Accepting request 1284459 from home:psaggu:branches:devel:kubic

Add patch file: cve-2025-22872-x-net-html-properly-handle-trailing-solidus.patch * fixes CVE-2025-22872, bsc#1241781 * Ref: e1fcd82abb OBS-URL: https://build.opensuse.org/request/show/1284459 OBS-URL: https://build.opensuse.org/package/show/devel:kubic/kubernetes1.32?expand=0&rev=14
2025-06-10 12:56:40 +00:00
commit 529c8dd116
28 changed files with 1010 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+.osc
--- a/10-kubeadm.conf
+++ b/10-kubeadm.conf
@@ -0,0 +1,16 @@
+# Note: This dropin only works with kubeadm and kubelet v1.11+
+[Service]
+Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --volume-plugin-dir=PATH_TO_FLEXVOLUME"
+Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
+# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
+EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
+# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
+# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
+EnvironmentFile=-/etc/sysconfig/kubelet
+# Workaround boo#1171770 by setting required sysctl parameters on kubelet start (Toggle off and on to ensure all ethernet devices are refreshed)
+ExecStartPre=/usr/sbin/sysctl net.ipv4.ip_forward=0
+ExecStartPre=/usr/sbin/sysctl net.ipv6.conf.all.forwarding=0
+ExecStartPre=/usr/sbin/sysctl net.ipv4.ip_forward=1
+ExecStartPre=/usr/sbin/sysctl net.ipv6.conf.all.forwarding=1
+ExecStart=
+ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
--- a/90-kubeadm.conf
+++ b/90-kubeadm.conf
@@ -0,0 +1,4 @@
+# The file is provided as part of the kubernetes-kubeadm package
+net.bridge.bridge-nf-call-iptables = 1
+net.ipv4.ip_forward = 1
+net.bridge.bridge-nf-call-ip6tables = 1
--- a/23
+++ b/23
@@ -0,0 +1,23 @@
+<constraints>
+  <hardware>
+    <memory>
+      <size unit="G">8</size>
+    </memory>
+    <physicalmemory>
+      <size unit="G">8</size>
+    </physicalmemory>
+    <disk>
+      <size unit="G">13</size>
+    </disk>
+  </hardware>
+  <overwrite>
+    <conditions>
+      <arch>ppc64le</arch>
+    </conditions>
+    <hardware>
+    <physicalmemory>
+      <size unit="M">9600</size>
+    </physicalmemory>
+    </hardware>
+  </overwrite>
+</constraints>
--- a/19
+++ b/19
@@ -0,0 +1,19 @@
+<services>
+  <service name="obs_scm" mode="manual">
+    <param name="url">https://github.com/kubernetes/kubernetes.git</param>
+    <param name="scm">git</param>
+    <param name="exclude">.git</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="revision">v1.32.5</param>
+    <param name="changesgenerate">enable</param>
+  </service>
+  <service name="tar" mode="manual"/>
+  <service name="recompress" mode="manual">
+    <param name="file">*.tar</param>
+    <param name="compression">xz</param>
+  </service>
+  <service name="set_version" mode="manual">
+    <param name="basename">kubernetes</param>
+  </service>
+</services>
--- a/4
+++ b/4
@@ -0,0 +1,4 @@
+<servicedata>
+<service name="tar_scm">
+                <param name="url">https://github.com/kubernetes/kubernetes.git</param>
+              <param name="changesrevision">9894294ef13a5b32803e3ca2c0d620a088cc84d1</param></service></servicedata>
--- a/cve-2025-22872-x-net-html-properly-handle-trailing-solidus.patch
+++ b/cve-2025-22872-x-net-html-properly-handle-trailing-solidus.patch
@@ -0,0 +1,52 @@
+From e1fcd82abba34df74614020343be8eb1fe85f0d9 Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <roland@golang.org>
+Date: Mon, 24 Feb 2025 11:18:31 -0800
+Subject: [PATCH] html: properly handle trailing solidus in unquoted attribute value in foreign content
+
+The parser properly treats tags like <p a=/> as <p a="/">, but the
+tokenizer emits the SelfClosingTagToken token incorrectly. When the
+parser is used to parse foreign content, this results in an incorrect
+DOM.
+
+Thanks to Sean Ng (https://ensy.zip) for reporting this issue.
+
+Fixes golang/go#73070
+Fixes CVE-2025-22872
+
+Change-Id: I65c18df6d6244bf943b61e6c7a87895929e78f4f
+Reviewed-on: https://go-review.googlesource.com/c/net/+/661256
+Reviewed-by: Neal Patel <nealpatel@google.com>
+Reviewed-by: Roland Shoemaker <roland@golang.org>
+LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
+Auto-Submit: Gopher Robot <gobot@golang.org>
+---
+
+Index: kubernetes-1.32.5/vendor/golang.org/x/net/html/token.go
+===================================================================
+--- kubernetes-1.32.5.orig/vendor/golang.org/x/net/html/token.go
+++ kubernetes-1.32.5/vendor/golang.org/x/net/html/token.go
+@@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() Token
+ 	if raw {
+ 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
+ 	}
+-	// Look for a self-closing token like "<br/>".
+-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
+	// Look for a self-closing token (e.g. <br/>).
+	//
+	// Originally, we did this by just checking that the last character of the
+	// tag (ignoring the closing bracket) was a solidus (/) character, but this
+	// is not always accurate.
+	//
+	// We need to be careful that we don't misinterpret a non-self-closing tag
+	// as self-closing, as can happen if the tag contains unquoted attribute
+	// values (i.e. <p a=/>).
+	//
+	// To avoid this, we check that the last non-bracket character of the tag
+	// (z.raw.end-2) isn't the same character as the last non-quote character of
+	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
+	// attributes.
+	nAttrs := len(z.attr)
+	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
+ 		return SelfClosingTagToken
+ 	}
+ 	return StartTagToken
--- a/genmanpages.sh
+++ b/genmanpages.sh
@@ -0,0 +1,84 @@
+MDSFORMANPAGES="kube-apiserver.md kube-controller-manager.md kube-proxy.md kube-scheduler.md kubelet.md"
+
+# remove comments from man pages
+for manpage in ${MDSFORMANPAGES}; do
+  pos=$(grep -n "<\!-- END MUNGE: UNVERSIONED_WARNING -->" ${manpage} | cut -d':' -f1)
+  if [ -n ${pos} ]; then
+    sed -i "1,${pos}{/.*/d}" ${manpage}
+  fi
+done
+
+# for each man page add NAME and SYNOPSIS section
+# kube-apiserver
+sed -i -s "s/## kube-apiserver/# NAME\nkube-apiserver \- Provides the API for kubernetes orchestration.\n\n# SYNOPSIS\n**kube-apiserver** [OPTIONS]\n/" kube-apiserver.md
+
+cat << 'EOF' >> kube-apiserver.md
+# EXAMPLES
+```
+/usr/bin/kube-apiserver --logtostderr=true --v=0 --etcd_servers=http://127.0.0.1:4001 --insecure_bind_address=127.0.0.1 --insecure_port=8080 --kubelet_port=10250 --service-cluster-ip-range=10.1.1.0/24 --allow_privileged=false
+```
+EOF
+# kube-controller-manager
+sed -i -s "s/## kube-controller-manager/# NAME\nkube-controller-manager \- Enforces kubernetes services.\n\n# SYNOPSIS\n**kube-controller-manager** [OPTIONS]\n/" kube-controller-manager.md
+
+cat << 'EOF' >> kube-controller-manager.md
+# EXAMPLES
+```
+/usr/bin/kube-controller-manager --logtostderr=true --v=0 --master=127.0.0.1:8080
+```
+EOF
+# kube-proxy
+sed -i -s "s/## kube-proxy/# NAME\nkube-proxy \- Provides network proxy services.\n\n# SYNOPSIS\n**kube-proxy** [OPTIONS]\n/" kube-proxy.md
+
+cat << 'EOF' >> kube-proxy.md
+# EXAMPLES
+```
+/usr/bin/kube-proxy --logtostderr=true --v=0 --master=http://127.0.0.1:8080
+```
+EOF
+# kube-scheduler
+sed -i -s "s/## kube-scheduler/# NAME\nkube-scheduler \- Schedules containers on hosts.\n\n# SYNOPSIS\n**kube-scheduler** [OPTIONS]\n/" kube-scheduler.md
+
+cat << 'EOF' >> kube-scheduler.md
+# EXAMPLES
+```
+/usr/bin/kube-scheduler --logtostderr=true --v=0 --master=127.0.0.1:8080
+```
+EOF
+# kubelet
+sed -i -s "s/## kubelet/# NAME\nkubelet \- Processes a container manifest so the containers are launched according to how they are described.\n\n# SYNOPSIS\n**kubelet** [OPTIONS]\n/" kubelet.md
+
+cat << 'EOF' >> kubelet.md
+# EXAMPLES
+```
+/usr/bin/kubelet --logtostderr=true --v=0 --api_servers=http://127.0.0.1:8080 --address=127.0.0.1 --port=10250 --hostname_override=127.0.0.1 --allow-privileged=false
+```
+EOF
+
+# for all man-pages
+for md in $MDSFORMANPAGES; do
+	# correct section names
+	sed -i -s "s/### Synopsis/# DESCRIPTION/" $md
+	sed -i -s "s/### Options/# OPTIONS/" $md
+	# add header
+	sed -i "s/# NAME/% KUBERNETES(1) kubernetes User Manuals\n# NAME/" $md
+	# modify list of options
+	# options with no value in ""
+	sed -i -r 's/(^      )(-[^":][^":]*)(:)(.*)/\*\*\2\*\*\n\t\4\n/' $md
+	# option with value in ""
+	sed -i -r 's/(^      )(-[^":][^":]*)("[^"]*")(:)(.*)/\*\*\2\3\*\*\n\t\5\n/' $md
+	# options in -s, --long
+	sed -i -r 's/(^  )(-[a-z], -[^":][^":]*)(:)(.*)/\*\*\2\*\*\n\t\4\n/' $md
+	sed -i -r 's/(^  )(-[a-z], -[^":][^":]*)("[^"]*")(:)(.*)/\*\*\2\3\*\*\n\t\5\n/' $md
+	# remove ```
+	sed -i 's/```//' $md
+	# remove all lines starting with ######
+	sed -i 's/^######.*//' $md
+	# modify footer
+	sed -i -r "s/^\[!\[Analytics\].*//" $md
+	# md does not contain section => taking 1
+	name="${md%.md}"
+	go-md2man -in $md -out man/man1/$name.1
+done
+
+
--- a/kubeadm-opensuse-flexvolume.patch
+++ b/kubeadm-opensuse-flexvolume.patch
@@ -0,0 +1,11 @@
+--- cmd/kubeadm/app/phases/controlplane/volumes.go
+++ cmd/kubeadm/app/phases/controlplane/volumes.go	2020-01-13 16:27:04.267070673 +0100
+@@ -33,7 +33,7 @@
+ 	caCertsVolumeName              = "ca-certs"
+ 	caCertsVolumePath              = "/etc/ssl/certs"
+ 	flexvolumeDirVolumeName        = "flexvolume-dir"
+-	defaultFlexvolumeDirVolumePath = "/usr/libexec/kubernetes/kubelet-plugins/volume/exec"
+	defaultFlexvolumeDirVolumePath = "/var/lib/kubelet/volume-plugin"
+ )
+ 
+ // caCertsExtraVolumePaths specifies the paths that can be conditionally mounted into the apiserver and controller-manager containers
--- a/kubeadm-opensuse-registry.patch
+++ b/kubeadm-opensuse-registry.patch
@@ -0,0 +1,13 @@
+Index: kubernetes-1.27.0/cmd/kubeadm/app/apis/kubeadm/v1beta3/defaults.go
+===================================================================
+--- kubernetes-1.27.0.orig/cmd/kubeadm/app/apis/kubeadm/v1beta3/defaults.go
+++ kubernetes-1.27.0/cmd/kubeadm/app/apis/kubeadm/v1beta3/defaults.go
+@@ -43,7 +43,7 @@ const (
+ 	DefaultCertificatesDir = "/etc/kubernetes/pki"
+ 	// DefaultImageRepository defines default image registry
+ 	// (previously this defaulted to k8s.gcr.io)
+-	DefaultImageRepository = "registry.k8s.io"
+	DefaultImageRepository = "registry.opensuse.org/kubic"
+ 	// DefaultManifestsDir defines default manifests directory
+ 	DefaultManifestsDir = "/etc/kubernetes/manifests"
+ 	// DefaultClusterName defines the default cluster name
--- a/kubeadm.conf
+++ b/kubeadm.conf
@@ -0,0 +1,3 @@
+# Load br_netfilter module at boot
+br_netfilter
+overlay
--- a/kubelet.service
+++ b/kubelet.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=kubelet: The Kubernetes Node Agent
+Documentation=https://kubernetes.io/docs/concepts/overview/components/#kubelet https://kubernetes.io/docs/reference/generated/kubelet
+After=network.target network-online.target
+Wants=containerd.service crio.service
+ConditionPathExists=/var/lib/kubelet/config.yaml
+
+[Service]
+ExecStartPre=/bin/bash -c "findmnt -t bpf --mountpoint /sys/fs/bpf > /dev/null || mount bpffs /sys/fs/bpf -t bpf"
+ExecStart=/usr/bin/kubelet
+Restart=always
+StartLimitInterval=0
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
--- a/kubelet.sh
+++ b/kubelet.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+# Loader Script for Multi-Version Kubelet arrangement introduced to openSUSE in March 2020
+source /etc/sysconfig/kubelet
+
+if [ -z "$KUBELET_VER" ]      
+then
+   echo "ERROR: KUBELET_VER= not defined in /etc/sysconfig/kubelet"
+   exit 1
+else
+   /usr/bin/kubelet$KUBELET_VER "$@"
+fi
+
--- a/kubelet.tmp.conf
+++ b/kubelet.tmp.conf
@@ -0,0 +1,2 @@
+d /var/lib/cni 0755 root root -
+d /var/lib/kubelet 0755 root root -
--- a/kubernetes-1.32.0.tar.xz
+++ b/kubernetes-1.32.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:757cdaf3388e8e712868cc0867c7d70b333a0733151b645f5f5c234cb5d62e8b
+size 22969856
--- a/kubernetes-1.32.1.tar.xz
+++ b/kubernetes-1.32.1.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e20b83a6b708675a7b1beee69b8ae1db9c1c84671e0a4b68918fcf75bb1c563c
+size 21430112
--- a/kubernetes-1.32.2.tar.xz
+++ b/kubernetes-1.32.2.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0b407935be674ff58ca12dac3d87ac2fcfdee868f5833f2c7f1a6c84928a4e76
+size 21437716
--- a/kubernetes-1.32.3.tar.xz
+++ b/kubernetes-1.32.3.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7e8d093040c927d9eb56ea52db78ae9afd99e9edd91b163c29fcfbea58359b8f
+size 21440476
--- a/kubernetes-1.32.4.tar.xz
+++ b/kubernetes-1.32.4.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:59b5df13f7189b67b2d63bf1e64f26c065abffd51bf8876b5c5e410427c925a8
+size 21437376
--- a/kubernetes-1.32.5.tar.xz
+++ b/kubernetes-1.32.5.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e6ae9a5657763f9711993b0f982a0f33ef8b13389d3275ff7f24c4b1d86380c2
+size 21438320
--- a/4
+++ b/4
@@ -0,0 +1,4 @@
+addFilter ("^kubernetes-unit-test.*: E: devel-file-in-non-devel-package")
+addFilter ("^kubernetes-master.*: W: statically-linked-binary")
+addFilter ("^kubernetes-extra.*: E: env-script-interpreter")
+addFilter ("^kubernetes-extra.*: E: wrong-script-interpreter")
--- a/kubernetes.obsinfo
+++ b/kubernetes.obsinfo
@@ -0,0 +1,4 @@
+name: kubernetes
+version: 1.32.5
+mtime: 1747299902
+commit: 9894294ef13a5b32803e3ca2c0d620a088cc84d1
--- a/kubernetes1.32.changes
+++ b/kubernetes1.32.changes
@@ -0,0 +1,146 @@
+-------------------------------------------------------------------
+Tue Jun 10 12:36:12 UTC 2025 - Priyanka Saggu <priyanka.saggu@suse.com>
+
+- add patch file: cve-2025-22872-x-net-html-properly-handle-trailing-solidus.patch
+  * fixes CVE-2025-22872, bsc#1241781
+  * Ref: https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
+
+-------------------------------------------------------------------
+Mon May 19 05:39:42 UTC 2025 - Priyanka Saggu <priyanka.saggu@suse.com>
+
+- Update to version 1.32.5:
+  * Bump images, dependencies and versions
+  * Handle unsupported node expansion for RWX volumes
+  * Manually adding fix for failing pull-kubernetes-typecheck tests which had dependency with this commit: https://github.com/kubernetes/kubernetes/commit/61863035803cc105619925a0fa23a779a9578bd4
+  * Mark NodeExpansion finsihed without featuregate check
+  * Also change final status by removing featuregate check
+  * Check for newer fields when deciding expansion recovery feature status
+  * Fix for HNS local endpoint was being deleted instead of the remote endpoint.
+
+- Update .spec file to bump go version build requirements:
+  * `BuildRequires:  go >= 1.23.8`
+  * ref: https://github.com/kubernetes/kubernetes/blob/v1.32.5/build/dependencies.yaml#L117-L119
+
+-------------------------------------------------------------------
+Wed Apr 23 12:55:39 UTC 2025 - Priyanka Saggu <priyanka.saggu@suse.com>
+
+- Update to version 1.32.4:
+  * Fix race for sending errors in watch
+  * CHANGELOG-1.32: fix release note about kubeadm upgrade phases
+  * Fix implementation of ContainsCIDR to allow non-equal addresses
+  * fix handle terminating pvc when kubelet rebuild dsw
+  * add e2e test to reproduce unexpected unmount after kubelet is restarted
+
+-------------------------------------------------------------------
+Tue Mar 25 12:36:22 UTC 2025 - Priyanka Saggu <priyanka.saggu@suse.com>
+
+- CVE-2025-1767: GitRepo Volume Inadvertent Local Repository Access, bsc#1239643 
+
+  * TL;DR: Please refer to the github issue for details on detecting and mitigating the CVE, if impacted:
+  https://github.com/kubernetes/kubernetes/issues/130786
+
+  ****Important note to users and administrators****
+
+  * How do I mitigate this vulnerability?
+
+   To mitigate this vulnerability, you must use an init container to perform git clone operation and then mount the directory into the Pod's container. An example of this approach is provided here: https://gist.github.com/tallclair/849601a16cebeee581ef2be50c351841
+
+   Note: You can also restrict the use of gitRepo volumes in your cluster using policies such as ValidatingAdmissionPolicy or through Restricted pod security standard policy. You can use the following Common Expression Language (CEL) expression as part of a policy to reject use of gitRepo volumes:
+  `has(object.spec.volumes) || !object.spec.volumes.exists(v, has(v.gitRepo))`
+
+  * Detection:
+   
+   To detect whether this vulnerability has been exploited, you can use the following command to list all pods that use the in-tree gitRepo volume and clones to a .git subdirectory.
+
+   ```
+   kubectl get pods --all-namespaces -o json | jq '.items[] | select(.spec.volumes[].gitRepo.repository | test("^/")) | {name: .metadata.name, namespace: .metadata.namespace, repository: (.spec.volumes[] | select(.gitRepo) | .gitRepo.repository)}'
+   ```
+ 
+   Please plan and consider migrating to Kubernetes v1.33 (~ Release Date: April 23, 2025).
+   Since starting v1.33, the impacted gitRepo volume plugin will be disabled by default.
+   Refer: https://github.com/kubernetes/kubernetes/pull/129923
+
+   No prior Kubernetes versions (v1.29 - v1.32), will receive any backport fixe patches for this CVE, since there isn't a fully non-code-breaking patch available.
+
+-------------------------------------------------------------------
+Wed Mar 12 05:01:46 UTC 2025 - Priyanka Saggu <priyanka.saggu@suse.com>
+
+- Update to version 1.32.3:
+  * Add the feature gate `OrderedNamespaceDeletion` for apiserver
+  * conntrack reconciler must check the dst port
+  * fix(pod/util): typos in getting pod validation options
+  * Add ControllerRoles Test
+  * Fix Fixture Data
+  * Add Watch to controller roles
+  * Generate register files for all examples
+  * add simpletype pkg in v1 for register-gen test
+  * Add codegen::register to hack/update-codegen.sh
+  * Add missing imports in register-gen
+  * Revert "Add random interval to nodeStatusReport interval every time after an actual node status change"
+  * Remove the feature-gate check before populating serverRunOptions.Flagz
+  * test: Add emulated-version flag verification in flagz test
+  * fix: flagz endpoint to return parsed flags value
+  * kubeadm: fix panic when no UpgradeConfiguration was found in the config file
+  * proxy: should add PingPeriod for websocket translator
+  * Honor KUBE_HACK_TOOLS_GOTOOLCHAIN
+  * Deflake the PodReplacementPolicyFeatureToggling Job integration test
+  * Limit ResourceQuota LIST requests to times when informer is not synced
+  * kubelet: fix DRA registration test
+  * Fix the flaky Job test: TestSuccessPolicy_ReEnabling
+  * bump netlink
+  * DRA CEL: skip estimating the cost in the scheduler
+  * DRA CEL: add missing size estimator
+
+-------------------------------------------------------------------
+Tue Feb 18 09:13:41 UTC 2025 - Priyanka Saggu <priyanka.saggu@suse.com>
+
+- Update to version 1.32.2:
+  * Bump images, dependencies and versions to go 1.23.6 and distroless iptables
+  * Disable ServiceAccountNodeAudienceRestriction feature gate by default in v1.32
+  * Kubelet server handler cleanup
+  * Fix the remaining flaky integration tests in Job controller
+  * WIP: fix the flaky Job integration tests
+  * kubeadm: use the v1beta4 EtcdAPICall timeout for etcd calls
+  * hack: backport apidiff.sh
+  * Fix: touch /dev/null permission denied on macos
+  * Added check for multipath device mapper
+  * Fix Portworx plugin's CSI translation to copy secret name & namespace
+  * We still can't rely on first condition being fs-expansion pending condition
+  * Bump CSI sidecars to fix CI issues and such
+  * kubeadm: remove misplaced error during image pull
+
+- Update .spec file to bump go version build requirements:
+  * `BuildRequires:  go >= 1.23.6`
+  * ref: https://github.com/kubernetes/kubernetes/blob/v1.32.2/build/dependencies.yaml#L117-L119
+
+- version 1.32.2 contain fix for CVE-2025-0426, bsc#1237189
+  * Refer changelog for more information:
+    https://github.com/kubernetes/kubernetes/blob/v1.32.2/CHANGELOG/CHANGELOG-1.32.md#important-security-information
+
+-------------------------------------------------------------------
+Thu Jan 16 10:02:19 UTC 2025 - Priyanka Saggu <priyanka.saggu@suse.com>
+
+- Update to version 1.32.1:
+  * kubelet: use env vars in node log query PS command
+  * DRA e2e: adapt to increased ReservedFor limit
+  * DRA API: bump maximum size of ReservedFor to 256
+  * Add watch permission to namespace-controller for WatchListClient feature
+  * webhook: alter regex to account for x509sha1 GODEBUG removal
+  * kubeadm: fix a bug where the node.skipPhases in UpgradeNodeConfiguration is not respected by 'kubeadm upgrade node'
+  * kubeadm: skip disabled addons in clusterconfig on upgrade
+  * Bump images, dependencies and versions to go 1.23.4 and distroless iptables
+  * Do not attempt to truncate revision history if revisionHistoryLimit is negative
+  * fetch cni plugins from GitHub releases
+  * Fix volume expansion offline
+  * prevent unnecessary resolving of iscsi/fc devices to dm
+  * Isolate mock signer for externaljwt tests
+
+- Update .spec file to bump go version build requirements:
+  * `BuildRequires:  go >= 1.23.4`
+  * ref: https://github.com/kubernetes/kubernetes/blob/v1.32.1/build/dependencies.yaml#L117-L119
+
+-------------------------------------------------------------------
+Thu Dec 19 08:47:30 UTC 2024 - Priyanka Saggu <priyanka.saggu@suse.com>
+
+- initial package for Kubernetes v1.32.0 
+  * Full changelog - https://github.com/kubernetes/kubernetes/blob/v1.32.0/CHANGELOG/CHANGELOG-1.32.md
--- a/kubernetes1.32.spec
+++ b/kubernetes1.32.spec
@@ -0,0 +1,500 @@
+#
+# spec file for package kubernetes1.32
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create}
+# baseversion - version of kubernetes for this package
+%define baseversion 1.32
+%define baseversionminus1 1.31
+
+Name:           kubernetes%{baseversion}
+Version:        1.32.5
+Release:        0
+Summary:        Container Scheduling and Management
+License:        Apache-2.0
+Group:          System/Management
+URL:            https://kubernetes.io/
+Source:         kubernetes-%{version}.tar.xz
+Source2:        genmanpages.sh
+Source3:        kubelet.sh
+#systemd services
+Source10:       kubelet.service
+#config files
+Source22:       sysconfig.kubelet-kubernetes
+Source23:       kubeadm.conf
+Source24:       90-kubeadm.conf
+Source25:       10-kubeadm.conf
+Source27:       kubelet.tmp.conf
+Source28:       kubernetes-rpmlintrc
+Source29:       kubernetes.obsinfo
+# Patch to change the default registry to registry.opensuse.org/kubic
+Patch2:         kubeadm-opensuse-registry.patch
+# Patch to change the version check server to kubic.opensuse.org
+Patch3:         opensuse-version-checks.patch
+# Patch to change the default flexvolume path in kubeadm to match that used by our kubelet, else kubeadm tries to write to /usr when kubelet is already looking at a path on /var thanks to the fix to bsc#1084766
+Patch4:         kubeadm-opensuse-flexvolume.patch
+# Patch to revert renaming of coredns image location to match how it's done on download.opensuse.org
+Patch5:         revert-coredns-image-renaming.patch
+# Patch to fix CVE-2025-22872, properly handle trailing solidus in unquoted attribute value in foreign content
+# Ref: https://go.googlesource.com/net/+/e1fcd82abba34df74614020343be8eb1fe85f0d9
+Patch6:         cve-2025-22872-x-net-html-properly-handle-trailing-solidus.patch
+BuildRequires:  fdupes
+BuildRequires:  git
+BuildRequires:  go >= 1.23.8
+BuildRequires:  go-go-md2man
+BuildRequires:  golang-packaging
+BuildRequires:  rsync
+BuildRequires:  systemd-rpm-macros
+BuildRequires:  golang(API) = 1.23
+BuildRequires:  golang(github.com/jteeuwen/go-bindata)
+ExcludeArch:    %{ix86} s390 ppc64
+
+%description
+Kubernetes is a system for automating deployment, scaling, and
+management of containerized applications.
+
+It groups containers that make up an application into logical units
+for management and discovery.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# packages to build containerized control plane
+
+%package apiserver
+Summary:        Kubernetes apiserver for container image
+Group:          System/Management
+Provides:       kubernetes-apiserver-provider = %{version}
+Conflicts:      kubernetes-apiserver-provider
+
+%description apiserver
+This subpackage contains the kube-apiserver binary for Kubic images
+
+%package controller-manager
+Summary:        Kubernetes controller-manager for container image
+Group:          System/Management
+Provides:       kubernetes-controller-manager-provider = %{version}
+Conflicts:      kubernetes-controller-manager-provider
+
+%description controller-manager
+This subpackage contains the kube-controller-manager binary for Kubic images
+
+%package scheduler
+Summary:        Kubernetes scheduler for container image
+Group:          System/Management
+Provides:       kubernetes-scheduler-provider = %{version}
+Conflicts:      kubernetes-scheduler-provider
+
+%description scheduler
+This subpackage contains the kube-scheduler binary for Kubic images
+
+%package proxy
+Summary:        Kubernetes proxy for container image
+Group:          System/Management
+Provides:       kubernetes-proxy-provider = %{version}
+Conflicts:      kubernetes-proxy-provider
+Requires:       conntrack-tools
+Requires:       ebtables
+Requires:       ipset
+Requires:       iptables
+
+%description proxy
+This subpackage contains the kube-proxy binary for Kubic images
+
+%package kubelet
+Summary:        Kubernetes kubelet daemon
+Group:          System/Management
+Requires:       cri-runtime
+Requires:       kubernetes-kubelet-common
+Recommends:     kubernetes-kubelet-common = %{version}
+Provides:       kubernetes-kubelet%{baseversion} = %{version}
+Obsoletes:      kubernetes-kubelet%{baseversion} < %{version}
+%{?systemd_requires}
+
+%description kubelet
+Manage a cluster of Linux containers as a single system to accelerate Dev and simplify Ops.
+kubelet daemon (current version)
+
+%package kubelet-common
+Summary:        Kubernetes kubelet daemon
+Group:          System/Management
+Requires:       cri-runtime
+Requires:       kubernetes-kubelet%{baseversion}
+Provides:       kubernetes-kubelet-common = %{version}
+Conflicts:      kubernetes-kubelet-common
+
+%description kubelet-common
+Manage a cluster of Linux containers as a single system to accelerate Dev and simplify Ops.
+kubelet daemon
+
+%package kubeadm
+Summary:        Kubernetes kubeadm bootstrapping tool
+Group:          System/Management
+Provides:       kubernetes-kubeadm-provider = %{version}
+Conflicts:      kubernetes-kubeadm-provider
+Obsoletes:      kubernetes%{baseversionminus1}-kubeadm
+Requires:       cri-runtime
+Requires:       cri-tools
+Requires:       ebtables
+Requires:       ethtool
+Requires:       kubernetes-kubeadm-criconfig
+Requires:       socat
+Requires(pre):  shadow
+Requires:       (kubernetes%{baseversion}-kubelet or kubernetes%{baseversionminus1}-kubelet)
+Recommends:     kubernetes%{baseversion}-kubelet
+
+%description kubeadm
+Manage a cluster of Linux containers as a single system to accelerate Dev and simplify Ops.
+kubeadm bootstrapping tool
+
+%package client
+Summary:        Kubernetes client tools
+Group:          System/Management
+Provides:       kubernetes-client-provider = %{version}
+Requires:       kubernetes%{baseversion}-client-common
+Requires(post): update-alternatives
+Requires(postun): update-alternatives
+
+%description client
+Kubernetes client tools like kubectl.
+
+%package client-common
+Summary:        Kubernetes client tools common files
+Group:          System/Management
+Requires:       kubernetes%{baseversion}-client
+Provides:       kubernetes-client-common = %{version}
+Conflicts:      kubernetes-client-common
+Recommends:     bash-completion
+
+%description client-common
+Kubernetes client tools common files
+
+%package client-bash-completion
+Summary:        Bash Completion for %{name}-client
+Group:          System/Shells
+BuildRequires:  bash-completion
+Requires:       bash-completion
+Requires:       kubernetes%{baseversion}-client = %{version}
+Supplements:    (kubernetes%{baseversion}-client and bash-completion)
+BuildArch:      noarch
+Obsoletes:      kubernetes%{baseversionminus1}-client-bash-completion
+Provides:       kubernetes-client-bash-completion = %{version}
+Conflicts:      kubernetes-client-bash-completion
+
+%description client-bash-completion
+Bash command line completion support for %{name}-client
+
+%package client-fish-completion
+Summary:        Fish Completion for %{name}-client
+Group:          System/Shells
+BuildRequires:  fish
+Requires:       kubernetes%{baseversion}-client = %{version}
+Supplements:    (kubernetes%{baseversion}-client and fish)
+BuildArch:      noarch
+Obsoletes:      kubernetes%{baseversionminus1}-client-fish-completion
+Provides:       kubernetes-client-fish-completion = %{version}
+Conflicts:      kubernetes-client-fish-completion
+
+%description client-fish-completion
+Fish command line completion support for %{name}-client.
+
+%prep
+%setup -q -n kubernetes-%{version}
+%patch -P 2 -p1
+%patch -P 3 -p1
+%patch -P 4 -p0
+%patch -P 5 -p1
+%patch -P 6 -p1
+
+%build
+# This is fixing bug bsc#1065972
+export KUBE_GIT_COMMIT=$(grep "commit:" %{SOURCE29} | cut -d ":" -f2 | tr -d " ")
+# KUBE_GIT_TREE_STATE="clean" indicates no changes since the git commit id
+# KUBE_GIT_TREE_STATE="dirty" indicates source code changes after the git commit id
+export KUBE_GIT_TREE_STATE="clean"
+export KUBE_GIT_VERSION=v%{version}
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1392922#c1
+#%ifarch ppc64le
+#export GOLDFLAGS='-linkmode=external'
+#%endif
+
+#TEST
+export FORCE_HOST_GO=y
+
+%ifarch s390x
+# `-buildmode=pie` with "internal linking" is not yet supported on linux/s390x platform
+# https://github.com/golang/go/blob/a63907808d14679c723e566cb83acc76fc8cafc2/src/internal/platform/supported.go#L223-L232
+# https://github.com/golang/go/issues/64875#issuecomment-1870734528
+make WHAT="cmd/kube-apiserver cmd/kube-controller-manager cmd/kube-scheduler cmd/kube-proxy cmd/kubelet cmd/kubectl cmd/kubeadm"
+%else
+make WHAT="cmd/kube-apiserver cmd/kube-controller-manager cmd/kube-scheduler cmd/kube-proxy cmd/kubelet cmd/kubectl cmd/kubeadm" GOFLAGS="-buildmode=pie"
+%endif
+
+# The majority of the documentation has already been moved into
+# http://kubernetes.io/docs/admin, and most of the files stored in the `docs`
+# directory simply point there. That being said, some of the files are actual
+# man pages, but they have to be generated with `hack/generate-docs.sh`. So,
+# let's do that and run `genmanpages.sh`.
+./hack/generate-docs.sh || true
+pushd docs
+pushd admin
+cp kube-apiserver.md kube-controller-manager.md kube-proxy.md kube-scheduler.md kubelet.md ..
+popd
+cp %{SOURCE2} genmanpages.sh
+bash genmanpages.sh
+popd
+
+%install
+
+%ifarch ppc64le aarch64
+output_path="_output/local/go/bin"
+%else
+output_path="_output/local/bin/linux/%{go_arch}"
+%endif
+
+install -m 755 -d %{buildroot}%{_bindir}
+
+echo "+++ INSTALLING kubeadm"
+install -p -m 755 -t %{buildroot}%{_bindir} ${output_path}/kubeadm
+
+binaries=(kube-apiserver kube-controller-manager kube-scheduler kube-proxy)
+for bin in "${binaries[@]}"; do
+  echo "+++ INSTALLING ${bin}"
+  install -p -m 755 -t %{buildroot}%{_bindir} ${output_path}/${bin}
+done
+
+for bin in kubelet kubectl; do
+  echo "+++ INSTALLING ${bin} with %{baseversion} suffix"
+  install -p -m 755 ${output_path}/${bin} %{buildroot}%{_bindir}/${bin}%{baseversion}
+done
+
+echo "+++ INSTALLING kubelet multi-version loader"
+install -p -m 755 %{SOURCE3} %{buildroot}%{_bindir}/kubelet
+
+# create sysconfig.kubelet-kubernetes in fullupdir
+sed -i -e 's|BASE_VERSION|%{baseversion}|g' %{SOURCE22}
+install -D -m 0644 %{SOURCE22} %{buildroot}%{_fillupdir}/sysconfig.kubelet-kubernetes%{baseversion}
+
+# install the bash completion
+install -d -m 0755 %{buildroot}%{_datadir}/bash-completion/completions/
+%{buildroot}%{_bindir}/kubectl%{baseversion} completion bash > %{buildroot}%{_datadir}/bash-completion/completions/kubectl
+
+# install the fish completion
+mkdir -p %{buildroot}%{_datadir}/fish/vendor_completions.d
+%{buildroot}%{_bindir}/kubectl%{baseversion} completion fish > %{buildroot}%{_datadir}/fish/vendor_completions.d/kubectl.fish
+
+# move CHANGELOG-%{baseversion}.md to old location
+mv CHANGELOG/CHANGELOG-%{baseversion}.md .
+
+# cleanup before copying dirs...
+rm -f hack/.linted_packages
+find .    -name '.gitignore' -type f -delete
+find hack -name '*.sh.orig' -type f -delete
+find hack -name '.golint_*' -type f -delete
+
+# systemd service
+install -d -m 0755 %{buildroot}%{_unitdir}
+install -m 0644 -t %{buildroot}%{_unitdir}/ %{SOURCE10}
+
+# make symlinks to rc files
+install -d -m 0755 %{buildroot}%{_sbindir}
+ln -sf service "%{buildroot}%{_sbindir}/rckubelet"
+
+# install manpages
+install -d %{buildroot}%{_mandir}/man1
+install -p -m 644 docs/man/man1/* %{buildroot}%{_mandir}/man1
+
+# create config folder
+install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}
+
+# manifests file for the kubelet
+install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/manifests
+
+# place kubernetes.tmp.conf to /usr/lib/tmpfiles.d/kubernetes.conf
+install -d -m 0755 %{buildroot}%{_tmpfilesdir}
+install -D -m 0644 %{SOURCE27} %{buildroot}/%{_tmpfilesdir}/kubelet.conf
+
+# install the place the kubelet defaults to put volumes
+install -d %{buildroot}%{_localstatedir}/lib/kubelet
+
+%define volume_plugin_dir %{_localstatedir}/lib/kubelet/volume-plugin
+install -d %{buildroot}/%{volume_plugin_dir}
+
+# Add kubeadm modprobe.d and sysctl.d drop-in configs
+mkdir -p %{buildroot}%{_prefix}/lib/modules-load.d
+mkdir -p %{buildroot}%{_sysctldir}
+install -m 0644 -t %{buildroot}%{_prefix}/lib/modules-load.d/ %{SOURCE23}
+install -m 0644 -t %{buildroot}%{_sysctldir} %{SOURCE24}
+
+# Create kubeadm systemd unit drop-in
+install -d -m 0755 %{buildroot}%{_unitdir}/kubelet.service.d
+sed -i -e 's|PATH_TO_FLEXVOLUME|%{volume_plugin_dir}|g' %{SOURCE25}
+install -m 0644 -t %{buildroot}%{_unitdir}/kubelet.service.d/ %{SOURCE25}
+
+# alternatives
+ln -s -f %{_sysconfdir}/alternatives/kubectl %{buildroot}%{_bindir}/kubectl
+
+%fdupes -s %{buildroot}
+
+%post client-common
+%{_sbindir}/update-alternatives \
+  --install %{_bindir}/kubectl kubectl %{_bindir}/kubectl%{baseversion} %(echo %{baseversion} | tr -d .)
+
+%postun client-common
+if [ ! -f %{_bindir}/kubectl%{baseversion} ] ; then
+  update-alternatives --remove kubectl %{_bindir}/kubectl%{baseversion}
+fi
+
+%pre kubelet-common
+%service_add_pre kubelet.service
+
+%post kubelet-common
+%fillup_only -an kubelet
+# Check if /etc/sysconfig/kubelet exists
+if [ -e "/etc/sysconfig/kubelet" ]; then
+  # Extract the value from the fillup file
+  UPDATED_KUBELET_VER=$(grep '^KUBELET_VER=' %{_fillupdir}/sysconfig.kubelet-kubernetes%{baseversion} | cut -d '=' -f2)
+  # Update the value in the sysconfig file
+  sed -i "s/^KUBELET_VER=.*/KUBELET_VER=$UPDATED_KUBELET_VER/" /etc/sysconfig/kubelet
+fi
+%service_add_post kubelet.service
+if [ $1 -eq 1 ]; then
+    # Check if modprobe command is available
+    [ ! -x /sbin/modprobe ] || { /sbin/modprobe br_netfilter && /sbin/modprobe overlay; } || true
+fi
+%if 0%{?suse_version} < 1500
+# create some subvolumes needed by CNI
+if [ ! -e %{_localstatedir}/lib/cni ]; then
+  if [ "`findmnt -o FSTYPE -l  /|grep -v FSTYPE`" = "btrfs" ]; then
+    %{_sbindir}/mksubvolume %{_localstatedir}/lib/cni
+  fi
+fi
+%endif
+%tmpfiles_create %{_tmpfilesdir}/kubelet.conf
+
+%preun kubelet-common
+%service_del_preun kubelet.service
+
+%postun kubelet-common
+%service_del_postun kubelet.service
+
+%post kubeadm
+# Check if sysctl command is available
+if [ -x /usr/sbin/sysctl ]; then
+    # Run sysctl --system after the package installation
+    /usr/sbin/sysctl -p %{_sysctldir}/90-kubeadm.conf || true
+fi
+
+%files kubelet-common
+%doc README.md CONTRIBUTING.md CHANGELOG-%{baseversion}.md
+%license LICENSE
+%{_mandir}/man1/kubelet.1%{?ext_man}
+%{_bindir}/kubelet
+%{_unitdir}/kubelet.service
+%dir %{_unitdir}/kubelet.service.d
+%{_sbindir}/rckubelet
+%dir %{_localstatedir}/lib/kubelet
+%dir %{_sysconfdir}/%{name}
+%dir %{_sysconfdir}/%{name}/manifests
+%{_tmpfilesdir}/kubelet.conf
+%attr(0750,root,root) %dir %ghost %{_rundir}/%{name}
+%dir %{volume_plugin_dir}
+%{_fillupdir}/sysconfig.kubelet-kubernetes%{baseversion}
+
+# openSUSE is using kubeadm with containerizied control plane, we
+# only need the binaries
+
+%files apiserver
+%doc README.md CONTRIBUTING.md
+%license LICENSE
+%{_mandir}/man1/kube-apiserver.1%{?ext_man}
+%{_bindir}/kube-apiserver
+
+%files controller-manager
+%doc README.md CONTRIBUTING.md
+%license LICENSE
+%{_mandir}/man1/kube-controller-manager.1%{?ext_man}
+%{_bindir}/kube-controller-manager
+
+%files scheduler
+%doc README.md CONTRIBUTING.md
+%license LICENSE
+%{_mandir}/man1/kube-scheduler.1%{?ext_man}
+%{_bindir}/kube-scheduler
+
+%files proxy
+%doc README.md CONTRIBUTING.md
+%license LICENSE
+%{_mandir}/man1/kube-proxy.1%{?ext_man}
+%{_bindir}/kube-proxy
+
+%files kubelet
+%license LICENSE
+%{_bindir}/kubelet%{baseversion}
+
+%files kubeadm
+%doc README.md CONTRIBUTING.md CHANGELOG-%{baseversion}.md
+%{_unitdir}/kubelet.service.d/10-kubeadm.conf
+%dir %{_prefix}/lib/modules-load.d
+%{_prefix}/lib/modules-load.d/kubeadm.conf
+%{_sysctldir}/90-kubeadm.conf
+%license LICENSE
+%{_bindir}/kubeadm
+%{_mandir}/man1/kubeadm*
+
+%files client
+%doc README.md CONTRIBUTING.md
+%license LICENSE
+%{_bindir}/kubectl
+%{_bindir}/kubectl%{baseversion}
+%ghost %_sysconfdir/alternatives/kubectl
+
+%files client-common
+%doc README.md CONTRIBUTING.md
+%license LICENSE
+%{_mandir}/man1/kubectl.1%{?ext_man}
+%{_mandir}/man1/kubectl-*
+
+%files client-bash-completion
+%{_datadir}/bash-completion/completions/kubectl
+
+%files client-fish-completion
+%{_datadir}/fish/vendor_completions.d/kubectl.fish
+
+%changelog
--- a/opensuse-version-checks.patch
+++ b/opensuse-version-checks.patch
@@ -0,0 +1,22 @@
+From 16e70f84cf9c5a72607efe86f0e030ac05fdd7f9 Mon Sep 17 00:00:00 2001
+From: Richard Brown <rbrownccb@opensuse.org>
+Date: Wed, 14 Apr 2021 17:04:02 +0200
+Subject: [PATCH] Use kubic.opensuse.org for kubeadm version checks
+
+---
+ cmd/kubeadm/app/util/version.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: kubernetes-1.26.0/cmd/kubeadm/app/util/version.go
+===================================================================
+--- kubernetes-1.26.0.orig/cmd/kubeadm/app/util/version.go
+++ kubernetes-1.26.0/cmd/kubeadm/app/util/version.go
+@@ -39,7 +39,7 @@ const (
+ )
+ 
+ var (
+-	kubeReleaseBucketURL  = "https://dl.k8s.io"
+	kubeReleaseBucketURL  = "https://kubic.opensuse.org"
+ 	kubeCIBucketURL       = "https://storage.googleapis.com/k8s-release-dev"
+ 	kubeReleaseRegex      = regexp.MustCompile(`^v?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)([-\w.+]*)?$`)
+ 	kubeReleaseLabelRegex = regexp.MustCompile(`^((latest|stable)+(-[1-9](\.[1-9](\d)?)?)?)\z`)
--- a/revert-coredns-image-renaming.patch
+++ b/revert-coredns-image-renaming.patch
@@ -0,0 +1,32 @@
+From d30667d8b6e96a4e50c0eb6b4cf6d4a615041f74 Mon Sep 17 00:00:00 2001
+From: Richard Brown <rbrown@suse.com>
+Date: Thu, 16 Dec 2021 10:07:03 +0100
+Subject: [PATCH] Patch openSUSE revert coredns image renaming
+
+---
+ cmd/kubeadm/app/images/images.go | 5 -----
+ 1 file changed, 5 deletions(-)
+
+Index: kubernetes-1.31.0/cmd/kubeadm/app/images/images.go
+===================================================================
+--- kubernetes-1.31.0.orig/cmd/kubeadm/app/images/images.go
+++ kubernetes-1.31.0/cmd/kubeadm/app/images/images.go
+@@ -22,7 +22,6 @@ import (
+ 	"k8s.io/klog/v2"
+ 
+ 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
+-	kubeadmapiv1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta4"
+ 	"k8s.io/kubernetes/cmd/kubeadm/app/constants"
+ 	kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
+ )
+@@ -48,10 +47,6 @@ func GetDNSImage(cfg *kubeadmapi.Cluster
+ 	if cfg.DNS.ImageRepository != "" {
+ 		dnsImageRepository = cfg.DNS.ImageRepository
+ 	}
+-	// Handle the renaming of the official image from "registry.k8s.io/coredns" to "registry.k8s.io/coredns/coredns
+-	if dnsImageRepository == kubeadmapiv1.DefaultImageRepository {
+-		dnsImageRepository = fmt.Sprintf("%s/coredns", dnsImageRepository)
+-	}
+ 	// DNS uses an imageTag that corresponds to the DNS version matching the Kubernetes version
+ 	dnsImageTag := constants.CoreDNSVersion
+ 
--- a/sysconfig.kubelet-kubernetes
+++ b/sysconfig.kubelet-kubernetes
@@ -0,0 +1 @@
+KUBELET_VER=BASE_VERSION