Update the following vendored dependencies:
- github.com/google/cadvisor: v0.55.1 -> v0.56.0
- github.com/containerd/containerd/api: v1.9.0 -> v1.10.0
- github.com/opencontainers/runtime-spec: v1.2.1 -> v1.3.0
- github.com/opencontainers/selinux: v1.13.0 -> v1.13.1
cadvisor v0.56.0 changes:
- Add s390x (IBM Z/mainframe) CPU topology support with NumBooks and
NumDrawers fields in MachineInfo
- Add new Prometheus metrics: machine_cpu_books and machine_cpu_drawers
- Add standard deviation (Std) field to Percentiles for resource statistics
- Add sysfs constants CPUBookID and CPUDrawerID for s390x topology detection
containerd/api v1.10.0 changes:
- Add ActiveMount message type for tracking mounts with timestamps
- Add ActivationInfo message for mount management and lifecycle tracking
runtime-spec v1.3.0 changes (from ChangeLog):
- Add FreeBSD platform support with new Spec.FreeBSD field
- Add netDevices object for moving network devices to container namespaces
- Add memoryPolicy object for NUMA memory policy configuration
- Add hwConfig object for VM-based containers (vcpus, memory, device-tree)
- Add iomems for hardware I/O memory page access in VMs
- Add intelRdt.schemata and intelRdt.enableMonitoring fields
- Change LinuxPids.Limit to pointer type for optional handling
- Clarify intelRdt configuration and pids cgroup settings
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
This brings a few fixes, drops github.com/pkg/errors (as a direct
dependency), and bumps many transitive dependencies. The
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp bump to
v0.61.0 breaks "k8s.io/kubernetes/test/integration/apiserver: tracing"
consistently, so it's held back for now.
github.com/containerd/containerd/api pulls in gopkg.in/yaml.v3 so that
needs to be added to the exceptions in unwanted-dependencies.json.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
For one thing, this release decouples device management from
libcontainer/cgroups. You can see the result of this in a dropped
cilium/ebpf dependency (which is only needed for device management).
NOTE that due to an issue with go mod / go list,
github.com/opencontainers/runc had to be added to
hack/unwanted-dependencies.json under x/exp. This is bogus because
opencontainers/runc does not use x/exp directly, only via cilium/ebpf
dependency (which is not vendored here).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Release notes:
https://github.com/opencontainers/runc/releases/tag/v1.1.3
In particular, this one is important:
* Retry on dbus disconnect logic in libcontainer/cgroups/systemd now
works as intended; this fix does not affect runc binary itself but
is important for libcontainer users such as Kubernetes. (#3476)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This updates vendored runc/libcontainer to 1.1.0,
and google/cadvisor to a version updated to runc 1.1.0
(google/cadvisor#3048).
Changes in vendor are generated by (roughly):
./hack/pin-dependency.sh github.com/google/cadvisor v0.44.0
./hack/pin-dependency.sh github.com/opencontainers/runc v1.1.0
./hack/update-vendor.sh
./hack/lint-dependencies.sh # And follow all its recommendations.
./hack/update-vendor.sh
./hack/update-internal-modules.sh
./hack/lint-dependencies.sh # Re-check everything again.
Co-Authored-By: Kir Kolyshkin <kolyshkin@gmail.com>
fix GetStats for unsupported hugetlb needed to run on RaspberryPi4 with non-hugetlb compiled kernel (standard). This includes the https://github.com/opencontainers/runc/pull/3233
Used commands from hack folder to generate the new dependency:
```
hack/pin-dependency.sh github.com/opencontainers/runc v1.0.3
hack/update-vendor.sh
hack/lint-dependencies.sh
```
For the complete release notes, see
- https://github.com/opencontainers/runc/releases/tag/v1.0.2
In particular, this fixes the check cgroup v1 systemd manager check
if a container needs to be frozen before Set(), and adds a knob to
skip the check/freeze entirely (to be used by the next commit).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This is to check if runc 1.0.0 (to be released shortly) works with k8s.
The commands used were (roughly):
hack/pin-dependency.sh github.com/opencontainers/runc v1.0.0
hack/lint-dependencies.sh
# Follow its recommendations.
hack/pin-dependency.sh github.com/cilium/ebpf v0.6.1
hack/pin-dependency.sh github.com/opencontainers/selinux v1.8.2
hack/pin-dependency.sh github.com/sirupsen/logrus v1.8.1
# Recheck.
hack/lint-dependencies.sh
GO111MODULE=on go mod edit -dropreplace github.com/willf/bitset
hack/update-vendor.sh
# Recheck.
hack/lint-dependencies.sh
hack/update-internal-modules.sh
# Recheck.
hack/lint-dependencies.sh
[v2: rebased, updated runc 3a0234e1fe2e82 -> 2f8e8e9d977500]
[v3: testing master + runc pr 3019]
[v4: updated to 93a01cd4d0b7a0f08a]
[v5: updated to f093cca13d3cf8a484]
[v6: rebased]
[v7: updated to runc v1.0.0]
[v8: rebased]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
runc rc95 contains a fix for CVE-2021-30465.
runc rc94 provides fixes and improvements.
One notable change is cgroup manager's Set now accept Resources rather
than Cgroup (see https://github.com/opencontainers/runc/pull/2906).
Modify the code accordingly.
Also update runc dependencies (as hinted by hack/lint-depdendencies.sh):
github.com/cilium/ebpf v0.5.0
github.com/containerd/console v1.0.2
github.com/coreos/go-systemd/v22 v22.3.1
github.com/godbus/dbus/v5 v5.0.4
github.com/moby/sys/mountinfo v0.4.1
golang.org/x/sys v0.0.0-20210426230700-d19ff857e887
github.com/google/go-cmp v0.5.4
github.com/kr/pretty v0.2.1
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
One notable change is cgroup manager's Set now accept Resources rather
than Cgroup (see https://github.com/opencontainers/runc/pull/2906).
Modify the code accordingly.
Also update runc dependencies (as hinted by hack/lint-depdendencies.sh):
github.com/cilium/ebpf v0.5.0
github.com/containerd/console v1.0.2
github.com/coreos/go-systemd/v22 v22.3.1
github.com/godbus/dbus/v5 v5.0.4
github.com/moby/sys/mountinfo v0.4.1
golang.org/x/sys v0.0.0-20210426230700-d19ff857e887
github.com/google/go-cmp v0.5.4
github.com/kr/pretty v0.2.1
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
when the systemd cgroup manager is used, controllers not handled by
systemd are created manually afterwards.
libcontainer didn't correctly cleanup these cgroups that were leaked
on cgroup v1.
Closes: https://github.com/kubernetes/kubernetes/issues/92766
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The upgrade of dependencies in #78187 introduced a regression in
detecting if SELinux is enabled or not. As the library requires
the golang build tag `selinux` to be enabled after that version update.
Fixes bug report #83679
