| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The NVD database uses version without a prefixing 'v'
for containerd.
e.g.
https://nvd.nist.gov/vuln/detail/CVE-2022-23648
So we need to explictly set CVE_VERSION.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Bump from v1.4.12 to v.1.4.13, which solves CVE-2022-23648.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
The upstream project has renamed master -> main, so we change our
SRC_URI to match.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* apply the same also for recipes using PKG_NAME starting
with github.com which the conversion script doesn't update
automatically
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
master has become main in the runtime spec, so we update our recipe to
match.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
As introduced in the oe-core post:
https://lists.openembedded.org/g/openembedded-core/message/157623
SRC_URIs without an explicit branch will generate warnings, and
eventually be an error.
We run the provided conversion script to make sure that meta-virt
is ready for the change.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
Bump from v1.4.4 to v.1.4.12 so that some CVEs are resolved,
e.g. CVE-2021-41103.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
do_configure_prepend was duplicated during the backport of
bbed941 crun: fix offline builds
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
recipes that use multiple SCMs in the SRC_URI, must supply
SRCREV_FORMAT or SRCPV triggers an expansion error. While
this isn't fatal during the build, it can cause issues with
setscene (and possibly) other tasks failing, which then
leads to no sstate re-use, etc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
recipes that use multiple SCMs in the SRC_URI, must supply
SRCREV_FORMAT or SRCPV triggers an expansion error. While
this isn't fatal during the build, it can cause issues with
setscene (and possibly) other tasks failing, which then
leads to no sstate re-use, etc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
recipes that use multiple SCMs in the SRC_URI, must supply
SRCREV_FORMAT or SRCPV triggers an expansion error. While
this isn't fatal during the build, it can cause issues with
setscene (and possibly) other tasks failing, which then
leads to no sstate re-use, etc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'autogen.sh' script of crun was fetching dependencies that we
already have in our SRC_URI. We want the OE git fetcher to manage
the source, not scripts in the source of a package.
We grab the two lines out of autogen.sh that we need, and use them
directly in the configure_prepend.
We also add yajl to the source code dependencies as the package
DEPENDS is not enough as crun is explicitly building source that
looks for the yajl code.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
The oci-image-spec repository has dropped its master branch,
so the fetcher default no longer works.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrading kubernetes to version 1.20.9 release, which includes the following commits:
7a576bc3935 Release commit for Kubernetes v1.20.9
c553357e334 Merge pull request #103677 from puerco/go-11514
57f38e4e5bb Bump to golang 1.15.14 in build/**
2cb44e0f167 Bump to golang 1.15.14 in cluster/** and staging/**
d5d4b638925 Bump to golang 1.15.14 in test/**
9bdbdaa89a7 Merge pull request #103490 from thejoycekung/automated-cherry-pick-of-#103235-upstream-release-1.20
66e6d5ee1fa Merge pull request #103171 from tkashem/automated-cherry-pick-of-#96966-release-1.20
2d0456982ed Merge pull request #103139 from sbangari/automated-cherry-pick-of-#103138-upstream-release-1.20
2e94d9010bc Merge pull request #103278 from marwanad/automated-cherry-pick-of-#103133-upstream-release-1.20
449b9314e0f Merge pull request #102390 from CaoDonghui123/automated-cherry-pick-of-#99680-upstream-release-1.20
86c8e960eea Merge pull request #103320 from jpbetz/fix-102749-1.20
103ff842129 Update debian-iptables image to buster-v1.6.5
a833cba11c6 Update debian-base image to buster-v1.8.0
a67405b9434 Bump SMD to v4.1.2 to pick up #102749 fix
bd5c54805d4 generate scheduler merge patches on the pod status instead of the full pod
d80e3d104c1 Merge pull request #102999 from gnufied/automated-cherry-pick-of-#102892-upstream-release-1.20
96924ca6e66 p&f e2e test: log response header for better troubleshooting
b445dc60b73 Loadbalancer IngressIP policy should be configured as non-DSR to enable routing mesh by default
e09055bf5ce Merge pull request #102995 from alculquicondor/automated-cherry-pick-of-#102925-upstream-release-1.20
a5e231aad73 Merge pull request #102035 from pacoxu/automated-cherry-pick-of-#101595-upstream-release-1.20
169bed9c3b7 Do not throw error when we can't get canonical path
411bd654498 Fix Node Resources plugins score when there are pods with no requests
a003964b8d1 Merge remote-tracking branch 'origin/release-1.20' into release-1.20
a1892cea1a7 Merge pull request #102853 from gnufied/automated-cherry-pick-of-#102845-upstream-release-1.20
1889d52d73c Update CHANGELOG/CHANGELOG-1.20.md for v1.20.8
fae91cad6d0 Release commit for Kubernetes v1.20.9-rc.0
5575935422c Release commit for Kubernetes v1.20.8
382e93e46cf Merge pull request #102786 from thejoycekung/go-11513
f46525aa743 Remove error wrap from logs
1e97120d353 Merge pull request #101813 from melnikalex/automated-cherry-pick-of-#101592-upstream-release-1.20
66612c8c554 Merge pull request #102704 from jackfrancis/automated-cherry-pick-of-#102673-upstream-release-1.20
9bcd24dcc42 staging/publishing: Set default go version to go1.15.13
9710d085c83 build: Update to k/repo-infra@v0.1.8 (supports go1.15.13)
24c35ec5eef Use go-runner:v2.3.1-go1.15.13-buster.0 image (built on go1.15.13)
836cf3f8d5e Update to go1.15.13
88ad9ae6baf Merge pull request #102703 from aojea/automated-cherry-pick-of-#102683-upstream-release-1.20
d5eb450f1b7 Merge pull request #101886 from nilo19/automated-cherry-pick-of-#101739-upstream-release-1.20
68ec9e01490 Merge pull request #101543 from jingxu97/automated-cherry-pick-of-#101495-upstream-release-1.20
2b49e69455c Merge pull request #102580 from jingxu97/automated-cherry-pick-of-#96843-upstream-release-1.20
3d5750d0b53 feat: remove ephemeral-storage etcd requirement
b8f83843a1f endpointslicemirroring controller mirror address status
76167c6ebf6 Merge pull request #102547 from nilo19/automated-cherry-pick-of-#102516-upstream-release-1.20
38c41a774fd Merge pull request #102674 from Huang-Wei/automated-cherry-pick-of-#102498-upstream-release-1.20
dcec9a80597 Merge pull request #102515 from ahg-g/automated-cherry-pick-of-#102306-#102465-upstream-release-1.20
70bfeab1816 Merge pull request #102499 from jsturtevant/automated-cherry-pick-of-#98510-upstream-release-1.20
15faec3cf79 Merge pull request #102350 from gnufied/speedup-vsphere-pv-provisioning-120
4050a40c7be Merge pull request #102164 from andyzhangx/automated-cherry-pick-of-#102083-upstream-release-1.20
bf0f8cb339f Merge pull request #102118 from feiskyer/automated-cherry-pick-of-#102005-upstream-release-1.20
f646410eb16 Merge pull request #101896 from aheng-ch/automated-cherry-pick-of-#101615-origin-release-1.20
9c5dee066d8 Merge pull request #101861 from marseel/automated-cherry-pick-of-#101652-upstream-release-1.20
9e001aa9208 Merge pull request #101796 from wzshiming/automated-cherry-pick-of-#100326-upstream-release-1.20
9aae7d8e385 Merge pull request #101826 from feiskyer/automated-cherry-pick-of-#100948-upstream-release-1.20
252474585f1 Merge pull request #102457 from timebertt/automated-cherry-pick-of-#102176-origin-release-1.20
aec7df7af4f sched: fix a bug that a preemptor pod exists as a phantom
449505fd852 Merge pull request #102586 from saschagrunert/release-1.20
208f301b60e Revert "Cleanup portforward streams after their usage"
067c3e7ef13 Remove unnecessary snapshot ability check
706b995869d serviceOwnsFrontendIP shouldn't report error when the public IP doesn't match
bd3ce3ada0a Merge pull request #102313 from cheftako/automated-cherry-pick-of-#102213-upstream-release-1.20
a3f3695137f Fix VolumeAttachment garbage collection for migrated PVs
ef655bda8ce Return UnschedulableAndUnresolvable when looking up volume-related resources returns NotFound error
e160aa082f9 Return UnschedulableAndUnresolvable instead of Error when failing to lookup pvc or storageclass in VolumeZone plugin
668e97e2033 Ignore transient errors when gather stats
4940e1bba04 Speed up PV provisioning for vsphere driver
266cc3eba11 fix error of setting negative value for containerLogMaxSize
5f6b1faa3fc Merge pull request #102341 from cpanato/automated-cherry-pick-of-#102302-upstream-release-1.20
d74b99b351f Upgrade konnectivity-client for GRPC connection fixes
2e04c1984ec Update etcd image revision
3b1851700be Update debian-base to buster-v1.7.0
b81177ad5a8 Update debian-iptables to buster-v1.6.1
b6b4b974eb9 Merge pull request #102043 from gjkim42/automated-cherry-pick-of-#102027-upstream-release-1.20
6fd22ceadfc Merge pull request #102183 from julianvmodesto/automated-cherry-pick-of-#102105-upstream-release-1.20
0c8a940bb52 Respect annotation size limit for SSA last-applied.
1ddb11ab1a0 Remove unnecessary quotes from get-kube scripts
8ae534aed1b Merge pull request #102226 from liggitt/automated-cherry-pick-of-#102224-upstream-release-1.20
629f7b2380f Fix expired unit test certs
1259f1374d6 Merge pull request #102000 from sbangari/automated-cherry-pick-of-#101358-upstream-release-1.20
64e5538a211 fix: delete non existing disk issue
5c0f874a4c5 Azure: avoid setting cached Sku when updating VMSS and VMSS instances
fa5f52ab4bf Merge pull request #101981 from liggitt/automated-cherry-pick-of-#101950-upstream-release-1.20
0943471406b Merge pull request #101802 from Jiawei0227/automated-cherry-pick-of-#101737-upstream-release-1.20
8507827ef72 Update cos-gpu-installer image
9fd63310788 Merge pull request #100587 from Joseph-Goergen/automated-cherry-pick-of-#99592-upstream-release-1.20
811726df61c Ref counting is only applicable to Remote endpoints
a561f961442 Make watch order conformance test reliable
c86ea8108c3 Update CHANGELOG/CHANGELOG-1.20.md for v1.20.7
213f20b0c84 Release commit for Kubernetes v1.20.8-rc.0
132a687512d Release commit for Kubernetes v1.20.7
d7f7c6bacee fix removing pods from podTopologyHints mapping
ed19f8dba13 fix: avoid nil-pointer panic when checking the frontend IP configuration
20dafb7d5c0 Use CSI driver to determine unique name for migrated in-tree plugins
d656d408467 Merge pull request #101845 from cpanato/go11512
9e227f1352a Add jitter to lease controller
7ff67fd04bf staging/publishing: Set default go version to go1.15.12
c0b28f220f3 build: Update to k/repo-infra@v0.1.7 (supports go1.15.12)
9bc73e31a99 Use go-runner:v2.3.1-go1.15.12-buster.0 image (built on go1.15.12)
e62db8cd84c Update to go1.15.12
516dfa59e61 Merge pull request #100952 from saschagrunert/automated-cherry-pick-of-#99839-upstream-release-1.20
bf13a7e598c Avoid caching the VMSS instances whose network profile is nil
cc8a07f2510 Merge pull request #101818 from nilo19/automated-cherry-pick-of-#101752-upstream-release-1.20
7cfe069cd6d fix: not tagging static public IP
c4abedfce91 chunk target operatation for aws targetGroup
6c9e3d8d2cf Merge pull request #101498 from ialidzhikov/automated-cherry-pick-of-#100944-upstream-release-1.20
5149a75fb5f Fix watchForLockfileContention memory leak
47e2caa226c Merge pull request #101550 from andyzhangx/automated-cherry-pick-of-#100731-upstream-release-1.20
30d205ff416 Merge pull request #101519 from andyzhangx/automated-cherry-pick-of-#101398-upstream-release-1.20
c28b41d542e Merge pull request #101769 from eddiezane/automated-cherry-pick-of-#101005-upstream-release-1.20
097a895cf73 Merge pull request #101354 from andyzhangx/automated-cherry-pick-of-#101235-upstream-release-1.20
04723692052 Merge pull request #99705 from andyzhangx/automated-cherry-pick-of-#99550-upstream-release-1.20
fee056fe3e0 Merge pull request #101763 from aojea/automated-cherry-pick-of-#100103-upstream-release-1.20
f757b3e8443 Merge pull request #101158 from serathius/automated-cherry-pick-of-#100013-upstream-release-1.20
61e659964b4 Add test create service with ns
0f2adadf432 Set namespace when using kubectl create service
fe7d8068809 Automated cherry pick of #101377: Fix validation in kubectl create ingress (#101428)
715fad26086 Updating EndpointSlice controllers to avoid duplicate creations
5bd3ebfe860 Merge pull request #101545 from verult/automated-cherry-pick-of-#101347-upstream-release-1.20
78bac86a978 Merge pull request #101503 from JornShen/cherry-pick-100913-1.20
a04915a3946 Merge pull request #101224 from wzshiming/automated-cherry-pick-of-#101093-upstream-release-1.20
680e537dbd3 Merge pull request #101345 from neolit123/automated-cherry-pick-of-#99336-origin-release-1.20
6e0f1fe0ff3 Merge pull request #101103 from p0lyn0mial/automated-cherry-pick-of-#100959-upstream-release-1.20
5f4013145da Update pkg/volume/azure_file/azure_provision.go
749b68f779d Normalize share name to not include capital letters
f701e3847d4 Extend pod start timeout to 5min for storage subpath configmap test
d3758764782 Fix cleanupMountpoint issue for Windows
a37f62b1490 fix: set "host is down" as corrupted mount
708b441434a Merge pull request #101363 from xmudrii/automated-cherry-pick-of-#96882-upstream-release-1.20
e91d9d51934 no watch endpointslice in userpace mode
56a13cd9bf1 Ensure service deleted when the Azure resource group has been deleted
4361731e73d Merge pull request #101386 from robscott/automated-cherry-pick-of-#101084-release-1.20
dd95bba6cd1 Updating EndpointSlice validation to match Endpoints validation
d21188fcf11 Make parallel build memory threshold configurable
9b8b8282f54 Merge pull request #101126 from jackfrancis/automated-cherry-pick-of-#100200-upstream-release-1.20
47442df6cc9 fix: azure file namespace issue in csi translation
3cfd001c7b7 pkg/kubelet: improve the node informer sync check
6cc5466e406 Merge pull request #101326 from joelsmith/automated-cherry-pick-of-#101306-upstream-release-1.20
0fed52d2ed6 Additional CVE-2021-3121 fix
75fcfc359b8 Merge pull request #101038 from AliceZhang2016/automated-cherry-pick-of-#100762-upstream-release-1.20
91908ac2108 Fix startupProbe behaviour changed
bfff15f5684 Fix test
7e0a8fce3ac Merge pull request #101192 from cpanato/go11511-release-120
1978727df23 staging/publishing: Set default go version to go1.15.10
4c53c2f556a build: Update to k/repo-infra@v0.1.6 (supports go1.15.11)
2881a64df51 Use go-runner:v2.3.1-go1.15.11-buster.0 image (built on go1.15.11)
4d31b65d944 Update to go1.15.11
0d404c0decd add duration encoder to structured logger
c1bb92f1502 Merge pull request #101112 from tkashem/automated-cherry-pick-of-#100678-upstream-release-1.20
b0641413768 Update CHANGELOG/CHANGELOG-1.20.md for v1.20.6
f371f8b5de8 Release commit for Kubernetes v1.20.7-rc.0
8a62859e515 Release commit for Kubernetes v1.20.6
113ae8b06f2 exec test should not run in Parallel as feature gate is not locked
bb636525375 hack/update-bazel.sh
cb9f51ccb77 respect ExecProbeTimeout
5ec5885eaef apf: exempt probes /healthz /livez /readyz
e9372dcd113 DelegatingAuthenticationOptions TokenReview request timeout
fcca48ecf76 list pod list once to avoid timeout
148445452de Merge pull request #100525 from matthyx/automated-cherry-pick-of-#98571-upstream-release-1.20
c9b9e61c263 Merge pull request #97012 from towca/patch-6
24f6ab9b438 Cleanup portforward streams after their usage
0cd35945de3 Merge pull request #100912 from nilo19/bug/cherry-pick-100690-1.20
54b62e189be Merge pull request #100075 from ialidzhikov/automated-cherry-pick-of-#99169-upstream-release-1.20
6edb1ecaa5e Merge pull request #100714 from kevindelgado/automated-cherry-pick-of-#100341-#98576-upstream-release-1.20
47d338f422f Merge pull request #100722 from cici37/automated-cherry-pick-of-#98210-upstream-release-1.20
aed6b74e944 Merge pull request #100691 from nilo19/bug/cherry-pick-574-1.20
2ac4f20d916 Merge pull request #100414 from kishorj/automated-cherry-pick-of-#97431-upstream-release-1.20
1f147c9daf3 Merge pull request #100379 from prameshj/automated-cherry-pick-of-#99595-upstream-release-1.20
24e3fdde9d1 Merge pull request #100312 from freehan/automated-cherry-pick-of-#99858-upstream-release-1.20
ca5eb11c513 Merge pull request #100084 from mborsz/automated-cherry-pick-of-#97009-#97480-#98257-upstream-release-1.20
373d9d72f78 azure: fix node public IP not able to fetch issues from IMDS
7b6a5f61871 Merge pull request #100157 from vteratipally/automated-cherry-pick-of-#95655-upstream-release-1.20
b8f7e215eaa Fix test now that empty struct are tracked in mangaed fields
be4e5045bf9 Merge pull request #100228 from sbangari/automated-cherry-pick-of-#99958-upstream-release-1.20
593cd4db7a3 make generated_files
edc823e71c9 Merge pull request #100399 from andyzhangx/revert-97449-automated-cherry-pick-of-#97417-upstream-release-1.20
2448db42431 Update bazel and dependencies.
c23ef1b8501 Update to use cliflag.NamedFlagSets
27f793607fb Address comments.
b33400139bf Update NodeIPAM wrapper
3f67eb336bd Delete build file based on latest changes.
8f86b0d6f8b Update extension mechanism and related sample.
9f62b6e3e42 Address review comments
92ad1ac4e93 Address review comments
ebab94c722d Modify integration test to fill CCM test gap
4f221deb97d Update test
b832be3aec3 Move initialize cloud provider with client builder reference inside controller start func
f8f5f8dc89d Separate example func and add README.md
54815679578 Separate func
5fba2668446 Add demonstration of wiring nodeIPAMController config object
8e00b7ba1e7 Remove cloud provider name as input parameter.
6a1c8c46a18 Fix flag passing in CCM.
95714c2fe69 Use apply to create objects in TestApplyStatus
beeeb1a8f0d Stop skipping APIService in apply test
02c3a6373fc Stop clearing OpenAPIConfig for kube-aggregator
c85828aed7b Declare TCP default for service port protocol
bb59042ab9f Add ability to skip OpenAPI handler installation
27b378ad88e do not tag user created public IPs
7483d6fa733 Merge pull request #100667 from tkashem/automated-cherry-pick-of-#100638-upstream-release-1.20
3b41bef385d apf: fix test flake
7849986db90 Merge pull request #100443 from aojea/automated-cherry-pick-of-#98116-upstream-release-1.20
67f7cc9db9f Merge pull request #100501 from joelsmith/automated-cherry-pick-of-#98477-upstream-release-1.20
c7c94eab10d Merge pull request #100524 from tkashem/automated-cherry-pick-of-#100254-upstream-release-1.20
0e5ae49894c Fixed the Dockerfile for the build-image to build from KUBE_BASE_IMAGE_REGISTRY
c4ddcc9fb22 update gogo/protobuf to v1.3.2
a8fea204700 Merge pull request #100111 from pacoxu/automated-cherry-pick-of-#100056-upstream-release-1.20
5ec39ba3a65 Merge pull request #100541 from eddiezane/automated-cherry-pick-of-#100505-upstream-release-1.20
50bfd4da078 Merge pull request #99038 from apelisse/update-smd-1.20
5c2ee78eb7a Fixed describe ingress causing SEGFAULT
cb2690d5c57 Update sigs.k8s.io/structured-merge-diff to v4.0.3
372b41856ae Stop probing a pod during graceful shutdown
1e316e6f90b apf: handle error from PollImmediateUntil
939168c1530 Merge pull request #100375 from cpanato/go11510
1211cc0faef staging/publishing: Set default go version to go1.15.10
a7c878739f7 Merge pull request #100493 from roycaihw/automated-cherry-pick-of-#95783-upstream-release-1.20
c5d2c88bf40 Merge pull request #100315 from deads2k/automated-cherry-pick-of-#99946-upstream-release-1.20
5c928ab8791 Merge pull request #100380 from robscott/automated-cherry-pick-of-#99795-release-1.20
a2ff92207dd webhook config manager: HasSynced returns true when the manager is synced with existing webhookconfig objects at startup
6b618501f9c Merge pull request #100461 from liggitt/automated-cherry-pick-of-#98336-upstream-release-1.20
140e9dd72de update metadata-concealment to 1.6 for removing legacy checking
a53e27fb1a8 slice mirroring controller mirror annotations
2a614fa45e1 additional subnet configuration for AWS ELB
9f3bf75675f Revert "Automated cherry pick of #97417: fix azure file secret not found issue"
9c6fb88d52e Use the correct volum handle format for GCE regional PD.
7cb1061ad5d Increasing maximum number of ports allowed in EndpointSlice
55fcfd708cc Support > 5 ports in L4 ILB.
6e776670797 build: Update to k/repo-infra@v0.1.5 (supports go1.15.10)
a822ae86400 Use go-runner:v2.3.1-go1.15.10-buster.0 image (built on go1.15.10)
8dc4509e7d6 Update to go1.15.10
6d41a9990f3 Update CHANGELOG/CHANGELOG-1.20.md for v1.20.5
bd0426f32b9 Release commit for Kubernetes v1.20.6-rc.0
6b1d87acf3c Release commit for Kubernetes v1.20.5
16afd5e714b fix a bug where only service with less than 100 ports can have GCE load balancer
f9583ca6d19 bazel
487b07c5afb deepcopy statefulsets
82cf2d8ca41 full deepcopy on munged pod spec
6a1fff67539 remove pod toleration toleration seconds mutation
bc25538854b add markers for inspected validation mutation hits
4ae0cd194b1 move secret mutation from validation to prepareforupdate
873af486957 remove unnecessary mutations in validation
e1e4c5e89f4 tweak validation to avoid mutation
7e48dab334a Merge pull request #100037 from gjkim42/automated-cherry-pick-of-#99600-upstream-release-1.20
8d7f96f7d4e For LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP
4b39e92880a Merge pull request #100060 from bobbypage/automated-cherry-pick-of-#95301-upstream-release-1.20
3090d5ba861 Merge pull request #99207 from iwankgb/cadvisor_0.38.8
989d96d6abe Merge pull request #100143 from robscott/automated-cherry-pick-of-#99756-release-1.20
82a10c26a4d Merge pull request #99493 from Nordix/automated-cherry-pick-of-#99464-upstream-release-1.20
6a21ad7c0ae Merge pull request #100113 from robscott/automated-cherry-pick-of-#99345-release-1.20
6776ccfe7c6 Merge pull request #99091 from wzshiming/automated-cherry-pick-of-#98200-upstream-release-1.20
24ab133b43d Merge pull request #98930 from huffmanca/automated-cherry-pick-of-#96021-upstream-release-1.20
a1b0301da35 Merge pull request #99255 from wzshiming/automated-cherry-pick-of-#98088-upstream-release-1.20
c1ee348e6b7 Merge pull request #99254 from wzshiming/automated-cherry-pick-of-#98005-upstream-release-1.20
5fea98b4f95 Merge pull request #99744 from jingxu97/automated-cherry-pick-of-#99463-#99723-upstream-release-1.20
feae2a5b775 Merge pull request #98811 from damemi/1.20-balance-nodes-ubernetes
0796e6ca0d8 Moving docker options to daemon.json
74d3baa6c23 Merge pull request #99826 from feiskyer/automated-cherry-pick-of-#99825-upstream-release-1.20
1bc820511b8 Merge pull request #99008 from yujuhong/automated-cherry-pick-of-#98830-upstream-release-1.20
4e4aea62b37 Merge pull request #99438 from yue9944882/automated-cherry-pick-of-#97957-upstream-release-1.20
2cda9734a15 Updating EndpointSliceMirroring controller to wait for cache to be updated
28263260b11 Merge pull request #99253 from wzshiming/automated-cherry-pick-of-#97950-upstream-release-1.20
c4ebd758613 Updating EndpointSlice controller to wait for cache to be updated
a660f5cbfb2 e2e fix: loosen configmap to 10 in resource quota
8c06bdd0529 api-server add --lease-max-object-count
7e9a4be4a5a apiserver add metric etcd_lease_object_counts
67a75c277a5 apiserver add --lease-reuse-duration-seconds to config lease reuse duration
d834777e74b Add tests for populated volumes
8adb218cdec Fix comment on getPodVolumeSubpathListFromDisk
70afbff84f2 Fix tests to test for new behavior
b6f98d1c3a9 Add warnings after cleanup back
c946996f218 Automatically remove orphaned pod's dangling volumes
d3417520d28 Count pod overhead as an entity's resource usage
f2fe40c6f8d Merge pull request #99164 from verult/automated-cherry-pick-of-#98555-upstream-release-1.20
c4af4684437 Merge pull request #99587 from liggitt/automated-cherry-pick-of-#99538-upstream-release-1.20
6c49363aed0 Merge pull request #98168 from CKchen0726/cherrypick_96876_1.20
404866ab6d7 Ensure only one LoadBalancer rule is created when HA mode is enabled
8559d41ec15 Fix issue in checking domain socket for plugin watcher
033304932ba Use Lstat in plugin watcher to avoid Windows problem
8feee7ef06c fix smb mount issue on Windows
1e3c47e7f61 Merge pull request #99017 from aojea/automated-cherry-pick-of-#98305-upstream-release-1.20
19c6bfe464c Merge pull request #99171 from jkh52/release-1.20
7c7c7e65413 Skip visiting empty secret and configmap names
085542b7cf7 Number of sockets is assumed to be same as NUMA nodes
f90c43eb67e disables APF if the aggregated apiserver cannot locate the core kube-apiserver
165e5664b0e Merge pull request #98369 from hasheddan/automated-cherry-pick-of-#97700-upstream-release-1.20
e708a40ab97 Fix repeatedly aquire the inhibit lock
dff5593d585 Sync node status during kubelet node shutdown
849c0d19df7 remove executable permission bits
8022487e21d Upgrading vendored dependencies
68030c39db5 Upgrading cAdvisor to 0.38.8
5eb14a18ce7 Update CHANGELOG/CHANGELOG-1.20.md for v1.20.4
9fdbacd8db5 Release commit for Kubernetes v1.20.5-rc.0
eda61d35915 build/OWNERS: Add Dan and Sascha as reviewers
5ecc81d8dbb OWNERS(CHANGELOG): Move reviewers/approvers to CHANGELOG/ dir
d61e4a1ff0a Bump konnectivity-client to v0.0.15 in release-1.20
35062261c22 Storage e2e: Remove pd csi driver installation in GKE
2786062c167 Fix dbus shutdown events not continuing if they are not valid
d059a916c37 kube-proxy: clear conntrack entries after rules are in place
f3c73ba7e50 Use -LiteralPath instead of -Path
97dfcaa1a32 Escape the special character in vsphere windows path
7748a7d8822 Include unit test
d691bcf83a0 Adjust defer to correctly call
f0a40f47245 do not remove volume dir when saveVolumeData fails
2927f04acb0 Balance nodes in scheduling e2e
1598f8b7e58 e2e: Pod should avoid nodes that have avoidPod annotation: clean remaining pods
692caa52216 OWNERS(CHANGELOG): Add release-engineering-reviewers as reviewers
af2eb120a2f OWNERS(CHANGELOG): Add release-engineering-reviewers as approvers
c37df23228b OWNERS(sig-release): Add CHANGELOG aliases
9163fc12fa8 OWNERS(build-image): Add Release Managers as reviewers
d2487eea38e OWNERS(releng): Sync Release Managers
5941f1cebb8 OWNERS(sig-release): Remove SIG Release approvers alias
5935da7151c Merge pull request #96876 from howieyuen/no-execute-taint-missing
f7b66fe5ad5 Bump Cluster Autoscaler to v1.20.0
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
| |
We need to change our branch to avoid parse errors.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry picked from master.
Although we don't normally bump versions on releasd branches, the
podman is causing pseudo aborts and the version on the release branch
is no longer active upstream. It is riskier to try and isolate fixes
and backport them, than it is to just update to the latest bugfix
release.
Original commit log follows:
============================
Bumping libpod to version v3.2.1-2-gab4d0cf90, which comprises the following commits:
60752b320 Bump to v3.2.2-dev
152952fe6 Bump to v3.2.1
c5d9c0a6f Updated release notes for v3.2.1
4f56f7f13 Fix network connect race with docker-compose
e42d727a9 Revert "Ensure minimum API version is set correctly in tests"
f69789155 Fall back to string for dockerfile parameter
5a158563c remote events: fix --stream=false
38fbd2cb9 [CI:DOCS] fix incorrect network remove api doc
26eae3bf8 remote: always send resize before the container starts
c751544fa remote events: support labels
c28f442b2 remote pull: cancel pull when connection is closed
2993bdf1e Fix network prune api docs
8ba0c92e6 Improve systemd-resolved detection
c3f6ef63a logs: k8s-file: fix race
f1e7a0747 Fix image prune --filter cmd behavior
5ddd76edd Several shell completion fixes
2afb5eeab podman-remote build should handle -f option properly
6beae86f0 System tests: deal with crun 0.20.1
80362b34c Fix build tags for pkg/machine...
c85b6b3fe Fix pre-checkpointing
b61701acb container: ignore named hierarchies
e0dcffa8d [v3.2] vendor containers/common@v0.38.9
d46deca8c rootless: fix fast join userns path
f2b3da502 [v3.2] vendor containers/common@v0.38.7
78430ee1d [v3.2] vendor containers/common@v0.38.6
b6ef7cf21 Correct qemu options for Intel macs
9647d8844 Ensure minimum API version is set correctly in tests
72455ece4 Bump to v3.2.1-dev
0281ef262 Bump to v3.2.0
cff73766f Fix network create macvlan with subnet option
8688f54ea Final release notes updates for v3.2.0
f62c6bf6e add ipv6 nameservers only when the container has ipv6 enabled
4b8ca6303 Use request context instead of background
ce5c3b554 [v.3.2] events: support disjunctive filters
dd83f5c0c System tests: add :Z to volume mounts
32927f5d6 generate systemd: make mounts portable
abb57e5cf vendor containers/storage@v1.31.3
1e4563182 vendor containers/common@v0.38.5
fbf8b78a3 Bump to v3.2.0-dev
684729482 Bump to v3.2.0-RC3
f49023031 Update release notes for v3.2.0-RC3
ee5dd0603 Fix race on podman start --all
6c9de9382 Fix race condition in running ls container in a pod
69bae4774 docs: --cert-dir: point to containers-certs.d(5)
934f36df5 Handle hard links in different directories
5eecc2761 Improve OCI Runtime error
ba884865c Handle hard links in remote builds
c53638e9f Podman info add support for status of cgroup controllers
ac8b7ddd8 Drop container does not exist on removal to debugf
18e917cdc Downgrade API service routing table logging
efa15b96c add libimage events
a9108ab25 docs: generate systemd: XDG_RUNTIME_DIR
bb589bec2 Fix problem copying files when container is in host pid namespace
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
The upstream project has moved from master to main, so we adjust
our recipe accordingly.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
The upstream project switched from master to main, so we add
an explicit branch specification to avoid fetch errors (as
the deafult of master no longer works).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
It was unoticed in the 3.0.x update to podman, that the _git was
changed. That was unintended and this restores to the _git so we
can more easily track changes in master and do updates.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
This reverts commit 571767ad2039c9c29d3a5ca164f4ce09c670a8b8.
|
| |
|
|
|
|
|
| |
crun has renamed master -> main, so we adjust our fetching to
match.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Update podman to 3.0.1.
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
Allows the yocto cve-checker to flag CVEs, which would otherwise go
unreported due to the package name not matching NIST NVD data.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
Allows the yocto cve-checker to flag CVEs, which would otherwise go
unreported due to the package name not matching NIST NVD data.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
Allows the yocto cve-checker to flag CVEs, which would otherwise go
unreported due to the package name not matching NIST NVD data.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dropping the backported CVE patch, as it is part of this version bump,
which contains the followig commits:
c64cfa03b runtime/v2/runc: fix the defer cleanup of the NewContainer
60c139c9a gha: use sudo -E in some places to prevent dropping env-vars
e0d452986 GHA: use setup-go@v2
ac87e05f6 [release/1.4] update Go to 1.15.11
425a6e4f8 night ci fix: add packages for ubuntu 20.04
80de6e2b4 vendor: golang.org/x/sys 5cba982894dd4e8879e3ef0a0c308ceff39f6154
92da2dbfa vendor: golang.org/x/sync 67f06af15bc961c363a7260195bcd53487529a21
b24c8a2ec vendor: golang.org/x/net 69a78807bb2bb6d1599c68698c6b009505012083
ebdd88cc0 vendor: sigs.k8s.io/structured-merge-diff/v4 v4.0.3
fe197b9b5 vendor: update kubernetes to v1.19.10
07e347903 adds log for each failed host and status not found on host
18a271509 need to bring critest backup
8c5422eb6 Fix error log when copy file
f9d6a7604 runtime/v2/runc: fix leaking socket path
24921417f Fix missing close
bfe95947f install-runc: set GO111MODULE=off to use vendor
520d179ed Prevent runc inheriting BUILDTAGS from containerd
039c24043 move runc version to a separate file for easier consumption
0e957e5ad Separate runc binary version from libcontainer version
bd5bbbd1a Remove references to apparmor and selinux buildtags for runc
fca4a0d1b script/setup: use git clone instead of go get -d
4c875c81a cmd/ctr: fix export command
bbde7b700 overlay: support "userxattr" option (kernel 5.11)
4c2f6a7ab Fix advisory link in release notes for containerd 1.4.4
3ba4a3171 Prepare release notes for 1.4.4
cbcb2f57f vendor: update cri
633bfb712 CI: cache ~/.vagrant.d/boxes
e7851d743 CI: fix "ls: cannot access '/etc/cni/net.d': Permission denied"
f4a6e163e Update continuity
2ec4a495f Update gogo/protobuf to v1.3.2
232cee448 Update to go 1.15.8
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The master branch contains an uprev for containerd that includes the
fix, so backport the patch separately for hardknott.
Tested by pulling a hello-world image with podman to
core-image-full-cmdline, with the following added to local.conf:
DISTRO_FEATURES_append = " systemd seccomp"
VIRTUAL-RUNTIME_init_manager = "systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"
VIRTUAL-RUNTIME_initscripts = "systemd-compat-units"
NETWORK_MANAGER = "systemd"
IMAGE_ROOTFS_EXTRA_SPACE = "8192000"
PREFERRED_PROVIDER_virtual/containerd = "containerd-opencontainers"
IMAGE_INSTALL_append = " podman virtual/containerd"
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Added kernel modules kernel-module-xt-masquerade and
kernel-module-xt-comment to RRECOMMENDS, to avoid iptables
errors with podman
Signed-off-by: Nathan Dunne <Nathan.Dunne@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Original URL: https://github.com/lxc/lxc/pull/3623
Signed-off-by: RameshkrishnanX Geddy Sekar <rameshkrishnanx.geddy.sekar@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of this update to crun, we now much run autogen.sh before
running configure.
Otherwise, these are incremental changes and comprise the following
commits:
9effaeb On exec, honor additional_gids from the process spec, not the container definition
c25a2db tests: add explicit python3-pip dependency
e67a756 NEWS: tag 0.19
18c0274 gitignore: update
471a7b8 libocispec: update from upstream
f642968 tests: fix check for cgroup v2
3e7fa1d linux: always remount bind mounts
78aeac9 linux: ignore unknown capabilities
f11d742 Add linuxdevicecgroup to maintain parity with runc spec
9aa382b cgroup: skip parsing empty file
d9c9fd0 container: initialize tmp_err
00371ae src: initialize statx struct
2e88d19 src: initialize first_arg
5e4efb7 seccomp: always NUL terminate lowercase_arch
7812572 tests: add test for seccomp listener
f80e98d init: add check for seccomp listener
5d9010b init: fix check for nargs
5a627f4 seccomp: support notify listener
c3361c1 status: use function to convert from yajl errors
873b62d container: use new error function for hooks JSON
14083ab error: new function to convert from yajl errors
6e19235 linux: pass own pid to container process
8fd3320 contrib: new tool to test seccomp notifications
8722858 crun: always use absolute path for the bundle
ae9ea92 container: improve OOM error message
919aac9 utils: receive fd detect closed connection
a52e480 cgroup: new function to detect OOM
2e37d2a sync-libocispec
75ad96b Let autogen.sh generate m4
14c260f libcrun_warn if newuidmap/newgidmap invoke fails
5598401 README.md: drop pids limit comparison
9ea6857 github: add fuzzing test
0fd03ba tests: add container image for fuzzing libcrun
bbd5c7d fuzzer: reap child processes
c7350ef tests: add more fuzzing tests
816f95b fuzzer: merge two tests
effa508 linux: cleanup zombie on errors
b32f1eb linux: release only on error
5ca72f5 status: attempt open again on interrupts
9b5d4c1 Added static analysis Adding clang compilation Fixing comparison of integers of different signs
3b199ef Update GNUmakefile
dcd1a34 linux: label the tmpfs for masked directories
edf7f15 seccomp: check if the action supports errnoRet
bc222b6 seccomp: fail if no default action specified
0c5b920 seccomp: honor default errno value
92c0afe yajl: support static link of containers/yajl
f3d920d src: fix unitialized variable
7d89a02 src: add error check
765971c status: fix memory leak on error
31274d8 utils: fix check for fd
62d1c4d tests: add test to feed honggfuzz
ab75091 ebpf: return the program instead of NULL
8b16552 src: check if seccomp is defined
f721efb container: fix error ownership
4472e35 container: allow config from memory
6b369b8 container: fix memory leak
0fede0f container: initialize variable
2b6c0b6 container: fix dereference of def->linux if NULL
1dd9b5b container: check for def->process before deref
1b1a691 fix: cross-compiling for Android
b25cb2d tests: add device access test
86251b0 ebpf: handle access(dev_name, F_OK) call correctly
e2d79dc fix: access violate if ret < -2
4f35406 cgroup: read controllers from /proc/self/cgroup
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
calling bb.parse.SkipRecipe with conditional PNBLACKLISTs
* PNBLACKLISTs are IMHO a bit easier to read and easier to override from distro
which e.g. provides own recipe for libseccomp
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Moving off the 1.20.x-rc and onto a dot release tag. This pulls in
the following commits:
e87da0bd6e0 Release commit for Kubernetes v1.20.4
5682545c2da Update CHANGELOG/CHANGELOG-1.20.md for v1.20.3
f8f2fa827d3 Release commit for Kubernetes v1.20.4-rc.0
01849e73f3c Release commit for Kubernetes v1.20.3
58c5493f22a kube-cross: update image to use v1.15.8-legacy-1
e000e9722bb [go1.15] build: Update to k/repo-infra@v0.1.4 (supports go1.15.8)
3365196e9d8 Use go-runner:buster-v2.3.1 image (built on go1.15.8)
91f2745f08c staging/publishing: Set default go version to go1.15.8
3c777448311 Update to go1.15.8
b570189cf1f Revert "make hostPort match test linuxonly"
6698a4e7afc Revert "conformance changes"
6a31f8d17ef dockershim hostport respect IPFamily
a456eb4eaf6 dockershim hostport manager use HostIP
5d9910a0172 Cherry pick of #98254:Fix the kube-scheduler binary's description of the --config parameter is inaccurate
ac866d63911 make podTopologyHints protected by lock
b84ee98db74 kubelet: Fix mirrorPodTerminationMap leak
d381d6c52cc kubelet: Delete static pods gracefully
b2576fb35f7 kubelet logs print 'kubelet nodes sync' frequently
7826a1c6b87 WIP: node sync at least once
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping the runc version to incorporate the following commits:
2ae56653 Move fuzzers upstream
053e15c0 tests/checkpoint: show full log lazy pages cpt
e618a6d5 curl: add --retry 5
4b98e4a7 MAINTAINERS: update Aleksa's email
8a3484b7 libcontainer/factory*: adjust the file mode
71ca6432 fix integration tests README.md
916654ff libcontainer: fix LinuxFactory comments
c3ffd2ef Do not convert blkio weight value using blkio->io conversion scheme
38b2dd39 runc exec: report possible OOM kill
5d0ffbf9 runc start/run: report OOM
7e137b90 libct/cg/fs2/hugetlb: use fscommon.GetValueByKey
9fa65f66 libct/cg/fscommon: add GetValueByKey
c54c3f85 libcontainer/notify_linux_v2: use fscommon.ReadFile
494f900e libct/cg/fscommon: rename/facelift GetCgroupParamKeyValue
1880d2fc libct/cg/fs/memory: handle EBUSY
27fd3fc3 libct/cg/fs: setMemoryAndSwap: refactor
3cced523 libct/cg/fs/memory: optimize Set
65c2d3c2 tests/int/update: add test case for PR #592
53d3b552 Update README.md for libcontainer
6c5ed0db Fix memory stats for cache in fs2
af521ed5 libct/cgroups/systemd: don't set limits in Apply
fa52df94 libcontainer: fix the file mode of the device
d0cbef57 Makefile: rm go 1.13 workaround
4019f08d make validate: rm go vet
f9c21133 make lint: use golangci-lint
671bb978 Makefile: remove ci target
95940855 script/validate-gofmt: rm
91f0ae18 ci/gha: bump go 1.16-rc1 -> 1.16.x
5b14a261 README: add gha badges
f3f563bc apparmor: try attr/apparmor/exec before attr/exec
41670e21 tests/int: rework/simplify setup and teardown
d73b4443 ci: enable -race from matrix
b7744547 libct/int: fix a data race
c34a9b10 tests/int/hooks.bats: don't use DEBIAN_BUNDLE
e40a369e tests/int/list.bats: don't use $BUSYBOX_BUNDLE
985546b4 tests/int: BATS_TMPDIR -> BATS_RUN_TMPDIR
85d5fea4 tests/int: stop reusing HELLO_BUNDLE for alt root
76532fac tests/int/events: rm unneeded eval
49766140 tests/int: use wait_for_container where appropriate
4d6ffa39 tests/int/helpers: reimplement wait_for_container
e7052dcd tests/int/spec.bats: don't use HELLO_BUNDLE
0cfc2e32 tests/int: rm teardown_running_container_inroot
78f0e4b2 tests/int: rm wait_for_container_inroot
64d5702f tests/int: don't depend on BUSYBOX_BUNDLE var
efb8552b tests/int: add device access test
81707abd ebpf: fix device access check
c3428722 libct/config: fix a data race
51ec5db1 ci: add i386 unit test run
b142a70e libct/seccomp/patchpbf/test: fix for 32-bit
2831fb55 cgroup2: devices: handle eBPF skipping more correctly
d1007b08 cgroupv1 freezer: thaw to increase freeze chances
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
If the required modules aren't in the image, k3s will fail to start.
Set the requirements as RRECOMMENDS for image types that don't install
the kernel-modules meta-package.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
We build and depend on our own containerd, we don't need the ctr
symlink to k3s for proper operation.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
To more closely align with the rancher/upstream build, we add
additional tags to the build. To make them easier to manage, we
also introduce a variable and use it in the go build line.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
k3s requires seccomp, and a runc with seccomp enabled for proper
operation. runc has a distro feature check to enable seccomp, so
if we enforce it as k3s feature, we'll also get a properly built
runc and we'll work out of the box.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping the runc version to incorporate the following commits:
2ae56653 Move fuzzers upstream
053e15c0 tests/checkpoint: show full log lazy pages cpt
e618a6d5 curl: add --retry 5
4b98e4a7 MAINTAINERS: update Aleksa's email
8a3484b7 libcontainer/factory*: adjust the file mode
71ca6432 fix integration tests README.md
916654ff libcontainer: fix LinuxFactory comments
c3ffd2ef Do not convert blkio weight value using blkio->io conversion scheme
38b2dd39 runc exec: report possible OOM kill
5d0ffbf9 runc start/run: report OOM
7e137b90 libct/cg/fs2/hugetlb: use fscommon.GetValueByKey
9fa65f66 libct/cg/fscommon: add GetValueByKey
c54c3f85 libcontainer/notify_linux_v2: use fscommon.ReadFile
494f900e libct/cg/fscommon: rename/facelift GetCgroupParamKeyValue
1880d2fc libct/cg/fs/memory: handle EBUSY
27fd3fc3 libct/cg/fs: setMemoryAndSwap: refactor
3cced523 libct/cg/fs/memory: optimize Set
65c2d3c2 tests/int/update: add test case for PR #592
53d3b552 Update README.md for libcontainer
6c5ed0db Fix memory stats for cache in fs2
af521ed5 libct/cgroups/systemd: don't set limits in Apply
fa52df94 libcontainer: fix the file mode of the device
d0cbef57 Makefile: rm go 1.13 workaround
4019f08d make validate: rm go vet
f9c21133 make lint: use golangci-lint
671bb978 Makefile: remove ci target
95940855 script/validate-gofmt: rm
91f0ae18 ci/gha: bump go 1.16-rc1 -> 1.16.x
5b14a261 README: add gha badges
f3f563bc apparmor: try attr/apparmor/exec before attr/exec
41670e21 tests/int: rework/simplify setup and teardown
d73b4443 ci: enable -race from matrix
b7744547 libct/int: fix a data race
c34a9b10 tests/int/hooks.bats: don't use DEBIAN_BUNDLE
e40a369e tests/int/list.bats: don't use $BUSYBOX_BUNDLE
985546b4 tests/int: BATS_TMPDIR -> BATS_RUN_TMPDIR
85d5fea4 tests/int: stop reusing HELLO_BUNDLE for alt root
76532fac tests/int/events: rm unneeded eval
49766140 tests/int: use wait_for_container where appropriate
4d6ffa39 tests/int/helpers: reimplement wait_for_container
e7052dcd tests/int/spec.bats: don't use HELLO_BUNDLE
0cfc2e32 tests/int: rm teardown_running_container_inroot
78f0e4b2 tests/int: rm wait_for_container_inroot
64d5702f tests/int: don't depend on BUSYBOX_BUNDLE var
efb8552b tests/int: add device access test
81707abd ebpf: fix device access check
c3428722 libct/config: fix a data race
51ec5db1 ci: add i386 unit test run
b142a70e libct/seccomp/patchpbf/test: fix for 32-bit
2831fb55 cgroup2: devices: handle eBPF skipping more correctly
d1007b08 cgroupv1 freezer: thaw to increase freeze chances
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
runc can be built with both selinux and seccomp tags. These tags
are a requirement for proper operation with some frameworks (like
k3s).
So we add checks for the appropriate distro features and then
automatically add them to the build tags, allowing us a coordinated
enabling of the functionality.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixing up the PV to use SRCPV for tracking future version bumps, if
the tree is dirty or not, git will tell us.
We also add some additional kernel module rrecommends, so that the
tools called by k3s can find the support they need (mainly iptools)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
