Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kubeone for openSUSE:Factory checked in at 2026-05-13 17:22:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubeone (Old) and /work/SRC/openSUSE:Factory/.kubeone.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubeone" Wed May 13 17:22:35 2026 rev:15 rq:1352981 version:1.13.5 Changes: -------- --- /work/SRC/openSUSE:Factory/kubeone/kubeone.changes 2026-04-18 23:20:31.336728271 +0200 +++ /work/SRC/openSUSE:Factory/.kubeone.new.1966/kubeone.changes 2026-05-13 17:24:57.437276134 +0200 @@ -1,0 +2,15 @@ +Wed May 13 11:29:37 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 1.13.5: + * Fixes of Bugs or Regressions + - Update golang.org/x/net to v0.54.0 #4076, @kron4eg + - Update OSM to v1.10.5 with the Flatcar fix #4068, @kron4eg + - Removed HonorPVReclaimPolicy feature flag from csi-azuredisk + addon #4064, @bastianpaetzold + - Fix bastion host can have different ssh key #4063, + @mohamed-rafraf + * Updates + - Use fixed Go minor version 1.26 in CI workflows #4056, + @kron4eg + +------------------------------------------------------------------- Old: ---- kubeone-1.13.4.obscpio New: ---- kubeone-1.13.5.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kubeone.spec ++++++ --- /var/tmp/diff_new_pack.Q7kdnW/_old 2026-05-13 17:24:59.185348645 +0200 +++ /var/tmp/diff_new_pack.Q7kdnW/_new 2026-05-13 17:24:59.185348645 +0200 @@ -20,7 +20,7 @@ %define KUBERNETES_STABLE_VERSION v1.35.4 Name: kubeone -Version: 1.13.4 +Version: 1.13.5 Release: 0 Summary: CLI for the kubeone cluster automation License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Q7kdnW/_old 2026-05-13 17:24:59.329354619 +0200 +++ /var/tmp/diff_new_pack.Q7kdnW/_new 2026-05-13 17:24:59.345355283 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/kubermatic/kubeone</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v1.13.4</param> + <param name="revision">v1.13.5</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.Q7kdnW/_old 2026-05-13 17:24:59.393357274 +0200 +++ /var/tmp/diff_new_pack.Q7kdnW/_new 2026-05-13 17:24:59.413358104 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/kubermatic/kubeone</param> - <param name="changesrevision">9e8496dc0b2ee2f5fd965b04de429349bc1ba525</param></service></servicedata> + <param name="changesrevision">0ddfa74352d989967604c03742f82d5f98f39f6f</param></service></servicedata> (No newline at EOF) ++++++ kubeone-1.13.4.obscpio -> kubeone-1.13.5.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeone-1.13.4/CHANGELOG/CHANGELOG-1.13.md new/kubeone-1.13.5/CHANGELOG/CHANGELOG-1.13.md --- old/kubeone-1.13.4/CHANGELOG/CHANGELOG-1.13.md 2026-04-17 12:17:34.000000000 +0200 +++ new/kubeone-1.13.5/CHANGELOG/CHANGELOG-1.13.md 2026-05-13 11:20:27.000000000 +0200 @@ -1,3 +1,20 @@ +# [v1.13.5](https://github.com/kubermatic/kubeone/releases/tag/v1.13.5) - 2026-05-13 + +## Changelog since v1.13.4 + +## Changes by Kind + +### Fixes of Bugs or Regressions + +- Update golang.org/x/net to v0.54.0 [#4076](https://github.com/kubermatic/kubeone/pull/4076), [@kron4eg](https://github.com/kron4eg) +- Update OSM to v1.10.5 with the Flatcar fix [#4068](https://github.com/kubermatic/kubeone/pull/4068), [@kron4eg](https://github.com/kron4eg) +- Removed HonorPVReclaimPolicy feature flag from csi-azuredisk addon [#4064](https://github.com/kubermatic/kubeone/pull/4064), @[bastianpaetzold](https://github.com/bastianpaetzold) +- Fix bastion host can have different ssh key [#4063](https://github.com/kubermatic/kubeone/pull/4063), @[mohamed-rafraf](https://github.com/mohamed-rafraf) + +### Updates + +- Use fixed Go minor version 1.26 in CI workflows #4056 + # [v1.13.4](https://github.com/kubermatic/kubeone/releases/tag/v1.13.4) - 2026-04-17 ## Changelog since v1.13.3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeone-1.13.4/addons/csi-azuredisk/csi-azuredisk.yaml new/kubeone-1.13.5/addons/csi-azuredisk/csi-azuredisk.yaml --- old/kubeone-1.13.4/addons/csi-azuredisk/csi-azuredisk.yaml 2026-04-17 12:17:34.000000000 +0200 +++ new/kubeone-1.13.5/addons/csi-azuredisk/csi-azuredisk.yaml 2026-05-13 11:20:27.000000000 +0200 @@ -515,7 +515,7 @@ operator: Exists containers: - args: - - --feature-gates=Topology=true,HonorPVReclaimPolicy=true,VolumeAttributesClass=true + - --feature-gates=Topology=true,VolumeAttributesClass=true - --csi-address=$(ADDRESS) - --v=2 - --timeout=30s diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeone-1.13.4/addons/csi-azuredisk/helm-values new/kubeone-1.13.5/addons/csi-azuredisk/helm-values --- old/kubeone-1.13.4/addons/csi-azuredisk/helm-values 2026-04-17 12:17:34.000000000 +0200 +++ new/kubeone-1.13.5/addons/csi-azuredisk/helm-values 2026-05-13 11:20:27.000000000 +0200 @@ -11,7 +11,6 @@ featureGates: csiProvisioner: - Topology=true - - HonorPVReclaimPolicy=true - VolumeAttributesClass=true node: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeone-1.13.4/go.mod new/kubeone-1.13.5/go.mod --- old/kubeone-1.13.4/go.mod 2026-04-17 12:17:34.000000000 +0200 +++ new/kubeone-1.13.5/go.mod 2026-05-13 11:20:27.000000000 +0200 @@ -29,10 +29,10 @@ github.com/spf13/pflag v1.0.10 go.etcd.io/etcd/client/v3 v3.6.5 go.uber.org/multierr v1.11.0 - golang.org/x/crypto v0.47.0 - golang.org/x/term v0.39.0 - golang.org/x/text v0.33.0 - golang.org/x/tools v0.40.0 + golang.org/x/crypto v0.51.0 + golang.org/x/term v0.43.0 + golang.org/x/text v0.37.0 + golang.org/x/tools v0.44.0 google.golang.org/grpc v1.79.3 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.20.2 @@ -235,11 +235,11 @@ go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect - golang.org/x/mod v0.31.0 // indirect - golang.org/x/net v0.49.0 // indirect + golang.org/x/mod v0.35.0 // indirect + golang.org/x/net v0.54.0 // indirect golang.org/x/oauth2 v0.34.0 // indirect - golang.org/x/sync v0.19.0 // indirect - golang.org/x/sys v0.40.0 // indirect + golang.org/x/sync v0.20.0 // indirect + golang.org/x/sys v0.44.0 // indirect golang.org/x/time v0.12.0 // indirect google.golang.org/api v0.197.0 // indirect google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeone-1.13.4/go.sum new/kubeone-1.13.5/go.sum --- old/kubeone-1.13.4/go.sum 2026-04-17 12:17:34.000000000 +0200 +++ new/kubeone-1.13.5/go.sum 2026-05-13 11:20:27.000000000 +0200 @@ -740,8 +740,8 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= -golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8= -golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A= +golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI= +golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -767,8 +767,8 @@ golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI= -golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg= +golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM= +golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -797,8 +797,8 @@ golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= -golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= -golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= +golang.org/x/net v0.54.0 h1:2zJIZAxAHV/OHCDTCOHAYehQzLfSXuf/5SoL/Dv6w/w= +golang.org/x/net v0.54.0/go.mod h1:Sj4oj8jK6XmHpBZU/zWHw3BV3abl4Kvi+Ut7cQcY+cQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= @@ -813,8 +813,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= -golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= +golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -854,8 +854,8 @@ golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ= -golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ= +golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -866,8 +866,8 @@ golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= -golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY= -golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww= +golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4= +golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -881,8 +881,8 @@ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= -golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE= -golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8= +golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= +golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= @@ -907,8 +907,8 @@ golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA= -golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc= +golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c= +golang.org/x/tools v0.44.0/go.mod h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI= golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM= golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeone-1.13.4/pkg/scripts/proxy.go new/kubeone-1.13.5/pkg/scripts/proxy.go --- old/kubeone-1.13.4/pkg/scripts/proxy.go 2026-04-17 12:17:34.000000000 +0200 +++ new/kubeone-1.13.5/pkg/scripts/proxy.go 2026-05-13 11:20:27.000000000 +0200 @@ -66,6 +66,7 @@ grep -v '#kubeone$' /etc/environment > $envtmp || true set +o pipefail # grep exits non-zero without match grep = /etc/kubeone/proxy-env | sed 's/$/#kubeone/' >> $envtmp +test -L /etc/environment && sudo rm /etc/environment || true sudo tee /etc/environment < $envtmp ` ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeone-1.13.4/pkg/scripts/testdata/TestEnvironmentFile-empty-proxy.golden new/kubeone-1.13.5/pkg/scripts/testdata/TestEnvironmentFile-empty-proxy.golden --- old/kubeone-1.13.4/pkg/scripts/testdata/TestEnvironmentFile-empty-proxy.golden 2026-04-17 12:17:34.000000000 +0200 +++ new/kubeone-1.13.5/pkg/scripts/testdata/TestEnvironmentFile-empty-proxy.golden 2026-05-13 11:20:27.000000000 +0200 @@ -14,4 +14,5 @@ grep -v '#kubeone$' /etc/environment > $envtmp || true set +o pipefail # grep exits non-zero without match grep = /etc/kubeone/proxy-env | sed 's/$/#kubeone/' >> $envtmp +test -L /etc/environment && sudo rm /etc/environment || true sudo tee /etc/environment < $envtmp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeone-1.13.4/pkg/scripts/testdata/TestEnvironmentFile-http-https-no-proxy.golden new/kubeone-1.13.5/pkg/scripts/testdata/TestEnvironmentFile-http-https-no-proxy.golden --- old/kubeone-1.13.4/pkg/scripts/testdata/TestEnvironmentFile-http-https-no-proxy.golden 2026-04-17 12:17:34.000000000 +0200 +++ new/kubeone-1.13.5/pkg/scripts/testdata/TestEnvironmentFile-http-https-no-proxy.golden 2026-05-13 11:20:27.000000000 +0200 @@ -23,4 +23,5 @@ grep -v '#kubeone$' /etc/environment > $envtmp || true set +o pipefail # grep exits non-zero without match grep = /etc/kubeone/proxy-env | sed 's/$/#kubeone/' >> $envtmp +test -L /etc/environment && sudo rm /etc/environment || true sudo tee /etc/environment < $envtmp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeone-1.13.4/pkg/scripts/testdata/TestEnvironmentFile-http-https-proxy.golden new/kubeone-1.13.5/pkg/scripts/testdata/TestEnvironmentFile-http-https-proxy.golden --- old/kubeone-1.13.4/pkg/scripts/testdata/TestEnvironmentFile-http-https-proxy.golden 2026-04-17 12:17:34.000000000 +0200 +++ new/kubeone-1.13.5/pkg/scripts/testdata/TestEnvironmentFile-http-https-proxy.golden 2026-05-13 11:20:27.000000000 +0200 @@ -20,4 +20,5 @@ grep -v '#kubeone$' /etc/environment > $envtmp || true set +o pipefail # grep exits non-zero without match grep = /etc/kubeone/proxy-env | sed 's/$/#kubeone/' >> $envtmp +test -L /etc/environment && sudo rm /etc/environment || true sudo tee /etc/environment < $envtmp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeone-1.13.4/pkg/scripts/testdata/TestEnvironmentFile-http-proxy.golden new/kubeone-1.13.5/pkg/scripts/testdata/TestEnvironmentFile-http-proxy.golden --- old/kubeone-1.13.4/pkg/scripts/testdata/TestEnvironmentFile-http-proxy.golden 2026-04-17 12:17:34.000000000 +0200 +++ new/kubeone-1.13.5/pkg/scripts/testdata/TestEnvironmentFile-http-proxy.golden 2026-05-13 11:20:27.000000000 +0200 @@ -17,4 +17,5 @@ grep -v '#kubeone$' /etc/environment > $envtmp || true set +o pipefail # grep exits non-zero without match grep = /etc/kubeone/proxy-env | sed 's/$/#kubeone/' >> $envtmp +test -L /etc/environment && sudo rm /etc/environment || true sudo tee /etc/environment < $envtmp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeone-1.13.4/pkg/ssh/connection.go new/kubeone-1.13.5/pkg/ssh/connection.go --- old/kubeone-1.13.4/pkg/ssh/connection.go 2026-04-17 12:17:34.000000000 +0200 +++ new/kubeone-1.13.5/pkg/ssh/connection.go 2026-05-13 11:20:27.000000000 +0200 @@ -141,10 +141,11 @@ return nil, err } - authMethods := make([]ssh.AuthMethod, 0) + // nodeAuthMethods are used to authenticate to the target node. + nodeAuthMethods := make([]ssh.AuthMethod, 0) if len(opts.Password) > 0 { - authMethods = append(authMethods, ssh.Password(opts.Password)) + nodeAuthMethods = append(nodeAuthMethods, ssh.Password(opts.Password)) } if len(opts.PrivateKey) > 0 { @@ -181,12 +182,18 @@ } } - authMethods = append(authMethods, ssh.PublicKeys(certSigner)) + nodeAuthMethods = append(nodeAuthMethods, ssh.PublicKeys(certSigner)) } else { - authMethods = append(authMethods, ssh.PublicKeys(signer)) + nodeAuthMethods = append(nodeAuthMethods, ssh.PublicKeys(signer)) } } + // bastionAuthMethods are used exclusively for the bastion hop. When a + // dedicated bastion key is provided we use only that key so we never waste + // MaxAuthTries attempts on the node key (which the bastion does not know). + // If no bastion key is configured we fall back to the node auth methods. + bastionAuthMethods := nodeAuthMethods + if len(opts.BastionPrivateKey) > 0 { signer, parseErr := ssh.ParsePrivateKey(opts.BastionPrivateKey) if parseErr != nil { @@ -195,7 +202,7 @@ Err: errors.Wrap(parseErr, "bastion SSH key could not be parsed (note that password-protected keys are not supported)"), } } - authMethods = append(authMethods, ssh.PublicKeys(signer)) + bastionAuthMethods = []ssh.AuthMethod{ssh.PublicKeys(signer)} } if len(opts.AgentSocket) > 0 { @@ -224,92 +231,95 @@ agentClient := agent.NewClient(socket) signers, signersErr := agentClient.Signers() - if signersErr != nil { + switch { + case signersErr != nil: socket.Close() return nil, fail.SSHError{ Op: "creating signer for SSH agent", Err: signersErr, } - } else if len(signers) == 0 { + case len(signers) == 0: socket.Close() - - return nil, fail.SSHError{ - Err: errors.New("could not retrieve signers"), - Op: "creating signer for SSH agent", + default: + nodeAuthMethods = append(nodeAuthMethods, ssh.PublicKeys(signers...)) + // only add agent keys to bastion if no dedicated bastion key was set + if len(opts.BastionPrivateKey) == 0 { + bastionAuthMethods = nodeAuthMethods } } - - authMethods = append(authMethods, ssh.PublicKeys(signers...)) } - sshConfig := &ssh.ClientConfig{ + nodeConfig := &ssh.ClientConfig{ User: opts.Username, Timeout: opts.Timeout, - Auth: authMethods, + Auth: nodeAuthMethods, HostKeyCallback: ssh.InsecureIgnoreHostKey(), //nolint:gosec } if opts.HostPublicKey != nil { - sshConfig.HostKeyCallback = hostKeyCallback(opts.HostPublicKey) + nodeConfig.HostKeyCallback = hostKeyCallback(opts.HostPublicKey) } - targetHost := opts.Hostname - targetPort := strconv.Itoa(opts.Port) - - if opts.Bastion != "" { - targetHost = opts.Bastion - targetPort = strconv.Itoa(opts.BastionPort) - sshConfig.User = opts.BastionUser + // No bastion: connect directly to the node. + if opts.Bastion == "" { + endpoint := net.JoinHostPort(opts.Hostname, strconv.Itoa(opts.Port)) - if opts.BastionHostPublicKey != nil { - sshConfig.HostKeyCallback = hostKeyCallback(opts.BastionHostPublicKey) + client, dialErr := ssh.Dial("tcp", endpoint, nodeConfig) + if dialErr != nil { + return nil, fail.SSH(fail.Connection(dialErr, endpoint), "dialing") } - } - // do not use fmt.Sprintf() to allow proper IPv6 handling if hostname is an IP address - endpoint := net.JoinHostPort(targetHost, targetPort) + ctx, cancelFn := context.WithCancel(connector.ctx) - client, err := ssh.Dial("tcp", endpoint, sshConfig) - if err != nil { - return nil, fail.SSH(fail.Connection(err, endpoint), "dialing") + return &connection{ + sshclient: client, + connector: connector, + ctx: ctx, + cancel: cancelFn, + }, nil } - ctx, cancelFn := context.WithCancel(connector.ctx) - sshConn := &connection{ - connector: connector, - ctx: ctx, - cancel: cancelFn, + // Connect to the bastion with its own dedicated auth methods. + bastionConfig := &ssh.ClientConfig{ + User: opts.BastionUser, + Timeout: opts.Timeout, + Auth: bastionAuthMethods, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), //nolint:gosec } - if opts.Bastion == "" { - sshConn.sshclient = client - // connection established - return sshConn, nil + if opts.BastionHostPublicKey != nil { + bastionConfig.HostKeyCallback = hostKeyCallback(opts.BastionHostPublicKey) } - // continue to setup if we are running over bastion - endpointBehindBastion := net.JoinHostPort(opts.Hostname, strconv.Itoa(opts.Port)) + bastionEndpoint := net.JoinHostPort(opts.Bastion, strconv.Itoa(opts.BastionPort)) - if opts.HostPublicKey != nil { - sshConfig.HostKeyCallback = hostKeyCallback(opts.HostPublicKey) + bastionClient, err := ssh.Dial("tcp", bastionEndpoint, bastionConfig) + if err != nil { + return nil, fail.SSH(fail.Connection(err, bastionEndpoint), "dialing") } // Dial a connection to the service host, from the bastion - conn, err := client.Dial("tcp", endpointBehindBastion) + endpointBehindBastion := net.JoinHostPort(opts.Hostname, strconv.Itoa(opts.Port)) + + conn, err := bastionClient.Dial("tcp", endpointBehindBastion) if err != nil { return nil, fail.SSH(fail.Connection(err, endpointBehindBastion), "dialing behind the bastion") } - sshConfig.User = opts.Username - ncc, chans, reqs, err := ssh.NewClientConn(conn, endpointBehindBastion, sshConfig) + ncc, chans, reqs, err := ssh.NewClientConn(conn, endpointBehindBastion, nodeConfig) if err != nil { return nil, fail.SSH(fail.Connection(err, endpointBehindBastion), "new client") } - sshConn.sshclient = ssh.NewClient(ncc, chans, reqs) + ctx, cancelFn := context.WithCancel(connector.ctx) - return sshConn, nil + return &connection{ + sshclient: ssh.NewClient(ncc, chans, reqs), + connector: connector, + ctx: ctx, + cancel: cancelFn, + }, nil } func hostKeyCallback(knownKey []byte) ssh.HostKeyCallback { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeone-1.13.4/pkg/templates/images/images.go new/kubeone-1.13.5/pkg/templates/images/images.go --- old/kubeone-1.13.4/pkg/templates/images/images.go 2026-04-17 12:17:34.000000000 +0200 +++ new/kubeone-1.13.5/pkg/templates/images/images.go 2026-05-13 11:20:27.000000000 +0200 @@ -238,7 +238,7 @@ Flannel: {"*": "docker.io/flannel/flannel:v0.24.4"}, MachineController: {"*": "quay.io/kubermatic/machine-controller:v1.65.0"}, MetricsServer: {"*": "registry.k8s.io/metrics-server/metrics-server:v0.8.1"}, - OperatingSystemManager: {"*": "quay.io/kubermatic/operating-system-manager:v1.10.3"}, + OperatingSystemManager: {"*": "quay.io/kubermatic/operating-system-manager:v1.10.5"}, } } ++++++ kubeone.obsinfo ++++++ --- /var/tmp/diff_new_pack.Q7kdnW/_old 2026-05-13 17:25:00.601407385 +0200 +++ /var/tmp/diff_new_pack.Q7kdnW/_new 2026-05-13 17:25:00.605407551 +0200 @@ -1,5 +1,5 @@ name: kubeone -version: 1.13.4 -mtime: 1776421054 -commit: 9e8496dc0b2ee2f5fd965b04de429349bc1ba525 +version: 1.13.5 +mtime: 1778664027 +commit: 0ddfa74352d989967604c03742f82d5f98f39f6f ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/kubeone/vendor.tar.gz /work/SRC/openSUSE:Factory/.kubeone.new.1966/vendor.tar.gz differ: char 13, line 1
