v1.32.3

Full Changelog: v1.32.2..v1.32.3

v1.31.4

Full Changelog: v1.31.3..v1.31.4

v1.30.10

Full Changelog: v1.30.9..v1.30.10

v1.29.13

Full Changelog: v1.29.12..v1.29.13

Changes by Kind

Bug or Regression

• BEHAVIOR CHANGE: In the multi-slb initial design, an empty node selector matches all nodes, but only when there is no non-empty selector matching the node. In this fix we correct this behavior.

  fix: Empty node selector should work after non-empty node selector (#8329, @nilo19)

• Fix(credential-provider): check acr pattern to avoid spoofing (#8255, @mainred)

• Fix: Remove all routes that have the node name as prefix (#8427, @nilo19)

• Fix: Remove managed pip if switched to another pip in a different resource group (#8530, @nilo19)

• Fix: add http timeout to avoid connection stuck (#8393, @feiskyer)

Dependencies

Added

• github.com/Azure/msi-dataplane: v0.4.2
• github.com/antlr4-go/antlr/v4: v4.13.1

Changed

• github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache: v0.3.1 → v0.3.2
• github.com/Azure/azure-sdk-for-go/sdk/azidentity: v1.8.1 → v1.8.2
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v6: v6.3.0 → v6.4.0
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage: v1.6.0 → v1.7.0
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets: v1.3.0 → v1.3.1
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal: v1.1.0 → v1.1.1
• github.com/AzureAD/microsoft-authentication-library-for-go: v1.3.2 → v1.4.0
• github.com/cpuguy83/go-md2man/v2: v2.0.4 → v2.0.6
• github.com/google/go-cmp: v0.6.0 → v0.7.0
• github.com/klauspost/compress: v1.17.9 → v1.17.11
• github.com/onsi/ginkgo/v2: v2.22.2 → v2.23.0
• github.com/prometheus/client_golang: v1.20.5 → v1.21.1
• github.com/prometheus/common: v0.61.0 → v0.62.0
• github.com/spf13/cobra: v1.8.1 → v1.9.1
• go.opentelemetry.io/otel/exporters/prometheus: v0.56.0 → v0.57.0
• go.opentelemetry.io/otel/metric: v1.34.0 → v1.35.0
• go.opentelemetry.io/otel/sdk/metric: v1.34.0 → v1.35.0
• go.opentelemetry.io/otel/sdk: v1.34.0 → v1.35.0
• go.opentelemetry.io/otel/trace: v1.34.0 → v1.35.0
• go.opentelemetry.io/otel: v1.34.0 → v1.35.0
• golang.org/x/crypto: v0.33.0 → v0.36.0
• golang.org/x/mod: v0.22.0 → v0.23.0
• golang.org/x/net: v0.34.0 → v0.37.0
• golang.org/x/sync: v0.11.0 → v0.12.0
• golang.org/x/sys: v0.30.0 → v0.31.0
• golang.org/x/term: v0.29.0 → v0.30.0
• golang.org/x/text: v0.22.0 → v0.23.0
• golang.org/x/time: v0.10.0 → v0.11.0
• golang.org/x/tools: v0.28.0 → v0.30.0
• google.golang.org/protobuf: v1.36.3 → v1.36.5
• k8s.io/apiserver: v0.29.13 → v0.29.14
• k8s.io/cloud-provider: v0.29.13 → v0.29.14
• k8s.io/component-base: v0.29.13 → v0.29.14
• k8s.io/component-helpers: v0.29.13 → v0.29.14
• k8s.io/controller-manager: v0.29.13 → v0.29.14
• k8s.io/cri-api: v0.29.13 → v0.29.14
• k8s.io/kms: v0.29.13 → v0.29.14
• k8s.io/kubelet: v0.29.13 → v0.29.14
• k8s.io/utils: 18e509b → 24370be
• sigs.k8s.io/cloud-provider-azure/pkg/azclient: v0.4.16 → v0.5.9

Removed

• github.com/go-kit/log: v0.2.1
• github.com/go-logfmt/logfmt: v0.5.1

v1.32.2

Full Changelog: v1.32.1..v1.32.2

v1.31.3

Full Changelog: v1.31.2..v1.31.3

v1.30.9

Full Changelog: v1.30.8..v1.30.9

v1.32.1

Full Changelog: v1.32.0..v1.32.1

Changes by Kind

Feature

• Fetch async update result as soon as the vm update operation id is returned. (#8420, @k8s-infra-cherrypick-robot)

Bug or Regression

• BEHAVIOR CHANGE: In the multi-slb initial design, an empty node selector matches all nodes, but only when there is no non-empty selector matchin the node. In this fix we correct this behavior.

  fix: Empty node selector should work after non-empty node selector (#8351, @k8s-infra-cherrypick-robot)

• Fix(credential-provider): check acr pattern to avoid spoofing (#8284, @k8s-infra-cherrypick-robot)

• Fix: disk attach/detach failure with track2 sdk (#8282, @k8s-infra-cherrypick-robot)

• Introduced prefix-based matching for systemTags during tag reconciliation.

  • Tags starting with a prefix defined in systemTags (e.g., aks-managed) will now be matched and retained.
  • For example: Adding aks-managed to systemTags ensures tags like aks-managed-cluster-name and aks-managed-cluster-rg are preserved. (#8228, @k8s-infra-cherrypick-robot)

• Tags with values resembling "null" (e.g., " null " or " NuLL ") will now retain their leading and trailing whitespace during inheritance or updates to avoid errors caused by ARM's reserved tag value "null".
  This change only affects tags with such specific values, ensuring all other tags continue to have whitespace trimmed as before. (#8229, @k8s-infra-cherrypick-robot)

Dependencies

Added

• github.com/Azure/msi-dataplane: v0.4.0
• github.com/niemeyer/pretty: a10e7ca

Changed

• github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache: v0.3.0 → v0.3.2
• github.com/Azure/azure-sdk-for-go/sdk/azidentity: v1.8.0 → v1.8.2
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6: v6.2.0 → v6.3.0
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets: v1.3.0 → v1.3.1
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal: v1.1.0 → v1.1.1
• github.com/AzureAD/microsoft-authentication-library-for-go: v1.3.1 → v1.3.3
• github.com/antlr4-go/antlr/v4: v4.13.0 → v4.13.1
• github.com/cpuguy83/go-md2man/v2: v2.0.4 → v2.0.6
• github.com/evanphx/json-patch: v5.9.0+incompatible → v5.9.11+incompatible
• github.com/klauspost/compress: v1.17.9 → v1.17.11
• github.com/prometheus/client_golang: v1.20.5 → v1.21.0
• github.com/prometheus/common: v0.61.0 → v0.62.0
• github.com/redis/go-redis/v9: v9.6.1 → v9.7.0
• github.com/samber/lo: v1.47.0 → v1.49.1
• github.com/spf13/cobra: v1.8.1 → v1.9.1
• github.com/spf13/pflag: v1.0.5 → v1.0.6
• go.opentelemetry.io/otel/exporters/prometheus: v0.55.0 → v0.56.0
• go.opentelemetry.io/otel/metric: v1.33.0 → v1.34.0
• go.opentelemetry.io/otel/sdk/metric: v1.33.0 → v1.34.0
• go.opentelemetry.io/otel/sdk: v1.33.0 → v1.34.0
• go.opentelemetry.io/otel/trace: v1.33.0 → v1.34.0
• go.opentelemetry.io/otel: v1.33.0 → v1.34.0
• golang.org/x/crypto: v0.32.0 → v0.33.0
• golang.org/x/net: v0.34.0 → v0.35.0
• golang.org/x/sync: v0.10.0 → v0.11.0
• golang.org/x/sys: v0.29.0 → v0.30.0
• golang.org/x/term: v0.28.0 → v0.29.0
• golang.org/x/text: v0.21.0 → v0.22.0
• golang.org/x/time: v0.9.0 → v0.10.0
• google.golang.org/protobuf: v1.36.1 → v1.36.3
• k8s.io/api: v0.32.0 → v0.32.2
• k8s.io/apimachinery: v0.32.0 → v0.32.2
• k8s.io/apiserver: v0.32.0 → v0.32.2
• k8s.io/client-go: v0.32.0 → v0.32.2
• k8s.io/cloud-provider: v0.32.0 → v0.32.2
• k8s.io/component-base: v0.32.0 → v0.32.2
• k8s.io/component-helpers: v0.32.0 → v0.32.2
• k8s.io/controller-manager: v0.32.0 → v0.32.2
• k8s.io/cri-api: v0.32.0 → v0.32.2
• k8s.io/kms: v0.32.0 → v0.32.2
• k8s.io/kubelet: v0.32.0 → v0.32.2
• k8s.io/utils: 6fe5fd8 → 24370be
• sigs.k8s.io/cloud-provider-azure/pkg/azclient/cache: v0.3.0 → v0.4.0
• sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader: v0.3.3 → v0.4.0
• sigs.k8s.io/cloud-provider-azure/pkg/azclient: v0.4.9 → v0.5.1

Removed

• github.com/go-kit/log: v0.2.1
• github.com/go-logfmt/logfmt: v0.5.1

v1.31.2

Full Changelog: v1.31.1..v1.31.2

Changes by Kind

Testing

• Fix: revert to go1.22 windows filesystem stdlib behavior building with go 1.23 (#7751, @k8s-infra-cherrypick-robot)

Feature

• Feat: Lock updates on azure resources when other component is doing the same thing.

  This PR utilizes a lease in each service reconciliation to prevent race conditions where cloud provider and others are updating the same azure resources. (#7341, @nilo19)

• Feat: match source account as first priority in snapshot restore and volume clone scenarios (#7700, @k8s-infra-cherrypick-robot)

• [credential provider] Add a flag mirrorMapping. This flag is to mirror registry A to B when fetching credential. (#7335, @k8s-infra-cherrypick-robot)

Bug or Regression

• Fix checking service references from tags when deleting PIP (#7263, @zarvd)
• Fix: Change the order of updating vmss vm and vmss (#7539, @k8s-infra-cherrypick-robot)
• Fix: Support switching from loadbalancer to externalName for services (#7565, @k8s-infra-cherrypick-robot)
• Fix: several bugs related to multiple standard load balancers mode.
  1. All endpointslices of a local service should be included in local backend pool updater, instead of only the first endpointslice.
  2. In some rare cases, migration from NIC to IP-based LB can be in a middle state where the NIC references are removed, but those IPConfigs in the backend pool are not. In this case, we should manually exclude those IPConfigs from the request body.
  3. localServiceOwnsBackendPool should compare the full backend pool name, not just prefix, because two service names can share the same prefix.
  4. There is a corner case when the cluster is being updated to multi-slb from classic NIC-based single lb, not from an IP-based cluster. In this case, if the service being reconciled is local, the cloud provider will try to update a NIC pool to IP-based pool direct, which is not allowed. We should skip adding IPs to NIC-based pool in multi-slb mode.
  5. There is a bug in ReconcileBackendPools, where we by mistake parse the LB name to use as the backend pool name. (#7605, @k8s-infra-cherrypick-robot)
• Introduced prefix-based matching for systemTags during tag reconciliation.
  • Tags starting with a prefix defined in systemTags (e.g., aks-managed) will now be matched and retained.
  • For example: Adding aks-managed to systemTags ensures tags like aks-managed-cluster-name and aks-managed-cluster-rg are preserved. (#8147, @k8s-infra-cherrypick-robot)
• Tags with values resembling "null" (e.g., " null " or " NuLL ") will now retain their leading and trailing whitespace during inheritance or updates to avoid errors caused by ARM's reserved tag value "null".
  This change only affects tags with such specific values, ensuring all other tags continue to have whitespace trimmed as before. (#8118, @k8s-infra-cherrypick-robot)

Other (Cleanup or Flake)

• Optimize CIDR aggregation to improve performance and reduce memory usage (#7685, @k8s-infra-cherrypick-robot)

Dependencies

Added

• github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache: v0.3.1
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6: v6.3.0
• github.com/AzureAD/microsoft-authentication-extensions-for-go/cache: v0.1.1
• github.com/dgryski/go-rendezvous: 9f7001d
• github.com/keybase/go-keychain: 57a3676
• github.com/redis/go-redis/v9: v9.7.0
• go.opentelemetry.io/auto/sdk: v1.1.0

Changed

• github.com/Azure/azure-sdk-for-go/sdk/azcore: v1.14.0 → v1.17.0
• github.com/Azure/azure-sdk-for-go/sdk/azidentity: v1.7.0 → v1.8.1
• github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry: v0.2.1 → v0.2.2
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v6: v6.0.0 → v6.3.0
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6: v6.0.0 → v6.2.0
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns: v1.2.0 → v1.3.0
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets: v1.1.0 → v1.3.0
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal: v1.0.0 → v1.1.0
• github.com/Azure/go-autorest/autorest/date: v0.3.0 → v0.3.1
• github.com/Azure/go-autorest/autorest/mocks: v0.4.2 → v0.4.3
• github.com/Azure/go-autorest/autorest: v0.11.29 → v0.11.30
• github.com/Azure/go-autorest/tracing: v0.6.0 → v0.6.1
• github.com/AzureAD/microsoft-authentication-library-for-go: v1.2.2 → v1.3.2
• github.com/evanphx/json-patch: v5.9.0+incompatible → v5.9.11+incompatible
• github.com/fsnotify/fsnotify: v1.7.0 → v1.8.0
• github.com/google/pprof: fa2c70b → 40e02aa
• github.com/onsi/ginkgo/v2: v2.20.2 → v2.22.2
• github.com/onsi/gomega: v1.34.2 → v1.36.2
• github.com/prometheus/client_golang: v1.20.2 → v1.20.5
• github.com/prometheus/common: v0.55.0 → v0.61.0
• github.com/rogpeppe/go-internal: v1.12.0 → v1.13.1
• github.com/spf13/pflag: v1.0.5 → v1.0.6
• github.com/stretchr/testify: v1.9.0 → v1.10.0
• go.opentelemetry.io/otel/exporters/prometheus: v0.50.0 → v0.56.0
• go.opentelemetry.io/otel/metric: v1.30.0 → v1.34.0
• go.opentelemetry.io/otel/sdk/metric: v1.29.0 → v1.34.0
• go.opentelemetry.io/otel/sdk: v1.29.0 → v1.34.0
• go.opentelemetry.io/otel/trace: v1.30.0 → v1.34.0
• go.opentelemetry.io/otel: v1.30.0 → v1.34.0
• go.uber.org/mock: v0.4.0 → v0.5.0
• golang.org/x/crypto: v0.27.0 → v0.33.0
• golang.org/x/mod: v0.20.0 → v0.22.0
• golang.org/x/net: v0.28.0 → v0.34.0
• golang.org/x/oauth2: v0.21.0 → v0.24.0
• golang.org/x/sync: v0.8.0 → v0.11.0
• golang.org/x/sys: v0.25.0 → v0.30.0
• golang.org/x/term: v0.24.0 → v0.29.0
• golang.org/x/text: v0.18.0 → v0.22.0
• golang.org/x/time: v0.6.0 → v0.10.0
• golang.org/x/tools: v0.24.0 → v0.28.0
• google.golang.org/protobuf: v1.34.2 → v1.36.3
• k8s.io/api: v0.31.1 → v0.31.3
• k8s.io/apimachinery: v0.31.1 → v0.31.3
• k8s.io/apiserver: v0.31.1 → v0.31.5
• k8s.io/client-go: v0.31.1...

v1.30.8

Full Changelog: v1.30.7..v1.30.8

Changes by Kind

Testing

• Fix: revert to go1.22 windows filesystem stdlib behavior building with go 1.23 (#7752, @k8s-infra-cherrypick-robot)

Feature

• Feat: Lock updates on azure resources when other component is doing the same thing.

  This PR utilizes a lease in each service reconciliation to prevent race conditions where cloud provider and others are updating the same azure resources. (#7342, @nilo19)

• Feat: always match source account in restore and volume clone scenarios (#8152, @andyzhangx)

• [credential provider] Add a flag mirrorMapping. This flag is to mirror registry A to B when fetching credential. (#7336, @k8s-infra-cherrypick-robot)

Bug or Regression

• Fix checking service references from tags when deleting PIP (#7262, @zarvd)
• Fix: AzureStack env var setting issue (#8129, @andyzhangx)
• Fix: Change the order of updating vmss vm and vmss (#7540, @k8s-infra-cherrypick-robot)
• Fix: Support switching from loadbalancer to externalName for services (#7566, @k8s-infra-cherrypick-robot)
• Fix: VirtualNetworkRule match issue during account search (#8153, @andyzhangx)
• Fix: several bugs related to multiple standard load balancers mode.
  1. All endpointslices of a local service should be included in local backend pool updater, instead of only the first endpointslice.
  2. In some rare cases, migration from NIC to IP-based LB can be in a middle state where the NIC references are removed, but those IPConfigs in the backend pool are not. In this case, we should manually exclude those IPConfigs from the request body.
  3. localServiceOwnsBackendPool should compare the full backend pool name, not just prefix, because two service names can share the same prefix.
  4. There is a corner case when the cluster is being updated to multi-slb from classic NIC-based single lb, not from an IP-based cluster. In this case, if the service being reconciled is local, the cloud provider will try to update a NIC pool to IP-based pool direct, which is not allowed. We should skip adding IPs to NIC-based pool in multi-slb mode.
  5. There is a bug in ReconcileBackendPools, where we by mistake parse the LB name to use as the backend pool name. (#7606, @nilo19)
• Introduced prefix-based matching for systemTags during tag reconciliation.
  • Tags starting with a prefix defined in systemTags (e.g., aks-managed) will now be matched and retained.
  • For example: Adding aks-managed to systemTags ensures tags like aks-managed-cluster-name and aks-managed-cluster-rg are preserved. (#8149, @nilo19)
• Tags with values resembling "null" (e.g., " null " or " NuLL ") will now retain their leading and trailing whitespace during inheritance or updates to avoid errors caused by ARM's reserved tag value "null".
  This change only affects tags with such specific values, ensuring all other tags continue to have whitespace trimmed as before. (#8119, @nilo19)

Other (Cleanup or Flake)

• Optimize CIDR aggregation to improve performance and reduce memory usage (#7686, @k8s-infra-cherrypick-robot)

Dependencies

Added

• github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache: v0.3.1
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6: v6.3.0
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v5: v5.0.0
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v6: v6.3.0
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6: v6.2.0
• github.com/AzureAD/microsoft-authentication-extensions-for-go/cache: v0.1.1
• github.com/dgryski/go-rendezvous: 9f7001d
• github.com/keybase/go-keychain: 57a3676
• github.com/redis/go-redis/v9: v9.7.0
• go.opentelemetry.io/auto/sdk: v1.1.0
• gopkg.in/evanphx/json-patch.v4: v4.12.0

Changed

• github.com/Azure/azure-sdk-for-go/sdk/azcore: v1.14.0 → v1.17.0
• github.com/Azure/azure-sdk-for-go/sdk/azidentity: v1.7.0 → v1.8.1
• github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry: v0.2.1 → v0.2.2
• github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns: v1.2.0 → v1.3.0
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets: v1.1.0 → v1.3.0
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal: v1.0.0 → v1.1.0
• github.com/Azure/go-autorest/autorest/date: v0.3.0 → v0.3.1
• github.com/Azure/go-autorest/autorest/mocks: v0.4.2 → v0.4.3
• github.com/Azure/go-autorest/autorest: v0.11.29 → v0.11.30
• github.com/Azure/go-autorest/tracing: v0.6.0 → v0.6.1
• github.com/AzureAD/microsoft-authentication-library-for-go: v1.2.2 → v1.3.2
• github.com/evanphx/json-patch: v5.9.0+incompatible → v5.9.11+incompatible
• github.com/fsnotify/fsnotify: v1.7.0 → v1.8.0
• github.com/fxamacker/cbor/v2: v2.6.0 → v2.7.0
• github.com/go-openapi/jsonpointer: v0.19.6 → v0.21.0
• github.com/go-openapi/swag: v0.22.4 → v0.23.0
• github.com/google/pprof: fa2c70b → 40e02aa
• github.com/onsi/ginkgo/v2: v2.20.2 → v2.22.2
• github.com/onsi/gomega: v1.34.2 → v1.36.2
• github.com/prometheus/client_golang: v1.20.3 → v1.20.5
• github.com/prometheus/common: v0.59.1 → v0.61.0
• github.com/rogpeppe/go-internal: v1.12.0 → v1.13.1
• github.com/spf13/pflag: v1.0.5 → v1.0.6
• github.com/stretchr/testify: v1.9.0 → v1.10.0
• go.opentelemetry.io/otel/exporters/prometheus: v0.52.0 → v0.56.0
• go.opentelemetry.io/otel/metric: v1.30.0 → v1.34.0
• go.opentelemetry.io/otel/sdk/metric: v1.30.0 → v1.34.0
• go.opentelemetry.io/otel/sdk: v1.30.0 → v1.34.0
• go.opentelemetry.io/otel/trace: v1.30.0 → v1.34.0
• go.opentelemetry.io/otel:...