Update k8s client libs to v0.31.2. Also updates go to 1.23 (since new…

WORKSPACE

@@ -48,7 +48,7 @@ go_rules_dependencies()
 
 go_download_sdk(
     name = "go_sdk",
-    version = "1.22.4",
+    version = "1.23.3",
 )
 
 go_register_toolchains()
@@ -79,11 +79,11 @@ container_pull(
 container_pull(
     name = "go-runner",
     # this digest is actually go-runner-amd64
-    digest = "sha256:ff9d9b20255f11611cdcaf3ccd6f395ce2fa02a78c546ec93b4e06eb77359d46",
+    digest = "sha256:4decba1ba68d6db721b8ce9bcd1e8567829f0b5bec9a6ceea0b0c094d027c1ac",
     registry = "registry.k8s.io",
     repository = "build-image/go-runner",
     # 'tag' is also supported, but digest is encouraged for reproducibility.
-    tag = "v2.3.1-go1.21.7-bullseye.0",
+    tag = "v2.4.0-go1.23.3-bookworm.0",
 )
 
 load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies")
@@ -101,10 +101,10 @@ load("//defs:repo_rules.bzl", "fetch_kube_release")
 fetch_kube_release(
     name = "io_k8s_release",
     archives = {
-        "kubernetes-node-linux-amd64.tar.gz": "1870c8ec9a38af4d2e86d2ed22c3a4840e1bfe12aa08e7c70c9a86d21f04c375",
-        "kubernetes-manifests.tar.gz": "4bdcbde160458bb664bf682aad25f37a19cd1a2b2baa5a0f7bab216a11513d7d",
-        "kubernetes-server-linux-amd64.tar.gz": "aced340e01320ee9ae488bf7ad3ccb4853185316aa290597ca195754146d08af",
-        "kubernetes-node-windows-amd64.tar.gz": "c9b8e681ff5b2633e6ac0cfe66b1d0795b22b6daf51ec029f5793009c82fcd8c",
+        "kubernetes-node-linux-amd64.tar.gz": "c8d7ba8b68fbb83d9c0f9c97b30e7601ef37abb2bfa94ea699d28e55f844ffd7",
+        "kubernetes-manifests.tar.gz": "0b4a876cf33e96f59e25053d71e248e57f91cec4fc38d09ab09dabccc4c899e5",
+        "kubernetes-server-linux-amd64.tar.gz": "0de1d89860ae860c180d30c88afbec44c23e6d540ef478279c27b067d01f7cd2",
+        "kubernetes-node-windows-amd64.tar.gz": "d3d5b75c4db9a4e5810066d09aeb323d1f5e36582ed160dc0f41a2d6cf0a6a21",
     },
-    version = "v1.30.0",
+    version = "v1.31.2",
 )

cloudbuild.yaml

@@ -4,7 +4,7 @@ timeout: 3600s
 options:
   substitution_option: ALLOW_LOOSE
 steps:
-  - name: 'golang:1.22.4'
+  - name: 'golang:1.23.3'
     env:
       - IMAGE_REPO=${_IMAGE_REPO}
       - IMAGE_TAG=${_PULL_BASE_REF}

cluster/addons/dns/coredns/coredns.yaml.base

@@ -133,7 +133,7 @@ spec:
         kubernetes.io/os: linux
       containers:
       - name: coredns
-        image: registry.k8s.io/coredns/coredns:v1.11.1
+        image: registry.k8s.io/coredns/coredns:v1.11.3
         imagePullPolicy: IfNotPresent
         resources:
           limits:

cluster/addons/dns/coredns/coredns.yaml.in

@@ -133,7 +133,7 @@ spec:
         kubernetes.io/os: linux
       containers:
       - name: coredns
-        image: registry.k8s.io/coredns/coredns:v1.11.1
+        image: registry.k8s.io/coredns/coredns:v1.11.3
         imagePullPolicy: IfNotPresent
         resources:
           limits:

cluster/addons/dns/coredns/coredns.yaml.sed

@@ -133,7 +133,7 @@ spec:
         kubernetes.io/os: linux
       containers:
       - name: coredns
-        image: registry.k8s.io/coredns/coredns:v1.11.1
+        image: registry.k8s.io/coredns/coredns:v1.11.3
         imagePullPolicy: IfNotPresent
         resources:
           limits:

cluster/addons/dns/kube-dns/kube-dns.yaml.base

@@ -114,7 +114,7 @@ spec:
         kubernetes.io/os: linux
       containers:
       - name: kubedns
-        image: registry.k8s.io/dns/k8s-dns-kube-dns:1.22.28
+        image: registry.k8s.io/dns/k8s-dns-kube-dns:1.23.1
         resources:
           # TODO: Set memory limits when we've profiled the container for large
           # clusters, then set request = limit to keep this container in
@@ -170,7 +170,7 @@ spec:
           runAsUser: 1001
           runAsGroup: 1001
       - name: dnsmasq
-        image: registry.k8s.io/dns/k8s-dns-dnsmasq-nanny:1.22.28
+        image: registry.k8s.io/dns/k8s-dns-dnsmasq-nanny:1.23.1
         livenessProbe:
           httpGet:
             path: /healthcheck/dnsmasq
@@ -217,7 +217,7 @@ spec:
               - NET_BIND_SERVICE
               - SETGID
       - name: sidecar
-        image: registry.k8s.io/dns/k8s-dns-sidecar:1.22.28
+        image: registry.k8s.io/dns/k8s-dns-sidecar:1.23.1
         livenessProbe:
           httpGet:
             path: /metrics

cluster/addons/dns/kube-dns/kube-dns.yaml.in

@@ -114,7 +114,7 @@ spec:
         kubernetes.io/os: linux
       containers:
       - name: kubedns
-        image: registry.k8s.io/dns/k8s-dns-kube-dns:1.22.28
+        image: registry.k8s.io/dns/k8s-dns-kube-dns:1.23.1
         resources:
           # TODO: Set memory limits when we've profiled the container for large
           # clusters, then set request = limit to keep this container in
@@ -170,7 +170,7 @@ spec:
           runAsUser: 1001
           runAsGroup: 1001
       - name: dnsmasq
-        image: registry.k8s.io/dns/k8s-dns-dnsmasq-nanny:1.22.28
+        image: registry.k8s.io/dns/k8s-dns-dnsmasq-nanny:1.23.1
         livenessProbe:
           httpGet:
             path: /healthcheck/dnsmasq
@@ -217,7 +217,7 @@ spec:
               - NET_BIND_SERVICE
               - SETGID
       - name: sidecar
-        image: registry.k8s.io/dns/k8s-dns-sidecar:1.22.28
+        image: registry.k8s.io/dns/k8s-dns-sidecar:1.23.1
         livenessProbe:
           httpGet:
             path: /metrics

cluster/addons/dns/kube-dns/kube-dns.yaml.sed

@@ -114,7 +114,7 @@ spec:
         kubernetes.io/os: linux
       containers:
       - name: kubedns
-        image: registry.k8s.io/dns/k8s-dns-kube-dns:1.22.28
+        image: registry.k8s.io/dns/k8s-dns-kube-dns:1.23.1
         resources:
           # TODO: Set memory limits when we've profiled the container for large
           # clusters, then set request = limit to keep this container in
@@ -170,7 +170,7 @@ spec:
           runAsUser: 1001
           runAsGroup: 1001
       - name: dnsmasq
-        image: registry.k8s.io/dns/k8s-dns-dnsmasq-nanny:1.22.28
+        image: registry.k8s.io/dns/k8s-dns-dnsmasq-nanny:1.23.1
         livenessProbe:
           httpGet:
             path: /healthcheck/dnsmasq
@@ -217,7 +217,7 @@ spec:
               - NET_BIND_SERVICE
               - SETGID
       - name: sidecar
-        image: registry.k8s.io/dns/k8s-dns-sidecar:1.22.28
+        image: registry.k8s.io/dns/k8s-dns-sidecar:1.23.1
         livenessProbe:
           httpGet:
             path: /metrics

cluster/addons/dns/nodelocaldns/nodelocaldns.yaml

@@ -138,7 +138,7 @@ spec:
         operator: "Exists"
       containers:
       - name: node-cache
-        image: registry.k8s.io/dns/k8s-dns-node-cache:1.22.28
+        image: registry.k8s.io/dns/k8s-dns-node-cache:1.23.1
         resources:
           requests:
             cpu: 25m

cluster/addons/ip-masq-agent/ip-masq-agent.yaml

@@ -29,7 +29,7 @@ spec:
       hostNetwork: true
       containers:
       - name: ip-masq-agent
-        image: registry.k8s.io/networking/ip-masq-agent-amd64:v2.6.0
+        image: registry.k8s.io/networking/ip-masq-agent-amd64:v2.6.1
         args:
           - --masq-chain=IP-MASQ
           - --nomasq-all-reserved-ranges

cluster/addons/kube-network-policies/kube-network-policies-rbac.yaml

@@ -0,0 +1,49 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:network-policies
+  namespace: kube-system
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+rules:
+  - apiGroups: [""]
+    resources:
+      - pods
+      - nodes
+      - namespaces
+    verbs:
+      - get
+      - watch
+      - list
+  # Watch for changes to Kubernetes NetworkPolicies.
+  - apiGroups: ["networking.k8s.io"]
+    resources:
+      - networkpolicies
+    verbs:
+      - watch
+      - list
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kube-network-policies
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:network-policies
+subjects:
+- kind: ServiceAccount
+  name: kube-network-policies
+  namespace: kube-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kube-network-policies
+  namespace: kube-system
+  labels:
+    k8s-app: kube-network-policies
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile

cluster/addons/kube-network-policies/kube-network-policies.yaml

@@ -0,0 +1,54 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: kube-network-policies
+  namespace: kube-system
+  labels:
+    tier: node
+    app: kube-network-policies
+    k8s-app: kube-network-policies
+    addonmanager.kubernetes.io/mode: Reconcile
+spec:
+  selector:
+    matchLabels:
+      app: kube-network-policies
+  template:
+    metadata:
+      labels:
+        tier: node
+        app: kube-network-policies
+        k8s-app: kube-network-policies
+    spec:
+      hostNetwork: true
+      tolerations:
+      - operator: Exists
+        effect: NoSchedule
+      serviceAccountName: kube-network-policies
+      containers:
+      - name: kube-network-policies
+        image: registry.k8s.io/networking/kube-network-policies:v0.5.0
+        command:
+        - /bin/sh
+        - -c
+        - /bin/netpol -v 4 1>>/var/log/kube-network-policies.log 2>&1
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "50Mi"
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - mountPath: /var/log
+          name: varlog
+          readOnly: false
+        - mountPath: /lib/modules
+          name: lib-modules
+          readOnly: true
+      volumes:
+      - name: varlog
+        hostPath:
+          path: /var/log
+      - name: lib-modules
+        hostPath:
+          path: /lib/modules

cluster/addons/metrics-server/metrics-server-deployment.yaml

@@ -23,23 +23,23 @@ data:
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: metrics-server-v0.7.0
+  name: metrics-server-v0.7.1
   namespace: kube-system
   labels:
     k8s-app: metrics-server
     addonmanager.kubernetes.io/mode: Reconcile
-    version: v0.7.0
+    version: v0.7.1
 spec:
   selector:
     matchLabels:
       k8s-app: metrics-server
-      version: v0.7.0
+      version: v0.7.1
   template:
     metadata:
       name: metrics-server
       labels:
         k8s-app: metrics-server
-        version: v0.7.0
+        version: v0.7.1
     spec:
       securityContext:
         seccompProfile:
@@ -50,7 +50,7 @@ spec:
         kubernetes.io/os: linux
       containers:
       - name: metrics-server
-        image: registry.k8s.io/metrics-server/metrics-server:v0.7.0
+        image: registry.k8s.io/metrics-server/metrics-server:v0.7.1
         command:
         - /metrics-server
         - --metric-resolution=15s
@@ -109,7 +109,7 @@ spec:
           - --memory={{ base_metrics_server_memory }}
           - --extra-memory={{ metrics_server_memory_per_node }}Mi
           - --threshold=5
-          - --deployment=metrics-server-v0.7.0
+          - --deployment=metrics-server-v0.7.1
           - --container=metrics-server
           - --poll-period=30000
           - --estimator=exponential

cluster/addons/metrics-server/resource-reader.yaml

@@ -23,7 +23,7 @@ rules:
     resources:
       - deployments
     resourceNames:
-      - metrics-server-v0.7.0
+      - metrics-server-v0.7.1
     verbs:
       - get
       - patch

cluster/addons/node-problem-detector/npd.yaml

@@ -30,22 +30,22 @@ metadata:
   namespace: kube-system
   labels:
     app.kubernetes.io/name: node-problem-detector
-    app.kubernetes.io/version: v0.8.16
+    app.kubernetes.io/version: v0.8.19
     addonmanager.kubernetes.io/mode: Reconcile
 spec:
   selector:
     matchLabels:
       app.kubernetes.io/name: node-problem-detector
-      app.kubernetes.io/version: v0.8.16
+      app.kubernetes.io/version: v0.8.19
   template:
     metadata:
       labels:
         app.kubernetes.io/name: node-problem-detector
-        app.kubernetes.io/version: v0.8.16
+        app.kubernetes.io/version: v0.8.19
     spec:
       containers:
       - name: node-problem-detector
-        image: registry.k8s.io/node-problem-detector/node-problem-detector:v0.8.16
+        image: registry.k8s.io/node-problem-detector/node-problem-detector:v0.8.19
         command:
         - "/bin/sh"
         - "-c"

cluster/addons/volumesnapshots/volume-snapshot-controller/volume-snapshot-controller-deployment.yaml

@@ -22,7 +22,7 @@ spec:
       serviceAccount: volume-snapshot-controller
       containers:
         - name: volume-snapshot-controller
-          image: registry.k8s.io/sig-storage/snapshot-controller:v6.3.3
+          image: registry.k8s.io/sig-storage/snapshot-controller:v8.0.0
           args:
             - "--v=5"
             - "--metrics-path=/metrics"

cluster/gce/addons/konnectivity-agent/konnectivity-agent-ds.yaml

@@ -27,7 +27,7 @@ spec:
       nodeSelector:
         kubernetes.io/os: linux
       containers:
-        - image: registry.k8s.io/kas-network-proxy/proxy-agent:v0.29.0
+        - image: registry.k8s.io/kas-network-proxy/proxy-agent:v0.30.3
           name: konnectivity-agent
           command: ["/proxy-agent"]
           args: [
@@ -39,6 +39,7 @@ __EXTRA_PARAMS__
                   "--sync-interval=5s",
                   "--sync-interval-cap=30s",
                   "--probe-interval=5s",
+                  "--keepalive-time=60s",
                   "--service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token",
                   "--agent-identifiers=ipv4=$(HOST_IP)"
                   ]