Merge pull request #98 from AkihiroSuda/a

update patches
rootless-containers · Jun 2, 2019 · 23a8c58 · 23a8c58
2 parents 297f077 + ee411bf
commit 23a8c58
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 83 deletions.
diff --git a/src/patches/kubernetes/0001-kubelet-cm-ignore-sysctl-error-when-running-in-usern.patch b/src/patches/kubernetes/0001-kubelet-cm-ignore-sysctl-error-when-running-in-usern.patch
@@ -1,7 +1,7 @@
-From 920ceaac6fbfb6fa736d77a25e3b6a7301c3e4df Mon Sep 17 00:00:00 2001
+From ed9a36a98cea46e615d2dc14ff71919806682e66 Mon Sep 17 00:00:00 2001
 From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Date: Tue, 21 Aug 2018 16:45:04 +0900
-Subject: [PATCH 1/4] kubelet/cm: ignore sysctl error when running in userns
+Subject: [PATCH 1/3] kubelet/cm: ignore sysctl error when running in userns
 
 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 ---
@@ -22,14 +22,14 @@ index 0d7f868d26..f8014c4e88 100644
          ],
          "@io_bazel_rules_go//go/platform:nacl": [
 diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go
-index a1f7ff1cc7..fac21eb28f 100644
+index a1f7ff1cc7..8116edcb63 100644
 --- a/pkg/kubelet/cm/container_manager_linux.go
 +++ b/pkg/kubelet/cm/container_manager_linux.go
 @@ -32,6 +32,7 @@ import (
  	"github.com/opencontainers/runc/libcontainer/cgroups"
  	"github.com/opencontainers/runc/libcontainer/cgroups/fs"
  	"github.com/opencontainers/runc/libcontainer/configs"
-+	rsystem "github.com/opencontainers/runc/libcontainer/system"
++	libcontainersystem "github.com/opencontainers/runc/libcontainer/system"
  	"k8s.io/klog"
 
  	v1 "k8s.io/api/core/v1"
@@ -38,8 +38,8 @@ index a1f7ff1cc7..fac21eb28f 100644
  			err = sysctl.SetSysctl(flag, expectedValue)
  			if err != nil {
 -				errList = append(errList, err)
-+				if rsystem.RunningInUserNS() {
-+					klog.Warningf("Updating kernel flag failed: %v: %v", flag, err)
++				if libcontainersystem.RunningInUserNS() {
++					klog.Warningf("Updating kernel flag failed: %v: %v (running in UserNS)", flag, err)
 +				} else {
 +					errList = append(errList, err)
 +				}

diff --git a/src/patches/kubernetes/0002-dockershim-ignore-GetCheckpoint-error-when-running-i.patch b/src/patches/kubernetes/0002-dockershim-ignore-GetCheckpoint-error-when-running-i.patch
diff --git a/...-kube-proxy-allow-running-in-userns.patch → ...-kube-proxy-allow-running-in-userns.patch b/...-kube-proxy-allow-running-in-userns.patch → ...-kube-proxy-allow-running-in-userns.patch
@@ -1,7 +1,7 @@
-From 952ae7b8fa69d91f83ed89b379841cddc8a97761 Mon Sep 17 00:00:00 2001
+From 1c30b8976da49e50c11a214dd4a3be66571094f4 Mon Sep 17 00:00:00 2001
 From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Date: Thu, 23 Aug 2018 14:14:44 +0900
-Subject: [PATCH 3/4] kube-proxy: allow running in userns
+Subject: [PATCH 2/3] kube-proxy: allow running in userns
 
 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 ---
@@ -24,23 +24,23 @@ index 552a6cae68..35843c710b 100644
          "//vendor/github.com/spf13/cobra:go_default_library",
          "//vendor/github.com/spf13/pflag:go_default_library",
 diff --git a/cmd/kube-proxy/app/server_others.go b/cmd/kube-proxy/app/server_others.go
-index 1b31497db0..3f90e5cea8 100644
+index 1b31497db0..32310a603a 100644
 --- a/cmd/kube-proxy/app/server_others.go
 +++ b/cmd/kube-proxy/app/server_others.go
-@@ -46,6 +46,7 @@ import (
- 	utilnode "k8s.io/kubernetes/pkg/util/node"
- 	utilsysctl "k8s.io/kubernetes/pkg/util/sysctl"
- 	"k8s.io/utils/exec"
-+	rsystem "github.com/opencontainers/runc/libcontainer/system"
+@@ -25,6 +25,7 @@ import (
+ 	"fmt"
+ 	"net"
 
- 	"k8s.io/klog"
- )
++	libcontainersystem "github.com/opencontainers/runc/libcontainer/system"
+ 	"k8s.io/api/core/v1"
+ 	"k8s.io/apimachinery/pkg/runtime"
+ 	"k8s.io/apimachinery/pkg/types"
 @@ -214,6 +215,12 @@ func newProxyServer(
 
  	iptInterface.AddReloadFunc(proxier.Sync)
 
 +	var connTracker Conntracker
-+	if !rsystem.RunningInUserNS(){
++	if !libcontainersystem.RunningInUserNS() {
 +		// if we are in userns, sysctl does not work and connTracker should be kept nil
 +		connTracker = &realConntracker{}
 +	}
@@ -70,14 +70,14 @@ index 87e3da69e9..92ee648153 100644
      ] + select({
          "@io_bazel_rules_go//go/platform:android": [
 diff --git a/pkg/proxy/userspace/proxier.go b/pkg/proxy/userspace/proxier.go
-index ae55842b30..40d13d981a 100644
+index ae55842b30..06d3682cb4 100644
 --- a/pkg/proxy/userspace/proxier.go
 +++ b/pkg/proxy/userspace/proxier.go
 @@ -26,6 +26,7 @@ import (
  	"sync/atomic"
  	"time"
 
-+	rsystem "github.com/opencontainers/runc/libcontainer/system"
++	libcontainersystem "github.com/opencontainers/runc/libcontainer/system"
  	"k8s.io/api/core/v1"
  	"k8s.io/apimachinery/pkg/types"
  	utilerrors "k8s.io/apimachinery/pkg/util/errors"
@@ -86,8 +86,8 @@ index ae55842b30..40d13d981a 100644
  	err = setRLimit(64 * 1000)
  	if err != nil {
 -		return nil, fmt.Errorf("failed to set open file handler limit: %v", err)
-+		if !rsystem.RunningInUserNS() {
-+			return nil, fmt.Errorf("failed to set open file handler limit to 64000: %v", err)
++		if !libcontainersystem.RunningInUserNS() {
++			return nil, fmt.Errorf("failed to set open file handler limit to 64000: %v (running in UserNS)", err)
 +		}
 +		klog.Errorf("failed to set open file handler limit to 64000: %v", err)
  	}

diff --git a/...eature-gate-SupportNoneCgroupDriver.patch → ...eature-gate-SupportNoneCgroupDriver.patch b/...eature-gate-SupportNoneCgroupDriver.patch → ...eature-gate-SupportNoneCgroupDriver.patch
@@ -1,7 +1,7 @@
-From 7a74a42558ee3a43f707c30f8fbd6e1a853253b5 Mon Sep 17 00:00:00 2001
+From 25792602eb2cf2d0ee62f454c6093081a6b31153 Mon Sep 17 00:00:00 2001
 From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Date: Sun, 2 Jun 2019 18:39:05 +0900
-Subject: [PATCH 4/4] kubelet: new feature gate: SupportNoneCgroupDriver
+Subject: [PATCH 3/3] kubelet: new feature gate: SupportNoneCgroupDriver
 
 The "none" driver is expected to be used in "rootless" mode until OCI/CRI runtime
 get support for cgroup2 (unified) mode with nsdelegate.
@@ -264,7 +264,7 @@ index 5d77ed7a45..5654d737fd 100644
 
  func (m *unsupportedCgroupManager) Name(_ CgroupName) string {
 diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go
-index fac21eb28f..22387926e7 100644
+index 8116edcb63..9157822e9b 100644
 --- a/pkg/kubelet/cm/container_manager_linux.go
 +++ b/pkg/kubelet/cm/container_manager_linux.go
 @@ -244,7 +244,10 @@ func NewContainerManager(mountUtil mount.Interface, cadvisorInterface cadvisor.I