Merge https://github.com/kubernetes/cloud-provider-vsphere:master (22dce29) into main#118
Open
cloud-team-rebase-bot[bot] wants to merge 61 commits intoopenshift:mainfrom
Open
Conversation
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.27.3 to 2.28.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.27.3...v2.28.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-version: 2.28.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.49.0 to 0.51.0. - [Commits](golang/net@v0.49.0...v0.51.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.51.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/vmware/govmomi](https://github.com/vmware/govmomi) from 0.52.0 to 0.53.0. - [Release notes](https://github.com/vmware/govmomi/releases) - [Changelog](https://github.com/vmware/govmomi/blob/main/CHANGELOG.md) - [Commits](vmware/govmomi@v0.52.0...v0.53.0) --- updated-dependencies: - dependency-name: github.com/vmware/govmomi dependency-version: 0.53.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…les/master/golang.org/x/net-0.51.0 🌱 (chore): Bump golang.org/x/net from 0.49.0 to 0.51.0
…les/test/e2e/master/github.com/vmware/govmomi-0.53.0 🌱 (chore): Bump github.com/vmware/govmomi from 0.52.0 to 0.53.0 in /test/e2e
…les/hack/tools/master/github.com/onsi/ginkgo/v2-2.28.1 🌱 (chore): Bump github.com/onsi/ginkgo/v2 from 2.27.3 to 2.28.1 in /hack/tools
Signed-off-by: Gong Zhang <gongz@vmware.com>
Fix CVE from go.opentelemetry.io/otel/metric 1.36.0
Signed-off-by: Gong Zhang <gongz@vmware.com>
Update security scan actions
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.51.0 to 0.52.0. - [Commits](golang/net@v0.51.0...v0.52.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.52.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…les/master/golang.org/x/net-0.52.0 🌱 (chore): Bump golang.org/x/net from 0.51.0 to 0.52.0
Signed-off-by: Gong Zhang <gongz@vmware.com>
fix go version in security scan
Signed-off-by: Gong Zhang <gongz@vmware.com>
pin go version to 1.25.8
Signed-off-by: Gong Zhang <gongz@vmware.com>
Bump trivy and go version for security scan and fix
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.47.0 to 0.49.0. - [Commits](golang/crypto@v0.47.0...v0.49.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.49.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…les/test/e2e/master/golang.org/x/crypto-0.49.0 🌱 (chore): Bump golang.org/x/crypto from 0.47.0 to 0.49.0 in /test/e2e
Update vm-operator to a version compatible with the required controller-runtime. This is required to satisfy the HasSyncedChecker interface introduced in client-go v0.36.0-beta.0. vm-operator version is aligned with CAPV. Signed-off-by: Gong Zhang <gongz@vmware.com>
Bump k8s group to v0.36.0-beta.0
Dependabot automatically bumped k8s.io dependencies from v0.35.0-rc.0 to v0.36.0-alpha.0 on master before the release-1.35 branch was cut, causing the release branch to inherit wrong dependency versions. Add ignore rules for k8s.io/* to prevent this: - On master: block semver-minor and semver-major auto-bumps. Patch bumps (e.g. 0.35.1 -> 0.35.1) are still allowed. - On release branches (1.35, 1.34, 1.33): fully ignore k8s.io/* including patch updates. As a Kubernetes core component, cloud-provider-vsphere release branches follow the Kubernetes patch release schedule and k8s dependencies are updated manually.
Bumps the all-github-actions group with 1 update: [azure/setup-helm](https://github.com/azure/setup-helm). Updates `azure/setup-helm` from 4 to 5 - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](Azure/setup-helm@v4...v5) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the onsi group in /test/e2e with 2 updates: [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) and [github.com/onsi/gomega](https://github.com/onsi/gomega). Updates `github.com/onsi/ginkgo/v2` from 2.27.3 to 2.28.1 - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.27.3...v2.28.1) Updates `github.com/onsi/gomega` from 1.38.3 to 1.39.0 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.38.3...v1.39.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-version: 2.28.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: onsi - dependency-name: github.com/onsi/gomega dependency-version: 1.39.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: onsi ... Signed-off-by: dependabot[bot] <support@github.com>
This commit bumps below dependencies: - k8s.io/* to v0.36.0-rc.0 - go.etcd.io/etcd/client/v3 to v3.6.10
WalkthroughBumps GitHub Action pins, Go toolchain and many Go module versions; updates CI/Cloud Build images, Makefile Trivy/GO defaults; increments Helm chart/app image versions and releases; updates numerous Kubernetes manifest image tags and adds a v1.36 release manifest; minor test change. Changes
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes 🚥 Pre-merge checks | ✅ 8 | ❌ 4❌ Failed checks (2 warnings, 2 inconclusive)
✅ Passed checks (8 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
openshift-ci
Bot
added
the
needs-ok-to-test
|
Hi @cloud-team-rebase-bot[bot]. Thanks for your PR. I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Bumps the kubernetes group in /test/e2e with 3 updates: [k8s.io/api](https://github.com/kubernetes/api), [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) and [k8s.io/client-go](https://github.com/kubernetes/client-go). Updates `k8s.io/api` from 0.35.0 to 0.35.3 - [Commits](kubernetes/api@v0.35.0...v0.35.3) Updates `k8s.io/apimachinery` from 0.35.0 to 0.35.3 - [Commits](kubernetes/apimachinery@v0.35.0...v0.35.3) Updates `k8s.io/client-go` from 0.35.0 to 0.35.3 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.35.0...v0.35.3) --- updated-dependencies: - dependency-name: k8s.io/api dependency-version: 0.35.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kubernetes - dependency-name: k8s.io/apimachinery dependency-version: 0.35.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kubernetes - dependency-name: k8s.io/client-go dependency-version: 0.35.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kubernetes ... Signed-off-by: dependabot[bot] <support@github.com>
…ent-update Update documents for release 1.36.0
Update OWNERS according Openshift project needs. Remove upstream OWNERS_ALIASES file, we do not use it at the moment. # Conflicts: # OWNERS_ALIASES # Conflicts: # OWNERS_ALIASES # Conflicts: # OWNERS_ALIASES # Conflicts: # OWNERS_ALIASES
Added Openshift specific builds scripts, linter/tests/etc runners. Extended makefile with OCP specific targets. Upstream version of lint, and fmt pollutes go.mod and go.sum files, so, own versions of such scripts was introduced.
…ents OCP build system does expect *.assembly.stream.json and build system specific Dockerfile files to be copied into the build container. Remove respective entries from the .dockerignore to satisfy this requirement.
# Conflicts: # .github/workflows/release.yml # Conflicts: # .github/workflows/auto-release-helm-chart.yml # Conflicts: # .github/workflows/auto-release-helm-chart.yml # Conflicts: # .github/workflows/auto-release-helm-chart.yml # Conflicts: # .github/workflows/auto-release-helm-chart.yml # Conflicts: # .github/workflows/auto-release-helm-chart.yml # Conflicts: # .github/workflows/auto-release-helm-chart.yml
…ainer image to be consistent with ART for 4.17 Reconciling with https://github.com/openshift/ocp-build-data/tree/4c1326094222f9209876f06833179a1b9178faf7/images/ose-vsphere-cloud-controller-manager.yml
…ainer image to be consistent with ART for 4.18 Reconciling with https://github.com/openshift/ocp-build-data/tree/827ab4ccce9cbbcf82c9dbaf6398b61d6cff8d7a/images/ose-vsphere-cloud-controller-manager.yml
This change converts the script to not download goimports in favor of using the available binary from the path. This is being implemented to avoid situations where the latest version of goimports clashes with the go language version specified in the go.mod.
…ainer image to be consistent with ART for 4.19 Reconciling with https://github.com/openshift/ocp-build-data/tree/2ea3e6158c93ca104b9d59fd58a71536fa01fb2d/images/ose-vsphere-cloud-controller-manager.yml
…ainer image to be consistent with ART for 4.20 Reconciling with https://github.com/openshift/ocp-build-data/tree/dfb5c7d531490cfdc61a3b88bc533702b9624997/images/ose-vsphere-cloud-controller-manager.yml
…ainer image to be consistent with ART for 4.21 Reconciling with https://github.com/openshift/ocp-build-data/tree/3f07d84a47b15417f7743cfc35510788f4bd1ff9/images/ose-vsphere-cloud-controller-manager.yml
…ainer image to be consistent with ART for 4.22 Reconciling with https://github.com/openshift/ocp-build-data/tree/087d1930e36b609f77d73bd8a313d85c940cff4d/images/ose-vsphere-cloud-controller-manager.yml
…ainer image to be consistent with ART for 4.22 Reconciling with https://github.com/openshift/ocp-build-data/tree/992b0dc3f0e12d86e7466dadf1eb51b2584a9a83/images/ose-vsphere-cloud-controller-manager.yml
cloud-team-rebase-bot
Bot
changed the title
cloud-team-bot
Bot
force-pushed
the
rebase-bot-main
branch
from
ba1e93f to
3758a8e
Compare
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (2)
go.mod (1)
89-93:⚠️ Potential issue | 🟠 MajorUpgrade vulnerable
go.opentelemetry.io/otel/sdkand align OTel module versions.
go.opentelemetry.io/otel/sdk v1.40.0remains in the graph and is flagged with GHSA-hfvc-g4fc-pqhx. Also, the OTel modules are mixed across 1.40/1.41, which is risky for compatibility. Please bump SDK to a fixed release (>= v1.43.0) and keep OTel modules on a consistent version set.Suggested go.mod adjustment
- go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.40.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.40.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 // indirect go.opentelemetry.io/otel/metric v1.41.0 // indirect - go.opentelemetry.io/otel/sdk v1.40.0 // indirect + go.opentelemetry.io/otel/sdk v1.43.0 // indirect go.opentelemetry.io/otel/trace v1.41.0 // indirect🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@go.mod` around lines 89 - 93, The go.mod currently pins mixed OTel versions and uses go.opentelemetry.io/otel/sdk v1.40.0 which is vulnerable; update go.mod so all OTel modules (e.g., go.opentelemetry.io/otel, go.opentelemetry.io/otel/trace, go.opentelemetry.io/otel/metric, go.opentelemetry.io/otel/sdk, go.opentelemetry.io/otel/exporters/otlp/otlptrace and otlptracegrpc) are aligned to a safe, consistent release (bump sdk to >= v1.43.0 and set the other otel modules to the same vX.Y.Z), then run go mod tidy and go list -m all to verify the vulnerable version is removed from the dependency graph.README.md (1)
104-104:⚠️ Potential issue | 🟠 MajorFix the incorrect “latest version” image tag.
Line 104 marks
v1.33.0as latest, but this PR shipsv1.36.0artifacts/manifests. This will mislead users during installs/upgrades.Suggested patch
-registry.k8s.io/cloud-pv-vsphere/cloud-provider-vsphere:v1.33.0 # <== latest version +registry.k8s.io/cloud-pv-vsphere/cloud-provider-vsphere:v1.36.0 # <== latest version🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@README.md` at line 104, Update the incorrect image tag in README.md: replace the registry string "registry.k8s.io/cloud-pv-vsphere/cloud-provider-vsphere:v1.33.0" with the correct released tag "registry.k8s.io/cloud-pv-vsphere/cloud-provider-vsphere:v1.36.0" so the README reflects the PR's shipped artifacts/manifests.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@releases/v1.36/vsphere-cloud-controller-manager.yaml`:
- Around line 236-249: The vsphere-cloud-controller-manager container definition
(container name "vsphere-cloud-controller-manager") lacks a securityContext
override; update that container spec to include
securityContext.allowPrivilegeEscalation: false (add a securityContext block
under the container with allowPrivilegeEscalation: false) so the pod cannot
escalate privileges and meets hardened cluster policies; keep the change scoped
to the container spec and do not alter other volumeMounts or args.
---
Duplicate comments:
In `@go.mod`:
- Around line 89-93: The go.mod currently pins mixed OTel versions and uses
go.opentelemetry.io/otel/sdk v1.40.0 which is vulnerable; update go.mod so all
OTel modules (e.g., go.opentelemetry.io/otel, go.opentelemetry.io/otel/trace,
go.opentelemetry.io/otel/metric, go.opentelemetry.io/otel/sdk,
go.opentelemetry.io/otel/exporters/otlp/otlptrace and otlptracegrpc) are aligned
to a safe, consistent release (bump sdk to >= v1.43.0 and set the other otel
modules to the same vX.Y.Z), then run go mod tidy and go list -m all to verify
the vulnerable version is removed from the dependency graph.
In `@README.md`:
- Line 104: Update the incorrect image tag in README.md: replace the registry
string "registry.k8s.io/cloud-pv-vsphere/cloud-provider-vsphere:v1.33.0" with
the correct released tag
"registry.k8s.io/cloud-pv-vsphere/cloud-provider-vsphere:v1.36.0" so the README
reflects the PR's shipped artifacts/manifests.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: c827549f-d843-42a6-862f-469f8615979b
⛔ Files ignored due to path filters (274)
go.sumis excluded by!**/*.sumhack/tools/go.sumis excluded by!**/*.sumhack/tools/vendor/github.com/google/pprof/profile/merge.gois excluded by!**/vendor/**hack/tools/vendor/github.com/google/pprof/profile/profile.gois excluded by!**/vendor/**hack/tools/vendor/github.com/google/pprof/profile/proto.gois excluded by!**/vendor/**hack/tools/vendor/github.com/google/pprof/profile/prune.gois excluded by!**/vendor/**hack/tools/vendor/github.com/onsi/ginkgo/v2/ginkgo/command/command.gois excluded by!**/vendor/**hack/tools/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/run.gois excluded by!**/vendor/**hack/tools/vendor/github.com/onsi/ginkgo/v2/ginkgo/run/run_command.gois excluded by!**/vendor/**hack/tools/vendor/github.com/onsi/ginkgo/v2/internal/reporters/gojson.gois excluded by!**/vendor/**hack/tools/vendor/github.com/onsi/ginkgo/v2/reporters/default_reporter.gois excluded by!**/vendor/**hack/tools/vendor/github.com/onsi/ginkgo/v2/reporters/junit_report.gois excluded by!**/vendor/**hack/tools/vendor/github.com/onsi/ginkgo/v2/reporters/teamcity_report.gois excluded by!**/vendor/**hack/tools/vendor/github.com/onsi/ginkgo/v2/types/errors.gois excluded by!**/vendor/**hack/tools/vendor/github.com/onsi/ginkgo/v2/types/semver_filter.gois excluded by!**/vendor/**hack/tools/vendor/github.com/onsi/ginkgo/v2/types/types.gois excluded by!**/vendor/**hack/tools/vendor/github.com/onsi/ginkgo/v2/types/version.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/mod/semver/semver.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sync/errgroup/errgroup.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/affinity_linux.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/fdset.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/ifreq_linux.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/mkall.shis excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/mkerrors.shis excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/syscall_linux.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/syscall_netbsd.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/syscall_solaris.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_386.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_arm.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_mips.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zsyscall_linux.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/go/ast/inspector/cursor.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/go/packages/golist.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/go/packages/packages.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/go/packages/visit.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/go/types/objectpath/objectpath.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/go/types/typeutil/callee.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/go/types/typeutil/map.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/event/core/event.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/event/core/export.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/event/label/label.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/gcimporter/bimport.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/gcimporter/iexport.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/gcimporter/iimport.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/gcimporter/iimport_go122.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/stdlib/deps.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/stdlib/import.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/stdlib/manifest.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/stdlib/stdlib.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/typeparams/normalize.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/typesinternal/classify_call.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/typesinternal/element.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/typesinternal/fx.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/typesinternal/isnamed.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/typesinternal/qualifier.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/typesinternal/types.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/typesinternal/varkind.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/typesinternal/varkind_go124.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/typesinternal/zerovalue.gois excluded by!**/vendor/**hack/tools/vendor/golang.org/x/tools/internal/versions/features.gois excluded by!**/vendor/**hack/tools/vendor/modules.txtis excluded by!**/vendor/**test/e2e/go.sumis excluded by!**/*.sumtest/e2e/vendor/github.com/google/pprof/profile/profile.gois excluded by!**/vendor/**test/e2e/vendor/github.com/google/pprof/profile/proto.gois excluded by!**/vendor/**test/e2e/vendor/github.com/moby/spdystream/NOTICEis excluded by!**/vendor/**test/e2e/vendor/github.com/moby/spdystream/connection.gois excluded by!**/vendor/**test/e2e/vendor/github.com/moby/spdystream/spdy/LICENSEis excluded by!**/vendor/**test/e2e/vendor/github.com/moby/spdystream/spdy/PATENTSis excluded by!**/vendor/**test/e2e/vendor/github.com/moby/spdystream/spdy/dictionary.gois excluded by!**/vendor/**test/e2e/vendor/github.com/moby/spdystream/spdy/options.gois excluded by!**/vendor/**test/e2e/vendor/github.com/moby/spdystream/spdy/read.gois excluded by!**/vendor/**test/e2e/vendor/github.com/moby/spdystream/spdy/types.gois excluded by!**/vendor/**test/e2e/vendor/github.com/moby/spdystream/spdy/write.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/CHANGELOG.mdis excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/README.mdis excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/core_dsl.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/decorator_dsl.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/ginkgo/command/command.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/run.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/ginkgo/run/run_command.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/internal/focus.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/internal/group.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/internal/node.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/internal/reporters/gojson.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/internal/suite.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/internal/testingtproxy/testing_t_proxy.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/reporters/default_reporter.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/reporters/junit_report.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/reporters/teamcity_report.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/types/errors.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/types/semver_filter.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/types/types.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/ginkgo/v2/types/version.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/gomega/CHANGELOG.mdis excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/gomega/gomega_dsl.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/gomega/matchers.gois excluded by!**/vendor/**test/e2e/vendor/github.com/onsi/gomega/matchers/match_error_strictly_matcher.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/fault/meta_types.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/internal/version/version.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/list/lister.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/object/datastore.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/object/folder.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/object/host_system.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/object/virtual_device_list.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/vapi/internal/internal.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/vapi/rest/client.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/vapi/rest/errors.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/vapi/rest/notifications.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/vim25/client.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/vim25/methods/methods.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/vim25/methods/unreleased.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/vim25/mo/extra.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/vim25/mo/registry.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/vim25/types/enum.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/vim25/types/guest.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/vim25/types/hardware_version.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/vim25/types/helpers.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/vim25/types/types.gois excluded by!**/vendor/**test/e2e/vendor/github.com/vmware/govmomi/vim25/types/unreleased.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/crypto/scrypt/scrypt.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/crypto/ssh/cipher.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/crypto/ssh/client_auth.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/net/html/iter.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/net/html/node.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/net/html/nodetype_string.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/net/http2/client_priority_go126.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/net/http2/client_priority_go127.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/net/http2/frame.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/net/http2/http2.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/net/http2/server.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/net/http2/transport.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/net/http2/writesched.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/net/http2/writesched_priority_rfc7540.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/net/http2/writesched_priority_rfc9218.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/net/http2/writesched_random.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/net/internal/httpsfv/httpsfv.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/net/websocket/hybi.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sync/singleflight/singleflight.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/cpu/asm_darwin_arm64_gc.sis excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/cpu/cpu_arm64.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64_other.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/cpu/cpu_other_arm64.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/cpu/cpu_x86.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/cpu/syscall_darwin_arm64_gc.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/plan9/syscall_plan9.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/unix/ioctl_signed.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/unix/ioctl_unsigned.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/unix/syscall_solaris.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/unix/syscall_unix.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/unix/ztypes_linux.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/windows/aliases.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/windows/dll_windows.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/windows/registry/key.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/windows/security_windows.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/windows/syscall_windows.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/windows/types_windows.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/sys/windows/zsyscall_windows.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/term/terminal.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/cases/tables10.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/cases/tables11.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/cases/tables12.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/cases/tables15.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/cases/tables17.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/cases/tables9.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/message/catalog/catalog.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/message/catalog/dict.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/message/catalog/go19.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/message/catalog/gopre19.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/secure/bidirule/bidirule.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/unicode/bidi/tables17.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/unicode/norm/forminfo.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/unicode/norm/tables10.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/unicode/norm/tables11.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/unicode/norm/tables12.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/unicode/norm/tables15.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/unicode/norm/tables17.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/text/unicode/norm/tables9.0.0.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/go/ast/inspector/cursor.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/go/ast/inspector/inspector.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/go/ast/inspector/iter.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/go/packages/golist.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/go/packages/packages.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/go/types/objectpath/objectpath.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/internal/aliases/aliases.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/internal/aliases/aliases_go122.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/internal/event/core/event.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/internal/event/keys/keys.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/internal/event/label/label.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/internal/gcimporter/iexport.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/internal/gcimporter/iimport.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/internal/stdlib/deps.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/internal/stdlib/manifest.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/internal/typeparams/free.gois excluded by!**/vendor/**test/e2e/vendor/golang.org/x/tools/internal/typesinternal/types.gois excluded by!**/vendor/**test/e2e/vendor/google.golang.org/protobuf/internal/genid/api_gen.gois excluded by!**/vendor/**test/e2e/vendor/google.golang.org/protobuf/internal/version/version.gois excluded by!**/vendor/**test/e2e/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/gopkg.in/evanphx/json-patch.v4/README.mdis excluded by!**/vendor/**test/e2e/vendor/gopkg.in/evanphx/json-patch.v4/patch.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/admission/v1/doc.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/admission/v1/generated.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/admission/v1/generated.protois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/admission/v1/generated.protomessage.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/admission/v1/types.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/admission/v1/types_swagger_doc_generated.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/admission/v1/zz_generated.model_name.gois excluded by!**/vendor/**,!**/zz_generated*test/e2e/vendor/k8s.io/api/admission/v1beta1/doc.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/admission/v1beta1/generated.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/admission/v1beta1/generated.protois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/admission/v1beta1/generated.protomessage.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/admission/v1beta1/types.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/admission/v1beta1/types_swagger_doc_generated.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/admission/v1beta1/zz_generated.model_name.gois excluded by!**/vendor/**,!**/zz_generated*test/e2e/vendor/k8s.io/api/admissionregistration/v1/doc.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/admissionregistration/v1/generated.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/admissionregistration/v1/generated.protomessage.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/admissionregistration/v1/types.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/admissionregistration/v1/zz_generated.model_name.gois excluded by!**/vendor/**,!**/zz_generated*test/e2e/vendor/k8s.io/api/admissionregistration/v1alpha1/doc.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.protomessage.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/admissionregistration/v1alpha1/types.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/admissionregistration/v1alpha1/zz_generated.model_name.gois excluded by!**/vendor/**,!**/zz_generated*test/e2e/vendor/k8s.io/api/admissionregistration/v1beta1/doc.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/admissionregistration/v1beta1/generated.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/admissionregistration/v1beta1/generated.protois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/admissionregistration/v1beta1/generated.protomessage.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/admissionregistration/v1beta1/types.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.model_name.gois excluded by!**/vendor/**,!**/zz_generated*test/e2e/vendor/k8s.io/api/apidiscovery/v2/doc.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/apidiscovery/v2/generated.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/apidiscovery/v2/generated.protomessage.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/apidiscovery/v2/zz_generated.model_name.gois excluded by!**/vendor/**,!**/zz_generated*test/e2e/vendor/k8s.io/api/apidiscovery/v2beta1/doc.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/apidiscovery/v2beta1/generated.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/apidiscovery/v2beta1/generated.protomessage.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/apidiscovery/v2beta1/zz_generated.model_name.gois excluded by!**/vendor/**,!**/zz_generated*test/e2e/vendor/k8s.io/api/apiserverinternal/v1alpha1/doc.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.protomessage.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/apiserverinternal/v1alpha1/zz_generated.model_name.gois excluded by!**/vendor/**,!**/zz_generated*test/e2e/vendor/k8s.io/api/apps/v1/doc.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/apps/v1/generated.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/apps/v1/generated.protois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/apps/v1/generated.protomessage.pb.gois excluded by!**/*.pb.go,!**/vendor/**test/e2e/vendor/k8s.io/api/apps/v1/types.gois excluded by!**/vendor/**test/e2e/vendor/k8s.io/api/apps/v1/types_swagger_doc_generated.gois excluded by!**/vendor/**
📒 Files selected for processing (26)
.github/workflows/auto-sync-gh-pages.yml.github/workflows/bump-k8s-dep.yml.github/workflows/bump-test-k8s-dep.yml.github/workflows/generate-release-notes.yml.github/workflows/weekly-security-scan.yamlMakefileREADME.mdcharts/vsphere-cpi-1.35.1.tgzcharts/vsphere-cpi-1.36.0.tgzcharts/vsphere-cpi/Chart.yamlcharts/vsphere-cpi/README.mdcharts/vsphere-cpi/values.yamlcloudbuild-nightly.yamlcloudbuild.yamlcluster/images/controller-manager/Dockerfiledocs/book/tutorials/disable-node-deletion.yamlgo.modhack/tools/go.modindex.yamlmanifests/controller-manager/vsphere-cloud-controller-manager-ds.yamlmanifests/controller-manager/vsphere-cloud-controller-manager-pod.yamlpkg/cloudprovider/vsphereparavirtual/loadbalancer_test.goreleases/README.mdreleases/v1.35/vsphere-cloud-controller-manager.yamlreleases/v1.36/vsphere-cloud-controller-manager.yamltest/e2e/go.mod
✅ Files skipped from review due to trivial changes (16)
- .github/workflows/auto-sync-gh-pages.yml
- .github/workflows/bump-k8s-dep.yml
- charts/vsphere-cpi/README.md
- .github/workflows/bump-test-k8s-dep.yml
- .github/workflows/generate-release-notes.yml
- pkg/cloudprovider/vsphereparavirtual/loadbalancer_test.go
- cloudbuild.yaml
- cloudbuild-nightly.yaml
- docs/book/tutorials/disable-node-deletion.yaml
- cluster/images/controller-manager/Dockerfile
- releases/v1.35/vsphere-cloud-controller-manager.yaml
- charts/vsphere-cpi/Chart.yaml
- releases/README.md
- hack/tools/go.mod
- .github/workflows/weekly-security-scan.yaml
- manifests/controller-manager/vsphere-cloud-controller-manager-pod.yaml
🚧 Files skipped from review as they are similar to previous changes (4)
- manifests/controller-manager/vsphere-cloud-controller-manager-ds.yaml
- charts/vsphere-cpi/values.yaml
- Makefile
- test/e2e/go.mod
Comment on lines
+236
to
+249
| - name: vsphere-cloud-controller-manager | ||
| image: registry.k8s.io/cloud-pv-vsphere/cloud-provider-vsphere:v1.36.0 | ||
| args: | ||
| - --cloud-provider=vsphere | ||
| - --v=2 | ||
| - --cloud-config=/etc/cloud/vsphere.conf | ||
| volumeMounts: | ||
| - mountPath: /etc/cloud | ||
| name: vsphere-config-volume | ||
| readOnly: true | ||
| resources: | ||
| requests: | ||
| cpu: 200m | ||
| hostNetwork: true |
There was a problem hiding this comment.
Set container allowPrivilegeEscalation: false for hardened clusters.
At Line 236 onward, the container has no securityContext.allowPrivilegeEscalation override, so it defaults to permissive behavior. This weakens pod security posture and can be rejected by stricter policies.
Suggested patch
containers:
- name: vsphere-cloud-controller-manager
image: registry.k8s.io/cloud-pv-vsphere/cloud-provider-vsphere:v1.36.0
+ securityContext:
+ allowPrivilegeEscalation: false
args:
- --cloud-provider=vsphere
- --v=2
- --cloud-config=/etc/cloud/vsphere.conf📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| - name: vsphere-cloud-controller-manager | |
| image: registry.k8s.io/cloud-pv-vsphere/cloud-provider-vsphere:v1.36.0 | |
| args: | |
| - --cloud-provider=vsphere | |
| - --v=2 | |
| - --cloud-config=/etc/cloud/vsphere.conf | |
| volumeMounts: | |
| - mountPath: /etc/cloud | |
| name: vsphere-config-volume | |
| readOnly: true | |
| resources: | |
| requests: | |
| cpu: 200m | |
| hostNetwork: true | |
| - name: vsphere-cloud-controller-manager | |
| image: registry.k8s.io/cloud-pv-vsphere/cloud-provider-vsphere:v1.36.0 | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| args: | |
| - --cloud-provider=vsphere | |
| - --v=2 | |
| - --cloud-config=/etc/cloud/vsphere.conf | |
| volumeMounts: | |
| - mountPath: /etc/cloud | |
| name: vsphere-config-volume | |
| readOnly: true | |
| resources: | |
| requests: | |
| cpu: 200m | |
| hostNetwork: true |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@releases/v1.36/vsphere-cloud-controller-manager.yaml` around lines 236 - 249,
The vsphere-cloud-controller-manager container definition (container name
"vsphere-cloud-controller-manager") lacks a securityContext override; update
that container spec to include securityContext.allowPrivilegeEscalation: false
(add a securityContext block under the container with allowPrivilegeEscalation:
false) so the pod cannot escalate privileges and meets hardened cluster
policies; keep the change scoped to the container spec and do not alter other
volumeMounts or args.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit