ODP-3237: Fix CVE-2023-3635 com.squareup.okio:okio / kubernetes-client in spark (#66)

prabhjyotsingh · panbingkun · dongjoon-hyun · web-flow · commit afda51083046 · 2025-02-07T10:07:01.000-05:00
* ODP-3237: Fix compile * [SPARK-44537][BUILD] Upgrade kubernetes-client to 6.8.0 The pr aims to upgrade kubernetes-client from 6.7.2 to 6.8.0. - The newest version brings some bug fixed & improvment, eg: Fix fabric8io/kubernetes-client#5221: Empty kube config file causes NPE Fix fabric8io/kubernetes-client#5281: Ensure the KubernetesCrudDispatcher's backing map is accessed w/lock Fix fabric8io/kubernetes-client#5298: Prevent requests needing authentication from causing a 403 response Fix fabric8io/kubernetes-client#5233: Generalized SchemaSwap to allow for cycle expansion Fix fabric8io/kubernetes-client#5262: all built-in collections will omit empty in their serialized form. - The full release notes: https://github.com/fabric8io/kubernetes-client/releases/ No. Pass GA. Closes apache#42142 from panbingkun/SPARK-44537. Authored-by: panbingkun <pbk1982@gmail.com> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org> (cherry picked from commit 6b6216c) * [SPARK-44821][BUILD][K8S] Upgrade `kubernetes-client` to 6.8.1 ### What changes were proposed in this pull request? This PR aims to upgrade kubernetes-client to 6.8.1 ### Why are the changes needed? To bring two additional bug fixes. - https://github.com/fabric8io/kubernetes-client/releases/tag/v6.8.1 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass the CIs. Closes apache#42505 from dongjoon-hyun/SPARK-44821. Authored-by: Dongjoon Hyun <dongjoon@apache.org> Signed-off-by: Kent Yao <yao@apache.org> (cherry picked from commit e25a654) * [SPARK-45465][BUILD][K8S] Upgrade `kubernetes-client` to 6.9.0 for K8s 1.28 This PR aims to upgrade `kubernetes-client` to 6.9.0 for K8s 1.28. `kubernetes-client` 6.9.0 includes new features and bug fixes on top of K8s 1.23 model. - https://github.com/fabric8io/kubernetes-client/releases/tag/v6.9.0 - fabric8io/kubernetes-client#5401 No. Pass the CIs. No. Closes apache#43284 from dongjoon-hyun/SPARK-45465. Authored-by: Dongjoon Hyun <dhyun@apple.com> Signed-off-by: Dongjoon Hyun <dhyun@apple.com> (cherry picked from commit 89acebb) * [SPARK-45728][BUILD][K8S] Upgrade `kubernetes-client` to 6.9.1 ### What changes were proposed in this pull request? This PR aims to upgrade `kubernetes-client` to 6.9.1. ### Why are the changes needed? This will bring us the following bug fixes including the CRD generator fix. - https://github.com/fabric8io/kubernetes-client/releases/tag/v6.9.1 - Fix fabric8io/kubernetes-client#5501: (crd-generator) Fix fallback value of Default annotation in presence of multiple accessors ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass the CIs. ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#43589 from dongjoon-hyun/SPARK-45728. Authored-by: Dongjoon Hyun <dhyun@apple.com> Signed-off-by: Dongjoon Hyun <dhyun@apple.com> (cherry picked from commit 311602a) * [SPARK-46662][K8S][BUILD] Upgrade `kubernetes-client` to 6.10.0 Upgrade `kubernetes-client` from 6.9.1 to 6.10.0 [Release notes 6.10.0](https://github.com/fabric8io/kubernetes-client/releases/tag/v6.10.0) [Release notes 6.9.2](https://github.com/fabric8io/kubernetes-client/releases/tag/v6.9.2) [Updated okio to version 1.17.6 to avoid CVE-2023-3635](fabric8io/kubernetes-client#5587) [Upgrade Kubernetes Model to Kubernetes v1.29.0](fabric8io/kubernetes-client#5686) No. Pass GA No. Closes apache#44672 from bjornjorgensen/kubclient6.10. Authored-by: Bjørn Jørgensen <bjornjorgensen@gmail.com> Signed-off-by: Dongjoon Hyun <dhyun@apple.com> (cherry picked from commit dcfd37c) * [SPARK-47550][K8S][BUILD] Update `kubernetes-client` to 6.11.0 ### What changes were proposed in this pull request? Update `kubernetes-client` from 6.10.0 to 6.11.0 ### Why are the changes needed? [Release notes for 6.11.0](https://github.com/fabric8io/kubernetes-client/releases/tag/v6.11.0) ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#45707 from bjornjorgensen/kub-client6.11.0. Authored-by: Bjørn Jørgensen <bjornjorgensen@gmail.com> Signed-off-by: Dongjoon Hyun <dhyun@apple.com> (cherry picked from commit 7b9b3cb) * [SPARK-47860][BUILD][K8S] Upgrade `kubernetes-client` to 6.12.0 ### What changes were proposed in this pull request? This PR aims to upgrade `kubernetes-client` to 6.12.0. ### Why are the changes needed? To bring the latest bug fixes. - https://github.com/fabric8io/kubernetes-client/releases/tag/v6.12.0 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass the CIs. ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#46066 from dongjoon-hyun/SPARK-47860. Authored-by: Dongjoon Hyun <dhyun@apple.com> Signed-off-by: Dongjoon Hyun <dhyun@apple.com> (cherry picked from commit becbca6) * [SPARK-47915][BUILD][K8S] Upgrade `kubernetes-client` to 6.12.1 ### What changes were proposed in this pull request? Upgrade `kubernetes-client` from 6.12.0 to 6.12.1 ### Why are the changes needed? [Release notes](https://github.com/fabric8io/kubernetes-client/releases/tag/v6.12.1) ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#46137 from bjornjorgensen/kub-client6.12.1. Authored-by: Bjørn Jørgensen <bjornjorgensen@gmail.com> Signed-off-by: Dongjoon Hyun <dhyun@apple.com> (cherry picked from commit 8aa8ad6) * [SPARK-48514][BUILD][K8S] Upgrade `kubernetes-client` to 6.13.0 ### What changes were proposed in this pull request? Upgrade kubernetes-client from 6.12.1 to 6.13.0 ### Why are the changes needed? Upgrade Fabric8 Kubernetes Model to Kubernetes v1.30.0 [Release log 6.13.0](https://github.com/fabric8io/kubernetes-client/releases/tag/v6.13.0) ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#46854 from bjornjorgensen/kubclient6.13.0. Authored-by: Bjørn Jørgensen <bjornjorgensen@gmail.com> Signed-off-by: Kent Yao <yao@apache.org> (cherry picked from commit 6475ddf) * [SPARK-48801][BUILD][K8S] Upgrade `kubernetes-client` to 6.13.1 ### What changes were proposed in this pull request? The pr aims to upgrade `kubernetes-client` from `6.13.0` to `6.13.1`. ### Why are the changes needed? - The full release notes: https://github.com/fabric8io/kubernetes-client/releases/tag/v6.13.1 - The newest version fixed some bug, eg: Fix fabric8io/kubernetes-client#6059: Swallow rejected execution from internal usage of the informer executor Fix fabric8io/kubernetes-client#6068: KubernetesMockServer provides incomplete Configuration while creating test Config for KubernetesClient Fix fabric8io/kubernetes-client#6085: model getters have same annotations as fields (breaks native) ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA. ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#47206 from panbingkun/SPARK-48801. Authored-by: panbingkun <panbingkun@baidu.com> Signed-off-by: Dongjoon Hyun <dhyun@apple.com> (cherry picked from commit 5b00786) * [SPARK-49196][BUILD] Upgrade `kubernetes-client` to 6.13.2 ### What changes were proposed in this pull request? The pr aims to upgrade `kubernetes-client` from `6.13.1` to `6.13.2`. ### Why are the changes needed? - The full release notes: https://github.com/fabric8io/kubernetes-client/releases/tag/v6.13.2 - The newest version fixed some bug, eg: Fix fabric8io/kubernetes-client#6066: Added support for missing v1.APIVersions in KubernetesClient Fix fabric8io/kubernetes-client#6110: VolumeSource (and other file mode fields) in Octal are correctly interpreted Fix fabric8io/kubernetes-client#6137: ConfigBuilder.withAutoConfigure is not working ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA. ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#47703 from panbingkun/SPARK-49196. Authored-by: panbingkun <panbingkun@baidu.com> Signed-off-by: Dongjoon Hyun <dhyun@apple.com> (cherry picked from commit d09e1c5) * [SPARK-45590][BUILD] Upgrade okio to 1.17.6 from 1.15.0 This PR aims to upgrade `okio` from 1.15.0 to 1.17.6. Okio 1.15.0 is vulnerable due to CVE-2023-3635, details: https://nvd.nist.gov/vuln/detail/CVE-2023-3635 Previous attempts to fix this security issue: Update okio to version 1.17.6 apache#5587: fabric8io/kubernetes-client#5587 Followup to Update okio to version 1.17.6 apache#5935: fabric8io/kubernetes-client#5935 Unfortunately it is still using 1.15.0: https://github.com/apache/spark/blob/v4.0.0-preview1/dev/deps/spark-deps-hadoop-3-hive-2.3#L227 https://github.com/apache/spark/blob/v3.5.2/dev/deps/spark-deps-hadoop-3-hive-2.3#L210 No. Pass the CIs. No. Closes apache#47758 from roczei/SPARK-45590. Authored-by: Gabor Roczei <roczei@cloudera.com> Signed-off-by: Kent Yao <yao@apache.org> (cherry picked from commit c8cf394) * [SPARK-49255][BUILD][K8S] Upgrade `kubernetes-client` to 6.13.3 ### What changes were proposed in this pull request? This PR aims to upgrade `kubernetes-client` to 6.13.3. ### Why are the changes needed? Unfortunately, there is an important bug fix after we upgraded to 6.13.2. This PR aims to bring the fix. - https://github.com/fabric8io/kubernetes-client/releases/tag/v6.13.3 - fabric8io/kubernetes-client#6249 - fabric8io/kubernetes-client@1a66228 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass the CIs. ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#47782 from dongjoon-hyun/SPARK-49255. Authored-by: Dongjoon Hyun <dhyun@apple.com> Signed-off-by: Dongjoon Hyun <dhyun@apple.com> (cherry picked from commit 7a670d7) * [SPARK-49800][BUILD][K8S] Upgrade `kubernetes-client` to 6.13.4 ### What changes were proposed in this pull request? Upgrade `kubernetes-client` from 6.13.3 to 6.13.4 ### Why are the changes needed? New version that have 5 fixes [Release log 6.13.4](https://github.com/fabric8io/kubernetes-client/releases/tag/v6.13.4) ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#48268 from bjornjorgensen/k8sclient6.13.4. Authored-by: Bjørn Jørgensen <bjornjorgensen@gmail.com> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org> (cherry picked from commit 54e62a1) * [SPARK-50493][SPARK-37687][BUILD] Migrate kubernetes-client from `6.x` to `7.x` The pr aims to migrate kubernetes-client from `6.x` to `7.x`, includes: - upgrade `kubernetes-client` from `6.13.2` to `7.0.1`. - switch default `HttpClient` implementation from `OkHttp` to `Vert.x`. - The full release notes: https://github.com/fabric8io/kubernetes-client/releases/tag/v7.0.1 https://github.com/fabric8io/kubernetes-client/releases/tag/v7.0.0 - [Vert.x as default HttpClient implementation](https://github.com/fabric8io/kubernetes-client/blob/v7.0.0/doc/MIGRATION-v7.md#vertx-as-default-httpclient-implementation-) No. Pass GA. No. Closes apache#49159 from panbingkun/k8s_client_7_vert_x. Authored-by: panbingkun <panbingkun@apache.org> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org> (cherry picked from commit dccb129) --------- Co-authored-by: panbingkun <pbk1982@gmail.com> Co-authored-by: Dongjoon Hyun <dongjoon@apache.org> Co-authored-by: Dongjoon Hyun <dhyun@apple.com> Co-authored-by: Bjørn Jørgensen <bjornjorgensen@gmail.com> Co-authored-by: panbingkun <panbingkun@baidu.com> Co-authored-by: Gabor Roczei <roczei@cloudera.com> Co-authored-by: panbingkun <panbingkun@apache.org>
diff --git a/LICENSE-binary b/LICENSE-binary
@@ -214,6 +214,10 @@ com.googlecode.javaewah:JavaEWAH
 com.twitter:chill-java
 com.twitter:chill_2.12
 com.univocity:univocity-parsers
+io.vertx:vertx-auth-common
+io.vertx:vertx-core
+io.vertx:vertx-web-client
+io.vertx:vertx-web-common
 javax.jdo:jdo-api
 joda-time:joda-time
 net.sf.opencsv:opencsv
diff --git a/connector/docker-integration-tests/pom.xml b/connector/docker-integration-tests/pom.xml
@@ -111,6 +111,12 @@
       <groupId>org.apache.hadoop</groupId>
       <artifactId>hadoop-minikdc</artifactId>
       <scope>test</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>org.jline</groupId>
+          <artifactId>jline</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <!-- Although SPARK-28737 upgraded Jersey to 2.29 for JDK11, 'com.spotify.docker-client' still
       uses this repackaged 'jersey-guava'. We add this back for JDK8/JDK11 testing. -->
diff --git a/connector/kafka-0-10-sql/pom.xml b/connector/kafka-0-10-sql/pom.xml
@@ -123,6 +123,12 @@
     <dependency>
       <groupId>org.apache.hadoop</groupId>
       <artifactId>hadoop-minikdc</artifactId>
+      <exclusions>
+        <exclusion>
+          <groupId>org.jline</groupId>
+          <artifactId>jline</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <!-- Kafka embedded server uses Zookeeper 3.5.7 API -->
     <dependency>
diff --git a/core/pom.xml b/core/pom.xml
@@ -450,6 +450,12 @@
       <groupId>org.apache.hadoop</groupId>
       <artifactId>hadoop-minikdc</artifactId>
       <scope>test</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>org.jline</groupId>
+          <artifactId>jline</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>net.razorvine</groupId>
diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 b/dev/deps/spark-deps-hadoop-3-hive-2.3
@@ -144,31 +144,31 @@ jsr305/3.0.0//jsr305-3.0.0.jar
 jta/1.1//jta-1.1.jar
 jul-to-slf4j/2.0.7//jul-to-slf4j-2.0.7.jar
 kryo-shaded/4.0.2//kryo-shaded-4.0.2.jar
-kubernetes-client-api/6.8.1//kubernetes-client-api-6.8.1.jar
-kubernetes-client/6.8.1//kubernetes-client-6.8.1.jar
-kubernetes-httpclient-okhttp/6.8.1//kubernetes-httpclient-okhttp-6.8.1.jar
-kubernetes-model-admissionregistration/6.8.1//kubernetes-model-admissionregistration-6.8.1.jar
-kubernetes-model-apiextensions/6.8.1//kubernetes-model-apiextensions-6.8.1.jar
-kubernetes-model-apps/6.8.1//kubernetes-model-apps-6.8.1.jar
-kubernetes-model-autoscaling/6.8.1//kubernetes-model-autoscaling-6.8.1.jar
-kubernetes-model-batch/6.8.1//kubernetes-model-batch-6.8.1.jar
-kubernetes-model-certificates/6.8.1//kubernetes-model-certificates-6.8.1.jar
-kubernetes-model-common/6.8.1//kubernetes-model-common-6.8.1.jar
-kubernetes-model-coordination/6.8.1//kubernetes-model-coordination-6.8.1.jar
-kubernetes-model-core/6.8.1//kubernetes-model-core-6.8.1.jar
-kubernetes-model-discovery/6.8.1//kubernetes-model-discovery-6.8.1.jar
-kubernetes-model-events/6.8.1//kubernetes-model-events-6.8.1.jar
-kubernetes-model-extensions/6.8.1//kubernetes-model-extensions-6.8.1.jar
-kubernetes-model-flowcontrol/6.8.1//kubernetes-model-flowcontrol-6.8.1.jar
-kubernetes-model-gatewayapi/6.8.1//kubernetes-model-gatewayapi-6.8.1.jar
-kubernetes-model-metrics/6.8.1//kubernetes-model-metrics-6.8.1.jar
-kubernetes-model-networking/6.8.1//kubernetes-model-networking-6.8.1.jar
-kubernetes-model-node/6.8.1//kubernetes-model-node-6.8.1.jar
-kubernetes-model-policy/6.8.1//kubernetes-model-policy-6.8.1.jar
-kubernetes-model-rbac/6.8.1//kubernetes-model-rbac-6.8.1.jar
-kubernetes-model-resource/6.8.1//kubernetes-model-resource-6.8.1.jar
-kubernetes-model-scheduling/6.8.1//kubernetes-model-scheduling-6.8.1.jar
-kubernetes-model-storageclass/6.8.1//kubernetes-model-storageclass-6.8.1.jar
+kubernetes-client-api/7.0.1//kubernetes-client-api-7.0.1.jar
+kubernetes-client/7.0.1//kubernetes-client-7.0.1.jar
+kubernetes-httpclient-vertx/7.0.1//kubernetes-httpclient-vertx-7.0.1.jar
+kubernetes-model-admissionregistration/7.0.1//kubernetes-model-admissionregistration-7.0.1.jar
+kubernetes-model-apiextensions/7.0.1//kubernetes-model-apiextensions-7.0.1.jar
+kubernetes-model-apps/7.0.1//kubernetes-model-apps-7.0.1.jar
+kubernetes-model-autoscaling/7.0.1//kubernetes-model-autoscaling-7.0.1.jar
+kubernetes-model-batch/7.0.1//kubernetes-model-batch-7.0.1.jar
+kubernetes-model-certificates/7.0.1//kubernetes-model-certificates-7.0.1.jar
+kubernetes-model-common/7.0.1//kubernetes-model-common-7.0.1.jar
+kubernetes-model-coordination/7.0.1//kubernetes-model-coordination-7.0.1.jar
+kubernetes-model-core/7.0.1//kubernetes-model-core-7.0.1.jar
+kubernetes-model-discovery/7.0.1//kubernetes-model-discovery-7.0.1.jar
+kubernetes-model-events/7.0.1//kubernetes-model-events-7.0.1.jar
+kubernetes-model-extensions/7.0.1//kubernetes-model-extensions-7.0.1.jar
+kubernetes-model-flowcontrol/7.0.1//kubernetes-model-flowcontrol-7.0.1.jar
+kubernetes-model-gatewayapi/7.0.1//kubernetes-model-gatewayapi-7.0.1.jar
+kubernetes-model-metrics/7.0.1//kubernetes-model-metrics-7.0.1.jar
+kubernetes-model-networking/7.0.1//kubernetes-model-networking-7.0.1.jar
+kubernetes-model-node/7.0.1//kubernetes-model-node-7.0.1.jar
+kubernetes-model-policy/7.0.1//kubernetes-model-policy-7.0.1.jar
+kubernetes-model-rbac/7.0.1//kubernetes-model-rbac-7.0.1.jar
+kubernetes-model-resource/7.0.1//kubernetes-model-resource-7.0.1.jar
+kubernetes-model-scheduling/7.0.1//kubernetes-model-scheduling-7.0.1.jar
+kubernetes-model-storageclass/7.0.1//kubernetes-model-storageclass-7.0.1.jar
 lapack/3.0.3//lapack-3.0.3.jar
 leveldbjni-all/1.8//leveldbjni-all-1.8.jar
 libfb303/0.9.3//libfb303-0.9.3.jar
@@ -177,7 +177,6 @@ log4j-1.2-api/2.20.0//log4j-1.2-api-2.20.0.jar
 log4j-api/2.20.0//log4j-api-2.20.0.jar
 log4j-core/2.20.0//log4j-core-2.20.0.jar
 log4j-slf4j2-impl/2.20.0//log4j-slf4j2-impl-2.20.0.jar
-logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar
 lz4-java/1.8.0//lz4-java-1.8.0.jar
 mesos/1.4.3/shaded-protobuf/mesos-1.4.3-shaded-protobuf.jar
 metrics-core/4.2.19//metrics-core-4.2.19.jar
@@ -188,13 +187,15 @@ metrics-jvm/4.2.19//metrics-jvm-4.2.19.jar
 minlog/1.3.0//minlog-1.3.0.jar
 netty-all/4.1.108.Final//netty-all-4.1.108.Final.jar
 netty-buffer/4.1.108.Final//netty-buffer-4.1.108.Final.jar
+netty-codec-dns/4.1.108.Final//netty-codec-dns-4.1.108.Final.jar
 netty-codec-http/4.1.108.Final//netty-codec-http-4.1.108.Final.jar
 netty-codec-http2/4.1.108.Final//netty-codec-http2-4.1.108.Final.jar
 netty-codec-socks/4.1.108.Final//netty-codec-socks-4.1.108.Final.jar
 netty-codec/4.1.108.Final//netty-codec-4.1.108.Final.jar
 netty-common/4.1.108.Final//netty-common-4.1.108.Final.jar
 netty-handler-proxy/4.1.108.Final//netty-handler-proxy-4.1.108.Final.jar
 netty-handler/4.1.108.Final//netty-handler-4.1.108.Final.jar
+netty-resolver-dns/4.1.108.Final//netty-resolver-dns-4.1.108.Final.jar
 netty-resolver/4.1.108.Final//netty-resolver-4.1.108.Final.jar
 netty-transport-classes-epoll/4.1.108.Final//netty-transport-classes-epoll-4.1.108.Final.jar
 netty-transport-classes-kqueue/4.1.108.Final//netty-transport-classes-kqueue-4.1.108.Final.jar
@@ -206,7 +207,7 @@ netty-transport-native-unix-common/4.1.108.Final//netty-transport-native-unix-co
 netty-transport/4.1.108.Final//netty-transport-4.1.108.Final.jar
 objenesis/3.3//objenesis-3.3.jar
 okhttp/3.12.12//okhttp-3.12.12.jar
-okio/1.15.0//okio-1.15.0.jar
+okio/1.17.6//okio-1.17.6.jar
 opencsv/2.3//opencsv-2.3.jar
 opentracing-api/0.33.0//opentracing-api-0.33.0.jar
 opentracing-noop/0.33.0//opentracing-noop-0.33.0.jar
@@ -235,7 +236,7 @@ scala-reflect/2.12.18//scala-reflect-2.12.18.jar
 scala-xml_2.12/2.2.0//scala-xml_2.12-2.2.0.jar
 shims/0.9.45//shims-0.9.45.jar
 slf4j-api/2.0.7//slf4j-api-2.0.7.jar
-snakeyaml-engine/2.6//snakeyaml-engine-2.6.jar
+snakeyaml-engine/2.8//snakeyaml-engine-2.8.jar
 snakeyaml/2.0//snakeyaml-2.0.jar
 snappy-java/1.1.10.3//snappy-java-1.1.10.3.jar
 spire-macros_2.12/0.17.0//spire-macros_2.12-0.17.0.jar
@@ -250,11 +251,15 @@ tink/1.9.0//tink-1.9.0.jar
 transaction-api/1.1//transaction-api-1.1.jar
 txw2/3.0.2//txw2-3.0.2.jar
 univocity-parsers/2.9.1//univocity-parsers-2.9.1.jar
+vertx-auth-common/4.5.11//vertx-auth-common-4.5.11.jar
+vertx-core/4.5.11//vertx-core-4.5.11.jar
+vertx-web-client/4.5.11//vertx-web-client-4.5.11.jar
+vertx-web-common/4.5.11//vertx-web-common-4.5.11.jar
 wildfly-openssl/1.1.3.Final//wildfly-openssl-1.1.3.Final.jar
 xbean-asm9-shaded/4.23//xbean-asm9-shaded-4.23.jar
 xmlschema-core/2.3.0//xmlschema-core-2.3.0.jar
 xz/1.9//xz-1.9.jar
-zjsonpatch/0.3.0//zjsonpatch-0.3.0.jar
+zjsonpatch/7.0.1//zjsonpatch-7.0.1.jar
 zookeeper-jute/3.6.3//zookeeper-jute-3.6.3.jar
 zookeeper/3.6.3//zookeeper-3.6.3.jar
 zstd-jni/1.5.5-5//zstd-jni-1.5.5-5.jar
diff --git a/hadoop-cloud/pom.xml b/hadoop-cloud/pom.xml
@@ -34,6 +34,8 @@
   </description>
   <properties>
     <sbt.project.name>hadoop-cloud</sbt.project.name>
+    <okhttp.version>3.12.12</okhttp.version>
+    <okio.version>1.17.6</okio.version>
   </properties>
 
   <build>
@@ -205,6 +207,16 @@
         </exclusion>
       </exclusions>
     </dependency>
+    <dependency>
+      <groupId>com.squareup.okhttp3</groupId>
+      <artifactId>okhttp</artifactId>
+      <version>${okhttp.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>com.squareup.okio</groupId>
+      <artifactId>okio</artifactId>
+      <version>${okio.version}</version>
+    </dependency>
   </dependencies>
 
   <profiles>
diff --git a/pom.xml b/pom.xml
@@ -238,7 +238,7 @@
 
     <!-- org.fusesource.leveldbjni will be used except on arm64 platform. -->
     <leveldbjni.group>org.fusesource.leveldbjni</leveldbjni.group>
-    <kubernetes-client.version>6.7.2</kubernetes-client.version>
+    <kubernetes-client.version>7.0.1</kubernetes-client.version>
 
     <test.java.home>${java.home}</test.java.home>
 
diff --git a/resource-managers/kubernetes/core/pom.xml b/resource-managers/kubernetes/core/pom.xml
@@ -41,7 +41,7 @@
       <dependencies>
         <dependency>
           <groupId>io.fabric8</groupId>
-          <artifactId>volcano-model-v1beta1</artifactId>
+          <artifactId>volcano-model</artifactId>
           <version>${kubernetes-client.version}</version>
         </dependency>
         <dependency>
@@ -75,11 +75,6 @@
       <scope>test</scope>
     </dependency>
 
-    <dependency>
-      <groupId>io.fabric8</groupId>
-      <artifactId>kubernetes-httpclient-okhttp</artifactId>
-      <version>${kubernetes-client.version}</version>
-    </dependency>
     <dependency>
       <groupId>io.fabric8</groupId>
       <artifactId>kubernetes-client</artifactId>
diff --git a/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/SparkKubernetesClientFactory.scala b/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/SparkKubernetesClientFactory.scala
@@ -24,16 +24,12 @@ import com.google.common.io.Files
 import io.fabric8.kubernetes.client.{ConfigBuilder, KubernetesClient, KubernetesClientBuilder}
 import io.fabric8.kubernetes.client.Config.KUBERNETES_REQUEST_RETRY_BACKOFFLIMIT_SYSTEM_PROPERTY
 import io.fabric8.kubernetes.client.Config.autoConfigure
-import io.fabric8.kubernetes.client.okhttp.OkHttpClientFactory
 import io.fabric8.kubernetes.client.utils.Utils.getSystemPropertyOrEnvVar
-import okhttp3.Dispatcher
-import okhttp3.OkHttpClient
 
 import org.apache.spark.SparkConf
 import org.apache.spark.deploy.k8s.Config._
 import org.apache.spark.internal.Logging
 import org.apache.spark.internal.config.ConfigEntry
-import org.apache.spark.util.ThreadUtils
 
 /**
  * Spark-opinionated builder for Kubernetes clients. It uses a prefix plus common suffixes to
@@ -67,10 +63,6 @@ private[spark] object SparkKubernetesClientFactory extends Logging {
       .getOption(s"$kubernetesAuthConfPrefix.$CLIENT_KEY_FILE_CONF_SUFFIX")
     val clientCertFile = sparkConf
       .getOption(s"$kubernetesAuthConfPrefix.$CLIENT_CERT_FILE_CONF_SUFFIX")
-    // TODO(SPARK-37687): clean up direct usage of OkHttpClient, see also:
-    // https://github.com/fabric8io/kubernetes-client/issues/3547
-    val dispatcher = new Dispatcher(
-      ThreadUtils.newDaemonCachedThreadPool("kubernetes-dispatcher"))
 
     // Allow for specifying a context used to auto-configure from the users K8S config file
     val kubeContext = sparkConf.get(KUBERNETES_CONTEXT).filter(_.nonEmpty)
@@ -106,17 +98,9 @@ private[spark] object SparkKubernetesClientFactory extends Logging {
       }.withOption(namespace) {
         (ns, configBuilder) => configBuilder.withNamespace(ns)
       }.build()
-    val factoryWithCustomDispatcher = new OkHttpClientFactory() {
-      override protected def additionalConfig(builder: OkHttpClient.Builder): Unit = {
-        builder.dispatcher(dispatcher)
-      }
-    }
     logDebug("Kubernetes client config: " +
       new ObjectMapper().writerWithDefaultPrettyPrinter().writeValueAsString(config))
-    new KubernetesClientBuilder()
-      .withHttpClientFactory(factoryWithCustomDispatcher)
-      .withConfig(config)
-      .build()
+    new KubernetesClientBuilder().withConfig(config).build()
   }
 
   private implicit class OptionConfigurableConfigBuilder(val configBuilder: ConfigBuilder)
diff --git a/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/features/MountVolumesFeatureStep.scala b/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/features/MountVolumesFeatureStep.scala
@@ -96,7 +96,7 @@ private[spark] class MountVolumesFeatureStep(conf: KubernetesConf)
               .withNewSpec()
                 .withStorageClassName(storageClass.get)
                 .withAccessModes(accessMode)
-                .withResources(new ResourceRequirementsBuilder()
+                .withResources(new VolumeResourceRequirementsBuilder()
                   .withRequests(Map("storage" -> new Quantity(size.get)).asJava).build())
                 .endSpec()
               .build())
diff --git a/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/features/VolcanoFeatureStep.scala b/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/features/VolcanoFeatureStep.scala
@@ -17,8 +17,8 @@
 package org.apache.spark.deploy.k8s.features
 
 import io.fabric8.kubernetes.api.model._
+import io.fabric8.volcano.api.model.scheduling.v1beta1.{PodGroup, PodGroupSpec}
 import io.fabric8.volcano.client.DefaultVolcanoClient
-import io.fabric8.volcano.scheduling.v1beta1.{PodGroup, PodGroupSpec}
 
 import org.apache.spark.deploy.k8s.{KubernetesConf, KubernetesDriverConf, KubernetesExecutorConf, SparkPod}
 import org.apache.spark.internal.Logging
diff --git a/resource-managers/kubernetes/core/src/test/scala/org/apache/spark/deploy/k8s/features/MountVolumesFeatureStepSuite.scala b/resource-managers/kubernetes/core/src/test/scala/org/apache/spark/deploy/k8s/features/MountVolumesFeatureStepSuite.scala
@@ -95,7 +95,7 @@ class MountVolumesFeatureStepSuite extends SparkFunSuite {
       "/tmp",
       "",
       true,
-      KubernetesPVCVolumeConf("pvc-spark-SPARK_EXECUTOR_ID", Some("fast"), Some("512mb"))
+      KubernetesPVCVolumeConf("pvc-spark-SPARK_EXECUTOR_ID", Some("fast"), Some("512M"))
     )
     val driverConf = KubernetesTestConf.createDriverConf(volumes = Seq(volumeConf))
     val driverStep = new MountVolumesFeatureStep(driverConf)
diff --git a/resource-managers/kubernetes/core/src/test/scala/org/apache/spark/deploy/k8s/features/VolcanoFeatureStepSuite.scala b/resource-managers/kubernetes/core/src/test/scala/org/apache/spark/deploy/k8s/features/VolcanoFeatureStepSuite.scala
@@ -18,7 +18,7 @@ package org.apache.spark.deploy.k8s.features
 
 import java.io.File
 
-import io.fabric8.volcano.scheduling.v1beta1.PodGroup
+import io.fabric8.volcano.api.model.scheduling.v1beta1.PodGroup
 
 import org.apache.spark.{SparkConf, SparkFunSuite}
 import org.apache.spark.deploy.k8s._
diff --git a/resource-managers/kubernetes/core/src/test/scala/org/apache/spark/scheduler/cluster/k8s/ExecutorLifecycleTestUtils.scala b/resource-managers/kubernetes/core/src/test/scala/org/apache/spark/scheduler/cluster/k8s/ExecutorLifecycleTestUtils.scala
@@ -228,7 +228,7 @@ object ExecutorLifecycleTestUtils {
       .withNewSpec()
         .withStorageClassName(storageClass)
         .withAccessModes("ReadWriteOnce")
-        .withResources(new ResourceRequirementsBuilder()
+        .withResources(new VolumeResourceRequirementsBuilder()
           .withRequests(Map("storage" -> new Quantity(size)).asJava).build())
         .endSpec()
       .build()
diff --git a/resource-managers/kubernetes/integration-tests/src/test/scala/org/apache/spark/deploy/k8s/integrationtest/PVTestsSuite.scala b/resource-managers/kubernetes/integration-tests/src/test/scala/org/apache/spark/deploy/k8s/integrationtest/PVTestsSuite.scala
@@ -88,7 +88,7 @@ private[spark] trait PVTestsSuite { k8sSuite: KubernetesSuite =>
       .withNewSpec()
         .withAccessModes("ReadWriteOnce")
         .withStorageClassName("test-local-storage")
-        .withResources(new ResourceRequirementsBuilder()
+        .withResources(new VolumeResourceRequirementsBuilder()
           .withRequests(Map("storage" -> new Quantity("1Gi")).asJava).build())
       .endSpec()
 
diff --git a/resource-managers/kubernetes/integration-tests/src/test/scala/org/apache/spark/deploy/k8s/integrationtest/VolcanoTestsSuite.scala b/resource-managers/kubernetes/integration-tests/src/test/scala/org/apache/spark/deploy/k8s/integrationtest/VolcanoTestsSuite.scala
@@ -29,8 +29,8 @@ import scala.concurrent.Future
 
 import io.fabric8.kubernetes.api.model.{HasMetadata, Pod, Quantity}
 import io.fabric8.kubernetes.client.NamespacedKubernetesClient
+import io.fabric8.volcano.api.model.scheduling.v1beta1.{Queue, QueueBuilder}
 import io.fabric8.volcano.client.VolcanoClient
-import io.fabric8.volcano.scheduling.v1beta1.{Queue, QueueBuilder}
 import org.scalatest.BeforeAndAfterEach
 import org.scalatest.concurrent.Eventually
 
