diff --git a/Dockerfile b/Dockerfile index fc03765..aa82bcd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,33 +4,33 @@ ### Version definitions # use ./hack/show-latest-commits.sh to get the latest commits -# 2019-10-12T18:30:29Z -ARG ROOTLESSKIT_COMMIT=babe67ee6c656cf13549d934de297a492eee1fe8 -# 2019-10-18T15:06:03Z -ARG SLIRP4NETNS_COMMIT=3527c9817a273af18655e943c75a0470fb37ece3 -# 2019-10-24T19:20:47Z -ARG RUNC_COMMIT=c4d8e1688c816a8cef632a3b44a38611511b7140 -# 2019-10-24T20:58:32Z -ARG MOBY_COMMIT=1bd184a4c291e4f60629e2cc279216f8f40495f3 -# 2019-10-25T02:52:20Z -ARG CONTAINERD_COMMIT=0c01992f9c8cc2794b3d2b4f2ed0b55a4b91ed9e -# 2019-10-24T12:21:16Z -ARG CRIO_COMMIT=df667bf8f37985381b0e087d8c9d9c7a88076646 -# 2019-10-23T15:54:54Z -ARG CNI_PLUGINS_COMMIT=a16232968de47358d64322763fe0d7ed57ec382e -# 2019-10-25T05:56:14Z -ARG KUBERNETES_COMMIT=a3560d3ad9a7e2deb7d8b7e9e54081e7cbbac0d1 +# 2019-11-29T07:08:08Z +ARG ROOTLESSKIT_COMMIT=8cf0679be24c640267784f500c65ace2b44b0412 +# 2019-11-21T20:14:45Z +ARG SLIRP4NETNS_COMMIT=21fdece2737dc24ffa3f01a341b8a6854f8b13b4 +# 2019-12-02T15:10:37Z +ARG RUNC_COMMIT=c35c2c9cec6ee503ef31edbaddac9617247ec328 +# 2019-11-27T22:20:17Z +ARG MOBY_COMMIT=3152f9436292115c97b4d8bb18c66cf97876ee75 +# 2019-12-03T02:07:39Z +ARG CONTAINERD_COMMIT=8b12d46a395ae3eed3cd718a7bcc721405f650d7 +# 2019-11-28T12:50:09Z +ARG CRIO_COMMIT=724513d4b7cd923881a05eb90ce62ad3af3f59b6 +# 2019-11-13T16:20:45Z +ARG CNI_PLUGINS_COMMIT=497560f35f2cef2695f1690137b0bba98adf849b +# 2019-12-03T06:56:57Z +ARG KUBERNETES_COMMIT=95a3cd54cf739019b1211163add7247bd31c0ed7 # Version definitions (cont.) -ARG CONMON_RELEASE=v2.0.1 -ARG DOCKER_CLI_RELEASE=19.03.4 +ARG CONMON_RELEASE=v2.0.3 +ARG DOCKER_CLI_RELEASE=19.03.5 # Kube's build script requires KUBE_GIT_VERSION to be set to a semver string -ARG KUBE_GIT_VERSION=v1.17.0-usernetes -ARG BAZEL_RELEASE=0.29.1 +ARG KUBE_GIT_VERSION=v1.18.0-usernetes +ARG BAZEL_RELEASE=1.2.1 ARG SOCAT_RELEASE=tag-1.7.3.3 ARG FLANNEL_RELEASE=v0.11.0 ARG ETCD_RELEASE=v3.4.3 -ARG GOTASK_RELEASE=v2.7.0 +ARG GOTASK_RELEASE=v2.7.1 ARG BASEOS=ubuntu @@ -141,7 +141,7 @@ RUN ./build_linux.sh -buildmode pie -ldflags "-extldflags \"-fno-PIC -static\"" ### Kubernetes (k8s-build) FROM golang:1.13-stretch AS k8s-build -RUN apt-get update && apt-get install -y -q patch +RUN apt-get update && apt-get install -y -q patch rsync ARG BAZEL_RELEASE ADD https://github.com/bazelbuild/bazel/releases/download/${BAZEL_RELEASE}/bazel-${BAZEL_RELEASE}-linux-x86_64 /usr/local/bin/bazel RUN chmod +x /usr/local/bin/bazel @@ -157,7 +157,8 @@ RUN git config user.email "nobody@example.com" && \ ARG KUBE_GIT_VERSION ENV KUBE_GIT_VERSION=${KUBE_GIT_VERSION} # runopt = --mount=type=cache,id=u7s-k8s-build-cache,target=/root -RUN bazel build cmd/hyperkube && mkdir /out && cp bazel-bin/cmd/hyperkube/hyperkube /out +RUN make kube-apiserver kube-controller-manager kube-proxy kube-scheduler kubectl kubelet && \ + mkdir /out && cp _output/bin/kube* /out ### socat (socat-build) FROM ubuntu:19.10 AS socat-build @@ -214,7 +215,7 @@ FROM ubuntu:19.10 AS test-main-ubuntu RUN apt-get update && apt-get install -y -q git libglib2.0-dev iproute2 iptables uidmap # fedora image is experimental -FROM fedora:30 AS test-main-fedora +FROM fedora:31 AS test-main-fedora # As of Jan 2019, fedora:29 has wrong permission bits on newuidmap newgidmap RUN chmod +s /usr/bin/newuidmap /usr/bin/newgidmap RUN dnf install -y git iproute iptables hostname procps-ng diff --git a/README.md b/README.md index aba9533..6367105 100644 --- a/README.md +++ b/README.md @@ -198,7 +198,7 @@ $ kubectl get nodes Or ```console -$ nsenter -U -n -t $(cat $XDG_RUNTIME_DIR/usernetes/rootlesskit/child_pid) hyperkube \ +$ nsenter -U -n -t $(cat $XDG_RUNTIME_DIR/usernetes/rootlesskit/child_pid) \ kubectl --kubeconfig=./config/localhost.kubeconfig get nodes ``` diff --git a/boot/kube-apiserver.sh b/boot/kube-apiserver.sh index 14ec85f..3b97f6d 100755 --- a/boot/kube-apiserver.sh +++ b/boot/kube-apiserver.sh @@ -2,7 +2,7 @@ export U7S_BASE_DIR=$(realpath $(dirname $0)/..) source $U7S_BASE_DIR/common/common.inc.sh -exec $(dirname $0)/nsenter.sh hyperkube kube-apiserver \ +exec $(dirname $0)/nsenter.sh kube-apiserver \ --etcd-servers http://127.0.0.1:2379 \ --service-cluster-ip-range=10.0.0.0/24 \ --admission-control=AlwaysAdmit \ diff --git a/boot/kube-controller-manager.sh b/boot/kube-controller-manager.sh index 9468b4f..5764dbf 100755 --- a/boot/kube-controller-manager.sh +++ b/boot/kube-controller-manager.sh @@ -2,4 +2,4 @@ export U7S_BASE_DIR=$(realpath $(dirname $0)/..) source $U7S_BASE_DIR/common/common.inc.sh -exec $(dirname $0)/nsenter.sh hyperkube kube-controller-manager --master http://localhost:8080 $@ +exec $(dirname $0)/nsenter.sh kube-controller-manager --master http://localhost:8080 $@ diff --git a/boot/kube-proxy.sh b/boot/kube-proxy.sh index 00c29a6..d4347e1 100755 --- a/boot/kube-proxy.sh +++ b/boot/kube-proxy.sh @@ -2,4 +2,4 @@ export U7S_BASE_DIR=$(realpath $(dirname $0)/..) source $U7S_BASE_DIR/common/common.inc.sh -exec $(dirname $0)/nsenter.sh hyperkube kube-proxy --kubeconfig $U7S_KUBECONFIG --proxy-mode=userspace $@ +exec $(dirname $0)/nsenter.sh kube-proxy --kubeconfig $U7S_KUBECONFIG --proxy-mode=userspace $@ diff --git a/boot/kube-scheduler.sh b/boot/kube-scheduler.sh index d160451..528aa76 100755 --- a/boot/kube-scheduler.sh +++ b/boot/kube-scheduler.sh @@ -2,4 +2,4 @@ export U7S_BASE_DIR=$(realpath $(dirname $0)/..) source $U7S_BASE_DIR/common/common.inc.sh -exec $(dirname $0)/nsenter.sh hyperkube kube-scheduler --master http://localhost:8080 $@ +exec $(dirname $0)/nsenter.sh kube-scheduler --master http://localhost:8080 $@ diff --git a/boot/kubelet.sh b/boot/kubelet.sh index a8ff872..e44b8e1 100755 --- a/boot/kubelet.sh +++ b/boot/kubelet.sh @@ -2,7 +2,7 @@ export U7S_BASE_DIR=$(realpath $(dirname $0)/..) source $U7S_BASE_DIR/common/common.inc.sh -exec $(dirname $0)/nsenter.sh hyperkube kubelet \ +exec $(dirname $0)/nsenter.sh kubelet \ --cert-dir $XDG_CONFIG_HOME/usernetes/pki \ --root-dir $XDG_DATA_HOME/usernetes/kubelet \ --log-dir $XDG_DATA_HOME/usernetes/kubelet-log \ diff --git a/kubectl.sh b/kubectl.sh index 3903266..5d97034 100755 --- a/kubectl.sh +++ b/kubectl.sh @@ -3,4 +3,4 @@ export U7S_BASE_DIR=$(dirname $0) source $U7S_BASE_DIR/common/common.inc.sh nsenter::main $0 $@ -exec hyperkube kubectl --kubeconfig=$U7S_KUBECONFIG $@ +exec kubectl --kubeconfig=$U7S_KUBECONFIG $@ diff --git a/src/patches/kubernetes/0001-kubelet-cm-ignore-sysctl-error-when-running-in-usern.patch b/src/patches/kubernetes/0001-kubelet-cm-ignore-sysctl-error-when-running-in-usern.patch index 131189d..eba2cdd 100644 --- a/src/patches/kubernetes/0001-kubelet-cm-ignore-sysctl-error-when-running-in-usern.patch +++ b/src/patches/kubernetes/0001-kubelet-cm-ignore-sysctl-error-when-running-in-usern.patch @@ -1,28 +1,36 @@ -From f348de4caeb1ac064020682a0828099107c22e4f Mon Sep 17 00:00:00 2001 +From d80b6f413e5059edc4cce2548ec19a556d964608 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 21 Aug 2018 16:45:04 +0900 Subject: [PATCH 1/3] kubelet/cm: ignore sysctl error when running in userns Signed-off-by: Akihiro Suda --- - pkg/kubelet/cm/BUILD | 1 + + pkg/kubelet/cm/BUILD | 2 ++ pkg/kubelet/cm/container_manager_linux.go | 7 ++++++- - 2 files changed, 7 insertions(+), 1 deletion(-) + 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/pkg/kubelet/cm/BUILD b/pkg/kubelet/cm/BUILD -index 96aaa1996d..1cf12adf7c 100644 +index 7b57d09c324..f70ede1bb30 100644 --- a/pkg/kubelet/cm/BUILD +++ b/pkg/kubelet/cm/BUILD -@@ -91,6 +91,7 @@ go_library( +@@ -71,6 +71,7 @@ go_library( "//vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs:go_default_library", "//vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd:go_default_library", "//vendor/github.com/opencontainers/runc/libcontainer/configs:go_default_library", + "//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library", "//vendor/k8s.io/utils/io:go_default_library", + "//vendor/k8s.io/utils/mount:go_default_library", + "//vendor/k8s.io/utils/path:go_default_library", +@@ -121,6 +122,7 @@ go_library( + "//vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs:go_default_library", + "//vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd:go_default_library", + "//vendor/github.com/opencontainers/runc/libcontainer/configs:go_default_library", ++ "//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library", + "//vendor/k8s.io/utils/io:go_default_library", + "//vendor/k8s.io/utils/mount:go_default_library", "//vendor/k8s.io/utils/path:go_default_library", - ], diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go -index 1baa280768..a30f2d706d 100644 +index 81d3a015639..3653bf7124e 100644 --- a/pkg/kubelet/cm/container_manager_linux.go +++ b/pkg/kubelet/cm/container_manager_linux.go @@ -32,6 +32,7 @@ import ( @@ -31,9 +39,9 @@ index 1baa280768..a30f2d706d 100644 "github.com/opencontainers/runc/libcontainer/configs" + libcontainersystem "github.com/opencontainers/runc/libcontainer/system" "k8s.io/klog" - - v1 "k8s.io/api/core/v1" -@@ -413,7 +414,11 @@ func setupKernelTunables(option KernelTunableBehavior) error { + utilio "k8s.io/utils/io" + "k8s.io/utils/mount" +@@ -414,7 +415,11 @@ func setupKernelTunables(option KernelTunableBehavior) error { klog.V(2).Infof("Updating kernel flag: %v, expected value: %v, actual value: %v", flag, expectedValue, val) err = sysctl.SetSysctl(flag, expectedValue) if err != nil { diff --git a/src/patches/kubernetes/0002-kube-proxy-allow-running-in-userns.patch b/src/patches/kubernetes/0002-kube-proxy-allow-running-in-userns.patch index 9ad6661..10e9caa 100644 --- a/src/patches/kubernetes/0002-kube-proxy-allow-running-in-userns.patch +++ b/src/patches/kubernetes/0002-kube-proxy-allow-running-in-userns.patch @@ -1,21 +1,21 @@ -From e86da053f66e08d6815daa0f11d2c32ee4c7a4bb Mon Sep 17 00:00:00 2001 +From f6fcbe86caf7ece92cd46577b6c33db161482962 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Thu, 23 Aug 2018 14:14:44 +0900 Subject: [PATCH 2/3] kube-proxy: allow running in userns Signed-off-by: Akihiro Suda --- - cmd/kube-proxy/app/BUILD | 10 ++++++++++ + cmd/kube-proxy/app/BUILD | 11 +++++++++++ cmd/kube-proxy/app/server_others.go | 9 ++++++++- pkg/proxy/userspace/BUILD | 1 + pkg/proxy/userspace/proxier.go | 6 +++++- - 4 files changed, 24 insertions(+), 2 deletions(-) + 4 files changed, 25 insertions(+), 2 deletions(-) diff --git a/cmd/kube-proxy/app/BUILD b/cmd/kube-proxy/app/BUILD -index 081ac96987..a752aefe6c 100644 +index bbabff37d6e..9c2226dcb3d 100644 --- a/cmd/kube-proxy/app/BUILD +++ b/cmd/kube-proxy/app/BUILD -@@ -78,6 +78,7 @@ go_library( +@@ -82,6 +82,7 @@ go_library( "//pkg/util/node:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library", @@ -23,7 +23,7 @@ index 081ac96987..a752aefe6c 100644 "//vendor/k8s.io/utils/net:go_default_library", ], "@io_bazel_rules_go//go/platform:darwin": [ -@@ -85,6 +86,7 @@ go_library( +@@ -89,6 +90,7 @@ go_library( "//pkg/util/node:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library", @@ -31,7 +31,7 @@ index 081ac96987..a752aefe6c 100644 "//vendor/k8s.io/utils/net:go_default_library", ], "@io_bazel_rules_go//go/platform:dragonfly": [ -@@ -92,6 +94,7 @@ go_library( +@@ -96,6 +98,7 @@ go_library( "//pkg/util/node:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library", @@ -39,7 +39,15 @@ index 081ac96987..a752aefe6c 100644 "//vendor/k8s.io/utils/net:go_default_library", ], "@io_bazel_rules_go//go/platform:freebsd": [ -@@ -99,6 +102,7 @@ go_library( +@@ -103,6 +106,7 @@ go_library( + "//pkg/util/node:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library", ++ "//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library", + "//vendor/k8s.io/utils/net:go_default_library", + ], + "@io_bazel_rules_go//go/platform:ios": [ +@@ -110,6 +114,7 @@ go_library( "//pkg/util/node:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library", @@ -47,7 +55,7 @@ index 081ac96987..a752aefe6c 100644 "//vendor/k8s.io/utils/net:go_default_library", ], "@io_bazel_rules_go//go/platform:linux": [ -@@ -106,6 +110,7 @@ go_library( +@@ -117,6 +122,7 @@ go_library( "//pkg/util/node:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library", @@ -55,7 +63,7 @@ index 081ac96987..a752aefe6c 100644 "//vendor/k8s.io/utils/net:go_default_library", ], "@io_bazel_rules_go//go/platform:nacl": [ -@@ -113,6 +118,7 @@ go_library( +@@ -124,6 +130,7 @@ go_library( "//pkg/util/node:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library", @@ -63,7 +71,7 @@ index 081ac96987..a752aefe6c 100644 "//vendor/k8s.io/utils/net:go_default_library", ], "@io_bazel_rules_go//go/platform:netbsd": [ -@@ -120,6 +126,7 @@ go_library( +@@ -131,6 +138,7 @@ go_library( "//pkg/util/node:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library", @@ -71,7 +79,7 @@ index 081ac96987..a752aefe6c 100644 "//vendor/k8s.io/utils/net:go_default_library", ], "@io_bazel_rules_go//go/platform:openbsd": [ -@@ -127,6 +134,7 @@ go_library( +@@ -138,6 +146,7 @@ go_library( "//pkg/util/node:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library", @@ -79,7 +87,7 @@ index 081ac96987..a752aefe6c 100644 "//vendor/k8s.io/utils/net:go_default_library", ], "@io_bazel_rules_go//go/platform:plan9": [ -@@ -134,6 +142,7 @@ go_library( +@@ -145,6 +154,7 @@ go_library( "//pkg/util/node:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library", @@ -87,7 +95,7 @@ index 081ac96987..a752aefe6c 100644 "//vendor/k8s.io/utils/net:go_default_library", ], "@io_bazel_rules_go//go/platform:solaris": [ -@@ -141,6 +150,7 @@ go_library( +@@ -152,6 +162,7 @@ go_library( "//pkg/util/node:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library", @@ -96,7 +104,7 @@ index 081ac96987..a752aefe6c 100644 ], "@io_bazel_rules_go//go/platform:windows": [ diff --git a/cmd/kube-proxy/app/server_others.go b/cmd/kube-proxy/app/server_others.go -index 0a4239ffd1..d580f28705 100644 +index 9c5cb19f236..4bd3687860d 100644 --- a/cmd/kube-proxy/app/server_others.go +++ b/cmd/kube-proxy/app/server_others.go @@ -26,6 +26,7 @@ import ( @@ -104,10 +112,10 @@ index 0a4239ffd1..d580f28705 100644 "strings" + libcontainersystem "github.com/opencontainers/runc/libcontainer/system" - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" utilnet "k8s.io/apimachinery/pkg/util/net" -@@ -248,6 +249,12 @@ func newProxyServer( +@@ -249,6 +250,12 @@ func newProxyServer( } } @@ -120,7 +128,7 @@ index 0a4239ffd1..d580f28705 100644 return &ProxyServer{ Client: client, EventClient: eventClient, -@@ -259,7 +266,7 @@ func newProxyServer( +@@ -260,7 +267,7 @@ func newProxyServer( Broadcaster: eventBroadcaster, Recorder: recorder, ConntrackConfiguration: config.Conntrack, @@ -130,7 +138,7 @@ index 0a4239ffd1..d580f28705 100644 NodeRef: nodeRef, MetricsBindAddress: config.MetricsBindAddress, diff --git a/pkg/proxy/userspace/BUILD b/pkg/proxy/userspace/BUILD -index d3ca798340..cb1ad00fd1 100644 +index 9c76a02c01e..4e45c595023 100644 --- a/pkg/proxy/userspace/BUILD +++ b/pkg/proxy/userspace/BUILD @@ -34,6 +34,7 @@ go_library( @@ -142,7 +150,7 @@ index d3ca798340..cb1ad00fd1 100644 "//vendor/k8s.io/utils/exec:go_default_library", ] + select({ diff --git a/pkg/proxy/userspace/proxier.go b/pkg/proxy/userspace/proxier.go -index 9afa4c0adc..a86e71a8a2 100644 +index 7a34529d6ff..63ec9564e3e 100644 --- a/pkg/proxy/userspace/proxier.go +++ b/pkg/proxy/userspace/proxier.go @@ -26,6 +26,7 @@ import ( @@ -153,7 +161,7 @@ index 9afa4c0adc..a86e71a8a2 100644 v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" utilerrors "k8s.io/apimachinery/pkg/util/errors" -@@ -205,7 +206,10 @@ func NewCustomProxier(loadBalancer LoadBalancer, listenIP net.IP, iptables iptab +@@ -207,7 +208,10 @@ func NewCustomProxier(loadBalancer LoadBalancer, listenIP net.IP, iptables iptab err = setRLimit(64 * 1000) if err != nil { diff --git a/src/patches/kubernetes/0003-kubelet-new-feature-gate-SupportNoneCgroupDriver.patch b/src/patches/kubernetes/0003-kubelet-new-feature-gate-SupportNoneCgroupDriver.patch index 7ba4f58..7a05b2e 100644 --- a/src/patches/kubernetes/0003-kubelet-new-feature-gate-SupportNoneCgroupDriver.patch +++ b/src/patches/kubernetes/0003-kubelet-new-feature-gate-SupportNoneCgroupDriver.patch @@ -1,4 +1,4 @@ -From 9fc7956f63dcc64a4b3dfe9a8f116a3b3bb1a813 Mon Sep 17 00:00:00 2001 +From 0a932526ab754add7ff14fd419f508d43196e271 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Sun, 2 Jun 2019 18:39:05 +0900 Subject: [PATCH 3/3] kubelet: new feature gate: SupportNoneCgroupDriver @@ -25,7 +25,7 @@ Signed-off-by: Akihiro Suda 11 files changed, 126 insertions(+), 30 deletions(-) diff --git a/cmd/kubeadm/app/phases/kubelet/flags.go b/cmd/kubeadm/app/phases/kubelet/flags.go -index 14f7317be1..6bb02f6ef4 100644 +index 14f7317be12..6bb02f6ef43 100644 --- a/cmd/kubeadm/app/phases/kubelet/flags.go +++ b/cmd/kubeadm/app/phases/kubelet/flags.go @@ -86,6 +86,8 @@ func buildKubeletArgMap(opts kubeletFlagsOpts) map[string]string { @@ -38,7 +38,7 @@ index 14f7317be1..6bb02f6ef4 100644 } if opts.pauseImage != "" { diff --git a/cmd/kubelet/app/options/options.go b/cmd/kubelet/app/options/options.go -index 1b60f2cea4..9cb665210e 100644 +index 7401c510deb..d2450512f76 100644 --- a/cmd/kubelet/app/options/options.go +++ b/cmd/kubelet/app/options/options.go @@ -513,7 +513,7 @@ func AddKubeletConfigFlags(mainfs *pflag.FlagSet, c *kubeletconfig.KubeletConfig @@ -51,10 +51,10 @@ index 1b60f2cea4..9cb665210e 100644 fs.StringVar(&c.CPUManagerPolicy, "cpu-manager-policy", c.CPUManagerPolicy, "CPU Manager policy to use. Possible values: 'none', 'static'. Default: 'none'") fs.DurationVar(&c.CPUManagerReconcilePeriod.Duration, "cpu-manager-reconcile-period", c.CPUManagerReconcilePeriod.Duration, " CPU Manager reconciliation period. Examples: '10s', or '1m'. If not supplied, defaults to `NodeStatusUpdateFrequency`") diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go -index 7b3aafcaf9..12a86b4754 100644 +index 8a705bb139a..2aa530257a4 100644 --- a/cmd/kubelet/app/server.go +++ b/cmd/kubelet/app/server.go -@@ -598,26 +598,28 @@ func run(s *options.KubeletServer, kubeDeps *kubelet.Dependencies, stopCh <-chan +@@ -603,26 +603,28 @@ func run(s *options.KubeletServer, kubeDeps *kubelet.Dependencies, featureGate f } var cgroupRoots []string @@ -103,13 +103,13 @@ index 7b3aafcaf9..12a86b4754 100644 if kubeDeps.CAdvisorInterface == nil { diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go -index f5098d9bf9..15dd899e35 100644 +index 1cf35280df3..b8a45fe21d9 100644 --- a/pkg/features/kube_features.go +++ b/pkg/features/kube_features.go -@@ -499,6 +499,18 @@ const ( +@@ -547,6 +547,18 @@ const ( // - // Enable all logic related to the PodDisruptionBudget API object in policy - PodDisruptionBudget featuregate.Feature = "PodDisruptionBudget" + // Enables topology aware service routing + ServiceTopology featuregate.Feature = "ServiceTopology" + + // owner: @AkihiroSuda + // alpha: v1.XX @@ -125,16 +125,16 @@ index f5098d9bf9..15dd899e35 100644 ) func init() { -@@ -580,6 +592,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS - StartupProbe: {Default: false, PreRelease: featuregate.Alpha}, +@@ -633,6 +645,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS AllowInsecureBackendProxy: {Default: true, PreRelease: featuregate.Beta}, PodDisruptionBudget: {Default: true, PreRelease: featuregate.Beta}, + ServiceTopology: {Default: false, PreRelease: featuregate.Alpha}, + SupportNoneCgroupDriver: {Default: false, PreRelease: featuregate.Alpha}, // inherited features from generic apiserver, relisted here to get a conflict if it is changed // unintentionally on either side: diff --git a/pkg/kubelet/apis/config/types.go b/pkg/kubelet/apis/config/types.go -index 446ad78326..f01f8f2372 100644 +index ddb8a3e0eba..b6d35a73377 100644 --- a/pkg/kubelet/apis/config/types.go +++ b/pkg/kubelet/apis/config/types.go @@ -201,7 +201,7 @@ type KubeletConfiguration struct { @@ -147,7 +147,7 @@ index 446ad78326..f01f8f2372 100644 // CPUManagerPolicy is the name of the policy to use. // Requires the CPUManager feature gate to be enabled. diff --git a/pkg/kubelet/cm/cgroup_manager_linux.go b/pkg/kubelet/cm/cgroup_manager_linux.go -index 2e3968f4fe..a8276d5a50 100644 +index 96e3edcae49..4496939d0ea 100644 --- a/pkg/kubelet/cm/cgroup_manager_linux.go +++ b/pkg/kubelet/cm/cgroup_manager_linux.go @@ -46,6 +46,9 @@ const ( @@ -186,7 +186,7 @@ index 2e3968f4fe..a8276d5a50 100644 } // Name converts the cgroup to the driver specific value in cgroupfs form. -@@ -590,3 +601,57 @@ func (m *cgroupManagerImpl) GetResourceStats(name CgroupName) (*ResourceStats, e +@@ -593,3 +604,57 @@ func (m *cgroupManagerImpl) GetResourceStats(name CgroupName) (*ResourceStats, e } return toResourceStats(stats), nil } @@ -245,7 +245,7 @@ index 2e3968f4fe..a8276d5a50 100644 + }, nil +} diff --git a/pkg/kubelet/cm/cgroup_manager_unsupported.go b/pkg/kubelet/cm/cgroup_manager_unsupported.go -index 5d77ed7a45..5654d737fd 100644 +index 5d77ed7a45f..5654d737fd6 100644 --- a/pkg/kubelet/cm/cgroup_manager_unsupported.go +++ b/pkg/kubelet/cm/cgroup_manager_unsupported.go @@ -30,8 +30,8 @@ type CgroupSubsystems struct { @@ -260,7 +260,7 @@ index 5d77ed7a45..5654d737fd 100644 func (m *unsupportedCgroupManager) Name(_ CgroupName) string { diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go -index a30f2d706d..4c21e9519e 100644 +index 3653bf7124e..50b76c5426a 100644 --- a/pkg/kubelet/cm/container_manager_linux.go +++ b/pkg/kubelet/cm/container_manager_linux.go @@ -248,9 +248,15 @@ func NewContainerManager(mountUtil mount.Interface, cadvisorInterface cadvisor.I @@ -290,7 +290,7 @@ index a30f2d706d..4c21e9519e 100644 } klog.Infof("container manager verified user specified cgroup-root exists: %v", cgroupRoot) diff --git a/pkg/kubelet/cm/pod_container_manager_linux_test.go b/pkg/kubelet/cm/pod_container_manager_linux_test.go -index 62c9f203a0..fda4177a05 100644 +index 62c9f203a00..fda4177a05b 100644 --- a/pkg/kubelet/cm/pod_container_manager_linux_test.go +++ b/pkg/kubelet/cm/pod_container_manager_linux_test.go @@ -100,8 +100,12 @@ func TestIsCgroupPod(t *testing.T) { @@ -308,7 +308,7 @@ index 62c9f203a0..fda4177a05 100644 qosContainersInfo: qosContainersInfo, } diff --git a/pkg/kubelet/dockershim/docker_service.go b/pkg/kubelet/dockershim/docker_service.go -index 0f07a4ca23..73f622dde9 100644 +index 0f07a4ca236..73f622dde97 100644 --- a/pkg/kubelet/dockershim/docker_service.go +++ b/pkg/kubelet/dockershim/docker_service.go @@ -267,7 +267,8 @@ func NewDockerService(config *ClientConfig, podSandboxImage string, streamingCon @@ -322,7 +322,7 @@ index 0f07a4ca23..73f622dde9 100644 } klog.Infof("Setting cgroupDriver to %s", cgroupDriver) diff --git a/test/e2e_node/node_container_manager_test.go b/test/e2e_node/node_container_manager_test.go -index 98d9b39476..c03baf5181 100644 +index ca25e96afe9..4e656cb5a11 100644 --- a/test/e2e_node/node_container_manager_test.go +++ b/test/e2e_node/node_container_manager_test.go @@ -161,7 +161,10 @@ func runTest(f *framework.Framework) error {