build(deps): bump sigs.k8s.io/kind from 0.31.0 to 0.32.0

[dependabot]

Bumps sigs.k8s.io/kind from 0.31.0 to 0.32.0.

Release notes

Sourced from sigs.k8s.io/kind's releases.

v0.32.0

This release contains critical dependency updates, bug fixes, and defaults to Kubernetes 1.36.1.

Breaking Changes

• The default node image is now kindest/node:v1.36.1@sha256:3489c7674813ba5d8b1a9977baea8a6e553784dab7b84759d1014dbd78f7ebd5
• New node images requiring upgrading kind to kind load ...: Due to a containerd upgrade, you must upgrade kind to this release or newer to use kind load ... with the newly published node images. As always, we cannot gurantee full compatibility of node images between kind releases. You can use the digests from previous releases, upgrade kind, or build your own node-images.
• kubeadm v1beta4 config format is now used for Kubernetes 1.36.0+ If you are using versioned config patches, you must update to target v1beta4. Unversioned patches kind will attempt to convert as needed (more below in New Features). This change is required for Kubernetes 1.37+ which drops kubeadm v1beta3 config.
• Adoption of Envoy for Load Balancing in multi-control-plane node clusters: HAProxy has been replaced by Envoy (docker.io/envoyproxy/envoy:v1.36.2) as the load balancer in multi-control-plane (HA) clusters. If you rely on custom HAProxy loadbalancer configurations or images, please note that Envoy is now used.
• cgroup v1 warning: A warning is now printed if cgroup v1 is detected on the host. Kubernetes has deprecated support for cgroup v1, and at some point in the future KIND releases / node-images will also drop support for cgroup v1.

New Features

• kubeadm v1beta4 configuration support: KIND now uses the v1beta4 config format for Kubernetes v1.36.0+ while maintaining v1beta3 for v1.23.0 up to v1.35.x, and v1beta2 for older versions.
• Custom Merging & Version-Awareness for Kubeadm Config Patches:
  • KIND now automatically translates old-style map-based extraArgs / kubeletExtraArgs patches to the list-based v1beta4 format when targeting v1beta4 configs.
  • Config patches now append to extraArgs / kubeletExtraArgs / certSANs reliably. To overwrite or make other more precise patching, use json6902 patches.
• Support for containerd config v4 format: Enabled support for containerd's config v4 format in kind load and snapshotter parsing, which is required for newer containerd versions.
• Building Node Images from CI Artifacts: Added support to build node images from Kubernetes CI artifacts (resolving endpoints like https://dl.k8s.io/ci/latest.txt or CI build prefixes).
• Support for containerd version-aware containerd config patching: Like kubeadmConfigPatches, containerd config patching is now aware of version and if specified in patches will only apply patches that match the containerd config being used.
• Assorted dependency updates.

Images pre-built for this release:

• v1.36.1: kindest/node:v1.36.1@sha256:3489c7674813ba5d8b1a9977baea8a6e553784dab7b84759d1014dbd78f7ebd5
• v1.35.5: kindest/node:v1.35.5@sha256:ce977ae6d65918d0b58a5f8b5e940429c2ce42fa3a5619ec2bbc60b949c0ac95
• v1.34.8: kindest/node:v1.34.8@sha256:02722c2dedddcfc00febf5d27fbeb9b7b2c14294c82109ff4a85d89ac9ba3256
• v1.33.12: kindest/node:v1.33.12@sha256:3f5c8443c620245e4d355cfe09e96a91ead32ceaa569d3f1ca9edf0cb2fe2ff4

NOTE: You must use the @sha256 digest to guarantee an image built for this release, until such a time as we switch to a different tagging scheme. Even then we will highly encourage digest pinning for security and reproducibility reasons.

Fixes

• Fix permission error when creating pods with hostUsers: false (Kubernetes 1.36+).
• Handle registry ports correctly in image normalization logic (e.g., registry running on ports like localhost:5000/...).
• Handle empty port mapping listen addresses correctly (defaults to wildcard address).
• Skip /dev/mapper mount on rootless Docker.
• Assorted documentation fixes and improvements.

See also:

• https://kind.sigs.k8s.io/docs/user/quick-start/#creating-a-cluster
• https://kind.sigs.k8s.io/docs/user/quick-start/#building-images

NOTE: These node images support amd64 and arm64, both of our supported platforms. You must use the same platform as your host, for more context see #2718

Contributors

Committers for this release:

• @​AnjaliMishra1st
• @​aojea

... (truncated)

Changelog

Sourced from sigs.k8s.io/kind's changelog.

kind Release Process

This document describes the steps to cut a new kind release. It is intended for maintainers who have push access to the upstream repository and the staging image registry.

Prerequisites

• GNU sed (macOS: brew install gnu-sed)
• Docker with buildx support
• crane installed (for image promotion to Docker Hub)
• Push access to github.com/kubernetes-sigs/kind
• Push access to gcr.io/k8s-staging-kind
• Push access to kindest on Docker Hub

---

Phase 1 - Publish Node Images

Node images must be built, tested, and promoted to Docker Hub before the kind release so their digest hashes are known and can be embedded in the release binary.

1.1 Build and push to staging

Use hack/release/push-node.sh for Kubernetes v1.31 and later:

./hack/release/push-node.sh v1.35.0

This builds amd64 and arm64 node images and pushes them to gcr.io/k8s-staging-kind/node:v1.35.0, then creates a multi-arch manifest list.

You can override the registry or add architectures:

REGISTRY=gcr.io/k8s-staging-kind ARCHES="amd64 arm64" ./hack/release/push-node.sh v1.35.0

1.2 Test with the staging image

Update the default image in pkg/apis/config/defaults/image.go to point to the staging image with its digest, then run CI to validate:

const Image = "gcr.io/k8s-staging-kind/node:v1.35.0@sha256:<digest-from-push>"

... (truncated)

Commits

• cda67ef version v0.32.0
• a335a9e Merge pull request #4182 from stmcginnis/kindest/node-v1.36.1
• 645b868 bump default image to kindest/node:v1.36.1
• d1b84e8 Merge pull request #4181 from BenTheElder/base-fix
• 25d94fa bump staging node image
• 088013a update base image with permissions fix
• 995e8fa Fix: Permission error when creating pod with hostUsers: false (#4179)
• b029a2b Merge pull request #4149 from BenTheElder/bump-images-asdf
• 140186f Merge pull request #4174 from BenTheElder/ci-builds
• 811ea84 Merge pull request #4173 from BenTheElder/kubeadm-v1beta4-special-patch
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: e56aa3bc-381e-4729-9ef5-dd71ad323eec

📥 Commits

Reviewing files that changed from the base of the PR and between e3516b5 and 4698279.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

---

Walkthrough

The indirect dependency sigs.k8s.io/kind is updated from version v0.31.0 to v0.32.0 in go.mod. No other module requirements are changed.

Changes

Kind module version update

Layer / File(s)	Summary
Kind module version bump go.mod	The indirect dependency sigs.k8s.io/kind is updated from v0.31.0 to v0.32.0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is largely incomplete against the template. It lacks the required Summary section, Change Type selection, and Check List Before Merging with verification boxes.	Add a Summary section briefly describing the PR purpose, uncomment the appropriate Change Type (likely 'Docs/Test' or none if this is infrastructure-only), and complete the Check List Before Merging with checkbox status updates.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'build(deps): bump sigs.k8s.io/kind from 0.31.0 to 0.32.0' clearly and concisely describes the main change—updating a build dependency.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/sigs.k8s.io/kind-0.32.0

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}