Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kind for openSUSE:Factory checked in at 2025-12-18 18:33:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kind (Old) and /work/SRC/openSUSE:Factory/.kind.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kind" Thu Dec 18 18:33:53 2025 rev:8 rq:1323451 version:0.31.0 Changes: -------- --- /work/SRC/openSUSE:Factory/kind/kind.changes 2025-08-28 17:19:45.713964869 +0200 +++ /work/SRC/openSUSE:Factory/.kind.new.1928/kind.changes 2025-12-18 18:35:52.980781174 +0100 @@ -1,0 +2,101 @@ +Thu Dec 18 06:18:29 UTC 2025 - Johannes Kastl <[email protected]> + +- Update to version 0.31.0: + https://github.com/kubernetes-sigs/kind/releases/tag/v0.31.0 + * Breaking Changes + - The default node image is now kindest/node:v1.35.0@sha256:452d707d4862f52530247495d180205e029056831160e22870e37e3f6c1ac31f + * Kubernetes 1.35+ Cgroup v1 + Kubernetes will be removing cgroup v1 support, and therefore + kind node images at those versions will also be dropping + support. + You can read more about this change in the Kubernetes release + blog: + https://kubernetes.io/blog/2025/12/17/kubernetes-v1-35-release/#removal-of-cgroup-v1-support + If you must use kind on cgroup v1, we recommend using an older + Kubernetes release for the immediate future, but we also + strongly recommend migrating to cgroup v2. + In the near future as Kubernetes support dwindles, KIND will + also clean up cgroup v1 workarounds and drop support in future + kind releases and images, regardless of Kubernetes version. + Most stable linux distros should be on cgroupv2 out of the box. + This is a reminder to use pinned images by digest, see the note + below about images for this release. + * Kubeadm Config *Future* Breaking Change + WARNING: Future kind releases will adopt kubeadm v1beta4 + configuration, kubeadm v1beta4 has a breaking change to + extraArgs: + https://kubernetes.io/blog/2024/08/23/kubernetes-1-31-kubeadm-v1beta4/. + If you use the kubeadmConfigPatches feature then you may need + to prepare for this change. + We recommend that you use versioned config patches that + explicitly match the version required. + KIND uses kubeadm v1beta3 for Kubernetes 1.23+, and will likely + use v1beta4 for Kubernetes 1.36+ + The exact version is TBD pending work to fix this but expected + to be 1.36. + It will definitely be an as-of-yet-unreleased Kubernetes + version to avoid surprises, and it will not be on a + patch-release boundary. + KIND may still work with older Kubernetes versions at v1beta2, + but we no longer test or actively support these as Kubernetes + only supports 1.32+ currently: https://kubernetes.io/releases/ + You likely only need v1beta3 + v1beta4 patches, you can take + your existing patches that work with v1beta3, explicitly set + apiVersion: kubeadm.k8s.io/v1beta3 in the patch at the top + level, and make another copy for v1beta4. The v1beta4 patch + will need to move extraArgs from a map to a list, for examples + see: + https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta4/ + + For a concrete example of kind config with kubeadm config patch + targeting both v1beta3 and v1beta4, consider this simple kind + config that sets verbosity of the apiserver logs: + + kind: Cluster + apiVersion: kind.x-k8s.io/v1alpha4 + kubeadmConfigPatches: + # patch for v1beta3 (1.23 ...) + - | + kind: ClusterConfiguration + apiVersion: kubeadm.k8s.io/v1beta3 + apiServer: + extraArgs: + "v": "4" + # patch for v1beta4 (future) + - | + kind: ClusterConfiguration + apiVersion: kubeadm.k8s.io/v1beta4 + apiServer: + extraArgs: + - name: "v" + value: "4" + + If you only need to target a particular release, you can use + one version. + If you only need to target fields that did not change between + kubeadm beta versions, you can use a versionless patch, which + may be more convenient, but we cannot guarantee there will be + no future kubeadm config breaking changes. + * New Features + - Assorted unspecified dependency updates + * Images pre-built for this release: + - v1.35.0: kindest/node:v1.35.0@sha256:452d707d4862f52530247495d180205e029056831160e22870e37e3f6c1ac31f + - v1.34.3: kindest/node:v1.34.3@sha256:08497ee19eace7b4b5348db5c6a1591d7752b164530a36f855cb0f2bdcbadd48 + - v1.33.7: kindest/node:v1.33.7@sha256:d26ef333bdb2cbe9862a0f7c3803ecc7b4303d8cea8e814b481b09949d353040 + - v1.32.11: kindest/node:v1.32.11@sha256:5fc52d52a7b9574015299724bd68f183702956aa4a2116ae75a63cb574b35af8 + - v1.31.14: kindest/node:v1.31.14@sha256:6f86cf509dbb42767b6e79debc3f2c32e4ee01386f0489b3b2be24b0a55aac2b + NOTE: You must use the @sha256 digest to guarantee an image + built for this release, until such a time as we switch to a + different tagging scheme. Even then we will highly encourage + digest pinning for security and reproducibility reasons. + See also: + https://kind.sigs.k8s.io/docs/user/quick-start/#creating-a-cluster + https://kind.sigs.k8s.io/docs/user/quick-start/#building-images + NOTE: These node images support amd64 and arm64, both of our + supported platforms. You must use the same platform as your + host, for more context see #2718 + * Fixes + - Detect additional edge case with ipv6 support on the host + - Make development / release scripts GOTOOLCHAIN aware + +------------------------------------------------------------------- Old: ---- kind-0.30.0.obscpio New: ---- kind-0.31.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kind.spec ++++++ --- /var/tmp/diff_new_pack.M6Fidu/_old 2025-12-18 18:35:54.360839144 +0100 +++ /var/tmp/diff_new_pack.M6Fidu/_new 2025-12-18 18:35:54.360839144 +0100 @@ -17,7 +17,7 @@ Name: kind -Version: 0.30.0 +Version: 0.31.0 Release: 0 Summary: Kubernetes IN Docker - local clusters for testing Kubernetes License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.M6Fidu/_old 2025-12-18 18:35:54.404840992 +0100 +++ /var/tmp/diff_new_pack.M6Fidu/_new 2025-12-18 18:35:54.404840992 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/kubernetes-sigs/kind/</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v0.30.0</param> + <param name="revision">v0.31.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.M6Fidu/_old 2025-12-18 18:35:54.428842000 +0100 +++ /var/tmp/diff_new_pack.M6Fidu/_new 2025-12-18 18:35:54.432842169 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/kubernetes-sigs/kind/</param> - <param name="changesrevision">9a205e8c8540557602240f8766d3c95c51c23c4c</param></service></servicedata> + <param name="changesrevision">a323333ff9efd8099f95a8a6b5c86c75a210d00f</param></service></servicedata> (No newline at EOF) ++++++ kind-0.30.0.obscpio -> kind-0.31.0.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/.go-version new/kind-0.31.0/.go-version --- old/kind-0.30.0/.go-version 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/.go-version 2025-12-18 01:51:55.000000000 +0100 @@ -1 +1 @@ -1.24.6 +1.25.5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/README.md new/kind-0.31.0/README.md --- old/kind-0.30.0/README.md 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/README.md 2025-12-18 01:51:55.000000000 +0100 @@ -5,7 +5,7 @@ kind is a tool for running local Kubernetes clusters using Docker container "nodes". kind was primarily designed for testing Kubernetes itself, but may be used for local development or CI. -If you have [go] 1.16+ and [docker], [podman] or [nerdctl] installed `go install sigs.k8s.io/[email protected] && kind create cluster` is all you need! +If you have [go] 1.16+ and [docker], [podman] or [nerdctl] installed `go install sigs.k8s.io/[email protected] && kind create cluster` is all you need!  @@ -23,7 +23,7 @@ For a complete [install guide] see [the documentation here][install guide]. -You can install kind with `go install sigs.k8s.io/[email protected]`. +You can install kind with `go install sigs.k8s.io/[email protected]`. **NOTE**: please use the latest go to do this. KIND is developed with the latest stable go, see [`.go-version`](./.go-version) for the exact version we're using. @@ -43,9 +43,9 @@ ```console # For AMD64 / x86_64 -[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.29.0/kind-$(uname)-amd64 +[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.30.0/kind-$(uname)-amd64 # For ARM64 -[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.29.0/kind-$(uname)-arm64 +[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.30.0/kind-$(uname)-arm64 chmod +x ./kind sudo mv ./kind /usr/local/bin/kind ``` @@ -66,9 +66,9 @@ ```console # For Intel Macs -[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.29.0/kind-darwin-amd64 +[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.30.0/kind-darwin-amd64 # For M1 / ARM Macs -[ $(uname -m) = arm64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.29.0/kind-darwin-arm64 +[ $(uname -m) = arm64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.30.0/kind-darwin-arm64 chmod +x ./kind mv ./kind /some-dir-in-your-PATH/kind ``` @@ -76,7 +76,7 @@ On Windows: ```powershell -curl.exe -Lo kind-windows-amd64.exe https://kind.sigs.k8s.io/dl/v0.29.0/kind-windows-amd64 +curl.exe -Lo kind-windows-amd64.exe https://kind.sigs.k8s.io/dl/v0.30.0/kind-windows-amd64 Move-Item .\kind-windows-amd64.exe c:\some-dir-in-your-PATH\kind.exe # OR via Chocolatey (https://chocolatey.org/packages/kind) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/hack/build/setup-go.sh new/kind-0.31.0/hack/build/setup-go.sh --- old/kind-0.30.0/hack/build/setup-go.sh 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/hack/build/setup-go.sh 2025-12-18 01:51:55.000000000 +0100 @@ -29,12 +29,18 @@ export GIMME_SILENT_ENV=y # only setup go if we haven't set FORCE_HOST_GO, or `go version` doesn't match -# go version output looks like: -# go version go1.14.5 darwin/amd64 -if ! ([ -n "${FORCE_HOST_GO:-}" ] || \ - (command -v go >/dev/null && [ "$(go version | cut -d' ' -f3)" = "go${GO_VERSION}" ])); then +if [ -n "${FORCE_HOST_GO:-}" ]; then + GOTOOLCHAIN="${GOTOOLCHAIN:-local}" + export GOTOOLCHAIN +else + GOTOOLCHAIN="go${GO_VERSION}" + export GOTOOLCHAIN + # go version output looks like: + # go version go1.14.5 darwin/amd64 + if ! (command -v go >/dev/null && [ "$(go version | cut -d' ' -f3)" = "go${GO_VERSION}" ]); then # eval because the output of this is shell to set PATH etc. eval "$(hack/third_party/gimme/gimme "${GO_VERSION}")" + fi fi # force go modules diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/hack/ci/e2e-k8s.sh new/kind-0.31.0/hack/ci/e2e-k8s.sh --- old/kind-0.30.0/hack/ci/e2e-k8s.sh 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/hack/ci/e2e-k8s.sh 2025-12-18 01:51:55.000000000 +0100 @@ -28,8 +28,6 @@ # parallel testing is enabled. Using LABEL_FILTER instead of combining SKIP and # FOCUS is recommended (more expressive, easier to read than regexp). # -# GA_ONLY: true - limit to GA APIs/features as much as possible -# false - (default) APIs and features left at defaults # FEATURE_GATES: # JSON or YAML encoding of a string/bool map: {"FeatureGateA": true, "FeatureGateB": false} # Enables or disables feature gates in the entire cluster. @@ -84,76 +82,16 @@ export PATH="${PWD}/_output/bin:$PATH" } -check_structured_log_support() { - case "${KUBE_VERSION}" in - v1.1[0-8].*) - echo "$1 is only supported on versions >= v1.19, got ${KUBE_VERSION}" - exit 1 - ;; - esac -} - # up a cluster with kind create_cluster() { - # Grab the version of the cluster we're about to start - KUBE_VERSION="$(docker run --rm --entrypoint=cat "kindest/node:latest" /kind/version)" - # Default Log level for all components in test clusters KIND_CLUSTER_LOG_LEVEL=${KIND_CLUSTER_LOG_LEVEL:-4} - # potentially enable --logging-format - CLUSTER_LOG_FORMAT=${CLUSTER_LOG_FORMAT:-} - scheduler_extra_args=" \"v\": \"${KIND_CLUSTER_LOG_LEVEL}\"" - controllerManager_extra_args=" \"v\": \"${KIND_CLUSTER_LOG_LEVEL}\"" - apiServer_extra_args=" \"v\": \"${KIND_CLUSTER_LOG_LEVEL}\"" - if [ -n "$CLUSTER_LOG_FORMAT" ]; then - check_structured_log_support "CLUSTER_LOG_FORMAT" - scheduler_extra_args="${scheduler_extra_args} - \"logging-format\": \"${CLUSTER_LOG_FORMAT}\"" - controllerManager_extra_args="${controllerManager_extra_args} - \"logging-format\": \"${CLUSTER_LOG_FORMAT}\"" - apiServer_extra_args="${apiServer_extra_args} - \"logging-format\": \"${CLUSTER_LOG_FORMAT}\"" - fi - kubelet_extra_args=" \"v\": \"${KIND_CLUSTER_LOG_LEVEL}\" - \"container-log-max-files\": \"10\" - \"container-log-max-size\": \"100Mi\"" - KUBELET_LOG_FORMAT=${KUBELET_LOG_FORMAT:-$CLUSTER_LOG_FORMAT} - if [ -n "$KUBELET_LOG_FORMAT" ]; then - check_structured_log_support "KUBECTL_LOG_FORMAT" - kubelet_extra_args="${kubelet_extra_args} - \"logging-format\": \"${KUBELET_LOG_FORMAT}\"" - fi - # JSON or YAML map injected into featureGates config feature_gates="${FEATURE_GATES:-{\}}" # --runtime-config argument value passed to the API server, again as a map runtime_config="${RUNTIME_CONFIG:-{\}}" - case "${GA_ONLY:-false}" in - false) - : - ;; - true) - if [ "${feature_gates}" != "{}" ]; then - echo "GA_ONLY=true and FEATURE_GATES=${feature_gates} are mutually exclusive." - exit 1 - fi - if [ "${runtime_config}" != "{}" ]; then - echo "GA_ONLY=true and RUNTIME_CONFIG=${runtime_config} are mutually exclusive." - exit 1 - fi - - echo "Limiting to GA APIs and features for ${KUBE_VERSION}" - feature_gates='{"AllAlpha":false,"AllBeta":false}' - runtime_config='{"api/alpha":"false", "api/beta":"false"}' - ;; - *) - echo "\$GA_ONLY set to '${GA_ONLY}'; supported values are true and false (default)" - exit 1 - ;; - esac - # create the config file cat <<EOF > "${ARTIFACTS}/kind-config.yaml" # config for 1 control plane node and 2 workers (necessary for conformance) @@ -172,29 +110,83 @@ featureGates: ${feature_gates} runtimeConfig: ${runtime_config} kubeadmConfigPatches: +# v1beta4 for the future (v1.35.0+ ?) +# https://github.com/kubernetes-sigs/kind/issues/3847 +# TODO: drop v1beta3 when we no longer need versions that use it +- | + kind: ClusterConfiguration + apiVersion: kubeadm.k8s.io/v1beta4 + apiServer: + extraArgs: + - name: "v" + value: "${KIND_CLUSTER_LOG_LEVEL}" + controllerManager: + extraArgs: + - name: "v" + value: "${KIND_CLUSTER_LOG_LEVEL}" + scheduler: + extraArgs: + - name: "v" + value: "${KIND_CLUSTER_LOG_LEVEL}" + --- + kind: InitConfiguration + apiVersion: kubeadm.k8s.io/v1beta4 + nodeRegistration: + kubeletExtraArgs: + - name: "v" + value: "${KIND_CLUSTER_LOG_LEVEL}" + - name: "container-log-max-files" + value: "10" + - name: "container-log-max-size" + value: "100Mi" + --- + kind: JoinConfiguration + apiVersion: kubeadm.k8s.io/v1beta4 + nodeRegistration: + kubeletExtraArgs: + - name: "v" + value: "${KIND_CLUSTER_LOG_LEVEL}" + # Warning: these flags appear to be load bearing / impact performance + # See: https://github.com/kubernetes-sigs/kind/pull/4046 + # Be careful when updating these. + # Most CI jobs should not need them, but some CI jobs might. + - name: "container-log-max-files" + value: "10" + - name: "container-log-max-size" + value: "100Mi" +# v1beta3 for v1.23.0 ... ? - | kind: ClusterConfiguration - metadata: - name: config + apiVersion: kubeadm.k8s.io/v1beta3 apiServer: extraArgs: -${apiServer_extra_args} + "v": "${KIND_CLUSTER_LOG_LEVEL}" controllerManager: extraArgs: -${controllerManager_extra_args} + "v": "${KIND_CLUSTER_LOG_LEVEL}" scheduler: extraArgs: -${scheduler_extra_args} + "v": "${KIND_CLUSTER_LOG_LEVEL}" --- kind: InitConfiguration + apiVersion: kubeadm.k8s.io/v1beta3 nodeRegistration: kubeletExtraArgs: -${kubelet_extra_args} + "v": "${KIND_CLUSTER_LOG_LEVEL}" + "container-log-max-files": "10" + "container-log-max-size": "100Mi" --- kind: JoinConfiguration + apiVersion: kubeadm.k8s.io/v1beta3 nodeRegistration: kubeletExtraArgs: -${kubelet_extra_args} + "v": "${KIND_CLUSTER_LOG_LEVEL}" + # Warning: these flags appear to be load bearing / impact performance + # See: https://github.com/kubernetes-sigs/kind/pull/4046 + # Be careful when updating these. + # Most CI jobs should not need them, but some CI jobs might. + "container-log-max-files": "10" + "container-log-max-size": "100Mi" EOF # NOTE: must match the number of workers above NUM_NODES=2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/hack/ci/init-fedora.sh new/kind-0.31.0/hack/ci/init-fedora.sh --- old/kind-0.30.0/hack/ci/init-fedora.sh 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/hack/ci/init-fedora.sh 1970-01-01 01:00:00.000000000 +0100 @@ -1,18 +0,0 @@ -#!/bin/bash -set -eux -o pipefail -# Ensure network-related modules to be loaded -modprobe tap ip_tables iptable_nat ip6_tables ip6table_nat - -# The moby-engine package included in Fedora lacks support for rootless, -# So we need to install docker-ce and docker-ce-rootless-extras from the upstream. -curl -fsSL https://get.docker.com | sh -dnf install -y golang-go make kubernetes-client podman docker-ce-rootless-extras -systemctl enable --now docker - -# Configuration for rootless: https://kind.sigs.k8s.io/docs/user/rootless/ -mkdir -p "/etc/systemd/system/[email protected]" -cat <<EOF >"/etc/systemd/system/[email protected]/delegate.conf" -[Service] -Delegate=yes -EOF -systemctl daemon-reload diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/hack/ci/init-vm.sh new/kind-0.31.0/hack/ci/init-vm.sh --- old/kind-0.30.0/hack/ci/init-vm.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/kind-0.31.0/hack/ci/init-vm.sh 2025-12-18 01:51:55.000000000 +0100 @@ -0,0 +1,49 @@ +#!/bin/bash +set -eux -o pipefail +# Ensure network-related modules to be loaded +modprobe tap ip_tables iptable_nat ip6_tables ip6table_nat + +# The moby-engine package included in Fedora lacks support for rootless, +# So we need to install docker-ce and docker-ce-rootless-extras from the upstream. +DNF_REPO="" +INSTALL_PODMAN="1" +if grep -q centos /etc/os-release; then + # Works with Rocky and Alma too + DNF_REPO="https://download.docker.com/linux/centos/docker-ce.repo"; + if grep -q el8 /etc/os-release; then + # podman seems to conflict with docker-ce on EL8 + INSTALL_PODMAN="" + fi +elif grep -q fedora /etc/os-release; then + DNF_REPO="https://download.docker.com/linux/fedora/docker-ce.repo"; +else + echo >&2 "Unsupported OS" + exit 1 +fi +DNF="dnf" +if command -v dnf5 &>/dev/null; then + # DNF 5 (Fedora 41 or later) + DNF="dnf5" + "$DNF" config-manager addrepo --from-repofile="${DNF_REPO}" +else + # DNF 4 + "$DNF" config-manager --add-repo="${DNF_REPO}" +fi +"$DNF" install -y git golang make docker-ce docker-ce-rootless-extras +systemctl enable --now docker +if [ -n "${INSTALL_PODMAN}" ]; then + "$DNF" install -y podman +fi + +# Install kubectl +GOARCH="$(uname -m | sed -e 's/aarch64/arm64/' -e 's/x86_64/amd64/')" +curl -L -o /usr/bin/kubectl "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${GOARCH}/kubectl" +chmod +x /usr/bin/kubectl + +# Configuration for rootless: https://kind.sigs.k8s.io/docs/user/rootless/ +mkdir -p "/etc/systemd/system/[email protected]" +cat <<EOF >"/etc/systemd/system/[email protected]/delegate.conf" +[Service] +Delegate=yes +EOF +systemctl daemon-reload diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/images/Makefile.common.in new/kind-0.31.0/images/Makefile.common.in --- old/kind-0.30.0/images/Makefile.common.in 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/images/Makefile.common.in 2025-12-18 01:51:55.000000000 +0100 @@ -21,7 +21,7 @@ # for appending build-meta like "_containerd-v1.7.1" TAG_SUFFIX?= # tag based on date-sha -TAG?=$(shell echo "$$(date +v%Y%m%d)-$$(git describe --always --dirty)") +TAG?=$(shell echo "$$(date +v%Y%m%d)-$$(git log --pretty=format:'%h' -n 1)") # the full image tag IMAGE?=$(REGISTRY)/$(IMAGE_NAME):$(TAG)$(TAG_SUFFIX) # Go version to use, respected by images that build go binaries diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/images/base/Dockerfile new/kind-0.31.0/images/base/Dockerfile --- old/kind-0.30.0/images/base/Dockerfile 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/images/base/Dockerfile 2025-12-18 01:51:55.000000000 +0100 @@ -122,7 +122,7 @@ # stage for building containerd FROM go-build AS build-containerd ARG TARGETARCH GO_VERSION -ARG CONTAINERD_VERSION="v2.1.4" +ARG CONTAINERD_VERSION="v2.2.0" ARG CONTAINERD_CLONE_URL="https://github.com/containerd/containerd"; # we don't build with optional snapshotters, we never select any of these # they're not ideal inside kind anyhow, and we save some disk space @@ -140,7 +140,9 @@ # stage for building runc FROM go-build AS build-runc ARG TARGETARCH GO_VERSION -ARG RUNC_VERSION="v1.3.0" +# TODO: upgrade to 1.3.x to match containerd after resolving: +# https://github.com/kubernetes/kubernetes/issues/135214 +ARG RUNC_VERSION="v1.2.9" ARG RUNC_CLONE_URL="https://github.com/opencontainers/runc"; RUN git clone --filter=tree:0 "${RUNC_CLONE_URL}" /runc \ && cd /runc \ @@ -168,7 +170,7 @@ # stage for building cni-plugins FROM go-build AS build-cni ARG TARGETARCH GO_VERSION -ARG CNI_PLUGINS_VERSION="v1.7.1" +ARG CNI_PLUGINS_VERSION="v1.8.0" ARG CNI_PLUGINS_CLONE_URL="https://github.com/containernetworking/plugins"; RUN git clone --filter=tree:0 "${CNI_PLUGINS_CLONE_URL}" /cni-plugins \ && cd /cni-plugins \ @@ -189,7 +191,7 @@ # stage for building containerd-fuse-overlayfs FROM go-build AS build-fuse-overlayfs ARG TARGETARCH GO_VERSION -ARG CONTAINERD_FUSE_OVERLAYFS_VERSION="v2.1.6" +ARG CONTAINERD_FUSE_OVERLAYFS_VERSION="v2.1.7" ARG CONTAINERD_FUSE_OVERLAYFS_CLONE_URL="https://github.com/containerd/fuse-overlayfs-snapshotter"; RUN git clone --filter=tree:0 "${CONTAINERD_FUSE_OVERLAYFS_CLONE_URL}" /fuse-overlayfs-snapshotter \ && cd /fuse-overlayfs-snapshotter \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/images/base/cloudbuild.yaml new/kind-0.31.0/images/base/cloudbuild.yaml --- old/kind-0.30.0/images/base/cloudbuild.yaml 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/images/base/cloudbuild.yaml 2025-12-18 01:51:55.000000000 +0100 @@ -3,6 +3,6 @@ substitution_option: ALLOW_LOOSE machineType: E2_HIGHCPU_32 steps: -- name: gcr.io/k8s-staging-test-infra/krte:latest-master +- name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:latest entrypoint: make args: ['-C', 'images/base', 'push'] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/images/haproxy/cloudbuild.yaml new/kind-0.31.0/images/haproxy/cloudbuild.yaml --- old/kind-0.30.0/images/haproxy/cloudbuild.yaml 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/images/haproxy/cloudbuild.yaml 2025-12-18 01:51:55.000000000 +0100 @@ -3,6 +3,6 @@ substitution_option: ALLOW_LOOSE machineType: E2_HIGHCPU_8 steps: -- name: gcr.io/k8s-staging-test-infra/krte:latest-master +- name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:latest entrypoint: make args: ['-C', 'images/haproxy', 'push'] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/images/kindnetd/cloudbuild.yaml new/kind-0.31.0/images/kindnetd/cloudbuild.yaml --- old/kind-0.30.0/images/kindnetd/cloudbuild.yaml 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/images/kindnetd/cloudbuild.yaml 2025-12-18 01:51:55.000000000 +0100 @@ -3,6 +3,6 @@ substitution_option: ALLOW_LOOSE machineType: E2_HIGHCPU_32 steps: -- name: gcr.io/k8s-staging-test-infra/krte:latest-master +- name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:latest entrypoint: make args: ['-C', 'images/kindnetd', 'push'] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/images/local-path-helper/cloudbuild.yaml new/kind-0.31.0/images/local-path-helper/cloudbuild.yaml --- old/kind-0.30.0/images/local-path-helper/cloudbuild.yaml 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/images/local-path-helper/cloudbuild.yaml 2025-12-18 01:51:55.000000000 +0100 @@ -3,6 +3,6 @@ substitution_option: ALLOW_LOOSE machineType: E2_HIGHCPU_8 steps: -- name: gcr.io/k8s-staging-test-infra/krte:latest-master +- name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:latest entrypoint: make args: ['-C', 'images/local-path-helper', 'push'] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/images/local-path-provisioner/Makefile new/kind-0.31.0/images/local-path-provisioner/Makefile --- old/kind-0.30.0/images/local-path-provisioner/Makefile 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/images/local-path-provisioner/Makefile 2025-12-18 01:51:55.000000000 +0100 @@ -11,6 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -VERSION=v0.0.30 +VERSION=v0.0.32 EXTRA_BUILD_OPT=--build-arg=VERSION=$(VERSION) include $(CURDIR)/../Makefile.common.in \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/images/local-path-provisioner/cloudbuild.yaml new/kind-0.31.0/images/local-path-provisioner/cloudbuild.yaml --- old/kind-0.30.0/images/local-path-provisioner/cloudbuild.yaml 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/images/local-path-provisioner/cloudbuild.yaml 2025-12-18 01:51:55.000000000 +0100 @@ -3,6 +3,6 @@ substitution_option: ALLOW_LOOSE machineType: E2_HIGHCPU_8 steps: -- name: gcr.io/k8s-staging-test-infra/krte:latest-master +- name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:latest entrypoint: make args: ['-C', 'images/local-path-provisioner', 'push'] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/pkg/apis/config/defaults/image.go new/kind-0.31.0/pkg/apis/config/defaults/image.go --- old/kind-0.30.0/pkg/apis/config/defaults/image.go 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/pkg/apis/config/defaults/image.go 2025-12-18 01:51:55.000000000 +0100 @@ -18,4 +18,4 @@ package defaults // Image is the default for the Config.Image field, aka the default node image. -const Image = "kindest/node:v1.34.0@sha256:7416a61b42b1662ca6ca89f02028ac133a309a2a30ba309614e8ec94d976dc5a" +const Image = "kindest/node:v1.35.0@sha256:452d707d4862f52530247495d180205e029056831160e22870e37e3f6c1ac31f" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/pkg/build/nodeimage/const_cni.go new/kind-0.31.0/pkg/build/nodeimage/const_cni.go --- old/kind-0.30.0/pkg/build/nodeimage/const_cni.go 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/pkg/build/nodeimage/const_cni.go 2025-12-18 01:51:55.000000000 +0100 @@ -20,7 +20,7 @@ The default CNI manifest and images are our own tiny kindnet */ -const kindnetdImage = "docker.io/kindest/kindnetd:v20250512-df8de77b" +const kindnetdImage = "docker.io/kindest/kindnetd:v20251212-v0.29.0-alpha-105-g20ccfc88" var defaultCNIImages = []string{kindnetdImage} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/pkg/build/nodeimage/const_storage.go new/kind-0.31.0/pkg/build/nodeimage/const_storage.go --- old/kind-0.30.0/pkg/build/nodeimage/const_storage.go 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/pkg/build/nodeimage/const_storage.go 2025-12-18 01:51:55.000000000 +0100 @@ -26,8 +26,8 @@ - tolerate control plane scheduling taints */ -const storageProvisionerImage = "docker.io/kindest/local-path-provisioner:v20250214-acbabc1a" -const storageHelperImage = "docker.io/kindest/local-path-helper:v20241212-8ac705d0" +const storageProvisionerImage = "docker.io/kindest/local-path-provisioner:v20251212-v0.29.0-alpha-105-g20ccfc88" +const storageHelperImage = "docker.io/kindest/local-path-helper:v20251211-v0.29.0-alpha-100-g82a92c5d" // image we need to preload var defaultStorageImages = []string{storageProvisionerImage, storageHelperImage} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/pkg/build/nodeimage/defaults.go new/kind-0.31.0/pkg/build/nodeimage/defaults.go --- old/kind-0.30.0/pkg/build/nodeimage/defaults.go 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/pkg/build/nodeimage/defaults.go 2025-12-18 01:51:55.000000000 +0100 @@ -22,4 +22,4 @@ // DefaultBaseImage is the default base image used // TODO: come up with a reasonable solution to digest pinning // https://github.com/moby/moby/issues/43188 -const DefaultBaseImage = "docker.io/kindest/base:v20250710-v0.29.0-alpha-25-g9ac770cf" +const DefaultBaseImage = "docker.io/kindest/base:v20251215-d00590df" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/pkg/cluster/internal/loadbalancer/const.go new/kind-0.31.0/pkg/cluster/internal/loadbalancer/const.go --- old/kind-0.30.0/pkg/cluster/internal/loadbalancer/const.go 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/pkg/cluster/internal/loadbalancer/const.go 2025-12-18 01:51:55.000000000 +0100 @@ -17,7 +17,7 @@ package loadbalancer // Image defines the loadbalancer image:tag -const Image = "docker.io/kindest/haproxy:v20230606-42a2262b" +const Image = "docker.io/kindest/haproxy:v20251211-v0.29.0-alpha-100-g82a92c5d" // ConfigPath defines the path to the config file in the image const ConfigPath = "/usr/local/etc/haproxy/haproxy.cfg" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/pkg/cluster/internal/providers/docker/network.go new/kind-0.31.0/pkg/cluster/internal/providers/docker/network.go --- old/kind-0.30.0/pkg/cluster/internal/providers/docker/network.go 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/pkg/cluster/internal/providers/docker/network.go 2025-12-18 01:51:55.000000000 +0100 @@ -271,7 +271,10 @@ // even on hosts that lack ip6tables setup. // Preferably users would either have ip6tables setup properly or else disable ipv6 in docker const dockerIPV6TablesError = "Error response from daemon: Failed to Setup IP tables: Unable to enable NAT rule: (iptables failed: ip6tables" - return strings.HasPrefix(errorMessage, dockerIPV6DisabledError) || strings.HasPrefix(errorMessage, dockerIPV6TablesError) + // we get this error when ipv6 is missing in kernel + const dockerIPV6PolicyError = "Error response from daemon: setting default policy to DROP in FORWARD chain failed: (iptables failed: ip6tables" + + return strings.HasPrefix(errorMessage, dockerIPV6DisabledError) || strings.HasPrefix(errorMessage, dockerIPV6TablesError) || strings.HasPrefix(errorMessage, dockerIPV6PolicyError) } func isPoolOverlapError(err error) bool { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/pkg/cluster/internal/providers/docker/node.go new/kind-0.31.0/pkg/cluster/internal/providers/docker/node.go --- old/kind-0.30.0/pkg/cluster/internal/providers/docker/node.go 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/pkg/cluster/internal/providers/docker/node.go 2025-12-18 01:51:55.000000000 +0100 @@ -9,7 +9,7 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or impliep. +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/pkg/cmd/kind/version/version.go new/kind-0.31.0/pkg/cmd/kind/version/version.go --- old/kind-0.30.0/pkg/cmd/kind/version/version.go 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/pkg/cmd/kind/version/version.go 2025-12-18 01:51:55.000000000 +0100 @@ -58,7 +58,7 @@ } // versionCore is the core portion of the kind CLI version per Semantic Versioning 2.0.0 -const versionCore = "0.30.0" +const versionCore = "0.31.0" // versionPreRelease is the base pre-release portion of the kind CLI version per // Semantic Versioning 2.0.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/site/config.toml new/kind-0.31.0/site/config.toml --- old/kind-0.30.0/site/config.toml 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/site/config.toml 2025-12-18 01:51:55.000000000 +0100 @@ -67,7 +67,7 @@ home = ["HTML", "REDIRECTS"] [params] -stable = "v0.29.0" +stable = "v0.30.0" # privacy settings [privacy] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/site/content/docs/user/configuration.md new/kind-0.31.0/site/content/docs/user/configuration.md --- old/kind-0.30.0/site/content/docs/user/configuration.md 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/site/content/docs/user/configuration.md 2025-12-18 01:51:55.000000000 +0100 @@ -86,13 +86,14 @@ Kubernetes API server runtime-config can be toggled using the `runtimeConfig` key, which maps to the `--runtime-config` [kube-apiserver flag](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/). -This may be used to e.g. disable beta / alpha APIs. +This may be used to e.g. disable beta / alpha APIs, or even enable deprecated APIs. {{< codeFromInline lang="yaml" >}} kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 runtimeConfig: "api/alpha": "false" + "apps/v1beta2": "true" {{< /codeFromInline >}} ### Networking diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/site/content/docs/user/ingress.md new/kind-0.31.0/site/content/docs/user/ingress.md --- old/kind-0.30.0/site/content/docs/user/ingress.md 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/site/content/docs/user/ingress.md 2025-12-18 01:51:55.000000000 +0100 @@ -8,136 +8,68 @@ description: |- This guide covers setting up [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) on a kind cluster. --- -## Setting Up An Ingress Controller +## Compatibility: +This guide applies to [cloud-provider-kind](https://github.com/kubernetes-sigs/cloud-provider-kind) v0.9.0+. For older versions, refer to historical docs. + +## Setting Up Ingress Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. -1. [Create a cluster](#create-cluster): There are two primary methods to direct external traffic to Services inside the cluster: - 1. using a [LoadBalancer]. - 2. leverage KIND's `extraPortMapping` config option when creating a cluster to forward ports from the host. +Since cloud-provider-kind v0.9.0, it natively supports Ingress. No third-party ingress controllers are required by default. -2. Deploy an Ingress controller, we document [Ingress NGINX](#ingress-nginx) here but other ingresses may work including [Contour](https://projectcontour.io/docs/main/guides/kind/) and Kong, you should follow their docs if you choose to use them. +For third-party ingress solutions (e.g., Ingress NGINX, Contour), please follow their official documentation. -> **NOTE**: You may also want to consider using [Gateway API](https://gateway-api.sigs.k8s.io/) instead of Ingress. -> Gateway API has an [Ingress migration guide](https://gateway-api.sigs.k8s.io/guides/migrating-from-ingress/). -> -> You can use blixt to test Gateway API with kind https://github.com/kubernetes-sigs/blixt#usage +> **NOTE**: Gateway API is also natively supported (along with Ingress). See the official [Ingress migration guide](https://gateway-api.sigs.k8s.io/guides/migrating-from-ingress/) for details. -### Create Cluster +## Create Cluster -#### Option 1: LoadBalancer +> **WARNING**: If you are using a [rootless container runtime], ensure your host is +> properly configured before creating the KIND cluster. Most Ingress and Gateway controllers will +> not work if these steps are skipped. -Create a kind cluster and run [Cloud Provider KIND] -to enable the loadbalancer controller which ingress-nginx will use through the loadbalancer API. +Create a kind cluster and run [Cloud Provider KIND] that automatically enables LoadBalancer support for Ingress. Create a cluster as follows. {{< codeFromInline lang="bash" >}} kind create cluster {{< /codeFromInline >}} -#### Option 2: extraPortMapping - -Create a single node kind cluster with `extraPortMappings` to allow the local host to make requests to the Ingress controller over ports 80/443. - -{{< codeFromInline lang="bash" >}} -cat <<EOF | kind create cluster --config=- -kind: Cluster -apiVersion: kind.x-k8s.io/v1alpha4 -nodes: -- role: control-plane - extraPortMappings: - - containerPort: 80 - hostPort: 80 - protocol: TCP - - containerPort: 443 - hostPort: 443 - protocol: TCP -EOF -{{< /codeFromInline >}} - -If you want to run with multiple nodes you must ensure that your ingress-controller is deployed on the same node where you have configured the PortMapping, in this example you can use a [nodeSelector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) to specify the control-plane node name. - -{{< codeFromInline lang="yaml" >}} -nodeSelector: - kubernetes.io/hostname: "kind-control-plane" -{{< /codeFromInline >}} - -### Ingress NGINX - -{{< codeFromInline lang="bash" >}} -kubectl apply -f {{< absURL "examples/ingress/deploy-ingress-nginx.yaml" >}} -{{< /codeFromInline >}} - -Now the Ingress is all setup. Wait until is ready to process requests running: - -{{< codeFromInline lang="bash" >}} -kubectl wait --namespace ingress-nginx \ - --for=condition=ready pod \ - --selector=app.kubernetes.io/component=controller \ - --timeout=90s -{{< /codeFromInline >}} - -Refer [Using Ingress](#using-ingress) for a basic example usage. - ## Using Ingress -The following example creates simple http-echo services -and an Ingress object to route to these services. +The following example creates simple http-echo services and an Ingress object to route to these services. ```yaml {{% readFile "static/examples/ingress/usage.yaml" %}} ``` -Apply the contents +Apply the configuration: {{< codeFromInline lang="bash" >}} kubectl apply -f {{< absURL "examples/ingress/usage.yaml" >}} {{< /codeFromInline >}} -Now verify that the ingress works +### Verify Ingress Works -#### Option 1: LoadBalancer - -Check the External IP assigned to the Ingress controller by the LoadBalancer +Check the External IP assigned to the Ingress by the built-in LoadBalancer. {{< codeFromInline lang="bash" >}} -kubectl -n ingress-nginx get services -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -ingress-nginx-controller LoadBalancer 10.96.33.233 192.168.8.5 80:31753/TCP,443:30288/TCP 27d -ingress-nginx-controller-admission ClusterIP 10.96.80.178 <none> 443/TCP 27d +kubectl get ingress +NAME CLASS HOSTS ADDRESS PORTS AGE +example-ingress <none> example.com 172.18.0.5 80 10m {{< /codeFromInline >}} {{< codeFromInline lang="bash" >}} +# get the Ingress IP -# get the loadalancer IP - -LOADBALANCER_IP=$(kubectl get services \ - --namespace ingress-nginx \ - ingress-nginx-controller \ - --output jsonpath='{.status.loadBalancer.ingress[0].ip}') - -# should output "foo-app" - -curl ${LOADBALANCER_IP}/foo - -# should output "bar-app" - -curl ${LOADBALANCER_IP}/bar -{{< /codeFromInline >}} - -#### Option 2: extraPortMapping - -The Ingress controller ports will be exposed in your `localhost` address - -{{< codeFromInline lang="bash" >}} +INGRESS_IP=$(kubectl get ingress example-ingress -o jsonpath='{.status.loadBalancer.ingress[0].ip}') # should output "foo-app" -curl localhost/foo +curl ${INGRESS_IP}/foo # should output "bar-app" - -curl localhost/bar +curl ${INGRESS_IP}/bar {{< /codeFromInline >}} [LoadBalancer]: /docs/user/loadbalancer/ [Cloud Provider KIND]: /docs/user/loadbalancer/ +[rootless container runtime]: /docs/user/rootless/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/site/content/docs/user/quick-start.md new/kind-0.31.0/site/content/docs/user/quick-start.md --- old/kind-0.30.0/site/content/docs/user/quick-start.md 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/site/content/docs/user/quick-start.md 2025-12-18 01:51:55.000000000 +0100 @@ -157,9 +157,12 @@ More usage can be discovered with `kind create cluster --help`. -The kind can auto-detect the [docker], [podman], or [nerdctl] installed and choose the available one. If you want to turn off the auto-detect, use the environment variable `KIND_EXPERIMENTAL_PROVIDER=docker`, `KIND_EXPERIMENTAL_PROVIDER=podman` or `KIND_EXPERIMENTAL_PROVIDER=nerdctl` to +kind can auto-detect the [docker], [podman], or [nerdctl] installed and choose the available one. If you want to turn off the auto-detect, use the environment variable `KIND_EXPERIMENTAL_PROVIDER=docker`, `KIND_EXPERIMENTAL_PROVIDER=podman` or `KIND_EXPERIMENTAL_PROVIDER=nerdctl` to select the runtime. +> **NOTE**: podman and nerdctl operate in [rootless mode](/docs/user/rootless) by default. Extra +> setup is needed for KIND clusters to be fully functional. + ## Interacting With Your Cluster After [creating a cluster](#creating-a-cluster), you can use [kubectl][kubectl] @@ -218,13 +221,21 @@ ## Loading an Image Into Your Cluster -Docker images can be loaded into your cluster nodes with: +You can load one or more images into your kind cluster: + +```bash +kind load docker-image my-app:latest +``` + +```bash +kind load docker-image my-app:latest my-db:latest my-cache:latest +``` -`kind load docker-image my-custom-image-0 my-custom-image-1` +Note: If using a named cluster you will need to specify the name of the cluster: -> **Note**: If using a named cluster you will need to specify the name of the -> cluster you wish to load the images into: -> `kind load docker-image my-custom-image-0 my-custom-image-1 --name kind-2` +```bash +kind load docker-image my-app:latest --name test-cluster +``` Additionally, image archives can be loaded with: `kind load image-archive /my-image-archive.tar` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/site/content/docs/user/rootless.md new/kind-0.31.0/site/content/docs/user/rootless.md --- old/kind-0.30.0/site/content/docs/user/rootless.md 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/site/content/docs/user/rootless.md 2025-12-18 01:51:55.000000000 +0100 @@ -9,57 +9,212 @@ Starting with kind 0.11.0, [Rootless Docker](https://docs.docker.com/go/rootless/), [Rootless Podman](https://github.com/containers/podman/blob/master/docs/tutorials/rootless_tutorial.md) and [Rootless nerdctl](https://github.com/containerd/nerdctl/blob/main/docs/rootless.md) can be used as the node provider of kind. ## Provider requirements + - Docker: 20.10 or later - Podman: 3.0 or later - nerdctl: 1.7 or later ## Host requirements -The host needs to be running with cgroup v2. -Make sure that the result of the `docker info` command contains `Cgroup Version: 2`. -If it prints `Cgroup Version: 1`, try adding `GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=1"` to `/etc/default/grub` and -running `sudo update-grub` to enable cgroup v2. - -Also, depending on the host configuration, the following steps might be needed: - -- Create `/etc/systemd/system/[email protected]/delegate.conf` with the following content, and then run `sudo systemctl daemon-reload`: - - ```ini - [Service] - Delegate=yes - ``` - - (This is not enabled by default because ["the runtime impact of - [delegating the "cpu" controller] is still too - high"](https://lists.fedoraproject.org/archives/list/[email protected]/thread/ZMKLS7SHMRJLJ57NZCYPBAQ3UOYULV65/). - Beware that changing this configuration may affect system - performance.) - - Please note that: - - - `/etc/systemd/system/[email protected]/` directory needs to be created if not already present on your host - - If using Docker and it was already running when this step was done, a restart is needed for the changes to take - effect - {{< codeFromInline lang="bash" >}} - systemctl --user restart docker - {{< /codeFromInline >}} - -- Create `/etc/modules-load.d/iptables.conf` with the following content: - - ``` - ip6_tables - ip6table_nat - ip_tables - iptable_nat - ``` -- If using podman, be aware that by default there is a [limit](https://docs.podman.io/en/v4.3/markdown/options/pids-limit.html#pids-limit-limit) to the number of pids that can be created. This can cause problems like nginx workers inside a container not spawning correctly. - - If you want to disable this limit, edit your `containers.conf` file (generally located in `/etc/containers/containers.conf`). Note that this could cause things like pid exhaustion to happen on the host machine. Alternatively, change `0` to your desired new limit: +### cgroup v2 + +The host needs to be running with cgroup v2, which is the default for many Linux disributions: + +- Ubuntu: 21.10 and later. +- Fedora: 31 and later. +- Arch: April 2021 release and later. + +You can verify the cgroup version used by your controller runtime with the following procedure: + +- `docker`: Run `docker info` and look for `Cgroup Version: 2` in the output. +- `podman`: Run `podman info` and look for `cgroupVersion: v2` in the output. +- `nerdctl`: Run `nerdctl info` and look for `Cgroup Version: 2` in the output. + +If the `info` output prints `Cgroup Version: 1` or equivalent, try the following to enable cgroup v2: + +1. In `/etc/default/grub`, add the line `GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=1"` +2. Run `sudo update-grub` to enable cgroup v2. + +Your host will also need to enable [cgroup delegation](https://systemd.io/CGROUP_DELEGATION/) of the `cpu` controller for +user services. This is enabled by default for distributions running `systemd` version 252 and higher. + +To enable cgroup delegation for all the controllers, do the following: + +1. Check your version of `systemd` by running `systemctl --version`. If the output prints + `systemd 252` or higher, no further action is needed. Example output below from a Fedora host: + + ```sh + $ systemctl --version + systemd 257 (257.9-2.fc42) + ``` + +2. For systems with older versions of `systemd`, first create the directory + `/etc/systemd/system/[email protected]/` if it is not present. + + ```sh + sudo mkdir -p /etc/systemd/system/[email protected]/ + ``` + +3. Next, create the file `/etc/systemd/system/[email protected]/delegate.conf` with the following content: + + ```ini + [Service] + Delegate=yes + ``` + +4. Reload systemd for these changes to take effect: + + ```sh + sudo systemctl daemon-reload + ``` + +5. If using docker, reload the user docker daemon: + + ```sh + systemctl --user restart docker + ``` + +### Networking + +Containers running in rootless mode may not loaded with host-level iptable modules. +This breaks the behavior of most networking components, such as Ingress and Gateway controllers. + +To load the iptable modules, do the following: + +1. First, use `lsmod` to check which kernel modules are loaded by default for user processes on + your system. Use `grep` to find which iptable modules are loaded: + + ```sh + lsmod | grep "ip.*table" + ``` + +2. Check the output for the following kernel modules: + - `ip6_tables` + - `ip6table_nat` + - `ip_tables` + - `iptable_nat` + +3. If one or more of the kernel modules above are not present, your system needs to load these at + startup for each process. First, run the following command to add these missing modules: + + ```sh + sudo tee /etc/modules-load.d/iptables.conf > /dev/null <<'EOF' + ip6_tables + ip6table_nat + ip_tables + iptable_nat + EOF + ``` + +4. Check that the new module loading configuration is correct. You should see the following output: + + ```sh + $ cat /etc/modules-load.d/iptables.conf + ip6_tables + ip6table_nat + ip_tables + iptable_nat + ``` + +5. Next, restart the `systemd-modules-load` service to make these changes effective immediately: + + ```sh + sudo systemctl restart systemd-modules-load.service + ``` + +Alternatively, restart your system to ensure these changes take effect. + +### Increase PID Limits + +KIND nodes are represented as individual containers on their hosts. Runtimes such as podman set +default [process id limits](https://docs.podman.io/en/v4.3/markdown/options/pids-limit.html#pids-limit-limit) +that may be too low for the node or for a pod running on the node. The Ingress NGINX Controller is +[particularly susceptible](https://github.com/kubernetes-sigs/kind/issues/3451) to this issue. + +To increase the PID limit, do the following: + +1. If using podman, edit your `containers.conf` file (generally located in + `/etc/containers/containers.conf` or `~/.config/containers/containers.conf`) to increase the PIDs + limit to a desired value (default 4096 on most systems): ```ini [containers] - pids_limit = 0 + pids_limit = 65536 ``` +2. Re-recreate the KIND cluster for these changes to take effect: + + ```sh + kind delete cluster && kind create cluster + ``` + +### Increase inotify Limits + +As documented in [known issues](/docs/user/known-issues/#pod-errors-due-to-too-many-open-files), pods may +fail by reaching inotify watch and instance limits. Ingress controllers such as NGINX and Contour +are particularly susceptible to this issue. + +To increase the inotify limits, do the following: + +1. As root, create a `.conf` file in `/etc/systctl.d` that increases the `fs.inotify` max user settings: + + ``` + fs.inotify.max_user_watches = 524288 + fs.inotify.max_user_instances = 512 + ``` + +2. Reload `sysctl` for these changes to take effect: + + ```sh + sudo sysctl --system + ``` + +Alternatively, restart your system for these changes to take effect. + +### Allow Binding to Privileged Ports + +If you use the `extraPortMappings` method to provide ingress to your KIND cluster, you can allow +the KIND node container to bind to ports 80 and 443 on the host. User containers cannot bind to +ports below 1024 by default as they are considered privileged. + +You can avoid this issue by binding the node to a non-privileged host port, such as 8080 or 8443: + +```yaml +# kind config.yaml +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +nodes: +- role: control-plane + extraPortMappings: + - containerPort: 80 + hostPort: 8080 + protocol: TCP + - containerPort: 443 + hostPort: 8443 + protocol: TCP +``` + +Note that with this configuration, requests to your cluster ingress will need to add the +appropriate port number. In the example above, HTTP requests must use `localhost:8080` in the URL. + +To allow a KIND node to bind to ports 80 and/or 443 on the host, do the following: + +1. As root, create a `.conf` file in `/etc/systctl.d` that lowers the privileged port start number: + + ``` + # Allow unprivileged binding to HTTP port 80 + # Use 443 if you only need binding to the default HTTPS port + net.ipv4.ip_unprivileged_port_start=80 + ``` + +2. Reload `sysctl` for these changes to take effect: + + ```sh + sudo sysctl --system + ``` + +Alternatively, restart your system for these changes to take effect. + ## Restrictions The restrictions of Rootless Docker apply to kind clusters as well. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kind-0.30.0/site/content/docs/user/using-wsl2.md new/kind-0.31.0/site/content/docs/user/using-wsl2.md --- old/kind-0.30.0/site/content/docs/user/using-wsl2.md 2025-08-27 19:42:16.000000000 +0200 +++ new/kind-0.31.0/site/content/docs/user/using-wsl2.md 2025-12-18 01:51:55.000000000 +0100 @@ -102,11 +102,11 @@ {{< codeFromInline lang="bash" >}} docker run --name wsl-kernel-builder --rm -it ubuntu:latest bash -WSL_COMMIT_REF=linux-msft-wsl-5.15.146.1 # change this line to the version you want to build +WSL_COMMIT_REF=linux-msft-wsl-6.6.87.2-1 # change this line to the version you want to build # Install dependencies apt update -apt install -y git build-essential flex bison libssl-dev libelf-dev bc dwarves python3 +apt install -y git build-essential flex bison libssl-dev libelf-dev bc dwarves python3 cpio # Checkout WSL2 Kernel repo mkdir src ++++++ kind.obsinfo ++++++ --- /var/tmp/diff_new_pack.M6Fidu/_old 2025-12-18 18:35:55.188873927 +0100 +++ /var/tmp/diff_new_pack.M6Fidu/_new 2025-12-18 18:35:55.200874431 +0100 @@ -1,5 +1,5 @@ name: kind -version: 0.30.0 -mtime: 1756316536 -commit: 9a205e8c8540557602240f8766d3c95c51c23c4c +version: 0.31.0 +mtime: 1766019115 +commit: a323333ff9efd8099f95a8a6b5c86c75a210d00f ++++++ vendor.tar.gz ++++++
