Release libs cortex v0.0.43 + bundles v0.0.56 and shim charts v0.0.2 (#722)

## Changelog

Changes to the committed resource reservations feature:
- Commitments usage api uses postgres database instead of calling nova
- Refinements to the committed resource alerts
- Added optional `VideoRAMMiB` field to the commitments usage api
- Check hypervisor resources against reservations
- Remove unused database connection and unused databaseSecretRef
configuration in cortex-nova bundle

Changes related to placement api shim:
- Expose metrics that measure the down/upstream request duration and
number of errors
- Add alerts based on the exposed metrics
- Use controller-runtime logging consistently and provide traceability
- Add e2e tests checking all endpoints of the passthrough

Changes to the failover reservations feature:
- Track the state of reservations and expose metrics

Changes regarding infrastructure dashboard and ops:
- Add vmware commitments kpi
- Add hypervisor family label to flavor usage kpi
- Fix links in cortex alerts
- External dependency upgrades

Author: PhilippMatthes

.github/workflows/test.yaml

@@ -49,7 +49,13 @@ jobs:
           go test -v \
             -coverpkg=./internal/... \
             -coverprofile=profile.cov ./internal/...
-          go tool cover -func profile.cov > func_coverage.txt
+
+          # Exclude e2e files from the coverage profile so they don't
+          # count against the coverage percentage.
+          head -1 profile.cov > profile_filtered.cov
+          tail -n +2 profile.cov | grep -v '_e2e\.go' >> profile_filtered.cov || true
+
+          go tool cover -func profile_filtered.cov > func_coverage.txt
 
       - name: Upload coverage files
         uses: actions/upload-artifact@v7

Tiltfile

@@ -279,6 +279,13 @@ if 'pods' in ACTIVE_DEPLOYMENTS:
 if 'placement' in ACTIVE_DEPLOYMENTS:
     print("Activating Cortex Placement Shim bundle")
     k8s_yaml(helm('./helm/bundles/cortex-placement-shim', name='cortex-placement-shim', values=tilt_values, set=env_set_overrides))
+    local_resource(
+        'Placement Shim E2E Tests',
+        '/bin/sh -c "kubectl exec deploy/cortex-placement-shim -- /main --e2e-placement-shim"',
+        labels=['Cortex-Placement'],
+        trigger_mode=TRIGGER_MODE_MANUAL,
+        auto_init=False,
+    )
 
 ########### Dev Dependencies
 local('sh helm/sync.sh helm/dev/cortex-prometheus-operator')

cmd/manager/main.go

@@ -358,6 +358,15 @@ func main() {
 	detectorPipelineMonitor := schedulinglib.NewDetectorPipelineMonitor()
 	metrics.Registry.MustRegister(&detectorPipelineMonitor)
 
+	// Initialize commitments API for LIQUID interface (Postgres-backed usage reporting).
+	commitmentsConfig := conf.GetConfigOrDie[commitments.Config]()
+	var commitmentsUsageDB commitments.UsageDBClient
+	if commitmentsConfig.DatasourceName != "" {
+		commitmentsUsageDB = commitments.NewDBUsageClient(multiclusterClient, commitmentsConfig.DatasourceName)
+	}
+	commitmentsAPI := commitments.NewAPIWithConfig(multiclusterClient, commitmentsConfig, commitmentsUsageDB)
+	commitmentsAPI.Init(mux, metrics.Registry, ctrl.Log.WithName("commitments-api"))
+
 	if slices.Contains(mainConfig.EnabledControllers, "nova-pipeline-controllers") {
 		// Filter-weigher pipeline controller setup.
 		filterWeigherController := &nova.FilterWeigherPipelineController{
@@ -385,11 +394,6 @@ func main() {
 			os.Exit(1)
 		}
 
-		// Initialize commitments API for LIQUID interface (with Nova client for usage reporting)
-		commitmentsConfig := conf.GetConfigOrDie[commitments.Config]()
-		commitmentsAPI := commitments.NewAPIWithConfig(multiclusterClient, commitmentsConfig, novaClient)
-		commitmentsAPI.Init(mux, metrics.Registry, ctrl.Log.WithName("commitments-api"))
-
 		deschedulingsController := &nova.DetectorPipelineController{
 			Monitor: detectorPipelineMonitor,
 			Breaker: &nova.DetectorCycleBreaker{NovaClient: novaClient},
@@ -611,6 +615,12 @@ func main() {
 		// The scheduler client calls the nova external scheduler API to get placement decisions
 		schedulerClient := reservations.NewSchedulerClient(failoverConfig.SchedulerURL)
 
+		failoverMonitor := failover.NewFailoverMonitor()
+		if err := metrics.Registry.Register(failoverMonitor); err != nil {
+			setupLog.Error(err, "failed to register failover monitor metrics, continuing without metrics")
+			failoverMonitor = nil
+		}
+
 		// Defer the initialization of PostgresReader until the manager starts
 		// because the cache is not ready during setup
 		if err := mgr.Add(manager.RunnableFunc(func(ctx context.Context) error {
@@ -636,6 +646,7 @@ func main() {
 				vmSource,
 				failoverConfig,
 				schedulerClient,
+				failoverMonitor,
 			)
 
 			// Set up the watch-based reconciler for per-reservation reconciliation

cmd/shim/main.go

@@ -51,6 +51,7 @@ func init() {
 
 func main() {
 	ctx := ctrl.SetupSignalHandler()
+
 	restConfig := ctrl.GetConfigOrDie()
 
 	var metricsAddr string
@@ -64,6 +65,7 @@ func main() {
 	var secureMetrics bool
 	var enableHTTP2 bool
 	var enablePlacementShim bool
+	var runPlacementShimE2E bool
 	var tlsOpts []func(*tls.Config)
 	flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metrics endpoint binds to. "+
 		"Use :8443 for HTTPS or :8080 for HTTP, or leave as 0 to disable the metrics service.")
@@ -85,6 +87,8 @@ func main() {
 		"If set, HTTP/2 will be enabled for the metrics and webhook servers")
 	flag.BoolVar(&enablePlacementShim, "placement-shim", false,
 		"If set, the placement API shim handlers are registered on the API server.")
+	flag.BoolVar(&runPlacementShimE2E, "e2e-placement-shim", false,
+		"If set, runs end-to-end tests for the placement shim instead of starting the manager. ")
 	opts := zap.Options{
 		Development: true,
 	}
@@ -107,6 +111,15 @@ func main() {
 
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 
+	// Custom entrypoint for placement shim e2e tests.
+	if runPlacementShimE2E {
+		if err := placement.RunE2E(ctx); err != nil {
+			setupLog.Error(err, "E2E tests failed")
+			os.Exit(1)
+		}
+		os.Exit(0)
+	}
+
 	// if the enable-http2 flag is false (the default), http/2 should be disabled
 	// due to its vulnerabilities. More specifically, disabling http/2 will
 	// prevent from being vulnerable to the HTTP/2 Stream Cancellation and
@@ -246,6 +259,7 @@ func main() {
 			setupLog.Error(err, "unable to set up placement shim")
 			os.Exit(1)
 		}
+		metrics.Registry.MustRegister(placementShim)
 		placementShim.RegisterRoutes(mux)
 	}
 

docs/architecture.md

@@ -29,3 +29,32 @@ Cortex receives the list of possible hosts and their weights from Nova. It then
 
 > [!NOTE]
 > Since, by default, Nova does not support calling an external service, this functionality needs to be added like in [SAP's fork of Nova](https://github.com/sapcc/nova/blob/stable/2023.2-m3/nova/scheduler/external.py).
+
+## Placement API Shim
+
+[Placement](https://github.com/openstack/placement) is OpenStack's resource inventory service. It provides an API to query the inventory of resources in the OpenStack cloud, such as compute nodes, their available resources, and the current resource usage. In the OpenStack realm, Placement is used by [Nova](https://github.com/openstack/nova) to carry out virtual machine scheduling, as well as [Neutron](https://github.com/openstack/neutron) for network resource allocation.
+
+As part of the [CobaltCore](https://cobaltcore-dev.github.io/docs/) stack, we provide a Placement-like API shim, which translates requests from Nova and Neutron to the [Hypervisor CRD](https://github.com/cobaltcore-dev/openstack-hypervisor-operator) based on the KVM stack provided by [IronCore](https://ironcore.dev/), [Gardener](https://gardener.cloud/) and [Garden Linux](https://gardenlinux.io/). This means, instead of managing resource inventories in Placement's database, the Hypervisor CRD is used to track resource allocations and hypervisor capabilities.
+
+### Passthrough
+
+Placement maintains hypervisors of various kinds, such as [Ironic](https://github.com/openstack/ironic) or VMware vCenter Servers, not only KVM. However, only KVM hypervisors can be managed by the Cortex Placement API Shim. This means, when Nova or Neutron ask for VMware or Ironic resource providers, the shim needs to forward this request to another Placement instance. We call this the passthrough, and it looks like this:
+
+```mermaid
+graph LR;
+    nn(OpenStack Nova/Neutron) <--> api
+    subgraph shim [Cortex Placement API Shim]
+    api(API) <--> router(Routing and Aggregation)
+    router <-- KVM (QEMU/CH) --> tl
+    tl(Translation)
+    end
+    router <-- VMware/Ironic --> pl(OpenStack Placement)
+    tl <--> crd(Hypervisor CRD)
+```
+
+After a request was received by the API, it is processed in two ways depending on the kind of endpoint that was requested:
+
+1. **Aggregated forwarding**: For requests that ask for a list of resource providers, such as `GET /resource_providers`, the shim needs to forward the request to both the KVM translation and the passthrough. The responses from both sides are then aggregated and returned to the caller.
+2. **Per-request forwarding**: For requests that ask for a specific resource provider, such as `GET /resource_providers/{uuid}`, the shim needs to determine if the requested resource provider is managed by the KVM translation or the passthrough. This can be done by checking the UUID of the resource provider against a list of known KVM resource providers. If it is a KVM resource provider, the request is forwarded to the translation; otherwise, it is forwarded to the OpenStack Placement instance.
+
+The translation layer is responsible for translating the requests and responses between the OpenStack Placement API and the Hypervisor CRD. This includes mapping resource provider attributes, inventory, and allocations to the corresponding fields in the Hypervisor CRD.

docs/reservations/committed-resource-reservations.md

@@ -83,46 +83,43 @@ VM allocations are tracked within reservations:
 flowchart LR
     subgraph State
         Res[(Reservation CRDs)]
+        HV[(Hypervisor CRDs)]
     end
     A[Nova Scheduler] -->|VM Create/Migrate/Resize| B[Scheduling Pipeline]
     B -->|update Spec.Allocations| Res
-    Res -->|watch| Controller
-    Res -->|periodic reconcile| Controller
-    Controller -->|update Spec/Status.Allocations| Res
+    Res -->|watch| C[Controller]
+    HV -->|watch - instance changes| C
+    Res -->|periodic safety-net requeue| C
+    C -->|update Spec/Status.Allocations| Res
 ```
 
 | Component | Event | Timing | Action |
 |-----------|-------|--------|--------|
 | **Scheduling Pipeline** | VM Create, Migrate, Resize | Immediate | Add VM to `Spec.Allocations` |
-| **Controller** | Reservation CRD updated | `committedResourceRequeueIntervalGracePeriod` (default: 1 min) | Verify new VMs via Nova API; update `Status.Allocations` |
-| **Controller** | Periodic check | `committedResourceRequeueIntervalActive` (default: 5 min) | Verify established VMs via Hypervisor CRD; remove gone VMs from `Spec.Allocations` |
+| **Controller** | Reservation CRD updated | `committedResourceRequeueIntervalGracePeriod` (default: 1 min) | Defer verification for new VMs still spawning; update `Status.Allocations` |
+| **Controller** | Hypervisor CRD updated (VM appeared/disappeared) | Immediate (event-driven) | Verify allocations via Hypervisor CRD; remove gone VMs from `Spec.Allocations` |
+| **Controller** | Periodic safety-net | `committedResourceRequeueIntervalActive` (default: 5 min) | Same as above; catches any missed events |
 
 **Allocation fields**:
 - `Spec.Allocations` — Expected VMs (written by the scheduling pipeline on placement)
 - `Status.Allocations` — Confirmed VMs (written by the controller after verifying the VM is on the expected host)
 
 **VM allocation state diagram**:
 
-The controller uses two sources to verify VM allocations, depending on how recently the VM was placed:
-- **Nova API** — used during the grace period (`committedResourceAllocationGracePeriod`, default: 15 min) where the VM may still be starting up; provides real-time host assignment
-- **Hypervisor CRD** — used for established allocations; reflects the set of instances the hypervisor operator observes on the host
+The controller uses the **Hypervisor CRD** as the sole source of truth for VM allocation verification:
+- **Hypervisor CRD** — used for all allocation checks; reflects the set of instances the hypervisor operator observes on the host
 
 ```mermaid
 stateDiagram-v2
     direction LR
-    [*] --> SpecOnly : placement (create, migrate, resize)
-    SpecOnly --> Confirmed : on expected host
-    SpecOnly --> WrongHost : on different host
-    SpecOnly --> [*] : not confirmed after grace period
-    Confirmed --> WrongHost : not on HV CRD, found elsewhere
-    Confirmed --> [*] : not on HV CRD, Nova 404
-    WrongHost --> Confirmed : back on expected host
-    WrongHost --> [*] : VM gone (404)
-    WrongHost --> [*] : on wrong host > grace period
-
     state "Spec only (grace period)" as SpecOnly
     state "Spec + Status (on expected host)" as Confirmed
-    state "Spec + Status (host mismatch)" as WrongHost
+
+    [*] --> SpecOnly : placement (create, migrate, resize)
+    SpecOnly --> SpecOnly : within grace period
+    SpecOnly --> Confirmed : found on HV CRD after grace period
+    SpecOnly --> [*] : not on HV CRD after grace period
+    Confirmed --> [*] : not on HV CRD
 ```
 
 **Note**: VM allocations may not consume all resources of a reservation slot. A reservation with 128 GB may have VMs totaling only 96 GB if that fits the project's needs. Allocations may exceed reservation capacity (e.g., after VM resize).
@@ -185,10 +182,12 @@ The controller watches Reservation CRDs and performs two types of reconciliation
 
 **Placement** - Finds hosts for new reservations (calls scheduler API)
 
-**Allocation Verification** - Tracks VM lifecycle on reservations. VMs take time to appear on a host after scheduling, so new allocations are verified more frequently via the Nova API for real-time status, while established allocations are verified via the Hypervisor CRD:
-- New VMs (within `committedResourceAllocationGracePeriod`, default: 15 min): checked via Nova API every `committedResourceRequeueIntervalGracePeriod` (default: 1 min)
-- Established VMs: checked via Hypervisor CRD every `committedResourceRequeueIntervalActive` (default: 5 min)
-- Missing VMs: removed from `Spec.Allocations` after Nova API confirms 404
+**Allocation Verification** - Tracks VM lifecycle on reservations. The controller uses the Hypervisor CRD as the sole source of truth, with two triggers:
+- New VMs (within `committedResourceAllocationGracePeriod`, default: 15 min): verification deferred — VM may still be spawning; requeued every `committedResourceRequeueIntervalGracePeriod` (default: 1 min)
+- Established VMs: verified reactively when the Hypervisor CRD changes (VM appeared or disappeared in `Status.Instances`), with `committedResourceRequeueIntervalActive` (default: 5 min) as a safety-net fallback
+- Missing VMs: removed from `Spec.Allocations` when not found on the Hypervisor CRD after the grace period
+
+**Reservation migration is not supported yet.** 
 
 ### Usage API
 

go.mod

@@ -3,17 +3,17 @@ module github.com/cobaltcore-dev/cortex
 go 1.26
 
 require (
-	github.com/cobaltcore-dev/openstack-hypervisor-operator v1.0.2-0.20260409190432-b3a7a2d19d59
+	github.com/cobaltcore-dev/openstack-hypervisor-operator v1.0.2-0.20260416190048-8c00b47ee107
 	github.com/go-gorp/gorp v2.2.0+incompatible
-	github.com/gophercloud/gophercloud/v2 v2.11.1
+	github.com/gophercloud/gophercloud/v2 v2.12.0
 	github.com/ironcore-dev/ironcore v0.3.0
 	github.com/majewsky/gg v1.6.0
 	github.com/prometheus/client_golang v1.23.2
 	github.com/prometheus/client_model v0.6.2
-	github.com/sapcc/go-bits v0.0.0-20260409170436-d7b7822ab7d3
-	k8s.io/api v0.35.3
-	k8s.io/apimachinery v0.35.3
-	k8s.io/client-go v0.35.3
+	github.com/sapcc/go-bits v0.0.0-20260416170349-9b32d8192041
+	k8s.io/api v0.35.4
+	k8s.io/apimachinery v0.35.4
+	k8s.io/client-go v0.35.4
 	sigs.k8s.io/controller-runtime v0.23.3
 )
 

go.sum

@@ -20,8 +20,8 @@ github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1x
 github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cobaltcore-dev/openstack-hypervisor-operator v1.0.2-0.20260409190432-b3a7a2d19d59 h1:x+rALnsEGyL5zEtFMHC5MS8PwZ4qOLkbwe+k8USvMLA=
-github.com/cobaltcore-dev/openstack-hypervisor-operator v1.0.2-0.20260409190432-b3a7a2d19d59/go.mod h1:3mGzxYvL0kFyV5AEvHhsX58Q4uzAmPm0oAfmYwJ9T6U=
+github.com/cobaltcore-dev/openstack-hypervisor-operator v1.0.2-0.20260416190048-8c00b47ee107 h1:VbRlMS8+6uDz3Z+GUhlYk1gnHgHYIQ+Zw8d6A2IBlnc=
+github.com/cobaltcore-dev/openstack-hypervisor-operator v1.0.2-0.20260416190048-8c00b47ee107/go.mod h1:5biTY1L6snS1++gM7Vz2r3TnqNwXFklnmxZ41TM3yd8=
 github.com/containerd/continuity v0.4.5 h1:ZRoN1sXq9u7V6QoHMcVWGhOwDFqZ4B9i5H6un1Wh0x4=
 github.com/containerd/continuity v0.4.5/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE=
 github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
@@ -125,8 +125,8 @@ github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/v
 github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gophercloud/gophercloud/v2 v2.11.1 h1:jCs4vLH8sJgRqrPzqVfWgl7uI6JnIIlsgeIRM0uHjxY=
-github.com/gophercloud/gophercloud/v2 v2.11.1/go.mod h1:Rm0YvKQ4QYX2rY9XaDKnjRzSGwlG5ge4h6ABYnmkKQM=
+github.com/gophercloud/gophercloud/v2 v2.12.0 h1:Gxmc/Bog1UDKkxTcQW7MSPTDviJXpLeEgVeN5KrxoCo=
+github.com/gophercloud/gophercloud/v2 v2.12.0/go.mod h1:H7TTOxbLy8RIaHSNhI2GCrWIzw4Xpw8Xn2mBhCUT5kA=
 github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gotestyourself/gotestyourself v2.2.0+incompatible h1:AQwinXlbQR2HvPjQZOmDhRqsv5mZf+Jb1RnSLxcqZcI=
@@ -208,8 +208,8 @@ github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sapcc/go-api-declarations v1.21.0 h1:Ag6GXgJLTFdBDKmrJU4QFllQbgGSenSGeHpLuvuxeDk=
 github.com/sapcc/go-api-declarations v1.21.0/go.mod h1:eiRrXXUeQS5C/1kKn8/KMjk0Y0goUzgDQswj30rH0Zc=
-github.com/sapcc/go-bits v0.0.0-20260409170436-d7b7822ab7d3 h1:x6loYoCC8+gP+51y4kSzF0bmHsp8UxBfjkU25f1/jUM=
-github.com/sapcc/go-bits v0.0.0-20260409170436-d7b7822ab7d3/go.mod h1:o1ld51gRnKbNYTUtx5czsuO8zczc9/iGkEjcwDQb9wA=
+github.com/sapcc/go-bits v0.0.0-20260416170349-9b32d8192041 h1:oNaNyLQ32/rdaG2YljF1eMXeA2KxXVnWiPUSDg1fcgo=
+github.com/sapcc/go-bits v0.0.0-20260416170349-9b32d8192041/go.mod h1:o1ld51gRnKbNYTUtx5czsuO8zczc9/iGkEjcwDQb9wA=
 github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw=
 github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
@@ -315,16 +315,16 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-k8s.io/api v0.35.3 h1:pA2fiBc6+N9PDf7SAiluKGEBuScsTzd2uYBkA5RzNWQ=
-k8s.io/api v0.35.3/go.mod h1:9Y9tkBcFwKNq2sxwZTQh1Njh9qHl81D0As56tu42GA4=
+k8s.io/api v0.35.4 h1:P7nFYKl5vo9AGUp1Z+Pmd3p2tA7bX2wbFWCvDeRv988=
+k8s.io/api v0.35.4/go.mod h1:yl4lqySWOgYJJf9RERXKUwE9g2y+CkuwG+xmcOK8wXU=
 k8s.io/apiextensions-apiserver v0.35.2 h1:iyStXHoJZsUXPh/nFAsjC29rjJWdSgUmG1XpApE29c0=
 k8s.io/apiextensions-apiserver v0.35.2/go.mod h1:OdyGvcO1FtMDWQ+rRh/Ei3b6X3g2+ZDHd0MSRGeS8rU=
-k8s.io/apimachinery v0.35.3 h1:MeaUwQCV3tjKP4bcwWGgZ/cp/vpsRnQzqO6J6tJyoF8=
-k8s.io/apimachinery v0.35.3/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns=
+k8s.io/apimachinery v0.35.4 h1:xtdom9RG7e+yDp71uoXoJDWEE2eOiHgeO4GdBzwWpds=
+k8s.io/apimachinery v0.35.4/go.mod h1:NNi1taPOpep0jOj+oRha3mBJPqvi0hGdaV8TCqGQ+cc=
 k8s.io/apiserver v0.35.2 h1:rb52v0CZGEL0FkhjS+I6jHflAp7fZ4MIaKcEHX7wmDk=
 k8s.io/apiserver v0.35.2/go.mod h1:CROJUAu0tfjZLyYgSeBsBan2T7LUJGh0ucWwTCSSk7g=
-k8s.io/client-go v0.35.3 h1:s1lZbpN4uI6IxeTM2cpdtrwHcSOBML1ODNTCCfsP1pg=
-k8s.io/client-go v0.35.3/go.mod h1:RzoXkc0mzpWIDvBrRnD+VlfXP+lRzqQjCmKtiwZ8Q9c=
+k8s.io/client-go v0.35.4 h1:DN6fyaGuzK64UvnKO5fOA6ymSjvfGAnCAHAR0C66kD8=
+k8s.io/client-go v0.35.4/go.mod h1:2Pg9WpsS4NeOpoYTfHHfMxBG8zFMSAUi4O/qoiJC3nY=
 k8s.io/component-base v0.35.2 h1:btgR+qNrpWuRSuvWSnQYsZy88yf5gVwemvz0yw79pGc=
 k8s.io/component-base v0.35.2/go.mod h1:B1iBJjooe6xIJYUucAxb26RwhAjzx0gHnqO9htWIX+0=
 k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc=