Upgrade k8s.io to v0.35.0

.golangci.yaml

@@ -1,4 +1,10 @@
 version: "2"
+
+run:
+  timeout: 5m
+  go: "1.25.0"
+  modules-download-mode: vendor
+
 linters:
   default: none
   enable:
@@ -7,31 +13,21 @@ linters:
     - revive
     - unused
   exclusions:
-    generated: lax
-    presets:
-      - comments
-      - common-false-positives
-      - legacy
-      - std-error-handling
     rules:
-      - linters:
+      - path: _test\.go
+        linters:
           - gosec
-        path: _test\.go
-      - linters:
+      - path: ^tests/
+        linters:
           - gosec
-        path: ^tests/
     paths:
-      - third_party$
-      - builtin$
-      - examples$
-issues:
-  fix: true
-formatters:
-  enable:
-    - gofmt
-  exclusions:
-    generated: lax
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
+      - third_party/
+      - builtin/
+      - examples/
+  settings:
+    revive:
+      rules:
+        - name: exported
+          disabled: true
+        - name: package-comments
+          disabled: true

Makefile

@@ -24,7 +24,7 @@ ALL_ARCH ?= amd64 arm arm64 ppc64le s390x
 # The output type could either be docker (local), or registry.
 OUTPUT_TYPE ?= docker
 GO_TOOLCHAIN ?= golang
-GO_VERSION ?= 1.26.2
+GO_VERSION := 1.26.2
 GOTOOLCHAIN ?= go$(GO_VERSION)+auto
 export GOTOOLCHAIN
 BASEIMAGE ?= gcr.io/distroless/static-debian12:nonroot
@@ -78,30 +78,30 @@ mock_gen:
 # Unit tests with faster execution (nicer for development).
 .PHONY: fast-test
 fast-test:
-	go test -mod=vendor -race $(shell go list ./... | grep -v -e "/e2e$$" -e "/e2e/.*")
-	cd konnectivity-client && go test -race ./...
+	GOTOOLCHAIN=go$(GO_VERSION) go test -mod=vendor -race $(shell go list ./... | grep -v -e "/e2e$$" -e "/e2e/.*")
+	cd konnectivity-client && GOTOOLCHAIN=go$(GO_VERSION) go test -race ./...
 
 # Unit tests with fuller coverage, invoked by CI system.
 .PHONY: test
 test:
-	$(eval TEST_LIST := $(shell go list -test ./... | egrep " \[.*\]" | cut -d' ' -f1 | grep -v -e "/e2e$$" -e "/e2e/.*"))
+	$(eval TEST_LIST := $(shell GOTOOLCHAIN=go$(GO_VERSION) go list -test ./... | egrep " \[.*\]" | cut -d' ' -f1 | grep -v -e "/e2e$$" -e "/e2e/.*"))
 	echo "Running tests on $(TEST_LIST)"
 	$(info GOTOOLCHAIN is $(GOTOOLCHAIN))
-	go test -v -mod=vendor -race -covermode=atomic -coverprofile=konnectivity.out $(TEST_LIST) && go tool cover -html=konnectivity.out -o=konnectivity.html
-	cd konnectivity-client && go test -race -covermode=atomic -coverprofile=client.out ./... && go tool cover -html=client.out -o=client.html
+	GOTOOLCHAIN=go$(GO_VERSION) go test -v -mod=vendor -race -covermode=atomic -coverprofile=konnectivity.out $(TEST_LIST) && GOTOOLCHAIN=go$(GO_VERSION) go tool cover -html=konnectivity.out -o=konnectivity.html
+	cd konnectivity-client && GOTOOLCHAIN=go$(GO_VERSION) go test -race -covermode=atomic -coverprofile=client.out ./... && GOTOOLCHAIN=go$(GO_VERSION) go tool cover -html=client.out -o=client.html
 
 .PHONY: test-integration
 test-integration: build
-	go test -mod=vendor -race ./tests -agent-path $(PWD)/bin/proxy-agent
+	GOTOOLCHAIN=go$(GO_VERSION) go test -mod=vendor -race ./tests -agent-path $(PWD)/bin/proxy-agent
 
 .PHONY: test-e2e
 test-e2e: docker-build
-	go test -mod=vendor ./e2e -race -agent-image ${AGENT_FULL_IMAGE}-$(TARGETARCH):${TAG} -server-image ${SERVER_FULL_IMAGE}-$(TARGETARCH):${TAG} -kind-image ${KIND_IMAGE} -mode ${CONNECTION_MODE}
+	GOTOOLCHAIN=go$(GO_VERSION) go test -mod=vendor ./e2e -race -agent-image ${AGENT_FULL_IMAGE}-$(TARGETARCH):${TAG} -server-image ${SERVER_FULL_IMAGE}-$(TARGETARCH):${TAG} -kind-image ${KIND_IMAGE} -mode ${CONNECTION_MODE}
 
 # e2e test runner for continuous integration that does not build a new image.
 .PHONY: test-e2e-ci
 test-e2e-ci:
-	go test -mod=vendor ./e2e -race -agent-image ${AGENT_FULL_IMAGE}-$(TARGETARCH):${TAG} -server-image ${SERVER_FULL_IMAGE}-$(TARGETARCH):${TAG} -kind-image ${KIND_IMAGE} -mode ${CONNECTION_MODE}
+	GOTOOLCHAIN=go$(GO_VERSION) go test -mod=vendor ./e2e -race -agent-image ${AGENT_FULL_IMAGE}-$(TARGETARCH):${TAG} -server-image ${SERVER_FULL_IMAGE}-$(TARGETARCH):${TAG} -kind-image ${KIND_IMAGE} -mode ${CONNECTION_MODE}
 
 ## --------------------------------------
 ## Binaries
@@ -115,28 +115,30 @@ build: bin/proxy-agent bin/proxy-server bin/proxy-test-client bin/http-test-serv
 
 .PHONY: bin/proxy-agent
 bin/proxy-agent:
-	GO111MODULE=on go build -mod=vendor -o bin/proxy-agent cmd/agent/main.go
+	GOTOOLCHAIN=go$(GO_VERSION) GO111MODULE=on go build -mod=vendor -o bin/proxy-agent cmd/agent/main.go
 
 .PHONY: bin/proxy-test-client
 bin/proxy-test-client:
-	GO111MODULE=on go build -mod=vendor -o bin/proxy-test-client cmd/test-client/main.go
+	GOTOOLCHAIN=go$(GO_VERSION) GO111MODULE=on go build -mod=vendor -o bin/proxy-test-client cmd/test-client/main.go
 
 .PHONY: bin/http-test-server
 bin/http-test-server:
-	GO111MODULE=on go build -mod=vendor -o bin/http-test-server cmd/test-server/main.go
+	GOTOOLCHAIN=go$(GO_VERSION) GO111MODULE=on go build -mod=vendor -o bin/http-test-server cmd/test-server/main.go
 
 .PHONY: bin/proxy-server
 bin/proxy-server:
-	GO111MODULE=on go build -mod=vendor -o bin/proxy-server cmd/server/main.go
+	GOTOOLCHAIN=go$(GO_VERSION) GO111MODULE=on go build -mod=vendor -o bin/proxy-server cmd/server/main.go
 
 ## --------------------------------------
 ## Linting
 ## --------------------------------------
 
 .PHONY: lint
 lint:
-	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(INSTALL_LOCATION) v$(GOLANGCI_LINT_VERSION)
-	$(INSTALL_LOCATION)/golangci-lint run --config ./.golangci.yaml --verbose
+	if [ ! -f $(INSTALL_LOCATION)/golangci-lint ]; then \
+		curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(INSTALL_LOCATION) v$(GOLANGCI_LINT_VERSION); \
+	fi
+	GOTOOLCHAIN=go$(GO_VERSION) $(INSTALL_LOCATION)/golangci-lint run --config ./.golangci.yaml --verbose --timeout 5m
 
 ## --------------------------------------
 ## Go

artifacts/images/agent-build.Dockerfile

@@ -2,11 +2,13 @@
 
 ARG BUILDARCH
 ARG GO_TOOLCHAIN
-ARG GO_VERSION
+ARG GO_VERSION=1.26.2
 ARG BASEIMAGE
 
 FROM --platform=linux/${BUILDARCH} ${GO_TOOLCHAIN}:${GO_VERSION} AS builder
 
+ENV GOTOOLCHAIN=local
+
 # Copy in the go src
 WORKDIR /go/src/sigs.k8s.io/apiserver-network-proxy
 

artifacts/images/server-build.Dockerfile

@@ -2,11 +2,13 @@
 
 ARG BUILDARCH
 ARG GO_TOOLCHAIN
-ARG GO_VERSION
+ARG GO_VERSION=1.26.2
 ARG BASEIMAGE
 
 FROM --platform=linux/${BUILDARCH} ${GO_TOOLCHAIN}:${GO_VERSION} AS builder
 
+ENV GOTOOLCHAIN=local
+
 # Copy in the go src
 WORKDIR /go/src/sigs.k8s.io/apiserver-network-proxy
 

artifacts/images/test-client-build.Dockerfile

@@ -2,11 +2,13 @@
 
 ARG BUILDARCH
 ARG GO_TOOLCHAIN
-ARG GO_VERSION
+ARG GO_VERSION=1.26.2
 ARG BASEIMAGE
 
 FROM --platform=linux/${BUILDARCH} ${GO_TOOLCHAIN}:${GO_VERSION} AS builder
 
+ENV GOTOOLCHAIN=local
+
 # Copy in the go src
 WORKDIR /go/src/sigs.k8s.io/apiserver-network-proxy
 

artifacts/images/test-server-build.Dockerfile

@@ -2,11 +2,13 @@
 
 ARG BUILDARCH
 ARG GO_TOOLCHAIN
-ARG GO_VERSION
+ARG GO_VERSION=1.26.2
 ARG BASEIMAGE
 
 FROM --platform=linux/${BUILDARCH} ${GO_TOOLCHAIN}:${GO_VERSION} AS builder
 
+ENV GOTOOLCHAIN=local
+
 # Copy in the go src
 WORKDIR /go/src/sigs.k8s.io/apiserver-network-proxy
 

cmd/agent/app/server.go

@@ -91,12 +91,12 @@ func (a *Agent) Run(o *options.GrpcProxyAgentOptions, drainCh, stopCh <-chan str
 	if err := a.runHealthServer(o, cs); err != nil {
 		return fmt.Errorf("failed to run health server with %v", err)
 	}
-	defer a.healthServer.Close()
+	defer func() { _ = a.healthServer.Close() }()
 
 	if err := a.runAdminServer(o); err != nil {
 		return fmt.Errorf("failed to run admin server with %v", err)
 	}
-	defer a.adminServer.Close()
+	defer func() { _ = a.adminServer.Close() }()
 
 	<-stopCh
 	klog.V(1).Infoln("Shutting down agent.")

cmd/server/app/options/options.go

@@ -159,7 +159,7 @@ func (o *ProxyRunOptions) Flags() *pflag.FlagSet {
 	flags.StringVar(&o.LeaseLabel, "lease-label", o.LeaseLabel, "The labels on which the lease objects are managed.")
 	flags.DurationVar(&o.GracefulShutdownTimeout, "graceful-shutdown-timeout", o.GracefulShutdownTimeout, "Timeout duration for graceful shutdown of the server. The server will wait for active connections to close before forcefully terminating. Set to 0 to disable graceful shutdown (default: 0).")
 	flags.Bool("warn-on-channel-limit", true, "This behavior is now thread safe and always on. This flag will be removed in a future release.")
-	flags.MarkDeprecated("warn-on-channel-limit", "This behavior is now thread safe and always on. This flag will be removed in a future release.")
+	_ = flags.MarkDeprecated("warn-on-channel-limit", "This behavior is now thread safe and always on. This flag will be removed in a future release.")
 
 	return flags
 }

cmd/server/app/server.go

@@ -199,10 +199,10 @@ func (p *Proxy) Run(o *options.ProxyRunOptions, stopCh <-chan struct{}) error {
 			p.agentServer.Stop()
 		}
 		if p.adminServer != nil {
-			p.adminServer.Close()
+			_ = p.adminServer.Close()
 		}
 		if p.healthServer != nil {
-			p.healthServer.Close()
+			_ = p.healthServer.Close()
 		}
 		if leaseController != nil {
 			leaseController.Stop()
@@ -286,10 +286,10 @@ func (p *Proxy) Run(o *options.ProxyRunOptions, stopCh <-chan struct{}) error {
 			p.agentServer.Stop()
 		}
 		if p.adminServer != nil {
-			p.adminServer.Close()
+			_ = p.adminServer.Close()
 		}
 		if p.healthServer != nil {
-			p.healthServer.Close()
+			_ = p.healthServer.Close()
 		}
 		// frontend server's force-stop is handled by its StopFunc
 	}
@@ -365,7 +365,7 @@ func (p *Proxy) runUDSFrontendServer(ctx context.Context, o *options.ProxyRunOpt
 			"core", "udsGrpcFrontend",
 			"udsFile", o.UdsName,
 		)
-		go runpprof.Do(context.Background(), labels, func(context.Context) { grpcServer.Serve(lis) })
+		go runpprof.Do(context.Background(), labels, func(context.Context) { _ = grpcServer.Serve(lis) })
 		stop = func(_ context.Context) error {
 			grpcServer.GracefulStop()
 			return nil
@@ -463,7 +463,7 @@ func (p *Proxy) runMTLSFrontendServer(_ context.Context, o *options.ProxyRunOpti
 			"core", "mtlsGrpcFrontend",
 			"port", strconv.Itoa(o.ServerPort),
 		)
-		go runpprof.Do(context.Background(), labels, func(context.Context) { grpcServer.Serve(lis) })
+		go runpprof.Do(context.Background(), labels, func(context.Context) { _ = grpcServer.Serve(lis) })
 		stop = func(_ context.Context) error {
 			grpcServer.GracefulStop()
 			return nil
@@ -523,7 +523,7 @@ func (p *Proxy) runAgentServer(o *options.ProxyRunOptions, server *server.ProxyS
 		"core", "agentListener",
 		"port", strconv.Itoa(o.AgentPort),
 	)
-	go runpprof.Do(context.Background(), labels, func(context.Context) { grpcServer.Serve(lis) })
+	go runpprof.Do(context.Background(), labels, func(context.Context) { _ = grpcServer.Serve(lis) })
 	p.agentServer = grpcServer
 
 	return nil

go.mod

@@ -19,7 +19,7 @@ require (
 	k8s.io/apimachinery v0.36.0
 	k8s.io/client-go v0.36.0
 	k8s.io/component-base v0.36.0
-	k8s.io/component-helpers v0.34.0
+	k8s.io/component-helpers v0.36.0
 	k8s.io/klog/v2 v2.140.0
 	k8s.io/utils v0.0.0-20260507154919-ff6756f316d2
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0

go.sum

@@ -186,8 +186,8 @@ k8s.io/client-go v0.36.0 h1:pOYi7C4RHChYjMiHpZSpSbIM6ZxVbRXBy7CuiIwqA3c=
 k8s.io/client-go v0.36.0/go.mod h1:ZKKcpwF0aLYfkHFCjillCKaTK/yBkEDHTDXCFY6AS9Y=
 k8s.io/component-base v0.36.0 h1:hFjEktssxiJhrK1zfybkH4kJOi8iZuF+mIDCqS5+jRo=
 k8s.io/component-base v0.36.0/go.mod h1:JZvIfcNHk+uck+8LhJzhSBtydWXaZNQwX2OdL+Mnwsk=
-k8s.io/component-helpers v0.34.0 h1:5T7P9XGMoUy1JDNKzHf0p/upYbeUf8ZaSf9jbx0QlIo=
-k8s.io/component-helpers v0.34.0/go.mod h1:kaOyl5tdtnymriYcVZg4uwDBe2d1wlIpXyDkt6sVnt4=
+k8s.io/component-helpers v0.36.0 h1:KznLAOD7oPxjaeheW4SOQijz9UtMO8Nvp89+lR8FYks=
+k8s.io/component-helpers v0.36.0/go.mod h1:BqZG+01Z97KR8GN9Stb8SiRmtn/EpZogriuQtpMCsLg=
 k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc=
 k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0=
 k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a h1:xCeOEAOoGYl2jnJoHkC3hkbPJgdATINPMAxaynU2Ovg=

konnectivity-client/go.mod

@@ -1,6 +1,6 @@
 module sigs.k8s.io/apiserver-network-proxy/konnectivity-client
 
-go 1.24.0
+go 1.26.2
 
 // Prefer to keep requirements compatible with the oldest supported
 // k/k minor version, to prevent client backport issues.

pkg/agent/client.go

@@ -219,9 +219,9 @@ func (a *Client) Connect() (int, error) {
 func (a *Client) Close() {
 	if a.conn == nil {
 		klog.Errorln("Unexpected empty AgentClient.conn")
+		return
 	}
-	err := a.conn.Close()
-	if err != nil {
+	if err := a.conn.Close(); err != nil {
 		klog.ErrorS(err, "failed to close gRPC connection", "serverID", a.serverID, "agentID", a.agentID)
 	}
 	close(a.stopCh)
@@ -493,7 +493,7 @@ func (a *Client) Serve() {
 				eConn.send(data.Data)
 			} else {
 				klog.V(2).InfoS("received DATA for unrecognized connection", "connectionID", data.ConnectID)
-				a.Send(&client.Packet{
+				_ = a.Send(&client.Packet{
 					Type: client.PacketType_CLOSE_RSP,
 					Payload: &client.Packet_CloseResponse{
 						CloseResponse: &client.CloseResponse{

pkg/agent/lease_counter_test.go

@@ -16,17 +16,13 @@ limitations under the License.
 package agent
 
 import (
-	"context"
 	"fmt"
 	"testing"
 	"time"
 
 	coordinationv1 "k8s.io/api/coordination/v1"
 	"k8s.io/apimachinery/pkg/labels"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/client-go/kubernetes/fake"
 	coordinationv1lister "k8s.io/client-go/listers/coordination/v1"
-	"k8s.io/client-go/tools/cache"
 	clocktesting "k8s.io/utils/clock/testing"
 	proxytesting "sigs.k8s.io/apiserver-network-proxy/pkg/testing"
 )
@@ -114,17 +110,16 @@ func TestServerLeaseCounter(t *testing.T) {
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			pc := clocktesting.NewFakePassiveClock(time.Now())
-			leases := make([]runtime.Object, len(tc.templates))
+			leases := make([]*coordinationv1.Lease, len(tc.templates))
 			for i, template := range tc.templates {
 				leases[i] = proxytesting.NewLeaseFromTemplate(pc, template)
 			}
 
-			k8sClient := fake.NewSimpleClientset(leases...)
 			selector, _ := labels.Parse(tc.labelSelector)
-			leaseInformer := NewLeaseInformerWithMetrics(k8sClient, "", time.Millisecond)
-			go leaseInformer.Run(context.Background().Done())
-			cache.WaitForCacheSync(context.Background().Done(), leaseInformer.HasSynced)
-			leaseLister := coordinationv1lister.NewLeaseLister(leaseInformer.GetIndexer())
+			leaseLister := &fakeLeaseLister{
+				LeaseList: leases,
+				Err:       tc.leaseListerError,
+			}
 
 			counter := NewServerLeaseCounter(pc, leaseLister, selector)
 

pkg/server/leases/gc_controller.go

@@ -56,7 +56,7 @@ func (c *GarbageCollectionController) Run(ctx context.Context) {
 func (c *GarbageCollectionController) gc(ctx context.Context) {
 	start := time.Now()
 	leases, err := c.leaseInterface.List(ctx, metav1.ListOptions{LabelSelector: c.labelSelector})
-	latency := time.Now().Sub(start)
+	latency := time.Since(start)
 	if err != nil {
 		klog.Errorf("Could not list leases to garbage collect: %v", err)
 
@@ -92,7 +92,7 @@ func (c *GarbageCollectionController) gc(ctx context.Context) {
 		}
 
 		// Log metrics for the deletion call.
-		latency := time.Now().Sub(start)
+		latency := time.Since(start)
 		if err != nil {
 			var apiStatus apierrors.APIStatus
 			if errors.As(err, &apiStatus) {

pkg/server/server.go

@@ -187,7 +187,7 @@ func (c *ProxyClientConnection) send(pkt *client.Packet) error {
 					ProtoMajor: 1,
 				}
 
-				t.Write(c.HTTP)
+				_ = t.Write(c.HTTP)
 				return c.CloseHTTP()
 			}
 			return nil