Update fork main to v1.6 commits #37
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
anmaxvl
approved these changes
Mar 2, 2022
helsaawy
approved these changes
Mar 31, 2022
|
Before we merge this, do we know if there is any payload in |
|
@kevpar Do you specifically mean any payload that we've created and put in our |
Yes. If upstream has payload like this it's probably fine. My point was just to make sure we don't lose payload in |
|
After investigating more, it looks like the following PRs were made only in fork/release/1.4 by us and need to be cherry-picked to
I will cherry pick the commits from these in a separate PR then rebase this as necessary. |
dcantah
approved these changes
Apr 11, 2022
The referenced document was moved into the staging directory within the kubernetes repository Signed-off-by: Jan Klippel <g1thub@kl1pp3l.de>
Signed-off-by: haoyun <yun.hao@daocloud.io> Co-authored-by: zounengren <zouyee1989@gmail.com>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Sergey Kanzhelev <S.Kanzhelev@live.com>
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Takumasa Sakao <tsakao@zlab.co.jp>
Signed-off-by: Derek McGowan <derek@mcg.dev>
This patch makes the Windows Periodic workflow pass specific test images to CRITest. This will allow full control over the container images used in workflow runs as opposed to relying on the hardcoded defaults in `cri-tools` to be compatible with all the tested Windows releases. Depends-On: kubernetes-sigs/cri-tools#855 Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
On newer COS M97 images, cgroupv2 is enabled out of the box. It is enabled using default systemd configuration and does not have `systemd.unified_cgroup_hierarchy` present `/proc/cmdline`. As a result, the check for manual cgroupv2 enablement should be improved to not only check `/proc/cmdline`, but also to see if it's enabled on the system using `stat -fc %T /sys/fs/cgroup/` Signed-off-by: David Porter <porterdavid@google.com>
Signed-off-by: ningmingxiao <ning.mingxiao@zte.com.cn>
Following the forking of `github-google-actions/setup-gcloud` into individual actions, the functionality for authenticating on Google Cloud within GitHub workflows has been moved to the `github-google-actions/auth` action. This patch updates the Windows Periodic Integration test workflow to use the new `auth` action, as well as switching to using Workload Identity Federation-based authorization which is superseding the Service Account Key-based authorization the Windows Periodic workflow was using thus far. Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
Switch to using the new `google-github-actions/upload-cloud-storage` GitHub action for uploading the CI results for the Windows Periodic Tests. Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
Signed-off-by: Derek McGowan <derek@mcg.dev>
This commit unifies the following sub commands alias for deleting/removing. - containers - tasks - contents - leases - images - snapshots Signed-off-by: Ning Li <lining2020x@163.com>
Signed-off-by: Aurelien Lun-Sin <alunsin@us.ibm.com>
This reverts commit e692a01. Signed-off-by: Cody Roseborough <cdr@amazon.com>
Allow `futex_waitv` by default. See https://www.phoronix.com/scan.php?page=news_item&px=FUTEX2-futex-waiv-More-Archs Note: libseccomp does not cover kernel 5.16 at this moment: https://github.com/seccomp/libseccomp/blob/51b50f95e1fb717e4560818f8b90b7ebde314ad1/src/syscalls.csv Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Pull in latest cgroups to pick up leak fixes Signed-off-by: Derek McGowan <derek@mcg.dev>
This change adds OTLP/HTTP, specifically http/protobuf support. http/protobuf is recommended in https://github.com/open-telemetry/opentelemetry-specification/blob/v1.8.0/specification/protocol/exporter.md. However kube-apiserver and CRI-O use gRPC, kubelet may support gRPC in future. So we should support gRPC as well. Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
OpenTelemetry's Tracer#Start() returns (ctx, span). We have no reasons to swap them. Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
Commit fb06883 implemented the Normalize() function, but marked these fields as deprecated. It's unclear what the motivation was for this, as the fields are part of the OCI Image spec. On Windows, the OSVersion field specifically is important when matching images (as kernel versions may not be compatible). This patch updates platforms.Normalize() to preserve the OSVersion and OSFeatures fields. As a follow-up, we should look at defining an appropriate string-representation for these fields (possibly as part of the OCI Spec), and update platforms.Parse() accordingly. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Move 1.4 EOL after 1.6 release. Update latest 1.4 and 1.5 versions. Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Resolves: containerd#6499 Signed-off-by: Henry Wang <henwang@amazon.com>
For some runtimes, the container is not ready for exec until the initial container task has been started (as opposed to just having the task created). More specifically, running containerd-stress with --exec would break with Kata Container shim, since the sandbox is not created until a start is issued. By starting the container's primary task before adding exec's, we can avoid: ``` error="cannot enter container exec-container-1, with err Sandbox not running, impossible to enter the container: unknown" ``` Signed-off-by: Eric Ernst <eric_ernst@apple.com>
The .github/workflows/release/Dockerfile will use working dir as docker build context. But the .dockerignore will ignore the .github/release/... and cause dirty. We should remove it and verify git working tree after build. Fix: containerd#6484 Signed-off-by: Wei Fu <fuweid89@gmail.com>
When the cgroup is removed, EventChan is closed (this was pulled in by 8d69c04). This results in a nil error being received. Don't log an error in that case but instead return. Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
We were not properly ignoring errors from gorestrl.rdt.ContainerClassFromAnnotations() causing the config option to be ineffective, in practice. Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
I noticed the logo was not correct in dark mode and was hard to see, here is some fancy mark down to make the white logo appear in dark mode and the dark logo appear in light mode Signed-off-by: James Gordon <james.gordon1628@gmail.com>
Signed-off-by: Derek McGowan <derek@mcg.dev>
allow user to specify what image should be used for containerd-stress. Signed-off-by: Eric Ernst <eric_ernst@apple.com>
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
Signed-off-by: Derek McGowan <derek@mcg.dev>
For testing and possibly other operations go might need elevated permissions. Some parts of documentation and the BUILDING.md mention using `sudo go` but does not explain how to achieve this. This commit inserts instructions to the BUILDING.md as a small note. Note mentions systemwide and local solutions. Signed-off-by: Mete Durlu <mete.durlu@ibm.com>
Enables TestContainerPTY and TestContainerUsername on Windows. Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Prior to running the `kube-node-installation.service`, the containerd installation should be complete as the k8s installation may have dependencies on containerd and related binaries (e.g ctr). Add wants/after systemd directives to ensure `kube-node-installation.service` will only start after containerd installation completes. Signed-off-by: David Porter <porterdavid@google.com>
Fixes panic when exec is nil Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Shuntaro Azuma <azush@amazon.com>
Includes security fixes for crypto/elliptic (CVE-2022-23806), math/big (CVE-2022-23772), and cmd/go (CVE-2022-23773). go1.17.7 (released 2022-02-10) includes security fixes to the crypto/elliptic, math/big packages and to the go command, as well as bug fixes to the compiler, linker, runtime, the go command, and the debug/macho, debug/pe, and net/http/httptest packages. See the Go 1.17.7 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.17.7+label%3ACherryPickApproved full diff: golang/go@go1.17.6...go1.17.7 Update Go to 1.17.6 go1.17.6 (released 2022-01-06) includes fixes to the compiler, linker, runtime, and the crypto/x509, net/http, and reflect packages. See the Go 1.17.6 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.17.6+label%3ACherryPickApproved Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Derek McGowan <derek@mcg.dev>
051e65e to
972cc27
Compare
dcantah
approved these changes
Apr 22, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR updates the fork/main branch by merging in main@v1.6.0. This PR specifically merges at the tag from upstream and creates a merge commit. This allows us to later grab the merge commit from our fork for use in creating our fork release branch for 1.6.