treewide: update Kubernetes to 1.32
Relatively easy change, one cadvisor fix is temporarily needed. The
legacy log dir patch needed to be rebased, that's about it.
I enabled single-process OOM killing again as that was the default for
cgroupv1 and IMO the more sane behavior.
Upstrem changelog at:
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md
Change-Id: I537a6e37137d05efb6eec8635915e36fd8b37cbc
Reviewed-on: https://review.monogon.dev/c/monogon/+/3721
Reviewed-by: Jan Schär <jan@monogon.tech>
Tested-by: Jenkins CI
diff --git a/third_party/go/patches/cadvisor-errdefs1.patch b/third_party/go/patches/cadvisor-errdefs1.patch
new file mode 100644
index 0000000..c044e7a
--- /dev/null
+++ b/third_party/go/patches/cadvisor-errdefs1.patch
@@ -0,0 +1,49 @@
+containerd released a 0.1 preview of errdefs which was changed significantly before
+containerd 2.0 was released together with the 1.0 version of the errdefs package.
+
+cadvisor uses this preview version which cannot coexist with v1, so adjust it for
+v1. Should go away on next cadvisor release as they will do this upstream.
+
+https://github.com/google/cadvisor/pull/3622
+https://github.com/kubernetes/kubernetes/issues/128572
+
+diff --git a/container/containerd/client.go b/container/containerd/client.go
+index ff5625170a..34134baf3e 100644
+--- a/container/containerd/client.go
++++ b/container/containerd/client.go
+@@ -26,7 +26,7 @@ import (
+ tasksapi "github.com/containerd/containerd/api/services/tasks/v1"
+ versionapi "github.com/containerd/containerd/api/services/version/v1"
+ tasktypes "github.com/containerd/containerd/api/types/task"
+- "github.com/containerd/errdefs"
++ "github.com/containerd/errdefs/pkg/errgrpc"
+ "google.golang.org/grpc"
+ "google.golang.org/grpc/backoff"
+ "google.golang.org/grpc/credentials/insecure"
+@@ -114,7 +114,7 @@ func (c *client) LoadContainer(ctx context.Context, id string) (*containers.Cont
+ ID: id,
+ })
+ if err != nil {
+- return nil, errdefs.FromGRPC(err)
++ return nil, errgrpc.ToNative(err)
+ }
+ return containerFromProto(r.Container), nil
+ }
+@@ -124,7 +124,7 @@ func (c *client) TaskPid(ctx context.Context, id string) (uint32, error) {
+ ContainerID: id,
+ })
+ if err != nil {
+- return 0, errdefs.FromGRPC(err)
++ return 0, errgrpc.ToNative(err)
+ }
+ if response.Process.Status == tasktypes.Status_UNKNOWN {
+ return 0, ErrTaskIsInUnknownState
+@@ -135,7 +135,7 @@ func (c *client) TaskPid(ctx context.Context, id string) (uint32, error) {
+ func (c *client) Version(ctx context.Context) (string, error) {
+ response, err := c.versionService.Version(ctx, &emptypb.Empty{})
+ if err != nil {
+- return "", errdefs.FromGRPC(err)
++ return "", errgrpc.ToNative(err)
+ }
+ return response.Version, nil
+ }
diff --git a/third_party/go/patches/k8s-drop-legacy-log-path.patch b/third_party/go/patches/k8s-drop-legacy-log-path.patch
index 5c164ca..44fb6aa 100644
--- a/third_party/go/patches/k8s-drop-legacy-log-path.patch
+++ b/third_party/go/patches/k8s-drop-legacy-log-path.patch
@@ -1,4 +1,4 @@
-From 4d98a0637eee66923b854ef75653f74aeb37240b Mon Sep 17 00:00:00 2001
+From 7844c9ec1cdef485731a4858a48b854986387591 Mon Sep 17 00:00:00 2001
From: Lorenz Brun <lorenz@monogon.tech>
Date: Wed, 16 Mar 2022 18:10:09 +0100
Subject: [PATCH] Drop legacy log path
@@ -7,15 +7,14 @@
pkg/kubelet/kubelet.go | 7 ---
.../kuberuntime/kuberuntime_container.go | 36 ---------------
pkg/kubelet/kuberuntime/kuberuntime_gc.go | 46 -------------------
- pkg/kubelet/runonce.go | 8 ----
test/e2e_node/log_path_test.go | 18 --------
- 5 files changed, 115 deletions(-)
+ 4 files changed, 107 deletions(-)
diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go
-index 5d848de88fb..0495eaed7d1 100644
+index b8bbfece860..e6aa5e8359b 100644
--- a/pkg/kubelet/kubelet.go
+++ b/pkg/kubelet/kubelet.go
-@@ -1506,13 +1506,6 @@ func (kl *Kubelet) initializeModules() error {
+@@ -1589,13 +1589,6 @@ func (kl *Kubelet) initializeModules() error {
return err
}
@@ -26,16 +25,16 @@
- }
- }
-
- if sysruntime.GOOS == "windows" {
+ if goos == "windows" {
// On Windows we should not allow other users to read the logs directory
// to avoid allowing non-root containers from reading the logs of other containers.
diff --git a/pkg/kubelet/kuberuntime/kuberuntime_container.go b/pkg/kubelet/kuberuntime/kuberuntime_container.go
-index b049540d0d3..7b1baa29c14 100644
+index a154754d285..df87ff82f7d 100644
--- a/pkg/kubelet/kuberuntime/kuberuntime_container.go
+++ b/pkg/kubelet/kuberuntime/kuberuntime_container.go
-@@ -285,25 +285,6 @@ func (m *kubeGenericRuntimeManager) startContainer(ctx context.Context, podSandb
+@@ -286,25 +286,6 @@ func (m *kubeGenericRuntimeManager) startContainer(ctx context.Context, podSandb
}
- m.recordContainerEvent(pod, container, containerID, v1.EventTypeNormal, events.StartedContainer, fmt.Sprintf("Started container %s", container.Name))
+ m.recordContainerEvent(pod, container, containerID, v1.EventTypeNormal, events.StartedContainer, "Started container %v", container.Name)
- // Symlink container logs to the legacy container log location for cluster logging
- // support.
@@ -59,7 +58,7 @@
// Step 4: execute the post start hook.
if container.Lifecycle != nil && container.Lifecycle.PostStart != nil {
kubeContainerID := kubecontainer.ContainerID{
-@@ -1317,23 +1298,6 @@ func (m *kubeGenericRuntimeManager) removeContainerLog(ctx context.Context, cont
+@@ -1335,23 +1316,6 @@ func (m *kubeGenericRuntimeManager) removeContainerLog(ctx context.Context, cont
return err
}
@@ -147,32 +146,6 @@
return nil
}
-diff --git a/pkg/kubelet/runonce.go b/pkg/kubelet/runonce.go
-index 448df444869..d5ecd47337f 100644
---- a/pkg/kubelet/runonce.go
-+++ b/pkg/kubelet/runonce.go
-@@ -19,7 +19,6 @@ package kubelet
- import (
- "context"
- "fmt"
-- "os"
- "time"
-
- v1 "k8s.io/api/core/v1"
-@@ -50,13 +49,6 @@ func (kl *Kubelet) RunOnce(updates <-chan kubetypes.PodUpdate) ([]RunPodResult,
- return nil, err
- }
-
-- // If the container logs directory does not exist, create it.
-- if _, err := os.Stat(ContainerLogsDir); err != nil {
-- if err := kl.os.MkdirAll(ContainerLogsDir, 0755); err != nil {
-- klog.ErrorS(err, "Failed to create directory", "path", ContainerLogsDir)
-- }
-- }
--
- select {
- case u := <-updates:
- klog.InfoS("Processing manifest with pods", "numPods", len(u.Pods))
diff --git a/test/e2e_node/log_path_test.go b/test/e2e_node/log_path_test.go
index a1589e6d91e..179206eb1dd 100644
--- a/test/e2e_node/log_path_test.go
@@ -210,5 +183,5 @@
ginkgo.It("should print log to correct cri log path", func(ctx context.Context) {
--
-2.44.1
+2.47.0