This tag of hcsshim brings in a couple welcome features/improvements. One being
exposing a way to query for hns endpoint statistics (Packets received/sent etc.).
This tag also contains some optimizations for querying whether a certain HCN feature
is supported, which is a common workflow in kube-proxy on Windows. The first result
from querying HCN is now cached so further calls can skip the hcn query as well as the
version range parsing that was performed. This also gets rid of some redundant logs
that used to hit everytime the version range parsing occurred.
The Go-winio dep bump, and all of the ctrd deps are transitive only. Nothing new is needed/intended
to be used.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
This replaces the experimental logr v0.4 with the stable v1.1.0
release. This is a breaking API change for some users because:
- Comparing logr.Logger against nil is not possible anymore:
it's now a struct instead of an interface. Code which
allows a nil logger should switch to *logr.Logger as type.
- Logger implementations must be updated in lockstep.
Instead of updating the forked zapr code in json.go, directly using
the original go-logr/zapr is simpler and avoids duplication of effort.
The updated zapr supports logging of numeric verbosity. Error messages
don't have a verbosity (= always get logged), so "v" is not getting
added to them anymore.
Source code logging for panic messages got fixed so that it references
the code with the invalid log call, not the json.go implementation.
Finally, zapr includes additional information in its panic
messages ("zap field", "ignored key", "invalid key").
For the complete release notes, see
- https://github.com/opencontainers/runc/releases/tag/v1.0.2
In particular, this fixes the check cgroup v1 systemd manager check
if a container needs to be frozen before Set(), and adds a knob to
skip the check/freeze entirely (to be used by the next commit).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This is to check if runc 1.0.0 (to be released shortly) works with k8s.
The commands used were (roughly):
hack/pin-dependency.sh github.com/opencontainers/runc v1.0.0
hack/lint-dependencies.sh
# Follow its recommendations.
hack/pin-dependency.sh github.com/cilium/ebpf v0.6.1
hack/pin-dependency.sh github.com/opencontainers/selinux v1.8.2
hack/pin-dependency.sh github.com/sirupsen/logrus v1.8.1
# Recheck.
hack/lint-dependencies.sh
GO111MODULE=on go mod edit -dropreplace github.com/willf/bitset
hack/update-vendor.sh
# Recheck.
hack/lint-dependencies.sh
hack/update-internal-modules.sh
# Recheck.
hack/lint-dependencies.sh
[v2: rebased, updated runc 3a0234e1fe2e82 -> 2f8e8e9d977500]
[v3: testing master + runc pr 3019]
[v4: updated to 93a01cd4d0b7a0f08a]
[v5: updated to f093cca13d3cf8a484]
[v6: rebased]
[v7: updated to runc v1.0.0]
[v8: rebased]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
heketi that is dependency for glusterfs was updated to import a fork of jwt-go that fixes
a high severity CVE-2020-26160 by importing a forked repo (form3tech-oss/jwt-go) that fixes
the CVE as the original repo (dgrijalva/jwt-go) has a fix with breaking changes and
the repo is generally loosely maintained.
This fork is already being used in other places in kubernetes. Heketi 10.3.0 includes this fix.
NOTE: The vulnerable function is not used by heketi or kubernetes. So the vulnerable package is a
transitive dependency and this fix will reduce false postive CVE alerts on kubernetes
Bumped github.com/auth0/go-jwt-middleware to v1.0.0 which removes dgrijalva/jwt-go cleanly
Fixing test failures: pull-kubernetes-dependencies
Removing unused dependencies in replace block to fix test failures: pull-kubernetes-dependencies
Bump go-jwt-middleware to v1.0.1 to *not* pull in examples only deps
This commit is for all the vendor specific code changes introduced
by pinning the dependency at 1.38.49 and running update-vendor.sh
lint-dependencies.sh shows no issues
The coredns/corefile-migration project switched to a fork of
coredns/caddy to remove dependencies it doesn't actually need. Picking
up this update here in k/k results in a significantly smaller go.mod.
Signed-off-by: Dan Lorenc <dlorenc@google.com>
runc rc95 contains a fix for CVE-2021-30465.
runc rc94 provides fixes and improvements.
One notable change is cgroup manager's Set now accept Resources rather
than Cgroup (see https://github.com/opencontainers/runc/pull/2906).
Modify the code accordingly.
Also update runc dependencies (as hinted by hack/lint-depdendencies.sh):
github.com/cilium/ebpf v0.5.0
github.com/containerd/console v1.0.2
github.com/coreos/go-systemd/v22 v22.3.1
github.com/godbus/dbus/v5 v5.0.4
github.com/moby/sys/mountinfo v0.4.1
golang.org/x/sys v0.0.0-20210426230700-d19ff857e887
github.com/google/go-cmp v0.5.4
github.com/kr/pretty v0.2.1
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
One notable change is cgroup manager's Set now accept Resources rather
than Cgroup (see https://github.com/opencontainers/runc/pull/2906).
Modify the code accordingly.
Also update runc dependencies (as hinted by hack/lint-depdendencies.sh):
github.com/cilium/ebpf v0.5.0
github.com/containerd/console v1.0.2
github.com/coreos/go-systemd/v22 v22.3.1
github.com/godbus/dbus/v5 v5.0.4
github.com/moby/sys/mountinfo v0.4.1
golang.org/x/sys v0.0.0-20210426230700-d19ff857e887
github.com/google/go-cmp v0.5.4
github.com/kr/pretty v0.2.1
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
The new releases of klog (via klogr) and logr expose support for call
traces via a new WithCallDepth API in logr.
The new klogr can be configured to pass structured log entries into
klog instead of turning them into a single text message.
The newer spec will be needed for some test code that uses the new
GetVolume API.
The commit was produced with:
hack/pin-dependency.sh github.com/container-storage-interface/spec v1.3.0
hack/update-vendor.sh
This update picks up https://github.com/quobyte/api/pull/19 which adds
the needed `SetTransport` option. With this update, we can add the IP
deny list into quobyte operations.
when the systemd cgroup manager is used, controllers not handled by
systemd are created manually afterwards.
libcontainer didn't correctly cleanup these cgroups that were leaked
on cgroup v1.
Closes: https://github.com/kubernetes/kubernetes/issues/92766
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
last CNI library release is 0.7.1 from Jun 11, 2019.
Since then, there was introduced new feature and bugfixes.
Currently, this library is only being used by dockershim,
the other CRI plugins are vendoring it directly
However, this will help also to mitigate some of the issues with the
CI jobs that are still using dockershim.
Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
pin dependency github.com/beorn7/perks from v1.0.0 to v1.0.1
pin dependency github.com/golang/protobuf from v1.3.3 to v1.4.2
pin denpendency github.com/json-iterator/go from v1.1.8 to v1.1.9
pin dependency github.com/prometheus/common from v0.4.1 to v0.9.1
pin dependency github.com/prometheus/procfs from v0.0.5 to v0.0.11
pin dependency github.com/alecthomas/template from v0.0.0-20160405071501-a0175ee3bccc to v0.0.0-20190718012654-fb15b899a751
pin dependency github.com/alecthomas/units from v0.0.0-20151022065526-2efee857e7cf to v0.0.0-20190717042225-c3de453c63f4
pin dependency github.com/go-kit/kit from v0.8.0 to v0.9.0
pin dependency github.com/go-logfmt/logfmt from v0.3.0 to v0.4.0
Co-Authored-By: Jordan Liggitt <jordan@liggitt.net>
- add ./hack/tools/go.mod, this makes ./hack/tools a distinct module
- hack/tools/tools.go undescore imports bazel related tools, over time we
can add others.
- hack/*.sh scripts will cd to hack/tools and go install tools from there
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
