vendor: bump runc to v1.0.1#103743
Conversation
The commands used were (roughly): hack/pin-dependency.sh github.com/opencontainers/runc v1.0.1 hack/lint-dependencies.sh # Follow its recommendations. hack/pin-dependency.sh github.com/cilium/ebpf v0.6.2 hack/pin-dependency.sh github.com/opencontainers/selinux v1.8.2 hack/pin-dependency.sh github.com/sirupsen/logrus v1.8.1 # Recheck. hack/lint-dependencies.sh GO111MODULE=on go mod edit -dropreplace github.com/willf/bitset hack/update-vendor.sh # Recheck. hack/lint-dependencies.sh hack/update-internal-modules.sh # Recheck. hack/lint-dependencies.sh Signed-off-by: Kir Kolyshkin <[email protected]>
Since runc 1.0.0 it is now sufficient to have SkipDevices: true. Signed-off-by: Kir Kolyshkin <[email protected]>
k8s-ci-robot
added
release-note-none
|
Hi @kolyshkin. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-priority
k8s-ci-robot
added
area/apiserver
area/cloudprovider
area/dependency
ehashman
left a comment
ehashman
left a comment
There was a problem hiding this comment.
/ok-to-test
/triage accepted
/priority critical-urgent
/test pull-kubernetes-node-crio-cgrpv2-e2e
/test pull-kubernetes-node-kubelet-serial-crio-cgroupv1
/test pull-kubernetes-node-kubelet-serial-crio-cgroupv2
/test pull-kubernetes-node-kubelet-serial
k8s-ci-robot
added
triage/accepted
k8s-ci-robot
added
the
approved
|
the CI failures look ok (agree with @endocrimes). We would need an ok from sig-node approver like @liggitt said. thanks, |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dims, kolyshkin, liggitt, mrunalp The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/skip |
k8s-ci-robot
removed
the
do-not-merge/hold
|
@kolyshkin please file a cherry-pick to 1.22 release branch. |
|
/test pull-kubernetes-e2e-gce-ubuntu-containerd |
Created: #103884 For 1.21, see #103746 |
|
flake #103512 /test pull-kubernetes-integration |
|
@kolyshkin: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/test pull-kubernetes-integration |
…03743-upstream-release-1.22 Automated cherry pick of #103743: vendor: bump runc to 1.0.1
|
/lgtm |
|
I see this change is being backported to all supported releases, so just wanted to mention that we noticed some instability in kOps periodic tests. When systemd cgroups were used with older versions of containerd (without runc 1.0.1) some random tests were failing. This was fixed by switching to a containerd version using runc 1.0.1, but would be nice to mention it in the release notes. If you scroll back to 07-30, you should see how tests started failing once this was merged and then went back to green once kOps started using containerd 1.4.9: |
|
Hi, Sorry that I haven't had time to review before now. Have had some time AFK after delivering my thesis.
Yeah. K8s with systemd cgroup driver is still "broken" with this PR, since it does freeze the control groups, possibly causing strange behavior. And yeah, when doing that, runc pre v1.0.1 will permanently freeze containers, causing even more strange behavior. More in depth analysis here: #102676 (comment). But thanks for reporting @hakman. opencontainers/runc#3143 should mitigate this problem, but we still need to get it fixed in runc and then get a release there, before merging it here... And yeah, that can potentially take some time.... :/ |
liggitt
added
the
kind/regression
liggitt
removed
the
kind/regression
14 participants
What type of PR is this?
/kind bug
What this PR does / why we need it:
Update runc/libcontainer to v1.0.1, fixing a few bugs, including the one that got 1.0.0 bump reverted
(see #103483).
For runc release notes, see
Which issue(s) this PR fixes:
Fixes: #102676
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
none