Azure · aramase · Feb 20, 2026 · Feb 12, 2026 · Feb 12, 2026 · Feb 12, 2026
@@ -1,39 +1,53 @@
+version: "2"
 run:
-  timeout: 5m
-
-linters-settings:
-  gocritic:
-    enabled-tags:
-    - performance
-  lll:
-    line-length: 200
-  misspell:
-    locale: US
-  staticcheck:
-    go: "1.23"
-
+  go: "1.25"
 linters:
-  disable-all: true
+  default: none
   enable:
-    - errcheck
-    - exportloopref
-    - forcetypeassert
+    - errorlint
     - goconst
-    - gocritic
     - gocyclo
-    - godot
-    - gofmt
-    - gofumpt
-    - goimports
     - gosec
-    - gosimple
     - govet
     - ineffassign
     - misspell
     - nakedret
     - prealloc
     - revive
     - staticcheck
-    - typecheck
+    - unconvert
     - unused
     - whitespace
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    rules:
+      - linters:
+          - staticcheck
+        text: "SA1019: .*(v1beta1|KMSv1 is deprecated)"
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+  settings:
+    revive:
+      rules:
+        - name: var-naming
+          disabled: true
+    staticcheck:
+      checks:
+        - all
+formatters:
+  enable:
+    - gofmt
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
@@ -12,5 +12,4 @@ pool: staging-pool-amd64-mariner-2
 
 jobs:
   - template: templates/unit-tests-template.yml
-  - template: templates/soak-test-template.yml
   - template: templates/e2e-upgrade-template.yml
@@ -24,16 +24,17 @@ jobs:
     - group: kubernetes-kms
     strategy:
       matrix:
-        kmsv1_kind_v1_30_10:
-          KUBERNETES_VERSION: v1.30.10
-        kmsv1_kind_v1_31_6:
-          KUBERNETES_VERSION: v1.31.6
-        kmsv1_kind_v1_32_3:
-          KUBERNETES_VERSION: v1.32.3
+        kmsv1_kind_v1_33_7:
+          KUBERNETES_VERSION: v1.33.7
+        kmsv1_kind_v1_34_3:
+          KUBERNETES_VERSION: v1.34.3
+        kmsv1_kind_v1_35_0:
+          KUBERNETES_VERSION: v1.35.0
     steps:
       - task: GoTool@0
         inputs:
-          version: 1.23.8
+          version: 1.25.7
+      - template: prepare-deps.yaml
       - script: make e2e-install-prerequisites
         displayName: "Install e2e test prerequisites"
       - script: |
@@ -75,16 +76,17 @@ jobs:
     - group: kubernetes-kms
     strategy:
       matrix:
-        kmsv2_kind_v1_30_10:
-          KUBERNETES_VERSION: v1.30.10
-        kmsv2_kind_v1_31_6:
-          KUBERNETES_VERSION: v1.31.6
-        kmsv2_kind_v1_32_3:
-          KUBERNETES_VERSION: v1.32.3
+        kmsv2_kind_v1_33_7:
+          KUBERNETES_VERSION: v1.33.7
+        kmsv2_kind_v1_34_3:
+          KUBERNETES_VERSION: v1.34.3
+        kmsv2_kind_v1_35_0:
+          KUBERNETES_VERSION: v1.35.0
     steps:
       - task: GoTool@0
         inputs:
-          version: 1.23.8
+          version: 1.25.7
+      - template: prepare-deps.yaml
       - script: make e2e-install-prerequisites
         displayName: "Install e2e test prerequisites"
       - script: |

@@ -24,6 +24,11 @@ jobs:
       - group: kubernetes-kms
 
     steps:
+      - task: GoTool@0
+        inputs:
+          version: 1.25.7
+      - template: prepare-deps.yaml
+
       - script: make e2e-install-prerequisites
         displayName: "Install e2e test prerequisites"
 

@@ -0,0 +1,10 @@
+steps:
+- bash: |
+    for i in {1..10}; do
+      if sudo tdnf install -y kernel-headers make gcc glibc-devel binutils gettext; then
+        exit 0
+      fi
+      echo "waiting until rpm lock is free"
+      sleep 5
+    done
+    exit 1
@@ -5,8 +5,8 @@ steps:
       export OUTPUT_TYPE="type=docker"
       make docker-init-buildx docker-build
 
-      wget https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION:-0.32.0}/trivy_${TRIVY_VERSION:-0.32.0}_Linux-64bit.tar.gz
-      tar zxvf trivy_${TRIVY_VERSION:-0.32.0}_Linux-64bit.tar.gz
+      wget https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION:-0.69.1}/trivy_${TRIVY_VERSION:-0.69.1}_Linux-64bit.tar.gz
+      tar zxvf trivy_${TRIVY_VERSION:-0.69.1}_Linux-64bit.tar.gz
 
       # show all vulnerabilities in the logs
       ./trivy image "${REGISTRY}/keyvault:${IMAGE_VERSION}"

@@ -14,6 +14,10 @@ jobs:
     - group: kubernetes-kms
 
     steps:
+      - task: GoTool@0
+        inputs:
+          version: 1.25.7
+      - template: prepare-deps.yaml
       - script: make lint
         displayName: Run lint
       - script: make unit-test
@@ -32,6 +36,6 @@ jobs:
           sudo ./_output/kubernetes-kms --keyvault-name $KEYVAULT_NAME --key-name $KEY_NAME --key-version $KEY_VERSION --listen-addr "unix:///opt/azurekms.sock" > /dev/null &
           echo Waiting 2 seconds for the server to start
           sleep 2
-          sudo make integration-test
+          sudo env "PATH=$PATH" make integration-test
         displayName: Run integration tests
       - template: scan-images-template.yml
@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/oss/go/microsoft/golang:1.23.8-bookworm@sha256:df6c0a931c3646afea9d9858a40985a613f692467da696ef8ffc4d1996d7a6bb AS builder
+FROM mcr.microsoft.com/oss/go/microsoft/golang:1.25.7-bookworm@sha256:928c16ae89580a7f3bee97698d4157b62af0cbbbf5e3d7eb938189261697b26a AS builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -15,7 +15,7 @@ COPY pkg/ pkg/
 ARG TARGETARCH
 ARG TARGETPLATFORM
 ARG LDFLAGS
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} GO111MODULE=on go build -a -ldflags "${LDFLAGS:--X github.com/Azure/kubernetes-kms/pkg/version.BuildVersion=latest}" -o _output/kubernetes-kms main.go
+RUN MS_GO_NOSYSTEMCRYPTO=1 CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} GO111MODULE=on go build -a -ldflags "${LDFLAGS:--X github.com/Azure/kubernetes-kms/pkg/version.BuildVersion=latest}" -o _output/kubernetes-kms main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

@@ -29,8 +29,8 @@ DOCKER_BUILDKIT = 1
 export DOCKER_BUILDKIT
 
 # Testing var
-KIND_VERSION ?= 0.27.0
-KUBERNETES_VERSION ?= v1.32.3
+KIND_VERSION ?= 0.31.0
+KUBERNETES_VERSION ?= v1.35.0
 BATS_VERSION ?= 1.4.1
 
 ## --------------------------------------
@@ -39,7 +39,7 @@ BATS_VERSION ?= 1.4.1
 
 $(TOOLS_DIR)/golangci-lint: $(TOOLS_MOD_DIR)/go.mod $(TOOLS_MOD_DIR)/go.sum $(TOOLS_MOD_DIR)/tools.go
 	cd $(TOOLS_MOD_DIR) && \
-	go build -o $(TOOLS_DIR)/golangci-lint github.com/golangci/golangci-lint/cmd/golangci-lint
+	go build -o $(TOOLS_DIR)/golangci-lint github.com/golangci/golangci-lint/v2/cmd/golangci-lint
 
 .PHONY: lint
 lint: $(TOOLS_DIR)/golangci-lint
@@ -122,11 +122,6 @@ e2e-install-prerequisites:
 	# Download and install bats
 	curl -sSLO https://github.com/bats-core/bats-core/archive/v${BATS_VERSION}.tar.gz && tar -zxvf v${BATS_VERSION}.tar.gz && sudo bash bats-core-${BATS_VERSION}/install.sh /usr/local
 
-.PHONY: install-soak-prerequisites
-install-soak-prerequisites: e2e-install-prerequisites
-	# Download and install node-shell
-	curl -LO https://github.com/kvaps/kubectl-node-shell/raw/master/kubectl-node_shell && chmod +x ./kubectl-node_shell && sudo mv ./kubectl-node_shell /usr/local/bin/kubectl-node_shell
-
 e2e-setup-kind: setup-local-registry
 	./scripts/setup-kind-cluster.sh &
 	./scripts/connect-registry.sh &

@@ -1,24 +1,31 @@
 module github.com/Azure/kubernetes-kms
 
-go 1.23.8
+go 1.25.7
 
 require (
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
 	github.com/Azure/go-autorest/autorest v0.11.28
 	github.com/Azure/go-autorest/autorest/adal v0.9.23
-	go.opentelemetry.io/otel v1.15.1
-	go.opentelemetry.io/otel/exporters/prometheus v0.38.1
-	go.opentelemetry.io/otel/metric v0.38.1
-	golang.org/x/crypto v0.37.0
-	golang.org/x/net v0.39.0
-	google.golang.org/grpc v1.58.3
+	go.opentelemetry.io/otel v1.38.0
+	go.opentelemetry.io/otel/exporters/prometheus v0.60.0
+	go.opentelemetry.io/otel/metric v1.38.0
+	golang.org/x/crypto v0.48.0
+	golang.org/x/net v0.50.0
+	google.golang.org/grpc v1.72.2
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/apimachinery v0.27.1
 	k8s.io/klog/v2 v2.100.1
-	k8s.io/kms v0.27.1
+	k8s.io/kms v0.35.1
 	monis.app/mlog v0.0.4
 )
 
+require (
+	github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/prometheus/otlptranslator v0.0.2 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+)
+
 require (
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
@@ -28,39 +35,37 @@ require (
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/uuid v1.3.0 // indirect; indirectgit
+	github.com/google/uuid v1.6.0 // indirect; indirectgit
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.15.0
-	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.42.0 // indirect
-	github.com/prometheus/procfs v0.9.0 // indirect
+	github.com/prometheus/client_golang v1.23.0
+	github.com/prometheus/client_model v0.6.2 // indirect
+	github.com/prometheus/common v0.65.0 // indirect
+	github.com/prometheus/procfs v0.17.0 // indirect
 	github.com/spf13/cobra v1.6.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/stretchr/testify v1.8.2 // indirect
-	go.opentelemetry.io/otel/sdk v1.15.1 // indirect
-	go.opentelemetry.io/otel/sdk/metric v0.38.1
-	go.opentelemetry.io/otel/trace v1.15.1 // indirect
+	github.com/stretchr/testify v1.11.1 // indirect
+	go.opentelemetry.io/otel/sdk v1.38.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.38.0
+	go.opentelemetry.io/otel/trace v1.38.0 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
 	go.uber.org/multierr v1.8.0 // indirect
 	go.uber.org/zap v1.24.0 // indirect
-	golang.org/x/sys v0.32.0 // indirect
-	golang.org/x/text v0.24.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
+	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a // indirect
+	google.golang.org/protobuf v1.36.8 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/component-base v0.27.1 // indirect