Merge pull request #171 from juanluisvaladas/bump-kp-1.33.1

Bump kube-proxy versions

Author: juanluisvaladas

images/kube-proxy/v1.30.13/.dockerignore

@@ -0,0 +1,4 @@
+*
+.*
+!alpine-keys
+!files

images/kube-proxy/v1.30.13/Dockerfile

@@ -0,0 +1,98 @@
+ARG BUILDER_IMAGE=docker.io/library/golang:1.23.8-alpine3.20
+
+FROM --platform=$BUILDPLATFORM $BUILDER_IMAGE AS build-base
+
+RUN apk add --no-interactive --no-cache patch make bash rsync
+
+FROM build-base AS kube-proxy
+
+# https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#source-code
+ARG K8S_VERSION=1.30.13
+ARG K8S_HASH=c8da67f99b147ebc3c11d9feaa55e8551623b2727434ddfa64528e302838b703eb5bb408320468bd6c86a86f28a2c606afdada0d432aae817a389bb855e2bb21
+
+RUN set -euo pipefail \
+  && wget -q "https://dl.k8s.io/v${K8S_VERSION}/kubernetes-src.tar.gz" \
+  && { echo "${K8S_HASH} *kubernetes-src.tar.gz" | sha512sum -c -; } \
+  && mkdir -p /go/kubernetes \
+  && tar xf kubernetes-src.tar.gz -C /go/kubernetes \
+  && rm kubernetes-src.tar.gz
+
+ARG TARGETARCH
+RUN --mount=source=files,target=/run/stage/files,ro \
+  --mount=type=tmpfs,target=/go/kubernetes/_output \
+  --mount=type=cache,id=kube-proxy-go-cache-$TARGETARCH,target=/run/stage/kube-proxy-go-cache \
+  --network=none \
+  set -euo pipefail \
+  && { [ "$TARGETARCH" != riscv64 ] || patch -d /go/kubernetes -p0 </run/stage/files/riscv64.patch; } \
+  && du -sh /run/stage/kube-proxy-go-cache \
+  && GOCACHE=/run/stage/kube-proxy-go-cache KUBE_BUILD_PLATFORMS="linux/$TARGETARCH" make -C /go/kubernetes \
+    WHAT='-trimpath -buildvcs=false cmd/kube-proxy' \
+    FORCE_HOST_GO=y \
+    KUBE_STATIC_OVERRIDES=kube-proxy \
+    KUBE_VERBOSE=9 \
+  && mkdir -p /opt/stage \
+  && mv /go/kubernetes/_output/local/bin/linux/*/kube-proxy /opt/stage/kube-proxy
+
+FROM build-base AS iptables-wrapper
+
+ARG IPTABLES_WRAPPER_VERSION=06cad2ec6cb5ed0945b383fb185424c0a67f55eb
+ARG IPTABLES_WRAPPER_HASH=fde9ccd22b337fd297180cd21938c0a82030187fc29aabb6800472295d62752a
+
+RUN set -euo pipefail \
+  && wget -qO iptables-wrapper.tar.gz "https://github.com/kubernetes-sigs/iptables-wrappers/archive/$IPTABLES_WRAPPER_VERSION.tar.gz" \
+  && { echo "${IPTABLES_WRAPPER_HASH} *iptables-wrapper.tar.gz" | sha256sum -c -; } \
+  && mkdir -p /go/iptables-wrapper \
+  && tar xf iptables-wrapper.tar.gz --strip-components=1 -C /go/iptables-wrapper \
+  && rm iptables-wrapper.tar.gz
+
+ARG TARGETARCH
+RUN --mount=source=files,target=/run/stage/files,ro \
+  --mount=type=tmpfs,target=/go/iptables-wrapper/bin \
+  --mount=type=cache,id=iptables-wrapper-go-cache-$TARGETARCH,target=/root/.cache/go-build \
+  --network=none \
+  set -euo pipefail \
+  && du -sh /root/.cache/go-build \
+  && (cd /go/iptables-wrapper && patch </run/stage/files/iptables-wrapper.patch) \
+  && GOARCH="$TARGETARCH" make -C /go/iptables-wrapper build \
+  && mv /go/iptables-wrapper/bin/iptables-wrapper /go/iptables-wrapper
+
+FROM --platform=$BUILDPLATFORM $BUILDER_IMAGE AS baselayout
+ARG TARGETARCH
+RUN --mount=source=alpine-keys/$TARGETARCH,target=/run/stage/alpine/keys,ro \
+  --mount=from=iptables-wrapper,source=/go/iptables-wrapper,target=/run/stage/iptables-wrapper,ro \
+  set -euo pipefail \
+  && case "${TARGETARCH-}" in \
+    amd64) export APK_ARCH=x86_64 ;; \
+    arm64) export APK_ARCH=aarch64 ;; \
+    arm) export APK_ARCH=armv7 ;; \
+    riscv64) export APK_ARCH=riscv64 ;; \
+    *) echo Unsupported target platform: "${TARGETARCH-}"; exit 1;; \
+  esac \
+  && mkdir -p -- /opt/stage/etc/apk \
+  && cp -a /etc/apk/repositories /run/stage/alpine/keys /opt/stage/etc/apk \
+  && apk add --no-interactive --root /opt/stage --arch "$APK_ARCH" --initdb \
+    alpine-release \
+    busybox \
+    tzdata \
+    ca-certificates-bundle \
+    conntrack-tools \
+    ipset \
+    iptables \
+    iptables-legacy \
+    kmod \
+  && cp -a /run/stage/iptables-wrapper/iptables-wrapper-installer.sh /run/stage/iptables-wrapper/iptables-wrapper /opt/stage \
+  && chroot /opt/stage /iptables-wrapper-installer.sh \
+  && sed -i -e 's,^D:/bin/sh ,D:,' -e '/D:alpine-keys/d' /opt/stage/lib/apk/db/installed \
+  && bins="$(chroot /opt/stage /bin/busybox --list-full)" \
+  && apk del --no-interactive --no-network --root /opt/stage --purge busybox alpine-keys \
+  && for bin in $bins; do \
+    link="$(readlink "/opt/stage/$bin")"; \
+    [ "${link##*/}" != busybox ] || rm "/opt/stage/$bin"; \
+  done \
+  && rm -r /opt/stage/etc/issue /opt/stage/etc/apk/repositories /opt/stage/var/cache
+
+FROM scratch
+COPY --from=baselayout /opt/stage /
+COPY --from=kube-proxy /opt/stage/kube-proxy /usr/local/bin/kube-proxy
+
+ENTRYPOINT ["/usr/local/bin/kube-proxy"]

images/kube-proxy/v1.30.13/README.md

@@ -0,0 +1,41 @@
+# kube-proxy
+
+This is k0s's [kube-proxy] image. It's an Alpine variant of what can be found in
+the upstream [iptables-distroless] image, plus the `kube-proxy` executable. It
+uses the new binary `iptables-wrapper`, so that it doesn't need a shell anymore.
+
+## False positive security vulnerabilities
+
+The following CVEs are flagged by trivy and do not affect the `kube-proxy`
+binary:
+
+* [CVE-2023-47108]  
+  <https://github.com/kubernetes/kubernetes/pull/121842>  
+  > This DOES NOT impact kubernetes, as we use OpenTelemetry only for tracing,
+  > and not for metrics. `go.opentelemetry.io/otel/sdk/metric` is not a
+  > dependency of this project.
+* [CVE-2024-45310]  
+  This is a runc vulnerability regarding container execution. Kube-proxy is not
+  concerned with container management at all.
+
+Notes:
+
+* Alpine's `kmod` package depends on `/bin/sh` for its trigger scripts run at
+  package installation. Hence `apk` refuses to purge `busybox`. Have a little
+  nasty hack in place that fiddles with Alpine's package database to remove that
+  dependency after installation, so that `busybox`, and hence the shell, can be
+  purged.
+* Include the `alpine-release` package, so that the image has a proper
+  `/etc/os-release` file. This enables the security scanning of the Alpine
+  packages. As that package depends on `alpine-keys`, which is not required
+  here, pull the same trick as for the `kmod` package and remove that dependency
+  as well.
+* Kube-Proxy's [nftables backend] ([KEP-3866]) needs the `nft` binary, which is
+  not yet part of this image.
+
+[kube-proxy]: https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/
+[iptables-distroless]: https://github.com/kubernetes/release/tree/master/images/build/distroless-iptables/distroless
+[CVE-2023-47108]: https://avd.aquasec.com/nvd/cve-2023-47108
+[CVE-2024-45310]: https://avd.aquasec.com/nvd/cve-2024-45310
+[nftables backend]: https://github.com/kubernetes/enhancements/issues/3866
+[KEP-3866]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-network/3866-nftables-proxy/README.md

images/kube-proxy/v1.30.13/alpine-keys/amd64/[email protected]

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yHJxQgsHQREclQu4Ohe
+qxTxd1tHcNnvnQTu/UrTky8wWvgXT+jpveroeWWnzmsYlDI93eLI2ORakxb3gA2O
+Q0Ry4ws8vhaxLQGC74uQR5+/yYrLuTKydFzuPaS1dK19qJPXB8GMdmFOijnXX4SA
+jixuHLe1WW7kZVtjL7nufvpXkWBGjsfrvskdNA/5MfxAeBbqPgaq0QMEfxMAn6/R
+L5kNepi/Vr4S39Xvf2DzWkTLEK8pcnjNkt9/aafhWqFVW7m3HCAII6h/qlQNQKSo
+GuH34Q8GsFG30izUENV9avY7hSLq7nggsvknlNBZtFUcmGoQrtx3FmyYsIC8/R+B
+ywIDAQAB
+-----END PUBLIC KEY-----

images/kube-proxy/v1.30.13/alpine-keys/amd64/[email protected]

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlzMkl7b5PBdfMzGdCT0
+cGloRr5xGgVmsdq5EtJvFkFAiN8Ac9MCFy/vAFmS8/7ZaGOXoCDWbYVLTLOO2qtX
+yHRl+7fJVh2N6qrDDFPmdgCi8NaE+3rITWXGrrQ1spJ0B6HIzTDNEjRKnD4xyg4j
+g01FMcJTU6E+V2JBY45CKN9dWr1JDM/nei/Pf0byBJlMp/mSSfjodykmz4Oe13xB
+Ca1WTwgFykKYthoLGYrmo+LKIGpMoeEbY1kuUe04UiDe47l6Oggwnl+8XD1MeRWY
+sWgj8sF4dTcSfCMavK4zHRFFQbGp/YFJ/Ww6U9lA3Vq0wyEI6MCMQnoSMFwrbgZw
+wwIDAQAB
+-----END PUBLIC KEY-----

images/kube-proxy/v1.30.13/alpine-keys/amd64/[email protected]

@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAutQkua2CAig4VFSJ7v54
+ALyu/J1WB3oni7qwCZD3veURw7HxpNAj9hR+S5N/pNeZgubQvJWyaPuQDm7PTs1+
+tFGiYNfAsiibX6Rv0wci3M+z2XEVAeR9Vzg6v4qoofDyoTbovn2LztaNEjTkB+oK
+tlvpNhg1zhou0jDVYFniEXvzjckxswHVb8cT0OMTKHALyLPrPOJzVtM9C1ew2Nnc
+3848xLiApMu3NBk0JqfcS3Bo5Y2b1FRVBvdt+2gFoKZix1MnZdAEZ8xQzL/a0YS5
+Hd0wj5+EEKHfOd3A75uPa/WQmA+o0cBFfrzm69QDcSJSwGpzWrD1ScH3AK8nWvoj
+v7e9gukK/9yl1b4fQQ00vttwJPSgm9EnfPHLAtgXkRloI27H6/PuLoNvSAMQwuCD
+hQRlyGLPBETKkHeodfLoULjhDi1K2gKJTMhtbnUcAA7nEphkMhPWkBpgFdrH+5z4
+Lxy+3ek0cqcI7K68EtrffU8jtUj9LFTUC8dERaIBs7NgQ/LfDbDfGh9g6qVj1hZl
+k9aaIPTm/xsi8v3u+0qaq7KzIBc9s59JOoA8TlpOaYdVgSQhHHLBaahOuAigH+VI
+isbC9vmqsThF2QdDtQt37keuqoda2E6sL7PUvIyVXDRfwX7uMDjlzTxHTymvq2Ck
+htBqojBnThmjJQFgZXocHG8CAwEAAQ==
+-----END PUBLIC KEY-----

images/kube-proxy/v1.30.13/alpine-keys/arm/[email protected]

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8s1q88XpuJWLCZALdKj
+lN8wg2ePB2T9aIcaxryYE/Jkmtu+ZQ5zKq6BT3y/udt5jAsMrhHTwroOjIsF9DeG
+e8Y3vjz+Hh4L8a7hZDaw8jy3CPag47L7nsZFwQOIo2Cl1SnzUc6/owoyjRU7ab0p
+iWG5HK8IfiybRbZxnEbNAfT4R53hyI6z5FhyXGS2Ld8zCoU/R4E1P0CUuXKEN4p0
+64dyeUoOLXEWHjgKiU1mElIQj3k/IF02W89gDj285YgwqA49deLUM7QOd53QLnx+
+xrIrPv3A+eyXMFgexNwCKQU9ZdmWa00MjjHlegSGK8Y2NPnRoXhzqSP9T9i2HiXL
+VQIDAQAB
+-----END PUBLIC KEY-----

images/kube-proxy/v1.30.13/alpine-keys/arm/[email protected]

@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq0BFD1D4lIxQcsqEpQzU
+pNCYM3aP1V/fxxVdT4DWvSI53JHTwHQamKdMWtEXetWVbP5zSROniYKFXd/xrD9X
+0jiGHey3lEtylXRIPxe5s+wXoCmNLcJVnvTcDtwx/ne2NLHxp76lyc25At+6RgE6
+ADjLVuoD7M4IFDkAsd8UQ8zM0Dww9SylIk/wgV3ZkifecvgUQRagrNUdUjR56EBZ
+raQrev4hhzOgwelT0kXCu3snbUuNY/lU53CoTzfBJ5UfEJ5pMw1ij6X0r5S9IVsy
+KLWH1hiO0NzU2c8ViUYCly4Fe9xMTFc6u2dy/dxf6FwERfGzETQxqZvSfrRX+GLj
+/QZAXiPg5178hT/m0Y3z5IGenIC/80Z9NCi+byF1WuJlzKjDcF/TU72zk0+PNM/H
+Kuppf3JT4DyjiVzNC5YoWJT2QRMS9KLP5iKCSThwVceEEg5HfhQBRT9M6KIcFLSs
+mFjx9kNEEmc1E8hl5IR3+3Ry8G5/bTIIruz14jgeY9u5jhL8Vyyvo41jgt9sLHR1
+/J1TxKfkgksYev7PoX6/ZzJ1ksWKZY5NFoDXTNYUgzFUTOoEaOg3BAQKadb3Qbbq
+XIrxmPBdgrn9QI7NCgfnAY3Tb4EEjs3ON/BNyEhUENcXOH6I1NbcuBQ7g9P73kE4
+VORdoc8MdJ5eoKBpO8Ww8HECAwEAAQ==
+-----END PUBLIC KEY-----

images/kube-proxy/v1.30.13/alpine-keys/arm64/[email protected]

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3v8/ye/V/t5xf4JiXLXa
+hWFRozsnmn3hobON20GdmkrzKzO/eUqPOKTpg2GtvBhK30fu5oY5uN2ORiv2Y2ht
+eLiZ9HVz3XP8Fm9frha60B7KNu66FO5P2o3i+E+DWTPqqPcCG6t4Znk2BypILcit
+wiPKTsgbBQR2qo/cO01eLLdt6oOzAaF94NH0656kvRewdo6HG4urbO46tCAizvCR
+CA7KGFMyad8WdKkTjxh8YLDLoOCtoZmXmQAiwfRe9pKXRH/XXGop8SYptLqyVVQ+
+tegOD9wRs2tOlgcLx4F/uMzHN7uoho6okBPiifRX+Pf38Vx+ozXh056tjmdZkCaV
+aQIDAQAB
+-----END PUBLIC KEY-----

images/kube-proxy/v1.30.13/alpine-keys/arm64/[email protected]

@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyduVzi1mWm+lYo2Tqt/0
+XkCIWrDNP1QBMVPrE0/ZlU2bCGSoo2Z9FHQKz/mTyMRlhNqTfhJ5qU3U9XlyGOPJ
+piM+b91g26pnpXJ2Q2kOypSgOMOPA4cQ42PkHBEqhuzssfj9t7x47ppS94bboh46
+xLSDRff/NAbtwTpvhStV3URYkxFG++cKGGa5MPXBrxIp+iZf9GnuxVdST5PGiVGP
+ODL/b69sPJQNbJHVquqUTOh5Ry8uuD2WZuXfKf7/C0jC/ie9m2+0CttNu9tMciGM
+EyKG1/Xhk5iIWO43m4SrrT2WkFlcZ1z2JSf9Pjm4C2+HovYpihwwdM/OdP8Xmsnr
+DzVB4YvQiW+IHBjStHVuyiZWc+JsgEPJzisNY0Wyc/kNyNtqVKpX6dRhMLanLmy+
+f53cCSI05KPQAcGj6tdL+D60uKDkt+FsDa0BTAobZ31OsFVid0vCXtsbplNhW1IF
+HwsGXBTVcfXg44RLyL8Lk/2dQxDHNHzAUslJXzPxaHBLmt++2COa2EI1iWlvtznk
+Ok9WP8SOAIj+xdqoiHcC4j72BOVVgiITIJNHrbppZCq6qPR+fgXmXa+sDcGh30m6
+9Wpbr28kLMSHiENCWTdsFij+NQTd5S47H7XTROHnalYDuF1RpS+DpQidT5tUimaT
+JZDr++FjKrnnijbyNF8b98UCAwEAAQ==
+-----END PUBLIC KEY-----

images/kube-proxy/v1.30.13/alpine-keys/riscv64/[email protected]

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwR4uJVtJOnOFGchnMW5Y
+j5/waBdG1u5BTMlH+iQMcV5+VgWhmpZHJCBz3ocD+0IGk2I68S5TDOHec/GSC0lv
+6R9o6F7h429GmgPgVKQsc8mPTPtbjJMuLLs4xKc+viCplXc0Nc0ZoHmCH4da6fCV
+tdpHQjVe6F9zjdquZ4RjV6R6JTiN9v924dGMAkbW/xXmamtz51FzondKC52Gh8Mo
+/oA0/T0KsCMCi7tb4QNQUYrf+Xcha9uus4ww1kWNZyfXJB87a2kORLiWMfs2IBBJ
+TmZ2Fnk0JnHDb8Oknxd9PvJPT0mvyT8DA+KIAPqNvOjUXP4bnjEHJcoCP9S5HkGC
+IQIDAQAB
+-----END PUBLIC KEY-----

images/kube-proxy/v1.30.13/alpine-keys/riscv64/[email protected]

@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnpUpyWDWjlUk3smlWeA0
+lIMW+oJ38t92CRLHH3IqRhyECBRW0d0aRGtq7TY8PmxjjvBZrxTNDpJT6KUk4LRm
+a6A6IuAI7QnNK8SJqM0DLzlpygd7GJf8ZL9SoHSH+gFsYF67Cpooz/YDqWrlN7Vw
+tO00s0B+eXy+PCXYU7VSfuWFGK8TGEv6HfGMALLjhqMManyvfp8hz3ubN1rK3c8C
+US/ilRh1qckdbtPvoDPhSbTDmfU1g/EfRSIEXBrIMLg9ka/XB9PvWRrekrppnQzP
+hP9YE3x/wbFc5QqQWiRCYyQl/rgIMOXvIxhkfe8H5n1Et4VAorkpEAXdsfN8KSVv
+LSMazVlLp9GYq5SUpqYX3KnxdWBgN7BJoZ4sltsTpHQ/34SXWfu3UmyUveWj7wp0
+x9hwsPirVI00EEea9AbP7NM2rAyu6ukcm4m6ATd2DZJIViq2es6m60AE6SMCmrQF
+wmk4H/kdQgeAELVfGOm2VyJ3z69fQuywz7xu27S6zTKi05Qlnohxol4wVb6OB7qG
+LPRtK9ObgzRo/OPumyXqlzAi/Yvyd1ZQk8labZps3e16bQp8+pVPiumWioMFJDWV
+GZjCmyMSU8V6MB6njbgLHoyg2LCukCAeSjbPGGGYhnKLm1AKSoJh3IpZuqcKCk5C
+8CM1S15HxV78s9dFntEqIokCAwEAAQ==
+-----END PUBLIC KEY-----

images/kube-proxy/v1.30.13/files/iptables-wrapper.patch

@@ -0,0 +1,33 @@
+--- Makefile
++++ Makefile
+@@ -7,7 +7,7 @@ $(BIN_DIR):
+ 	mkdir -p $(BIN_DIR)
+ 
+ build: $(BIN_DIR)
+-	CGO_ENABLED=0 $(GO) build -ldflags='-s -w -extldflags="-static" -buildid=""' -trimpath -o $(BIN_DIR)/iptables-wrapper github.com/kubernetes-sigs/iptables-wrappers
++	CGO_ENABLED=0 $(GO) build -ldflags='-s -w -extldflags="-static" -buildid=""' -trimpath -buildvcs=false -o $(BIN_DIR)/iptables-wrapper github.com/kubernetes-sigs/iptables-wrappers
+ 
+ vet: ## Run go vet against code.
+ 	$(GO) vet ./...
+--- iptables-wrapper-installer.sh
++++ iptables-wrapper-installer.sh
+@@ -85,11 +85,15 @@ done
+ 
+ if [ -z "${no_sanity_check}" ]; then
+     # Ensure dependencies are installed
+-    if ! version=$("${sbin}/iptables-nft" --version 2> /dev/null); then
+-        echo "ERROR: iptables-nft is not installed" 1>&2
+-        exit 1
++    # NOTE(k0s): iptables-nft will fail under QEMU with the below error
++    # message, hence use iptables-legacy for the version check
++    if ! version=$("${sbin}/iptables-nft" --version 2>&1); then
++        if [ "$version" != "iptables: Failed to initialize nft: Protocol not supported" ]; then
++            echo "ERROR: iptables-nft is not installed" 1>&2
++            exit 1
++        fi
+     fi
+-    if ! "${sbin}/iptables-legacy" --version > /dev/null 2>&1; then
++    if ! version=$("${sbin}/iptables-legacy" --version 2> /dev/null); then
+         echo "ERROR: iptables-legacy is not installed" 1>&2
+         exit 1
+     fi

images/kube-proxy/v1.30.13/files/riscv64.patch

@@ -0,0 +1,49 @@
+--- hack/lib/golang.sh
++++ hack/lib/golang.sh
+@@ -25,6 +25,7 @@ readonly KUBE_SUPPORTED_SERVER_PLATFORMS=(
+   linux/arm64
+   linux/s390x
+   linux/ppc64le
++  linux/riscv64
+ )
+ 
+ # The node platforms we build for
+@@ -33,6 +34,7 @@ readonly KUBE_SUPPORTED_NODE_PLATFORMS=(
+   linux/arm64
+   linux/s390x
+   linux/ppc64le
++  linux/riscv64
+   windows/amd64
+ )
+ 
+@@ -45,6 +47,7 @@ readonly KUBE_SUPPORTED_CLIENT_PLATFORMS=(
+   linux/arm64
+   linux/s390x
+   linux/ppc64le
++  linux/riscv64
+   darwin/amd64
+   darwin/arm64
+   windows/amd64
+@@ -59,6 +62,7 @@ readonly KUBE_SUPPORTED_TEST_PLATFORMS=(
+   linux/arm64
+   linux/s390x
+   linux/ppc64le
++  linux/riscv64
+   darwin/amd64
+   darwin/arm64
+   windows/amd64
+--- hack/lib/util.sh
++++ hack/lib/util.sh
+@@ -185,8 +185,11 @@ kube::util::host_arch() {
+     ppc64le*)
+       host_arch=ppc64le
+       ;;
++    riscv64)
++      host_arch=riscv64
++      ;;
+     *)
+-      kube::log::error "Unsupported host arch. Must be x86_64, 386, arm, arm64, s390x or ppc64le."
++      kube::log::error "Unsupported host arch. Must be x86_64, 386, arm, arm64, s390x, ppc64le or riscv64."
+       exit 1
+       ;;
+   esac

images/kube-proxy/v1.31.9/.dockerignore

@@ -0,0 +1,4 @@
+*
+.*
+!alpine-keys
+!files