Bump kubernetes-asyncio from 35.0.1 to 36.1.0

[dependabot]

Bumps kubernetes-asyncio from 35.0.1 to 36.1.0.

Changelog

Sourced from kubernetes-asyncio's changelog.

v36.1.0

• feat: add server side apply to create_from (#418, @​alexandrehassan)
• feat: More descriptive error on DynamicClient not initialized (#422, @​alexandrehassan)
• ci: Declare support for Python 3.14 and run it in CI (#410, @​tomasr8)

API Change

• ACTION REQUIRED: DRA (Dynamic Resource Allocation) drivers and controllers now require granular RBAC permissions to update ResourceClaim statuses when the DRAResourceClaimGranularStatusAuthorization feature gate is enabled (beta in v1.36). Schedulers and controllers must be granted update/patch on resourceclaims/binding. DRA drivers must be granted associated-node:update or arbitrary-node:update (or patch equivalents) on resourceclaims/driver, restricted by their specific resourceNames. (#134947, @​aojea) [SIG API Machinery, Apps, Auth, Instrumentation, Node, Scheduling and Testing]
• ACTION REQUIRED: Removed the integrated support for flex-volumes in kubeadm. Users were advised to migrate away from flex-volumes as recommended by SIG Storage since v1.22. If kubeadm users wish to continue using the feature, they need a custom image for the KCM that is not based on distroless, pass the KCM flag --flex-volume-plugin-dir, and mount the directory /usr/libexec/kubernetes/kubelet-plugins/volume/exec in the KCM static pod using kubeadm's extraVolumes mechanism before upgrading to v1.36. Previously, kubeadm automatically did the mounting if the user passed the flag. (#136423, @​neolit123) [SIG Cluster Lifecycle]
• ACTION REQUIRED: Renamed metric etcd_bookmark_counts to etcd_bookmark_total. If you are using custom monitoring dashboards or alerting rules based on the etcd_bookmark_counts metric, update them to use the new etcd_bookmark_total metric. (#136483, @​petern48) [SIG API Machinery, Etcd, Instrumentation and Testing]
• Added SchedulingConstraints to express topology-aware scheduling (TAS) constraints for PodGroup scheduling behind the TopologyAwareWorkloadScheduling feature gate. Added the TopologyPlacement plugin implementing the PlacementGenerate extension point to take constraints into consideration during PodGroup scheduling. (#137271, @​brejman) [SIG API Machinery, Apps, Auth, CLI, Cloud Provider, Etcd, Node, Scheduling and Testing]
• Added DisruptionMode, PriorityClassName, and Priority fields to the Workload and PodGroup APIs to support workload-aware preemption when the WorkloadAwarePreemption feature gate is enabled. (#136589, @​tosi3k) [SIG API Machinery, Apps, Auth, CLI, Cloud Provider, Etcd, Node, Scheduling and Testing]
• Added ImageVolumeWithDigest which includes the digest of image volumes in the container status. (#132807, @​iholder101) [SIG API Machinery, Apps, Node and Testing]
• Added MemoryReservationPolicy cgroup v2 MemoryQoS support to KubeletConfiguration for memory.min protection. (#137584, @​QiWang19) [SIG Node and Storage]
• Added spec.stubPKCS10Request to the Pod Certificates beta API to improve compatibility with existing certificate authority implementations that expect a PKCS#10 certificate signing request. spec.pkixPublicKey and spec.proofOfPossession were deprecated in favor of this field. (#136729, @​ahmedtd) [SIG API Machinery, Auth, Node and Testing]
• Added a deletion protection mechanism for PodGroup objects. (#137641, @​helayoty) [SIG API Machinery, Apps, Auth, Scheduling and Storage]
• Added alpha support (behind the PersistentVolumeClaimUnusedSinceTime feature gate) for tracking PersistentVolumeClaim unused status via a new Unused condition on PersistentVolumeClaimStatus. When enabled, the PVC protection controller sets Unused=True with a lastTransitionTime when no non-terminal Pods reference the PersistentVolumeClaim. (#137862, @​gnufied) [SIG Apps, Auth, Storage and Testing]
• Added alpha support for manifest-based admission control configuration (KEP-5793). When the ManifestBasedAdmissionControlConfig feature gate is enabled, admission webhooks and CEL-based policies can be loaded from static manifest files on disk via the staticManifestsDir field in AdmissionConfiguration. These policies are active from API server startup, survive etcd unavailability, and can protect API-based admission resources from modification. (#137346, @​aramase) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage, Testing and Windows]
• Added an admission plugin that validates PodGroup resources reference an existing Workload and match the declared PodGroupTemplate spec. (#137464, @​helayoty) [SIG API Machinery, Apps, Auth, CLI, Cloud Provider, Etcd, Node, Scheduling and Testing]
• Added list-type support for attributes in DRA (KEP-5491). The DRAListTypeAttributes feature gate (disabled by default) activates the following enhancements:
  • DRA drivers can use list-type fields (bools/ints/strings/versions) for device attributes in ResourceSlice. The number of attribute values, including scalars and lists, per single device is limited to 48.
  • The matchAttribute/distinctAttribute constraints in ResourceClaim now work on both scalar and list attributes. The matchAttribute constraint matches when the intersection of all list values among candidate devices is non-empty. The distinctAttribute constraint (behind the ConsumableCapacity feature gate) matches when all list values among candidate devices are pairwise disjoint. Scalar values are implicitly treated as a singleton set.
  • Added a new CEL function .includes that works on both scalar and list attributes to test inclusion (e.g., device.attributes["dra.example.com"].model.includes("model-a")), supporting migration when a DRA driver changes an attribute value type from scalar to list or vice versa. (#137190, @​everpeace) [SIG API Machinery, Node, Scheduling and Testing]
• Added new concurrent-node-status-updates flag that is split from the concurrent-node-syncs flag. (#136716, @​yonizxz) [SIG Cloud Provider]
• Added opt-in alpha support in the kubeletplugin framework for DRA drivers to publish DRA Device metadata in Pod CDI mounts. (#137086, @​alaypatel07) [SIG Apps, Network, Node and Testing]
• Added opt-in scheduling behavior for CSI volumes. (#137343, @​gnufied) [SIG API Machinery, Scheduling and Storage]
• Added placement-based PodGroup scheduling algorithm to the scheduler. Its use is guarded by the TopologyAwareWorkloadScheduling feature gate. (#136944, @​brejman) [SIG Scheduling and Testing]
• Added stability-based lifecycle for declarative validation (Alpha/Beta/Stable). Scheduling Workload v1alpha1 now uses explicit declarative enforcement. (#136793, @​yongruilin) [SIG API Machinery and Scheduling]
• Added the PlacementGenerate extension point to the scheduler. It is used to generate placements for placement-based PodGroup scheduling. Its use is guarded by the TopologyAwareWorkloadScheduling feature gate. (#137083, @​brejman) [SIG Scheduling]
• Added the PlacementScore extension point to the scheduler for scoring placements in placement-based PodGroup scheduling, guarded by the TopologyAwareWorkloadScheduling feature gate. Deprecated MinNodeScore and MaxNodeScore in favor of MinScore and MaxScore. (#137201, @​brejman) [SIG Scheduling]
• Added the ResourcePoolStatusRequest API (v1alpha1) for querying DRA resource pool availability. External schedulers can discover available devices across pools before submitting workloads. Requires the DRAResourcePoolStatus feature gate (alpha). (#137028, @​nmn3m) [SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node, Scheduling, Storage and Testing]
• Added the --concurrent-resourceclaim-syncs flag to kube-controller-manager to configure ResourceClaim reconcile concurrency. (#134701, @​anson627) [SIG API Machinery, Apps, Node and Testing]
• Added the --tls-curve-preferences flag for configuring TLS key exchange mechanism. (#137115, @​damdo) [SIG API Machinery, Architecture, CLI, Cloud Provider, Node and Testing]
• Added the PodGroupPodsCount scheduler plugin to support workload-aware scheduling by prioritizing placements with higher Pod counts within a group. (#137488, @​vshkrabkov) [SIG Scheduling and Testing]
• Added the tlsServerName field to EgressSelectorConfiguration TLSConfig to allow overriding the server name used for TLS certificate verification. (#136640, @​kennangaibel) [SIG API Machinery, Apps, Auth, Storage and Testing]
• Added the alpha DRANodeAllocatableResources feature, which introduces a new ResourceSlice.Spec.Devices[*].NodeAllocatableResourceMappings field for DRA drivers to declare how device resources map to node allocatable Kubernetes resources (e.g., cpu, memory).(#136725, @​pravk03) [SIG API Machinery, Apps, Node, Scheduling and Testing]
• Added topology-aware scheduling (TAS) logic to the PodGroup scheduling cycle behind the TopologyAwareWorkloadScheduling feature gate, supporting scheduling of PodGroups on nodes with matching topology domains. (#137489, @​brejman) [SIG API Machinery, Apps, Auth, CLI, Cloud Provider, Etcd, Node, Scheduling and Testing]
• Added validation to prevent negative duration values for imageMinimumGCAge. (#135997, @​ngopalak-redhat) [SIG API Machinery and Node]
• Changed deprecated sets.String with sets.Set[string] in apiserver admission subsystem. This is a breaking change for consumers of the NewLifecycle function. (#134044, @​mcallzbl) [SIG API Machinery and Auth]
• Clarified documentation and comments to indicate that the cpuCFSQuotaPeriod kubelet config field requires the CustomCPUCFSQuotaPeriod feature gate when using non-default values. No functional changes introduced. (#133845, @​rbiamru) [SIG Node and Release]
• Corrected OpenAPI schema union validation for the PodGroupPolicy struct in scheduling.k8s.io/v1alpha1. (#136424, @​JoelSpeed) [SIG API Machinery and Scheduling]
• DRA DeviceTaintRules: the TimeAdded field of the taint is now automatically updated when changing the effect. (#137167, @​pohly) [SIG API Machinery, Node and Testing]
• DRA: Added a spec.resourceClaims field to PodGroup resources for referencing ResourceClaims and ResourceClaimTemplates. Claims made by a PodGroup are reserved for the entire PodGroup instead of individual Pods, supporting more than 256 Pods sharing a single ResourceClaim. ResourceClaimTemplates referenced by a PodGroup's claim replicate into a ResourceClaim specific to that PodGroup, shared by all of the group's Pods. (#136989, @​nojnhuh) [SIG API Machinery, Apps, Auth, CLI, Cloud Provider, Etcd, Node, Scheduling and Testing]
• DRA: Graduated Device Binding Conditions (KEP #5007) to beta, enabled by default in v1.36. (#137795, @​ttsuuubasa) [SIG API Machinery, Node, Scheduling and Testing]
• DRA: Graduated device taints and tolerations (KEP #5055) to beta. Support for DeviceTaints in ResourceSlices is on by default. Support for DeviceTaintRules depends on enabling resource.k8s.io/v1beta2 and the DeviceTaintRules feature gate. (#137170, @​pohly) [SIG API Machinery, Apps, Auth, Cluster Lifecycle, Etcd, Node, Scheduling and Testing]
• Extended NodeResourcesFit to implement the PlacementScore extension point. The usage of the PlacementScore extension point is guarded by the TopologyAwareWorkloadScheduling feature gate. (#136652, @​brejman) [SIG Scheduling]
• Fixed fake.NewClientset() to work properly with correct schema. (#131068, @​soltysh) [SIG API Machinery]
• Fixed a few log calls that did not properly format their parameters. (#137108, @​pohly) [SIG API Machinery, Apps, Auth, Cluster Lifecycle, Network, Node, Scheduling and Testing]

... (truncated)

Commits

• 7ddbf30 release v36.1.0
• 7730a33 regenerate client for release 36.1.0 (#425)
• cb0b819 add server side apply (#418)
• 0c7ebe7 More descriptive error on DynamicClient not initialized (#422)
• 3cf2945 chore(deps): update setuptools requirement from >=21.0.0 to >=82.0.1 (#421)
• 33c014b chore(deps): bump codecov/codecov-action from 5 to 6 (#415)
• 112d4fe Remove outdated compatibility section from readme (#414)
• c1a69be Fix: HTTP status check skipped when _preload_content=False in REST client (#402)
• 4a9303c Declare support for Python 3.14 and run it in CI (#410)
• 15aae49 [doc] update changelog (#408)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)