feat: Remove the urllib3 pinning

[ZPascal]

What type of PR is this?

/kind feature
/kind regression

What this PR does / why we need it:

Pull Request Description

The PR removes the version pinning for the urllib3 library.

Background

Starting with urllib3 version 2.4.0, stricter certificate validity checks were introduced when running on Python 3.13+ (urllib3#3571).
This change can trigger errors such as:

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier

These errors occur only in environments where Kubernetes clusters are configured with invalid or incomplete certificates, most notably on AWS EKS clusters created with Kubernetes v1.16 and earlier.

Change

We are not pinning the urllib3 version. Instead, we keep the dependency flexible (optionally with a temporary upper bound if strictly necessary), ensuring compatibility with future versions of urllib3.

Rationale / Why not pin the version

• 📦 Avoid unnecessary technical debt
  Pinning a widely used core dependency like urllib3 can quickly lead to upgrade blockers and complicate maintenance down the line.

• 🔐 Don’t block important security updates
  urllib3 is a critical dependency for HTTPS communication. Pinning could delay or prevent applying security patches or other improvements.

• 🧹 The issue only affects outdated infrastructure
  The certificate verification error occurs exclusively on clusters with invalid or outdated certificates. These environments should be updated rather than forcing the dependency to remain outdated.

• 🧭 Fixing the root cause is better than downstream workarounds
  It’s more sustainable to address the infrastructure issue (fixing or rotating cluster certificates) than holding back modern library versions.

• ⚡ Keeps upgrade paths open
  By not pinning the version, we can easily adopt future urllib3 releases without major dependency refactors.

Recommendation for affected users

If this error occurs, the correct fix is to update or properly configure the Kubernetes cluster certificates. A temporary upper bound may be set in local deployments if an immediate infrastructure fix is not feasible.

---

✅ Summary:
Instead of pinning urllib3 to a specific version, we keep the dependency flexible and address the underlying infrastructure issue.
This approach is more secure, easier to maintain, and aligned with dependency management best practices.

Special notes for your reviewer:

Does this PR introduce a user-facing change?

We no longer pin the `urllib3` version.  
`urllib3` 2.4.0 introduced stricter certificate checks on Python 3.13+, which may trigger: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier

This only affects clusters (version <=1.16) with outdated or misconfigured certificates (e.g. old AWS EKS versions). Please update the Kubernetes cluster certificates.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ZPascal
Once this PR has been reviewed and has the lgtm label, please assign yliaog for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Welcome @ZPascal!

It looks like this is your first PR to kubernetes-client/python 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-client/python has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[arielvb]

Hi,

Would it be possible to cut a new release after merging either this pull request or PR #2439? This would help users stay up-to-date with security patches and compatibility improvements in urllib3.

Other packages are starting to require urllib3 >= 2.5 and this is bringing some incompatibilities.

Thanks!