From ee411bf84539ee161ec7790328c8c6a65423bbcf Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Mon, 3 Jun 2019 00:35:11 +0900
Subject: [PATCH] update patches

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 ...e-sysctl-error-when-running-in-usern.patch | 12 ++--
 ...e-GetCheckpoint-error-when-running-i.patch | 59 -------------------
 ...-kube-proxy-allow-running-in-userns.patch} | 30 +++++-----
 ...eature-gate-SupportNoneCgroupDriver.patch} |  6 +-
 4 files changed, 24 insertions(+), 83 deletions(-)
 delete mode 100644 src/patches/kubernetes/0002-dockershim-ignore-GetCheckpoint-error-when-running-i.patch
 rename src/patches/kubernetes/{0003-kube-proxy-allow-running-in-userns.patch => 0002-kube-proxy-allow-running-in-userns.patch} (84%)
 rename src/patches/kubernetes/{0004-kubelet-new-feature-gate-SupportNoneCgroupDriver.patch => 0003-kubelet-new-feature-gate-SupportNoneCgroupDriver.patch} (98%)

diff --git a/src/patches/kubernetes/0001-kubelet-cm-ignore-sysctl-error-when-running-in-usern.patch b/src/patches/kubernetes/0001-kubelet-cm-ignore-sysctl-error-when-running-in-usern.patch
index bae3982..5e41136 100644
--- a/src/patches/kubernetes/0001-kubelet-cm-ignore-sysctl-error-when-running-in-usern.patch
+++ b/src/patches/kubernetes/0001-kubelet-cm-ignore-sysctl-error-when-running-in-usern.patch
@@ -1,7 +1,7 @@
-From 920ceaac6fbfb6fa736d77a25e3b6a7301c3e4df Mon Sep 17 00:00:00 2001
+From ed9a36a98cea46e615d2dc14ff71919806682e66 Mon Sep 17 00:00:00 2001
 From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Date: Tue, 21 Aug 2018 16:45:04 +0900
-Subject: [PATCH 1/4] kubelet/cm: ignore sysctl error when running in userns
+Subject: [PATCH 1/3] kubelet/cm: ignore sysctl error when running in userns
 
 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 ---
@@ -22,14 +22,14 @@ index 0d7f868d26..f8014c4e88 100644
          ],
          "@io_bazel_rules_go//go/platform:nacl": [
 diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go
-index a1f7ff1cc7..fac21eb28f 100644
+index a1f7ff1cc7..8116edcb63 100644
 --- a/pkg/kubelet/cm/container_manager_linux.go
 +++ b/pkg/kubelet/cm/container_manager_linux.go
 @@ -32,6 +32,7 @@ import (
  	"github.com/opencontainers/runc/libcontainer/cgroups"
  	"github.com/opencontainers/runc/libcontainer/cgroups/fs"
  	"github.com/opencontainers/runc/libcontainer/configs"
-+	rsystem "github.com/opencontainers/runc/libcontainer/system"
++	libcontainersystem "github.com/opencontainers/runc/libcontainer/system"
  	"k8s.io/klog"
  
  	v1 "k8s.io/api/core/v1"
@@ -38,8 +38,8 @@ index a1f7ff1cc7..fac21eb28f 100644
  			err = sysctl.SetSysctl(flag, expectedValue)
  			if err != nil {
 -				errList = append(errList, err)
-+				if rsystem.RunningInUserNS() {
-+					klog.Warningf("Updating kernel flag failed: %v: %v", flag, err)
++				if libcontainersystem.RunningInUserNS() {
++					klog.Warningf("Updating kernel flag failed: %v: %v (running in UserNS)", flag, err)
 +				} else {
 +					errList = append(errList, err)
 +				}
diff --git a/src/patches/kubernetes/0002-dockershim-ignore-GetCheckpoint-error-when-running-i.patch b/src/patches/kubernetes/0002-dockershim-ignore-GetCheckpoint-error-when-running-i.patch
deleted file mode 100644
index e8d065a..0000000
--- a/src/patches/kubernetes/0002-dockershim-ignore-GetCheckpoint-error-when-running-i.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From e1971490ddece3b9cf3cc0806e795d2e4ec3836c Mon Sep 17 00:00:00 2001
-From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
-Date: Tue, 21 Aug 2018 16:48:27 +0900
-Subject: [PATCH 2/4] dockershim: ignore GetCheckpoint error when running in
- userns
-
-Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
----
- pkg/kubelet/dockershim/BUILD             |  1 +
- pkg/kubelet/dockershim/docker_sandbox.go | 14 +++++++++-----
- 2 files changed, 10 insertions(+), 5 deletions(-)
-
-diff --git a/pkg/kubelet/dockershim/BUILD b/pkg/kubelet/dockershim/BUILD
-index d73a27b007..c9e066dbcc 100644
---- a/pkg/kubelet/dockershim/BUILD
-+++ b/pkg/kubelet/dockershim/BUILD
-@@ -72,6 +72,7 @@ go_library(
-         "//vendor/github.com/docker/docker/pkg/jsonmessage:go_default_library",
-         "//vendor/github.com/docker/go-connections/nat:go_default_library",
-         "//vendor/k8s.io/klog:go_default_library",
-+        "//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library",
-         "//vendor/k8s.io/utils/exec:go_default_library",
-     ] + select({
-         "@io_bazel_rules_go//go/platform:windows": [
-diff --git a/pkg/kubelet/dockershim/docker_sandbox.go b/pkg/kubelet/dockershim/docker_sandbox.go
-index 5d721148bb..4add35269a 100644
---- a/pkg/kubelet/dockershim/docker_sandbox.go
-+++ b/pkg/kubelet/dockershim/docker_sandbox.go
-@@ -27,6 +27,8 @@ import (
- 	dockertypes "github.com/docker/docker/api/types"
- 	dockercontainer "github.com/docker/docker/api/types/container"
- 	dockerfilters "github.com/docker/docker/api/types/filters"
-+	rsystem "github.com/opencontainers/runc/libcontainer/system"
-+
- 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
- 	runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
- 	"k8s.io/klog"
-@@ -535,11 +537,13 @@ func (ds *dockerService) ListPodSandbox(_ context.Context, r *runtimeapi.ListPod
- 		checkpoint := NewPodSandboxCheckpoint("", "", &CheckpointData{})
- 		err := ds.checkpointManager.GetCheckpoint(id, checkpoint)
- 		if err != nil {
--			klog.Errorf("Failed to retrieve checkpoint for sandbox %q: %v", id, err)
--			if err == errors.ErrCorruptCheckpoint {
--				err = ds.checkpointManager.RemoveCheckpoint(id)
--				if err != nil {
--					klog.Errorf("Failed to delete corrupt checkpoint for sandbox %q: %v", id, err)
-+			if !rsystem.RunningInUserNS() {
-+				klog.Errorf("Failed to retrieve checkpoint for sandbox %q: %v", id, err)
-+				if err == errors.ErrCorruptCheckpoint {
-+					err = ds.checkpointManager.RemoveCheckpoint(id)
-+					if err != nil {
-+						klog.Errorf("Failed to delete corrupt checkpoint for sandbox %q: %v", id, err)
-+					}
- 				}
- 			}
- 			continue
--- 
-2.20.1
-
diff --git a/src/patches/kubernetes/0003-kube-proxy-allow-running-in-userns.patch b/src/patches/kubernetes/0002-kube-proxy-allow-running-in-userns.patch
similarity index 84%
rename from src/patches/kubernetes/0003-kube-proxy-allow-running-in-userns.patch
rename to src/patches/kubernetes/0002-kube-proxy-allow-running-in-userns.patch
index cd09a4c..d8b3f53 100644
--- a/src/patches/kubernetes/0003-kube-proxy-allow-running-in-userns.patch
+++ b/src/patches/kubernetes/0002-kube-proxy-allow-running-in-userns.patch
@@ -1,7 +1,7 @@
-From 952ae7b8fa69d91f83ed89b379841cddc8a97761 Mon Sep 17 00:00:00 2001
+From 1c30b8976da49e50c11a214dd4a3be66571094f4 Mon Sep 17 00:00:00 2001
 From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Date: Thu, 23 Aug 2018 14:14:44 +0900
-Subject: [PATCH 3/4] kube-proxy: allow running in userns
+Subject: [PATCH 2/3] kube-proxy: allow running in userns
 
 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 ---
@@ -24,23 +24,23 @@ index 552a6cae68..35843c710b 100644
          "//vendor/github.com/spf13/cobra:go_default_library",
          "//vendor/github.com/spf13/pflag:go_default_library",
 diff --git a/cmd/kube-proxy/app/server_others.go b/cmd/kube-proxy/app/server_others.go
-index 1b31497db0..3f90e5cea8 100644
+index 1b31497db0..32310a603a 100644
 --- a/cmd/kube-proxy/app/server_others.go
 +++ b/cmd/kube-proxy/app/server_others.go
-@@ -46,6 +46,7 @@ import (
- 	utilnode "k8s.io/kubernetes/pkg/util/node"
- 	utilsysctl "k8s.io/kubernetes/pkg/util/sysctl"
- 	"k8s.io/utils/exec"
-+	rsystem "github.com/opencontainers/runc/libcontainer/system"
+@@ -25,6 +25,7 @@ import (
+ 	"fmt"
+ 	"net"
  
- 	"k8s.io/klog"
- )
++	libcontainersystem "github.com/opencontainers/runc/libcontainer/system"
+ 	"k8s.io/api/core/v1"
+ 	"k8s.io/apimachinery/pkg/runtime"
+ 	"k8s.io/apimachinery/pkg/types"
 @@ -214,6 +215,12 @@ func newProxyServer(
  
  	iptInterface.AddReloadFunc(proxier.Sync)
  
 +	var connTracker Conntracker
-+	if !rsystem.RunningInUserNS(){
++	if !libcontainersystem.RunningInUserNS() {
 +		// if we are in userns, sysctl does not work and connTracker should be kept nil
 +		connTracker = &realConntracker{}
 +	}
@@ -70,14 +70,14 @@ index 87e3da69e9..92ee648153 100644
      ] + select({
          "@io_bazel_rules_go//go/platform:android": [
 diff --git a/pkg/proxy/userspace/proxier.go b/pkg/proxy/userspace/proxier.go
-index ae55842b30..40d13d981a 100644
+index ae55842b30..06d3682cb4 100644
 --- a/pkg/proxy/userspace/proxier.go
 +++ b/pkg/proxy/userspace/proxier.go
 @@ -26,6 +26,7 @@ import (
  	"sync/atomic"
  	"time"
  
-+	rsystem "github.com/opencontainers/runc/libcontainer/system"
++	libcontainersystem "github.com/opencontainers/runc/libcontainer/system"
  	"k8s.io/api/core/v1"
  	"k8s.io/apimachinery/pkg/types"
  	utilerrors "k8s.io/apimachinery/pkg/util/errors"
@@ -86,8 +86,8 @@ index ae55842b30..40d13d981a 100644
  	err = setRLimit(64 * 1000)
  	if err != nil {
 -		return nil, fmt.Errorf("failed to set open file handler limit: %v", err)
-+		if !rsystem.RunningInUserNS() {
-+			return nil, fmt.Errorf("failed to set open file handler limit to 64000: %v", err)
++		if !libcontainersystem.RunningInUserNS() {
++			return nil, fmt.Errorf("failed to set open file handler limit to 64000: %v (running in UserNS)", err)
 +		}
 +		klog.Errorf("failed to set open file handler limit to 64000: %v", err)
  	}
diff --git a/src/patches/kubernetes/0004-kubelet-new-feature-gate-SupportNoneCgroupDriver.patch b/src/patches/kubernetes/0003-kubelet-new-feature-gate-SupportNoneCgroupDriver.patch
similarity index 98%
rename from src/patches/kubernetes/0004-kubelet-new-feature-gate-SupportNoneCgroupDriver.patch
rename to src/patches/kubernetes/0003-kubelet-new-feature-gate-SupportNoneCgroupDriver.patch
index f673a1e..dff2a52 100644
--- a/src/patches/kubernetes/0004-kubelet-new-feature-gate-SupportNoneCgroupDriver.patch
+++ b/src/patches/kubernetes/0003-kubelet-new-feature-gate-SupportNoneCgroupDriver.patch
@@ -1,7 +1,7 @@
-From 7a74a42558ee3a43f707c30f8fbd6e1a853253b5 Mon Sep 17 00:00:00 2001
+From 25792602eb2cf2d0ee62f454c6093081a6b31153 Mon Sep 17 00:00:00 2001
 From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Date: Sun, 2 Jun 2019 18:39:05 +0900
-Subject: [PATCH 4/4] kubelet: new feature gate: SupportNoneCgroupDriver
+Subject: [PATCH 3/3] kubelet: new feature gate: SupportNoneCgroupDriver
 
 The "none" driver is expected to be used in "rootless" mode until OCI/CRI runtime
 get support for cgroup2 (unified) mode with nsdelegate.
@@ -264,7 +264,7 @@ index 5d77ed7a45..5654d737fd 100644
  
  func (m *unsupportedCgroupManager) Name(_ CgroupName) string {
 diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go
-index fac21eb28f..22387926e7 100644
+index 8116edcb63..9157822e9b 100644
 --- a/pkg/kubelet/cm/container_manager_linux.go
 +++ b/pkg/kubelet/cm/container_manager_linux.go
 @@ -244,7 +244,10 @@ func NewContainerManager(mountUtil mount.Interface, cadvisorInterface cadvisor.I