From c36992986e6d21ad073c7d78da9341022039f537 Mon Sep 17 00:00:00 2001 From: za Date: Thu, 26 Feb 2026 11:23:29 +0700 Subject: [PATCH 1/4] Update k8s version to 1.35 Issue: https://github.com/OWASP/wrongsecrets/issues/2357 --- .github/workflows/minikube-k8s-test.yml | 2 +- .github/workflows/minikube-vault-test.yml | 2 +- aws/README.md | 2 +- aws/variables.tf | 2 +- azure/README.md | 2 +- azure/variables.tf | 2 +- gcp/README.md | 2 +- gcp/variables.tf | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/minikube-k8s-test.yml b/.github/workflows/minikube-k8s-test.yml index 64bc0a29f..69502bd13 100644 --- a/.github/workflows/minikube-k8s-test.yml +++ b/.github/workflows/minikube-k8s-test.yml @@ -26,7 +26,7 @@ jobs: with: minikube-version: 1.38.1 driver: docker - kubernetes-version: v1.34.0 + kubernetes-version: v1.35.0 - name: test script run: | kubectl apply -f k8s/workspace-psa.yml diff --git a/.github/workflows/minikube-vault-test.yml b/.github/workflows/minikube-vault-test.yml index a0bf00041..ad3834f81 100644 --- a/.github/workflows/minikube-vault-test.yml +++ b/.github/workflows/minikube-vault-test.yml @@ -27,7 +27,7 @@ jobs: with: minikube-version: 1.38.1 driver: docker - kubernetes-version: v1.34.0 + kubernetes-version: v1.35.0 - name: Setup helm uses: azure/setup-helm@v4 id: install diff --git a/aws/README.md b/aws/README.md index b5856a8b7..8462d98c9 100644 --- a/aws/README.md +++ b/aws/README.md @@ -148,7 +148,7 @@ The documentation below is auto-generated to give insight on what's created via | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [cluster\_name](#input\_cluster\_name) | The EKS cluster name | `string` | `"wrongsecrets"` | no | -| [cluster\_version](#input\_cluster\_version) | The EKS cluster version to use | `string` | `"1.34"` | no | +| [cluster\_version](#input\_cluster\_version) | The EKS cluster version to use | `string` | `"1.35"` | no | | [region](#input\_region) | The AWS region to use | `string` | `"eu-west-1"` | no | | [tags](#input\_tags) | List of tags to apply to resources | `map(string)` | 
{
  "Application": "wrongsecrets"
}
| no | diff --git a/aws/variables.tf b/aws/variables.tf index 38e51bb54..e7d41f6b1 100644 --- a/aws/variables.tf +++ b/aws/variables.tf @@ -7,7 +7,7 @@ variable "region" { variable "cluster_version" { description = "The EKS cluster version to use" type = string - default = "1.34" + default = "1.35" } variable "cluster_name" { diff --git a/azure/README.md b/azure/README.md index 53c8d216c..0f000c5ab 100644 --- a/azure/README.md +++ b/azure/README.md @@ -142,7 +142,7 @@ The documentation below is auto-generated to give insight on what's created via | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [cluster\_name](#input\_cluster\_name) | The AKS cluster name | `string` | `"wrongsecrets-exercise-cluster"` | no | -| [cluster\_version](#input\_cluster\_version) | The AKS cluster version to use | `string` | `"1.34"` | no | +| [cluster\_version](#input\_cluster\_version) | The AKS cluster version to use | `string` | `"1.35"` | no | | [region](#input\_region) | The Azure region to use | `string` | `"East US"` | no | ## Outputs diff --git a/azure/variables.tf b/azure/variables.tf index ae7860e75..6d320b340 100644 --- a/azure/variables.tf +++ b/azure/variables.tf @@ -7,7 +7,7 @@ variable "region" { variable "cluster_version" { description = "The AKS cluster version to use" type = string - default = "1.34" + default = "1.35" } variable "cluster_name" { diff --git a/gcp/README.md b/gcp/README.md index f0df7b233..f2a960dda 100644 --- a/gcp/README.md +++ b/gcp/README.md @@ -139,7 +139,7 @@ The documentation below is auto-generated to give insight on what's created via | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [cluster\_name](#input\_cluster\_name) | The GKE cluster name | `string` | `"wrongsecrets-exercise-cluster"` | no | -| [cluster\_version](#input\_cluster\_version) | The GKE cluster version to use | `string` | `"1.34"` | no | +| [cluster\_version](#input\_cluster\_version) | The GKE cluster version to use | `string` | `"1.35"` | no | | [project\_id](#input\_project\_id) | project id | `string` | n/a | yes | | [region](#input\_region) | The GCP region to use | `string` | `"europe-west4"` | no | diff --git a/gcp/variables.tf b/gcp/variables.tf index e9dc3b345..3e7649ffb 100644 --- a/gcp/variables.tf +++ b/gcp/variables.tf @@ -12,7 +12,7 @@ variable "project_id" { variable "cluster_version" { description = "The GKE cluster version to use" type = string - default = "1.34" + default = "1.35" } variable "cluster_name" { From 1b11b3bc9188fdefdb2000582c78858fa8288d7e Mon Sep 17 00:00:00 2001 From: "pre-commit-ci-lite[bot]" <117423508+pre-commit-ci-lite[bot]@users.noreply.github.com> Date: Thu, 26 Feb 2026 04:31:40 +0000 Subject: [PATCH 2/4] [pre-commit.ci lite] apply automatic fixes --- package-lock.json | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index b48e0cd56..2cad0003a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -25,6 +25,7 @@ "integrity": "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==", "dev": true, "license": "Apache-2.0", + "peer": true, "dependencies": { "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.24" @@ -393,6 +394,7 @@ "integrity": "sha512-muE8Tt8M22638HU31A3CgfSUciwz1fhATfoVai05aPXGor//CdWDCbnlY1yvBPo07njuVOCNGCSp/GTt12lIug==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@babel/template": "^7.27.2", "@babel/types": "^7.27.6" @@ -1887,7 +1889,6 @@ "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==", "dev": true, "license": "MIT", - "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -2042,7 +2043,6 @@ } ], "license": "MIT", - "peer": true, "dependencies": { "baseline-browser-mapping": "^2.9.0", "caniuse-lite": "^1.0.30001759", @@ -2177,7 +2177,8 @@ "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==", "dev": true, - "license": "MIT" + "license": "MIT", + "peer": true }, "node_modules/core-js-compat": { "version": "3.48.0", @@ -2282,7 +2283,6 @@ "integrity": "sha512-VmQ+sifHUbI/IcSopBCF/HO3YiHQx/AVd3UVyYL6weuwW+HvON9VYn5l6Zl1WZzPWXPNZrSQpxwkkZ/VuvJZzg==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@eslint-community/eslint-utils": "^4.8.0", "@eslint-community/regexpp": "^4.12.1", @@ -2639,6 +2639,7 @@ "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==", "dev": true, "license": "MIT", + "peer": true, "engines": { "node": ">=6.9.0" } @@ -2845,6 +2846,7 @@ "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==", "dev": true, "license": "MIT", + "peer": true, "bin": { "json5": "lib/cli.js" }, From 9ad2c43b55417bd00f4943ec75f5fedd1f7e436a Mon Sep 17 00:00:00 2001 From: za Date: Thu, 26 Feb 2026 11:37:38 +0700 Subject: [PATCH 3/4] Use k8s version 1.35.1 on github workflows because minikube version 1.38.1 supports k8s version 1.35.1 https://github.com/kubernetes/minikube/releases/tag/v1.38.1 --- .github/workflows/minikube-k8s-test.yml | 2 +- .github/workflows/minikube-vault-test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/minikube-k8s-test.yml b/.github/workflows/minikube-k8s-test.yml index 69502bd13..079420e1b 100644 --- a/.github/workflows/minikube-k8s-test.yml +++ b/.github/workflows/minikube-k8s-test.yml @@ -26,7 +26,7 @@ jobs: with: minikube-version: 1.38.1 driver: docker - kubernetes-version: v1.35.0 + kubernetes-version: v1.35.1 - name: test script run: | kubectl apply -f k8s/workspace-psa.yml diff --git a/.github/workflows/minikube-vault-test.yml b/.github/workflows/minikube-vault-test.yml index ad3834f81..06df4013e 100644 --- a/.github/workflows/minikube-vault-test.yml +++ b/.github/workflows/minikube-vault-test.yml @@ -27,7 +27,7 @@ jobs: with: minikube-version: 1.38.1 driver: docker - kubernetes-version: v1.35.0 + kubernetes-version: v1.35.1 - name: Setup helm uses: azure/setup-helm@v4 id: install From 995b3f4db8ec4b1eda75fcc9c06d7cac59eeb7ca Mon Sep 17 00:00:00 2001 From: za Date: Fri, 27 Feb 2026 15:14:40 +0700 Subject: [PATCH 4/4] Added more changes to upgrade k8s to 1.35.1 as suggested by @commjoen https://github.com/OWASP/wrongsecrets/pull/2403#issuecomment-3971031819 Previously, it wasn't updated yet --- .github/workflows/minikube-vault-test.yml | 2 +- k8s-vault-minikube-start.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/minikube-vault-test.yml b/.github/workflows/minikube-vault-test.yml index 06df4013e..56c809cdb 100644 --- a/.github/workflows/minikube-vault-test.yml +++ b/.github/workflows/minikube-vault-test.yml @@ -47,7 +47,7 @@ jobs: with: minikube-version: 1.38.1 driver: docker - kubernetes-version: v1.34.0 + kubernetes-version: v1.35.1 - name: Setup helm uses: azure/setup-helm@v4 id: install diff --git a/k8s-vault-minikube-start.sh b/k8s-vault-minikube-start.sh index 8207ab0f1..001cbe5bc 100755 --- a/k8s-vault-minikube-start.sh +++ b/k8s-vault-minikube-start.sh @@ -10,7 +10,7 @@ checkCommandsAvailable cat docker grep helm jq kubectl minikube openssl sed vaul echo "This is only a script for demoing purposes. You can comment out line 22 and work with your own k8s setup" echo "This script is based on the steps defined in https://learn.hashicorp.com/tutorials/vault/kubernetes-minikube . Vault is awesome!" echo "This requires minikube-version: 1.36.0 or later" -minikube start --kubernetes-version=v1.34.0 --driver=docker +minikube start --kubernetes-version=v1.35.1 --driver=docker echo "Patching default ns with new PSA; we should run as restricted!" kubectl apply -f k8s/workspace-psa.yml