commit 837cb8e459b9eefabe89ab17df0b7dafb5e3d631
author Lorenz Brun <lorenz@monogon.tech> Mon Dec 23 13:52:56 2024 +0100
committer Lorenz Brun <lorenz@monogon.tech> Mon Dec 23 21:59:59 2024 +0000
tree 32337d84d4f32b0c2c523e2c5bd177f4acfe4808
parent b6afed68fd1d2ee9b32d395b388d2db1338d0fa0

treewide: update Kubernetes to 1.32

Relatively easy change, one cadvisor fix is temporarily needed. The
legacy log dir patch needed to be rebased, that's about it.

I enabled single-process OOM killing again as that was the default for
cgroupv1 and IMO the more sane behavior.

Upstrem changelog at:
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md

Change-Id: I537a6e37137d05efb6eec8635915e36fd8b37cbc
Reviewed-on: https://review.monogon.dev/c/monogon/+/3721
Reviewed-by: Jan Schär <jan@monogon.tech>
Tested-by: Jenkins CI

third_party/go/patches/cadvisor-errdefs1.patch

diff --git a/third_party/go/patches/cadvisor-errdefs1.patch b/third_party/go/patches/cadvisor-errdefs1.patch
new file mode 100644
index 0000000..c044e7a
--- /dev/null
+++ b/third_party/go/patches/cadvisor-errdefs1.patch
@@ -0,0 +1,49 @@
+containerd released a 0.1 preview of errdefs which was changed significantly before
+containerd 2.0 was released together with the 1.0 version of the errdefs package.
+
+cadvisor uses this preview version which cannot coexist with v1, so adjust it for
+v1. Should go away on next cadvisor release as they will do this upstream.
+
+https://github.com/google/cadvisor/pull/3622
+https://github.com/kubernetes/kubernetes/issues/128572
+
+diff --git a/container/containerd/client.go b/container/containerd/client.go
+index ff5625170a..34134baf3e 100644
+--- a/container/containerd/client.go
++++ b/container/containerd/client.go
+@@ -26,7 +26,7 @@ import (
+ 	tasksapi "github.com/containerd/containerd/api/services/tasks/v1"
+ 	versionapi "github.com/containerd/containerd/api/services/version/v1"
+ 	tasktypes "github.com/containerd/containerd/api/types/task"
+-	"github.com/containerd/errdefs"
++	"github.com/containerd/errdefs/pkg/errgrpc"
+ 	"google.golang.org/grpc"
+ 	"google.golang.org/grpc/backoff"
+ 	"google.golang.org/grpc/credentials/insecure"
+@@ -114,7 +114,7 @@ func (c *client) LoadContainer(ctx context.Context, id string) (*containers.Cont
+ 		ID: id,
+ 	})
+ 	if err != nil {
+-		return nil, errdefs.FromGRPC(err)
++		return nil, errgrpc.ToNative(err)
+ 	}
+ 	return containerFromProto(r.Container), nil
+ }
+@@ -124,7 +124,7 @@ func (c *client) TaskPid(ctx context.Context, id string) (uint32, error) {
+ 		ContainerID: id,
+ 	})
+ 	if err != nil {
+-		return 0, errdefs.FromGRPC(err)
++		return 0, errgrpc.ToNative(err)
+ 	}
+ 	if response.Process.Status == tasktypes.Status_UNKNOWN {
+ 		return 0, ErrTaskIsInUnknownState
+@@ -135,7 +135,7 @@ func (c *client) TaskPid(ctx context.Context, id string) (uint32, error) {
+ func (c *client) Version(ctx context.Context) (string, error) {
+ 	response, err := c.versionService.Version(ctx, &emptypb.Empty{})
+ 	if err != nil {
+-		return "", errdefs.FromGRPC(err)
++		return "", errgrpc.ToNative(err)
+ 	}
+ 	return response.Version, nil
+ }