Update containerd to 1.4.0-beta.2 and K8s to 1.19.0-rc.0

This unbreaks bbolt (as part of containerd) on 1.14+ (see etcd-io/bbolt#201 and etcd-io/bbolt#220), pulls in my patch to ignore image-defined volumes (containerd/cri#1504) and gets us some robustness fixes in containerd CNI/CRI integration (containerd/cri#1405). This also updates K8s at the same time since they share a lot of dependencies and only updating one is very annoying. On the K8s side we mostly get the standard stream of fixes plus some patches that are no longer necessary. One annoying on the K8s side (but with no impact to the functionality) are these messages in the logs of various components: ``` W0714 11:51:26.323590 1 warnings.go:67] policy/v1beta1 PodSecurityPolicy is deprecated in v1.22+, unavailable in v1.25+ ``` They are caused by KEP-1635, but there's not explanation why this gets logged so aggressively considering the operators cannot do anything about it. There's no newer version of PodSecurityPolicy and you are pretty much required to use it if you use RBAC. Test Plan: Covered by existing tests Bug: T753 X-Origin-Diff: phab/D597 GitOrigin-RevId: f6c447da1de037c27646f9ec9f45ebd5d6660ab0
monogon-dev · Jul 14, 2020 · b876fc3 · b876fc3
1 parent 78fd972
commit b876fc3
Show file tree

Hide file tree

Showing 12 changed files with 994 additions and 688 deletions.
diff --git a/build/fietsje/deps_containerd.go b/build/fietsje/deps_containerd.go
@@ -18,7 +18,7 @@ package main
 
 func depsContainerd(p *planner) {
 	p.collectOverride(
-		"github.com/containerd/containerd", "8e685f78cf66e2901b2fbed2fdddd64449a74ab9",
+		"github.com/containerd/containerd", "v1.4.0-beta.2",
 		buildTags("no_zfs", "no_aufs", "no_devicemapper", "no_btrfs"),
 		disabledProtoBuild,
 	).use(
@@ -33,21 +33,24 @@ func depsContainerd(p *planner) {
 		"github.com/containerd/fifo",
 		"github.com/containerd/go-cni",
 		"github.com/containerd/go-runc",
+		"github.com/containerd/imgcrypt",
+		"github.com/containers/ocicrypt",
 		"github.com/containerd/ttrpc",
 		"github.com/containerd/typeurl",
 		"github.com/containernetworking/cni",
 		"github.com/coreos/go-systemd/v22",
-		"github.com/cpuguy83/go-md2man",
+		"github.com/cpuguy83/go-md2man/v2",
 		"github.com/davecgh/go-spew",
-		"github.com/docker/distribution",
 		"github.com/docker/docker",
 		"github.com/docker/go-events",
 		"github.com/docker/go-metrics",
 		"github.com/docker/go-units",
 		"github.com/docker/spdystream",
 		"github.com/emicklei/go-restful",
+		"github.com/fullsailor/pkcs7",
 		"github.com/godbus/dbus/v5",
 		"github.com/gogo/protobuf",
+		"github.com/go-logr/logr",
 		"github.com/google/gofuzz",
 		"github.com/google/uuid",
 		"github.com/hashicorp/errwrap",
@@ -68,10 +71,9 @@ func depsContainerd(p *planner) {
 		"github.com/prometheus/client_model",
 		"github.com/prometheus/common",
 		"github.com/prometheus/procfs",
-		"github.com/russross/blackfriday",
+		"github.com/russross/blackfriday/v2",
 		"github.com/seccomp/libseccomp-golang",
 		"github.com/sirupsen/logrus",
-		"github.com/stretchr/testify",
 		"github.com/syndtr/gocapability",
 		"github.com/tchap/go-patricia",
 		"github.com/urfave/cli",
@@ -84,8 +86,7 @@ func depsContainerd(p *planner) {
 		"google.golang.org/genproto",
 		"gopkg.in/inf.v0",
 		"gopkg.in/yaml.v2",
-		"gotest.tools",
-		"k8s.io/klog",
+		"k8s.io/klog/v2",
 		"sigs.k8s.io/yaml",
 	).with(disabledProtoBuild).use(
 		"github.com/Microsoft/hcsshim",

diff --git a/build/fietsje/deps_kubernetes.go b/build/fietsje/deps_kubernetes.go
@@ -19,7 +19,7 @@ package main
 func depsKubernetes(p *planner) {
 	// containerd and its deps
 	p.collect(
-		"k8s.io/kubernetes", "v1.19.0-alpha.2",
+		"k8s.io/kubernetes", "v1.19.0-rc.0",
 		buildTags("providerless"),
 		disabledProtoBuild,
 		patches(
@@ -69,7 +69,7 @@ func depsKubernetes(p *planner) {
 		"github.com/bgentry/speakeasy",
 		"github.com/blang/semver",
 		"github.com/chai2010/gettext-go",
-		"github.com/checkpoint-restore/go-criu",
+		"github.com/checkpoint-restore/go-criu/v4",
 		"github.com/container-storage-interface/spec",
 		"github.com/coreos/go-oidc",
 		"github.com/coreos/go-semver",
@@ -79,6 +79,7 @@ func depsKubernetes(p *planner) {
 		"github.com/daviddengcn/go-colortext",
 		"github.com/dgrijalva/jwt-go",
 		"github.com/docker/go-connections",
+		"github.com/docker/distribution",
 		"github.com/dustin/go-humanize",
 		"github.com/euank/go-kmsg-parser",
 		"github.com/evanphx/json-patch",
@@ -115,9 +116,11 @@ func depsKubernetes(p *planner) {
 		"github.com/mattn/go-isatty",
 		"github.com/mattn/go-runewidth",
 		"github.com/mindprince/gonvml",
+		"github.com/mistifyio/go-zfs",
 		"github.com/mitchellh/go-wordwrap",
 		"github.com/mitchellh/mapstructure",
 		"github.com/moby/term",
+		"github.com/moby/sys/mountinfo",
 		"github.com/morikuni/aec",
 		"github.com/mrunalp/fileutils",
 		"github.com/munnerz/goautoneg",
@@ -126,9 +129,11 @@ func depsKubernetes(p *planner) {
 		"github.com/peterbourgon/diskv",
 		"github.com/pquerna/cachecontrol",
 		"github.com/robfig/cron",
+		"github.com/russross/blackfriday",
 		"github.com/soheilhy/cmux",
 		"github.com/spf13/afero",
 		"github.com/spf13/pflag",
+		"github.com/stretchr/testify",
 		"github.com/tmc/grpc-websocket-proxy",
 		"github.com/vishvananda/netlink",
 		"github.com/vishvananda/netns",
@@ -148,7 +153,7 @@ func depsKubernetes(p *planner) {
 		"sigs.k8s.io/kustomize",
 		"sigs.k8s.io/structured-merge-diff/v3",
 		"vbom.ml/util",
-	).with(patches("cadvisor.patch", "cadvisor-build.patch")).use(
+	).use(
 		"github.com/google/cadvisor",
 	).with(disabledProtoBuild).use(
 		"go.etcd.io/etcd",

diff --git a/build/print-workspace-status.sh b/build/print-workspace-status.sh
@@ -16,7 +16,7 @@ fi
 # TODO(q3k): unify with //third_party/go/repsitories.bzl.
 KUBERNETES_gitMajor="1"
 KUBERNETES_gitMinor="19"
-KUBERNETES_gitVersion="v1.19.0-alpha.2+nxt"
+KUBERNETES_gitVersion="v1.19.0-rc.0+nxt"
 
 cat <<EOF
 KUBERNETES_gitCommit $(git rev-parse "HEAD^{commit}")

diff --git a/core/internal/containerd/config.toml b/core/internal/containerd/config.toml
@@ -57,6 +57,7 @@ oom_score = 0
     stats_collect_period = 10
     systemd_cgroup = false
     enable_tls_streaming = false
+    ignore_image_defined_volumes = true
     max_container_log_line_size = 16384
     disable_cgroup = false
     disable_apparmor = true

diff --git a/nogo_config.json b/nogo_config.json
@@ -42,7 +42,8 @@
       "external/com_github_ghodss_yaml": "third_party",
       "external/io_k8s_kubectl": "third_party",
       "external/org_golang_google_protobuf/": "third_party",
-      "external/com_github_shirou_gopsutil/": "unreachable"
+      "external/com_github_shirou_gopsutil/": "unreachable",
+      "external/io_k8s_apimachinery/": "third_party"
     }
   },
   "assign": {

diff --git a/third_party/go/patches/cadvisor-build.patch b/third_party/go/patches/cadvisor-build.patch