From 80e346a8ae0d8480a7e45e37ab3e0adafc76a0e9 Mon Sep 17 00:00:00 2001 From: Guy Templeton Date: Mon, 22 May 2023 23:17:31 +0100 Subject: [PATCH] Cluster Autoscaler - 1.26.3 - Update k/k vendor to 1.26.5 --- cluster-autoscaler/go.mod | 94 ++++++------ cluster-autoscaler/go.sum | 99 +++++++------ .../libcontainer/cgroups/ebpf/ebpf_linux.go | 2 +- .../runc/libcontainer/cgroups/fs/fs.go | 1 + .../libcontainer/cgroups/systemd/common.go | 66 ++++++--- .../libcontainer/cgroups/systemd/cpuset.go | 5 + .../runc/libcontainer/cgroups/systemd/v1.go | 12 +- .../runc/libcontainer/cgroups/systemd/v2.go | 2 +- .../runc/libcontainer/cgroups/utils.go | 6 +- .../configs/validate/validator.go | 5 +- .../runc/libcontainer/container_linux.go | 2 +- .../runc/libcontainer/eaccess_go119.go | 17 +++ .../runc/libcontainer/eaccess_stub.go | 10 ++ .../runc/libcontainer/factory_linux.go | 11 +- .../runc/libcontainer/init_linux.go | 5 +- .../runc/libcontainer/rootfs_linux.go | 82 ++++++---- .../runc/libcontainer/standard_init_linux.go | 11 +- .../opencontainers/runc/libcontainer/sync.go | 14 +- .../runc/libcontainer/system/linux.go | 19 --- .../runc/libcontainer/user/user.go | 14 +- .../vendor/golang.org/x/net/html/doc.go | 15 ++ .../vendor/golang.org/x/net/html/escape.go | 81 ++++++++++ .../vendor/golang.org/x/net/html/render.go | 2 +- .../vendor/golang.org/x/net/html/token.go | 10 +- .../x/sync/singleflight/singleflight.go | 11 +- .../golang.org/x/sys/cpu/hwcap_linux.go | 15 ++ .../golang.org/x/sys/cpu/runtime_auxv.go | 16 ++ .../x/sys/cpu/runtime_auxv_go121.go | 19 +++ .../vendor/golang.org/x/sys/unix/ioctl.go | 17 +-- .../vendor/golang.org/x/sys/unix/ioctl_zos.go | 8 +- .../golang.org/x/sys/unix/ptrace_darwin.go | 6 + .../golang.org/x/sys/unix/ptrace_ios.go | 6 + .../golang.org/x/sys/unix/syscall_aix.go | 5 +- .../golang.org/x/sys/unix/syscall_bsd.go | 3 +- .../golang.org/x/sys/unix/syscall_darwin.go | 12 +- .../x/sys/unix/syscall_darwin_amd64.go | 1 + .../x/sys/unix/syscall_darwin_arm64.go | 1 + .../x/sys/unix/syscall_dragonfly.go | 1 + .../golang.org/x/sys/unix/syscall_freebsd.go | 43 +++++- .../x/sys/unix/syscall_freebsd_386.go | 17 +-- .../x/sys/unix/syscall_freebsd_amd64.go | 17 +-- .../x/sys/unix/syscall_freebsd_arm.go | 15 +- .../x/sys/unix/syscall_freebsd_arm64.go | 15 +- .../x/sys/unix/syscall_freebsd_riscv64.go | 15 +- .../golang.org/x/sys/unix/syscall_hurd.go | 8 + .../golang.org/x/sys/unix/syscall_linux.go | 36 +++-- .../golang.org/x/sys/unix/syscall_netbsd.go | 5 +- .../golang.org/x/sys/unix/syscall_openbsd.go | 1 + .../golang.org/x/sys/unix/syscall_solaris.go | 21 +-- .../x/sys/unix/syscall_zos_s390x.go | 4 +- .../golang.org/x/sys/unix/zerrors_linux.go | 10 +- .../x/sys/unix/zptrace_armnn_linux.go | 8 +- .../x/sys/unix/zptrace_linux_arm64.go | 4 +- .../x/sys/unix/zptrace_mipsnn_linux.go | 8 +- .../x/sys/unix/zptrace_mipsnnle_linux.go | 8 +- .../x/sys/unix/zptrace_x86_linux.go | 8 +- .../golang.org/x/sys/unix/zsyscall_aix_ppc.go | 10 ++ .../x/sys/unix/zsyscall_aix_ppc64.go | 10 ++ .../x/sys/unix/zsyscall_aix_ppc64_gc.go | 7 + .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go | 8 + .../x/sys/unix/zsyscall_darwin_amd64.go | 16 ++ .../x/sys/unix/zsyscall_darwin_arm64.go | 16 ++ .../x/sys/unix/zsyscall_dragonfly_amd64.go | 10 ++ .../x/sys/unix/zsyscall_freebsd_386.go | 20 +++ .../x/sys/unix/zsyscall_freebsd_amd64.go | 20 +++ .../x/sys/unix/zsyscall_freebsd_arm.go | 20 +++ .../x/sys/unix/zsyscall_freebsd_arm64.go | 20 +++ .../x/sys/unix/zsyscall_freebsd_riscv64.go | 20 +++ .../golang.org/x/sys/unix/zsyscall_linux.go | 10 ++ .../x/sys/unix/zsyscall_netbsd_386.go | 10 ++ .../x/sys/unix/zsyscall_netbsd_amd64.go | 10 ++ .../x/sys/unix/zsyscall_netbsd_arm.go | 10 ++ .../x/sys/unix/zsyscall_netbsd_arm64.go | 10 ++ .../x/sys/unix/zsyscall_openbsd_386.go | 8 + .../x/sys/unix/zsyscall_openbsd_amd64.go | 8 + .../x/sys/unix/zsyscall_openbsd_arm.go | 8 + .../x/sys/unix/zsyscall_openbsd_arm64.go | 8 + .../x/sys/unix/zsyscall_openbsd_mips64.go | 8 + .../x/sys/unix/zsyscall_openbsd_ppc64.go | 8 + .../x/sys/unix/zsyscall_openbsd_riscv64.go | 8 + .../x/sys/unix/zsyscall_solaris_amd64.go | 11 ++ .../x/sys/unix/zsyscall_zos_s390x.go | 10 ++ .../x/sys/unix/ztypes_freebsd_386.go | 2 +- .../x/sys/unix/ztypes_freebsd_amd64.go | 2 +- .../x/sys/unix/ztypes_freebsd_arm.go | 2 +- .../x/sys/unix/ztypes_freebsd_arm64.go | 2 +- .../x/sys/unix/ztypes_freebsd_riscv64.go | 2 +- .../golang.org/x/sys/unix/ztypes_linux.go | 140 +++++++++++++----- .../golang.org/x/sys/unix/ztypes_linux_386.go | 2 +- .../x/sys/unix/ztypes_linux_amd64.go | 2 +- .../golang.org/x/sys/unix/ztypes_linux_arm.go | 2 +- .../x/sys/unix/ztypes_linux_arm64.go | 2 +- .../x/sys/unix/ztypes_linux_loong64.go | 2 +- .../x/sys/unix/ztypes_linux_mips.go | 2 +- .../x/sys/unix/ztypes_linux_mips64.go | 2 +- .../x/sys/unix/ztypes_linux_mips64le.go | 2 +- .../x/sys/unix/ztypes_linux_mipsle.go | 2 +- .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 2 +- .../x/sys/unix/ztypes_linux_ppc64.go | 2 +- .../x/sys/unix/ztypes_linux_ppc64le.go | 2 +- .../x/sys/unix/ztypes_linux_riscv64.go | 2 +- .../x/sys/unix/ztypes_linux_s390x.go | 2 +- .../x/sys/unix/ztypes_linux_sparc64.go | 2 +- .../x/sys/windows/syscall_windows.go | 6 +- .../golang.org/x/sys/windows/types_windows.go | 85 +++++++++++ .../x/sys/windows/zsyscall_windows.go | 27 ++++ .../x/text/encoding/internal/internal.go | 2 +- .../x/text/unicode/norm/forminfo.go | 2 +- .../k8s.io/api/batch/v1/generated.proto | 4 +- .../vendor/k8s.io/api/batch/v1/types.go | 4 +- .../batch/v1/types_swagger_doc_generated.go | 2 +- .../vendor/k8s.io/api/core/v1/generated.proto | 3 +- .../vendor/k8s.io/api/core/v1/types.go | 3 +- .../core/v1/types_swagger_doc_generated.go | 2 +- .../request/headerrequest/requestheader.go | 34 +++-- .../pkg/endpoints/filters/authentication.go | 31 +++- .../pkg/endpoints/handlers/create.go | 9 +- .../apiserver/pkg/registry/rest/rest.go | 7 + .../k8s.io/apiserver/pkg/server/config.go | 4 +- .../pkg/server/options/authentication.go | 20 +++ .../apiserver/pkg/storage/cacher/cacher.go | 8 +- .../apiserver/pkg/storage/cacher/ready.go | 107 +++++++++---- .../discovery/aggregated_discovery.go | 58 +++++--- .../client-go/discovery/discovery_client.go | 64 +++++--- .../vendor/k8s.io/client-go/openapi/client.go | 7 +- .../k8s.io/client-go/openapi/groupversion.go | 42 ++++-- .../client-go/tools/cache/controller.go | 22 +-- .../client-go/tools/cache/delta_fifo.go | 135 +++++++++++------ .../client-go/tools/cache/shared_informer.go | 8 +- .../vendor/k8s.io/cloud-provider/cloud.go | 5 + .../k8s.io/kubernetes/pkg/apis/core/types.go | 3 +- .../controller/daemon/daemon_controller.go | 8 + .../kubernetes/pkg/features/kube_features.go | 2 +- .../pkg/kubelet/cm/devicemanager/manager.go | 24 ++- .../kubernetes/pkg/kubelet/kubelet_getters.go | 5 +- .../pkg/kubelet/kuberuntime/helpers.go | 60 ++++---- .../kubelet/kuberuntime/security_context.go | 11 +- .../kubernetes/pkg/probe/http/request.go | 2 +- .../kubernetes/pkg/proxy/ipvs/proxier.go | 3 + .../framework/preemption/preemption.go | 3 + .../kubernetes/pkg/volume/awsebs/aws_ebs.go | 2 +- .../pkg/volume/azuredd/azure_mounter.go | 2 +- .../pkg/volume/configmap/configmap.go | 2 +- .../kubernetes/pkg/volume/csi/csi_attacher.go | 43 +----- .../kubernetes/pkg/volume/csi/csi_mounter.go | 2 +- .../kubernetes/pkg/volume/csi/csi_util.go | 2 +- .../pkg/volume/downwardapi/downwardapi.go | 2 +- .../pkg/volume/emptydir/empty_dir.go | 8 +- .../kubernetes/pkg/volume/fc/disk_manager.go | 2 +- .../pkg/volume/flexvolume/mounter.go | 2 +- .../kubernetes/pkg/volume/gcepd/gce_pd.go | 2 +- .../pkg/volume/git_repo/git_repo.go | 2 +- .../pkg/volume/iscsi/disk_manager.go | 2 +- .../kubernetes/pkg/volume/local/local.go | 2 +- .../pkg/volume/portworx/portworx.go | 2 +- .../pkg/volume/projected/projected.go | 2 +- .../kubernetes/pkg/volume/rbd/disk_manager.go | 2 +- .../kubernetes/pkg/volume/secret/secret.go | 2 +- .../util/fsquota/common/quota_common.go | 28 ++++ ..._linux_common.go => quota_common_linux.go} | 11 -- ...mon_impl.go => quota_common_linux_impl.go} | 0 .../pkg/volume/util/fsquota/project.go | 8 +- .../pkg/volume/util/fsquota/quota.go | 5 + .../pkg/volume/util/fsquota/quota_linux.go | 45 ++++-- .../volume/util/fsquota/quota_unsupported.go | 5 + .../kubernetes/pkg/volume/volume_linux.go | 16 +- .../pkg/volume/volume_unsupported.go | 2 +- .../volume/vsphere_volume/vsphere_volume.go | 2 +- cluster-autoscaler/vendor/modules.txt | 110 +++++++------- .../konnectivity-client/pkg/client/client.go | 8 +- cluster-autoscaler/version/version.go | 2 +- 171 files changed, 1788 insertions(+), 792 deletions(-) create mode 100644 cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go create mode 100644 cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go create mode 100644 cluster-autoscaler/vendor/golang.org/x/sys/cpu/runtime_auxv.go create mode 100644 cluster-autoscaler/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go create mode 100644 cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common.go rename cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/{quota_linux_common.go => quota_common_linux.go} (92%) rename cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/{quota_linux_common_impl.go => quota_common_linux_impl.go} (100%) diff --git a/cluster-autoscaler/go.mod b/cluster-autoscaler/go.mod index 852cad776c59..6e999b040982 100644 --- a/cluster-autoscaler/go.mod +++ b/cluster-autoscaler/go.mod @@ -28,22 +28,22 @@ require ( github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.0 golang.org/x/crypto v0.1.0 - golang.org/x/net v0.7.0 + golang.org/x/net v0.8.0 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b google.golang.org/api v0.60.0 google.golang.org/grpc v1.49.0 google.golang.org/protobuf v1.28.1 gopkg.in/gcfg.v1 v1.2.0 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.26.3 - k8s.io/apimachinery v0.26.3 - k8s.io/apiserver v0.26.3 - k8s.io/client-go v0.26.3 - k8s.io/cloud-provider v0.26.3 - k8s.io/component-base v0.26.3 - k8s.io/component-helpers v0.26.3 + k8s.io/api v0.26.5 + k8s.io/apimachinery v0.26.5 + k8s.io/apiserver v0.26.5 + k8s.io/client-go v0.26.5 + k8s.io/cloud-provider v0.26.5 + k8s.io/component-base v0.26.5 + k8s.io/component-helpers v0.26.5 k8s.io/klog/v2 v2.80.1 - k8s.io/kubernetes v1.26.3 + k8s.io/kubernetes v1.26.5 k8s.io/legacy-cloud-providers v0.0.0 k8s.io/utils v0.0.0-20221107191617-1a15be271d1d sigs.k8s.io/cloud-provider-azure v1.24.2 @@ -122,7 +122,7 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/runc v1.1.4 // indirect + github.com/opencontainers/runc v1.1.6 // indirect github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect github.com/opencontainers/selinux v1.10.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect @@ -157,10 +157,10 @@ require ( go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.19.0 // indirect - golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect - golang.org/x/sys v0.5.0 // indirect - golang.org/x/term v0.5.0 // indirect - golang.org/x/text v0.7.0 // indirect + golang.org/x/sync v0.1.0 // indirect + golang.org/x/sys v0.6.0 // indirect + golang.org/x/term v0.6.0 // indirect + golang.org/x/text v0.8.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect @@ -169,16 +169,16 @@ require ( gopkg.in/warnings.v0 v0.1.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/cri-api v0.0.0 // indirect - k8s.io/csi-translation-lib v0.26.3 // indirect + k8s.io/csi-translation-lib v0.26.5 // indirect k8s.io/dynamic-resource-allocation v0.0.0 // indirect - k8s.io/kms v0.26.3 // indirect + k8s.io/kms v0.26.5 // indirect k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect k8s.io/kube-proxy v0.0.0 // indirect k8s.io/kube-scheduler v0.0.0 // indirect k8s.io/kubectl v0.0.0 // indirect - k8s.io/kubelet v0.26.3 // indirect + k8s.io/kubelet v0.26.5 // indirect k8s.io/mount-utils v0.26.0-alpha.0 // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.37 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect @@ -190,60 +190,60 @@ replace github.com/digitalocean/godo => github.com/digitalocean/godo v1.27.0 replace github.com/rancher/go-rancher => github.com/rancher/go-rancher v0.1.0 -replace k8s.io/api => k8s.io/api v0.26.3 +replace k8s.io/api => k8s.io/api v0.26.5 -replace k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.3 +replace k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.5 -replace k8s.io/apimachinery => k8s.io/apimachinery v0.26.3 +replace k8s.io/apimachinery => k8s.io/apimachinery v0.26.5 -replace k8s.io/apiserver => k8s.io/apiserver v0.26.3 +replace k8s.io/apiserver => k8s.io/apiserver v0.26.5 -replace k8s.io/cli-runtime => k8s.io/cli-runtime v0.26.3 +replace k8s.io/cli-runtime => k8s.io/cli-runtime v0.26.5 -replace k8s.io/client-go => k8s.io/client-go v0.26.3 +replace k8s.io/client-go => k8s.io/client-go v0.26.5 -replace k8s.io/cloud-provider => k8s.io/cloud-provider v0.26.3 +replace k8s.io/cloud-provider => k8s.io/cloud-provider v0.26.5 -replace k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.26.3 +replace k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.26.5 -replace k8s.io/code-generator => k8s.io/code-generator v0.26.3 +replace k8s.io/code-generator => k8s.io/code-generator v0.26.5 -replace k8s.io/component-base => k8s.io/component-base v0.26.3 +replace k8s.io/component-base => k8s.io/component-base v0.26.5 -replace k8s.io/component-helpers => k8s.io/component-helpers v0.26.3 +replace k8s.io/component-helpers => k8s.io/component-helpers v0.26.5 -replace k8s.io/controller-manager => k8s.io/controller-manager v0.26.3 +replace k8s.io/controller-manager => k8s.io/controller-manager v0.26.5 -replace k8s.io/cri-api => k8s.io/cri-api v0.26.3 +replace k8s.io/cri-api => k8s.io/cri-api v0.26.5 -replace k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.26.3 +replace k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.26.5 -replace k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.26.3 +replace k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.26.5 -replace k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.26.3 +replace k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.26.5 -replace k8s.io/kube-proxy => k8s.io/kube-proxy v0.26.3 +replace k8s.io/kube-proxy => k8s.io/kube-proxy v0.26.5 -replace k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.26.3 +replace k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.26.5 -replace k8s.io/kubectl => k8s.io/kubectl v0.26.3 +replace k8s.io/kubectl => k8s.io/kubectl v0.26.5 -replace k8s.io/kubelet => k8s.io/kubelet v0.26.3 +replace k8s.io/kubelet => k8s.io/kubelet v0.26.5 -replace k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.26.3 +replace k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.26.5 -replace k8s.io/metrics => k8s.io/metrics v0.26.3 +replace k8s.io/metrics => k8s.io/metrics v0.26.5 -replace k8s.io/mount-utils => k8s.io/mount-utils v0.26.3 +replace k8s.io/mount-utils => k8s.io/mount-utils v0.26.5 -replace k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.26.3 +replace k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.26.5 -replace k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.26.3 +replace k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.26.5 -replace k8s.io/sample-controller => k8s.io/sample-controller v0.26.3 +replace k8s.io/sample-controller => k8s.io/sample-controller v0.26.5 -replace k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.26.3 +replace k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.26.5 -replace k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.26.3 +replace k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.26.5 -replace k8s.io/kms => k8s.io/kms v0.26.3 +replace k8s.io/kms => k8s.io/kms v0.26.5 diff --git a/cluster-autoscaler/go.sum b/cluster-autoscaler/go.sum index ac7ea4e5b9bc..ae071ae7dd5b 100644 --- a/cluster-autoscaler/go.sum +++ b/cluster-autoscaler/go.sum @@ -482,8 +482,9 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM= github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= +github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA= +github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50= github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= @@ -750,8 +751,8 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -784,8 +785,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -857,12 +858,12 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -872,8 +873,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1130,55 +1131,55 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.26.3 h1:emf74GIQMTik01Aum9dPP0gAypL8JTLl/lHa4V9RFSU= -k8s.io/api v0.26.3/go.mod h1:PXsqwPMXBSBcL1lJ9CYDKy7kIReUydukS5JiRlxC3qE= -k8s.io/apimachinery v0.26.3 h1:dQx6PNETJ7nODU3XPtrwkfuubs6w7sX0M8n61zHIV/k= -k8s.io/apimachinery v0.26.3/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= -k8s.io/apiserver v0.26.3 h1:blBpv+yOiozkPH2aqClhJmJY+rp53Tgfac4SKPDJnU4= -k8s.io/apiserver v0.26.3/go.mod h1:CJe/VoQNcXdhm67EvaVjYXxR3QyfwpceKPuPaeLibTA= -k8s.io/client-go v0.26.3 h1:k1UY+KXfkxV2ScEL3gilKcF7761xkYsSD6BC9szIu8s= -k8s.io/client-go v0.26.3/go.mod h1:ZPNu9lm8/dbRIPAgteN30RSXea6vrCpFvq+MateTUuQ= -k8s.io/cloud-provider v0.26.3 h1:qN4f0+PvgOZyKIIct+90eedYj8/S4EKPpSD9S+3RCFE= -k8s.io/cloud-provider v0.26.3/go.mod h1:Hfxu0mvz426xlvz2tziw0m3ubr+sk05KKD4HPy2kwdY= -k8s.io/component-base v0.26.3 h1:oC0WMK/ggcbGDTkdcqefI4wIZRYdK3JySx9/HADpV0g= -k8s.io/component-base v0.26.3/go.mod h1:5kj1kZYwSC6ZstHJN7oHBqcJC6yyn41eR+Sqa/mQc8E= -k8s.io/component-helpers v0.26.3 h1:eQ682yg1GiIGAsde+l2xL0P2yMYJOvypWsz6h6FtkZo= -k8s.io/component-helpers v0.26.3/go.mod h1:feC+CaxJXULs5TSD3lG8K5ecftOkF8eY0pHQgd7koEI= -k8s.io/cri-api v0.26.3 h1:sVkvI3DjVwS4sV7XZZiuxRvBsCWfifZPE8ddusIlJLU= -k8s.io/cri-api v0.26.3/go.mod h1:Oo8O7MKFPNDxfDf2LmrF/3Hf30q1C6iliGuv3la3tIA= -k8s.io/csi-translation-lib v0.26.3 h1:XpC3yeBSz+qls9zk3Tqg6r2sZxFePGe1fIlSlmds5XA= -k8s.io/csi-translation-lib v0.26.3/go.mod h1:i++hspfN3AZsA5cYQ1QFnflIQhirsoc/8bOLkaVJG/g= -k8s.io/dynamic-resource-allocation v0.26.3 h1:WBI4xDoMySaH5VJe0y514O3rC4gyiJppC0EkDo6mHq0= -k8s.io/dynamic-resource-allocation v0.26.3/go.mod h1:8nUg20y2DgAv8v+Yuv7O5+rLZa7jbjsU3KvDcBiv2b8= +k8s.io/api v0.26.5 h1:Npao/+sMSng6nkEcNydgH3BNo4s5YoBg7iw35HM7Hcw= +k8s.io/api v0.26.5/go.mod h1:O7ICW7lj6+ZQQQ3cxekgCoW+fnGo5kWT0nTHkLZ5grc= +k8s.io/apimachinery v0.26.5 h1:hTQVhJao2piX7vSgCn4Lwd6E0o/+TJIH4NqRf+q4EmE= +k8s.io/apimachinery v0.26.5/go.mod h1:HUvk6wrOP4v22AIYqeCGSQ6xWCHo41J9d6psb3temAg= +k8s.io/apiserver v0.26.5 h1:SBzyDpIXXPR4v+mpSU44p9fQerBMkpOH6lmSPCD1wmo= +k8s.io/apiserver v0.26.5/go.mod h1:OSbw98Y1bDSbA2izYIKqhi10vb4KWP9b4siiCRFkBVE= +k8s.io/client-go v0.26.5 h1:e8Z44pafL/c6ayF/6qYEypbJoDSakaFxhJ9lqULEJEo= +k8s.io/client-go v0.26.5/go.mod h1:/CYyNt+ZLMvWqMF8h1SvkUXz2ujFWQLwdDrdiQlZ5X0= +k8s.io/cloud-provider v0.26.5 h1:dDiCey75cPQhRy96AmE1Vqo1DJakuHHfnn5DJiwdkTQ= +k8s.io/cloud-provider v0.26.5/go.mod h1:tZZTVChlO3isBV/Y6xO4/j0MI+I9/vRkplc8cY8kVvo= +k8s.io/component-base v0.26.5 h1:nHAzDvXQ4whYpOqrQGWrDIYI/GIeXkuxzqC/iVICfZo= +k8s.io/component-base v0.26.5/go.mod h1:wvfNAS05EtKdPeUxFceo8WNh8bGPcFY8QfPhv5MYjA4= +k8s.io/component-helpers v0.26.5 h1:JwpcrVqrxU7eLlO+p1TLjdf01O+d3G7eOJgQCm1bMm0= +k8s.io/component-helpers v0.26.5/go.mod h1:08oMmyYzepG6KoZzPnx4R7lcrqyBESWx2EKq7mWvx/g= +k8s.io/cri-api v0.26.5 h1:xNg8uDvBoPitLQl+gkDNLfckkuDUUHwFOG4RJ7CRpHI= +k8s.io/cri-api v0.26.5/go.mod h1:xhhEy2sS6zO8oieIwGBorQLneLMLHXATFUv8+0tsFMo= +k8s.io/csi-translation-lib v0.26.5 h1:9nuy6rFh7LAqhuVGOY6KnPLZkzWJ0SqM6+6p4YiASKQ= +k8s.io/csi-translation-lib v0.26.5/go.mod h1:BaS2V6Dw+qrj9wM59csELaBzfE5iaUMgiRnienfoAsE= +k8s.io/dynamic-resource-allocation v0.26.5 h1:GKT0mjTPcp6SqkcPF+t7DVCwfw2ogf1lM5zuxYXqM0E= +k8s.io/dynamic-resource-allocation v0.26.5/go.mod h1:v27WrIpB/ulANYqXY30HPks+9J22ISPLfSkILcdRbjc= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kms v0.26.3 h1:+rC4BMeMBkH5hrfZt9WFMRrs2m3vY2rXymisNactcTY= -k8s.io/kms v0.26.3/go.mod h1:69qGnf1NsFOQP07fBYqNLZklqEHSJF024JqYCaeVxHg= +k8s.io/kms v0.26.5 h1:Yjgvlxc3KBTAUWuxOIkMUB6YEmqR+rKBkRquBioP8YY= +k8s.io/kms v0.26.5/go.mod h1:AYuV9ZebRhr6cb1eT9L6kZVxvgIUxmE1Fe6kPhqYvuc= k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E= k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= -k8s.io/kube-proxy v0.26.3 h1:xKYTgH/HcmuLuIw/Ip2AVus70I9VwaFEQ5O7vGAveW8= -k8s.io/kube-proxy v0.26.3/go.mod h1:995p2WbS0zgatqXcB81/4vdhdOrP1cq6jqmPtDmaPhc= -k8s.io/kube-scheduler v0.26.3 h1:IOMIG5dUILnJIMnCbTUQokTb37Sd28vexquBSeajk6c= -k8s.io/kube-scheduler v0.26.3/go.mod h1:mbym95ZdWOaftRMmdLRcAam9MCNf7iUjnPfZTl8uHTA= -k8s.io/kubectl v0.26.3 h1:bZ5SgFyeEXw6XTc1Qji0iNdtqAC76lmeIIQULg2wNXM= -k8s.io/kubectl v0.26.3/go.mod h1:02+gv7Qn4dupzN3fi/9OvqqdW+uG/4Zi56vc4Zmsp1g= -k8s.io/kubelet v0.26.3 h1:6WT2dX/39cvc3q25xkFmMIT2EoV+gS/8gxZmUiDvG4U= -k8s.io/kubelet v0.26.3/go.mod h1:yd5GJNMOFLMKxP1rmZhg6etbYAbdTimF87fBIBtRimA= -k8s.io/kubernetes v1.26.3 h1:LtjNGNNpCTRyrWhDJMwTWDX+4h+GLwfULS8pu0xzSdk= -k8s.io/kubernetes v1.26.3/go.mod h1:NxzR7U7mS+OGa3J/qweI86Pek//mlfHqDgt6NNGdz8g= -k8s.io/legacy-cloud-providers v0.26.3 h1:gUDw7vFFKMM/vV/3MQNbw+H9fZOaH8z2/oK8/O7PCT0= -k8s.io/legacy-cloud-providers v0.26.3/go.mod h1:Scn0CIcptay5seel6MhAzLtoBseK+fL46uJSP84cnPo= -k8s.io/mount-utils v0.26.3 h1:FxMDiPLCkrYgonfSaKHWltLNkyTg3Q/Xrwn94uwhd8k= -k8s.io/mount-utils v0.26.3/go.mod h1:95yx9K6N37y8YZ0/lUh9U6ITosMODNaW0/v4wvaa0Xw= +k8s.io/kube-proxy v0.26.5 h1:F5EXG0L6x+IoDR2Yvp/xQir/JVo+esWr6UsOFsO9ytc= +k8s.io/kube-proxy v0.26.5/go.mod h1:ZgJJnYy3NXc5Xoc/Jl8a5ZxwHcxq9yqZtyrAwSRUFWQ= +k8s.io/kube-scheduler v0.26.5 h1:EeAfK31f9rW46wSTGcc29Qj3Okyuqy5ikVqU5gmen6Q= +k8s.io/kube-scheduler v0.26.5/go.mod h1:/49cw70efcgczBHSkOrdIfuR+t3J0xCQVcwOxfGEpZM= +k8s.io/kubectl v0.26.5 h1:xBqkZIycZIIG6X2ly4OkX2VL15xxnEpZAU9lfoTb0QE= +k8s.io/kubectl v0.26.5/go.mod h1:04QUnpBp9xe0wc84IdRcrFMkuUWQwsg9+ZMHtM4lbNM= +k8s.io/kubelet v0.26.5 h1:rTWWcO5oozrjLCmeebqQKtzPGrsLmYZRHo+sSN/XXqc= +k8s.io/kubelet v0.26.5/go.mod h1:g5du2eFxRkcVnjpuRT3VX+Pv96v5kDcVZXQ58sgO26E= +k8s.io/kubernetes v1.26.5 h1:hc/lcQCK7J2Q3fOqtU3cD8qJOKpi6oySEHPP39q/R7o= +k8s.io/kubernetes v1.26.5/go.mod h1:nARWq2FQXUzRa+DQfF6hEp0dgZXu61MnjX+aiQaC8lk= +k8s.io/legacy-cloud-providers v0.26.5 h1:24bwj3gDSZCn6SCu19GJ1iueNjHB+3bP9xOi9yXU9SY= +k8s.io/legacy-cloud-providers v0.26.5/go.mod h1:RmReppNYcUZYJdpTfnMO9pHMlLwHxHyAtiFR7IY+3mc= +k8s.io/mount-utils v0.26.5 h1:OYqtkQgtu3hCOYEv09rLdJu/YowXvrM0H6JiPGX6PWI= +k8s.io/mount-utils v0.26.5/go.mod h1:S+09/ujdtdKRo3bzSQXonHpIEKc+svPe8SNgBUJBj8E= k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20221107191617-1a15be271d1d h1:0Smp/HP1OH4Rvhe+4B8nWGERtlqAGSftbSbbmm45oFs= k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 h1:PUuX1qIFv309AT8hF/CdPKDmsG/hn/L8zRX7VvISM3A= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36/go.mod h1:WxjusMwXlKzfAs4p9km6XJRndVt2FROgMVCE4cdohFo= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.37 h1:fAPTNEpzQMOLMGwOHNbUkR2xXTQwMJOZYNx+/mLlOh0= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.37/go.mod h1:vfnxT4FXNT8eGvO+xi/DsyC/qHmdujqwrUa1WSspCsk= sigs.k8s.io/cloud-provider-azure v1.24.2 h1:t0c3Q7GAGQ0oqyl/KiHLtkS4obEYJpAMRYUuhEtgs/k= sigs.k8s.io/cloud-provider-azure v1.24.2/go.mod h1:uKqonMQbC2zqwq7NIWOfQLgrsMzD02Wj5UFFl1te1GY= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go index 104c74a890f8..35b00aaf0552 100644 --- a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go @@ -93,7 +93,7 @@ var ( ) // Loosely based on the BPF_F_REPLACE support check in -// . +// https://github.com/cilium/ebpf/blob/v0.6.0/link/syscalls.go. // // TODO: move this logic to cilium/ebpf func haveBpfProgReplace() bool { diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go index fb4fcc7f75bb..9e2f0ec04c8a 100644 --- a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go @@ -28,6 +28,7 @@ var subsystems = []subsystem{ &FreezerGroup{}, &RdmaGroup{}, &NameGroup{GroupName: "name=systemd", Join: true}, + &NameGroup{GroupName: "misc", Join: true}, } var errSubsystemDoesNotExist = errors.New("cgroup: subsystem does not exist") diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go index 45744c15c0a1..50746ae0c569 100644 --- a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go @@ -293,8 +293,18 @@ func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, err // rules separately to systemd) we can safely skip entries that don't // have a corresponding path. if _, err := os.Stat(entry.Path); err != nil { - logrus.Debugf("skipping device %s for systemd: %s", entry.Path, err) - continue + // Also check /sys/dev so that we don't depend on /dev/{block,char} + // being populated. (/dev/{block,char} is populated by udev, which + // isn't strictly required for systemd). Ironically, this happens most + // easily when starting containerd within a runc created container + // itself. + + // We don't bother with securejoin here because we create entry.Path + // right above here, so we know it's safe. + if _, err := os.Stat("/sys" + entry.Path); err != nil { + logrus.Warnf("skipping device %s for systemd: %s", entry.Path, err) + continue + } } } deviceAllowList = append(deviceAllowList, entry) @@ -343,32 +353,52 @@ func isUnitExists(err error) bool { return isDbusError(err, "org.freedesktop.systemd1.UnitExists") } -func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Property) error { +func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Property, ignoreExist bool) error { statusChan := make(chan string, 1) + retry := true + +retry: err := cm.retryOnDisconnect(func(c *systemdDbus.Conn) error { _, err := c.StartTransientUnitContext(context.TODO(), unitName, "replace", properties, statusChan) return err }) - if err == nil { - timeout := time.NewTimer(30 * time.Second) - defer timeout.Stop() - - select { - case s := <-statusChan: - close(statusChan) - // Please refer to https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus#Conn.StartUnit - if s != "done" { - resetFailedUnit(cm, unitName) - return fmt.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s) - } - case <-timeout.C: + if err != nil { + if !isUnitExists(err) { + return err + } + if ignoreExist { + // TODO: remove this hack. + // This is kubelet making sure a slice exists (see + // https://github.com/opencontainers/runc/pull/1124). + return nil + } + if retry { + // In case a unit with the same name exists, this may + // be a leftover failed unit. Reset it, so systemd can + // remove it, and retry once. resetFailedUnit(cm, unitName) - return errors.New("Timeout waiting for systemd to create " + unitName) + retry = false + goto retry } - } else if !isUnitExists(err) { return err } + timeout := time.NewTimer(30 * time.Second) + defer timeout.Stop() + + select { + case s := <-statusChan: + close(statusChan) + // Please refer to https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus#Conn.StartUnit + if s != "done" { + resetFailedUnit(cm, unitName) + return fmt.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s) + } + case <-timeout.C: + resetFailedUnit(cm, unitName) + return errors.New("Timeout waiting for systemd to create " + unitName) + } + return nil } diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go index 83d10dd705fd..dd474cf1b168 100644 --- a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go @@ -51,5 +51,10 @@ func RangeToBits(str string) ([]byte, error) { // do not allow empty values return nil, errors.New("empty value") } + + // fit cpuset parsing order in systemd + for l, r := 0, len(ret)-1; l < r; l, r = l+1, r-1 { + ret[l], ret[r] = ret[r], ret[l] + } return ret, nil } diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go index a74a05a5cd05..046c3056fba8 100644 --- a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go @@ -71,6 +71,7 @@ var legacySubsystems = []subsystem{ &fs.NetClsGroup{}, &fs.NameGroup{GroupName: "name=systemd"}, &fs.RdmaGroup{}, + &fs.NameGroup{GroupName: "misc"}, } func genV1ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) { @@ -206,7 +207,7 @@ func (m *legacyManager) Apply(pid int) error { properties = append(properties, c.SystemdProps...) - if err := startUnit(m.dbus, unitName, properties); err != nil { + if err := startUnit(m.dbus, unitName, properties, pid == -1); err != nil { return err } @@ -273,14 +274,7 @@ func getSubsystemPath(slice, unit, subsystem string) (string, error) { return "", err } - initPath, err := cgroups.GetInitCgroup(subsystem) - if err != nil { - return "", err - } - // if pid 1 is systemd 226 or later, it will be in init.scope, not the root - initPath = strings.TrimSuffix(filepath.Clean(initPath), "init.scope") - - return filepath.Join(mountpoint, initPath, slice, unit), nil + return filepath.Join(mountpoint, slice, unit), nil } func (m *legacyManager) Freeze(state configs.FreezerState) error { diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go index de0cb974d460..94d24ee45020 100644 --- a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go @@ -284,7 +284,7 @@ func (m *unifiedManager) Apply(pid int) error { properties = append(properties, c.SystemdProps...) - if err := startUnit(m.dbus, unitName, properties); err != nil { + if err := startUnit(m.dbus, unitName, properties, pid == -1); err != nil { return fmt.Errorf("unable to start unit %q (properties %+v): %w", unitName, properties, err) } diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go index b32af4ee5302..fc4ae44a4853 100644 --- a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go @@ -162,8 +162,10 @@ func readProcsFile(dir string) ([]int, error) { // ParseCgroupFile parses the given cgroup file, typically /proc/self/cgroup // or /proc//cgroup, into a map of subsystems to cgroup paths, e.g. -// "cpu": "/user.slice/user-1000.slice" -// "pids": "/user.slice/user-1000.slice" +// +// "cpu": "/user.slice/user-1000.slice" +// "pids": "/user.slice/user-1000.slice" +// // etc. // // Note that for cgroup v2 unified hierarchy, there are no per-controller diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go index 627621a58d86..4fbd308dadd6 100644 --- a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go @@ -131,9 +131,8 @@ func (v *ConfigValidator) cgroupnamespace(config *configs.Config) error { // convertSysctlVariableToDotsSeparator can return sysctl variables in dots separator format. // The '/' separator is also accepted in place of a '.'. // Convert the sysctl variables to dots separator format for validation. -// More info: -// https://man7.org/linux/man-pages/man8/sysctl.8.html -// https://man7.org/linux/man-pages/man5/sysctl.d.5.html +// More info: sysctl(8), sysctl.d(5). +// // For example: // Input sysctl variable "net/ipv4/conf/eno2.100.rp_filter" // will return the converted value "net.ipv4.conf.eno2/100.rp_filter" diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go index 9df830d8cdbb..dd61dfd3c90c 100644 --- a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go @@ -926,7 +926,7 @@ func (c *linuxContainer) criuSupportsExtNS(t configs.NamespaceType) bool { } func criuNsToKey(t configs.NamespaceType) string { - return "extRoot" + strings.Title(configs.NsName(t)) + "NS" + return "extRoot" + strings.Title(configs.NsName(t)) + "NS" //nolint:staticcheck // SA1019: strings.Title is deprecated } func (c *linuxContainer) handleCheckpointingExternalNamespaces(rpcOpts *criurpc.CriuOpts, t configs.NamespaceType) error { diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go new file mode 100644 index 000000000000..cc1e2079a795 --- /dev/null +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go @@ -0,0 +1,17 @@ +//go:build !go1.20 +// +build !go1.20 + +package libcontainer + +import "golang.org/x/sys/unix" + +func eaccess(path string) error { + // This check is similar to access(2) with X_OK except for + // setuid/setgid binaries where it checks against the effective + // (rather than real) uid and gid. It is not needed in go 1.20 + // and beyond and will be removed later. + + // Relies on code added in https://go-review.googlesource.com/c/sys/+/468877 + // and older CLs linked from there. + return unix.Faccessat(unix.AT_FDCWD, path, unix.X_OK, unix.AT_EACCESS) +} diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go new file mode 100644 index 000000000000..7c049fd7aa02 --- /dev/null +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go @@ -0,0 +1,10 @@ +//go:build go1.20 + +package libcontainer + +func eaccess(path string) error { + // Not needed in Go 1.20+ as the functionality is already in there + // (added by https://go.dev/cl/416115, https://go.dev/cl/414824, + // and fixed in Go 1.20.2 by https://go.dev/cl/469956). + return nil +} diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go index e6c71ac34e37..a1fa7de2d249 100644 --- a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go @@ -179,6 +179,12 @@ func (l *LinuxFactory) Create(id string, config *configs.Config) (Container, err return nil, fmt.Errorf("unable to get cgroup PIDs: %w", err) } if len(pids) != 0 { + if config.Cgroups.Systemd { + // systemd cgroup driver can't add a pid to an + // existing systemd unit and will return an + // error anyway, so let's error out early. + return nil, fmt.Errorf("container's cgroup is not empty: %d process(es) found", len(pids)) + } // TODO: return an error. logrus.Warnf("container's cgroup is not empty: %d process(es) found", len(pids)) logrus.Warn("DEPRECATED: running container in a non-empty cgroup won't be supported in runc 1.2; https://github.com/opencontainers/runc/issues/3132") @@ -338,10 +344,9 @@ func (l *LinuxFactory) StartInitialization() (err error) { defer func() { if e := recover(); e != nil { - if e, ok := e.(error); ok { - err = fmt.Errorf("panic from initialization: %w, %s", e, debug.Stack()) + if ee, ok := e.(error); ok { + err = fmt.Errorf("panic from initialization: %w, %s", ee, debug.Stack()) } else { - //nolint:errorlint // here e is not of error type err = fmt.Errorf("panic from initialization: %v, %s", e, debug.Stack()) } } diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go index 1e5c394c3e06..2e4c59353c83 100644 --- a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go @@ -411,8 +411,9 @@ func fixStdioPermissions(u *user.ExecUser) error { return &os.PathError{Op: "fstat", Path: file.Name(), Err: err} } - // Skip chown if uid is already the one we want. - if int(s.Uid) == u.Uid { + // Skip chown if uid is already the one we want or any of the STDIO descriptors + // were redirected to /dev/null. + if int(s.Uid) == u.Uid || s.Rdev == null.Rdev { continue } diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go index ec7638e4d512..c3f88fc7038b 100644 --- a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go @@ -329,26 +329,41 @@ func mountCgroupV2(m *configs.Mount, c *mountConfig) error { if err := os.MkdirAll(dest, 0o755); err != nil { return err } - return utils.WithProcfd(c.root, m.Destination, func(procfd string) error { - if err := mount(m.Source, m.Destination, procfd, "cgroup2", uintptr(m.Flags), m.Data); err != nil { - // when we are in UserNS but CgroupNS is not unshared, we cannot mount cgroup2 (#2158) - if errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY) { - src := fs2.UnifiedMountpoint - if c.cgroupns && c.cgroup2Path != "" { - // Emulate cgroupns by bind-mounting - // the container cgroup path rather than - // the whole /sys/fs/cgroup. - src = c.cgroup2Path - } - err = mount(src, m.Destination, procfd, "", uintptr(m.Flags)|unix.MS_BIND, "") - if c.rootlessCgroups && errors.Is(err, unix.ENOENT) { - err = nil - } - } - return err - } - return nil + err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error { + return mount(m.Source, m.Destination, procfd, "cgroup2", uintptr(m.Flags), m.Data) }) + if err == nil || !(errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY)) { + return err + } + + // When we are in UserNS but CgroupNS is not unshared, we cannot mount + // cgroup2 (#2158), so fall back to bind mount. + bindM := &configs.Mount{ + Device: "bind", + Source: fs2.UnifiedMountpoint, + Destination: m.Destination, + Flags: unix.MS_BIND | m.Flags, + PropagationFlags: m.PropagationFlags, + } + if c.cgroupns && c.cgroup2Path != "" { + // Emulate cgroupns by bind-mounting the container cgroup path + // rather than the whole /sys/fs/cgroup. + bindM.Source = c.cgroup2Path + } + // mountToRootfs() handles remounting for MS_RDONLY. + // No need to set c.fd here, because mountToRootfs() calls utils.WithProcfd() by itself in mountPropagate(). + err = mountToRootfs(bindM, c) + if c.rootlessCgroups && errors.Is(err, unix.ENOENT) { + // ENOENT (for `src = c.cgroup2Path`) happens when rootless runc is being executed + // outside the userns+mountns. + // + // Mask `/sys/fs/cgroup` to ensure it is read-only, even when `/sys` is mounted + // with `rbind,ro` (`runc spec --rootless` produces `rbind,ro` for `/sys`). + err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error { + return maskPath(procfd, c.label) + }) + } + return err } func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) { @@ -398,32 +413,43 @@ func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) { func mountToRootfs(m *configs.Mount, c *mountConfig) error { rootfs := c.root - mountLabel := c.label - mountFd := c.fd - dest, err := securejoin.SecureJoin(rootfs, m.Destination) - if err != nil { - return err - } + // procfs and sysfs are special because we need to ensure they are actually + // mounted on a specific path in a container without any funny business. switch m.Device { case "proc", "sysfs": // If the destination already exists and is not a directory, we bail - // out This is to avoid mounting through a symlink or similar -- which + // out. This is to avoid mounting through a symlink or similar -- which // has been a "fun" attack scenario in the past. // TODO: This won't be necessary once we switch to libpathrs and we can // stop all of these symlink-exchange attacks. + dest := filepath.Clean(m.Destination) + if !strings.HasPrefix(dest, rootfs) { + // Do not use securejoin as it resolves symlinks. + dest = filepath.Join(rootfs, dest) + } if fi, err := os.Lstat(dest); err != nil { if !os.IsNotExist(err) { return err } - } else if fi.Mode()&os.ModeDir == 0 { + } else if !fi.IsDir() { return fmt.Errorf("filesystem %q must be mounted on ordinary directory", m.Device) } if err := os.MkdirAll(dest, 0o755); err != nil { return err } - // Selinux kernels do not support labeling of /proc or /sys + // Selinux kernels do not support labeling of /proc or /sys. return mountPropagate(m, rootfs, "", nil) + } + + mountLabel := c.label + mountFd := c.fd + dest, err := securejoin.SecureJoin(rootfs, m.Destination) + if err != nil { + return err + } + + switch m.Device { case "mqueue": if err := os.MkdirAll(dest, 0o755); err != nil { return err diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go index 081d1503a3f3..c09a7bed30ea 100644 --- a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go @@ -198,11 +198,12 @@ func (l *linuxStandardInit) Init() error { if err != nil { return err } - // exec.LookPath might return no error for an executable residing on a - // file system mounted with noexec flag, so perform this extra check - // now while we can still return a proper error. - if err := system.Eaccess(name); err != nil { - return &os.PathError{Op: "exec", Path: name, Err: err} + // exec.LookPath in Go < 1.20 might return no error for an executable + // residing on a file system mounted with noexec flag, so perform this + // extra check now while we can still return a proper error. + // TODO: remove this once go < 1.20 is not supported. + if err := eaccess(name); err != nil { + return &os.PathError{Op: "eaccess", Path: name, Err: err} } // Set seccomp as close to execve as possible, so as few syscalls take diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/sync.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/sync.go index c9a23ef3a760..25dc28630710 100644 --- a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/sync.go +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/sync.go @@ -15,16 +15,16 @@ type syncType string // during container setup. They come in pairs (with procError being a generic // response which is followed by an &initError). // -// [ child ] <-> [ parent ] +// [ child ] <-> [ parent ] // -// procHooks --> [run hooks] -// <-- procResume +// procHooks --> [run hooks] +// <-- procResume // -// procReady --> [final setup] -// <-- procRun +// procReady --> [final setup] +// <-- procRun // -// procSeccomp --> [pick up seccomp fd with pidfd_getfd()] -// <-- procSeccompDone +// procSeccomp --> [pick up seccomp fd with pidfd_getfd()] +// <-- procSeccompDone const ( procError syncType = "procError" procReady syncType = "procReady" diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go index 039059a444cc..e1d6eb18034c 100644 --- a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go @@ -31,25 +31,6 @@ func (p ParentDeathSignal) Set() error { return SetParentDeathSignal(uintptr(p)) } -// Eaccess is similar to unix.Access except for setuid/setgid binaries -// it checks against the effective (rather than real) uid and gid. -func Eaccess(path string) error { - err := unix.Faccessat2(unix.AT_FDCWD, path, unix.X_OK, unix.AT_EACCESS) - if err != unix.ENOSYS && err != unix.EPERM { //nolint:errorlint // unix errors are bare - return err - } - - // Faccessat2() not available; check if we are a set[ug]id binary. - if os.Getuid() == os.Geteuid() && os.Getgid() == os.Getegid() { - // For a non-set[ug]id binary, use access(2). - return unix.Access(path, unix.X_OK) - } - - // For a setuid/setgid binary, there is no fallback way - // so assume we can execute the binary. - return nil -} - func Execv(cmd string, args []string, env []string) error { name, err := exec.LookPath(cmd) if err != nil { diff --git a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/user/user.go b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/user/user.go index 2473c5eaddce..a1e216683d90 100644 --- a/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/user/user.go +++ b/cluster-autoscaler/vendor/github.com/opencontainers/runc/libcontainer/user/user.go @@ -280,13 +280,13 @@ func GetExecUserPath(userSpec string, defaults *ExecUser, passwdPath, groupPath // found in any entry in passwd and group respectively. // // Examples of valid user specifications are: -// * "" -// * "user" -// * "uid" -// * "user:group" -// * "uid:gid -// * "user:gid" -// * "uid:group" +// - "" +// - "user" +// - "uid" +// - "user:group" +// - "uid:gid +// - "user:gid" +// - "uid:group" // // It should be noted that if you specify a numeric user or group id, they will // not be evaluated as usernames (only the metadata will be filled). So attempting diff --git a/cluster-autoscaler/vendor/golang.org/x/net/html/doc.go b/cluster-autoscaler/vendor/golang.org/x/net/html/doc.go index 822ed42a04c1..7a96eae3310e 100644 --- a/cluster-autoscaler/vendor/golang.org/x/net/html/doc.go +++ b/cluster-autoscaler/vendor/golang.org/x/net/html/doc.go @@ -92,6 +92,21 @@ example, to process each anchor node in depth-first order: The relevant specifications include: https://html.spec.whatwg.org/multipage/syntax.html and https://html.spec.whatwg.org/multipage/syntax.html#tokenization + +# Security Considerations + +Care should be taken when parsing and interpreting HTML, whether full documents +or fragments, within the framework of the HTML specification, especially with +regard to untrusted inputs. + +This package provides both a tokenizer and a parser. Only the parser constructs +a DOM according to the HTML specification, resolving malformed and misplaced +tags where appropriate. The tokenizer simply tokenizes the HTML presented to it, +and as such does not resolve issues that may exist in the processed HTML, +producing a literal interpretation of the input. + +If your use case requires semantically well-formed HTML, as defined by the +WHATWG specifiction, the parser should be used rather than the tokenizer. */ package html // import "golang.org/x/net/html" diff --git a/cluster-autoscaler/vendor/golang.org/x/net/html/escape.go b/cluster-autoscaler/vendor/golang.org/x/net/html/escape.go index d8561396200e..04c6bec21073 100644 --- a/cluster-autoscaler/vendor/golang.org/x/net/html/escape.go +++ b/cluster-autoscaler/vendor/golang.org/x/net/html/escape.go @@ -193,6 +193,87 @@ func lower(b []byte) []byte { return b } +// escapeComment is like func escape but escapes its input bytes less often. +// Per https://github.com/golang/go/issues/58246 some HTML comments are (1) +// meaningful and (2) contain angle brackets that we'd like to avoid escaping +// unless we have to. +// +// "We have to" includes the '&' byte, since that introduces other escapes. +// +// It also includes those bytes (not including EOF) that would otherwise end +// the comment. Per the summary table at the bottom of comment_test.go, this is +// the '>' byte that, per above, we'd like to avoid escaping unless we have to. +// +// Studying the summary table (and T actions in its '>' column) closely, we +// only need to escape in states 43, 44, 49, 51 and 52. State 43 is at the +// start of the comment data. State 52 is after a '!'. The other three states +// are after a '-'. +// +// Our algorithm is thus to escape every '&' and to escape '>' if and only if: +// - The '>' is after a '!' or '-' (in the unescaped data) or +// - The '>' is at the start of the comment data (after the opening ""); err != nil { diff --git a/cluster-autoscaler/vendor/golang.org/x/net/html/token.go b/cluster-autoscaler/vendor/golang.org/x/net/html/token.go index 50f7c6aac8de..5c2a1f4efa55 100644 --- a/cluster-autoscaler/vendor/golang.org/x/net/html/token.go +++ b/cluster-autoscaler/vendor/golang.org/x/net/html/token.go @@ -110,7 +110,7 @@ func (t Token) String() string { case SelfClosingTagToken: return "<" + t.tagString() + "/>" case CommentToken: - return "" + return "" case DoctypeToken: return "" } @@ -598,10 +598,10 @@ scriptDataDoubleEscapeEnd: // readComment reads the next comment token starting with " Ready -----> Stopped +// +// | ^ +// └---------------------------┘ type ready struct { - state status - c *sync.Cond + state status // represent the state of the variable + lock sync.RWMutex // protect the state variable + restartLock sync.Mutex // protect the transition from ready to pending where the channel is recreated + waitCh chan struct{} // blocks until is ready or stopped } func newReady() *ready { return &ready{ - c: sync.NewCond(&sync.RWMutex{}), - state: Pending, + waitCh: make(chan struct{}), + state: Pending, } } +// done close the channel once the state is Ready or Stopped +func (r *ready) done() chan struct{} { + r.restartLock.Lock() + defer r.restartLock.Unlock() + return r.waitCh +} + // wait blocks until it is Ready or Stopped, it returns an error if is Stopped. -func (r *ready) wait() error { - r.c.L.Lock() - defer r.c.L.Unlock() - for r.state == Pending { - r.c.Wait() - } - switch r.state { - case Ready: - return nil - case Stopped: - return fmt.Errorf("apiserver cacher is stopped") - default: - return fmt.Errorf("unexpected apiserver cache state: %v", r.state) +func (r *ready) wait(ctx context.Context) error { + for { + // r.done() only blocks if state is Pending + select { + case <-ctx.Done(): + return ctx.Err() + case <-r.done(): + } + + r.lock.RLock() + switch r.state { + case Pending: + // since we allow to switch between the states Pending and Ready + // if there is a quick transition from Pending -> Ready -> Pending + // a process that was waiting can get unblocked and see a Pending + // state again. If the state is Pending we have to wait again to + // avoid an inconsistent state on the system, with some processes not + // waiting despite the state moved back to Pending. + r.lock.RUnlock() + case Ready: + r.lock.RUnlock() + return nil + case Stopped: + r.lock.RUnlock() + return fmt.Errorf("apiserver cacher is stopped") + default: + r.lock.RUnlock() + return fmt.Errorf("unexpected apiserver cache state: %v", r.state) + } } } // check returns true only if it is Ready. func (r *ready) check() bool { - // TODO: Make check() function more sophisticated, in particular - // allow it to behave as "waitWithTimeout". - rwMutex := r.c.L.(*sync.RWMutex) - rwMutex.RLock() - defer rwMutex.RUnlock() + r.lock.RLock() + defer r.lock.RUnlock() return r.state == Ready } // set the state to Pending (false) or Ready (true), it does not have effect if the state is Stopped. func (r *ready) set(ok bool) { - r.c.L.Lock() - defer r.c.L.Unlock() + r.lock.Lock() + defer r.lock.Unlock() if r.state == Stopped { return } - if ok { + if ok && r.state == Pending { r.state = Ready - } else { + select { + case <-r.waitCh: + default: + close(r.waitCh) + } + } else if !ok && r.state == Ready { + // creating the waitCh can be racy if + // something enter the wait() method + select { + case <-r.waitCh: + r.restartLock.Lock() + r.waitCh = make(chan struct{}) + r.restartLock.Unlock() + default: + } r.state = Pending } - r.c.Broadcast() } // stop the condition variable and set it as Stopped. This state is irreversible. func (r *ready) stop() { - r.c.L.Lock() - defer r.c.L.Unlock() + r.lock.Lock() + defer r.lock.Unlock() if r.state != Stopped { r.state = Stopped - r.c.Broadcast() + } + select { + case <-r.waitCh: + default: + close(r.waitCh) } } diff --git a/cluster-autoscaler/vendor/k8s.io/client-go/discovery/aggregated_discovery.go b/cluster-autoscaler/vendor/k8s.io/client-go/discovery/aggregated_discovery.go index 758b0a3ac8fe..7470259dc86d 100644 --- a/cluster-autoscaler/vendor/k8s.io/client-go/discovery/aggregated_discovery.go +++ b/cluster-autoscaler/vendor/k8s.io/client-go/discovery/aggregated_discovery.go @@ -92,12 +92,18 @@ func convertAPIGroup(g apidiscovery.APIGroupDiscovery) ( resourceList := &metav1.APIResourceList{} resourceList.GroupVersion = gv.String() for _, r := range v.Resources { - resource := convertAPIResource(r) - resourceList.APIResources = append(resourceList.APIResources, resource) + resource, err := convertAPIResource(r) + if err == nil { + resourceList.APIResources = append(resourceList.APIResources, resource) + } // Subresources field in new format get transformed into full APIResources. + // It is possible a partial result with an error was returned to be used + // as the parent resource for the subresource. for _, subresource := range r.Subresources { - sr := convertAPISubresource(resource, subresource) - resourceList.APIResources = append(resourceList.APIResources, sr) + sr, err := convertAPISubresource(resource, subresource) + if err == nil { + resourceList.APIResources = append(resourceList.APIResources, sr) + } } } gvResources[gv] = resourceList @@ -105,30 +111,44 @@ func convertAPIGroup(g apidiscovery.APIGroupDiscovery) ( return group, gvResources, failedGVs } -// convertAPIResource tranforms a APIResourceDiscovery to an APIResource. -func convertAPIResource(in apidiscovery.APIResourceDiscovery) metav1.APIResource { - return metav1.APIResource{ +// convertAPIResource tranforms a APIResourceDiscovery to an APIResource. We are +// resilient to missing GVK, since this resource might be the parent resource +// for a subresource. If the parent is missing a GVK, it is not returned in +// discovery, and the subresource MUST have the GVK. +func convertAPIResource(in apidiscovery.APIResourceDiscovery) (metav1.APIResource, error) { + result := metav1.APIResource{ Name: in.Resource, SingularName: in.SingularResource, Namespaced: in.Scope == apidiscovery.ScopeNamespace, - Group: in.ResponseKind.Group, - Version: in.ResponseKind.Version, - Kind: in.ResponseKind.Kind, Verbs: in.Verbs, ShortNames: in.ShortNames, Categories: in.Categories, } + var err error + if in.ResponseKind != nil { + result.Group = in.ResponseKind.Group + result.Version = in.ResponseKind.Version + result.Kind = in.ResponseKind.Kind + } else { + err = fmt.Errorf("discovery resource %s missing GVK", in.Resource) + } + // Can return partial result with error, which can be the parent for a + // subresource. Do not add this result to the returned discovery resources. + return result, err } // convertAPISubresource tranforms a APISubresourceDiscovery to an APIResource. -func convertAPISubresource(parent metav1.APIResource, in apidiscovery.APISubresourceDiscovery) metav1.APIResource { - return metav1.APIResource{ - Name: fmt.Sprintf("%s/%s", parent.Name, in.Subresource), - SingularName: parent.SingularName, - Namespaced: parent.Namespaced, - Group: in.ResponseKind.Group, - Version: in.ResponseKind.Version, - Kind: in.ResponseKind.Kind, - Verbs: in.Verbs, +func convertAPISubresource(parent metav1.APIResource, in apidiscovery.APISubresourceDiscovery) (metav1.APIResource, error) { + result := metav1.APIResource{} + if in.ResponseKind == nil { + return result, fmt.Errorf("subresource %s/%s missing GVK", parent.Name, in.Subresource) } + result.Name = fmt.Sprintf("%s/%s", parent.Name, in.Subresource) + result.SingularName = parent.SingularName + result.Namespaced = parent.Namespaced + result.Group = in.ResponseKind.Group + result.Version = in.ResponseKind.Version + result.Kind = in.ResponseKind.Kind + result.Verbs = in.Verbs + return result, nil } diff --git a/cluster-autoscaler/vendor/k8s.io/client-go/discovery/discovery_client.go b/cluster-autoscaler/vendor/k8s.io/client-go/discovery/discovery_client.go index 641568008b7b..1253fa1f44a4 100644 --- a/cluster-autoscaler/vendor/k8s.io/client-go/discovery/discovery_client.go +++ b/cluster-autoscaler/vendor/k8s.io/client-go/discovery/discovery_client.go @@ -20,6 +20,7 @@ import ( "context" "encoding/json" "fmt" + "mime" "net/http" "net/url" "sort" @@ -58,8 +59,9 @@ const ( defaultBurst = 300 AcceptV1 = runtime.ContentTypeJSON - // Aggregated discovery content-type (currently v2beta1). NOTE: Currently, we are assuming the order - // for "g", "v", and "as" from the server. We can only compare this string if we can make that assumption. + // Aggregated discovery content-type (v2beta1). NOTE: content-type parameters + // MUST be ordered (g, v, as) for server in "Accept" header (BUT we are resilient + // to ordering when comparing returned values in "Content-Type" header). AcceptV2Beta1 = runtime.ContentTypeJSON + ";" + "g=apidiscovery.k8s.io;v=v2beta1;as=APIGroupDiscoveryList" // Prioritize aggregated discovery by placing first in the order of discovery accept types. acceptDiscoveryFormats = AcceptV2Beta1 + "," + AcceptV1 @@ -259,8 +261,16 @@ func (d *DiscoveryClient) downloadLegacy() ( var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. - switch responseContentType { - case AcceptV1: + switch { + case isV2Beta1ContentType(responseContentType): + var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList + err = json.Unmarshal(body, &aggregatedDiscovery) + if err != nil { + return nil, nil, nil, err + } + apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) + default: + // Default is unaggregated discovery v1. var v metav1.APIVersions err = json.Unmarshal(body, &v) if err != nil { @@ -271,15 +281,6 @@ func (d *DiscoveryClient) downloadLegacy() ( apiGroup = apiVersionsToAPIGroup(&v) } apiGroupList.Groups = []metav1.APIGroup{apiGroup} - case AcceptV2Beta1: - var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList - err = json.Unmarshal(body, &aggregatedDiscovery) - if err != nil { - return nil, nil, nil, err - } - apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) - default: - return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) } return apiGroupList, resourcesByGV, failedGVs, nil @@ -313,13 +314,8 @@ func (d *DiscoveryClient) downloadAPIs() ( failedGVs := map[schema.GroupVersion]error{} var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. - switch responseContentType { - case AcceptV1: - err = json.Unmarshal(body, apiGroupList) - if err != nil { - return nil, nil, nil, err - } - case AcceptV2Beta1: + switch { + case isV2Beta1ContentType(responseContentType): var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList err = json.Unmarshal(body, &aggregatedDiscovery) if err != nil { @@ -327,12 +323,38 @@ func (d *DiscoveryClient) downloadAPIs() ( } apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) default: - return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) + // Default is unaggregated discovery v1. + err = json.Unmarshal(body, apiGroupList) + if err != nil { + return nil, nil, nil, err + } } return apiGroupList, resourcesByGV, failedGVs, nil } +// isV2Beta1ContentType checks of the content-type string is both +// "application/json" and contains the v2beta1 content-type params. +// NOTE: This function is resilient to the ordering of the +// content-type parameters, as well as parameters added by +// intermediaries such as proxies or gateways. Examples: +// +// "application/json; g=apidiscovery.k8s.io;v=v2beta1;as=APIGroupDiscoveryList" = true +// "application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io" = true +// "application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io;charset=utf-8" = true +// "application/json" = false +// "application/json; charset=UTF-8" = false +func isV2Beta1ContentType(contentType string) bool { + base, params, err := mime.ParseMediaType(contentType) + if err != nil { + return false + } + return runtime.ContentTypeJSON == base && + params["g"] == "apidiscovery.k8s.io" && + params["v"] == "v2beta1" && + params["as"] == "APIGroupDiscoveryList" +} + // ServerGroups returns the supported groups, with information like supported versions and the // preferred version. func (d *DiscoveryClient) ServerGroups() (*metav1.APIGroupList, error) { diff --git a/cluster-autoscaler/vendor/k8s.io/client-go/openapi/client.go b/cluster-autoscaler/vendor/k8s.io/client-go/openapi/client.go index 7b58762acfd5..6a43057187e9 100644 --- a/cluster-autoscaler/vendor/k8s.io/client-go/openapi/client.go +++ b/cluster-autoscaler/vendor/k8s.io/client-go/openapi/client.go @@ -19,6 +19,7 @@ package openapi import ( "context" "encoding/json" + "strings" "k8s.io/client-go/rest" "k8s.io/kube-openapi/pkg/handler3" @@ -58,7 +59,11 @@ func (c *client) Paths() (map[string]GroupVersion, error) { // Create GroupVersions for each element of the result result := map[string]GroupVersion{} for k, v := range discoMap.Paths { - result[k] = newGroupVersion(c, v) + // If the server returned a URL rooted at /openapi/v3, preserve any additional client-side prefix. + // If the server returned a URL not rooted at /openapi/v3, treat it as an actual server-relative URL. + // See https://github.com/kubernetes/kubernetes/issues/117463 for details + useClientPrefix := strings.HasPrefix(v.ServerRelativeURL, "/openapi/v3") + result[k] = newGroupVersion(c, v, useClientPrefix) } return result, nil } diff --git a/cluster-autoscaler/vendor/k8s.io/client-go/openapi/groupversion.go b/cluster-autoscaler/vendor/k8s.io/client-go/openapi/groupversion.go index 32133a29b8a4..601dcbe3ccb2 100644 --- a/cluster-autoscaler/vendor/k8s.io/client-go/openapi/groupversion.go +++ b/cluster-autoscaler/vendor/k8s.io/client-go/openapi/groupversion.go @@ -18,6 +18,7 @@ package openapi import ( "context" + "net/url" "k8s.io/kube-openapi/pkg/handler3" ) @@ -29,18 +30,41 @@ type GroupVersion interface { } type groupversion struct { - client *client - item handler3.OpenAPIV3DiscoveryGroupVersion + client *client + item handler3.OpenAPIV3DiscoveryGroupVersion + useClientPrefix bool } -func newGroupVersion(client *client, item handler3.OpenAPIV3DiscoveryGroupVersion) *groupversion { - return &groupversion{client: client, item: item} +func newGroupVersion(client *client, item handler3.OpenAPIV3DiscoveryGroupVersion, useClientPrefix bool) *groupversion { + return &groupversion{client: client, item: item, useClientPrefix: useClientPrefix} } func (g *groupversion) Schema(contentType string) ([]byte, error) { - return g.client.restClient.Get(). - RequestURI(g.item.ServerRelativeURL). - SetHeader("Accept", contentType). - Do(context.TODO()). - Raw() + if !g.useClientPrefix { + return g.client.restClient.Get(). + RequestURI(g.item.ServerRelativeURL). + SetHeader("Accept", contentType). + Do(context.TODO()). + Raw() + } + + locator, err := url.Parse(g.item.ServerRelativeURL) + if err != nil { + return nil, err + } + + path := g.client.restClient.Get(). + AbsPath(locator.Path). + SetHeader("Accept", contentType) + + // Other than root endpoints(openapiv3/apis), resources have hash query parameter to support etags. + // However, absPath does not support handling query parameters internally, + // so that hash query parameter is added manually + for k, value := range locator.Query() { + for _, v := range value { + path.Param(k, v) + } + } + + return path.Do(context.TODO()).Raw() } diff --git a/cluster-autoscaler/vendor/k8s.io/client-go/tools/cache/controller.go b/cluster-autoscaler/vendor/k8s.io/client-go/tools/cache/controller.go index 0762da3befac..96005ff58535 100644 --- a/cluster-autoscaler/vendor/k8s.io/client-go/tools/cache/controller.go +++ b/cluster-autoscaler/vendor/k8s.io/client-go/tools/cache/controller.go @@ -353,17 +353,6 @@ func NewIndexerInformer( return clientState, newInformer(lw, objType, resyncPeriod, h, clientState, nil) } -// TransformFunc allows for transforming an object before it will be processed -// and put into the controller cache and before the corresponding handlers will -// be called on it. -// TransformFunc (similarly to ResourceEventHandler functions) should be able -// to correctly handle the tombstone of type cache.DeletedFinalStateUnknown -// -// The most common usage pattern is to clean-up some parts of the object to -// reduce component memory usage if a given component doesn't care about them. -// given controller doesn't care for them -type TransformFunc func(interface{}) (interface{}, error) - // NewTransformingInformer returns a Store and a controller for populating // the store while also providing event notifications. You should only used // the returned Store for Get/List operations; Add/Modify/Deletes will cause @@ -411,19 +400,11 @@ func processDeltas( // Object which receives event notifications from the given deltas handler ResourceEventHandler, clientState Store, - transformer TransformFunc, deltas Deltas, ) error { // from oldest to newest for _, d := range deltas { obj := d.Object - if transformer != nil { - var err error - obj, err = transformer(obj) - if err != nil { - return err - } - } switch d.Type { case Sync, Replaced, Added, Updated: @@ -475,6 +456,7 @@ func newInformer( fifo := NewDeltaFIFOWithOptions(DeltaFIFOOptions{ KnownObjects: clientState, EmitDeltaTypeReplaced: true, + Transformer: transformer, }) cfg := &Config{ @@ -486,7 +468,7 @@ func newInformer( Process: func(obj interface{}) error { if deltas, ok := obj.(Deltas); ok { - return processDeltas(h, clientState, transformer, deltas) + return processDeltas(h, clientState, deltas) } return errors.New("object given as Process argument is not Deltas") }, diff --git a/cluster-autoscaler/vendor/k8s.io/client-go/tools/cache/delta_fifo.go b/cluster-autoscaler/vendor/k8s.io/client-go/tools/cache/delta_fifo.go index 0c13a41f065b..84f3ab9ca13f 100644 --- a/cluster-autoscaler/vendor/k8s.io/client-go/tools/cache/delta_fifo.go +++ b/cluster-autoscaler/vendor/k8s.io/client-go/tools/cache/delta_fifo.go @@ -51,6 +51,10 @@ type DeltaFIFOOptions struct { // When true, `Replaced` events will be sent for items passed to a Replace() call. // When false, `Sync` events will be sent instead. EmitDeltaTypeReplaced bool + + // If set, will be called for objects before enqueueing them. Please + // see the comment on TransformFunc for details. + Transformer TransformFunc } // DeltaFIFO is like FIFO, but differs in two ways. One is that the @@ -129,8 +133,32 @@ type DeltaFIFO struct { // emitDeltaTypeReplaced is whether to emit the Replaced or Sync // DeltaType when Replace() is called (to preserve backwards compat). emitDeltaTypeReplaced bool + + // Called with every object if non-nil. + transformer TransformFunc } +// TransformFunc allows for transforming an object before it will be processed. +// TransformFunc (similarly to ResourceEventHandler functions) should be able +// to correctly handle the tombstone of type cache.DeletedFinalStateUnknown. +// +// New in v1.27: In such cases, the contained object will already have gone +// through the transform object separately (when it was added / updated prior +// to the delete), so the TransformFunc can likely safely ignore such objects +// (i.e., just return the input object). +// +// The most common usage pattern is to clean-up some parts of the object to +// reduce component memory usage if a given component doesn't care about them. +// +// New in v1.27: unless the object is a DeletedFinalStateUnknown, TransformFunc +// sees the object before any other actor, and it is now safe to mutate the +// object in place instead of making a copy. +// +// Note that TransformFunc is called while inserting objects into the +// notification queue and is therefore extremely performance sensitive; please +// do not do anything that will take a long time. +type TransformFunc func(interface{}) (interface{}, error) + // DeltaType is the type of a change (addition, deletion, etc) type DeltaType string @@ -227,6 +255,7 @@ func NewDeltaFIFOWithOptions(opts DeltaFIFOOptions) *DeltaFIFO { knownObjects: opts.KnownObjects, emitDeltaTypeReplaced: opts.EmitDeltaTypeReplaced, + transformer: opts.Transformer, } f.cond.L = &f.lock return f @@ -411,6 +440,21 @@ func (f *DeltaFIFO) queueActionLocked(actionType DeltaType, obj interface{}) err if err != nil { return KeyError{obj, err} } + + // Every object comes through this code path once, so this is a good + // place to call the transform func. If obj is a + // DeletedFinalStateUnknown tombstone, then the containted inner object + // will already have gone through the transformer, but we document that + // this can happen. In cases involving Replace(), such an object can + // come through multiple times. + if f.transformer != nil { + var err error + obj, err = f.transformer(obj) + if err != nil { + return err + } + } + oldDeltas := f.items[id] newDeltas := append(oldDeltas, Delta{actionType, obj}) newDeltas = dedupDeltas(newDeltas) @@ -566,12 +610,11 @@ func (f *DeltaFIFO) Pop(process PopProcessFunc) (interface{}, error) { // using the Sync or Replace DeltaType and then (2) it does some deletions. // In particular: for every pre-existing key K that is not the key of // an object in `list` there is the effect of -// `Delete(DeletedFinalStateUnknown{K, O})` where O is current object -// of K. If `f.knownObjects == nil` then the pre-existing keys are -// those in `f.items` and the current object of K is the `.Newest()` -// of the Deltas associated with K. Otherwise the pre-existing keys -// are those listed by `f.knownObjects` and the current object of K is -// what `f.knownObjects.GetByKey(K)` returns. +// `Delete(DeletedFinalStateUnknown{K, O})` where O is the latest known +// object of K. The pre-existing keys are those in the union set of the keys in +// `f.items` and `f.knownObjects` (if not nil). The last known object for key K is +// the one present in the last delta in `f.items`. If there is no delta for K +// in `f.items`, it is the object in `f.knownObjects` func (f *DeltaFIFO) Replace(list []interface{}, _ string) error { f.lock.Lock() defer f.lock.Unlock() @@ -595,51 +638,23 @@ func (f *DeltaFIFO) Replace(list []interface{}, _ string) error { } } - if f.knownObjects == nil { - // Do deletion detection against our own list. - queuedDeletions := 0 - for k, oldItem := range f.items { - if keys.Has(k) { - continue - } - // Delete pre-existing items not in the new list. - // This could happen if watch deletion event was missed while - // disconnected from apiserver. - var deletedObj interface{} - if n := oldItem.Newest(); n != nil { - deletedObj = n.Object - } - queuedDeletions++ - if err := f.queueActionLocked(Deleted, DeletedFinalStateUnknown{k, deletedObj}); err != nil { - return err - } - } - - if !f.populated { - f.populated = true - // While there shouldn't be any queued deletions in the initial - // population of the queue, it's better to be on the safe side. - f.initialPopulationCount = keys.Len() + queuedDeletions - } - - return nil - } - - // Detect deletions not already in the queue. - knownKeys := f.knownObjects.ListKeys() + // Do deletion detection against objects in the queue queuedDeletions := 0 - for _, k := range knownKeys { + for k, oldItem := range f.items { if keys.Has(k) { continue } - - deletedObj, exists, err := f.knownObjects.GetByKey(k) - if err != nil { - deletedObj = nil - klog.Errorf("Unexpected error %v during lookup of key %v, placing DeleteFinalStateUnknown marker without object", err, k) - } else if !exists { - deletedObj = nil - klog.Infof("Key %v does not exist in known objects store, placing DeleteFinalStateUnknown marker without object", k) + // Delete pre-existing items not in the new list. + // This could happen if watch deletion event was missed while + // disconnected from apiserver. + var deletedObj interface{} + if n := oldItem.Newest(); n != nil { + deletedObj = n.Object + + // if the previous object is a DeletedFinalStateUnknown, we have to extract the actual Object + if d, ok := deletedObj.(DeletedFinalStateUnknown); ok { + deletedObj = d.Obj + } } queuedDeletions++ if err := f.queueActionLocked(Deleted, DeletedFinalStateUnknown{k, deletedObj}); err != nil { @@ -647,6 +662,32 @@ func (f *DeltaFIFO) Replace(list []interface{}, _ string) error { } } + if f.knownObjects != nil { + // Detect deletions for objects not present in the queue, but present in KnownObjects + knownKeys := f.knownObjects.ListKeys() + for _, k := range knownKeys { + if keys.Has(k) { + continue + } + if len(f.items[k]) > 0 { + continue + } + + deletedObj, exists, err := f.knownObjects.GetByKey(k) + if err != nil { + deletedObj = nil + klog.Errorf("Unexpected error %v during lookup of key %v, placing DeleteFinalStateUnknown marker without object", err, k) + } else if !exists { + deletedObj = nil + klog.Infof("Key %v does not exist in known objects store, placing DeleteFinalStateUnknown marker without object", k) + } + queuedDeletions++ + if err := f.queueActionLocked(Deleted, DeletedFinalStateUnknown{k, deletedObj}); err != nil { + return err + } + } + } + if !f.populated { f.populated = true f.initialPopulationCount = keys.Len() + queuedDeletions diff --git a/cluster-autoscaler/vendor/k8s.io/client-go/tools/cache/shared_informer.go b/cluster-autoscaler/vendor/k8s.io/client-go/tools/cache/shared_informer.go index f5c7316a1d7d..4979642ce103 100644 --- a/cluster-autoscaler/vendor/k8s.io/client-go/tools/cache/shared_informer.go +++ b/cluster-autoscaler/vendor/k8s.io/client-go/tools/cache/shared_informer.go @@ -198,10 +198,7 @@ type SharedInformer interface { // // Must be set before starting the informer. // - // Note: Since the object given to the handler may be already shared with - // other goroutines, it is advisable to copy the object being - // transform before mutating it at all and returning the copy to prevent - // data races. + // Please see the comment on TransformFunc for more details. SetTransform(handler TransformFunc) error // IsStopped reports whether the informer has already been stopped. @@ -422,6 +419,7 @@ func (s *sharedIndexInformer) Run(stopCh <-chan struct{}) { fifo := NewDeltaFIFOWithOptions(DeltaFIFOOptions{ KnownObjects: s.indexer, EmitDeltaTypeReplaced: true, + Transformer: s.transform, }) cfg := &Config{ @@ -585,7 +583,7 @@ func (s *sharedIndexInformer) HandleDeltas(obj interface{}) error { defer s.blockDeltas.Unlock() if deltas, ok := obj.(Deltas); ok { - return processDeltas(s, s.indexer, s.transform, deltas) + return processDeltas(s, s.indexer, deltas) } return errors.New("object given as Process argument is not Deltas") } diff --git a/cluster-autoscaler/vendor/k8s.io/cloud-provider/cloud.go b/cluster-autoscaler/vendor/k8s.io/cloud-provider/cloud.go index 44c62ccc03a1..7e7bf9dfab89 100644 --- a/cluster-autoscaler/vendor/k8s.io/cloud-provider/cloud.go +++ b/cluster-autoscaler/vendor/k8s.io/cloud-provider/cloud.go @@ -218,6 +218,11 @@ type Route struct { Name string // TargetNode is the NodeName of the target instance. TargetNode types.NodeName + // EnableNodeAddresses is a feature gate for TargetNodeAddresses. If false, ignore TargetNodeAddresses. + // Without this, if users haven't updated their cloud-provider, reconcile() will delete and create same route every time. + EnableNodeAddresses bool + // TargetNodeAddresses are the Node IPs of the target Node. + TargetNodeAddresses []v1.NodeAddress // DestinationCIDR is the CIDR format IP range that this routing rule // applies to. DestinationCIDR string diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/apis/core/types.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/apis/core/types.go index be71573e1c30..a9afcbca33a8 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/apis/core/types.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/apis/core/types.go @@ -2037,7 +2037,8 @@ type SecretEnvSource struct { // HTTPHeader describes a custom header to be used in HTTP probes type HTTPHeader struct { - // The header field name + // The header field name. + // This will be canonicalized upon output, so case-variant names will be understood as the same header. Name string // The header field value Value string diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/controller/daemon/daemon_controller.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/controller/daemon/daemon_controller.go index 573654d382d1..1c0719b4644e 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/controller/daemon/daemon_controller.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/controller/daemon/daemon_controller.go @@ -75,6 +75,8 @@ const ( FailedPlacementReason = "FailedPlacement" // FailedDaemonPodReason is added to an event when the status of a Pod of a DaemonSet is 'Failed'. FailedDaemonPodReason = "FailedDaemonPod" + // SucceededDaemonPodReason is added to an event when the status of a Pod of a DaemonSet is 'Succeeded'. + SucceededDaemonPodReason = "SucceededDaemonPod" ) // controllerKind contains the schema.GroupVersionKind for this controller type. @@ -816,6 +818,12 @@ func (dsc *DaemonSetsController) podsShouldBeOnNode( // Emit an event so that it's discoverable to users. dsc.eventRecorder.Eventf(ds, v1.EventTypeWarning, FailedDaemonPodReason, msg) podsToDelete = append(podsToDelete, pod.Name) + } else if pod.Status.Phase == v1.PodSucceeded { + msg := fmt.Sprintf("Found succeeded daemon pod %s/%s on node %s, will try to delete it", pod.Namespace, pod.Name, node.Name) + klog.V(2).Infof(msg) + // Emit an event so that it's discoverable to users. + dsc.eventRecorder.Eventf(ds, v1.EventTypeNormal, SucceededDaemonPodReason, msg) + podsToDelete = append(podsToDelete, pod.Name) } else { daemonPodsRunning = append(daemonPodsRunning, pod) } diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/features/kube_features.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/features/kube_features.go index 8847b83094f6..2ad904d6f9cb 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/features/kube_features.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/features/kube_features.go @@ -955,7 +955,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS CSIMigrationRBD: {Default: false, PreRelease: featuregate.Alpha}, // Off by default (requires RBD CSI driver) - CSIMigrationvSphere: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 + CSIMigrationvSphere: {Default: true, PreRelease: featuregate.GA}, // LockToDefault when CSI driver with GA support for Windows, raw block and xfs features are available CSINodeExpandSecret: {Default: false, PreRelease: featuregate.Alpha}, diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/manager.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/manager.go index 8cb57aa8190f..7499de4460f2 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/manager.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/manager.go @@ -544,15 +544,29 @@ func (m *ManagerImpl) devicesToAllocate(podUID, contName, resource string, requi return nil, fmt.Errorf("pod %q container %q changed request for resource %q from %d to %d", string(podUID), contName, resource, devices.Len(), required) } } + + klog.V(3).InfoS("Need devices to allocate for pod", "deviceNumber", needed, "resourceName", resource, "podUID", string(podUID), "containerName", contName) + healthyDevices, hasRegistered := m.healthyDevices[resource] + + // Check if resource registered with devicemanager + if !hasRegistered { + return nil, fmt.Errorf("cannot allocate unregistered device %s", resource) + } + + // Check if registered resource has healthy devices + if healthyDevices.Len() == 0 { + return nil, fmt.Errorf("no healthy devices present; cannot allocate unhealthy devices %s", resource) + } + + // Check if all the previously allocated devices are healthy + if !healthyDevices.IsSuperset(devices) { + return nil, fmt.Errorf("previously allocated devices are no longer healthy; cannot allocate unhealthy devices %s", resource) + } + if needed == 0 { // No change, no work. return nil, nil } - klog.V(3).InfoS("Need devices to allocate for pod", "deviceNumber", needed, "resourceName", resource, "podUID", string(podUID), "containerName", contName) - // Check if resource registered with devicemanager - if _, ok := m.healthyDevices[resource]; !ok { - return nil, fmt.Errorf("can't allocate unregistered device %s", resource) - } // Declare the list of allocated devices. // This will be populated and returned below. diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_getters.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_getters.go index eed312ceb15e..561d5201a320 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_getters.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_getters.go @@ -176,11 +176,14 @@ func (kl *Kubelet) GetPods() []*v1.Pod { pods := kl.podManager.GetPods() // a kubelet running without apiserver requires an additional // update of the static pod status. See #57106 - for _, p := range pods { + for i, p := range pods { if kubelettypes.IsStaticPod(p) { if status, ok := kl.statusManager.GetPodStatus(p.UID); ok { klog.V(2).InfoS("Pod status updated", "pod", klog.KObj(p), "status", status.Phase) + // do not mutate the cache + p = p.DeepCopy() p.Status = status + pods[i] = p } } } diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/helpers.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/helpers.go index c5db7c9a13f9..c48d6da4de70 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/helpers.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/helpers.go @@ -211,32 +211,36 @@ func toKubeRuntimeStatus(status *runtimeapi.RuntimeStatus) *kubecontainer.Runtim return &kubecontainer.RuntimeStatus{Conditions: conditions} } -func fieldProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) string { +func fieldProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) (string, error) { if scmp == nil { if fallbackToRuntimeDefault { - return v1.SeccompProfileRuntimeDefault + return v1.SeccompProfileRuntimeDefault, nil } - return "" + return "", nil } if scmp.Type == v1.SeccompProfileTypeRuntimeDefault { - return v1.SeccompProfileRuntimeDefault + return v1.SeccompProfileRuntimeDefault, nil } - if scmp.Type == v1.SeccompProfileTypeLocalhost && scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 { - fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile) - return v1.SeccompLocalhostProfileNamePrefix + fname + if scmp.Type == v1.SeccompProfileTypeLocalhost { + if scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 { + fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile) + return v1.SeccompLocalhostProfileNamePrefix + fname, nil + } else { + return "", fmt.Errorf("localhostProfile must be set if seccompProfile type is Localhost.") + } } if scmp.Type == v1.SeccompProfileTypeUnconfined { - return v1.SeccompProfileNameUnconfined + return v1.SeccompProfileNameUnconfined, nil } if fallbackToRuntimeDefault { - return v1.SeccompProfileRuntimeDefault + return v1.SeccompProfileRuntimeDefault, nil } - return "" + return "", nil } func (m *kubeGenericRuntimeManager) getSeccompProfilePath(annotations map[string]string, containerName string, - podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) string { + podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) (string, error) { // container fields are applied first if containerSecContext != nil && containerSecContext.SeccompProfile != nil { return fieldProfile(containerSecContext.SeccompProfile, m.seccompProfileRoot, fallbackToRuntimeDefault) @@ -248,42 +252,46 @@ func (m *kubeGenericRuntimeManager) getSeccompProfilePath(annotations map[string } if fallbackToRuntimeDefault { - return v1.SeccompProfileRuntimeDefault + return v1.SeccompProfileRuntimeDefault, nil } - return "" + return "", nil } -func fieldSeccompProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) *runtimeapi.SecurityProfile { +func fieldSeccompProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) (*runtimeapi.SecurityProfile, error) { if scmp == nil { if fallbackToRuntimeDefault { return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_RuntimeDefault, - } + }, nil } return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_Unconfined, - } + }, nil } if scmp.Type == v1.SeccompProfileTypeRuntimeDefault { return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_RuntimeDefault, - } + }, nil } - if scmp.Type == v1.SeccompProfileTypeLocalhost && scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 { - fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile) - return &runtimeapi.SecurityProfile{ - ProfileType: runtimeapi.SecurityProfile_Localhost, - LocalhostRef: fname, + if scmp.Type == v1.SeccompProfileTypeLocalhost { + if scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 { + fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile) + return &runtimeapi.SecurityProfile{ + ProfileType: runtimeapi.SecurityProfile_Localhost, + LocalhostRef: fname, + }, nil + } else { + return nil, fmt.Errorf("localhostProfile must be set if seccompProfile type is Localhost.") } } return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_Unconfined, - } + }, nil } func (m *kubeGenericRuntimeManager) getSeccompProfile(annotations map[string]string, containerName string, - podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) *runtimeapi.SecurityProfile { + podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) (*runtimeapi.SecurityProfile, error) { // container fields are applied first if containerSecContext != nil && containerSecContext.SeccompProfile != nil { return fieldSeccompProfile(containerSecContext.SeccompProfile, m.seccompProfileRoot, fallbackToRuntimeDefault) @@ -297,10 +305,10 @@ func (m *kubeGenericRuntimeManager) getSeccompProfile(annotations map[string]str if fallbackToRuntimeDefault { return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_RuntimeDefault, - } + }, nil } return &runtimeapi.SecurityProfile{ ProfileType: runtimeapi.SecurityProfile_Unconfined, - } + }, nil } diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/security_context.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/security_context.go index 5e6f05b4e187..d933a7104247 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/security_context.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/security_context.go @@ -37,9 +37,16 @@ func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *v1.Po // TODO: Deprecated, remove after we switch to Seccomp field // set SeccompProfilePath. - synthesized.SeccompProfilePath = m.getSeccompProfilePath(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault) + var err error + synthesized.SeccompProfilePath, err = m.getSeccompProfilePath(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault) + if err != nil { + return nil, err + } - synthesized.Seccomp = m.getSeccompProfile(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault) + synthesized.Seccomp, err = m.getSeccompProfile(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault) + if err != nil { + return nil, err + } // set ApparmorProfile. synthesized.ApparmorProfile = apparmor.GetProfileNameFromPodAnnotations(pod.Annotations, container.Name) diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/probe/http/request.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/probe/http/request.go index 4285c0a4ccbe..fb7f818b2492 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/probe/http/request.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/probe/http/request.go @@ -113,7 +113,7 @@ func formatURL(scheme string, host string, port int, path string) *url.URL { func v1HeaderToHTTPHeader(headerList []v1.HTTPHeader) http.Header { headers := make(http.Header) for _, header := range headerList { - headers[header.Name] = append(headers[header.Name], header.Value) + headers.Add(header.Name, header.Value) } return headers } diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/proxier.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/proxier.go index 6f013cac7439..bac8e61a2302 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/proxier.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/proxy/ipvs/proxier.go @@ -1820,6 +1820,9 @@ func (proxier *Proxier) writeIptablesRules() { proxier.filterRules.Write( "-A", string(kubeIPVSFilterChain), "-m", "set", "--match-set", proxier.ipsetList[kubeExternalIPSet].Name, "dst,dst", "-j", "RETURN") + proxier.filterRules.Write( + "-A", string(kubeIPVSFilterChain), + "-m", "set", "--match-set", proxier.ipsetList[kubeHealthCheckNodePortSet].Name, "dst", "-j", "RETURN") proxier.filterRules.Write( "-A", string(kubeIPVSFilterChain), "-m", "conntrack", "--ctstate", "NEW", diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/scheduler/framework/preemption/preemption.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/scheduler/framework/preemption/preemption.go index 26a5c20541bc..58e4f43b3f6c 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/scheduler/framework/preemption/preemption.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/scheduler/framework/preemption/preemption.go @@ -355,6 +355,7 @@ func (ev *Evaluator) prepareCandidate(ctx context.Context, c Candidate, pod *v1. // Otherwise we should delete the victim. if waitingPod := fh.GetWaitingPod(victim.UID); waitingPod != nil { waitingPod.Reject(pluginName, "preempted") + klog.V(2).InfoS("Preemptor pod rejected a waiting pod", "preemptor", klog.KObj(pod), "waitingPod", klog.KObj(victim), "node", c.Name()) } else { if feature.DefaultFeatureGate.Enabled(features.PodDisruptionConditions) { victimPodApply := corev1apply.Pod(victim.Name, victim.Namespace).WithStatus(corev1apply.PodStatus()) @@ -377,7 +378,9 @@ func (ev *Evaluator) prepareCandidate(ctx context.Context, c Candidate, pod *v1. errCh.SendErrorWithCancel(err, cancel) return } + klog.V(2).InfoS("Preemptor Pod preempted victim Pod", "preemptor", klog.KObj(pod), "victim", klog.KObj(victim), "node", c.Name()) } + fh.EventRecorder().Eventf(victim, pod, v1.EventTypeNormal, "Preempted", "Preempting", "Preempted by a pod on node %v", c.Name()) } diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/awsebs/aws_ebs.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/awsebs/aws_ebs.go index 0801982ffcd8..2e675a70d77c 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/awsebs/aws_ebs.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/awsebs/aws_ebs.go @@ -428,7 +428,7 @@ func (b *awsElasticBlockStoreMounter) SetUpAt(dir string, mounterArgs volume.Mou } if !b.readOnly { - volume.SetVolumeOwnership(b, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) } klog.V(4).Infof("Successfully mounted %s", dir) diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/azuredd/azure_mounter.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/azuredd/azure_mounter.go index 0fe6eec52372..789e75168569 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/azuredd/azure_mounter.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/azuredd/azure_mounter.go @@ -160,7 +160,7 @@ func (m *azureDiskMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs) e } if volumeSource.ReadOnly == nil || !*volumeSource.ReadOnly { - volume.SetVolumeOwnership(m, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(m.plugin, m.spec)) + volume.SetVolumeOwnership(m, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(m.plugin, m.spec)) } klog.V(2).Infof("azureDisk - successfully mounted disk %s on %s", diskName, dir) diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/configmap/configmap.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/configmap/configmap.go index cdfba9480cd7..181dd55fec45 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/configmap/configmap.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/configmap/configmap.go @@ -255,7 +255,7 @@ func (b *configMapVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterA return err } - err = volume.SetVolumeOwnership(b, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) + err = volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) if err != nil { klog.Errorf("Error applying volume ownership settings for group: %v", mounterArgs.FsGroup) return err diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_attacher.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_attacher.go index 8ffb3acf49cf..ef3c98258ac8 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_attacher.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_attacher.go @@ -595,14 +595,13 @@ func (c *csiAttacher) UnmountDevice(deviceMountPath string) error { driverName = data[volDataKey.driverName] volID = data[volDataKey.volHandle] } else { - klog.Error(log("UnmountDevice failed to load volume data file [%s]: %v", dataDir, err)) - - // The volume might have been mounted by old CSI volume plugin. Fall back to the old behavior: read PV from API server - driverName, volID, err = getDriverAndVolNameFromDeviceMountPath(c.k8s, deviceMountPath) - if err != nil { - klog.Errorf(log("attacher.UnmountDevice failed to get driver and volume name from device mount path: %v", err)) - return err + if errors.Is(err, os.ErrNotExist) { + klog.V(4).Info(log("attacher.UnmountDevice skipped because volume data file [%s] does not exist", dataDir)) + return nil } + + klog.Errorf(log("attacher.UnmountDevice failed to get driver and volume name from device mount path: %v", err)) + return err } if c.csiClient == nil { @@ -682,36 +681,6 @@ func makeDeviceMountPath(plugin *csiPlugin, spec *volume.Spec) (string, error) { return filepath.Join(plugin.host.GetPluginDir(plugin.GetPluginName()), driver, volSha, globalMountInGlobalPath), nil } -func getDriverAndVolNameFromDeviceMountPath(k8s kubernetes.Interface, deviceMountPath string) (string, string, error) { - // deviceMountPath structure: /var/lib/kubelet/plugins/kubernetes.io/csi/pv/{pvname}/globalmount - dir := filepath.Dir(deviceMountPath) - if file := filepath.Base(deviceMountPath); file != globalMountInGlobalPath { - return "", "", errors.New(log("getDriverAndVolNameFromDeviceMountPath failed, path did not end in %s", globalMountInGlobalPath)) - } - // dir is now /var/lib/kubelet/plugins/kubernetes.io/csi/pv/{pvname} - pvName := filepath.Base(dir) - - // Get PV and check for errors - pv, err := k8s.CoreV1().PersistentVolumes().Get(context.TODO(), pvName, metav1.GetOptions{}) - if err != nil { - return "", "", err - } - if pv == nil || pv.Spec.CSI == nil { - return "", "", errors.New(log("getDriverAndVolNameFromDeviceMountPath could not find CSI Persistent Volume Source for pv: %s", pvName)) - } - - // Get VolumeHandle and PluginName from pv - csiSource := pv.Spec.CSI - if csiSource.Driver == "" { - return "", "", errors.New(log("getDriverAndVolNameFromDeviceMountPath failed, driver name empty")) - } - if csiSource.VolumeHandle == "" { - return "", "", errors.New(log("getDriverAndVolNameFromDeviceMountPath failed, VolumeHandle empty")) - } - - return csiSource.Driver, csiSource.VolumeHandle, nil -} - func verifyAttachmentStatus(attachment *storage.VolumeAttachment, volumeHandle string) (bool, error) { // when we received a deleted event during attachment, fail fast if attachment == nil { diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_mounter.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_mounter.go index 1974b0367531..468f882b8845 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_mounter.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_mounter.go @@ -333,7 +333,7 @@ func (c *csiMountMgr) SetUpAt(dir string, mounterArgs volume.MounterArgs) error // Driver doesn't support applying FSGroup. Kubelet must apply it instead. // fullPluginName helps to distinguish different driver from csi plugin - err := volume.SetVolumeOwnership(c, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(c.plugin, c.spec)) + err := volume.SetVolumeOwnership(c, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(c.plugin, c.spec)) if err != nil { // At this point mount operation is successful: // 1. Since volume can not be used by the pod because of invalid permissions, we must return error diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_util.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_util.go index ee2bdc193b32..bb4d799ff3c8 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_util.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_util.go @@ -79,7 +79,7 @@ func loadVolumeData(dir string, fileName string) (map[string]string, error) { file, err := os.Open(dataFileName) if err != nil { - return nil, errors.New(log("failed to open volume data file [%s]: %v", dataFileName, err)) + return nil, fmt.Errorf("%s: %w", log("failed to open volume data file [%s]", dataFileName), err) } defer file.Close() data := map[string]string{} diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/downwardapi/downwardapi.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/downwardapi/downwardapi.go index 8338850ac42e..3edd3090df01 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/downwardapi/downwardapi.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/downwardapi/downwardapi.go @@ -226,7 +226,7 @@ func (b *downwardAPIVolumeMounter) SetUpAt(dir string, mounterArgs volume.Mounte return err } - err = volume.SetVolumeOwnership(b, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) + err = volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) if err != nil { klog.Errorf("Error applying volume ownership settings for group: %v", mounterArgs.FsGroup) return err diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/emptydir/empty_dir.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/emptydir/empty_dir.go index 3fcf4472059d..e75bccd4927e 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/emptydir/empty_dir.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/emptydir/empty_dir.go @@ -280,7 +280,7 @@ func (ed *emptyDir) SetUpAt(dir string, mounterArgs volume.MounterArgs) error { err = fmt.Errorf("unknown storage medium %q", ed.medium) } - volume.SetVolumeOwnership(ed, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(ed.plugin, nil)) + volume.SetVolumeOwnership(ed, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(ed.plugin, nil)) // If setting up the quota fails, just log a message but don't actually error out. // We'll use the old du mechanism in this case, at least until we support @@ -302,11 +302,11 @@ func (ed *emptyDir) assignQuota(dir string, mounterSize *resource.Quantity) erro klog.V(3).Infof("Unable to check for quota support on %s: %s", dir, err.Error()) } else if hasQuotas { klog.V(4).Infof("emptydir trying to assign quota %v on %s", mounterSize, dir) - err := fsquota.AssignQuota(ed.mounter, dir, ed.pod.UID, mounterSize) - if err != nil { + if err := fsquota.AssignQuota(ed.mounter, dir, ed.pod.UID, mounterSize); err != nil { klog.V(3).Infof("Set quota on %s failed %s", dir, err.Error()) + return err } - return err + return nil } } return nil diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/fc/disk_manager.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/fc/disk_manager.go index bb054ea16618..02e15c4f85c5 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/fc/disk_manager.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/fc/disk_manager.go @@ -91,7 +91,7 @@ func diskSetUp(manager diskManager, b fcDiskMounter, volPath string, mounter mou } if !b.readOnly { - volume.SetVolumeOwnership(&b, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(&b, volPath, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) } return nil diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/flexvolume/mounter.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/flexvolume/mounter.go index 8098cfdb66ee..3821af7e9235 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/flexvolume/mounter.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/flexvolume/mounter.go @@ -95,7 +95,7 @@ func (f *flexVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs) if !f.readOnly { if f.plugin.capabilities.FSGroup { // fullPluginName helps to distinguish different driver from flex volume plugin - volume.SetVolumeOwnership(f, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(f.plugin, f.spec)) + volume.SetVolumeOwnership(f, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(f.plugin, f.spec)) } } diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/gcepd/gce_pd.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/gcepd/gce_pd.go index 0df9ef10f5a1..372a8f6837f0 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/gcepd/gce_pd.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/gcepd/gce_pd.go @@ -430,7 +430,7 @@ func (b *gcePersistentDiskMounter) SetUpAt(dir string, mounterArgs volume.Mounte klog.V(4).Infof("mount of disk %s succeeded", dir) if !b.readOnly { - if err := volume.SetVolumeOwnership(b, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)); err != nil { + if err := volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)); err != nil { klog.Errorf("SetVolumeOwnership returns error %v", err) } } diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/git_repo/git_repo.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/git_repo/git_repo.go index fe890032e27d..995018d90072 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/git_repo/git_repo.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/git_repo/git_repo.go @@ -235,7 +235,7 @@ func (b *gitRepoVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArg return fmt.Errorf("failed to exec 'git reset --hard': %s: %v", output, err) } - volume.SetVolumeOwnership(b, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) volumeutil.SetReady(b.getMetaDir()) return nil diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/iscsi/disk_manager.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/iscsi/disk_manager.go index 6d60e44efaf0..6aa8652bd6b0 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/iscsi/disk_manager.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/iscsi/disk_manager.go @@ -96,7 +96,7 @@ func diskSetUp(manager diskManager, b iscsiDiskMounter, volPath string, mounter } if !b.readOnly { - volume.SetVolumeOwnership(&b, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(&b, volPath, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) } return nil diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/local/local.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/local/local.go index c55a3502e79f..f1192b9688a9 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/local/local.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/local/local.go @@ -615,7 +615,7 @@ func (m *localVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs) if !m.readOnly { // Volume owner will be written only once on the first volume mount if len(refs) == 0 { - return volume.SetVolumeOwnership(m, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(m.plugin, nil)) + return volume.SetVolumeOwnership(m, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(m.plugin, nil)) } } return nil diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/portworx/portworx.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/portworx/portworx.go index 6cba50327164..7be543a54edc 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/portworx/portworx.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/portworx/portworx.go @@ -335,7 +335,7 @@ func (b *portworxVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterAr return err } if !b.readOnly { - volume.SetVolumeOwnership(b, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) } klog.Infof("Portworx Volume %s setup at %s", b.volumeID, dir) return nil diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/projected/projected.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/projected/projected.go index a48567b2a6a0..27fa3f0fe097 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/projected/projected.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/projected/projected.go @@ -236,7 +236,7 @@ func (s *projectedVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterA return err } - err = volume.SetVolumeOwnership(s, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(s.plugin, nil)) + err = volume.SetVolumeOwnership(s, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(s.plugin, nil)) if err != nil { klog.Errorf("Error applying volume ownership settings for group: %v", mounterArgs.FsGroup) return err diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/rbd/disk_manager.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/rbd/disk_manager.go index edff33540f4d..2131c7ecedd8 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/rbd/disk_manager.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/rbd/disk_manager.go @@ -96,7 +96,7 @@ func diskSetUp(manager diskManager, b rbdMounter, volPath string, mounter mount. klog.V(3).Infof("rbd: successfully bind mount %s to %s with options %v", globalPDPath, volPath, mountOptions) if !b.ReadOnly { - volume.SetVolumeOwnership(&b, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(&b, volPath, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) } return nil diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/secret/secret.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/secret/secret.go index fa06d879303e..e12d5cf86b81 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/secret/secret.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/secret/secret.go @@ -250,7 +250,7 @@ func (b *secretVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs return err } - err = volume.SetVolumeOwnership(b, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) + err = volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) if err != nil { klog.Errorf("Error applying volume ownership settings for group: %v", mounterArgs.FsGroup) return err diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common.go new file mode 100644 index 000000000000..425944207682 --- /dev/null +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common.go @@ -0,0 +1,28 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package common + +// QuotaID is generic quota identifier. +// Data type based on quotactl(2). +type QuotaID int32 + +const ( + // UnknownQuotaID -- cannot determine whether a quota is in force + UnknownQuotaID QuotaID = -1 + // BadQuotaID -- Invalid quota + BadQuotaID QuotaID = 0 +) diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common_linux.go similarity index 92% rename from cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common.go rename to cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common_linux.go index 8275a7f1c837..77f845837b7d 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common_linux.go @@ -23,17 +23,6 @@ import ( "regexp" ) -// QuotaID is generic quota identifier. -// Data type based on quotactl(2). -type QuotaID int32 - -const ( - // UnknownQuotaID -- cannot determine whether a quota is in force - UnknownQuotaID QuotaID = -1 - // BadQuotaID -- Invalid quota - BadQuotaID QuotaID = 0 -) - // QuotaType -- type of quota to be applied type QuotaType int diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common_impl.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common_linux_impl.go similarity index 100% rename from cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common_impl.go rename to cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common_linux_impl.go diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/project.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/project.go index 3861f990590e..8ebc00687405 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/project.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/project.go @@ -164,6 +164,9 @@ func readProjectFiles(projects *os.File, projid *os.File) projectsList { return projectsList{parseProjFile(projects, parseProject), parseProjFile(projid, parseProjid)} } +// findAvailableQuota finds the next available quota from the FirstQuota +// it returns error if QuotaIDIsInUse returns error when getting quota id in use; +// it searches at most maxUnusedQuotasToSearch(128) time func findAvailableQuota(path string, idMap map[common.QuotaID]bool) (common.QuotaID, error) { unusedQuotasSearched := 0 for id := common.FirstQuota; true; id++ { @@ -187,13 +190,13 @@ func addDirToProject(path string, id common.QuotaID, list *projectsList) (common idMap := make(map[common.QuotaID]bool) for _, project := range list.projects { if project.data == path { - if id != project.id { + if id != common.BadQuotaID && id != project.id { return common.BadQuotaID, false, fmt.Errorf("attempt to reassign project ID for %s", path) } // Trying to reassign a directory to the project it's // already in. Maybe this should be an error, but for // now treat it as an idempotent operation - return id, false, nil + return project.id, false, nil } idMap[project.id] = true } @@ -318,6 +321,7 @@ func writeProjectFiles(fProjects *os.File, fProjid *os.File, writeProjid bool, l return fmt.Errorf("unable to write project files: %v", err) } +// if ID is common.BadQuotaID, generate new project id if the dir is not in a project func createProjectID(path string, ID common.QuotaID) (common.QuotaID, error) { quotaIDLock.Lock() defer quotaIDLock.Unlock() diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota.go index fbd29fba7359..eb0048d37148 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota.go @@ -23,10 +23,15 @@ import ( "k8s.io/apimachinery/pkg/types" utilfeature "k8s.io/apiserver/pkg/util/feature" "k8s.io/kubernetes/pkg/features" + "k8s.io/kubernetes/pkg/volume/util/fsquota/common" ) // Interface -- quota interface type Interface interface { + // GetQuotaOnDir gets the quota ID (if any) that applies to + // this directory + GetQuotaOnDir(m mount.Interface, path string) (common.QuotaID, error) + // Does the path provided support quotas, and if so, what types SupportsQuotas(m mount.Interface, path string) (bool, error) // Assign a quota (picked by the quota mechanism) to a path, diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_linux.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_linux.go index 85784204aa1b..240cc356ee88 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_linux.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_linux.go @@ -35,6 +35,9 @@ import ( "k8s.io/kubernetes/pkg/volume/util/fsquota/common" ) +// Pod -> External Pod UID +var podUidMap = make(map[types.UID]types.UID) + // Pod -> ID var podQuotaMap = make(map[types.UID]common.QuotaID) @@ -214,7 +217,7 @@ func setQuotaOnDir(path string, id common.QuotaID, bytes int64) error { return getApplier(path).SetQuotaOnDir(path, id, bytes) } -func getQuotaOnDir(m mount.Interface, path string) (common.QuotaID, error) { +func GetQuotaOnDir(m mount.Interface, path string) (common.QuotaID, error) { _, _, err := getFSInfo(m, path) if err != nil { return common.BadQuotaID, err @@ -235,7 +238,7 @@ func clearQuotaOnDir(m mount.Interface, path string) error { if !supportsQuotas { return nil } - projid, err := getQuotaOnDir(m, path) + projid, err := GetQuotaOnDir(m, path) if err == nil && projid != common.BadQuotaID { // This means that we have a quota on the directory but // we can't clear it. That's not good. @@ -304,7 +307,7 @@ func SupportsQuotas(m mount.Interface, path string) (bool, error) { // AssignQuota chooses the quota ID based on the pod UID and path. // If the pod UID is identical to another one known, it may (but presently // doesn't) choose the same quota ID as other volumes in the pod. -func AssignQuota(m mount.Interface, path string, poduid types.UID, bytes *resource.Quantity) error { //nolint:staticcheck // SA4009 poduid is overwritten by design, see comment below +func AssignQuota(m mount.Interface, path string, poduid types.UID, bytes *resource.Quantity) error { //nolint:staticcheck if bytes == nil { return fmt.Errorf("attempting to assign null quota to %s", path) } @@ -314,20 +317,32 @@ func AssignQuota(m mount.Interface, path string, poduid types.UID, bytes *resour } quotaLock.Lock() defer quotaLock.Unlock() - // Current policy is to set individual quotas on each volumes. + // Current policy is to set individual quotas on each volume, + // for each new volume we generate a random UUID and we use that as + // the internal pod uid. + // From fsquota point of view each volume is attached to a + // single unique pod. // If we decide later that we want to assign one quota for all - // volumes in a pod, we can simply remove this line of code. + // volumes in a pod, we can simply use poduid parameter directly // If and when we decide permanently that we're going to adopt // one quota per volume, we can rip all of the pod code out. - poduid = types.UID(uuid.NewUUID()) //nolint:staticcheck // SA4009 poduid is overwritten by design, see comment above - if pod, ok := dirPodMap[path]; ok && pod != poduid { - return fmt.Errorf("requesting quota on existing directory %s but different pod %s %s", path, pod, poduid) + externalPodUid := poduid + internalPodUid, ok := dirPodMap[path] + if ok { + if podUidMap[internalPodUid] != externalPodUid { + return fmt.Errorf("requesting quota on existing directory %s but different pod %s %s", path, podUidMap[internalPodUid], externalPodUid) + } + } else { + internalPodUid = types.UID(uuid.NewUUID()) } - oid, ok := podQuotaMap[poduid] + oid, ok := podQuotaMap[internalPodUid] if ok { if quotaSizeMap[oid] != ibytes { return fmt.Errorf("requesting quota of different size: old %v new %v", quotaSizeMap[oid], bytes) } + if _, ok := dirPodMap[path]; ok { + return nil + } } else { oid = common.BadQuotaID } @@ -342,12 +357,13 @@ func AssignQuota(m mount.Interface, path string, poduid types.UID, bytes *resour ibytes = -1 } if err = setQuotaOnDir(path, id, ibytes); err == nil { - quotaPodMap[id] = poduid + quotaPodMap[id] = internalPodUid quotaSizeMap[id] = ibytes - podQuotaMap[poduid] = id + podQuotaMap[internalPodUid] = id dirQuotaMap[path] = id - dirPodMap[path] = poduid - podDirCountMap[poduid]++ + dirPodMap[path] = internalPodUid + podUidMap[internalPodUid] = externalPodUid + podDirCountMap[internalPodUid]++ klog.V(4).Infof("Assigning quota ID %d (%d) to %s", id, ibytes, path) return nil } @@ -415,7 +431,7 @@ func ClearQuota(m mount.Interface, path string) error { if !ok { return fmt.Errorf("clearQuota: No quota available for %s", path) } - projid, err := getQuotaOnDir(m, path) + projid, err := GetQuotaOnDir(m, path) if err != nil { // Log-and-continue instead of returning an error for now // due to unspecified backwards compatibility concerns (a subject to revise) @@ -436,6 +452,7 @@ func ClearQuota(m mount.Interface, path string) error { delete(quotaPodMap, podQuotaMap[poduid]) delete(podDirCountMap, poduid) delete(podQuotaMap, poduid) + delete(podUidMap, poduid) } else { err = removeProjectID(path, projid) podDirCountMap[poduid]-- diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_unsupported.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_unsupported.go index 8579f5389300..c5b89a69707a 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_unsupported.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_unsupported.go @@ -22,6 +22,7 @@ package fsquota import ( "errors" + "k8s.io/kubernetes/pkg/volume/util/fsquota/common" "k8s.io/mount-utils" "k8s.io/apimachinery/pkg/api/resource" @@ -33,6 +34,10 @@ import ( var errNotImplemented = errors.New("not implemented") +func GetQuotaOnDir(_ mount.Interface, _ string) (common.QuotaID, error) { + return common.BadQuotaID, errNotImplemented +} + // SupportsQuotas -- dummy implementation func SupportsQuotas(_ mount.Interface, _ string) (bool, error) { return false, errNotImplemented diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go index 57c02815029a..ec7f6da4bfe9 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go @@ -40,22 +40,22 @@ const ( // SetVolumeOwnership modifies the given volume to be owned by // fsGroup, and sets SetGid so that newly created files are owned by // fsGroup. If fsGroup is nil nothing is done. -func SetVolumeOwnership(mounter Mounter, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error { +func SetVolumeOwnership(mounter Mounter, dir string, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error { if fsGroup == nil { return nil } timer := time.AfterFunc(30*time.Second, func() { - klog.Warningf("Setting volume ownership for %s and fsGroup set. If the volume has a lot of files then setting volume ownership could be slow, see https://github.com/kubernetes/kubernetes/issues/69699", mounter.GetPath()) + klog.Warningf("Setting volume ownership for %s and fsGroup set. If the volume has a lot of files then setting volume ownership could be slow, see https://github.com/kubernetes/kubernetes/issues/69699", dir) }) defer timer.Stop() - if skipPermissionChange(mounter, fsGroup, fsGroupChangePolicy) { - klog.V(3).InfoS("Skipping permission and ownership change for volume", "path", mounter.GetPath()) + if skipPermissionChange(mounter, dir, fsGroup, fsGroupChangePolicy) { + klog.V(3).InfoS("Skipping permission and ownership change for volume", "path", dir) return nil } - err := walkDeep(mounter.GetPath(), func(path string, info os.FileInfo, err error) error { + err := walkDeep(dir, func(path string, info os.FileInfo, err error) error { if err != nil { return err } @@ -104,14 +104,12 @@ func changeFilePermission(filename string, fsGroup *int64, readonly bool, info o return nil } -func skipPermissionChange(mounter Mounter, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy) bool { - dir := mounter.GetPath() - +func skipPermissionChange(mounter Mounter, dir string, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy) bool { if fsGroupChangePolicy == nil || *fsGroupChangePolicy != v1.FSGroupChangeOnRootMismatch { klog.V(4).InfoS("Perform recursive ownership change for directory", "path", dir) return false } - return !requiresPermissionChange(mounter.GetPath(), fsGroup, mounter.GetAttributes().ReadOnly) + return !requiresPermissionChange(dir, fsGroup, mounter.GetAttributes().ReadOnly) } func requiresPermissionChange(rootDir string, fsGroup *int64, readonly bool) bool { diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go index 20c56d4b63e2..3b5a200a6160 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go @@ -24,6 +24,6 @@ import ( "k8s.io/kubernetes/pkg/volume/util/types" ) -func SetVolumeOwnership(mounter Mounter, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error { +func SetVolumeOwnership(mounter Mounter, dir string, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error { return nil } diff --git a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/vsphere_volume/vsphere_volume.go b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/vsphere_volume/vsphere_volume.go index 6f7d02974c56..2fe779b9713a 100644 --- a/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/vsphere_volume/vsphere_volume.go +++ b/cluster-autoscaler/vendor/k8s.io/kubernetes/pkg/volume/vsphere_volume/vsphere_volume.go @@ -277,7 +277,7 @@ func (b *vsphereVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArg os.Remove(dir) return err } - volume.SetVolumeOwnership(b, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) + volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) klog.V(3).Infof("vSphere volume %s mounted to %s", b.volPath, dir) return nil diff --git a/cluster-autoscaler/vendor/modules.txt b/cluster-autoscaler/vendor/modules.txt index b289fcd24e0c..7db9c65b69c8 100644 --- a/cluster-autoscaler/vendor/modules.txt +++ b/cluster-autoscaler/vendor/modules.txt @@ -471,8 +471,8 @@ github.com/mxk/go-flowrate/flowrate # github.com/opencontainers/go-digest v1.0.0 ## explicit; go 1.13 github.com/opencontainers/go-digest -# github.com/opencontainers/runc v1.1.4 -## explicit; go 1.16 +# github.com/opencontainers/runc v1.1.6 +## explicit; go 1.17 github.com/opencontainers/runc/libcontainer github.com/opencontainers/runc/libcontainer/apparmor github.com/opencontainers/runc/libcontainer/capabilities @@ -729,7 +729,7 @@ golang.org/x/crypto/nacl/secretbox golang.org/x/crypto/pkcs12 golang.org/x/crypto/pkcs12/internal/rc2 golang.org/x/crypto/salsa20/salsa -# golang.org/x/net v0.7.0 +# golang.org/x/net v0.8.0 ## explicit; go 1.17 golang.org/x/net/bpf golang.org/x/net/context @@ -755,10 +755,10 @@ golang.org/x/oauth2/google/internal/externalaccount golang.org/x/oauth2/internal golang.org/x/oauth2/jws golang.org/x/oauth2/jwt -# golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 +# golang.org/x/sync v0.1.0 ## explicit golang.org/x/sync/singleflight -# golang.org/x/sys v0.5.0 +# golang.org/x/sys v0.6.0 ## explicit; go 1.17 golang.org/x/sys/cpu golang.org/x/sys/internal/unsafeheader @@ -767,10 +767,10 @@ golang.org/x/sys/unix golang.org/x/sys/windows golang.org/x/sys/windows/registry golang.org/x/sys/windows/svc -# golang.org/x/term v0.5.0 +# golang.org/x/term v0.6.0 ## explicit; go 1.17 golang.org/x/term -# golang.org/x/text v0.7.0 +# golang.org/x/text v0.8.0 ## explicit; go 1.17 golang.org/x/text/encoding golang.org/x/text/encoding/internal @@ -939,7 +939,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.3 => k8s.io/api v0.26.3 +# k8s.io/api v0.26.5 => k8s.io/api v0.26.5 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -994,7 +994,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apimachinery v0.26.3 => k8s.io/apimachinery v0.26.3 +# k8s.io/apimachinery v0.26.5 => k8s.io/apimachinery v0.26.5 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1054,7 +1054,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.26.3 => k8s.io/apiserver v0.26.3 +# k8s.io/apiserver v0.26.5 => k8s.io/apiserver v0.26.5 ## explicit; go 1.19 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/cel @@ -1193,7 +1193,7 @@ k8s.io/apiserver/plugin/pkg/audit/truncate k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/client-go v0.26.3 => k8s.io/client-go v0.26.3 +# k8s.io/client-go v0.26.5 => k8s.io/client-go v0.26.5 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -1513,7 +1513,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.26.3 => k8s.io/cloud-provider v0.26.3 +# k8s.io/cloud-provider v0.26.5 => k8s.io/cloud-provider v0.26.5 ## explicit; go 1.19 k8s.io/cloud-provider k8s.io/cloud-provider/api @@ -1523,7 +1523,7 @@ k8s.io/cloud-provider/service/helpers k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers -# k8s.io/component-base v0.26.3 => k8s.io/component-base v0.26.3 +# k8s.io/component-base v0.26.5 => k8s.io/component-base v0.26.5 ## explicit; go 1.19 k8s.io/component-base/cli/flag k8s.io/component-base/codec @@ -1550,7 +1550,7 @@ k8s.io/component-base/tracing k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version k8s.io/component-base/version/verflag -# k8s.io/component-helpers v0.26.3 => k8s.io/component-helpers v0.26.3 +# k8s.io/component-helpers v0.26.5 => k8s.io/component-helpers v0.26.5 ## explicit; go 1.19 k8s.io/component-helpers/apimachinery/lease k8s.io/component-helpers/node/topology @@ -1560,16 +1560,16 @@ k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/ephemeral k8s.io/component-helpers/storage/volume -# k8s.io/cri-api v0.0.0 => k8s.io/cri-api v0.26.3 +# k8s.io/cri-api v0.0.0 => k8s.io/cri-api v0.26.5 ## explicit; go 1.19 k8s.io/cri-api/pkg/apis k8s.io/cri-api/pkg/apis/runtime/v1 k8s.io/cri-api/pkg/errors -# k8s.io/csi-translation-lib v0.26.3 => k8s.io/csi-translation-lib v0.26.3 +# k8s.io/csi-translation-lib v0.26.5 => k8s.io/csi-translation-lib v0.26.5 ## explicit; go 1.19 k8s.io/csi-translation-lib k8s.io/csi-translation-lib/plugins -# k8s.io/dynamic-resource-allocation v0.0.0 => k8s.io/dynamic-resource-allocation v0.26.3 +# k8s.io/dynamic-resource-allocation v0.0.0 => k8s.io/dynamic-resource-allocation v0.26.5 ## explicit; go 1.19 k8s.io/dynamic-resource-allocation/resourceclaim # k8s.io/klog/v2 v2.80.1 @@ -1580,7 +1580,7 @@ k8s.io/klog/v2/internal/clock k8s.io/klog/v2/internal/dbg k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity -# k8s.io/kms v0.26.3 => k8s.io/kms v0.26.3 +# k8s.io/kms v0.26.5 => k8s.io/kms v0.26.5 ## explicit; go 1.19 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2alpha1 @@ -1603,19 +1603,19 @@ k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kube-proxy v0.0.0 => k8s.io/kube-proxy v0.26.3 +# k8s.io/kube-proxy v0.0.0 => k8s.io/kube-proxy v0.26.5 ## explicit; go 1.19 k8s.io/kube-proxy/config/v1alpha1 -# k8s.io/kube-scheduler v0.0.0 => k8s.io/kube-scheduler v0.26.3 +# k8s.io/kube-scheduler v0.0.0 => k8s.io/kube-scheduler v0.26.5 ## explicit; go 1.19 k8s.io/kube-scheduler/config/v1 k8s.io/kube-scheduler/config/v1beta2 k8s.io/kube-scheduler/config/v1beta3 k8s.io/kube-scheduler/extender/v1 -# k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.26.3 +# k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.26.5 ## explicit; go 1.19 k8s.io/kubectl/pkg/scale -# k8s.io/kubelet v0.26.3 => k8s.io/kubelet v0.26.3 +# k8s.io/kubelet v0.26.5 => k8s.io/kubelet v0.26.5 ## explicit; go 1.19 k8s.io/kubelet/config/v1 k8s.io/kubelet/config/v1alpha1 @@ -1632,7 +1632,7 @@ k8s.io/kubelet/pkg/apis/pluginregistration/v1 k8s.io/kubelet/pkg/apis/podresources/v1 k8s.io/kubelet/pkg/apis/podresources/v1alpha1 k8s.io/kubelet/pkg/apis/stats/v1alpha1 -# k8s.io/kubernetes v1.26.3 +# k8s.io/kubernetes v1.26.5 ## explicit; go 1.19 k8s.io/kubernetes/cmd/kube-proxy/app k8s.io/kubernetes/cmd/kubelet/app @@ -1902,7 +1902,7 @@ k8s.io/kubernetes/pkg/volume/vsphere_volume k8s.io/kubernetes/pkg/windows/service k8s.io/kubernetes/test/utils k8s.io/kubernetes/third_party/forked/golang/expansion -# k8s.io/legacy-cloud-providers v0.0.0 => k8s.io/legacy-cloud-providers v0.26.3 +# k8s.io/legacy-cloud-providers v0.0.0 => k8s.io/legacy-cloud-providers v0.26.5 ## explicit; go 1.19 k8s.io/legacy-cloud-providers/aws k8s.io/legacy-cloud-providers/azure @@ -1945,7 +1945,7 @@ k8s.io/legacy-cloud-providers/gce/gcpcredential k8s.io/legacy-cloud-providers/vsphere k8s.io/legacy-cloud-providers/vsphere/vclib k8s.io/legacy-cloud-providers/vsphere/vclib/diskmanagers -# k8s.io/mount-utils v0.26.0-alpha.0 => k8s.io/mount-utils v0.26.3 +# k8s.io/mount-utils v0.26.0-alpha.0 => k8s.io/mount-utils v0.26.5 ## explicit; go 1.19 k8s.io/mount-utils # k8s.io/utils v0.0.0-20221107191617-1a15be271d1d @@ -1968,7 +1968,7 @@ k8s.io/utils/pointer k8s.io/utils/strings k8s.io/utils/strings/slices k8s.io/utils/trace -# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 +# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.37 ## explicit; go 1.17 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics @@ -2043,32 +2043,32 @@ sigs.k8s.io/yaml # github.com/aws/aws-sdk-go/service/eks => github.com/aws/aws-sdk-go/service/eks v1.38.49 # github.com/digitalocean/godo => github.com/digitalocean/godo v1.27.0 # github.com/rancher/go-rancher => github.com/rancher/go-rancher v0.1.0 -# k8s.io/api => k8s.io/api v0.26.3 -# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.3 -# k8s.io/apimachinery => k8s.io/apimachinery v0.26.3 -# k8s.io/apiserver => k8s.io/apiserver v0.26.3 -# k8s.io/cli-runtime => k8s.io/cli-runtime v0.26.3 -# k8s.io/client-go => k8s.io/client-go v0.26.3 -# k8s.io/cloud-provider => k8s.io/cloud-provider v0.26.3 -# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.26.3 -# k8s.io/code-generator => k8s.io/code-generator v0.26.3 -# k8s.io/component-base => k8s.io/component-base v0.26.3 -# k8s.io/component-helpers => k8s.io/component-helpers v0.26.3 -# k8s.io/controller-manager => k8s.io/controller-manager v0.26.3 -# k8s.io/cri-api => k8s.io/cri-api v0.26.3 -# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.26.3 -# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.26.3 -# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.26.3 -# k8s.io/kube-proxy => k8s.io/kube-proxy v0.26.3 -# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.26.3 -# k8s.io/kubectl => k8s.io/kubectl v0.26.3 -# k8s.io/kubelet => k8s.io/kubelet v0.26.3 -# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.26.3 -# k8s.io/metrics => k8s.io/metrics v0.26.3 -# k8s.io/mount-utils => k8s.io/mount-utils v0.26.3 -# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.26.3 -# k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.26.3 -# k8s.io/sample-controller => k8s.io/sample-controller v0.26.3 -# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.26.3 -# k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.26.3 -# k8s.io/kms => k8s.io/kms v0.26.3 +# k8s.io/api => k8s.io/api v0.26.5 +# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.5 +# k8s.io/apimachinery => k8s.io/apimachinery v0.26.5 +# k8s.io/apiserver => k8s.io/apiserver v0.26.5 +# k8s.io/cli-runtime => k8s.io/cli-runtime v0.26.5 +# k8s.io/client-go => k8s.io/client-go v0.26.5 +# k8s.io/cloud-provider => k8s.io/cloud-provider v0.26.5 +# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.26.5 +# k8s.io/code-generator => k8s.io/code-generator v0.26.5 +# k8s.io/component-base => k8s.io/component-base v0.26.5 +# k8s.io/component-helpers => k8s.io/component-helpers v0.26.5 +# k8s.io/controller-manager => k8s.io/controller-manager v0.26.5 +# k8s.io/cri-api => k8s.io/cri-api v0.26.5 +# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.26.5 +# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.26.5 +# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.26.5 +# k8s.io/kube-proxy => k8s.io/kube-proxy v0.26.5 +# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.26.5 +# k8s.io/kubectl => k8s.io/kubectl v0.26.5 +# k8s.io/kubelet => k8s.io/kubelet v0.26.5 +# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.26.5 +# k8s.io/metrics => k8s.io/metrics v0.26.5 +# k8s.io/mount-utils => k8s.io/mount-utils v0.26.5 +# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.26.5 +# k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.26.5 +# k8s.io/sample-controller => k8s.io/sample-controller v0.26.5 +# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.26.5 +# k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.26.5 +# k8s.io/kms => k8s.io/kms v0.26.5 diff --git a/cluster-autoscaler/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go b/cluster-autoscaler/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go index 68a3ebf12c56..d9c151e9837b 100644 --- a/cluster-autoscaler/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go +++ b/cluster-autoscaler/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go @@ -515,11 +515,11 @@ func (t *grpcTunnel) Recv() (*client.Packet, error) { const segment = commonmetrics.SegmentToClient pkt, err := t.stream.Recv() - if err != nil && err != io.EOF { - metrics.Metrics.ObserveStreamErrorNoPacket(segment, err) - } if err != nil { - return pkt, err + if err != io.EOF { + metrics.Metrics.ObserveStreamErrorNoPacket(segment, err) + } + return nil, err } metrics.Metrics.ObservePacket(segment, pkt.Type) return pkt, nil diff --git a/cluster-autoscaler/version/version.go b/cluster-autoscaler/version/version.go index 036762b5aeff..7dc0c67d4755 100644 --- a/cluster-autoscaler/version/version.go +++ b/cluster-autoscaler/version/version.go @@ -17,4 +17,4 @@ limitations under the License. package version // ClusterAutoscalerVersion contains version of CA. -const ClusterAutoscalerVersion = "1.26.2" +const ClusterAutoscalerVersion = "1.26.3"