dependabot(deps): bump sigs.k8s.io/kind from 0.20.0 to 0.21.0

[dependabot]

Bumps sigs.k8s.io/kind from 0.20.0 to 0.21.0.

Release notes

Sourced from sigs.k8s.io/kind's releases.

v0.21.0

This release patches the recent runc CVEs, as well as an issue with kind build node-image and docker v25.0.0+

• The default node image is a Kubernetes v1.29.1 image: kindest/node:v1.29.1@sha256:a0cc28af37cf39b019e2b448c54d1a3f789de32536cb5a5db61a49623e527144

If you haven't already, please see also v0.20.0 release notes which had important announcements that still apply going forward.

• Upgraded go to 1.20.13
• Upgraded crictl to 1.28
• Upgraded containerd fuse overlayfs to 1.0.6
• Began marking some core images pinned in containerd, which may eventually make enabling imageGC safer
• kindnetd will ignore nodes with empty podCIDR, enabling some niche use-cases

Images pre-built for this release:

• v1.29.1: kindest/node:v1.29.1@sha256:a0cc28af37cf39b019e2b448c54d1a3f789de32536cb5a5db61a49623e527144
• v1.28.6: kindest/node:v1.28.6@sha256:b7e1cf6b2b729f604133c667a6be8aab6f4dde5bb042c1891ae248d9154f665b
• v1.27.10: kindest/node:v1.27.10@sha256:3700c811144e24a6c6181065265f69b9bf0b437c45741017182d7c82b908918f
• v1.26.13: kindest/node:v1.26.13@sha256:15ae92d507b7d4aec6e8920d358fc63d3b980493db191d7327541fbaaed1f789
• v1.25.16: kindest/node:v1.25.16@sha256:9d0a62b55d4fe1e262953be8d406689b947668626a357b5f9d0cfbddbebbc727
• v1.24.17: kindest/node:v1.24.17@sha256:ea292d57ec5dd0e2f3f5a2d77efa246ac883c051ff80e887109fabefbd3125c7
• v1.23.17: kindest/node:v1.23.17@sha256:fbb92ac580fce498473762419df27fa8664dbaa1c5a361b5957e123b4035bdcf

NOTE: You must use the @sha256 digest to guarantee an image built for this release, until such a time as we switch to a different tagging scheme. Even then we will highly encourage digest pinning for security and reproducibility reasons.

See also:

• https://kind.sigs.k8s.io/docs/user/quick-start/#creating-a-cluster
• https://kind.sigs.k8s.io/docs/user/quick-start/#building-images

NOTE: These node images support amd64 and arm64, both of our supported platforms. You must use the same platform as your host, for more context see kubernetes-sigs/kind#2718

• Updated runc to v1.1.12, containerd to v1.7.13 including the fix for GHSA-xr7r-f8xq-vfvv
• Fixed kind build node-image with docker v25.0.0+
  • NOTE: kind load docker-image is still broken with Docker v25.0.0 due to a docker bug, which has a fix merged that should be included in Docker v25.0.1+
• Assorted docs fixes

Thank you to everyone who contributed to this release! ❤️

Users whose commits are in this release (alphabetically by user name)

• @​adelton

... (truncated)

Commits

• 8eca32c version v0.21.0
• fc67703 Merge pull request #3499 from BenTheElder/bumpity2
• 020f24d bump node image to 1.29.1
• 8b6d869 bump kindnetd image
• b8f7cfb bump local-path-provisioner image
• 7c6a17b bump base image
• 8f1494e Merge pull request #3498 from BenTheElder/latest-go
• e56e6cd use latest go 1.20 (1.20.13)
• 7368a26 Merge pull request #3497 from ameukam/bump-runc-containerd
• ca8b6a8 Update runc and containerd.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[k8s-ci-robot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[mboersma]

/hold

We need to bump this in the Makefile as well; I'll do that.

[mboersma]

/hold cancel

[nojnhuh]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nojnhuh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [nojnhuh]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: ff0aa4b7bb790a0637f33b0c4a53589cbedf20fd

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (a730ce9) 62.44% compared to head (847a840) 62.44%.
Report is 4 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4535   +/-   ##
=======================================
  Coverage   62.44%   62.44%           
=======================================
  Files         192      192           
  Lines       19270    19270           
=======================================
  Hits        12034    12034           
  Misses       6577     6577           
  Partials      659      659           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[nojnhuh]

/retest