) {
 		*out = new(int32)
 		**out = **in
 	}
-	if in.PreloadedImagesVerificationAllowlist != nil {
-		in, out := &in.PreloadedImagesVerificationAllowlist, &out.PreloadedImagesVerificationAllowlist
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
 	if in.EventRecordQPS != nil {
 		in, out := &in.EventRecordQPS, &out.EventRecordQPS
 		*out = new(int32)
@ -377,11 +372,6 @@ func (in *KubeletConfiguration) DeepCopyInto(out *KubeletConfiguration) {
 			(*out)[key] = val
 		}
 	}
-	if in.MergeDefaultEvictionSettings != nil {
-		in, out := &in.MergeDefaultEvictionSettings, &out.MergeDefaultEvictionSettings
-		*out = new(bool)
-		**out = **in
-	}
 	if in.EnableControllerAttachDetach != nil {
 		in, out := &in.EnableControllerAttachDetach, &out.EnableControllerAttachDetach
 		*out = new(bool)
@ -527,11 +517,6 @@ func (in *KubeletConfiguration) DeepCopyInto(out *KubeletConfiguration) {
 		*out = new(bool)
 		**out = **in
 	}
-	if in.UserNamespaces != nil {
-		in, out := &in.UserNamespaces, &out.UserNamespaces
-		*out = new(UserNamespaces)
-		(*in).DeepCopyInto(*out)
-	}
 	return
 }

@ -689,24 +674,3 @@ func (in *ShutdownGracePeriodByPodPriority) DeepCopy() *ShutdownGracePeriodByPod
 	in.DeepCopyInto(out)
 	return out
 }
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *UserNamespaces) DeepCopyInto(out *UserNamespaces) {
-	*out = *in
-	if in.IDsPerPod != nil {
-		in, out := &in.IDsPerPod, &out.IDsPerPod
-		*out = new(int64)
-		**out = **in
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserNamespaces.
-func (in *UserNamespaces) DeepCopy() *UserNamespaces {
-	if in == nil {
-		return nil
-	}
-	out := new(UserNamespaces)
-	in.DeepCopyInto(out)
-	return out
-}
--- a/doc.go
+++ b/doc.go
@ -14,4 +14,4 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

-package kubelet
+package kubelet // import "k8s.io/kubelet"
--- a/go.mod
+++ b/go.mod
@ -2,64 +2,66 @@

 module k8s.io/kubelet

-go 1.24.0
+go 1.23.0

-godebug default=go1.24
+godebug default=go1.23
+
+godebug winsymlink=0

 require (
 	github.com/emicklei/go-restful/v3 v3.11.0
 	github.com/gogo/protobuf v1.3.2
-	github.com/stretchr/testify v1.10.0
-	go.uber.org/goleak v1.3.0
-	google.golang.org/grpc v1.72.1
-	k8s.io/api v0.0.0-20250612195650-7efafe3627c8
-	k8s.io/apimachinery v0.0.0-20250612195403-e0270fe44c97
-	k8s.io/apiserver v0.0.0-20250612202325-89f1e0c9f7d8
-	k8s.io/client-go v0.0.0-20250612200049-4e82e684120e
-	k8s.io/component-base v0.0.0-20250612201519-d0c00e6471f7
-	k8s.io/cri-api v0.0.0-20250527182550-7d025a3cd8e3
+	github.com/stretchr/testify v1.9.0
+	google.golang.org/grpc v1.65.0
+	k8s.io/api v0.32.4
+	k8s.io/apimachinery v0.32.4
+	k8s.io/apiserver v0.32.4
+	k8s.io/client-go v0.32.4
+	k8s.io/component-base v0.32.4
+	k8s.io/cri-api v0.32.4
 	k8s.io/klog/v2 v2.130.1
-	k8s.io/utils v0.0.0-20250604170112-4c0f3b243397
+	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
 )

 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/fxamacker/cbor/v2 v2.8.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
-	github.com/google/go-cmp v0.7.0 // indirect
-	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/kr/text v0.2.0 // indirect
 	github.com/moby/spdystream v0.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.22.0 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/prometheus/client_golang v1.19.1 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.62.0 // indirect
+	github.com/prometheus/common v0.55.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
-	github.com/spf13/cobra v1.9.1 // indirect
-	github.com/spf13/pflag v1.0.6 // indirect
+	github.com/spf13/cobra v1.8.1 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	go.opentelemetry.io/otel v1.35.0 // indirect
-	go.opentelemetry.io/otel/trace v1.35.0 // indirect
-	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/oauth2 v0.27.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
-	golang.org/x/term v0.30.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
-	golang.org/x/time v0.9.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb // indirect
-	google.golang.org/protobuf v1.36.5 // indirect
+	go.opentelemetry.io/otel v1.28.0 // indirect
+	go.opentelemetry.io/otel/trace v1.28.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/term v0.25.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
-	sigs.k8s.io/randfill v1.0.0 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.7.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -6,38 +6,44 @@ github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU=
-github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
-github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
-github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
 github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
 github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
 github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
 github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
 github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
-github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
+github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
+github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
-github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
-github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
+github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
@ -46,14 +52,10 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
-github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
-github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU=
@ -61,56 +63,46 @@ github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVO
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8=
-github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
+github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
+github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
-github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
 github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
-github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
-github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
+github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
+github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
-github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
-github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
-github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
-github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
-github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
+github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
-github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
-github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
-go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ=
-go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y=
-go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M=
-go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE=
-go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A=
-go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU=
-go.opentelemetry.io/otel/sdk/metric v1.34.0 h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce1EK0Gyvahk=
-go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w=
-go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs=
-go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc=
-go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
-go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo=
+go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4=
+go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g=
+go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@ -120,40 +112,42 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
-golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
-golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
-golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
+golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
-golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
+golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
-golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
-golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
+golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb h1:TLPQVbx1GJ8VKZxz52VAxl1EBgKXXbTiU9Fc5fZeLn4=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I=
-google.golang.org/grpc v1.72.1 h1:HR03wO6eyZ7lknl75XlxABNVLLFc2PAb6mHlYh756mA=
-google.golang.org/grpc v1.72.1/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM=
-google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
-google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 h1:2035KHhUv+EpyB+hWgJnaWKJOdX1E95w2S8Rr4uWKTs=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
+google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
+google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@ -163,30 +157,27 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.0.0-20250612195650-7efafe3627c8 h1:K1AnJQBQTKLy2C/up2YSFuuQ+OBucYGcDCBO2cafjlQ=
-k8s.io/api v0.0.0-20250612195650-7efafe3627c8/go.mod h1:+9QbMyXTXctHAXg3fdhJbuZgyzhYgprCn43M5NqoJzw=
-k8s.io/apimachinery v0.0.0-20250612195403-e0270fe44c97 h1:h2og30eGCCk1GOEZK6+LNhhlydDcWY3wJaWDIs05xR8=
-k8s.io/apimachinery v0.0.0-20250612195403-e0270fe44c97/go.mod h1:EZ7eIfFAwky7ktmG4Pu9XWxBxFG++4dxPDOM0GL3abw=
-k8s.io/apiserver v0.0.0-20250612202325-89f1e0c9f7d8 h1:ParTrAI+8gMCqiYjD9B33XZxNnODITRKi0I/rJCJmTY=
-k8s.io/apiserver v0.0.0-20250612202325-89f1e0c9f7d8/go.mod h1:h9Mz8g41T/MRlrcxnfKoj9omNrKtKvdaDRhX34SVi5A=
-k8s.io/client-go v0.0.0-20250612200049-4e82e684120e h1:xoSxEgTvcAD7YG46B6RN1yZx5KhF0YKNe4SSoY+qSQA=
-k8s.io/client-go v0.0.0-20250612200049-4e82e684120e/go.mod h1:hktzpPyrdfB1WrXOvdnDayNSrngzEwWjiwTGqq6Zjns=
-k8s.io/component-base v0.0.0-20250612201519-d0c00e6471f7 h1:PmR3IJeL8qbnqdH70lmCLxZjHFr+Cbz5v6VY6ZFlMsI=
-k8s.io/component-base v0.0.0-20250612201519-d0c00e6471f7/go.mod h1:eMJvxKozNu3AbHhH6mWUJbzNhElacCbAilLeMjxIW5k=
-k8s.io/cri-api v0.0.0-20250527182550-7d025a3cd8e3 h1:r4SV0gc6fVMJPOUEhuyAt8FG1RD4iSzEQQtuztQDA9o=
-k8s.io/cri-api v0.0.0-20250527182550-7d025a3cd8e3/go.mod h1:+Caj3ZVbxtl8aq+J8bhiQCeDcYPYBFE1IFInuxO3fLk=
+k8s.io/api v0.32.4 h1:kw8Y/G8E7EpNy7gjB8gJZl3KJkNz8HM2YHrZPtAZsF4=
+k8s.io/api v0.32.4/go.mod h1:5MYFvLvweRhyKylM3Es/6uh/5hGp0dg82vP34KifX4g=
+k8s.io/apimachinery v0.32.4 h1:8EEksaxA7nd7xWJkkwLDN4SvWS5ot9g6Z/VZb3ju25I=
+k8s.io/apimachinery v0.32.4/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/apiserver v0.32.4 h1:Yf7sd/y+GOQKH1Qf6wUeayZrYXe2SKZ17Bcq7VQM5HQ=
+k8s.io/apiserver v0.32.4/go.mod h1:JFUMNtE2M5yqLZpIsgCb06SkVSW1YcxW1oyLSTfjXR8=
+k8s.io/client-go v0.32.4 h1:zaGJS7xoYOYumoWIFXlcVrsiYioRPrXGO7dBfVC5R6M=
+k8s.io/client-go v0.32.4/go.mod h1:k0jftcyYnEtwlFW92xC7MTtFv5BNcZBr+zn9jPlT9Ic=
+k8s.io/component-base v0.32.4 h1:HuF+2JVLbFS5GODLIfPCb1Td6b+G2HszJoArcWOSr5I=
+k8s.io/component-base v0.32.4/go.mod h1:10KloJEYw1keU/Xmjfy9TKJqUq7J2mYdiD1VDXoco4o=
+k8s.io/cri-api v0.32.4 h1:Qa+KKknvf1widc4oZRFegrmdsdumqfkKOB6CEG7enUA=
+k8s.io/cri-api v0.32.4/go.mod h1:DCzMuTh2padoinefWME0G678Mc3QFbLMF2vEweGzBAI=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4=
-k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8=
-k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y=
-k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
+k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
+k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
+k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
-sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
-sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
-sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
-sigs.k8s.io/structured-merge-diff/v4 v4.7.0 h1:qPeWmscJcXP0snki5IYF79Z8xrl8ETFxgMd7wez1XkI=
-sigs.k8s.io/structured-merge-diff/v4 v4.7.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
--- a/pkg/apis/credentialprovider/doc.go
+++ b/pkg/apis/credentialprovider/doc.go
@ -17,4 +17,4 @@ limitations under the License.
 // +k8s:deepcopy-gen=package
 // +groupName=credentialprovider.kubelet.k8s.io

-package credentialprovider
+package credentialprovider // import "k8s.io/kubelet/pkg/apis/credentialprovider"
--- a/pkg/apis/credentialprovider/types.go
+++ b/pkg/apis/credentialprovider/types.go
@ -32,17 +32,6 @@ type CredentialProviderRequest struct {
 	// credential provider plugin request. Plugins may optionally parse the image
 	// to extract any information required to fetch credentials.
 	Image string
-
-	// serviceAccountToken is the service account token bound to the pod for which
-	// the image is being pulled. This token is only sent to the plugin if the
-	// tokenAttributes.serviceAccountTokenAudience field is configured in the kubelet's credential provider configuration.
-	ServiceAccountToken string
-
-	// serviceAccountAnnotations is a map of annotations on the service account bound to the
-	// pod for which the image is being pulled. The list of annotations in the service account
-	// that need to be passed to the plugin is configured in the kubelet's credential provider
-	// configuration.
-	ServiceAccountAnnotations map[string]string
 }

 type PluginCacheKeyType string
--- a/pkg/apis/credentialprovider/v1/doc.go
+++ b/pkg/apis/credentialprovider/v1/doc.go
@ -19,4 +19,4 @@ limitations under the License.
 // +k8s:defaulter-gen=TypeMeta
 // +groupName=credentialprovider.kubelet.k8s.io

-package v1
+package v1 // import "k8s.io/kubelet/pkg/apis/credentialprovider/v1"
--- a/pkg/apis/credentialprovider/v1/types.go
+++ b/pkg/apis/credentialprovider/v1/types.go
@ -32,18 +32,6 @@ type CredentialProviderRequest struct {
 	// credential provider plugin request. Plugins may optionally parse the image
 	// to extract any information required to fetch credentials.
 	Image string `json:"image"`
-
-	// serviceAccountToken is the service account token bound to the pod for which
-	// the image is being pulled. This token is only sent to the plugin if the
-	// tokenAttributes.serviceAccountTokenAudience field is configured in the kubelet's credential
-	// provider configuration.
-	ServiceAccountToken string `json:"serviceAccountToken,omitempty" datapolicy:"token"`
-
-	// serviceAccountAnnotations is a map of annotations on the service account bound to the
-	// pod for which the image is being pulled. The list of annotations in the service account
-	// that need to be passed to the plugin is configured in the kubelet's credential provider
-	// configuration.
-	ServiceAccountAnnotations map[string]string `json:"serviceAccountAnnotations,omitempty"`
 }

 type PluginCacheKeyType string
--- a/pkg/apis/credentialprovider/v1/zz_generated.conversion.go
+++ b/pkg/apis/credentialprovider/v1/zz_generated.conversion.go
@ -94,8 +94,6 @@ func Convert_credentialprovider_AuthConfig_To_v1_AuthConfig(in *credentialprovid

 func autoConvert_v1_CredentialProviderRequest_To_credentialprovider_CredentialProviderRequest(in *CredentialProviderRequest, out *credentialprovider.CredentialProviderRequest, s conversion.Scope) error {
 	out.Image = in.Image
-	out.ServiceAccountToken = in.ServiceAccountToken
-	out.ServiceAccountAnnotations = *(*map[string]string)(unsafe.Pointer(&in.ServiceAccountAnnotations))
 	return nil
 }

@ -106,8 +104,6 @@ func Convert_v1_CredentialProviderRequest_To_credentialprovider_CredentialProvid

 func autoConvert_credentialprovider_CredentialProviderRequest_To_v1_CredentialProviderRequest(in *credentialprovider.CredentialProviderRequest, out *CredentialProviderRequest, s conversion.Scope) error {
 	out.Image = in.Image
-	out.ServiceAccountToken = in.ServiceAccountToken
-	out.ServiceAccountAnnotations = *(*map[string]string)(unsafe.Pointer(&in.ServiceAccountAnnotations))
 	return nil
 }

--- a/pkg/apis/credentialprovider/v1/zz_generated.deepcopy.go
+++ b/pkg/apis/credentialprovider/v1/zz_generated.deepcopy.go
@ -46,13 +46,6 @@ func (in *AuthConfig) DeepCopy() *AuthConfig {
 func (in *CredentialProviderRequest) DeepCopyInto(out *CredentialProviderRequest) {
 	*out = *in
 	out.TypeMeta = in.TypeMeta
-	if in.ServiceAccountAnnotations != nil {
-		in, out := &in.ServiceAccountAnnotations, &out.ServiceAccountAnnotations
-		*out = make(map[string]string, len(*in))
-		for key, val := range *in {
-			(*out)[key] = val
-		}
-	}
 	return
 }

--- a/pkg/apis/credentialprovider/v1alpha1/conversion.go
+++ b/pkg/apis/credentialprovider/v1alpha1/conversion.go
@ -1,27 +0,0 @@
-/*
-Copyright 2025 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1alpha1
-
-import (
-	"k8s.io/apimachinery/pkg/conversion"
-	"k8s.io/kubelet/pkg/apis/credentialprovider"
-)
-
-func Convert_credentialprovider_CredentialProviderRequest_To_v1alpha1_CredentialProviderRequest(in *credentialprovider.CredentialProviderRequest, out *CredentialProviderRequest, s conversion.Scope) error {
-	// This conversion intentionally omits the serviceAccountToken and serviceAccountAnnotations fields which are only supported in v1 CredentialProviderRequest.
-	return autoConvert_credentialprovider_CredentialProviderRequest_To_v1alpha1_CredentialProviderRequest(in, out, s)
-}
--- a/pkg/apis/credentialprovider/v1alpha1/doc.go
+++ b/pkg/apis/credentialprovider/v1alpha1/doc.go
@ -19,4 +19,4 @@ limitations under the License.
 // +k8s:defaulter-gen=TypeMeta
 // +groupName=credentialprovider.kubelet.k8s.io

-package v1alpha1
+package v1alpha1 // import "k8s.io/kubelet/pkg/apis/credentialprovider/v1alpha1"
--- a/pkg/apis/credentialprovider/v1alpha1/zz_generated.conversion.go
+++ b/pkg/apis/credentialprovider/v1alpha1/zz_generated.conversion.go
@ -52,6 +52,11 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddGeneratedConversionFunc((*credentialprovider.CredentialProviderRequest)(nil), (*CredentialProviderRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_credentialprovider_CredentialProviderRequest_To_v1alpha1_CredentialProviderRequest(a.(*credentialprovider.CredentialProviderRequest), b.(*CredentialProviderRequest), scope)
+	}); err != nil {
+		return err
+	}
 	if err := s.AddGeneratedConversionFunc((*CredentialProviderResponse)(nil), (*credentialprovider.CredentialProviderResponse)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1alpha1_CredentialProviderResponse_To_credentialprovider_CredentialProviderResponse(a.(*CredentialProviderResponse), b.(*credentialprovider.CredentialProviderResponse), scope)
 	}); err != nil {
@ -62,11 +67,6 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
-	if err := s.AddConversionFunc((*credentialprovider.CredentialProviderRequest)(nil), (*CredentialProviderRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_credentialprovider_CredentialProviderRequest_To_v1alpha1_CredentialProviderRequest(a.(*credentialprovider.CredentialProviderRequest), b.(*CredentialProviderRequest), scope)
-	}); err != nil {
-		return err
-	}
 	return nil
 }

@ -104,11 +104,14 @@ func Convert_v1alpha1_CredentialProviderRequest_To_credentialprovider_Credential

 func autoConvert_credentialprovider_CredentialProviderRequest_To_v1alpha1_CredentialProviderRequest(in *credentialprovider.CredentialProviderRequest, out *CredentialProviderRequest, s conversion.Scope) error {
 	out.Image = in.Image
-	// WARNING: in.ServiceAccountToken requires manual conversion: does not exist in peer-type
-	// WARNING: in.ServiceAccountAnnotations requires manual conversion: does not exist in peer-type
 	return nil
 }

+// Convert_credentialprovider_CredentialProviderRequest_To_v1alpha1_CredentialProviderRequest is an autogenerated conversion function.
+func Convert_credentialprovider_CredentialProviderRequest_To_v1alpha1_CredentialProviderRequest(in *credentialprovider.CredentialProviderRequest, out *CredentialProviderRequest, s conversion.Scope) error {
+	return autoConvert_credentialprovider_CredentialProviderRequest_To_v1alpha1_CredentialProviderRequest(in, out, s)
+}
+
 func autoConvert_v1alpha1_CredentialProviderResponse_To_credentialprovider_CredentialProviderResponse(in *CredentialProviderResponse, out *credentialprovider.CredentialProviderResponse, s conversion.Scope) error {
 	out.CacheKeyType = credentialprovider.PluginCacheKeyType(in.CacheKeyType)
 	out.CacheDuration = (*v1.Duration)(unsafe.Pointer(in.CacheDuration))
--- a/pkg/apis/credentialprovider/v1beta1/conversion.go
+++ b/pkg/apis/credentialprovider/v1beta1/conversion.go
@ -1,27 +0,0 @@
-/*
-Copyright 2025 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1beta1
-
-import (
-	"k8s.io/apimachinery/pkg/conversion"
-	"k8s.io/kubelet/pkg/apis/credentialprovider"
-)
-
-func Convert_credentialprovider_CredentialProviderRequest_To_v1beta1_CredentialProviderRequest(in *credentialprovider.CredentialProviderRequest, out *CredentialProviderRequest, s conversion.Scope) error {
-	// This conversion intentionally omits the serviceAccountToken and serviceAccountAnnotations fields which are only supported in v1 CredentialProviderRequest.
-	return autoConvert_credentialprovider_CredentialProviderRequest_To_v1beta1_CredentialProviderRequest(in, out, s)
-}
--- a/pkg/apis/credentialprovider/v1beta1/doc.go
+++ b/pkg/apis/credentialprovider/v1beta1/doc.go
@ -19,4 +19,4 @@ limitations under the License.
 // +k8s:defaulter-gen=TypeMeta
 // +groupName=credentialprovider.kubelet.k8s.io

-package v1beta1
+package v1beta1 // import "k8s.io/kubelet/pkg/apis/credentialprovider/v1beta1"
--- a/pkg/apis/credentialprovider/v1beta1/zz_generated.conversion.go
+++ b/pkg/apis/credentialprovider/v1beta1/zz_generated.conversion.go
@ -52,6 +52,11 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddGeneratedConversionFunc((*credentialprovider.CredentialProviderRequest)(nil), (*CredentialProviderRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_credentialprovider_CredentialProviderRequest_To_v1beta1_CredentialProviderRequest(a.(*credentialprovider.CredentialProviderRequest), b.(*CredentialProviderRequest), scope)
+	}); err != nil {
+		return err
+	}
 	if err := s.AddGeneratedConversionFunc((*CredentialProviderResponse)(nil), (*credentialprovider.CredentialProviderResponse)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1beta1_CredentialProviderResponse_To_credentialprovider_CredentialProviderResponse(a.(*CredentialProviderResponse), b.(*credentialprovider.CredentialProviderResponse), scope)
 	}); err != nil {
@ -62,11 +67,6 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
-	if err := s.AddConversionFunc((*credentialprovider.CredentialProviderRequest)(nil), (*CredentialProviderRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_credentialprovider_CredentialProviderRequest_To_v1beta1_CredentialProviderRequest(a.(*credentialprovider.CredentialProviderRequest), b.(*CredentialProviderRequest), scope)
-	}); err != nil {
-		return err
-	}
 	return nil
 }

@ -104,11 +104,14 @@ func Convert_v1beta1_CredentialProviderRequest_To_credentialprovider_CredentialP

 func autoConvert_credentialprovider_CredentialProviderRequest_To_v1beta1_CredentialProviderRequest(in *credentialprovider.CredentialProviderRequest, out *CredentialProviderRequest, s conversion.Scope) error {
 	out.Image = in.Image
-	// WARNING: in.ServiceAccountToken requires manual conversion: does not exist in peer-type
-	// WARNING: in.ServiceAccountAnnotations requires manual conversion: does not exist in peer-type
 	return nil
 }

+// Convert_credentialprovider_CredentialProviderRequest_To_v1beta1_CredentialProviderRequest is an autogenerated conversion function.
+func Convert_credentialprovider_CredentialProviderRequest_To_v1beta1_CredentialProviderRequest(in *credentialprovider.CredentialProviderRequest, out *CredentialProviderRequest, s conversion.Scope) error {
+	return autoConvert_credentialprovider_CredentialProviderRequest_To_v1beta1_CredentialProviderRequest(in, out, s)
+}
+
 func autoConvert_v1beta1_CredentialProviderResponse_To_credentialprovider_CredentialProviderResponse(in *CredentialProviderResponse, out *credentialprovider.CredentialProviderResponse, s conversion.Scope) error {
 	out.CacheKeyType = credentialprovider.PluginCacheKeyType(in.CacheKeyType)
 	out.CacheDuration = (*v1.Duration)(unsafe.Pointer(in.CacheDuration))
--- a/pkg/apis/credentialprovider/zz_generated.deepcopy.go
+++ b/pkg/apis/credentialprovider/zz_generated.deepcopy.go
@ -46,13 +46,6 @@ func (in *AuthConfig) DeepCopy() *AuthConfig {
 func (in *CredentialProviderRequest) DeepCopyInto(out *CredentialProviderRequest) {
 	*out = *in
 	out.TypeMeta = in.TypeMeta
-	if in.ServiceAccountAnnotations != nil {
-		in, out := &in.ServiceAccountAnnotations, &out.ServiceAccountAnnotations
-		*out = make(map[string]string, len(*in))
-		for key, val := range *in {
-			(*out)[key] = val
-		}
-	}
 	return
 }

--- a/pkg/apis/stats/v1alpha1/types.go
+++ b/pkg/apis/stats/v1alpha1/types.go
@ -46,9 +46,6 @@ type NodeStats struct {
 	// Stats pertaining to memory (RAM) resources.
 	// +optional
 	Memory *MemoryStats `json:"memory,omitempty"`
-	// Stats pertaining to IO resources.
-	// +optional
-	IO *IOStats `json:"io,omitempty"`
 	// Stats pertaining to network resources.
 	// +optional
 	Network *NetworkStats `json:"network,omitempty"`
@ -130,9 +127,6 @@ type PodStats struct {
 	// Stats pertaining to memory (RAM) resources consumed by pod cgroup (which includes all containers' resource usage and pod overhead).
 	// +optional
 	Memory *MemoryStats `json:"memory,omitempty"`
-	// Stats pertaining to IO resources consumed by pod cgroup (which includes all containers' resource usage and pod overhead).
-	// +optional
-	IO *IOStats `json:"io,omitempty"`
 	// Stats pertaining to network resources.
 	// +optional
 	Network *NetworkStats `json:"network,omitempty"`
@ -165,9 +159,6 @@ type ContainerStats struct {
 	// Stats pertaining to memory (RAM) resources.
 	// +optional
 	Memory *MemoryStats `json:"memory,omitempty"`
-	// Stats pertaining to IO resources.
-	// +optional
-	IO *IOStats `json:"io,omitempty"`
 	// Metrics for Accelerators. Each Accelerator corresponds to one element in the array.
 	Accelerators []AcceleratorStats `json:"accelerators,omitempty"`
 	// Stats pertaining to container rootfs usage of filesystem resources.
@ -234,9 +225,6 @@ type CPUStats struct {
 	// Cumulative CPU usage (sum of all cores) since object creation.
 	// +optional
 	UsageCoreNanoSeconds *uint64 `json:"usageCoreNanoSeconds,omitempty"`
-	// CPU PSI stats.
-	// +optional
-	PSI *PSIStats `json:"psi,omitempty"`
 }

 // MemoryStats contains data about memory usage.
@ -264,39 +252,6 @@ type MemoryStats struct {
 	// Cumulative number of major page faults.
 	// +optional
 	MajorPageFaults *uint64 `json:"majorPageFaults,omitempty"`
-	// Memory PSI stats.
-	// +optional
-	PSI *PSIStats `json:"psi,omitempty"`
-}
-
-// IOStats contains data about IO usage.
-type IOStats struct {
-	// The time at which these stats were updated.
-	Time metav1.Time `json:"time"`
-	// IO PSI stats.
-	// +optional
-	PSI *PSIStats `json:"psi,omitempty"`
-}
-
-// PSI statistics for an individual resource.
-type PSIStats struct {
-	// PSI data for all tasks in the cgroup.
-	Full PSIData `json:"full"`
-	// PSI data for some tasks in the cgroup.
-	Some PSIData `json:"some"`
-}
-
-// PSI data for an individual resource.
-type PSIData struct {
-	// Total time duration for tasks in the cgroup have waited due to congestion.
-	// Unit: nanoseconds.
-	Total uint64 `json:"total"`
-	// The average (in %) tasks have waited due to congestion over a 10 second window.
-	Avg10 float64 `json:"avg10"`
-	// The average (in %) tasks have waited due to congestion over a 60 second window.
-	Avg60 float64 `json:"avg60"`
-	// The average (in %) tasks have waited due to congestion over a 300 second window.
-	Avg300 float64 `json:"avg300"`
 }

 // SwapStats contains data about memory usage
--- a/pkg/cri/streaming/remotecommand/doc.go
+++ b/pkg/cri/streaming/remotecommand/doc.go
@ -15,4 +15,4 @@ limitations under the License.
 */

 // Package remotecommand contains functions related to executing commands in and attaching to pods.
-package remotecommand
+package remotecommand // import "k8s.io/kubelet/pkg/cri/streaming/remotecommand"
--- a/pkg/cri/streaming/remotecommand/httpstream.go
+++ b/pkg/cri/streaming/remotecommand/httpstream.go
@ -17,7 +17,6 @@ limitations under the License.
 package remotecommand

 import (
-	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
@ -117,7 +116,7 @@ func createStreams(req *http.Request, w http.ResponseWriter, opts *Options, supp

 	if ctx.resizeStream != nil {
 		ctx.resizeChan = make(chan remotecommand.TerminalSize)
-		go handleResizeEvents(req.Context(), ctx.resizeStream, ctx.resizeChan)
+		go handleResizeEvents(ctx.resizeStream, ctx.resizeChan)
 	}

 	return ctx, true
@ -410,7 +409,7 @@ WaitForStreams:
 // supportsTerminalResizing returns false because v1ProtocolHandler doesn't support it.
 func (*v1ProtocolHandler) supportsTerminalResizing() bool { return false }

-func handleResizeEvents(reqctx context.Context, stream io.Reader, channel chan<- remotecommand.TerminalSize) {
+func handleResizeEvents(stream io.Reader, channel chan<- remotecommand.TerminalSize) {
 	defer runtime.HandleCrash()
 	defer close(channel)

@ -420,12 +419,7 @@ func handleResizeEvents(reqctx context.Context, stream io.Reader, channel chan<-
 		if err := decoder.Decode(&size); err != nil {
 			break
 		}
-		select {
-		case channel <- size:
-		case <-reqctx.Done():
-			// To prevent go routine leak.
-			return
-		}
+		channel <- size
 	}
 }

--- a/pkg/cri/streaming/remotecommand/httpstream_test.go
+++ b/pkg/cri/streaming/remotecommand/httpstream_test.go
@ -1,82 +0,0 @@
-/*
-Copyright 2025 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package remotecommand
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"io"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-	"go.uber.org/goleak"
-
-	"k8s.io/client-go/tools/remotecommand"
-)
-
-func TestHandleResizeEvents(t *testing.T) {
-	var testTerminalSize remotecommand.TerminalSize
-	rawTerminalSize, err := json.Marshal(&testTerminalSize)
-	require.NoError(t, err)
-
-	testCases := []struct {
-		name             string
-		resizeStreamData []byte
-		cancelContext    bool
-		readFromChannel  bool
-	}{
-		{
-			name:             "data attempted to be sent on the channel; channel not read; context canceled",
-			resizeStreamData: rawTerminalSize,
-			cancelContext:    true,
-		},
-		{
-			name:             "data attempted to be sent on the channel; channel read; context not canceled",
-			resizeStreamData: rawTerminalSize,
-			readFromChannel:  true,
-		},
-		{
-			name:          "no data attempted to be sent on the channel; context canceled",
-			cancelContext: true,
-		},
-		{
-			name: "no data attempted to be sent on the channel; context not canceled",
-		},
-	}
-	for _, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			ctx, cancel := context.WithCancel(context.Background())
-			connCtx := connectionContext{
-				resizeStream: io.NopCloser(bytes.NewReader(testCase.resizeStreamData)),
-				resizeChan:   make(chan remotecommand.TerminalSize),
-			}
-
-			go handleResizeEvents(ctx, connCtx.resizeStream, connCtx.resizeChan)
-			if testCase.readFromChannel {
-				gotTerminalSize := <-connCtx.resizeChan
-				require.Equal(t, gotTerminalSize, testTerminalSize)
-			}
-			if testCase.cancelContext {
-				cancel()
-			}
-
-			goleak.VerifyNone(t)
-			cancel()
-		})
-	}
-}
--- a/pkg/cri/streaming/server_test.go
+++ b/pkg/cri/streaming/server_test.go
@ -348,10 +348,7 @@ func runRemoteCommandTest(t *testing.T, commandType string) {
 	go func() {
 		defer wg.Done()
 		exec, err := remotecommand.NewSPDYExecutor(&restclient.Config{}, "POST", reqURL)
-		if err != nil {
-			t.Errorf("unexpected error %v", err)
-			return
-		}
+		require.NoError(t, err)

 		opts := remotecommand.StreamOptions{
 			Stdin:  stdinR,
@ -359,9 +356,7 @@ func runRemoteCommandTest(t *testing.T, commandType string) {
 			Stderr: stderrW,
 			Tty:    false,
 		}
-		if err = exec.StreamWithContext(context.Background(), opts); err != nil {
-			t.Errorf("unexpected error %v", err)
-		}
+		require.NoError(t, exec.StreamWithContext(context.Background(), opts))
 	}()

 	go func() {
Author	SHA1	Message	Date
Kubernetes Publisher	9929b2b312	Update dependencies to v0.32.4 tag	2025-04-23 08:51:34 +00:00
Kubernetes Publisher	8dbe3028d0	Merge pull request #129598 from aravindhp/automated-cherry-pick-of-#129595-upstream-release-1.32 Automated cherry pick of #129595: kubelet: use env vars in node log query PS command Kubernetes-commit: 5fe148234f8ab1184f26069c4f7bef6c37efe347	2025-01-14 22:51:21 +00:00
Aravindh Puthiyaparambil	14a411f8bc	kubelet: use env vars in node log query PS command - Use environment variables to pass string arguments in the node log query PS command - Split getLoggingCmd into getLoggingCmdEnv and getLoggingCmdArgs for better modularization Kubernetes-commit: 00be157dabf2779609e00039a3f7552f8f3e67ab	2024-08-06 15:46:15 -07:00
Kubernetes Publisher	78330cb2c4	Merge remote-tracking branch 'origin/master' into release-1.32 Kubernetes-commit: 22b14e54a4caac0a20428e51ba874b1af8b0e4cb	2024-12-06 19:41:22 +00:00
Jordan Liggitt	9aa82a6bf7	Drop use of winreadlinkvolume godebug option Kubernetes-commit: 3046fe23d4fe4ba86713ffd61bf0e07156b2b7c3	2024-12-06 02:40:53 -05:00
Kubernetes Publisher	351b1670b8	Merge remote-tracking branch 'origin/master' into release-1.32 Kubernetes-commit: f5900aab680c34bea040b39ac83dfc48f466b573	2024-12-05 03:31:45 +00:00
Jordan Liggitt	97885c0170	Revert to go1.22 windows filesystem stdlib behavior Kubernetes-commit: 3878a3a6de64660e356a35f70471c27a09698090	2024-12-04 09:52:56 -05:00
Patrick Ohly	de4c476767	DRA kubelet: use unique protobuf package name As mentioned in https://protobuf.dev/programming-guides/style, package names "should be unique". For generated API pb files, Kubernetes uses "k8s.io.api.<api group>.<version>". The same approach is now used for the kubelet DRA v1beta1 API. This can be changed without a breaking change because the API is still unreleased. This avoids a conflict between the DevicePlugin and the DRA API when both get used by kubelet: 2024/11/10 12:51:40 proto: duplicate proto type registered: v1beta1.Device The exact impact of that conflict is unknown but it seems better to pro-actively avoid the problem. Kubernetes-commit: 6c27e8dc8f789fd9daf11f6fc367adf586f727b5	2024-11-27 19:53:01 +00:00