Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.21] bump runc to 1.0.2 #104530

Merged
merged 3 commits into from Aug 31, 2021
Merged

[1.21] bump runc to 1.0.2 #104530

merged 3 commits into from Aug 31, 2021

Conversation

kolyshkin
Copy link
Contributor

@kolyshkin kolyshkin commented Aug 23, 2021
edited by liggitt

What type of PR is this?

/kind bug

What this PR does / why we need it:

Bumping runc dependency to 1.0.2, fixing a few issues.

For runc release notes, see

Which issue(s) this PR fixes:

Fixes: #102676
Fixes: #104280

Special notes for your reviewer:

This is a manual partial backport of #104528 to release-1.21 branch, replacing #103746.

Does this PR introduce a user-facing change?

Fixes a regression in 1.21.2.
Fixed occasional pod cgroup freeze when using cgroup v1 and systemd driver.
Fixed "failed to create container ... unit already exists" when using cgroup v1 and systemd driver.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

none

liggitt and others added 3 commits August 23, 2021 14:44
@liggitt @kolyshkin
Switch to non-deprecated timestamppb.Now()
510f4b8 
(cherry picked from commit ff2c614)

[kolyshkin: run ./hack/update-vendor.sh]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin
vendor: bump runc to 1.0.2
a974d93 
The commands used were:

	hack/pin-dependency.sh github.com/opencontainers/runc v1.0.2
	hack/lint-dependencies.sh
	# Follow its recommendations.
	hack/pin-dependency.sh github.com/cilium/ebpf v0.6.2
	hack/pin-dependency.sh github.com/coreos/go-systemd/v22 v22.3.2
	hack/pin-dependency.sh github.com/opencontainers/selinux v1.8.2
	hack/pin-dependency.sh github.com/sirupsen/logrus v1.8.1
	# Repeat.
	hack/lint-dependencies.sh
	hack/pin-dependency.sh google.golang.org/protobuf v1.26.0
	GO111MODULE=on go mod edit -dropreplace github.com/willf/bitset
	# Update vendor.
	hack/update-vendor.sh
	git add vendor
	git add LICENSES/
	git status
	# Repeat.
	hack/lint-dependencies.sh
	hack/pin-dependency.sh github.com/golang/protobuf v1.5.0
	hack/pin-dependency.sh github.com/google/go-cmp v0.5.5
	hack/update-vendor.sh
	git status
	git add vendor/
	git status
	# Recheck.
	hack/lint-dependencies.sh
	hack/update-internal-modules.sh
	git status

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin
pkg/kubelet/cm: use SkipFreezeOnSet
227258a 
This is a knob added by runc 1.0.2 specifically for kubernetes,
which tells runc/libcontainer/cgroups/systemd v1 manager to not
freeze the cgroup in Set().

We set this knob here because this code is only used for pods
(rather than containers) management, and in this place we create or
update the pod cgroup with no device limits set, so we can skip the
freeze.

If this knob is not set, libcontainer's cgroup v1 manager tries to
figure out whether the freeze is needed or not, but it's a somewhat
expensive check to perform, thus the knob is a shortcut.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@k8s-ci-robot k8s-ci-robot added this to the v1.21 milestone Aug 23, 2021
@k8s-ci-robot k8s-ci-robot added do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. release-note-none Denotes a PR that doesn't merit a release note. kind/bug Categorizes issue or PR as related to a bug. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Aug 23, 2021
@k8s-ci-robot
Copy link
Contributor

Hi @kolyshkin. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-priority Indicates a PR lacks a `priority/foo` label and requires one. area/apiserver area/cloudprovider area/code-generation area/dependency Issues or PRs related to dependency changes area/kubectl area/kubelet labels Aug 23, 2021
@k8s-ci-robot k8s-ci-robot added area/test sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Aug 23, 2021
@kolyshkin
Copy link
Contributor Author

were the changes to pkg that accompanied the runc 1.0.1 bump (#103743) required?

@liggitt Do you mean e5b434e?

This is more of a cleanup (cosmetic change), not really required (if SkipDevices is set, it's ignored).

I decided to not backport it in order to limit the amount of changes (should have mentioned that in PR description). If you want I can add it.

@liggitt
Copy link
Member

liggitt commented Aug 30, 2021

yeah, that's the commit I was referring to. if it's not required, that's fine... I couldn't tell

/approve

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 30, 2021
@liggitt
Copy link
Member

liggitt commented Aug 30, 2021

cc @kubernetes/release-managers

saschagrunert
saschagrunert approved these changes Aug 31, 2021
View reviewed changes
Copy link
Member

@saschagrunert saschagrunert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@saschagrunert saschagrunert added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. and removed do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. labels Aug 31, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kolyshkin, liggitt, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@saschagrunert
Copy link
Member

/test pull-kubernetes-node-e2e

@k8s-ci-robot k8s-ci-robot merged commit cd39757 into kubernetes:release-1.21 Aug 31, 2021
@odinuge odinuge mentioned this pull request Sep 14, 2021
Closed
@openshift-ci-robot openshift-ci-robot mentioned this pull request Sep 17, 2021
Merged
This was referenced Oct 9, 2021
Closed
Merged
@smoke smoke mentioned this pull request Oct 12, 2021
Open
@openshift-ci-robot openshift-ci-robot mentioned this pull request Oct 26, 2021
Closed
@openshift-ci-robot openshift-ci-robot mentioned this pull request Nov 22, 2021
Closed
@ehashman ehashman mentioned this pull request Dec 1, 2021
Closed
@cartermckinnon cartermckinnon mentioned this pull request Dec 3, 2021
Merged
Pearl1594 added a commit to shapeblue/cloudstack that referenced this pull request Jan 21, 2022
@Pearl1594
update k8s test to use k8s version 1.21.5 (instead of 1.21.3 - due to k…
0335921 
…ubernetes/kubernetes#104530)
Pearl1594 added a commit to shapeblue/cloudstack that referenced this pull request Jan 27, 2022
@Pearl1594
update k8s test to use k8s version 1.21.5 (instead of 1.21.3 - due to k…
4d1ee2a 
…ubernetes/kubernetes#104530)
Pearl1594 added a commit to shapeblue/cloudstack that referenced this pull request Jan 31, 2022
@Pearl1594
update k8s test to use k8s version 1.21.5 (instead of 1.21.3 - due to k…
fa634ab 
…ubernetes/kubernetes#104530)
Pearl1594 added a commit to shapeblue/cloudstack that referenced this pull request Jan 31, 2022
@Pearl1594
update k8s test to use k8s version 1.21.5 (instead of 1.21.3 - due to k…
e664a6a 
…ubernetes/kubernetes#104530)
Pearl1594 added a commit to shapeblue/cloudstack that referenced this pull request Jan 31, 2022
@Pearl1594
update k8s test to use k8s version 1.21.5 (instead of 1.21.3 - due to k…
e9b24ee 
…ubernetes/kubernetes#104530)
Pearl1594 added a commit to shapeblue/cloudstack that referenced this pull request Feb 1, 2022
@Pearl1594
update k8s test to use k8s version 1.21.5 (instead of 1.21.3 - due to k…
a762d8c 
…ubernetes/kubernetes#104530)
sureshanaparti pushed a commit to apache/cloudstack that referenced this pull request Feb 15, 2022
@Pearl1594
CKS Enhancements and SystemVM template upgrade improvements (#5863)
e0a5df5 
* This PR/commit comprises of the following:
- Support to fallback on the older systemVM template in case of no change in template across ACS versions
- Update core user to cloud in CKS
- Display details of accessing CKS nodes in the UI - K8s Access tab
- Update systemvm template from debian 11 to debian 11.2
- Update letsencrypt cert
- Remove docker dependency as from ACS 4.16 onward k8s has deprecated support for docker - use containerd as container runtime

* support for private registry - containerd

* Enable updating template type (only) for system owned templates via UI

* edit indents

* Address comments and move cmd from patch file to cloud-init runcmd

* temporary change

* update k8s test to use k8s version 1.21.5 (instead of 1.21.3 - due to kubernetes/kubernetes#104530)

* support for private registry - containerd

* Enable updating template type (only) for system owned templates via UI

* smooth upgrade of cks clusters

* update pom file with temp download.cloudstack.org testing links

* fix pom

* add cgroup config for containerd

* add systemd config for kubelet

* add additional info during image registry config

* update to official links
@liggitt liggitt added the kind/regression Categorizes issue or PR as related to a regression from a prior release. label Apr 27, 2022
@liggitt liggitt added kind/regression Categorizes issue or PR as related to a regression from a prior release. and removed kind/regression Categorizes issue or PR as related to a regression from a prior release. labels Sep 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saschagrunert saschagrunert saschagrunert approved these changes

@andrewsykim andrewsykim Awaiting requested review from andrewsykim

@caesarxuchao caesarxuchao Awaiting requested review from caesarxuchao

Assignees

@saschagrunert saschagrunert

@liggitt liggitt

@odinuge odinuge

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver area/cloudprovider area/code-generation area/dependency Issues or PRs related to dependency changes area/kubectl area/kubelet area/test cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. kind/regression Categorizes issue or PR as related to a regression from a prior release. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/storage Categorizes an issue or PR as relevant to SIG Storage. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
v1.21
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@kolyshkin @k8s-ci-robot @mrunalp @caesarxuchao @rphillips @odinuge @liggitt @saschagrunert