Merge pull request #229 from AkihiroSuda/dev

Dockerfile

@@ -6,25 +6,25 @@
 
 # 2021-04-29T20:26:51Z
 ARG ROOTLESSKIT_COMMIT=e2839766a691861fe65c391c237c7adacad858ee
-# 2021-05-05T17:18:34Z
-ARG CONTAINERD_COMMIT=14316794ad0a33b8688078f770655c9203e4d80d
-# 2021-05-06T03:35:41Z
-ARG CRIO_COMMIT=4d40e65acb9639d167f78ac90e3691e1029934ea
-# 2021-05-24T14:17:38Z
-ARG KUBE_NODE_COMMIT=3464112cf961485bdf95f1cdda36451f81af6984
+# 2021-05-30T03:41:42Z
+ARG CONTAINERD_COMMIT=c8b33ba297d86550dd5e530527cf5d92246d292f
+# 2021-05-30T06:23:31Z
+ARG CRIO_COMMIT=8fcce26e68b3c113a33caed09c2389b4c8b7d3fa
+# 2021-05-29T03:28:24Z
+ARG KUBE_NODE_COMMIT=e6136c0303028d68cac67290d94a60cec167ccdf
 
 # Version definitions (cont.)
-ARG SLIRP4NETNS_RELEASE=v1.1.9
+ARG SLIRP4NETNS_RELEASE=v1.1.10
 ARG CONMON_RELEASE=2.0.27
 ARG CRUN_RELEASE=0.19.1
 ARG FUSE_OVERLAYFS_RELEASE=v1.5.0
 ARG CONTAINERD_FUSE_OVERLAYFS_RELEASE=1.0.2
-ARG KUBE_MASTER_RELEASE=v1.22.0-alpha.1
+ARG KUBE_MASTER_RELEASE=v1.22.0-alpha.2
 # Kube's build script requires KUBE_GIT_VERSION to be set to a semver string
 ARG KUBE_GIT_VERSION=v1.22.0-usernetes
 ARG CNI_PLUGINS_RELEASE=v0.9.1
-ARG FLANNEL_RELEASE=v0.13.0
-ARG ETCD_RELEASE=v3.5.0-alpha.0
+ARG FLANNEL_RELEASE=v0.14.0
+ARG ETCD_RELEASE=v3.5.0-beta.4
 ARG CFSSL_RELEASE=1.5.0
 
 ARG ALPINE_RELEASE=3.13

manifests/coredns.yaml

@@ -100,7 +100,7 @@ spec:
         beta.kubernetes.io/os: linux
       containers:
       - name: coredns
-        image: coredns/coredns:1.8.3
+        image: coredns/coredns:1.8.4
         imagePullPolicy: IfNotPresent
         resources:
           limits:

src/patches/kubernetes/0001-New-feature-gate-KubeletInUserNamespace.patch

@@ -1,4 +1,4 @@
-From c23b75f05c9959d48e0bf6579c35065018348547 Mon Sep 17 00:00:00 2001
+From 2187fa5be19358f44e2083b9ffb32bd747267f45 Mon Sep 17 00:00:00 2001
 From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Date: Mon, 24 May 2021 23:18:02 +0900
 Subject: [PATCH 1/5] New feature gate: KubeletInUserNamespace
@@ -15,13 +15,13 @@ Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
  1 file changed, 9 insertions(+)
 
 diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go
-index 589cb97c52b..eebd4d28de4 100644
+index 2427b194fc6..d91e22ad7c2 100644
 --- a/pkg/features/kube_features.go
 +++ b/pkg/features/kube_features.go
-@@ -733,6 +733,14 @@ const (
+@@ -746,6 +746,14 @@ const (
  	//
- 	// Enables support for 'HostProcess' containers on Windows nodes.
- 	WindowsHostProcessContainers featuregate.Feature = "WindowsHostProcessContainers"
+ 	// Enables apiserver and kubelet to allow up to 32 DNSSearchPaths and up to 2048 DNSSearchListChars.
+ 	ExpandedDNSConfig featuregate.Feature = "ExpandedDNSConfig"
 +
 +	// owner: @AkihiroSuda
 +	// alpha: v1.22
@@ -33,10 +33,10 @@ index 589cb97c52b..eebd4d28de4 100644
  )
 
  func init() {
-@@ -844,6 +852,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
- 	CSIVolumeHealth:                                {Default: false, PreRelease: featuregate.Alpha},
- 	WindowsHostProcessContainers:                   {Default: false, PreRelease: featuregate.Alpha},
+@@ -859,6 +867,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
  	DisableCloudProviders:                          {Default: false, PreRelease: featuregate.Alpha},
+ 	StatefulSetMinReadySeconds:                     {Default: false, PreRelease: featuregate.Alpha},
+ 	ExpandedDNSConfig:                              {Default: false, PreRelease: featuregate.Alpha},
 +	KubeletInUserNamespace:                         {Default: false, PreRelease: featuregate.Alpha},
 
  	// inherited features from generic apiserver, relisted here to get a conflict if it is changed

src/patches/kubernetes/0002-kubelet-cm-ignore-sysctl-error-when-running-in-usern.patch

@@ -1,4 +1,4 @@
-From 89fe19c5785575d40cbad196345d217d01560dcb Mon Sep 17 00:00:00 2001
+From f7e676c8376f7478fb60f252e017fdaa7042808d Mon Sep 17 00:00:00 2001
 From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Date: Tue, 21 Aug 2018 16:45:04 +0900
 Subject: [PATCH 2/5] kubelet/cm: ignore sysctl error when running in userns
@@ -17,7 +17,7 @@ Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
  1 file changed, 8 insertions(+)
 
 diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go
-index 6406e03fa3f..186f886ce47 100644
+index 6406e03fa3f..41364ef2924 100644
 --- a/pkg/kubelet/cm/container_manager_linux.go
 +++ b/pkg/kubelet/cm/container_manager_linux.go
 @@ -33,6 +33,7 @@ import (
@@ -34,10 +34,10 @@ index 6406e03fa3f..186f886ce47 100644
  			if err != nil {
 +				if libcontainersystem.RunningInUserNS() {
 +					if utilfeature.DefaultFeatureGate.Enabled(kubefeatures.KubeletInUserNamespace) {
-+						klog.Warningf("Updating kernel flag failed: %v: %v (running in UserNS, ignoring)", flag, err)
++						klog.V(2).InfoS("Updating kernel flag failed (running in UserNS, ignoring)", "flag", flag, "err", err)
 +						continue
 +					}
-+					klog.Errorf("Updating kernel flag failed: %v: %v (Hint: enable KubeletInUserNamespace feature flag to ignore the error)", flag, err)
++					klog.ErrorS(err, "Updating kernel flag failed (Hint: enable KubeletInUserNamespace feature flag to ignore the error)", "flag", flag)
 +				}
  				errList = append(errList, err)
  			}

src/patches/kubernetes/0003-kube-proxy-allow-running-in-userns.patch

@@ -1,4 +1,4 @@
-From 99752c8ad58425a09d0816dea6ec46a5b50e1eab Mon Sep 17 00:00:00 2001
+From 6b795ac1629a06bf7a6d93df35f969a923655361 Mon Sep 17 00:00:00 2001
 From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Date: Thu, 23 Aug 2018 14:14:44 +0900
 Subject: [PATCH 3/5] kube-proxy: allow running in userns
@@ -11,7 +11,7 @@ Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
  1 file changed, 5 insertions(+), 1 deletion(-)
 
 diff --git a/pkg/proxy/userspace/proxier.go b/pkg/proxy/userspace/proxier.go
-index a2945f6fd08..d4f35de6d56 100644
+index a2945f6fd08..36401abe570 100644
 --- a/pkg/proxy/userspace/proxier.go
 +++ b/pkg/proxy/userspace/proxier.go
 @@ -26,6 +26,7 @@ import (
@@ -30,7 +30,7 @@ index a2945f6fd08..d4f35de6d56 100644
 +		if !libcontainersystem.RunningInUserNS() {
 +			return nil, fmt.Errorf("failed to set open file handler limit to 64000: %v", err)
 +		}
-+		klog.Errorf("failed to set open file handler limit to 64000: %v (running in UserNS, ignoring the error)", err)
++		klog.ErrorS(err, "failed to set open file handler limit to 64000 (running in UserNS, ignoring the error)")
  	}
 
  	proxyPorts := newPortAllocator(pr)

src/patches/kubernetes/0004-kubelet-ignore-dev-kmsg-error-when-runnin-in-userns.patch → src/patches/kubernetes/0004-kubelet-ignore-dev-kmsg-error-when-running-in-userns.patch

@@ -1,7 +1,7 @@
-From 926907649559db5d85c813cc123318c035e61c2e Mon Sep 17 00:00:00 2001
+From 311523aa8d5db2dc13d6feec5acc318e20518616 Mon Sep 17 00:00:00 2001
 From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Date: Mon, 24 May 2021 23:35:22 +0900
-Subject: [PATCH 4/5] kubelet: ignore /dev/kmsg error when runnin in userns
+Subject: [PATCH 4/5] kubelet: ignore /dev/kmsg error when running in userns
 
 oomwatcher.NewWatcher returns "open /dev/kmsg: operation not permitted" error,
 when running with sysctl value `kernel.dmesg_restrict=1`.
@@ -10,11 +10,11 @@ The error is negligible for KubeletInUserNamespace.
 
 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 ---
- pkg/kubelet/kubelet.go | 20 +++++++++++++++++---
- 1 file changed, 17 insertions(+), 3 deletions(-)
+ pkg/kubelet/kubelet.go | 19 ++++++++++++++++---
+ 1 file changed, 16 insertions(+), 3 deletions(-)
 
 diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go
-index 7f390290496..dfce93e34c9 100644
+index 8a9d2518862..ee553ed41a9 100644
 --- a/pkg/kubelet/kubelet.go
 +++ b/pkg/kubelet/kubelet.go
 @@ -37,6 +37,7 @@ import (
@@ -25,7 +25,7 @@ index 7f390290496..dfce93e34c9 100644
  	v1 "k8s.io/api/core/v1"
  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
  	"k8s.io/apimachinery/pkg/fields"
-@@ -479,7 +480,18 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
+@@ -479,7 +480,17 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
 
  	oomWatcher, err := oomwatcher.NewWatcher(kubeDeps.Recorder)
  	if err != nil {
@@ -36,16 +36,15 @@ index 7f390290496..dfce93e34c9 100644
 +		// oomwatcher.NewWatcher returns "open /dev/kmsg: operation not permitted" error,
 +		// when running with sysctl value `kernel.dmesg_restrict=1`.
 +		if !utilfeature.DefaultFeatureGate.Enabled(features.KubeletInUserNamespace) {
-+			klog.Errorf("Failed to create an oomWatcher: %v (running in UserNS, Hint: enable KubeletInUserNamespace feature flag to ignore the error)",
-+				err)
++			klog.ErrorS(err, "Failed to create an oomWatcher (running in UserNS, Hint: enable KubeletInUserNamespace feature flag to ignore the error)")
 +			return nil, err
 +		}
-+		klog.Warningf("Failed to create an oomWatcher: %v (running in UserNS, ignoring)", err)
++		klog.V(2).InfoS("Failed to create an oomWatcher (running in UserNS, ignoring)", "err", err)
 +		oomWatcher = nil
  	}
 
  	clusterDNS := make([]net.IP, 0, len(kubeCfg.ClusterDNS))
-@@ -1356,8 +1368,10 @@ func (kl *Kubelet) initializeModules() error {
+@@ -1356,8 +1367,10 @@ func (kl *Kubelet) initializeModules() error {
  	}
 
  	// Start out of memory watcher.

src/patches/kubernetes/0005-Not-for-Upstream-kubelet-new-cgroup-driver-none.patch

@@ -1,4 +1,4 @@
-From ba728da0ea44e25c294991ff2ead6d653c786974 Mon Sep 17 00:00:00 2001
+From 42b1cb8a8c4d30a896471af59f0634b6dc6e1b56 Mon Sep 17 00:00:00 2001
 From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Date: Sun, 2 Jun 2019 18:39:05 +0900
 Subject: [PATCH 5/5] [Not for Upstream] kubelet: new cgroup driver: "none"
@@ -17,7 +17,7 @@ Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
  4 files changed, 88 insertions(+), 20 deletions(-)
 
 diff --git a/cmd/kubelet/app/options/options.go b/cmd/kubelet/app/options/options.go
-index 2cd28ac56b4..c23b3341483 100644
+index f084dfa2584..c3e3c53d688 100644
 --- a/cmd/kubelet/app/options/options.go
 +++ b/cmd/kubelet/app/options/options.go
 @@ -479,7 +479,7 @@ func AddKubeletConfigFlags(mainfs *pflag.FlagSet, c *kubeletconfig.KubeletConfig