Merge pull request #234 from AkihiroSuda/dev

remove most of the patches + deprecate "none" cgroup driver

Dockerfile

@@ -8,10 +8,10 @@
 ARG ROOTLESSKIT_COMMIT=2eaa8b0825324d162649786dac7fac279938f71f
 # 2021-07-02T21:54:58Z
 ARG CONTAINERD_COMMIT=7eceeb950b84396c165d972efb35116a113966fd
-# 2021-07-05T18:00:12Z
-ARG CRIO_COMMIT=c8b82d6c26015c760a03a0e7b3972f98d2fecca7
-# 2021-07-07T05:11:48Z
-ARG KUBE_NODE_COMMIT=656d00e8949f64cd663ca532d12e00982a6664c4
+# 2021-07-07T13:25:10Z
+ARG CRIO_COMMIT=3e5a1e48158316b1f378cd2dceb67b6ab670bc36
+# 2021-07-08T01:09:29Z
+ARG KUBE_NODE_COMMIT=f915aa39e80260e23fdc2453566f4942d2ad96d1
 
 # Version definitions (cont.)
 ARG SLIRP4NETNS_RELEASE=v1.1.11

README.md

@@ -53,8 +53,6 @@ Usernetes aims to provide a reference distribution of Kubernetes that can be ins
   * Flannel (VXLAN)
 * CoreDNS
 
-Currently, Usernetes uses our patched version of `kubelet` and `kube-proxy`. We are proposing our patches to the Kubernetes upstream. See [#42](https://github.com/rootless-containers/usernetes/issues/42) for the current status.
-
 Installer scripts are in POC status.
 
 See [Adoption](#adoption) for Usernetes-based Kubernetes distributions.
@@ -69,7 +67,7 @@ See [Adoption](#adoption) for Usernetes-based Kubernetes distributions.
 
 ## Adoption
 
-We encourage other Kubernetes distributions to adopt Usernetes patches and tools.
+We encourage other Kubernetes distributions to adopt Usernetes.
 
 Currently, the following distributions adopt Usernetes:
 * [k3s](https://github.com/k3s-io/k3s/blob/master/k3s-rootless.service)
@@ -88,13 +86,16 @@ No SETUID/SETCAP binary is needed, except [`newuidmap(1)`](http://man7.org/linux
 * Usermode networking called [slirp4netns](https://github.com/rootless-containers/slirp4netns) is used instead of kernel-mode [vEth](http://man7.org/linux/man-pages/man4/veth.4.html) pairs.
 * [fuse-overlayfs](https://github.com/containers/fuse-overlayfs) is used instead of kernel-mode overlayfs.
 * Node ports are network-namespaced
-* No support for cgroup v1. Resource limitations are ignored on cgroup v1 hosts. To enable support for cgroup (v2 only), see [Enabling cgroups](#enabling-cgroups).
 * Apparmor is unsupported
 
 ## Requirements
 
 * Kernel >= 4.18.
 
+* cgroup v2. See [Enabling cgroups](#enabling-cgroups).
+  On cgroup v1, the cgroup driver is set to "none" and the resource limitation configurations are ignored.
+  The "none" cgroup driver is deprecated and will be removed in a future release of Usernetes.
+
 * Recent version of systemd. Known to work with systemd >= 242.
 
 * `mount.fuse3` binary. Provided by `fuse3` package on most distros.

boot/containerd.sh

@@ -7,7 +7,7 @@ disable_cgroup="true"
 if [[ "$U7S_CGROUP_ENABLED" = "1" ]]; then
 	disable_cgroup="false"
 else
-	log::warning "Running without cgroup"
+	log::warning "Running without cgroup. This mode is deprecated and will be removed in a future release of Usernetes."
 fi
 
 mkdir -p $XDG_RUNTIME_DIR/usernetes

boot/crio.sh

@@ -6,7 +6,7 @@ source $U7S_BASE_DIR/common/common.inc.sh
 export _CRIO_ROOTLESS=1
 
 if [[ "$U7S_CGROUP_ENABLED" != "1" ]]; then
-	log::warning "Running without cgroup"
+	log::warning "Running without cgroup. This mode is deprecated and will be removed in a future release of Usernetes."
 fi
 
 mkdir -p $XDG_CONFIG_HOME/usernetes/crio $XDG_CONFIG_HOME/usernetes/containers/oci/hooks.d

boot/kube-proxy.sh

@@ -9,9 +9,6 @@ kind: KubeProxyConfiguration
 mode: "userspace"
 clientConnection:
   kubeconfig: "$XDG_CONFIG_HOME/usernetes/node/kube-proxy.kubeconfig"
-featureGates:
-# EndpointSliceProxying seems to break ClusterIP: https://github.com/rootless-containers/usernetes/pull/179
-  EndpointSliceProxying: false
 conntrack:
 # Skip setting sysctl value "net.netfilter.nf_conntrack_max"
   maxPerCore: 0

boot/kubelet.sh

@@ -8,7 +8,7 @@ if [[ "$U7S_CGROUP_ENABLED" = "1" ]]; then
 	cgroup_driver="cgroupfs"
 	cgroups_per_qos="true"
 else
-	log::warning "Running without cgroup"
+	log::warning "Running without cgroup. This mode is deprecated and will be removed in a future release of Usernetes."
 fi
 
 mkdir -p $XDG_RUNTIME_DIR/usernetes

install.sh

@@ -165,6 +165,10 @@ else
 	fi
 fi
 
+if [[ -z "$U7S_CGROUP_ENABLED" ]]; then
+  WARNING "Cgroup is disabled. In future version of Usernetes, cgroup (v2) will be an essential requirement."
+fi
+
 # Delay for debugging
 if [[ -n "$delay" ]]; then
 	INFO "Delay: $delay seconds..."

src/patches/kubernetes/0005-Not-for-Upstream-kubelet-new-cgroup-driver-none.patch → src/patches/kubernetes/0001-Not-for-Upstream-kubelet-new-cgroup-driver-none.patch

@@ -1,7 +1,7 @@
-From c54269424463dd6c28f94234517c424787e73b54 Mon Sep 17 00:00:00 2001
+From c298bb88e5c7c48d8732ddadcfcda66ed5c5de97 Mon Sep 17 00:00:00 2001
 From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Date: Sun, 2 Jun 2019 18:39:05 +0900
-Subject: [PATCH 5/5] [Not for Upstream] kubelet: new cgroup driver: "none"
+Subject: [PATCH] [Not for Upstream] kubelet: new cgroup driver: "none"
 
 The "none" driver is used for running "rootless" mode on a host that does not support cgroup v2.
 
@@ -17,10 +17,10 @@ Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
  4 files changed, 86 insertions(+), 20 deletions(-)
 
 diff --git a/cmd/kubelet/app/options/options.go b/cmd/kubelet/app/options/options.go
-index 98da4b7b387..56724a39026 100644
+index 5f5fa99a94e..af431fe7057 100644
 --- a/cmd/kubelet/app/options/options.go
 +++ b/cmd/kubelet/app/options/options.go
-@@ -488,7 +488,7 @@ func AddKubeletConfigFlags(mainfs *pflag.FlagSet, c *kubeletconfig.KubeletConfig
+@@ -489,7 +489,7 @@ func AddKubeletConfigFlags(mainfs *pflag.FlagSet, c *kubeletconfig.KubeletConfig
  	fs.StringVar(&c.ProviderID, "provider-id", c.ProviderID, "Unique identifier for identifying the node in a machine database, i.e cloudprovider")
 
  	fs.BoolVar(&c.CgroupsPerQOS, "cgroups-per-qos", c.CgroupsPerQOS, "Enable creation of QoS cgroup hierarchy, if true top level QoS and pod cgroups are created.")