workspace: update to Kubernetes 1.24
This updates our Kubernetes to 1.24. nfproxy needed a small patch as
K8s decided to gratuitously rename a utility method. CoreDNS also needed
a small patch because they implement an interface which had one method
renamed and deprecated by Kubernetes. This is going upstream as
https://github.com/coredns/coredns/pull/5364. Kubernetes adopted runc
1.1 upstream so we could drop our patch there.
Overall this was fairly painless and took 1h16min including PRing and
writing this commit message.
Change-Id: Icda6ad2df96364fd25f50443791147df40bb485c
Reviewed-on: https://review.monogon.dev/c/monogon/+/674
Reviewed-by: Leopold Schabel <leo@nexantic.com>
diff --git a/third_party/go/patches/cel-fix-googleapis.patch b/third_party/go/patches/cel-fix-googleapis.patch
index 518cdd0..64767ce 100644
--- a/third_party/go/patches/cel-fix-googleapis.patch
+++ b/third_party/go/patches/cel-fix-googleapis.patch
@@ -1,8 +1,10 @@
-From 86ef097e120745353232555f1d87382cac5ce2f0 Mon Sep 17 00:00:00 2001
-From: Lorenz Brun <lorenz@monogon.tech>
+From 2e9547d93456722db9e4336ea0b2ab8dfc3f2ade Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@brun.one>
Date: Mon, 21 Mar 2022 16:11:14 +0100
-Subject: [PATCH] Fix googleapis import paths
+Subject: [PATCH 2/2] Fix googleapis import paths
+Generated using this sed expression:
+s#@org_golang_google_genproto//googleapis/#@go_googleapis//google/#
---
cel/BUILD.bazel | 4 ++--
checker/BUILD.bazel | 2 +-
@@ -10,7 +12,7 @@
common/BUILD.bazel | 2 +-
common/containers/BUILD.bazel | 4 ++--
common/debug/BUILD.bazel | 2 +-
- common/types/BUILD.bazel | 4 ++--
+ common/types/BUILD.bazel | 6 +++---
common/types/pb/BUILD.bazel | 2 +-
common/types/ref/BUILD.bazel | 2 +-
ext/BUILD.bazel | 2 +-
@@ -18,13 +20,13 @@
parser/BUILD.bazel | 2 +-
server/BUILD.bazel | 12 ++++++------
test/BUILD.bazel | 2 +-
- 14 files changed, 23 insertions(+), 23 deletions(-)
+ 14 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/cel/BUILD.bazel b/cel/BUILD.bazel
-index aed8274..6a5b8f2 100644
+index b43beed..aabc323 100644
--- a/cel/BUILD.bazel
+++ b/cel/BUILD.bazel
-@@ -27,7 +27,7 @@ go_library(
+@@ -28,7 +28,7 @@ go_library(
"//interpreter:go_default_library",
"//interpreter/functions:go_default_library",
"//parser:go_default_library",
@@ -33,19 +35,21 @@
"@org_golang_google_protobuf//proto:go_default_library",
"@org_golang_google_protobuf//reflect/protodesc:go_default_library",
"@org_golang_google_protobuf//reflect/protoreflect:go_default_library",
-@@ -59,6 +59,6 @@ go_test(
+@@ -64,8 +64,8 @@ go_test(
+ "//test:go_default_library",
"//test/proto2pb:go_default_library",
"//test/proto3pb:go_default_library",
++ "@go_googleapis//google/api/expr/v1alpha1:expr_go_proto",
"@io_bazel_rules_go//proto/wkt:descriptor_go_proto",
- "@org_golang_google_genproto//googleapis/api/expr/v1alpha1:go_default_library",
-+ "@go_googleapis//google/api/expr/v1alpha1:expr_go_proto",
+ "@org_golang_google_protobuf//types/known/structpb:go_default_library",
],
)
diff --git a/checker/BUILD.bazel b/checker/BUILD.bazel
-index 0f6e469..0873707 100644
+index bec40b6..1deaba7 100644
--- a/checker/BUILD.bazel
+++ b/checker/BUILD.bazel
-@@ -28,7 +28,7 @@ go_library(
+@@ -30,7 +30,7 @@ go_library(
"//common/types/pb:go_default_library",
"//common/types/ref:go_default_library",
"//parser:go_default_library",
@@ -55,7 +59,7 @@
"@org_golang_google_protobuf//types/known/emptypb:go_default_library",
"@org_golang_google_protobuf//types/known/structpb:go_default_library",
diff --git a/checker/decls/BUILD.bazel b/checker/decls/BUILD.bazel
-index 5a24f1d..9c6bfbc 100644
+index 5a24f1d..de067ae 100644
--- a/checker/decls/BUILD.bazel
+++ b/checker/decls/BUILD.bazel
@@ -13,7 +13,7 @@ go_library(
@@ -68,10 +72,10 @@
"@org_golang_google_protobuf//types/known/structpb:go_default_library",
],
diff --git a/common/BUILD.bazel b/common/BUILD.bazel
-index 9e4ad65..d306934 100644
+index a0058ae..3c1b00b 100644
--- a/common/BUILD.bazel
+++ b/common/BUILD.bazel
-@@ -16,7 +16,7 @@ go_library(
+@@ -17,7 +17,7 @@ go_library(
importpath = "github.com/google/cel-go/common",
deps = [
"//common/runes:go_default_library",
@@ -81,7 +85,7 @@
],
)
diff --git a/common/containers/BUILD.bazel b/common/containers/BUILD.bazel
-index 18142d9..3c45794 100644
+index 18142d9..7ab7767 100644
--- a/common/containers/BUILD.bazel
+++ b/common/containers/BUILD.bazel
@@ -12,7 +12,7 @@ go_library(
@@ -102,7 +106,7 @@
],
)
diff --git a/common/debug/BUILD.bazel b/common/debug/BUILD.bazel
-index cf5c5d2..6db7f55 100644
+index cf5c5d2..07e48fe 100644
--- a/common/debug/BUILD.bazel
+++ b/common/debug/BUILD.bazel
@@ -13,6 +13,6 @@ go_library(
@@ -114,19 +118,21 @@
],
)
diff --git a/common/types/BUILD.bazel b/common/types/BUILD.bazel
-index 32789f5..e3970fd 100644
+index 1f77c86..1847312 100644
--- a/common/types/BUILD.bazel
+++ b/common/types/BUILD.bazel
-@@ -37,7 +37,7 @@ go_library(
+@@ -38,8 +38,8 @@ go_library(
"//common/types/ref:go_default_library",
"//common/types/traits:go_default_library",
"@com_github_stoewer_go_strcase//:go_default_library",
- "@org_golang_google_genproto//googleapis/api/expr/v1alpha1:go_default_library",
+- "@org_golang_google_genproto//googleapis/rpc/status:go_default_library",
+ "@go_googleapis//google/api/expr/v1alpha1:expr_go_proto",
++ "@go_googleapis//google/rpc:status_go_proto",
+ "@org_golang_google_grpc//codes:go_default_library",
+ "@org_golang_google_grpc//status:go_default_library",
"@org_golang_google_protobuf//encoding/protojson:go_default_library",
- "@org_golang_google_protobuf//proto:go_default_library",
- "@org_golang_google_protobuf//reflect/protoreflect:go_default_library",
-@@ -75,7 +75,7 @@ go_test(
+@@ -79,7 +79,7 @@ go_test(
"//common/types/ref:go_default_library",
"//test:go_default_library",
"//test/proto3pb:test_all_types_go_proto",
@@ -136,20 +142,20 @@
"@org_golang_google_protobuf//types/known/anypb:go_default_library",
"@org_golang_google_protobuf//types/known/durationpb:go_default_library",
diff --git a/common/types/pb/BUILD.bazel b/common/types/pb/BUILD.bazel
-index b0c79a7..37cd0a7 100644
+index f23ac9c..fc142f4 100644
--- a/common/types/pb/BUILD.bazel
+++ b/common/types/pb/BUILD.bazel
-@@ -16,7 +16,7 @@ go_library(
+@@ -17,7 +17,7 @@ go_library(
],
importpath = "github.com/google/cel-go/common/types/pb",
deps = [
- "@org_golang_google_genproto//googleapis/api/expr/v1alpha1:go_default_library",
+ "@go_googleapis//google/api/expr/v1alpha1:expr_go_proto",
+ "@org_golang_google_protobuf//encoding/protowire:go_default_library",
"@org_golang_google_protobuf//proto:go_default_library",
"@org_golang_google_protobuf//reflect/protoreflect:go_default_library",
- "@org_golang_google_protobuf//reflect/protoregistry:go_default_library",
diff --git a/common/types/ref/BUILD.bazel b/common/types/ref/BUILD.bazel
-index 1d0f468..9243b47 100644
+index 1d0f468..73e84b3 100644
--- a/common/types/ref/BUILD.bazel
+++ b/common/types/ref/BUILD.bazel
@@ -13,7 +13,7 @@ go_library(
@@ -162,12 +168,12 @@
"@org_golang_google_protobuf//reflect/protoreflect:go_default_library",
],
diff --git a/ext/BUILD.bazel b/ext/BUILD.bazel
-index 2b98ad3..68a9d72 100644
+index 582a79a..1d186f8 100644
--- a/ext/BUILD.bazel
+++ b/ext/BUILD.bazel
-@@ -19,7 +19,7 @@ go_library(
- "//common/types:go_default_library",
+@@ -20,7 +20,7 @@ go_library(
"//common/types/ref:go_default_library",
+ "//common/types/traits:go_default_library",
"//interpreter/functions:go_default_library",
- "@org_golang_google_genproto//googleapis/api/expr/v1alpha1:go_default_library",
+ "@go_googleapis//google/api/expr/v1alpha1:expr_go_proto",
@@ -175,10 +181,10 @@
)
diff --git a/interpreter/BUILD.bazel b/interpreter/BUILD.bazel
-index 2f4079f..6b30db8 100644
+index 04a3ec7..5a31467 100644
--- a/interpreter/BUILD.bazel
+++ b/interpreter/BUILD.bazel
-@@ -30,7 +30,7 @@ go_library(
+@@ -32,7 +32,7 @@ go_library(
"//common/types/ref:go_default_library",
"//common/types/traits:go_default_library",
"//interpreter/functions:go_default_library",
@@ -187,7 +193,7 @@
"@org_golang_google_protobuf//proto:go_default_library",
"@org_golang_google_protobuf//types/known/durationpb:go_default_library",
"@org_golang_google_protobuf//types/known/structpb:go_default_library",
-@@ -63,7 +63,7 @@ go_test(
+@@ -65,7 +65,7 @@ go_test(
"//test:go_default_library",
"//test/proto2pb:go_default_library",
"//test/proto3pb:go_default_library",
@@ -197,7 +203,7 @@
"@org_golang_google_protobuf//types/known/anypb:go_default_library",
],
diff --git a/parser/BUILD.bazel b/parser/BUILD.bazel
-index b76e6e4..c098fe6 100644
+index b76e6e4..3ff9ba3 100644
--- a/parser/BUILD.bazel
+++ b/parser/BUILD.bazel
@@ -24,7 +24,7 @@ go_library(
@@ -210,11 +216,11 @@
"@org_golang_google_protobuf//types/known/structpb:go_default_library",
],
diff --git a/server/BUILD.bazel b/server/BUILD.bazel
-index 7174aa9..a4d9ff6 100644
+index 4629ca4..fddf409 100644
--- a/server/BUILD.bazel
+++ b/server/BUILD.bazel
-@@ -19,9 +19,9 @@ go_library(
- "//common/types/traits:go_default_library",
+@@ -18,9 +18,9 @@ go_library(
+ "//common/types/ref:go_default_library",
"@com_google_cel_spec//proto/test/v1/proto2:test_all_types_go_proto",
"@com_google_cel_spec//proto/test/v1/proto3:test_all_types_go_proto",
- "@org_golang_google_genproto//googleapis/api/expr/conformance/v1alpha1:go_default_library",
@@ -222,11 +228,11 @@
- "@org_golang_google_genproto//googleapis/rpc/status:go_default_library",
+ "@go_googleapis//google/api/expr/conformance/v1alpha1:conformance_go_proto",
+ "@go_googleapis//google/api/expr/v1alpha1:expr_go_proto",
-+ "@go_googleapis//google/rpc/status:status_go_proto",
++ "@go_googleapis//google/rpc:status_go_proto",
"@org_golang_google_grpc//codes:go_default_library",
"@org_golang_google_grpc//status:go_default_library",
"@org_golang_google_protobuf//proto:go_default_library",
-@@ -44,8 +44,8 @@ go_test(
+@@ -41,8 +41,8 @@ go_test(
"//common/operators:go_default_library",
"//test:go_default_library",
"@com_google_cel_spec//tools/celrpc:go_default_library",
@@ -235,14 +241,14 @@
- "@org_golang_google_genproto//googleapis/rpc/status:go_default_library",
+ "@go_googleapis//google/api/expr/conformance/v1alpha1:conformance_go_proto",
+ "@go_googleapis//google/api/expr/v1alpha1:expr_go_proto",
-+ "@go_googleapis//google/rpc/status:status_go_proto",
++ "@go_googleapis//google/rpc:status_go_proto",
],
)
diff --git a/test/BUILD.bazel b/test/BUILD.bazel
-index 0d39c70..3b8c460 100644
+index 057beaa..233dad7 100644
--- a/test/BUILD.bazel
+++ b/test/BUILD.bazel
-@@ -20,7 +20,7 @@ go_library(
+@@ -21,7 +21,7 @@ go_library(
importpath = "github.com/google/cel-go/test",
deps = [
"//common/operators:go_default_library",
diff --git a/third_party/go/patches/coredns-adopt-to-k8s-1.24.patch b/third_party/go/patches/coredns-adopt-to-k8s-1.24.patch
new file mode 100644
index 0000000..93c4865
--- /dev/null
+++ b/third_party/go/patches/coredns-adopt-to-k8s-1.24.patch
@@ -0,0 +1,28 @@
+From e41145bf0e32b404477ec89f76fb99fe1c33874a Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@monogon.tech>
+Date: Wed, 4 May 2022 18:47:00 +0200
+Subject: [PATCH] Bump Kubernetes to 1.24
+
+diff --git a/plugin/kubernetes/object/object.go b/plugin/kubernetes/object/object.go
+index 7111833e..34217797 100644
+--- a/plugin/kubernetes/object/object.go
++++ b/plugin/kubernetes/object/object.go
+@@ -100,11 +100,11 @@ func (e *Empty) GetOwnerReferences() []v1.OwnerReference { return nil }
+ // SetOwnerReferences implements the metav1.Object interface.
+ func (e *Empty) SetOwnerReferences([]v1.OwnerReference) {}
+
+-// GetClusterName implements the metav1.Object interface.
+-func (e *Empty) GetClusterName() string { return "" }
++// GetZZZ_DeprecatedClusterName implements the metav1.Object interface.
++func (e *Empty) GetZZZ_DeprecatedClusterName() string { return "" }
+
+-// SetClusterName implements the metav1.Object interface.
+-func (e *Empty) SetClusterName(clusterName string) {}
++// SetZZZ_DeprecatedClusterName implements the metav1.Object interface.
++func (e *Empty) SetZZZ_DeprecatedClusterName(clusterName string) {}
+
+ // GetManagedFields implements the metav1.Object interface.
+ func (e *Empty) GetManagedFields() []v1.ManagedFieldsEntry { return nil }
+--
+2.25.1
+
diff --git a/third_party/go/patches/k8s-adopt-to-runc-1.1.patch b/third_party/go/patches/k8s-adopt-to-runc-1.1.patch
deleted file mode 100644
index 8bfdcf2..0000000
--- a/third_party/go/patches/k8s-adopt-to-runc-1.1.patch
+++ /dev/null
@@ -1,168 +0,0 @@
-From 1564b39d0fbeac776a0d92236a0ca0c7cbdc6c5c Mon Sep 17 00:00:00 2001
-From: Lorenz Brun <lorenz@monogon.tech>
-Date: Mon, 21 Mar 2022 15:21:25 +0100
-Subject: [PATCH 2/2] Adopt to API breakage in runc 1.1.0
-
----
- pkg/kubelet/cm/cgroup_manager_linux.go | 11 ++++++-----
- pkg/kubelet/cm/container_manager_linux.go | 4 ++--
- pkg/kubelet/cm/qos_container_manager_linux.go | 4 ++--
- pkg/kubelet/dockershim/cm/container_manager_linux.go | 2 +-
- .../kuberuntime/kuberuntime_container_linux.go | 4 ++--
- .../kuberuntime/kuberuntime_container_linux_test.go | 6 +++---
- 6 files changed, 16 insertions(+), 15 deletions(-)
-
-diff --git a/pkg/kubelet/cm/cgroup_manager_linux.go b/pkg/kubelet/cm/cgroup_manager_linux.go
-index 230173690d5..4bd50db5050 100644
---- a/pkg/kubelet/cm/cgroup_manager_linux.go
-+++ b/pkg/kubelet/cm/cgroup_manager_linux.go
-@@ -27,6 +27,7 @@ import (
- "sync"
- "time"
-
-+ "github.com/opencontainers/runc/libcontainer/cgroups"
- libcontainercgroups "github.com/opencontainers/runc/libcontainer/cgroups"
- cgroupfs "github.com/opencontainers/runc/libcontainer/cgroups/fs"
- cgroupfs2 "github.com/opencontainers/runc/libcontainer/cgroups/fs2"
-@@ -150,18 +151,18 @@ func (l *libcontainerAdapter) newManager(cgroups *libcontainerconfigs.Cgroup, pa
- switch l.cgroupManagerType {
- case libcontainerCgroupfs:
- if libcontainercgroups.IsCgroup2UnifiedMode() {
-- return cgroupfs2.NewManager(cgroups, paths["memory"], false)
-+ return cgroupfs2.NewManager(cgroups, paths["memory"])
- }
-- return cgroupfs.NewManager(cgroups, paths, false), nil
-+ return cgroupfs.NewManager(cgroups, paths)
- case libcontainerSystemd:
- // this means you asked systemd to manage cgroups, but systemd was not on the host, so all you can do is panic...
- if !cgroupsystemd.IsRunningSystemd() {
- panic("systemd cgroup manager not available")
- }
- if libcontainercgroups.IsCgroup2UnifiedMode() {
-- return cgroupsystemd.NewUnifiedManager(cgroups, paths["memory"], false), nil
-+ return cgroupsystemd.NewUnifiedManager(cgroups, paths["memory"])
- }
-- return cgroupsystemd.NewLegacyManager(cgroups, paths), nil
-+ return cgroupsystemd.NewLegacyManager(cgroups, paths)
- }
- return nil, fmt.Errorf("invalid cgroup manager configuration")
- }
-@@ -420,7 +421,7 @@ func (m *cgroupManagerImpl) toResources(resourceConfig *ResourceConfig) *libcont
- pageSizes.Insert(sizeString)
- }
- // for each page size omitted, limit to 0
-- for _, pageSize := range cgroupfs.HugePageSizes {
-+ for _, pageSize := range cgroups.HugePageSizes() {
- if pageSizes.Has(pageSize) {
- continue
- }
-diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go
-index 3892bae081d..4c79f212ab5 100644
---- a/pkg/kubelet/cm/container_manager_linux.go
-+++ b/pkg/kubelet/cm/container_manager_linux.go
-@@ -401,10 +401,10 @@ func createManager(containerName string) (cgroups.Manager, error) {
- }
-
- if cgroups.IsCgroup2UnifiedMode() {
-- return cgroupfs2.NewManager(cg, "", false)
-+ return cgroupfs2.NewManager(cg, "")
-
- }
-- return cgroupfs.NewManager(cg, nil, false), nil
-+ return cgroupfs.NewManager(cg, nil)
- }
-
- type KernelTunableBehavior string
-diff --git a/pkg/kubelet/cm/qos_container_manager_linux.go b/pkg/kubelet/cm/qos_container_manager_linux.go
-index bb79109b141..d0a78db2483 100644
---- a/pkg/kubelet/cm/qos_container_manager_linux.go
-+++ b/pkg/kubelet/cm/qos_container_manager_linux.go
-@@ -28,8 +28,8 @@ import (
- "k8s.io/apimachinery/pkg/util/wait"
-
- units "github.com/docker/go-units"
-+ "github.com/opencontainers/runc/libcontainer/cgroups"
- libcontainercgroups "github.com/opencontainers/runc/libcontainer/cgroups"
-- cgroupfs "github.com/opencontainers/runc/libcontainer/cgroups/fs"
- v1 "k8s.io/api/core/v1"
- utilfeature "k8s.io/apiserver/pkg/util/feature"
- "k8s.io/kubernetes/pkg/api/v1/resource"
-@@ -147,7 +147,7 @@ func (m *qosContainerManagerImpl) Start(getNodeAllocatable func() v1.ResourceLis
- // setHugePagesUnbounded ensures hugetlb is effectively unbounded
- func (m *qosContainerManagerImpl) setHugePagesUnbounded(cgroupConfig *CgroupConfig) error {
- hugePageLimit := map[int64]int64{}
-- for _, pageSize := range cgroupfs.HugePageSizes {
-+ for _, pageSize := range cgroups.HugePageSizes() {
- pageSizeBytes, err := units.RAMInBytes(pageSize)
- if err != nil {
- return err
-diff --git a/pkg/kubelet/dockershim/cm/container_manager_linux.go b/pkg/kubelet/dockershim/cm/container_manager_linux.go
-index 759e27f26c5..93d6c51ac00 100644
---- a/pkg/kubelet/dockershim/cm/container_manager_linux.go
-+++ b/pkg/kubelet/dockershim/cm/container_manager_linux.go
-@@ -129,7 +129,7 @@ func createCgroupManager(name string) (cgroups.Manager, error) {
- SkipDevices: true,
- },
- }
-- return cgroupfs.NewManager(cg, nil, false), nil
-+ return cgroupfs.NewManager(cg, nil)
- }
-
- // getMemoryCapacity returns the memory capacity on the machine in bytes.
-diff --git a/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go b/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go
-index 6cb9e54729e..fd922f07c7c 100644
---- a/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go
-+++ b/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go
-@@ -23,8 +23,8 @@ import (
- "strconv"
- "time"
-
-+ "github.com/opencontainers/runc/libcontainer/cgroups"
- libcontainercgroups "github.com/opencontainers/runc/libcontainer/cgroups"
-- cgroupfs "github.com/opencontainers/runc/libcontainer/cgroups/fs"
- v1 "k8s.io/api/core/v1"
- "k8s.io/apimachinery/pkg/api/resource"
- utilfeature "k8s.io/apiserver/pkg/util/feature"
-@@ -170,7 +170,7 @@ func GetHugepageLimitsFromResources(resources v1.ResourceRequirements) []*runtim
- var hugepageLimits []*runtimeapi.HugepageLimit
-
- // For each page size, limit to 0.
-- for _, pageSize := range cgroupfs.HugePageSizes {
-+ for _, pageSize := range cgroups.HugePageSizes() {
- hugepageLimits = append(hugepageLimits, &runtimeapi.HugepageLimit{
- PageSize: pageSize,
- Limit: uint64(0),
-diff --git a/pkg/kubelet/kuberuntime/kuberuntime_container_linux_test.go b/pkg/kubelet/kuberuntime/kuberuntime_container_linux_test.go
-index 46817e00fb0..f166adc6fe1 100644
---- a/pkg/kubelet/kuberuntime/kuberuntime_container_linux_test.go
-+++ b/pkg/kubelet/kuberuntime/kuberuntime_container_linux_test.go
-@@ -25,7 +25,7 @@ import (
- "testing"
-
- "github.com/google/go-cmp/cmp"
-- cgroupfs "github.com/opencontainers/runc/libcontainer/cgroups/fs"
-+ "github.com/opencontainers/runc/libcontainer/cgroups"
- "github.com/stretchr/testify/assert"
- v1 "k8s.io/api/core/v1"
- "k8s.io/apimachinery/pkg/api/resource"
-@@ -366,7 +366,7 @@ func TestGetHugepageLimitsFromResources(t *testing.T) {
- var baseHugepage []*runtimeapi.HugepageLimit
-
- // For each page size, limit to 0.
-- for _, pageSize := range cgroupfs.HugePageSizes {
-+ for _, pageSize := range cgroups.HugePageSizes() {
- baseHugepage = append(baseHugepage, &runtimeapi.HugepageLimit{
- PageSize: pageSize,
- Limit: uint64(0),
-@@ -481,7 +481,7 @@ func TestGetHugepageLimitsFromResources(t *testing.T) {
- machineHugepageSupport := true
- for _, hugepageLimit := range test.expected {
- hugepageSupport := false
-- for _, pageSize := range cgroupfs.HugePageSizes {
-+ for _, pageSize := range cgroups.HugePageSizes() {
- if pageSize == hugepageLimit.PageSize {
- hugepageSupport = true
- break
---
-2.25.1
-
diff --git a/third_party/go/patches/k8s-drop-legacy-log-path.patch b/third_party/go/patches/k8s-drop-legacy-log-path.patch
index 356a681..6f37db7 100644
--- a/third_party/go/patches/k8s-drop-legacy-log-path.patch
+++ b/third_party/go/patches/k8s-drop-legacy-log-path.patch
@@ -1,21 +1,21 @@
-From b2d875981cec8eda9c041f858004f613ea928895 Mon Sep 17 00:00:00 2001
+From 6b4af308e9b420c146983ddb031fd80be0a15ec9 Mon Sep 17 00:00:00 2001
From: Lorenz Brun <lorenz@monogon.tech>
Date: Wed, 16 Mar 2022 18:10:09 +0100
-Subject: [PATCH] Drop legacy log path
+Subject: [PATCH 3/5] Drop legacy log path
---
- pkg/kubelet/kubelet.go | 7 ----
- .../kuberuntime/kuberuntime_container.go | 32 ---------------
- pkg/kubelet/kuberuntime/kuberuntime_gc.go | 39 -------------------
+ pkg/kubelet/kubelet.go | 7 ---
+ .../kuberuntime/kuberuntime_container.go | 36 ---------------
+ pkg/kubelet/kuberuntime/kuberuntime_gc.go | 46 -------------------
pkg/kubelet/runonce.go | 8 ----
- test/e2e_node/log_path_test.go | 18 ---------
- 5 files changed, 104 deletions(-)
+ test/e2e_node/log_path_test.go | 18 --------
+ 5 files changed, 115 deletions(-)
diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go
-index 2013c871a60..c3fd4221544 100644
+index 01e9c49c6f1..895fa86fb7e 100644
--- a/pkg/kubelet/kubelet.go
+++ b/pkg/kubelet/kubelet.go
-@@ -1379,13 +1379,6 @@ func (kl *Kubelet) initializeModules() error {
+@@ -1326,13 +1326,6 @@ func (kl *Kubelet) initializeModules() error {
return err
}
@@ -30,10 +30,10 @@
kl.imageManager.Start()
diff --git a/pkg/kubelet/kuberuntime/kuberuntime_container.go b/pkg/kubelet/kuberuntime/kuberuntime_container.go
-index 9c762ac309e..d1148cc7de5 100644
+index 680eab7a56e..52210adb35d 100644
--- a/pkg/kubelet/kuberuntime/kuberuntime_container.go
+++ b/pkg/kubelet/kuberuntime/kuberuntime_container.go
-@@ -254,25 +254,6 @@ func (m *kubeGenericRuntimeManager) startContainer(podSandboxID string, podSandb
+@@ -255,25 +255,6 @@ func (m *kubeGenericRuntimeManager) startContainer(podSandboxID string, podSandb
}
m.recordContainerEvent(pod, container, containerID, v1.EventTypeNormal, events.StartedContainer, fmt.Sprintf("Started container %s", container.Name))
@@ -59,14 +59,18 @@
// Step 4: execute the post start hook.
if container.Lifecycle != nil && container.Lifecycle.PostStart != nil {
kubeContainerID := kubecontainer.ContainerID{
-@@ -967,19 +948,6 @@ func (m *kubeGenericRuntimeManager) removeContainerLog(containerID string) error
+@@ -970,23 +951,6 @@ func (m *kubeGenericRuntimeManager) removeContainerLog(containerID string) error
return err
}
-- status, err := m.runtimeService.ContainerStatus(containerID)
+- resp, err := m.runtimeService.ContainerStatus(containerID, false)
- if err != nil {
- return fmt.Errorf("failed to get container status %q: %v", containerID, err)
- }
+- status := resp.GetStatus()
+- if status == nil {
+- return remote.ErrContainerStatusNil
+- }
- // Remove the legacy container log symlink.
- // TODO(random-liu): Remove this after cluster logging supports CRI container log path.
- labeledInfo := getContainerInfoFromLabels(status.Labels)
@@ -80,7 +84,7 @@
}
diff --git a/pkg/kubelet/kuberuntime/kuberuntime_gc.go b/pkg/kubelet/kuberuntime/kuberuntime_gc.go
-index 610026661b7..a09dec91fbb 100644
+index a72691bfcfc..a09dec91fbb 100644
--- a/pkg/kubelet/kuberuntime/kuberuntime_gc.go
+++ b/pkg/kubelet/kuberuntime/kuberuntime_gc.go
@@ -18,7 +18,6 @@ package kuberuntime
@@ -91,7 +95,7 @@
"path/filepath"
"sort"
"time"
-@@ -347,44 +346,6 @@ func (cgc *containerGC) evictPodLogsDirectories(allSourcesReady bool) error {
+@@ -347,51 +346,6 @@ func (cgc *containerGC) evictPodLogsDirectories(allSourcesReady bool) error {
}
}
}
@@ -102,25 +106,32 @@
- for _, logSymlink := range logSymlinks {
- if _, err := osInterface.Stat(logSymlink); os.IsNotExist(err) {
- if containerID, err := getContainerIDFromLegacyLogSymlink(logSymlink); err == nil {
-- status, err := cgc.manager.runtimeService.ContainerStatus(containerID)
+- resp, err := cgc.manager.runtimeService.ContainerStatus(containerID, false)
- if err != nil {
- // TODO: we should handle container not found (i.e. container was deleted) case differently
- // once https://github.com/kubernetes/kubernetes/issues/63336 is resolved
- klog.InfoS("Error getting ContainerStatus for containerID", "containerID", containerID, "err", err)
-- } else if status.State != runtimeapi.ContainerState_CONTAINER_EXITED {
-- // Here is how container log rotation works (see containerLogManager#rotateLatestLog):
-- //
-- // 1. rename current log to rotated log file whose filename contains current timestamp (fmt.Sprintf("%s.%s", log, timestamp))
-- // 2. reopen the container log
-- // 3. if #2 fails, rename rotated log file back to container log
-- //
-- // There is small but indeterministic amount of time during which log file doesn't exist (between steps #1 and #2, between #1 and #3).
-- // Hence the symlink may be deemed unhealthy during that period.
-- // See https://github.com/kubernetes/kubernetes/issues/52172
-- //
-- // We only remove unhealthy symlink for dead containers
-- klog.V(5).InfoS("Container is still running, not removing symlink", "containerID", containerID, "path", logSymlink)
-- continue
+- } else {
+- status := resp.GetStatus()
+- if status == nil {
+- klog.V(4).InfoS("Container status is nil")
+- continue
+- }
+- if status.State != runtimeapi.ContainerState_CONTAINER_EXITED {
+- // Here is how container log rotation works (see containerLogManager#rotateLatestLog):
+- //
+- // 1. rename current log to rotated log file whose filename contains current timestamp (fmt.Sprintf("%s.%s", log, timestamp))
+- // 2. reopen the container log
+- // 3. if #2 fails, rename rotated log file back to container log
+- //
+- // There is small but indeterministic amount of time during which log file doesn't exist (between steps #1 and #2, between #1 and #3).
+- // Hence the symlink may be deemed unhealthy during that period.
+- // See https://github.com/kubernetes/kubernetes/issues/52172
+- //
+- // We only remove unhealthy symlink for dead containers
+- klog.V(5).InfoS("Container is still running, not removing symlink", "containerID", containerID, "path", logSymlink)
+- continue
+- }
- }
- } else {
- klog.V(4).InfoS("Unable to obtain container ID", "err", err)
@@ -137,7 +148,7 @@
}
diff --git a/pkg/kubelet/runonce.go b/pkg/kubelet/runonce.go
-index 19b8a4f6a7b..2f0aad713e3 100644
+index 00f3022af5a..99d1c8b6a8d 100644
--- a/pkg/kubelet/runonce.go
+++ b/pkg/kubelet/runonce.go
@@ -19,7 +19,6 @@ package kubelet
@@ -163,7 +174,7 @@
case u := <-updates:
klog.InfoS("Processing manifest with pods", "numPods", len(u.Pods))
diff --git a/test/e2e_node/log_path_test.go b/test/e2e_node/log_path_test.go
-index cfdd9823cb1..35f3b7be465 100644
+index cdbc2b6d8ae..3535a81822f 100644
--- a/test/e2e_node/log_path_test.go
+++ b/test/e2e_node/log_path_test.go
@@ -22,8 +22,6 @@ import (
@@ -174,8 +185,8 @@
- kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
"k8s.io/kubernetes/test/e2e/framework"
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
- e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
-@@ -144,22 +142,6 @@ var _ = SIGDescribe("ContainerLogPath [NodeConformance]", func() {
+ admissionapi "k8s.io/pod-security-admission/api"
+@@ -122,22 +120,6 @@ var _ = SIGDescribe("ContainerLogPath [NodeConformance]", func() {
err := createAndWaitPod(makeLogPod(logPodName, logString))
framework.ExpectNoError(err, "Failed waiting for pod: %s to enter success state", logPodName)
})
diff --git a/third_party/go/patches/k8s-jose-semver-fix.patch b/third_party/go/patches/k8s-jose-semver-fix.patch
index 423485a..5219c0c 100644
--- a/third_party/go/patches/k8s-jose-semver-fix.patch
+++ b/third_party/go/patches/k8s-jose-semver-fix.patch
@@ -1,11 +1,13 @@
-From b0b42e86e834a1d02fe83f7be3663d19f6a1ee80 Mon Sep 17 00:00:00 2001
+From 322bdb419f24764af677762536064b1944bf67df Mon Sep 17 00:00:00 2001
From: Lorenz Brun <lorenz@monogon.tech>
Date: Thu, 17 Mar 2022 16:56:29 +0100
-Subject: [PATCH] Fix for semver breakage in go-jose
+Subject: [PATCH 4/4] Fix for semver breakage in go-jose
---
- pkg/serviceaccount/claims.go | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
+ pkg/serviceaccount/claims.go | 4 +--
+ pkg/serviceaccount/claims_test.go | 40 +++++++++++-----------
+ test/integration/auth/svcaccttoken_test.go | 6 ++--
+ 3 files changed, 25 insertions(+), 25 deletions(-)
diff --git a/pkg/serviceaccount/claims.go b/pkg/serviceaccount/claims.go
index 1e1475c779f..06620f7a420 100644
@@ -29,6 +31,129 @@
if nowTime.After(warnafter.Time()) {
secondsAfterWarn := nowTime.Unix() - warnafter.Time().Unix()
auditInfo := fmt.Sprintf("subject: %s, seconds after warning threshold: %d", public.Subject, secondsAfterWarn)
+diff --git a/pkg/serviceaccount/claims_test.go b/pkg/serviceaccount/claims_test.go
+index 2e968f60335..a0b5a595c2f 100644
+--- a/pkg/serviceaccount/claims_test.go
++++ b/pkg/serviceaccount/claims_test.go
+@@ -85,9 +85,9 @@ func TestClaims(t *testing.T) {
+
+ sc: &jwt.Claims{
+ Subject: "system:serviceaccount:myns:mysvcacct",
+- IssuedAt: jwt.NumericDate(1514764800),
+- NotBefore: jwt.NumericDate(1514764800),
+- Expiry: jwt.NumericDate(1514764800),
++ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
++ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
++ Expiry: jwt.NewNumericDate(time.Unix(1514764800, 0)),
+ },
+ pc: &privateClaims{
+ Kubernetes: kubernetes{
+@@ -107,9 +107,9 @@ func TestClaims(t *testing.T) {
+
+ sc: &jwt.Claims{
+ Subject: "system:serviceaccount:myns:mysvcacct",
+- IssuedAt: jwt.NumericDate(1514764800),
+- NotBefore: jwt.NumericDate(1514764800),
+- Expiry: jwt.NumericDate(1514764800 + 100),
++ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
++ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
++ Expiry: jwt.NewNumericDate(time.Unix(1514764800+100, 0)),
+ },
+ pc: &privateClaims{
+ Kubernetes: kubernetes{
+@@ -130,9 +130,9 @@ func TestClaims(t *testing.T) {
+ sc: &jwt.Claims{
+ Subject: "system:serviceaccount:myns:mysvcacct",
+ Audience: []string{"1"},
+- IssuedAt: jwt.NumericDate(1514764800),
+- NotBefore: jwt.NumericDate(1514764800),
+- Expiry: jwt.NumericDate(1514764800 + 100),
++ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
++ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
++ Expiry: jwt.NewNumericDate(time.Unix(1514764800+100, 0)),
+ },
+ pc: &privateClaims{
+ Kubernetes: kubernetes{
+@@ -152,9 +152,9 @@ func TestClaims(t *testing.T) {
+ sc: &jwt.Claims{
+ Subject: "system:serviceaccount:myns:mysvcacct",
+ Audience: []string{"1", "2"},
+- IssuedAt: jwt.NumericDate(1514764800),
+- NotBefore: jwt.NumericDate(1514764800),
+- Expiry: jwt.NumericDate(1514764800 + 100),
++ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
++ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
++ Expiry: jwt.NewNumericDate(time.Unix(1514764800+100, 0)),
+ },
+ pc: &privateClaims{
+ Kubernetes: kubernetes{
+@@ -175,16 +175,16 @@ func TestClaims(t *testing.T) {
+
+ sc: &jwt.Claims{
+ Subject: "system:serviceaccount:myns:mysvcacct",
+- IssuedAt: jwt.NumericDate(1514764800),
+- NotBefore: jwt.NumericDate(1514764800),
+- Expiry: jwt.NumericDate(1514764800 + 60*60*24),
++ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
++ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
++ Expiry: jwt.NewNumericDate(time.Unix(1514764800+60*60*24, 0)),
+ },
+ pc: &privateClaims{
+ Kubernetes: kubernetes{
+ Namespace: "myns",
+ Svcacct: ref{Name: "mysvcacct", UID: "mysvcacct-uid"},
+ Pod: &ref{Name: "mypod", UID: "mypod-uid"},
+- WarnAfter: jwt.NumericDate(1514764800 + 60*60),
++ WarnAfter: jwt.NewNumericDate(time.Unix(1514764800+60*60, 0)),
+ },
+ },
+ },
+@@ -223,8 +223,8 @@ type claimTestCase struct {
+ name string
+ getter ServiceAccountTokenGetter
+ private *privateClaims
+- expiry jwt.NumericDate
+- notBefore jwt.NumericDate
++ expiry *jwt.NumericDate
++ notBefore *jwt.NumericDate
+ expectErr string
+ }
+
+@@ -365,8 +365,8 @@ func TestValidatePrivateClaims(t *testing.T) {
+ for _, tc := range testcases {
+ t.Run(tc.name, func(t *testing.T) {
+ v := &validator{tc.getter}
+- expiry := jwt.NumericDate(nowUnix)
+- if tc.expiry != 0 {
++ expiry := jwt.NewNumericDate(time.Unix(nowUnix, 0))
++ if tc.expiry != nil {
+ expiry = tc.expiry
+ }
+ _, err := v.Validate(context.Background(), "", &jwt.Claims{Expiry: expiry, NotBefore: tc.notBefore}, tc.private)
+diff --git a/test/integration/auth/svcaccttoken_test.go b/test/integration/auth/svcaccttoken_test.go
+index c02511b43b2..89fb66ee44e 100644
+--- a/test/integration/auth/svcaccttoken_test.go
++++ b/test/integration/auth/svcaccttoken_test.go
+@@ -482,16 +482,16 @@ func TestServiceAccountTokenCreate(t *testing.T) {
+ t.Fatalf("error parsing warnafter: %v", err)
+ }
+
+- if exp < int64(actualExpiry)-leeway || exp > int64(actualExpiry)+leeway {
++ if exp < int64(*actualExpiry)-leeway || exp > int64(*actualExpiry)+leeway {
+ t.Errorf("unexpected token exp %d, should within range of %d +- %d seconds", exp, actualExpiry, leeway)
+ }
+- if warnafter < int64(assumedExpiry)-leeway || warnafter > int64(assumedExpiry)+leeway {
++ if warnafter < int64(*assumedExpiry)-leeway || warnafter > int64(*assumedExpiry)+leeway {
+ t.Errorf("unexpected token warnafter %d, should within range of %d +- %d seconds", warnafter, assumedExpiry, leeway)
+ }
+
+ checkExpiration(t, treq, requestExp)
+ expStatus := treq.Status.ExpirationTimestamp.Time.Unix()
+- if expStatus < int64(assumedExpiry)-leeway || warnafter > int64(assumedExpiry)+leeway {
++ if expStatus < int64(*assumedExpiry)-leeway || warnafter > int64(*assumedExpiry)+leeway {
+ t.Errorf("unexpected expiration returned in tokenrequest status %d, should within range of %d +- %d seconds", expStatus, assumedExpiry, leeway)
+ }
+ })
--
2.25.1
diff --git a/third_party/go/patches/k8s-native-metrics.patch b/third_party/go/patches/k8s-native-metrics.patch
index 2edc60d..9a96db2 100644
--- a/third_party/go/patches/k8s-native-metrics.patch
+++ b/third_party/go/patches/k8s-native-metrics.patch
@@ -1,7 +1,7 @@
-From e3b5a31bff00c89fc95f85212bf0943d46692616 Mon Sep 17 00:00:00 2001
+From 9f2b5274f50a7e4d5ae096e549c0c16addcc447b Mon Sep 17 00:00:00 2001
From: Lorenz Brun <lorenz@brun.one>
Date: Tue, 17 Mar 2020 21:41:08 +0100
-Subject: [PATCH 2/2] Add a native volume metrics implementation
+Subject: [PATCH 2/5] Add a native volume metrics implementation
---
pkg/volume/metrics_native.go | 101 +++++++++++++++++++++++++++++
diff --git a/third_party/go/patches/k8s-native-mounter.patch b/third_party/go/patches/k8s-native-mounter.patch
index a5ced4d..c8750f5 100644
--- a/third_party/go/patches/k8s-native-mounter.patch
+++ b/third_party/go/patches/k8s-native-mounter.patch
@@ -1,7 +1,7 @@
-From 6c346b4fbfd800af47ffa2ec24456f9f58a1b0f2 Mon Sep 17 00:00:00 2001
+From 03ed5e89372babca7f1061bef466f8bf7fdee62c Mon Sep 17 00:00:00 2001
From: Lorenz Brun <lorenz@brun.one>
Date: Mon, 16 Mar 2020 22:13:08 +0100
-Subject: [PATCH 1/7] Provide native mounter implementation for Linux
+Subject: [PATCH 1/5] Provide native mounter implementation for Linux
---
mount_linux.go | 148 +++++++++++++++++-
diff --git a/third_party/go/patches/nfproxy-adopt-to-k8s-1.24.patch b/third_party/go/patches/nfproxy-adopt-to-k8s-1.24.patch
new file mode 100644
index 0000000..e9e4e38
--- /dev/null
+++ b/third_party/go/patches/nfproxy-adopt-to-k8s-1.24.patch
@@ -0,0 +1,25 @@
+From 243792d1686cba86669bda9bc2c905cb9cd73a0c Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@monogon.tech>
+Date: Wed, 4 May 2022 18:37:45 +0200
+Subject: [PATCH] Adopt to renamed function in K8s 1.24
+
+---
+ pkg/proxy/service.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pkg/proxy/service.go b/pkg/proxy/service.go
+index 9cc10b7..bcf926c 100644
+--- a/pkg/proxy/service.go
++++ b/pkg/proxy/service.go
+@@ -152,7 +152,7 @@ func newServiceInfo(port *v1.ServicePort, service *v1.Service, baseInfo *BaseSer
+
+ func newBaseServiceInfo(port *v1.ServicePort, service *v1.Service) *BaseServiceInfo {
+ onlyNodeLocalEndpoints := false
+- if apiservice.RequestsOnlyLocalTraffic(service) {
++ if apiservice.ExternalPolicyLocal(service) {
+ onlyNodeLocalEndpoints = true
+ }
+ var stickyMaxAgeSeconds int
+--
+2.25.1
+