kubernetes
diff --git a/‎cluster/addons/addon-manager/CHANGELOG.md
Lines changed: 4 additions & 0 deletions b/‎cluster/addons/addon-manager/CHANGELOG.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎cluster/addons/addon-manager/Makefile
Lines changed: 2 additions & 2 deletions b/‎cluster/addons/addon-manager/Makefile
Lines changed: 2 additions & 2 deletions
diff --git a/‎cluster/addons/addon-manager/kube-addons.sh
Lines changed: 11 additions & 11 deletions b/‎cluster/addons/addon-manager/kube-addons.sh
Lines changed: 11 additions & 11 deletions
diff --git a/‎cluster/addons/cloud-controller-manager/cloud-node-controller-role.yaml
Lines changed: 1 addition & 0 deletions b/‎cluster/addons/cloud-controller-manager/cloud-node-controller-role.yaml
Lines changed: 1 addition & 0 deletions
diff --git a/‎cluster/addons/dns/coredns/coredns.yaml.base
Lines changed: 2 additions & 8 deletions b/‎cluster/addons/dns/coredns/coredns.yaml.base
Lines changed: 2 additions & 8 deletions
diff --git a/‎cluster/addons/dns/coredns/coredns.yaml.in
Lines changed: 2 additions & 8 deletions b/‎cluster/addons/dns/coredns/coredns.yaml.in
Lines changed: 2 additions & 8 deletions
diff --git a/‎cluster/addons/dns/coredns/coredns.yaml.sed
Lines changed: 2 additions & 8 deletions b/‎cluster/addons/dns/coredns/coredns.yaml.sed
Lines changed: 2 additions & 8 deletions
diff --git a/‎cluster/addons/dns/kube-dns/kube-dns.yaml.base
Lines changed: 3 additions & 3 deletions b/‎cluster/addons/dns/kube-dns/kube-dns.yaml.base
Lines changed: 3 additions & 3 deletions
diff --git a/‎cluster/addons/dns/kube-dns/kube-dns.yaml.in
Lines changed: 3 additions & 3 deletions b/‎cluster/addons/dns/kube-dns/kube-dns.yaml.in
Lines changed: 3 additions & 3 deletions
diff --git a/‎cluster/addons/dns/kube-dns/kube-dns.yaml.sed
Lines changed: 3 additions & 3 deletions b/‎cluster/addons/dns/kube-dns/kube-dns.yaml.sed
Lines changed: 3 additions & 3 deletions
@@ -1,3 +1,7 @@
+### Version 9.1.7 (Thu May 15 2023 Paco Xu <[email protected]>)
+- Update kubectl to v1.27.1.
+- Use `--prune-allowlist` instead of deprecated `--prune-whitelist`.
+
 ### Version 9.1.6 (Thu February 24 2022 Shihang Zhang <[email protected]>)
  - Clean up the wait check for service account (https://github.com/kubernetes/kubernetes/pull/108313)
 
 
@@ -15,8 +15,8 @@
 IMAGE=gcr.io/k8s-staging-addon-manager/kube-addon-manager
 ARCH?=amd64
 TEMP_DIR:=$(shell mktemp -d)
-VERSION=v9.1.6
-KUBECTL_VERSION?=v1.20.2
+VERSION=v9.1.7
+KUBECTL_VERSION?=v1.27.1
 
 BASEIMAGE=registry.k8s.io/debian-base-$(ARCH):v1.0.1
 
 
@@ -114,28 +114,28 @@ function log() {
   esac
 }
 
-# Generate kubectl prune-whitelist flags from provided resource list.
-function generate_prune_whitelist_flags() {
+# Generate kubectl prune-allowlist flags from provided resource list.
+function generate_prune_allowlist_flags() {
   local -r resources=( "$@" )
   for resource in "${resources[@]}"; do
     # Check if $resource isn't composed just of whitespaces by replacing ' '
     # with '' and checking whether the resulting string is not empty.
     if [[ -n "${resource// /}" ]]; then
-      printf "%s" "--prune-whitelist ${resource} "
+      printf "%s" "--prune-allowlist ${resource} "
     fi
   done
 }
 
-# KUBECTL_EXTRA_PRUNE_WHITELIST is a list of extra whitelisted resources
+# KUBECTL_EXTRA_PRUNE_WHITELIST is a list of extra allowed resources
 # besides the default ones.
-extra_prune_whitelist=
+extra_prune_allowlist=
 if [ -n "${KUBECTL_EXTRA_PRUNE_WHITELIST:-}" ]; then
-  read -ra extra_prune_whitelist <<< "${KUBECTL_EXTRA_PRUNE_WHITELIST}"
+  read -ra extra_prune_allowlist <<< "${KUBECTL_EXTRA_PRUNE_WHITELIST}"
 fi
-prune_whitelist=( "${KUBECTL_PRUNE_WHITELIST[@]}"  "${extra_prune_whitelist[@]}" )
-prune_whitelist_flags=$(generate_prune_whitelist_flags "${prune_whitelist[@]}")
+prune_allowlist=( "${KUBECTL_PRUNE_WHITELIST[@]}"  "${extra_prune_allowlist[@]}" )
+prune_allowlist_flags=$(generate_prune_allowlist_flags "${prune_allowlist[@]}")
 
-log INFO "== Generated kubectl prune whitelist flags: $prune_whitelist_flags =="
+log INFO "== Generated kubectl prune allowlist flags: $prune_allowlist_flags =="
 
 # $1 filename of addon to start.
 # $2 count of tries to start the addon.
@@ -240,14 +240,14 @@ function reconcile_addons() {
   # Disabling because "${KUBECTL_OPTS}" needs to allow for expansion here
   ${KUBECTL} ${KUBECTL_OPTS} apply -f ${ADDON_PATH} \
     -l ${CLUSTER_SERVICE_LABEL}=true,${ADDON_MANAGER_LABEL}!=EnsureExists \
-    --prune=true ${prune_whitelist_flags} --recursive | grep -v configured
+    --prune=true ${prune_allowlist_flags} --recursive | grep -v configured
 
   log INFO "== Reconciling with addon-manager label =="
   # shellcheck disable=SC2086
   # Disabling because "${KUBECTL_OPTS}" needs to allow for expansion here
   ${KUBECTL} ${KUBECTL_OPTS} apply -f ${ADDON_PATH} \
     -l ${CLUSTER_SERVICE_LABEL}!=true,${ADDON_MANAGER_LABEL}=Reconcile \
-    --prune=true ${prune_whitelist_flags} --recursive | grep -v configured
+    --prune=true ${prune_allowlist_flags} --recursive | grep -v configured
 
   log INFO "== Kubernetes addon reconcile completed at $(date -Is) =="
 }
 
@@ -44,6 +44,7 @@ rules:
   - nodes
   verbs:
   - get
+  - patch
   - update
 - apiGroups:
   - ""
 
@@ -27,12 +27,6 @@ rules:
   verbs:
   - list
   - watch
-- apiGroups:
-  - ""
-  resources:
-  - nodes
-  verbs:
-  - get
 - apiGroups:
   - discovery.k8s.io
   resources:
@@ -139,7 +133,7 @@ spec:
         kubernetes.io/os: linux
       containers:
       - name: coredns
-        image: registry.k8s.io/coredns/coredns:v1.9.3
+        image: registry.k8s.io/coredns/coredns:v1.11.1
         imagePullPolicy: IfNotPresent
         resources:
           limits:
@@ -182,7 +176,7 @@ spec:
             add:
             - NET_BIND_SERVICE
             drop:
-            - all
+            - ALL
           readOnlyRootFilesystem: true
       dnsPolicy: Default
       volumes:
 
@@ -27,12 +27,6 @@ rules:
   verbs:
   - list
   - watch
-- apiGroups:
-  - ""
-  resources:
-  - nodes
-  verbs:
-  - get
 - apiGroups:
   - discovery.k8s.io
   resources:
@@ -139,7 +133,7 @@ spec:
         kubernetes.io/os: linux
       containers:
       - name: coredns
-        image: registry.k8s.io/coredns/coredns:v1.9.3
+        image: registry.k8s.io/coredns/coredns:v1.11.1
         imagePullPolicy: IfNotPresent
         resources:
           limits:
@@ -182,7 +176,7 @@ spec:
             add:
             - NET_BIND_SERVICE
             drop:
-            - all
+            - ALL
           readOnlyRootFilesystem: true
       dnsPolicy: Default
       volumes:
 
@@ -27,12 +27,6 @@ rules:
   verbs:
   - list
   - watch
-- apiGroups:
-  - ""
-  resources:
-  - nodes
-  verbs:
-  - get
 - apiGroups:
   - discovery.k8s.io
   resources:
@@ -139,7 +133,7 @@ spec:
         kubernetes.io/os: linux
       containers:
       - name: coredns
-        image: registry.k8s.io/coredns/coredns:v1.9.3
+        image: registry.k8s.io/coredns/coredns:v1.11.1
         imagePullPolicy: IfNotPresent
         resources:
           limits:
@@ -182,7 +176,7 @@ spec:
             add:
             - NET_BIND_SERVICE
             drop:
-            - all
+            - ALL
           readOnlyRootFilesystem: true
       dnsPolicy: Default
       volumes:
 
@@ -114,7 +114,7 @@ spec:
         kubernetes.io/os: linux
       containers:
       - name: kubedns
-        image: registry.k8s.io/dns/k8s-dns-kube-dns:1.22.13
+        image: registry.k8s.io/dns/k8s-dns-kube-dns:1.22.28
         resources:
           # TODO: Set memory limits when we've profiled the container for large
           # clusters, then set request = limit to keep this container in
@@ -170,7 +170,7 @@ spec:
           runAsUser: 1001
           runAsGroup: 1001
       - name: dnsmasq
-        image: registry.k8s.io/dns/k8s-dns-dnsmasq-nanny:1.22.13
+        image: registry.k8s.io/dns/k8s-dns-dnsmasq-nanny:1.22.28
         livenessProbe:
           httpGet:
             path: /healthcheck/dnsmasq
@@ -217,7 +217,7 @@ spec:
               - NET_BIND_SERVICE
               - SETGID
       - name: sidecar
-        image: registry.k8s.io/dns/k8s-dns-sidecar:1.22.13
+        image: registry.k8s.io/dns/k8s-dns-sidecar:1.22.28
         livenessProbe:
           httpGet:
             path: /metrics
 
@@ -114,7 +114,7 @@ spec:
         kubernetes.io/os: linux
       containers:
       - name: kubedns
-        image: registry.k8s.io/dns/k8s-dns-kube-dns:1.22.13
+        image: registry.k8s.io/dns/k8s-dns-kube-dns:1.22.28
         resources:
           # TODO: Set memory limits when we've profiled the container for large
           # clusters, then set request = limit to keep this container in
@@ -170,7 +170,7 @@ spec:
           runAsUser: 1001
           runAsGroup: 1001
       - name: dnsmasq
-        image: registry.k8s.io/dns/k8s-dns-dnsmasq-nanny:1.22.13
+        image: registry.k8s.io/dns/k8s-dns-dnsmasq-nanny:1.22.28
         livenessProbe:
           httpGet:
             path: /healthcheck/dnsmasq
@@ -217,7 +217,7 @@ spec:
               - NET_BIND_SERVICE
               - SETGID
       - name: sidecar
-        image: registry.k8s.io/dns/k8s-dns-sidecar:1.22.13
+        image: registry.k8s.io/dns/k8s-dns-sidecar:1.22.28
         livenessProbe:
           httpGet:
             path: /metrics
 
@@ -114,7 +114,7 @@ spec:
         kubernetes.io/os: linux
       containers:
       - name: kubedns
-        image: registry.k8s.io/dns/k8s-dns-kube-dns:1.22.13
+        image: registry.k8s.io/dns/k8s-dns-kube-dns:1.22.28
         resources:
           # TODO: Set memory limits when we've profiled the container for large
           # clusters, then set request = limit to keep this container in
@@ -170,7 +170,7 @@ spec:
           runAsUser: 1001
           runAsGroup: 1001
       - name: dnsmasq
-        image: registry.k8s.io/dns/k8s-dns-dnsmasq-nanny:1.22.13
+        image: registry.k8s.io/dns/k8s-dns-dnsmasq-nanny:1.22.28
         livenessProbe:
           httpGet:
             path: /healthcheck/dnsmasq
@@ -217,7 +217,7 @@ spec:
               - NET_BIND_SERVICE
               - SETGID
       - name: sidecar
-        image: registry.k8s.io/dns/k8s-dns-sidecar:1.22.13
+        image: registry.k8s.io/dns/k8s-dns-sidecar:1.22.28
         livenessProbe:
           httpGet:
             path: /metrics
-Original file line number
+Diff line change
   - nodes
   verbs:
   - get
 +  - patch
   - update
 - apiGroups:
   - ""