Update containerd to 1.4.0-beta.2 and K8s to 1.19.0-rc.0
This unbreaks bbolt (as part of containerd) on 1.14+ (see https://github.com/etcd-io/bbolt/pull/201 and
https://github.com/etcd-io/bbolt/pull/220), pulls in my patch to ignore image-defined volumes
(https://github.com/containerd/cri/pull/1504) and gets us some robustness fixes in containerd CNI/CRI integration
(https://github.com/containerd/cri/pull/1405). This also updates K8s at the same time since they share a lot of
dependencies and only updating one is very annoying. On the K8s side we mostly get the standard stream of fixes
plus some patches that are no longer necessary.
One annoying on the K8s side (but with no impact to the functionality) are these messages in the logs of various
components:
```
W0714 11:51:26.323590 1 warnings.go:67] policy/v1beta1 PodSecurityPolicy is deprecated in v1.22+, unavailable in v1.25+
```
They are caused by KEP-1635, but there's not explanation why this gets logged so aggressively considering the operators
cannot do anything about it. There's no newer version of PodSecurityPolicy and you are pretty much required to use it if
you use RBAC.
Test Plan: Covered by existing tests
Bug: T753
X-Origin-Diff: phab/D597
GitOrigin-RevId: f6c447da1de037c27646f9ec9f45ebd5d6660ab0
diff --git a/third_party/go/patches/k8s-native-mounter.patch b/third_party/go/patches/k8s-native-mounter.patch
index 5e95bfd..2f754b6 100644
--- a/third_party/go/patches/k8s-native-mounter.patch
+++ b/third_party/go/patches/k8s-native-mounter.patch
@@ -60,7 +60,7 @@
"syscall"
+ "golang.org/x/sys/unix"
- "k8s.io/klog"
+ "k8s.io/klog/v2"
utilexec "k8s.io/utils/exec"
utilio "k8s.io/utils/io"
@@ -49,8 +51,10 @@ const (