update components

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

Dockerfile

@@ -4,33 +4,33 @@
 ### Version definitions
 # use ./hack/show-latest-commits.sh to get the latest commits
 
-# 2019-10-12T18:30:29Z
-ARG ROOTLESSKIT_COMMIT=babe67ee6c656cf13549d934de297a492eee1fe8
-# 2019-10-18T15:06:03Z
-ARG SLIRP4NETNS_COMMIT=3527c9817a273af18655e943c75a0470fb37ece3
-# 2019-10-24T19:20:47Z
-ARG RUNC_COMMIT=c4d8e1688c816a8cef632a3b44a38611511b7140
-# 2019-10-24T20:58:32Z
-ARG MOBY_COMMIT=1bd184a4c291e4f60629e2cc279216f8f40495f3
-# 2019-10-25T02:52:20Z
-ARG CONTAINERD_COMMIT=0c01992f9c8cc2794b3d2b4f2ed0b55a4b91ed9e
-# 2019-10-24T12:21:16Z
-ARG CRIO_COMMIT=df667bf8f37985381b0e087d8c9d9c7a88076646
-# 2019-10-23T15:54:54Z
-ARG CNI_PLUGINS_COMMIT=a16232968de47358d64322763fe0d7ed57ec382e
-# 2019-10-25T05:56:14Z
-ARG KUBERNETES_COMMIT=a3560d3ad9a7e2deb7d8b7e9e54081e7cbbac0d1
+# 2019-11-29T07:08:08Z
+ARG ROOTLESSKIT_COMMIT=8cf0679be24c640267784f500c65ace2b44b0412
+# 2019-11-21T20:14:45Z
+ARG SLIRP4NETNS_COMMIT=21fdece2737dc24ffa3f01a341b8a6854f8b13b4
+# 2019-12-02T15:10:37Z
+ARG RUNC_COMMIT=c35c2c9cec6ee503ef31edbaddac9617247ec328
+# 2019-11-27T22:20:17Z
+ARG MOBY_COMMIT=3152f9436292115c97b4d8bb18c66cf97876ee75
+# 2019-12-03T02:07:39Z
+ARG CONTAINERD_COMMIT=8b12d46a395ae3eed3cd718a7bcc721405f650d7
+# 2019-11-28T12:50:09Z
+ARG CRIO_COMMIT=724513d4b7cd923881a05eb90ce62ad3af3f59b6
+# 2019-11-13T16:20:45Z
+ARG CNI_PLUGINS_COMMIT=497560f35f2cef2695f1690137b0bba98adf849b
+# 2019-12-03T06:56:57Z
+ARG KUBERNETES_COMMIT=95a3cd54cf739019b1211163add7247bd31c0ed7
 
 # Version definitions (cont.)
-ARG CONMON_RELEASE=v2.0.1
-ARG DOCKER_CLI_RELEASE=19.03.4
+ARG CONMON_RELEASE=v2.0.3
+ARG DOCKER_CLI_RELEASE=19.03.5
 # Kube's build script requires KUBE_GIT_VERSION to be set to a semver string
-ARG KUBE_GIT_VERSION=v1.17.0-usernetes
-ARG BAZEL_RELEASE=0.29.1
+ARG KUBE_GIT_VERSION=v1.18.0-usernetes
+ARG BAZEL_RELEASE=1.2.1
 ARG SOCAT_RELEASE=tag-1.7.3.3
 ARG FLANNEL_RELEASE=v0.11.0
 ARG ETCD_RELEASE=v3.4.3
-ARG GOTASK_RELEASE=v2.7.0
+ARG GOTASK_RELEASE=v2.7.1
 
 ARG BASEOS=ubuntu
 
@@ -141,7 +141,7 @@ RUN ./build_linux.sh -buildmode pie -ldflags "-extldflags \"-fno-PIC -static\""
 
 ### Kubernetes (k8s-build)
 FROM golang:1.13-stretch AS k8s-build
-RUN apt-get update && apt-get install -y -q patch
+RUN apt-get update && apt-get install -y -q patch rsync
 ARG BAZEL_RELEASE
 ADD https://github.com/bazelbuild/bazel/releases/download/${BAZEL_RELEASE}/bazel-${BAZEL_RELEASE}-linux-x86_64 /usr/local/bin/bazel
 RUN chmod +x /usr/local/bin/bazel
@@ -157,7 +157,8 @@ RUN git config user.email "nobody@example.com" && \
 ARG KUBE_GIT_VERSION
 ENV KUBE_GIT_VERSION=${KUBE_GIT_VERSION}
 # runopt = --mount=type=cache,id=u7s-k8s-build-cache,target=/root
-RUN bazel build cmd/hyperkube && mkdir /out && cp bazel-bin/cmd/hyperkube/hyperkube /out
+RUN make kube-apiserver kube-controller-manager kube-proxy kube-scheduler kubectl kubelet && \
+  mkdir /out && cp _output/bin/kube* /out
 
 ### socat (socat-build)
 FROM ubuntu:19.10 AS socat-build
@@ -214,7 +215,7 @@ FROM ubuntu:19.10 AS test-main-ubuntu
 RUN apt-get update && apt-get install -y -q git libglib2.0-dev iproute2 iptables uidmap
 
 # fedora image is experimental
-FROM fedora:30 AS test-main-fedora
+FROM fedora:31 AS test-main-fedora
 # As of Jan 2019, fedora:29 has wrong permission bits on newuidmap newgidmap
 RUN chmod +s /usr/bin/newuidmap /usr/bin/newgidmap
 RUN dnf install -y git iproute iptables hostname procps-ng

README.md

@@ -198,7 +198,7 @@ $ kubectl get nodes
 Or
 
 ```console
-$ nsenter -U -n -t $(cat $XDG_RUNTIME_DIR/usernetes/rootlesskit/child_pid) hyperkube \
+$ nsenter -U -n -t $(cat $XDG_RUNTIME_DIR/usernetes/rootlesskit/child_pid) \
   kubectl --kubeconfig=./config/localhost.kubeconfig get nodes
 ```
 

boot/kube-apiserver.sh

@@ -2,7 +2,7 @@
 export U7S_BASE_DIR=$(realpath $(dirname $0)/..)
 source $U7S_BASE_DIR/common/common.inc.sh
 
-exec $(dirname $0)/nsenter.sh hyperkube kube-apiserver \
+exec $(dirname $0)/nsenter.sh kube-apiserver \
 	--etcd-servers http://127.0.0.1:2379 \
     --service-cluster-ip-range=10.0.0.0/24 \
 	--admission-control=AlwaysAdmit \

boot/kube-controller-manager.sh

@@ -2,4 +2,4 @@
 export U7S_BASE_DIR=$(realpath $(dirname $0)/..)
 source $U7S_BASE_DIR/common/common.inc.sh
 
-exec $(dirname $0)/nsenter.sh hyperkube kube-controller-manager --master http://localhost:8080 $@
+exec $(dirname $0)/nsenter.sh kube-controller-manager --master http://localhost:8080 $@

boot/kube-proxy.sh

@@ -2,4 +2,4 @@
 export U7S_BASE_DIR=$(realpath $(dirname $0)/..)
 source $U7S_BASE_DIR/common/common.inc.sh
 
-exec $(dirname $0)/nsenter.sh hyperkube kube-proxy --kubeconfig $U7S_KUBECONFIG --proxy-mode=userspace $@
+exec $(dirname $0)/nsenter.sh kube-proxy --kubeconfig $U7S_KUBECONFIG --proxy-mode=userspace $@

boot/kube-scheduler.sh

@@ -2,4 +2,4 @@
 export U7S_BASE_DIR=$(realpath $(dirname $0)/..)
 source $U7S_BASE_DIR/common/common.inc.sh
 
-exec $(dirname $0)/nsenter.sh hyperkube kube-scheduler --master http://localhost:8080 $@
+exec $(dirname $0)/nsenter.sh kube-scheduler --master http://localhost:8080 $@

boot/kubelet.sh

@@ -2,7 +2,7 @@
 export U7S_BASE_DIR=$(realpath $(dirname $0)/..)
 source $U7S_BASE_DIR/common/common.inc.sh
 
-exec $(dirname $0)/nsenter.sh hyperkube kubelet \
+exec $(dirname $0)/nsenter.sh kubelet \
 	--cert-dir $XDG_CONFIG_HOME/usernetes/pki \
 	--root-dir $XDG_DATA_HOME/usernetes/kubelet \
 	--log-dir $XDG_DATA_HOME/usernetes/kubelet-log \

kubectl.sh

@@ -3,4 +3,4 @@ export U7S_BASE_DIR=$(dirname $0)
 source $U7S_BASE_DIR/common/common.inc.sh
 nsenter::main $0 $@
 
-exec hyperkube kubectl --kubeconfig=$U7S_KUBECONFIG $@
+exec kubectl --kubeconfig=$U7S_KUBECONFIG $@

src/patches/kubernetes/0001-kubelet-cm-ignore-sysctl-error-when-running-in-usern.patch

@@ -1,28 +1,36 @@
-From f348de4caeb1ac064020682a0828099107c22e4f Mon Sep 17 00:00:00 2001
+From d80b6f413e5059edc4cce2548ec19a556d964608 Mon Sep 17 00:00:00 2001
 From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Date: Tue, 21 Aug 2018 16:45:04 +0900
 Subject: [PATCH 1/3] kubelet/cm: ignore sysctl error when running in userns
 
 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 ---
- pkg/kubelet/cm/BUILD                      | 1 +
+ pkg/kubelet/cm/BUILD                      | 2 ++
  pkg/kubelet/cm/container_manager_linux.go | 7 ++++++-
- 2 files changed, 7 insertions(+), 1 deletion(-)
+ 2 files changed, 8 insertions(+), 1 deletion(-)
 
 diff --git a/pkg/kubelet/cm/BUILD b/pkg/kubelet/cm/BUILD
-index 96aaa1996d..1cf12adf7c 100644
+index 7b57d09c324..f70ede1bb30 100644
 --- a/pkg/kubelet/cm/BUILD
 +++ b/pkg/kubelet/cm/BUILD
-@@ -91,6 +91,7 @@ go_library(
+@@ -71,6 +71,7 @@ go_library(
              "//vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs:go_default_library",
              "//vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd:go_default_library",
              "//vendor/github.com/opencontainers/runc/libcontainer/configs:go_default_library",
 +            "//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library",
              "//vendor/k8s.io/utils/io:go_default_library",
+             "//vendor/k8s.io/utils/mount:go_default_library",
+             "//vendor/k8s.io/utils/path:go_default_library",
+@@ -121,6 +122,7 @@ go_library(
+             "//vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs:go_default_library",
+             "//vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd:go_default_library",
+             "//vendor/github.com/opencontainers/runc/libcontainer/configs:go_default_library",
++            "//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library",
+             "//vendor/k8s.io/utils/io:go_default_library",
+             "//vendor/k8s.io/utils/mount:go_default_library",
              "//vendor/k8s.io/utils/path:go_default_library",
-         ],
 diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go
-index 1baa280768..a30f2d706d 100644
+index 81d3a015639..3653bf7124e 100644
 --- a/pkg/kubelet/cm/container_manager_linux.go
 +++ b/pkg/kubelet/cm/container_manager_linux.go
 @@ -32,6 +32,7 @@ import (
@@ -31,9 +39,9 @@ index 1baa280768..a30f2d706d 100644
  	"github.com/opencontainers/runc/libcontainer/configs"
 +	libcontainersystem "github.com/opencontainers/runc/libcontainer/system"
  	"k8s.io/klog"
-
- 	v1 "k8s.io/api/core/v1"
-@@ -413,7 +414,11 @@ func setupKernelTunables(option KernelTunableBehavior) error {
+ 	utilio "k8s.io/utils/io"
+ 	"k8s.io/utils/mount"
+@@ -414,7 +415,11 @@ func setupKernelTunables(option KernelTunableBehavior) error {
  			klog.V(2).Infof("Updating kernel flag: %v, expected value: %v, actual value: %v", flag, expectedValue, val)
  			err = sysctl.SetSysctl(flag, expectedValue)
  			if err != nil {

src/patches/kubernetes/0002-kube-proxy-allow-running-in-userns.patch

@@ -1,93 +1,101 @@
-From e86da053f66e08d6815daa0f11d2c32ee4c7a4bb Mon Sep 17 00:00:00 2001
+From f6fcbe86caf7ece92cd46577b6c33db161482962 Mon Sep 17 00:00:00 2001
 From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Date: Thu, 23 Aug 2018 14:14:44 +0900
 Subject: [PATCH 2/3] kube-proxy: allow running in userns
 
 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 ---
- cmd/kube-proxy/app/BUILD            | 10 ++++++++++
+ cmd/kube-proxy/app/BUILD            | 11 +++++++++++
  cmd/kube-proxy/app/server_others.go |  9 ++++++++-
  pkg/proxy/userspace/BUILD           |  1 +
  pkg/proxy/userspace/proxier.go      |  6 +++++-
- 4 files changed, 24 insertions(+), 2 deletions(-)
+ 4 files changed, 25 insertions(+), 2 deletions(-)
 
 diff --git a/cmd/kube-proxy/app/BUILD b/cmd/kube-proxy/app/BUILD
-index 081ac96987..a752aefe6c 100644
+index bbabff37d6e..9c2226dcb3d 100644
 --- a/cmd/kube-proxy/app/BUILD
 +++ b/cmd/kube-proxy/app/BUILD
-@@ -78,6 +78,7 @@ go_library(
+@@ -82,6 +82,7 @@ go_library(
              "//pkg/util/node:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
 +            "//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library",
              "//vendor/k8s.io/utils/net:go_default_library",
          ],
          "@io_bazel_rules_go//go/platform:darwin": [
-@@ -85,6 +86,7 @@ go_library(
+@@ -89,6 +90,7 @@ go_library(
              "//pkg/util/node:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
 +            "//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library",
              "//vendor/k8s.io/utils/net:go_default_library",
          ],
          "@io_bazel_rules_go//go/platform:dragonfly": [
-@@ -92,6 +94,7 @@ go_library(
+@@ -96,6 +98,7 @@ go_library(
              "//pkg/util/node:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
 +            "//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library",
              "//vendor/k8s.io/utils/net:go_default_library",
          ],
          "@io_bazel_rules_go//go/platform:freebsd": [
-@@ -99,6 +102,7 @@ go_library(
+@@ -103,6 +106,7 @@ go_library(
+             "//pkg/util/node:go_default_library",
+             "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
+             "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
++            "//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library",
+             "//vendor/k8s.io/utils/net:go_default_library",
+         ],
+         "@io_bazel_rules_go//go/platform:ios": [
+@@ -110,6 +114,7 @@ go_library(
              "//pkg/util/node:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
 +            "//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library",
              "//vendor/k8s.io/utils/net:go_default_library",
          ],
          "@io_bazel_rules_go//go/platform:linux": [
-@@ -106,6 +110,7 @@ go_library(
+@@ -117,6 +122,7 @@ go_library(
              "//pkg/util/node:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
 +            "//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library",
              "//vendor/k8s.io/utils/net:go_default_library",
          ],
          "@io_bazel_rules_go//go/platform:nacl": [
-@@ -113,6 +118,7 @@ go_library(
+@@ -124,6 +130,7 @@ go_library(
              "//pkg/util/node:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
 +            "//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library",
              "//vendor/k8s.io/utils/net:go_default_library",
          ],
          "@io_bazel_rules_go//go/platform:netbsd": [
-@@ -120,6 +126,7 @@ go_library(
+@@ -131,6 +138,7 @@ go_library(
              "//pkg/util/node:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
 +            "//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library",
              "//vendor/k8s.io/utils/net:go_default_library",
          ],
          "@io_bazel_rules_go//go/platform:openbsd": [
-@@ -127,6 +134,7 @@ go_library(
+@@ -138,6 +146,7 @@ go_library(
              "//pkg/util/node:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
 +            "//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library",
              "//vendor/k8s.io/utils/net:go_default_library",
          ],
          "@io_bazel_rules_go//go/platform:plan9": [
-@@ -134,6 +142,7 @@ go_library(
+@@ -145,6 +154,7 @@ go_library(
              "//pkg/util/node:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
 +            "//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library",
              "//vendor/k8s.io/utils/net:go_default_library",
          ],
          "@io_bazel_rules_go//go/platform:solaris": [
-@@ -141,6 +150,7 @@ go_library(
+@@ -152,6 +162,7 @@ go_library(
              "//pkg/util/node:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
              "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
@@ -96,18 +104,18 @@ index 081ac96987..a752aefe6c 100644
          ],
          "@io_bazel_rules_go//go/platform:windows": [
 diff --git a/cmd/kube-proxy/app/server_others.go b/cmd/kube-proxy/app/server_others.go
-index 0a4239ffd1..d580f28705 100644
+index 9c5cb19f236..4bd3687860d 100644
 --- a/cmd/kube-proxy/app/server_others.go
 +++ b/cmd/kube-proxy/app/server_others.go
 @@ -26,6 +26,7 @@ import (
  	"net"
  	"strings"
 
 +	libcontainersystem "github.com/opencontainers/runc/libcontainer/system"
- 	"k8s.io/api/core/v1"
+ 	v1 "k8s.io/api/core/v1"
  	"k8s.io/apimachinery/pkg/types"
  	utilnet "k8s.io/apimachinery/pkg/util/net"
-@@ -248,6 +249,12 @@ func newProxyServer(
+@@ -249,6 +250,12 @@ func newProxyServer(
  		}
  	}
 
@@ -120,7 +128,7 @@ index 0a4239ffd1..d580f28705 100644
  	return &ProxyServer{
  		Client:                 client,
  		EventClient:            eventClient,
-@@ -259,7 +266,7 @@ func newProxyServer(
+@@ -260,7 +267,7 @@ func newProxyServer(
  		Broadcaster:            eventBroadcaster,
  		Recorder:               recorder,
  		ConntrackConfiguration: config.Conntrack,
@@ -130,7 +138,7 @@ index 0a4239ffd1..d580f28705 100644
  		NodeRef:                nodeRef,
  		MetricsBindAddress:     config.MetricsBindAddress,
 diff --git a/pkg/proxy/userspace/BUILD b/pkg/proxy/userspace/BUILD
-index d3ca798340..cb1ad00fd1 100644
+index 9c76a02c01e..4e45c595023 100644
 --- a/pkg/proxy/userspace/BUILD
 +++ b/pkg/proxy/userspace/BUILD
 @@ -34,6 +34,7 @@ go_library(
@@ -142,7 +150,7 @@ index d3ca798340..cb1ad00fd1 100644
          "//vendor/k8s.io/utils/exec:go_default_library",
      ] + select({
 diff --git a/pkg/proxy/userspace/proxier.go b/pkg/proxy/userspace/proxier.go
-index 9afa4c0adc..a86e71a8a2 100644
+index 7a34529d6ff..63ec9564e3e 100644
 --- a/pkg/proxy/userspace/proxier.go
 +++ b/pkg/proxy/userspace/proxier.go
 @@ -26,6 +26,7 @@ import (
@@ -153,7 +161,7 @@ index 9afa4c0adc..a86e71a8a2 100644
  	v1 "k8s.io/api/core/v1"
  	"k8s.io/apimachinery/pkg/types"
  	utilerrors "k8s.io/apimachinery/pkg/util/errors"
-@@ -205,7 +206,10 @@ func NewCustomProxier(loadBalancer LoadBalancer, listenIP net.IP, iptables iptab
+@@ -207,7 +208,10 @@ func NewCustomProxier(loadBalancer LoadBalancer, listenIP net.IP, iptables iptab
 
  	err = setRLimit(64 * 1000)
  	if err != nil {