From 5fb5474742cffe7ddb023a249f7203fc9d60955a Mon Sep 17 00:00:00 2001 From: Jim Gauld Date: Mon, 21 Apr 2025 13:09:29 -0400 Subject: [PATCH] Remove obsolete versions of kubernetes 1.24-1.28 and update cni plugins This removes obsolete kubernetes versions 1.24, 1.25, 1.26, 1.27, 1.28. Obsolete golang versions are removed in separate review. This updates golang for cni plugins to golang-1.21, for packages: - bond-cni, - containernetworking-plugins Test Plan: - PASS: downloader - PASS: build pkgs - PASS: build image - PASS: Install ISO on AIO-SX - PASS: cni plugins are present at /var/opt/cni/bin/ - PASS: Verify system contains only K8s 1.29 and newer, e.g., ls -1 -d /usr/local/kubernetes/* Story: 2011413 Task: 52015 Depends-On: https://review.opendev.org/c/starlingx/config/+/947829 Change-Id: I8017b8d5971f5b4613ffab6bf056124216a8b96f Signed-off-by: Jim Gauld --- debian_iso_image.inc | 20 - debian_pkg_dirs | 5 - .../cni/bond-cni/debian/deb_folder/changelog | 7 + .../cni/bond-cni/debian/deb_folder/control | 2 +- .../cni/bond-cni/debian/deb_folder/rules | 2 +- .../cni/plugins/debian/deb_folder/changelog | 6 + .../cni/plugins/debian/deb_folder/control | 2 +- .../cni/plugins/debian/deb_folder/rules | 2 +- .../debian/deb_folder/changelog | 259 - .../debian/deb_folder/control | 93 - .../debian/deb_folder/copyright | 1820 -- .../debian/deb_folder/kubeadm.conf | 17 - .../kubernetes-1.24.4-client.install | 2 - ...kubernetes-1.24.4-client.lintian-overrides | 9 - .../deb_folder/kubernetes-1.24.4-kubeadm.dirs | 1 - .../kubernetes-1.24.4-kubeadm.install | 2 - .../deb_folder/kubernetes-1.24.4-master.dirs | 5 - .../kubernetes-1.24.4-master.install | 8 - ...kubernetes-1.24.4-master.lintian-overrides | 7 - .../deb_folder/kubernetes-1.24.4-misc.docs | 3 - .../deb_folder/kubernetes-1.24.4-misc.install | 1 - .../kubernetes-1.24.4-misc.manpages | 10 - .../deb_folder/kubernetes-1.24.4-node.install | 1 - .../kubernetes-1.24.4-node.lintian-overrides | 4 - .../kubernetes-1.24.4-unit-test.install | 1 - ...ods-based-on-pod-or-namespace-labels.patch | 407 - ...work-test_context-add-control-plane-.patch | 32 - ...pply-the-new-control-plane-taint-dur.patch | 86 - ...pply-the-new-control-plane-taint-on-.patch | 144 - ...elete-the-old-master-label-during-up.patch | 119 - ...nly-apply-the-new-control-plane-labe.patch | 123 - ...th-for-coredns-only-for-default-repo.patch | 113 - ...umanager-policy-static-test-refactor.patch | 85 - ...latform-pods-with-zero-CPU-resources.patch | 169 - ...adm-readiness-probe-timeout-core-dns.patch | 67 - ...ubeadm-reduce-UpgradeManifestTimeout.patch | 33 - ...-throttling-for-non-integer-cpulimit.patch | 30 - ...manager-disable-CFS-quota-throttling.patch | 255 - ...er-infra-pods-use-system-reserved-CP.patch | 155 - ...er-introduce-concept-of-isolated-CPU.patch | 562 - ...er-keep-normal-containers-off-reserv.patch | 303 - ...isolcpus-allocation-when-SMT-enabled.patch | 50 - ...s-make-isolcpus-allocation-SMT-aware.patch | 151 - ...ull-117892-vendor-bump-runc-to-1.1.6.patch | 23798 ---------------- .../debian/deb_folder/patches/series | 19 - .../kubernetes-1.24.4/debian/deb_folder/rules | 116 - .../debian/deb_folder/source/format | 1 - .../kubernetes-1.24.4/debian/meta_data.yaml | 12 - .../debian/deb_folder/changelog | 265 - .../debian/deb_folder/control | 93 - .../debian/deb_folder/copyright | 1820 -- .../debian/deb_folder/kubeadm.conf | 17 - .../kubernetes-1.25.3-client.install | 2 - ...kubernetes-1.25.3-client.lintian-overrides | 9 - .../deb_folder/kubernetes-1.25.3-kubeadm.dirs | 1 - .../kubernetes-1.25.3-kubeadm.install | 2 - .../deb_folder/kubernetes-1.25.3-master.dirs | 5 - .../kubernetes-1.25.3-master.install | 8 - ...kubernetes-1.25.3-master.lintian-overrides | 7 - .../deb_folder/kubernetes-1.25.3-misc.docs | 3 - .../deb_folder/kubernetes-1.25.3-misc.install | 1 - .../kubernetes-1.25.3-misc.manpages | 10 - .../deb_folder/kubernetes-1.25.3-node.install | 1 - .../kubernetes-1.25.3-node.lintian-overrides | 4 - .../kubernetes-1.25.3-unit-test.install | 1 - ...ods-based-on-pod-or-namespace-labels.patch | 427 - ...leanup-the-master-taint-on-CP-nodes-.patch | 96 - ...dm-remove-RemoveOldControlPlaneLabel.patch | 50 - ...latform-pods-with-zero-CPU-resources.patch | 169 - ...adm-readiness-probe-timeout-core-dns.patch | 67 - ...ubeadm-reduce-UpgradeManifestTimeout.patch | 33 - ...-throttling-for-non-integer-cpulimit.patch | 30 - ...manager-disable-CFS-quota-throttling.patch | 255 - ...er-infra-pods-use-system-reserved-CP.patch | 143 - ...er-introduce-concept-of-isolated-CPU.patch | 613 - ...er-keep-normal-containers-off-reserv.patch | 338 - ...isolcpus-allocation-when-SMT-enabled.patch | 50 - ...s-make-isolcpus-allocation-SMT-aware.patch | 151 - ...ull-117682-vendor-bump-runc-to-1.1.6.patch | 11178 -------- .../debian/deb_folder/patches/series | 14 - .../kubernetes-1.25.3/debian/deb_folder/rules | 116 - .../debian/deb_folder/source/format | 1 - .../kubernetes-1.25.3/debian/meta_data.yaml | 12 - .../debian/deb_folder/changelog | 271 - .../debian/deb_folder/control | 93 - .../debian/deb_folder/copyright | 1820 -- .../debian/deb_folder/kubeadm.conf | 17 - .../kubernetes-1.26.1-client.install | 2 - ...kubernetes-1.26.1-client.lintian-overrides | 9 - .../deb_folder/kubernetes-1.26.1-kubeadm.dirs | 1 - .../kubernetes-1.26.1-kubeadm.install | 2 - .../deb_folder/kubernetes-1.26.1-master.dirs | 5 - .../kubernetes-1.26.1-master.install | 8 - ...kubernetes-1.26.1-master.lintian-overrides | 7 - .../deb_folder/kubernetes-1.26.1-misc.docs | 3 - .../deb_folder/kubernetes-1.26.1-misc.install | 1 - .../kubernetes-1.26.1-misc.manpages | 10 - .../deb_folder/kubernetes-1.26.1-node.install | 1 - .../kubernetes-1.26.1-node.lintian-overrides | 4 - .../kubernetes-1.26.1-unit-test.install | 1 - ...-guaranteed-pod-to-non-isolated-CPUs.patch | 34 - ...ods-based-on-pod-or-namespace-labels.patch | 430 - ...latform-pods-with-zero-CPU-resources.patch | 169 - ...adm-readiness-probe-timeout-core-dns.patch | 67 - ...ubeadm-reduce-UpgradeManifestTimeout.patch | 33 - ...-throttling-for-non-integer-cpulimit.patch | 30 - ...manager-disable-CFS-quota-throttling.patch | 255 - ...er-infra-pods-use-system-reserved-CP.patch | 171 - ...er-introduce-concept-of-isolated-CPU.patch | 744 - ...er-keep-normal-containers-off-reserv.patch | 356 - ...isolcpus-allocation-when-SMT-enabled.patch | 50 - ...s-make-isolcpus-allocation-SMT-aware.patch | 151 - .../debian/deb_folder/patches/series | 12 - .../kubernetes-1.26.1/debian/deb_folder/rules | 116 - .../debian/deb_folder/source/format | 1 - .../kubernetes-1.26.1/debian/meta_data.yaml | 11 - .../debian/deb_folder/changelog | 220 - .../debian/deb_folder/control | 93 - .../debian/deb_folder/copyright | 1820 -- .../debian/deb_folder/kubeadm.conf | 17 - .../kubernetes-1.27.5-client.install | 2 - ...kubernetes-1.27.5-client.lintian-overrides | 9 - .../deb_folder/kubernetes-1.27.5-kubeadm.dirs | 1 - .../kubernetes-1.27.5-kubeadm.install | 2 - .../deb_folder/kubernetes-1.27.5-master.dirs | 5 - .../kubernetes-1.27.5-master.install | 8 - ...kubernetes-1.27.5-master.lintian-overrides | 7 - .../deb_folder/kubernetes-1.27.5-misc.docs | 3 - .../deb_folder/kubernetes-1.27.5-misc.install | 1 - .../kubernetes-1.27.5-misc.manpages | 10 - .../deb_folder/kubernetes-1.27.5-node.install | 1 - .../kubernetes-1.27.5-node.lintian-overrides | 4 - .../kubernetes-1.27.5-unit-test.install | 1 - ...-guaranteed-pod-to-non-isolated-CPUs.patch | 34 - ...ods-based-on-pod-or-namespace-labels.patch | 432 - ...latform-pods-with-zero-CPU-resources.patch | 169 - ...adm-readiness-probe-timeout-core-dns.patch | 67 - ...ubeadm-reduce-UpgradeManifestTimeout.patch | 33 - ...-throttling-for-non-integer-cpulimit.patch | 30 - ...manager-disable-CFS-quota-throttling.patch | 256 - ...er-infra-pods-use-system-reserved-CP.patch | 167 - ...er-introduce-concept-of-isolated-CPU.patch | 743 - ...er-keep-normal-containers-off-reserv.patch | 357 - ...isolcpus-allocation-when-SMT-enabled.patch | 50 - ...s-make-isolcpus-allocation-SMT-aware.patch | 152 - .../debian/deb_folder/patches/series | 12 - .../kubernetes-1.27.5/debian/deb_folder/rules | 118 - .../debian/deb_folder/source/format | 1 - .../kubernetes-1.27.5/debian/meta_data.yaml | 10 - .../debian/deb_folder/changelog | 226 - .../debian/deb_folder/control | 93 - .../debian/deb_folder/copyright | 1820 -- .../debian/deb_folder/kubeadm.conf | 17 - .../kubernetes-1.28.4-client.install | 2 - ...kubernetes-1.28.4-client.lintian-overrides | 9 - .../deb_folder/kubernetes-1.28.4-kubeadm.dirs | 1 - .../kubernetes-1.28.4-kubeadm.install | 2 - .../deb_folder/kubernetes-1.28.4-master.dirs | 5 - .../kubernetes-1.28.4-master.install | 8 - ...kubernetes-1.28.4-master.lintian-overrides | 7 - .../deb_folder/kubernetes-1.28.4-misc.docs | 3 - .../deb_folder/kubernetes-1.28.4-misc.install | 1 - .../kubernetes-1.28.4-misc.manpages | 10 - .../deb_folder/kubernetes-1.28.4-node.install | 1 - .../kubernetes-1.28.4-node.lintian-overrides | 4 - .../kubernetes-1.28.4-unit-test.install | 1 - ...-guaranteed-pod-to-non-isolated-CPUs.patch | 34 - ...ods-based-on-pod-or-namespace-labels.patch | 432 - ...latform-pods-with-zero-CPU-resources.patch | 170 - ...adm-readiness-probe-timeout-core-dns.patch | 67 - ...ubeadm-reduce-UpgradeManifestTimeout.patch | 33 - ...-throttling-for-non-integer-cpulimit.patch | 30 - ...manager-disable-CFS-quota-throttling.patch | 256 - ...er-infra-pods-use-system-reserved-CP.patch | 167 - ...er-introduce-concept-of-isolated-CPU.patch | 755 - ...er-keep-normal-containers-off-reserv.patch | 357 - ...isolcpus-allocation-when-SMT-enabled.patch | 50 - ...s-make-isolcpus-allocation-SMT-aware.patch | 148 - .../debian/deb_folder/patches/series | 12 - .../kubernetes-1.28.4/debian/deb_folder/rules | 118 - .../debian/deb_folder/source/format | 1 - .../kubernetes-1.28.4/debian/meta_data.yaml | 10 - 182 files changed, 17 insertions(+), 59664 deletions(-) delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/changelog delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/control delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/copyright delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/kubeadm.conf delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-client.install delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-client.lintian-overrides delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-kubeadm.dirs delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-kubeadm.install delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-master.dirs delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-master.install delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-master.lintian-overrides delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-misc.docs delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-misc.install delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-misc.manpages delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-node.install delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-node.lintian-overrides delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-unit-test.install delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-e2e-framework-test_context-add-control-plane-.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-kubeadm-apply-the-new-control-plane-taint-dur.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-kubeadm-apply-the-new-control-plane-taint-on-.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-kubeadm-delete-the-old-master-label-during-up.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-kubeadm-only-apply-the-new-control-plane-labe.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-use-subpath-for-coredns-only-for-default-repo.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/cpumanager-policy-static-test-refactor.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubernetes-pull-117892-vendor-bump-runc-to-1.1.6.patch delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/series delete mode 100755 kubernetes/kubernetes-1.24.4/debian/deb_folder/rules delete mode 100644 kubernetes/kubernetes-1.24.4/debian/deb_folder/source/format delete mode 100644 kubernetes/kubernetes-1.24.4/debian/meta_data.yaml delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/changelog delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/control delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/copyright delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/kubeadm.conf delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/kubernetes-1.25.3-client.install delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/kubernetes-1.25.3-client.lintian-overrides delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/kubernetes-1.25.3-kubeadm.dirs delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/kubernetes-1.25.3-kubeadm.install delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/kubernetes-1.25.3-master.dirs delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/kubernetes-1.25.3-master.install delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/kubernetes-1.25.3-master.lintian-overrides delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/kubernetes-1.25.3-misc.docs delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/kubernetes-1.25.3-misc.install delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/kubernetes-1.25.3-misc.manpages delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/kubernetes-1.25.3-node.install delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/kubernetes-1.25.3-node.lintian-overrides delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/kubernetes-1.25.3-unit-test.install delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/Revert-kubeadm-cleanup-the-master-taint-on-CP-nodes-.patch delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/Revert-kubeadm-remove-RemoveOldControlPlaneLabel.patch delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/kubernetes-pull-117682-vendor-bump-runc-to-1.1.6.patch delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/series delete mode 100755 kubernetes/kubernetes-1.25.3/debian/deb_folder/rules delete mode 100644 kubernetes/kubernetes-1.25.3/debian/deb_folder/source/format delete mode 100644 kubernetes/kubernetes-1.25.3/debian/meta_data.yaml delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/changelog delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/control delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/copyright delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/kubeadm.conf delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-client.install delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-client.lintian-overrides delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-kubeadm.dirs delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-kubeadm.install delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-master.dirs delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-master.install delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-master.lintian-overrides delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-misc.docs delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-misc.install delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-misc.manpages delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-node.install delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-node.lintian-overrides delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-unit-test.install delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/series delete mode 100755 kubernetes/kubernetes-1.26.1/debian/deb_folder/rules delete mode 100644 kubernetes/kubernetes-1.26.1/debian/deb_folder/source/format delete mode 100644 kubernetes/kubernetes-1.26.1/debian/meta_data.yaml delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/changelog delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/control delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/copyright delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/kubeadm.conf delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-client.install delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-client.lintian-overrides delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-kubeadm.dirs delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-kubeadm.install delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-master.dirs delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-master.install delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-master.lintian-overrides delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-misc.docs delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-misc.install delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-misc.manpages delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-node.install delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-node.lintian-overrides delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-unit-test.install delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/series delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/rules delete mode 100644 kubernetes/kubernetes-1.27.5/debian/deb_folder/source/format delete mode 100644 kubernetes/kubernetes-1.27.5/debian/meta_data.yaml delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/changelog delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/control delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/copyright delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/kubeadm.conf delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-client.install delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-client.lintian-overrides delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-kubeadm.dirs delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-kubeadm.install delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-master.dirs delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-master.install delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-master.lintian-overrides delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-misc.docs delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-misc.install delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-misc.manpages delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-node.install delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-node.lintian-overrides delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-unit-test.install delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/series delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/rules delete mode 100644 kubernetes/kubernetes-1.28.4/debian/deb_folder/source/format delete mode 100644 kubernetes/kubernetes-1.28.4/debian/meta_data.yaml diff --git a/debian_iso_image.inc b/debian_iso_image.inc index 96a2f3a7a..24b6296d1 100644 --- a/debian_iso_image.inc +++ b/debian_iso_image.inc @@ -195,26 +195,6 @@ lvm2 python3-keyrings.alt #kubernetes-x (-master, -misc, -unit-test used only for build) -#kubernetes-1.24.4 -kubernetes-1.24.4-client -kubernetes-1.24.4-kubeadm -kubernetes-1.24.4-node -#kubernetes-1.25.3 -kubernetes-1.25.3-client -kubernetes-1.25.3-kubeadm -kubernetes-1.25.3-node -#kubernetes-1.26.1 -kubernetes-1.26.1-client -kubernetes-1.26.1-kubeadm -kubernetes-1.26.1-node -#kubernetes-1.27.5 -kubernetes-1.27.5-client -kubernetes-1.27.5-kubeadm -kubernetes-1.27.5-node -#kubernetes-1.28.4 -kubernetes-1.28.4-client -kubernetes-1.28.4-kubeadm -kubernetes-1.28.4-node #kubernetes-1.29.2 kubernetes-1.29.2-client kubernetes-1.29.2-kubeadm diff --git a/debian_pkg_dirs b/debian_pkg_dirs index 206378c6d..53766d128 100644 --- a/debian_pkg_dirs +++ b/debian_pkg_dirs @@ -72,11 +72,6 @@ kubernetes/flux2-charts kubernetes/helm kubernetes/k8s-cni-cache-cleanup kubernetes/k8s-pod-recovery -kubernetes/kubernetes-1.24.4 -kubernetes/kubernetes-1.25.3 -kubernetes/kubernetes-1.26.1 -kubernetes/kubernetes-1.27.5 -kubernetes/kubernetes-1.28.4 kubernetes/kubernetes-1.29.2 kubernetes/kubernetes-1.30.6 kubernetes/kubernetes-1.31.5 diff --git a/kubernetes/cni/bond-cni/debian/deb_folder/changelog b/kubernetes/cni/bond-cni/debian/deb_folder/changelog index 772098537..bcc0388b8 100644 --- a/kubernetes/cni/bond-cni/debian/deb_folder/changelog +++ b/kubernetes/cni/bond-cni/debian/deb_folder/changelog @@ -1,3 +1,10 @@ +bond-cni (1.0-91b412e3eb8c5dfc315d8c73fb386d005e44d5f3) unstable; urgency=medium + + * Updated golang to 1.21 + + -- Jim Gauld Mon, 21 Apr 2025 10:26:40 +0000 + + bond-cni (1.0-91b412e3eb8c5dfc315d8c73fb386d005e44d5f3) unstable; urgency=medium * Updated using latest commit diff --git a/kubernetes/cni/bond-cni/debian/deb_folder/control b/kubernetes/cni/bond-cni/debian/deb_folder/control index da2b735fc..9100a73c7 100644 --- a/kubernetes/cni/bond-cni/debian/deb_folder/control +++ b/kubernetes/cni/bond-cni/debian/deb_folder/control @@ -6,7 +6,7 @@ Standards-Version: 4.6.0 Homepage: https://www.starlingx.io Build-Depends: debhelper-compat (= 13), dh-golang, - golang-1.18, + golang-1.21, golang-github-appc-cni-dev, golang-github-containernetworking-plugins-dev, golang-github-vishvananda-netlink-dev, diff --git a/kubernetes/cni/bond-cni/debian/deb_folder/rules b/kubernetes/cni/bond-cni/debian/deb_folder/rules index a4779c576..44584b8d9 100644 --- a/kubernetes/cni/bond-cni/debian/deb_folder/rules +++ b/kubernetes/cni/bond-cni/debian/deb_folder/rules @@ -1,6 +1,6 @@ #!/usr/bin/make -f -export PATH := /usr/lib/go-1.18/bin:$(PATH) +export PATH := /usr/lib/go-1.21/bin:$(PATH) export DH_VERBOSE = 1 export DH_GOLANG_GO_GENERATE := 1 export INSTALL_DIR := $(CURDIR)/debian/bond-cni/ diff --git a/kubernetes/cni/plugins/debian/deb_folder/changelog b/kubernetes/cni/plugins/debian/deb_folder/changelog index 9c7ebbab7..e58672d62 100644 --- a/kubernetes/cni/plugins/debian/deb_folder/changelog +++ b/kubernetes/cni/plugins/debian/deb_folder/changelog @@ -1,3 +1,9 @@ +golang-github-containernetworking-plugins (1.5.0) unstable; urgency=medium + + * Updated golang to 1.21 + + -- Jim Gauld Mon, 21 Apr 2025 10:26:40 +0000 + golang-github-containernetworking-plugins (1.5.0) unstable; urgency=medium * Updated for stx debian packaging diff --git a/kubernetes/cni/plugins/debian/deb_folder/control b/kubernetes/cni/plugins/debian/deb_folder/control index a1daec9fd..cff8b91cf 100644 --- a/kubernetes/cni/plugins/debian/deb_folder/control +++ b/kubernetes/cni/plugins/debian/deb_folder/control @@ -5,7 +5,7 @@ Standards-Version: 4.6.1 Maintainer: StarlingX Developers Build-Depends: debhelper-compat (= 13), dh-golang, - golang-1.18, + golang-1.21, golang-dbus-dev (>= 5.0.2~), golang-github-alexflint-go-filemutex-dev, golang-github-appc-cni-dev (>= 1.0.1~), diff --git a/kubernetes/cni/plugins/debian/deb_folder/rules b/kubernetes/cni/plugins/debian/deb_folder/rules index 322fcff4a..45cd019a8 100644 --- a/kubernetes/cni/plugins/debian/deb_folder/rules +++ b/kubernetes/cni/plugins/debian/deb_folder/rules @@ -1,6 +1,6 @@ #!/usr/bin/make -f -export PATH := /usr/lib/go-1.18/bin:$(PATH) +export PATH := /usr/lib/go-1.21/bin:$(PATH) export DH_VERBOSE := 1 export DH_GOLANG_GO_GENERATE := 1 export INSTALL_DIR := $(CURDIR)/debian/plugins diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/changelog b/kubernetes/kubernetes-1.24.4/debian/deb_folder/changelog deleted file mode 100644 index b10e6ae9f..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/changelog +++ /dev/null @@ -1,259 +0,0 @@ -kubernetes-1.24.4 (1.24.4-1) unstable; urgency=medium - - * Updated for stx debian packaging - - -- James Gauld james.gauld@windriver.com Wed, 14 Sep 2022 11:30:00 +0000 - -kubernetes-1.23.1 (1.23.1-1) unstable; urgency=medium - - * Updated for stx debian packaging - - -- Kaustubh Dhokte Tue, 22 Feb 2022 20:57:45 +0000 - -kubernetes (1.21.8-1) unstable; urgency=medium - - * Updated for stx debian packaging - - -- Mihnea Saracin mihnea.saracin@opendev.org Fri, 29 Oct 2021 12:51:12 +0000 - -kubernetes (1.20.5+really1.20.2-1.1) unstable; urgency=medium - - * Non-maintainer upload. - * Build using golang-go (Closes: #1000980) - - -- Florian Ernst Sat, 02 Apr 2022 16:49:13 +0200 - -kubernetes (1.20.5+really1.20.2-1) unstable; urgency=medium - - * This is actually still 1.20.2 - * Only contains the client, for the server binaries see unstable/fasttrack - - -- Janos Lenart Sun, 13 Jun 2021 07:08:18 +0000 - -kubernetes (1.20.2-1) unstable; urgency=medium - - * New upstream release: 1.20.2 - - -- Janos Lenart Thu, 14 Jan 2021 10:55:09 +0000 - -kubernetes (1.20.0-1) unstable; urgency=medium - - * New upstream release: 1.20.0 - * Fixes CVE-2020-8565 - - -- Janos Lenart Wed, 09 Dec 2020 12:33:59 +0000 - -kubernetes (1.19.4-2) unstable; urgency=medium - - * Updated README.Debian - - -- Janos Lenart Sat, 21 Nov 2020 14:06:21 +0000 - -kubernetes (1.19.4-1) unstable; urgency=medium - - * New upstream release: 1.19.4 - - -- Janos Lenart Tue, 17 Nov 2020 09:30:59 +0000 - -kubernetes (1.19.3-1) unstable; urgency=medium - - * New upstream release: 1.19.3 - * Building with golang-1.15 - * Fixes CVE-2020-8564, CVE-2020-8566 - - -- Janos Lenart Wed, 21 Oct 2020 10:38:41 +0100 - -kubernetes (1.18.6-1) unstable; urgency=medium - - * New upstream release: 1.18.6 - * (An earlier version, 1.17.4-1 fixes CVE-2019-9946) - - -- Janos Lenart Thu, 16 Jul 2020 10:08:46 +0100 - -kubernetes (1.18.5-1) unstable; urgency=medium - - * New upstream release: 1.18.5 - * Fixes CVE-2020-8557, CVE-2020-8558, CVE-2020-8559 - - -- Janos Lenart Wed, 15 Jul 2020 17:19:40 +0100 - -kubernetes (1.18.3-1) unstable; urgency=medium - - * New upstream release: 1.18.3 - * Improved build reproducibility - - -- Janos Lenart Tue, 02 Jun 2020 11:18:12 +0000 - -kubernetes (1.18.2-3) unstable; urgency=medium - - * Bumped Standards-Version - * Improved build reproducibility - - -- Janos Lenart Fri, 15 May 2020 13:17:53 +0000 - -kubernetes (1.18.2-2) unstable; urgency=medium - - * Added i386 back - - -- Janos Lenart Sun, 03 May 2020 21:13:17 +0000 - -kubernetes (1.18.2-1) unstable; urgency=medium - - * New upstream release: 1.18.2 - - -- Janos Lenart Sun, 03 May 2020 19:25:37 +0000 - -kubernetes (1.18.0-1) unstable; urgency=medium - - * New upstream release: 1.18.0 - - -- Janos Lenart Sat, 28 Mar 2020 12:58:42 +0000 - -kubernetes (1.17.4-1) unstable; urgency=high - - * New maintainer (Closes: #886739) - * New upstream release: 1.17.4 (Closes: #887741) - * New Debian packaging from scratch. See README.Debian - * kubernetes-node - - Moved docker from Depends into Recommends as kubelet can also work with - rkt, cri-o, etc. (Closes: #872690) - - Not shipping systemd units for kubelet and kube-proxy for now - * kubernetes-master - - Moved etcd from Depends into Recommends as apiserver can also connect to - a remote etcd/cluster. - - Not shipping systemd units for kube-apiserver, kube-schedules and - kube-controller-manager for now - - -- Janos Lenart Sun, 15 Mar 2020 21:46:45 +0000 - -kubernetes (1.7.16+dfsg-1) unstable; urgency=medium - - [ Michael Stapelberg ] - * Switch to XS-Go-Import-Path - - [ Dmitry Smirnov ] - * Resurrected "mergo.patch" that has been mistakenly removed - (Closes: #878254). - * Re-enabled safeguard test for the above problem. - * New upstream release: - + CVE-2017-1002101 (Closes: #892801) - + CVE-2017-1002102 (Closes: #894051) - * Updated Vcs URLs for Salsa. - * Standards-Version: 4.1.4 - * Build-Depends: - - golang-go - + golang-any - + golang-github-appc-cni-dev - + golang-github-armon-circbuf-dev - + golang-github-azure-azure-sdk-for-go-dev - + golang-github-dgrijalva-jwt-go-v3-dev - + golang-github-docker-distribution-dev - + golang-github-docker-docker-dev - + golang-github-emicklei-go-restful-swagger12-dev - + golang-github-gogo-protobuf-dev - + golang-github-gorilla-websocket-dev - + golang-github-grpc-ecosystem-go-grpc-prometheus-dev - + golang-github-karlseguin-ccache-dev - - golang-github-opencontainers-runc-dev - + golang-github-opencontainers-docker-runc-dev - + golang-github-pmezard-go-difflib-dev - + golang-golang-x-time-dev - + golang-golang-x-tools-dev - + golang-google-grpc-dev - + golang-gopkg-warnings.v0-dev - + golang-goprotobuf-dev - - -- Dmitry Smirnov Sun, 06 May 2018 16:20:21 +1000 - -kubernetes (1.7.7+dfsg-3) unstable; urgency=medium - - * kubernetes-master should depend on etcd (Closes: #855218). - - -- Andrew Shadura Sun, 22 Oct 2017 19:40:46 +0100 - -kubernetes (1.7.7+dfsg-2) unstable; urgency=medium - - * Use CURDIR, not PWD, unbreaks the build at buildds. - - -- Andrew Shadura Fri, 06 Oct 2017 19:25:45 +0200 - -kubernetes (1.7.7+dfsg-1) unstable; urgency=medium - - [ Tim Potter ] - * Open work for new release - * Remove unused Files-Excluded entries from d/copyright - * Remove Skydns B-D as no longer used - * Don't build on ppc64 or ppc64le architectures - - [ Andrew Shadura ] - * New upstream release. - * Refresh patches. - * Update build dependencies. - * Symlink vendor packages to the build directory. - - -- Andrew Shadura Fri, 06 Oct 2017 18:54:06 +0200 - -kubernetes (1.5.5+dfsg-2) unstable; urgency=medium - - * Team upload. - * Don't build on ppc64le due to Go linker problems. See GitHub issue - https://github.com/golang/go/issues/15823. - * Don't build on ppc64 as it's not supported by upstream at the - moment. (Closes: #860505) - - -- Tim Potter Sat, 03 Jun 2017 08:00:51 +1000 - -kubernetes (1.5.5+dfsg-1) unstable; urgency=low - - [ Dmitry Smirnov ] - * Switch to bundled "rkt". - * rules: remove "-p" option from build and test overrides. - * control: drop obsolete "golang-clockwork-dev" alternative. - * New patch to disable test failing on [armel]. - * Upload to unstable. - - [ Tim Potter ] - * New upstream version. [March 2017] - * Big updates to d/rules and d/copyright to update to upstream - changes made since the 1.2.x release. - * Refresh patches to bring up to date with upstream changes since - 1.2.x. - * control: add lsb-base as dependency for sysvinit scripts. - * Suppress spelling-error-in-binary Lintian messages. - - -- Tim Potter Thu, 13 Apr 2017 16:45:57 +1000 - -kubernetes (1.2.5+dfsg-1) experimental; urgency=medium - - * New upstream release [June 2016]. - * Switch to private "github.com/golang/glog" due to log noise. - * Disabled failing tests; no longer ignore failures in tests. - * Build/test using 2 cores only. - * New patch to update appc/cni name space (fixes FTBFS). - * Removed obsolete "spf13-cobra.patch". - - -- Dmitry Smirnov Sun, 03 Jul 2016 04:12:28 +1000 - -kubernetes (1.2.4+dfsg-2) experimental; urgency=medium - - * Added new patch to fix incompatibility with "imdario/mergo" v0.2.2 - (Closes: #825753). - Thanks, Florian Ernst. - * Enable tests but ignore failures for now. - - -- Dmitry Smirnov Fri, 17 Jun 2016 01:41:38 +1000 - -kubernetes (1.2.4+dfsg-1) experimental; urgency=medium - - * New upstream release [May 2016]. - * New patch to print output of "uname -m" on unsupported architectures. - * New "docker.patch" to fix potential FTBFS. - + Build-Depends += "golang-github-docker-distribution-dev". - - -- Dmitry Smirnov Wed, 15 Jun 2016 21:03:01 +1000 - -kubernetes (1.2.3+dfsg-1) experimental; urgency=low - - * Initial release (Closes: #795652). - - -- Dmitry Smirnov Mon, 25 Apr 2016 22:40:12 +1000 diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/control b/kubernetes/kubernetes-1.24.4/debian/deb_folder/control deleted file mode 100644 index bf9726715..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/control +++ /dev/null @@ -1,93 +0,0 @@ -Source: kubernetes-1.24.4 -Section: admin -Priority: optional -Maintainer: StarlingX Developers -Build-Depends: debhelper-compat (= 13), - build-essential, - bash-completion, - jq, - rsync, - go-bindata, - go-md2man, - golang-1.18 -Standards-Version: 4.4.1 -Homepage: http://kubernetes.io/ -XS-Build-Size: 15GB - -Package: kubernetes-1.24.4-client -Provides: kubernetes-utils -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends} -Recommends: ${misc:Recommends} -Built-Using: ${misc:Built-Using} -Description: Kubernetes Command Line Tool - The Kubernetes command line tool for interacting with the Kubernetes API. - -Package: kubernetes-1.24.4-master -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends}, - adduser, - lsb-base, - etcd -Recommends: ${misc:Recommends}, kubernetes-1.24.4-client -Built-Using: ${misc:Built-Using} -Description: Kubernetes services for master host - Container Cluster Manager from Google. Kubernetes is an open source system - for managing containerized applications across multiple hosts, providing - basic mechanisms for deployment, maintenance, and scaling of applications. - . - Linux kernel version 3.8 or above is required for proper operation of the - daemon process, and that any lower versions may have subtle and/or glaring - issues. - . - This package provides "kube-apiserver", "kube-controller-manager" and - "kube-scheduler" daemons. - -Package: kubernetes-1.24.4-node -Provides: cadvisor -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends}, - adduser, - conntrack, - conntrackd, - docker.io, - lsb-base, - socat, -Recommends: ${misc:Recommends}, kubernetes-1.24.4-client -Built-Using: ${misc:Built-Using} -Description: Kubernetes services for node host - Container Cluster Manager from Google. Kubernetes is an open source system - for managing containerized applications across multiple hosts, providing - basic mechanisms for deployment, maintenance, and scaling of applications. - . - Linux kernel version 3.8 or above is required for proper operation of the - daemon process, and that any lower versions may have subtle and/or glaring - issues. - -Package: kubernetes-1.24.4-kubeadm -Architecture: amd64 -Depends: ${misc:Depends}, containernetworking-plugins -Recommends: ${misc:Recommends}, kubernetes-1.24.4-client -Built-Using: ${misc:Built-Using} -Description: Kubernetes Cluster Bootstrapping Tool - The Kubernetes command line tool for bootstrapping a Kubernetes cluster. - -Package: kubernetes-1.24.4-misc -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends} -Recommends: ${misc:Recommends} -Built-Using: ${misc:Built-Using} -Description: dummy package - Kubernetes dummy package for misc stuff we don't want to install in production. - -Package: kubernetes-1.24.4-unit-test -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends}, - hostname, - rsync, - etcd (>= 2.0.9), - network-manager, -Recommends: ${misc:Recommends} -Built-Using: ${misc:Built-Using} -Description: Kubernetes unit test - Kubernetes unit-test framework. diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/copyright b/kubernetes/kubernetes-1.24.4/debian/deb_folder/copyright deleted file mode 100644 index 7b86b3324..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/copyright +++ /dev/null @@ -1,1820 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: Kubernetes -Source: https://github.com/kubernetes/kubernetes - -Files: - debian/kubeadm.conf - debian/kubelet-cgroup-setup.sh -Copyright: 2022 Wind River Systems, Inc. -License: Apache-2.0 - -Files: * -Copyright: 2014-2020 The Kubernetes Authors -License: Apache-2.0 - -Files: debian/* -Copyright: 2020 Janos Lenart -License: Apache-2.0 - -License: Apache-2.0 - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - . - http://www.apache.org/licenses/LICENSE-2.0 - . - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - . - On Debian systems the full text of the Apache-2.0 license can be found in - /usr/share/common-licenses/Apache-2.0 . - -Files: vendor/bitbucket.org/bertimus9/systemstat/* -Copyright: 2013 Phillip Bond -License: Expat - -Files: vendor/cloud.google.com/go/* -Copyright: 2014 Google LLC -License: Apache-2.0 - -Files: vendor/github.com/armon/circbuf/* -Copyright: 2013 Armon Dadgar -License: Expat - -Files: vendor/github.com/asaskevich/govalidator/* -Copyright: 2014 Alex Saskevich -License: Expat - -Files: vendor/github.com/aws/aws-sdk-go/* -Copyright: 2015 Amazon.com, Inc. or its affiliates. - 2014-2015 Stripe, Inc. -License: Apache-2.0 - -Files: vendor/github.com/Azure/azure-sdk-for-go/* -Copyright: 2014-2017 Microsoft and contributors -License: Apache-2.0 - -Files: vendor/github.com/Azure/go-ansiterm/* -Copyright: 2015 Microsoft Corporation -License: Expat - -Files: vendor/github.com/Azure/go-autorest/* -Copyright: 2015, 2017, 2018 Microsoft Corporation -License: Apache-2.0 - -Files: vendor/github.com/bazelbuild/* -Copyright: 2014, 2016-2019 The Bazel Authors. - 2016-2017 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/beorn7/perks/* -Copyright: 2013 Blake Mizerany -License: Expat - -Files: vendor/github.com/blang/semver/* -Copyright: 2014 Benedikt Lang -License: Expat - -Files: vendor/github.com/BurntSushi/toml/* -Copyright: 2013 TOML authors - 2010 The Go Authors -License: Expat and BSD-3-clause - -Files: vendor/github.com/caddyserver/caddy/* -Copyright: 2015 Light Code Labs, LLC -License: Apache-2.0 - -Files: vendor/github.com/cespare/prettybench/* -Copyright: 2014 Caleb Spare -License: Expat - -Files: vendor/github.com/chai2010/gettext-go/* -Copyright: 2013 ChaiShushan -License: BSD-3-clause - -Files: vendor/github.com/checkpoint-restore/go-criu/* -Copyright: The go-criu contributors -License: Apache-2.0 - -Files: vendor/github.com/client9/misspell/* -Copyright: 2015-2017 Nick Galbreath - 2009, 2011 The Go Authors -License: Expat and BSD-3-clause - -Files: vendor/github.com/clusterhq/flocker-go/* -Copyright: 2014-2016 ClusterHQ -License: Apache-2.0 - -Files: vendor/github.com/containerd/* -Copyright: 2012-2016 Docker, Inc. -License: Apache-2.0 and CC-BY-4.0 - -Files: vendor/github.com/containernetworking/cni/* -Copyright: 2015,2016 CNI authors -License: Apache-2.0 - -Files: vendor/github.com/container-storage-interface/spec/* -Copyright: 2017-2020 container-storage-interface/spec contributors -License: Apache-2.0 - -Files: vendor/github.com/coredns/corefile-migration/* -Copyright: 2019-2020 coredns/corefile-migration contributors -License: Apache-2.0 - -Files: vendor/github.com/coreos/go-oidc/* -Copyright: 2014 CoreOS, Inc - 2004, 2006 The Linux Foundation and its contributors -License: Apache-2.0 - -Files: vendor/github.com/coreos/go-semver/* -Copyright: 2013-2015, 2018 CoreOS, Inc -License: Apache-2.0 - -Files: vendor/github.com/coreos/go-systemd/* -Copyright: 2014 Docker, Inc. - 2015-2018 CoreOS, Inc -License: Apache-2.0 - -Files: vendor/github.com/coreos/pkg/* -Copyright: 2014-2016 CoreOS, Inc -License: Apache-2.0 - -Files: vendor/github.com/cpuguy83/go-md2man/* -Copyright: 2014 Brian Goff -License: Expat - -Files: vendor/github.com/cyphar/filepath-securejoin/* -Copyright: 2014-2015 Docker Inc & Go Authors - 2017 SUSE LLC. -License: BSD-3-clause - -Files: vendor/github.com/davecgh/go-spew/* -Copyright: 2012-2016 Dave Collins -License: ISC - -Files: vendor/github.com/daviddengcn/go-colortext/* -Copyright: 2016, David Deng -License: Expat or BSD-3-clause - -Files: vendor/github.com/dgrijalva/jwt-go/* -Copyright: 2012 Dave Grijalva -License: Expat - -Files: vendor/github.com/docker/distribution/* -Copyright: 2014-2020 docker/distribution contributors - 2013 Damien Le Berrigaud and Nick Wade -License: Apache-2.0 and Expat and CC-BY-4.0 - -Files: vendor/github.com/docker/docker/* -Copyright: 2012-2018 Docker, Inc. - 2019 Keith Rarick -License: Apache-2.0 and Expat - -Files: vendor/github.com/docker/go-connections/* -Copyright: 2015 Docker, Inc. -License: Apache-2.0 - -Files: vendor/github.com/docker/go-units/* -Copyright: 2015 Docker, Inc. - 2004, 2006 The Linux Foundation and its contributors. -License: Apache-2.0 - -Files: vendor/github.com/docker/libnetwork/* -Copyright: 2015-2020 docker/libnetwork contributors -License: Apache-2.0 - -Files: vendor/github.com/docker/spdystream/* -Copyright: 2014-2015 Docker, Inc. - 2011, 2013 The Go Authors -License: Apache-2.0 and BSD-3-clause and CC-BY-SA-4.0 - -Files: vendor/github.com/dustin/go-humanize/* -Copyright: 2005-2008 Dustin Sallings -License: Expat - -Files: vendor/github.com/elazarl/goproxy/* -Copyright: 2012 Elazar Leibovich -License: BSD-3-clause - -Files: vendor/github.com/emicklei/go-restful/* -Copyright: 2012-2015, 2018 Ernest Micklei -License: Expat - -Files: vendor/github.com/euank/go-kmsg-parser/* -Copyright: 2016 Euan Kemp -License: Apache-2.0 - -Files: vendor/github.com/evanphx/json-patch/* -Copyright: 2014, Evan Phoenix -License: BSD-3-clause - -Files: vendor/github.com/exponent-io/jsonpath/* -Copyright: 2015 Exponent Labs LLC -License: Expat - -Files: vendor/github.com/fatih/camelcase/* -Copyright: 2015 Fatih Arslan -License: Expat - -Files: vendor/github.com/fatih/color/* -Copyright: 2013 Fatih Arslan -License: Expat - -Files: vendor/github.com/fsnotify/fsnotify/* -Copyright: 2010-2013, 2015 The Go Authors - 2012 fsnotify Authors -License: BSD-3-clause - -Files: vendor/github.com/ghodss/yaml/* -Copyright: 2014 Sam Ghods - 2012, 2013 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/go-bindata/go-bindata/* -Copyright: The go-bindata contributors -License: CC0-1.0 - -Files: vendor/github.com/godbus/dbus/* -Copyright: 2013, Georg Reinke (), Google -License: BSD-2-clause - -Files: vendor/github.com/gogo/protobuf/* -Copyright: 2013, The GoGo Authors - 2010-2012, 2015-2018 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/golang/groupcache/* -Copyright: 2013 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/golang/mock/* -Copyright: 2010, 2011 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/golang/protobuf/* -Copyright: 2008, 2010-2012, 2015-2018 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/googleapis/gnostic/* -Copyright: 2017 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/google/btree/* -Copyright: 2014 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/google/cadvisor/* -Copyright: 2014-2019 Google Inc. - 2014 The cAdvisor Authors -License: Apache-2.0 - -Files: vendor/github.com/GoogleCloudPlatform/k8s-cloud-provider/* -Copyright: 2018, 2019 Google LLC -License: Apache-2.0 - -Files: vendor/github.com/google/go-cmp/* -Copyright: 2017-2019 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/google/gofuzz/* -Copyright: 2014 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/google/uuid/* -Copyright: 2009, 2014, 2016-2018 Google Inc. -License: BSD-3-clause - -Files: vendor/github.com/go-openapi/analysis/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/errors/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/jsonpointer/* -Copyright: 2013 sigu-399 ( https://github.com/sigu-399 ) -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/jsonreference/* -Copyright: 2013 sigu-399 ( https://github.com/sigu-399 ) -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/loads/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/runtime/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/spec/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/strfmt/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/swag/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/validate/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-ozzo/ozzo-validation/* -Copyright: 2016, 2018 Qiang Xue, Google LLC -License: Expat - -Files: vendor/github.com/gophercloud/gophercloud/* -Copyright: 2012-2013 Rackspace, Inc. -License: Apache-2.0 - -Files: vendor/github.com/gorilla/websocket/* -Copyright: 2013, 2016, 2017 The Gorilla WebSocket Authors -License: BSD-2-clause - -Files: vendor/github.com/go-stack/stack/* -Copyright: 2014 Chris Hines -License: Expat - -Files: vendor/github.com/gregjones/httpcache/* -Copyright: 2012 Greg Jones (greg.jones@gmail.com) -License: Expat - -Files: vendor/github.com/grpc-ecosystem/go-grpc-middleware/* -Copyright: 2016 Michal Witkowski -License: Apache-2.0 - -Files: vendor/github.com/grpc-ecosystem/go-grpc-prometheus/* -Copyright: 2016 Michal Witkowski -License: Apache-2.0 - -Files: vendor/github.com/grpc-ecosystem/grpc-gateway/* -Copyright: 2015, Gengo, Inc. -License: BSD-3-clause - -Files: vendor/github.com/hashicorp/golang-lru/* -Copyright: 2014-2020 hashicorp/golang-lru contributors -License: MPL-2.0 - -Files: vendor/github.com/hashicorp/hcl/* -Copyright: 2014-2020 hashicorp/hcl contributors -License: MPL-2.0 - -Files: vendor/github.com/heketi/heketi/* -Copyright: 2015, 2016, 2018 The heketi Authors - 1989, 1991, 2007 Free Software Foundation, Inc. -License: (Apache-2.0 or LGPL-3.0) and (LGPL-3.0 or GPL-2.0) - -Files: vendor/github.com/hpcloud/tail/* -Copyright: 2015 Hewlett Packard Enterprise Development LP - 2015 HPE Software Inc. - 2013, 2014 ActiveState Software Inc. - 2013 99designs -License: Expat - -Files: vendor/github.com/imdario/mergo/* -Copyright: 2009, 2013, 2014 Dario Castañé - 2009, 2012 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/inconshreveable/mousetrap/* -Copyright: 2014 Alan Shreve -License: Apache-2.0 - -Files: vendor/github.com/JeffAshton/win_pdh/* -Copyright: 2010, 2013 The win_pdh Authors -License: BSD-3-clause - -Files: vendor/github.com/jmespath/go-jmespath/* -Copyright: 2015 James Saryerwinnie -License: Apache-2.0 - -Files: vendor/github.com/jonboulle/clockwork/* -Copyright: 2014-2020 jonboulle/clockwork contributors -License: Apache-2.0 - -Files: vendor/github.com/json-iterator/go/* -Copyright: 2016 json-iterator -License: Expat - -Files: vendor/github.com/karrick/godirwalk/* -Copyright: 2017, Karrick McDermott -License: BSD-2-clause - -Files: vendor/github.com/konsorten/go-windows-terminal-sequences/* -Copyright: 2016, 2017 marvin + konsorten GmbH (open-source@konsorten.de) -License: Expat - -Files: vendor/github.com/libopenstorage/openstorage/* -Copyright: 2015 Openstorage.org -License: Apache-2.0 - -Files: vendor/github.com/liggitt/tabwriter/* -Copyright: 2009 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/lithammer/dedent/* -Copyright: 2018 Peter Lithammer -License: Expat - -Files: vendor/github.com/magiconair/properties/* -Copyright: 2011 The Go Authors - 2013-2018 Frank Schroeder -License: BSD-2-clause - -Files: vendor/github.com/mailru/easyjson/* -Copyright: 2016 Mail.Ru Group -License: Expat - -Files: vendor/github.com/MakeNowJust/heredoc/* -Copyright: 2014-2017 TSUYUSATO Kitsune -License: Expat - -Files: vendor/github.com/mattn/go-colorable/* -Copyright: 2016 Yasuhiro Matsumoto -License: Expat - -Files: vendor/github.com/mattn/go-isatty/* -Copyright: Yasuhiro MATSUMOTO -License: Expat - -Files: vendor/github.com/mattn/go-shellwords/* -Copyright: 2017 Yasuhiro Matsumoto -License: Expat - -Files: vendor/github.com/matttproud/golang_protobuf_extensions/* -Copyright: 2012 Matt T. Proud (matt.proud@gmail.com) -License: Apache-2.0 - -Files: vendor/github.com/Microsoft/go-winio/* -Copyright: 2015 Microsoft -License: Expat - -Files: vendor/github.com/Microsoft/hcsshim/* -Copyright: 2015, 2018 Microsoft Corp. -License: Expat - -Files: vendor/github.com/miekg/dns/* -Copyright: 2011 Miek Gieben - 2009, 2013 The Go Authors - 2014 CloudFlare -License: BSD-3-clause - -Files: vendor/github.com/mindprince/gonvml/* -Copyright: 2017 Google Inc. - 1993-2016 NVIDIA Corporation -License: Apache-2.0 - -Files: vendor/github.com/mistifyio/go-zfs/* -Copyright: 2014 OmniTI Computer Consulting, Inc. -License: Apache-2.0 - -Files: vendor/github.com/mitchellh/go-wordwrap/* -Copyright: 2014 Mitchell Hashimoto -License: Expat - -Files: vendor/github.com/mitchellh/mapstructure/* -Copyright: 2013 Mitchell Hashimoto -License: Expat - -Files: vendor/github.com/modern-go/concurrent/* -Copyright: 2018-2020 modern-go/concurrent contributors -License: Apache-2.0 - -Files: vendor/github.com/modern-go/reflect2/* -Copyright: 2018-2020 modern-go/reflec2 contributors -License: Apache-2.0 - -Files: vendor/github.com/mohae/deepcopy/* -Copyright: 2014-2016 Joel Scoble (github.com/mohae) -License: Expat - -Files: vendor/github.com/morikuni/aec/* -Copyright: 2016 Taihei Morikuni -License: Expat - -Files: vendor/github.com/mrunalp/fileutils/* -Copyright: 2014 Docker Inc. -License: Apache-2.0 - -Files: vendor/github.com/munnerz/goautoneg/* -Copyright: 2011, Open Knowledge Foundation Ltd -License: BSD-3-clause - -Files: vendor/github.com/mvdan/xurls/* -Copyright: 2015, Daniel Martí -License: BSD-3-clause - -Files: vendor/github.com/mxk/go-flowrate/* -Copyright: 2014 The Go-FlowRate Authors -License: BSD-3-clause - -Files: vendor/github.com/NYTimes/gziphandler/* -Copyright: 2015 The New York Times Company -License: Apache-2.0 - -Files: vendor/github.com/onsi/ginkgo/* -Copyright: 2013-2014 Onsi Fakhouri - 2016 Yasuhiro Matsumoto -License: Expat - -Files: vendor/github.com/onsi/gomega/* -Copyright: 2013-2014 Onsi Fakhouri -License: Expat - -Files: vendor/github.com/opencontainers/go-digest/* -Copyright: 2017 Docker, Inc. - 2004, 2006 The Linux Foundation and its contributors -License: Apache-2.0 and CC-BY-SA-4.0 - -Files: vendor/github.com/opencontainers/image-spec/* -Copyright: 2016 The Linux Foundation -License: Apache-2.0 - -Files: vendor/github.com/opencontainers/runc/* -Copyright: 2012-2015 Docker, Inc. - 2016, 2017 SUSE LLC -License: Apache-2.0 - -Files: vendor/github.com/opencontainers/runtime-spec/* -Copyright: 2015 The Linux Foundation -License: Apache-2.0 - -Files: vendor/github.com/opencontainers/selinux/* -Copyright: 2017-2020 opencontainers/selinux contributors -License: Apache-2.0 - -Files: vendor/github.com/pelletier/go-toml/* -Copyright: 2013-2017 Thomas Pelletier, Eric Anderton -License: Expat - -Files: vendor/github.com/peterbourgon/diskv/* -Copyright: 2011-2012 Peter Bourgon -License: Expat - -Files: vendor/github.com/pkg/errors/* -Copyright: 2015, Dave Cheney -License: BSD-2-clause - -Files: vendor/github.com/pmezard/go-difflib/* -Copyright: 2013, Patrick Mezard -License: BSD-3-clause - -Files: vendor/github.com/pquerna/cachecontrol/* -Copyright: 2015 Paul Querna - 2009 The Go Authors -License: Apache-2.0 and BSD-3-clause - -Files: vendor/github.com/prometheus/client_golang/* -Copyright: 2012-2019 The Prometheus Authors - 2010 The Go Authors - 2013-2015 Blake Mizerany, Björn Rabenstein - 2013 Matt T. Proud -License: Apache-2.0 - -Files: vendor/github.com/prometheus/client_model/* -Copyright: 2012-2015 The Prometheus Authors -License: Apache-2.0 - -Files: vendor/github.com/prometheus/common/* -Copyright: 2013-2015 The Prometheus Authors - 2011, Open Knowledge Foundation Ltd. -License: Apache-2.0 - -Files: vendor/github.com/prometheus/procfs/* -Copyright: 2014-2015,2017-2019 The Prometheus Authors - 2017 Roger Luethi -License: Apache-2.0 - -Files: vendor/github.com/PuerkitoBio/purell/* -Copyright: 2012, Martin Angers -License: BSD-3-clause - -Files: vendor/github.com/PuerkitoBio/urlesc/* -Copyright: 2009, 2012 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/quobyte/api/* -Copyright: 2016, Quobyte Inc. -License: BSD-3-clause - -Files: vendor/github.com/robfig/cron/* -Copyright: 2012 Rob Figueiredo -License: Expat - -Files: vendor/github.com/rubiojr/go-vhd/* -Copyright: 2015 Sergio Rubio -License: Expat - -Files: vendor/github.com/russross/blackfriday/* -Copyright: 2011 Russ Ross -License: BSD-2-clause - -Files: vendor/github.com/satori/go.uuid/* -Copyright: 2013-2018 by Maxim Bublis -License: Expat - -Files: vendor/github.com/seccomp/libseccomp-golang/* -Copyright: 2015 Matthew Heon - 2015 Paul Moore -License: BSD-2-clause - -Files: vendor/github.com/sirupsen/logrus/* -Copyright: 2014 Simon Eskildsen -License: Expat - -Files: vendor/github.com/soheilhy/cmux/* -Copyright: 2016 The CMux Authors -License: Apache-2.0 - -Files: vendor/github.com/spf13/afero/* -Copyright: 2009, 2015 The Go Authors - 2014-2016,2018 Steve Francia - 2015 The Hugo Authors - 2013 The tsuru authors - 2016-present Bjørn Erik Pedersen -License: Apache-2.0 - -Files: vendor/github.com/spf13/cast/* -Copyright: 2014 Steve Francia - 2011 The Go Authors -License: Expat - -Files: vendor/github.com/spf13/cobra/* -Copyright: 2013 Steve Francia . - 2015 Red Hat Inc. - 2016 French Ben -License: Apache-2.0 - -Files: vendor/github.com/spf13/jwalterweatherman/* -Copyright: 2014, 2016 Steve Francia -License: Expat - -Files: vendor/github.com/spf13/pflag/* -Copyright: 2012 Alex Ogier - 2009, 2012 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/spf13/viper/* -Copyright: 2014 Steve Francia -License: Expat - -Files: vendor/github.com/storageos/go-api/* -Copyright: 2015-2018 StorageOS - 2013-2017 go-dockerclient Authors -License: Expat and BSD-2-clause - -Files: vendor/github.com/stretchr/objx/* -Copyright: 2014 Stretchr, Inc. - 2017-2018 objx contributors -License: Expat - -Files: vendor/github.com/stretchr/testify/* -Copyright: 2012-2018 Mat Ryer and Tyler Bunnell -License: Expat - -Files: vendor/github.com/syndtr/gocapability/* -Copyright: 2013 Suryandaru Triandana -License: BSD-2-clause - -Files: vendor/github.com/thecodeteam/goscaleio/* -Copyright: 2015-2019 thecodeteam/goscaleio contributors -License: Apache-2.0 - -Files: vendor/github.com/tmc/grpc-websocket-proxy/* -Copyright: 2016 Travis Cline -License: Expat - -Files: vendor/github.com/vishvananda/netlink/* -Copyright: 2014 Vishvananda Ishaya. - 2014 Docker, Inc. -License: Apache-2.0 - -Files: vendor/github.com/vishvananda/netns/* -Copyright: 2014 Vishvananda Ishaya. - 2014 Docker, Inc. -License: Apache-2.0 - -Files: vendor/github.com/vmware/govmomi/* -Copyright: 2014-2018 VMware, Inc. - 2009, 2011, 2012 The Go Authors -License: Apache-2.0 - -Files: vendor/github.com/xiang90/probing/* -Copyright: 2015 Xiang Li -License: Expat - -Files: vendor/go.etcd.io/bbolt/* -Copyright: 2013 Ben Johnson -License: Expat - -Files: vendor/go.etcd.io/etcd/* -Copyright: 2014 CoreOS, Inc - 2015-2019 The etcd Authors - 2015 The Go Authors -License: Apache-2.0 - -Files: vendor/go.mongodb.org/mongo-driver/* -Copyright: MongoDB Inc. 2017-present. -License: Apache-2.0 - -Files: vendor/go.opencensus.io/* -Copyright: 2017-2019 OpenCensus Authors -License: Apache-2.0 - -Files: vendor/go.uber.org/atomic/* -Copyright: 2016 Uber Technologies, Inc. -License: Expat - -Files: vendor/go.uber.org/multierr/* -Copyright: 2017 Uber Technologies, Inc. -License: Expat - -Files: vendor/go.uber.org/zap/* -Copyright: 2016-2017 Uber Technologies, Inc. -License: Expat - -Files: vendor/golang.org/x/crypto/* -Copyright: 2009,2011-2016,2018 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/lint/* -Copyright: 2013,2018 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/net/* -Copyright: 2009-2019 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/oauth2/* -Copyright: 2009,2014-2018 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/sync/* -Copyright: 2009,2016 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/sys/* -Copyright: 2009-2019 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/text/* -Copyright: 2009,2011,2013-2018 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/time/* -Copyright: 2009,2015 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/tools/* -Copyright: 2009,2011-2019 The Go Authors -License: BSD-3-clause - -Files: vendor/gonum.org/v1/gonum/* -Copyright: 2013-2019 The Gonum Authors - 2009, 2010, 2012 The Go Authors - 1984, 1987, 1989, 1992, 2000 Stephen L. Moshier - 2017 Robin Eklind -License: BSD-3-clause - -Files: vendor/google.golang.org/api/* -Copyright: 2011-2013 Google Inc - 2015-2019 Google LLC - 2013 Joshua Tacoma - 2015-2017 The Go Authors -License: BSD-3-clause - -Files: vendor/google.golang.org/appengine/* -Copyright: 2011-2015,2018 Google Inc. -License: Apache-2.0 - -Files: vendor/google.golang.org/genproto/* -Copyright: 2016-2020 google.golang.org/genproto contributors -License: Apache-2.0 - -Files: vendor/google.golang.org/grpc/* -Copyright: 2014-2019 gRPC authors -License: Apache-2.0 - -Files: vendor/gopkg.in/fsnotify.v1/* -Copyright: 2012 The Go Authors - 2012 fsnotify Authors -License: BSD-3-clause - -Files: vendor/gopkg.in/gcfg.v1/* -Copyright: 2012 Péter Surányi - 2009 The Go Authors -License: BSD-3-clause - -Files: vendor/gopkg.in/inf.v0/* -Copyright: 2012 Péter Surányi - 2009 The Go Authors -License: BSD-3-clause - -Files: vendor/gopkg.in/natefinch/lumberjack.v2/* -Copyright: 2014 Nate Finch -License: Expat - -Files: vendor/gopkg.in/square/go-jose.v2/* -Copyright: 2014,2016,2017,2018 Square Inc. - 2016 Zbigniew Mandziejewicz - 2010 The Go Authors -License: Apache-2.0 - -Files: vendor/gopkg.in/tomb.v1/* -Copyright: 2010-2011 - Gustavo Niemeyer -License: BSD-3-clause - -Files: vendor/gopkg.in/warnings.v0/* -Copyright: 2016 Péter Surányi -License: BSD-2-clause - -Files: vendor/gopkg.in/yaml.v2/* -Copyright: 2006 Kirill Simonov -License: Apache-2.0 - -Files: vendor/gotest.tools/* -Copyright: 2018 gotest.tools authors -License: Apache-2.0 - -Files: vendor/honnef.co/go/tools/* -Copyright: 2016, 2018, 2019 Dominik Honnef - 2009, 2013-2015, 2017, 2018 The Go Authors - 2018 Google Inc. - 2013 Kamil Kisiel - 2013 TOML authors -License: Expat - -Files: vendor/vbom.ml/util/* -Copyright: 2015 Frits van Bommel -License: Expat - -License: Expat - Permission is hereby granted, free of charge, to any person obtaining a copy of - this software and associated documentation files (the "Software"), to deal in - the Software without restriction, including without limitation the rights to - use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - the Software, and to permit persons to whom the Software is furnished to do so, - subject to the following conditions: - . - The above copyright notice and this permission notice shall be included in all - copies or substantial portions of the Software. - . - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -License: BSD-3-clause - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - . - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - . - THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -License: BSD-2-clause - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - . - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - . - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - . - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -License: MPL-2.0 - This Source Code Form is subject to the terms of the Mozilla Public - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. - . - On Debian systems the full text of the MPL 2.0 license can be found in - /usr/share/common-licenses/MPL-2.0 . - -License: ISC - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - . - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -License: CC0-1.0 - To the extent possible under law, the author(s) have dedicated all copyright - and related and neighboring rights to this software to the public domain - worldwide. This software is distributed without any warranty. - . - You should have received a copy of the CC0 Public Domain Dedication along with - this software. If not, see . - . - On Debian systems, the full text of the CC0 Public Domain Dedication version - version 1.0 can be found in the file /usr/share/common-licenses/CC0-1.0 . - -License: LGPL-3.0 - This package is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 3 of the License, or (at your option) any later version. - . - This package is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - . - You should have received a copy of the GNU Lesser General Public - License along with this package; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - . - On Debian systems, the complete text of the GNU Lesser General - Public License can be found in /usr/share/common-licenses/LGPL-3 - -License: GPL-2.0 - This package is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - . - This package is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this package; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - . - On Debian systems, the complete text of the GNU General - Public License can be found in /usr/share/common-licenses/GPL-2 . - -License: CC-BY-SA-4.0 - Attribution-ShareAlike 4.0 International - . - ======================================================================= - . - Creative Commons Corporation ("Creative Commons") is not a law firm and - does not provide legal services or legal advice. Distribution of - Creative Commons public licenses does not create a lawyer-client or - other relationship. Creative Commons makes its licenses and related - information available on an "as-is" basis. Creative Commons gives no - warranties regarding its licenses, any material licensed under their - terms and conditions, or any related information. Creative Commons - disclaims all liability for damages resulting from their use to the - fullest extent possible. - . - Using Creative Commons Public Licenses - . - Creative Commons public licenses provide a standard set of terms and - conditions that creators and other rights holders may use to share - original works of authorship and other material subject to copyright - and certain other rights specified in the public license below. The - following considerations are for informational purposes only, are not - exhaustive, and do not form part of our licenses. - . - Considerations for licensors: Our public licenses are - intended for use by those authorized to give the public - permission to use material in ways otherwise restricted by - copyright and certain other rights. Our licenses are - irrevocable. Licensors should read and understand the terms - and conditions of the license they choose before applying it. - Licensors should also secure all rights necessary before - applying our licenses so that the public can reuse the - material as expected. Licensors should clearly mark any - material not subject to the license. This includes other CC- - licensed material, or material used under an exception or - limitation to copyright. More considerations for licensors: - wiki.creativecommons.org/Considerations_for_licensors - . - Considerations for the public: By using one of our public - licenses, a licensor grants the public permission to use the - licensed material under specified terms and conditions. If - the licensor's permission is not necessary for any reason--for - example, because of any applicable exception or limitation to - copyright--then that use is not regulated by the license. Our - licenses grant only permissions under copyright and certain - other rights that a licensor has authority to grant. Use of - the licensed material may still be restricted for other - reasons, including because others have copyright or other - rights in the material. A licensor may make special requests, - such as asking that all changes be marked or described. - Although not required by our licenses, you are encouraged to - respect those requests where reasonable. More_considerations - for the public: - wiki.creativecommons.org/Considerations_for_licensees - . - ======================================================================= - . - Creative Commons Attribution-ShareAlike 4.0 International Public - License - . - By exercising the Licensed Rights (defined below), You accept and agree - to be bound by the terms and conditions of this Creative Commons - Attribution-ShareAlike 4.0 International Public License ("Public - License"). To the extent this Public License may be interpreted as a - contract, You are granted the Licensed Rights in consideration of Your - acceptance of these terms and conditions, and the Licensor grants You - such rights in consideration of benefits the Licensor receives from - making the Licensed Material available under these terms and - conditions. - . - . - Section 1 -- Definitions. - . - a. Adapted Material means material subject to Copyright and Similar - Rights that is derived from or based upon the Licensed Material - and in which the Licensed Material is translated, altered, - arranged, transformed, or otherwise modified in a manner requiring - permission under the Copyright and Similar Rights held by the - Licensor. For purposes of this Public License, where the Licensed - Material is a musical work, performance, or sound recording, - Adapted Material is always produced where the Licensed Material is - synched in timed relation with a moving image. - . - b. Adapter's License means the license You apply to Your Copyright - and Similar Rights in Your contributions to Adapted Material in - accordance with the terms and conditions of this Public License. - . - c. BY-SA Compatible License means a license listed at - creativecommons.org/compatiblelicenses, approved by Creative - Commons as essentially the equivalent of this Public License. - . - d. Copyright and Similar Rights means copyright and/or similar rights - closely related to copyright including, without limitation, - performance, broadcast, sound recording, and Sui Generis Database - Rights, without regard to how the rights are labeled or - categorized. For purposes of this Public License, the rights - specified in Section 2(b)(1)-(2) are not Copyright and Similar - Rights. - . - e. Effective Technological Measures means those measures that, in the - absence of proper authority, may not be circumvented under laws - fulfilling obligations under Article 11 of the WIPO Copyright - Treaty adopted on December 20, 1996, and/or similar international - agreements. - . - f. Exceptions and Limitations means fair use, fair dealing, and/or - any other exception or limitation to Copyright and Similar Rights - that applies to Your use of the Licensed Material. - . - g. License Elements means the license attributes listed in the name - of a Creative Commons Public License. The License Elements of this - Public License are Attribution and ShareAlike. - . - h. Licensed Material means the artistic or literary work, database, - or other material to which the Licensor applied this Public - License. - . - i. Licensed Rights means the rights granted to You subject to the - terms and conditions of this Public License, which are limited to - all Copyright and Similar Rights that apply to Your use of the - Licensed Material and that the Licensor has authority to license. - . - j. Licensor means the individual(s) or entity(ies) granting rights - under this Public License. - . - k. Share means to provide material to the public by any means or - process that requires permission under the Licensed Rights, such - as reproduction, public display, public performance, distribution, - dissemination, communication, or importation, and to make material - available to the public including in ways that members of the - public may access the material from a place and at a time - individually chosen by them. - . - l. Sui Generis Database Rights means rights other than copyright - resulting from Directive 96/9/EC of the European Parliament and of - the Council of 11 March 1996 on the legal protection of databases, - as amended and/or succeeded, as well as other essentially - equivalent rights anywhere in the world. - . - m. You means the individual or entity exercising the Licensed Rights - under this Public License. Your has a corresponding meaning. - . - . - Section 2 -- Scope. - . - a. License grant. - . - 1. Subject to the terms and conditions of this Public License, - the Licensor hereby grants You a worldwide, royalty-free, - non-sublicensable, non-exclusive, irrevocable license to - exercise the Licensed Rights in the Licensed Material to: - . - a. reproduce and Share the Licensed Material, in whole or - in part; and - . - b. produce, reproduce, and Share Adapted Material. - . - 2. Exceptions and Limitations. For the avoidance of doubt, where - Exceptions and Limitations apply to Your use, this Public - License does not apply, and You do not need to comply with - its terms and conditions. - . - 3. Term. The term of this Public License is specified in Section - 6(a). - . - 4. Media and formats; technical modifications allowed. The - Licensor authorizes You to exercise the Licensed Rights in - all media and formats whether now known or hereafter created, - and to make technical modifications necessary to do so. The - Licensor waives and/or agrees not to assert any right or - authority to forbid You from making technical modifications - necessary to exercise the Licensed Rights, including - technical modifications necessary to circumvent Effective - Technological Measures. For purposes of this Public License, - simply making modifications authorized by this Section 2(a) - (4) never produces Adapted Material. - . - 5. Downstream recipients. - . - a. Offer from the Licensor -- Licensed Material. Every - recipient of the Licensed Material automatically - receives an offer from the Licensor to exercise the - Licensed Rights under the terms and conditions of this - Public License. - . - b. Additional offer from the Licensor -- Adapted Material. - Every recipient of Adapted Material from You - automatically receives an offer from the Licensor to - exercise the Licensed Rights in the Adapted Material - under the conditions of the Adapter's License You apply. - . - c. No downstream restrictions. You may not offer or impose - any additional or different terms or conditions on, or - apply any Effective Technological Measures to, the - Licensed Material if doing so restricts exercise of the - Licensed Rights by any recipient of the Licensed - Material. - . - 6. No endorsement. Nothing in this Public License constitutes or - may be construed as permission to assert or imply that You - are, or that Your use of the Licensed Material is, connected - with, or sponsored, endorsed, or granted official status by, - the Licensor or others designated to receive attribution as - provided in Section 3(a)(1)(A)(i). - . - b. Other rights. - . - 1. Moral rights, such as the right of integrity, are not - licensed under this Public License, nor are publicity, - privacy, and/or other similar personality rights; however, to - the extent possible, the Licensor waives and/or agrees not to - assert any such rights held by the Licensor to the limited - extent necessary to allow You to exercise the Licensed - Rights, but not otherwise. - . - 2. Patent and trademark rights are not licensed under this - Public License. - . - 3. To the extent possible, the Licensor waives any right to - collect royalties from You for the exercise of the Licensed - Rights, whether directly or through a collecting society - under any voluntary or waivable statutory or compulsory - licensing scheme. In all other cases the Licensor expressly - reserves any right to collect such royalties. - . - . - Section 3 -- License Conditions. - . - Your exercise of the Licensed Rights is expressly made subject to the - following conditions. - . - a. Attribution. - . - 1. If You Share the Licensed Material (including in modified - form), You must: - . - a. retain the following if it is supplied by the Licensor - with the Licensed Material: - . - i. identification of the creator(s) of the Licensed - Material and any others designated to receive - attribution, in any reasonable manner requested by - the Licensor (including by pseudonym if - designated); - . - ii. a copyright notice; - . - iii. a notice that refers to this Public License; - . - iv. a notice that refers to the disclaimer of - warranties; - . - v. a URI or hyperlink to the Licensed Material to the - extent reasonably practicable; - . - b. indicate if You modified the Licensed Material and - retain an indication of any previous modifications; and - . - c. indicate the Licensed Material is licensed under this - Public License, and include the text of, or the URI or - hyperlink to, this Public License. - . - 2. You may satisfy the conditions in Section 3(a)(1) in any - reasonable manner based on the medium, means, and context in - which You Share the Licensed Material. For example, it may be - reasonable to satisfy the conditions by providing a URI or - hyperlink to a resource that includes the required - information. - . - 3. If requested by the Licensor, You must remove any of the - information required by Section 3(a)(1)(A) to the extent - reasonably practicable. - . - b. ShareAlike. - . - In addition to the conditions in Section 3(a), if You Share - Adapted Material You produce, the following conditions also apply. - . - 1. The Adapter's License You apply must be a Creative Commons - license with the same License Elements, this version or - later, or a BY-SA Compatible License. - . - 2. You must include the text of, or the URI or hyperlink to, the - Adapter's License You apply. You may satisfy this condition - in any reasonable manner based on the medium, means, and - context in which You Share Adapted Material. - . - 3. You may not offer or impose any additional or different terms - or conditions on, or apply any Effective Technological - Measures to, Adapted Material that restrict exercise of the - rights granted under the Adapter's License You apply. - . - . - Section 4 -- Sui Generis Database Rights. - . - Where the Licensed Rights include Sui Generis Database Rights that - apply to Your use of the Licensed Material: - . - a. for the avoidance of doubt, Section 2(a)(1) grants You the right - to extract, reuse, reproduce, and Share all or a substantial - portion of the contents of the database; - . - b. if You include all or a substantial portion of the database - contents in a database in which You have Sui Generis Database - Rights, then the database in which You have Sui Generis Database - Rights (but not its individual contents) is Adapted Material, - . - including for purposes of Section 3(b); and - c. You must comply with the conditions in Section 3(a) if You Share - all or a substantial portion of the contents of the database. - . - For the avoidance of doubt, this Section 4 supplements and does not - replace Your obligations under this Public License where the Licensed - Rights include other Copyright and Similar Rights. - . - . - Section 5 -- Disclaimer of Warranties and Limitation of Liability. - . - a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE - EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS - AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF - ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, - IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, - WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR - PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, - ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT - KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT - ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. - . - b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE - TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, - NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, - INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, - COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR - USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN - ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR - DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR - IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. - . - c. The disclaimer of warranties and limitation of liability provided - above shall be interpreted in a manner that, to the extent - possible, most closely approximates an absolute disclaimer and - waiver of all liability. - . - . - Section 6 -- Term and Termination. - . - a. This Public License applies for the term of the Copyright and - Similar Rights licensed here. However, if You fail to comply with - this Public License, then Your rights under this Public License - terminate automatically. - . - b. Where Your right to use the Licensed Material has terminated under - Section 6(a), it reinstates: - . - 1. automatically as of the date the violation is cured, provided - it is cured within 30 days of Your discovery of the - violation; or - . - 2. upon express reinstatement by the Licensor. - . - For the avoidance of doubt, this Section 6(b) does not affect any - right the Licensor may have to seek remedies for Your violations - of this Public License. - . - c. For the avoidance of doubt, the Licensor may also offer the - Licensed Material under separate terms or conditions or stop - distributing the Licensed Material at any time; however, doing so - will not terminate this Public License. - . - d. Sections 1, 5, 6, 7, and 8 survive termination of this Public - License. - . - . - Section 7 -- Other Terms and Conditions. - . - a. The Licensor shall not be bound by any additional or different - terms or conditions communicated by You unless expressly agreed. - . - b. Any arrangements, understandings, or agreements regarding the - Licensed Material not stated herein are separate from and - independent of the terms and conditions of this Public License. - . - . - Section 8 -- Interpretation. - . - a. For the avoidance of doubt, this Public License does not, and - shall not be interpreted to, reduce, limit, restrict, or impose - conditions on any use of the Licensed Material that could lawfully - be made without permission under this Public License. - . - b. To the extent possible, if any provision of this Public License is - deemed unenforceable, it shall be automatically reformed to the - minimum extent necessary to make it enforceable. If the provision - cannot be reformed, it shall be severed from this Public License - without affecting the enforceability of the remaining terms and - conditions. - . - c. No term or condition of this Public License will be waived and no - failure to comply consented to unless expressly agreed to by the - Licensor. - . - d. Nothing in this Public License constitutes or may be interpreted - as a limitation upon, or waiver of, any privileges and immunities - that apply to the Licensor or You, including from the legal - processes of any jurisdiction or authority. - . - . - ======================================================================= - . - Creative Commons is not a party to its public - licenses. Notwithstanding, Creative Commons may elect to apply one of - its public licenses to material it publishes and in those instances - will be considered the “Licensor.” The text of the Creative Commons - public licenses is dedicated to the public domain under the CC0 Public - Domain Dedication. Except for the limited purpose of indicating that - material is shared under a Creative Commons public license or as - otherwise permitted by the Creative Commons policies published at - creativecommons.org/policies, Creative Commons does not authorize the - use of the trademark "Creative Commons" or any other trademark or logo - of Creative Commons without its prior written consent including, - without limitation, in connection with any unauthorized modifications - to any of its public licenses or any other arrangements, - understandings, or agreements concerning use of licensed material. For - the avoidance of doubt, this paragraph does not form part of the - public licenses. - . - Creative Commons may be contacted at creativecommons.org. - -License: CC-BY-4.0 - Attribution 4.0 International - . - ======================================================================= - . - Creative Commons Corporation ("Creative Commons") is not a law firm and - does not provide legal services or legal advice. Distribution of - Creative Commons public licenses does not create a lawyer-client or - other relationship. Creative Commons makes its licenses and related - information available on an "as-is" basis. Creative Commons gives no - warranties regarding its licenses, any material licensed under their - terms and conditions, or any related information. Creative Commons - disclaims all liability for damages resulting from their use to the - fullest extent possible. - . - Using Creative Commons Public Licenses - . - Creative Commons public licenses provide a standard set of terms and - conditions that creators and other rights holders may use to share - original works of authorship and other material subject to copyright - and certain other rights specified in the public license below. The - following considerations are for informational purposes only, are not - exhaustive, and do not form part of our licenses. - . - Considerations for licensors: Our public licenses are - intended for use by those authorized to give the public - permission to use material in ways otherwise restricted by - copyright and certain other rights. Our licenses are - irrevocable. Licensors should read and understand the terms - and conditions of the license they choose before applying it. - Licensors should also secure all rights necessary before - applying our licenses so that the public can reuse the - material as expected. Licensors should clearly mark any - material not subject to the license. This includes other CC- - licensed material, or material used under an exception or - limitation to copyright. More considerations for licensors: - wiki.creativecommons.org/Considerations_for_licensors - . - Considerations for the public: By using one of our public - licenses, a licensor grants the public permission to use the - licensed material under specified terms and conditions. If - the licensor's permission is not necessary for any reason--for - example, because of any applicable exception or limitation to - copyright--then that use is not regulated by the license. Our - licenses grant only permissions under copyright and certain - other rights that a licensor has authority to grant. Use of - the licensed material may still be restricted for other - reasons, including because others have copyright or other - rights in the material. A licensor may make special requests, - such as asking that all changes be marked or described. - Although not required by our licenses, you are encouraged to - respect those requests where reasonable. More_considerations - for the public: - wiki.creativecommons.org/Considerations_for_licensees - . - ======================================================================= - . - Creative Commons Attribution 4.0 International Public License - . - By exercising the Licensed Rights (defined below), You accept and agree - to be bound by the terms and conditions of this Creative Commons - Attribution 4.0 International Public License ("Public License"). To the - extent this Public License may be interpreted as a contract, You are - granted the Licensed Rights in consideration of Your acceptance of - these terms and conditions, and the Licensor grants You such rights in - consideration of benefits the Licensor receives from making the - Licensed Material available under these terms and conditions. - . - . - Section 1 -- Definitions. - . - a. Adapted Material means material subject to Copyright and Similar - Rights that is derived from or based upon the Licensed Material - and in which the Licensed Material is translated, altered, - arranged, transformed, or otherwise modified in a manner requiring - permission under the Copyright and Similar Rights held by the - Licensor. For purposes of this Public License, where the Licensed - Material is a musical work, performance, or sound recording, - Adapted Material is always produced where the Licensed Material is - synched in timed relation with a moving image. - . - b. Adapter's License means the license You apply to Your Copyright - and Similar Rights in Your contributions to Adapted Material in - accordance with the terms and conditions of this Public License. - . - c. Copyright and Similar Rights means copyright and/or similar rights - closely related to copyright including, without limitation, - performance, broadcast, sound recording, and Sui Generis Database - Rights, without regard to how the rights are labeled or - categorized. For purposes of this Public License, the rights - specified in Section 2(b)(1)-(2) are not Copyright and Similar - Rights. - . - d. Effective Technological Measures means those measures that, in the - absence of proper authority, may not be circumvented under laws - fulfilling obligations under Article 11 of the WIPO Copyright - Treaty adopted on December 20, 1996, and/or similar international - agreements. - . - e. Exceptions and Limitations means fair use, fair dealing, and/or - any other exception or limitation to Copyright and Similar Rights - that applies to Your use of the Licensed Material. - . - f. Licensed Material means the artistic or literary work, database, - or other material to which the Licensor applied this Public - License. - . - g. Licensed Rights means the rights granted to You subject to the - terms and conditions of this Public License, which are limited to - all Copyright and Similar Rights that apply to Your use of the - Licensed Material and that the Licensor has authority to license. - . - h. Licensor means the individual(s) or entity(ies) granting rights - under this Public License. - . - i. Share means to provide material to the public by any means or - process that requires permission under the Licensed Rights, such - as reproduction, public display, public performance, distribution, - dissemination, communication, or importation, and to make material - available to the public including in ways that members of the - public may access the material from a place and at a time - individually chosen by them. - . - j. Sui Generis Database Rights means rights other than copyright - resulting from Directive 96/9/EC of the European Parliament and of - the Council of 11 March 1996 on the legal protection of databases, - as amended and/or succeeded, as well as other essentially - equivalent rights anywhere in the world. - . - k. You means the individual or entity exercising the Licensed Rights - under this Public License. Your has a corresponding meaning. - . - . - Section 2 -- Scope. - . - a. License grant. - . - 1. Subject to the terms and conditions of this Public License, - the Licensor hereby grants You a worldwide, royalty-free, - non-sublicensable, non-exclusive, irrevocable license to - exercise the Licensed Rights in the Licensed Material to: - . - a. reproduce and Share the Licensed Material, in whole or - in part; and - . - b. produce, reproduce, and Share Adapted Material. - . - 2. Exceptions and Limitations. For the avoidance of doubt, where - Exceptions and Limitations apply to Your use, this Public - License does not apply, and You do not need to comply with - its terms and conditions. - . - 3. Term. The term of this Public License is specified in Section - 6(a). - . - 4. Media and formats; technical modifications allowed. The - Licensor authorizes You to exercise the Licensed Rights in - all media and formats whether now known or hereafter created, - and to make technical modifications necessary to do so. The - Licensor waives and/or agrees not to assert any right or - authority to forbid You from making technical modifications - necessary to exercise the Licensed Rights, including - technical modifications necessary to circumvent Effective - Technological Measures. For purposes of this Public License, - simply making modifications authorized by this Section 2(a) - (4) never produces Adapted Material. - . - 5. Downstream recipients. - . - a. Offer from the Licensor -- Licensed Material. Every - recipient of the Licensed Material automatically - receives an offer from the Licensor to exercise the - Licensed Rights under the terms and conditions of this - Public License. - . - b. No downstream restrictions. You may not offer or impose - any additional or different terms or conditions on, or - apply any Effective Technological Measures to, the - Licensed Material if doing so restricts exercise of the - Licensed Rights by any recipient of the Licensed - Material. - . - 6. No endorsement. Nothing in this Public License constitutes or - may be construed as permission to assert or imply that You - are, or that Your use of the Licensed Material is, connected - with, or sponsored, endorsed, or granted official status by, - the Licensor or others designated to receive attribution as - provided in Section 3(a)(1)(A)(i). - . - b. Other rights. - . - 1. Moral rights, such as the right of integrity, are not - licensed under this Public License, nor are publicity, - privacy, and/or other similar personality rights; however, to - the extent possible, the Licensor waives and/or agrees not to - assert any such rights held by the Licensor to the limited - extent necessary to allow You to exercise the Licensed - Rights, but not otherwise. - . - 2. Patent and trademark rights are not licensed under this - Public License. - . - 3. To the extent possible, the Licensor waives any right to - collect royalties from You for the exercise of the Licensed - Rights, whether directly or through a collecting society - under any voluntary or waivable statutory or compulsory - licensing scheme. In all other cases the Licensor expressly - reserves any right to collect such royalties. - . - . - Section 3 -- License Conditions. - . - Your exercise of the Licensed Rights is expressly made subject to the - following conditions. - . - a. Attribution. - . - 1. If You Share the Licensed Material (including in modified - form), You must: - . - a. retain the following if it is supplied by the Licensor - with the Licensed Material: - . - i. identification of the creator(s) of the Licensed - Material and any others designated to receive - attribution, in any reasonable manner requested by - the Licensor (including by pseudonym if - designated); - . - ii. a copyright notice; - . - iii. a notice that refers to this Public License; - . - iv. a notice that refers to the disclaimer of - warranties; - . - v. a URI or hyperlink to the Licensed Material to the - extent reasonably practicable; - . - b. indicate if You modified the Licensed Material and - retain an indication of any previous modifications; and - . - c. indicate the Licensed Material is licensed under this - Public License, and include the text of, or the URI or - hyperlink to, this Public License. - . - 2. You may satisfy the conditions in Section 3(a)(1) in any - reasonable manner based on the medium, means, and context in - which You Share the Licensed Material. For example, it may be - reasonable to satisfy the conditions by providing a URI or - hyperlink to a resource that includes the required - information. - . - 3. If requested by the Licensor, You must remove any of the - information required by Section 3(a)(1)(A) to the extent - reasonably practicable. - . - 4. If You Share Adapted Material You produce, the Adapter's - License You apply must not prevent recipients of the Adapted - Material from complying with this Public License. - . - . - Section 4 -- Sui Generis Database Rights. - . - Where the Licensed Rights include Sui Generis Database Rights that - apply to Your use of the Licensed Material: - . - a. for the avoidance of doubt, Section 2(a)(1) grants You the right - to extract, reuse, reproduce, and Share all or a substantial - portion of the contents of the database; - . - b. if You include all or a substantial portion of the database - contents in a database in which You have Sui Generis Database - Rights, then the database in which You have Sui Generis Database - Rights (but not its individual contents) is Adapted Material; and - . - c. You must comply with the conditions in Section 3(a) if You Share - all or a substantial portion of the contents of the database. - . - For the avoidance of doubt, this Section 4 supplements and does not - replace Your obligations under this Public License where the Licensed - Rights include other Copyright and Similar Rights. - . - . - Section 5 -- Disclaimer of Warranties and Limitation of Liability. - . - a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE - EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS - AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF - ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, - IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, - WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR - PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, - ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT - KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT - ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. - . - b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE - TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, - NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, - INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, - COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR - USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN - ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR - DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR - IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. - . - c. The disclaimer of warranties and limitation of liability provided - above shall be interpreted in a manner that, to the extent - possible, most closely approximates an absolute disclaimer and - waiver of all liability. - . - . - Section 6 -- Term and Termination. - . - a. This Public License applies for the term of the Copyright and - Similar Rights licensed here. However, if You fail to comply with - this Public License, then Your rights under this Public License - terminate automatically. - . - b. Where Your right to use the Licensed Material has terminated under - Section 6(a), it reinstates: - . - 1. automatically as of the date the violation is cured, provided - it is cured within 30 days of Your discovery of the - violation; or - . - 2. upon express reinstatement by the Licensor. - . - For the avoidance of doubt, this Section 6(b) does not affect any - right the Licensor may have to seek remedies for Your violations - of this Public License. - . - c. For the avoidance of doubt, the Licensor may also offer the - Licensed Material under separate terms or conditions or stop - distributing the Licensed Material at any time; however, doing so - will not terminate this Public License. - . - d. Sections 1, 5, 6, 7, and 8 survive termination of this Public - License. - . - . - Section 7 -- Other Terms and Conditions. - . - a. The Licensor shall not be bound by any additional or different - terms or conditions communicated by You unless expressly agreed. - . - b. Any arrangements, understandings, or agreements regarding the - Licensed Material not stated herein are separate from and - independent of the terms and conditions of this Public License. - . - . - Section 8 -- Interpretation. - . - a. For the avoidance of doubt, this Public License does not, and - shall not be interpreted to, reduce, limit, restrict, or impose - conditions on any use of the Licensed Material that could lawfully - be made without permission under this Public License. - . - b. To the extent possible, if any provision of this Public License is - deemed unenforceable, it shall be automatically reformed to the - minimum extent necessary to make it enforceable. If the provision - cannot be reformed, it shall be severed from this Public License - without affecting the enforceability of the remaining terms and - conditions. - . - c. No term or condition of this Public License will be waived and no - failure to comply consented to unless expressly agreed to by the - Licensor. - . - d. Nothing in this Public License constitutes or may be interpreted - as a limitation upon, or waiver of, any privileges and immunities - that apply to the Licensor or You, including from the legal - processes of any jurisdiction or authority. - . - . - ======================================================================= - . - Creative Commons is not a party to its public - licenses. Notwithstanding, Creative Commons may elect to apply one of - its public licenses to material it publishes and in those instances - will be considered the “Licensor.” The text of the Creative Commons - public licenses is dedicated to the public domain under the CC0 Public - Domain Dedication. Except for the limited purpose of indicating that - material is shared under a Creative Commons public license or as - otherwise permitted by the Creative Commons policies published at - creativecommons.org/policies, Creative Commons does not authorize the - use of the trademark "Creative Commons" or any other trademark or logo - of Creative Commons without its prior written consent including, - without limitation, in connection with any unauthorized modifications - to any of its public licenses or any other arrangements, - understandings, or agreements concerning use of licensed material. For - the avoidance of doubt, this paragraph does not form part of the - public licenses. - . - Creative Commons may be contacted at creativecommons.org. - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubeadm.conf b/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubeadm.conf deleted file mode 100644 index 238704288..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubeadm.conf +++ /dev/null @@ -1,17 +0,0 @@ -# Note: This dropin only works with kubeadm and kubelet v1.11+ -[Service] -Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf" -Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml" -# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically -EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env -# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use -# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file. -EnvironmentFile=-/etc/default/kubelet -ExecStart= -ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS -ExecStartPre=-/usr/local/sbin/sanitize_kubelet_reserved_cpus.sh /etc/default/kubelet -ExecStartPre=-/usr/bin/kubelet-cgroup-setup.sh -ExecStartPost=/bin/bash -c 'echo $MAINPID > /var/run/kubelet.pid;' -ExecStopPost=/bin/rm -f /var/run/kubelet.pid -StartLimitInterval=0 -RestartSec=10 diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-client.install b/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-client.install deleted file mode 100644 index 33c25cbc8..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-client.install +++ /dev/null @@ -1,2 +0,0 @@ -usr/local/kubernetes/1.24.4/stage2/usr/bin/kubectl -usr/local/kubernetes/1.24.4/stage2/usr/share/bash-completion/completions/kubectl diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-client.lintian-overrides b/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-client.lintian-overrides deleted file mode 100644 index 160b6783b..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-client.lintian-overrides +++ /dev/null @@ -1,9 +0,0 @@ -## Generated man pages: TODO -manpage-has-bad-whatis-entry usr/share/man/* -manpage-has-errors-from-man usr/share/man/man1/* - -## Bash-completion script does not have to be executable: -script-not-executable usr/share/bash-completion/completions/kubectl - -## Override annoying/useless messages -kubernetes-client: spelling-error-in-binary diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-kubeadm.dirs b/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-kubeadm.dirs deleted file mode 100644 index bc98053c5..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-kubeadm.dirs +++ /dev/null @@ -1 +0,0 @@ -usr/local/kubernetes/1.24.4/stage2/etc/systemd/system/kubelet.service.d/ diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-kubeadm.install b/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-kubeadm.install deleted file mode 100644 index dc6c5acea..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-kubeadm.install +++ /dev/null @@ -1,2 +0,0 @@ -usr/local/kubernetes/1.24.4/stage1/usr/bin/kubeadm -usr/local/kubernetes/1.24.4/stage2/etc/systemd/system/kubelet.service.d/kubeadm.conf diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-master.dirs b/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-master.dirs deleted file mode 100644 index 69c9d7f72..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-master.dirs +++ /dev/null @@ -1,5 +0,0 @@ -etc/kubernetes-1.24.4 -etc/kubernetes-1.24.4/addons -etc/kubernetes-1.24.4/addons/volumesnapshots -etc/kubernetes-1.24.4/addons/volumesnapshots/crd -etc/kubernetes-1.24.4/addons/volumesnapshots/volume-snapshot-controller diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-master.install b/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-master.install deleted file mode 100644 index 92d2aa44a..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-master.install +++ /dev/null @@ -1,8 +0,0 @@ -usr/bin/kube-apiserver -usr/bin/kube-controller-manager -usr/bin/kube-scheduler -etc/kubernetes-1.24.4/addons/volumesnapshots/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml -etc/kubernetes-1.24.4/addons/volumesnapshots/crd/snapshot.storage.k8s.io_volumesnapshotclasses.yaml -etc/kubernetes-1.24.4/addons/volumesnapshots/crd/snapshot.storage.k8s.io_volumesnapshots.yaml -etc/kubernetes-1.24.4/addons/volumesnapshots/volume-snapshot-controller/volume-snapshot-controller-deployment.yaml -etc/kubernetes-1.24.4/addons/volumesnapshots/volume-snapshot-controller/rbac-volume-snapshot-controller.yaml diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-master.lintian-overrides b/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-master.lintian-overrides deleted file mode 100644 index f73c63ffd..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-master.lintian-overrides +++ /dev/null @@ -1,7 +0,0 @@ -## No manual page for hyperkube -kubernetes-master: binary-without-manpage usr/bin/hyperkube - -## Override annoying/useless messages -kubernetes-master: spelling-error-in-binary -kubernetes-master: manpage-has-errors-from-man usr/share/man/man1/* -kubernetes-master: manpage-has-bad-whatis-entry usr/share/man/man1/* diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-misc.docs b/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-misc.docs deleted file mode 100644 index 1dc3a103d..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-misc.docs +++ /dev/null @@ -1,3 +0,0 @@ -src/k8s.io/kubernetes/README.md -src/k8s.io/kubernetes/SUPPORT.md -src/k8s.io/kubernetes/_output/NOTICE diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-misc.install b/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-misc.install deleted file mode 100644 index f5d4f5581..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-misc.install +++ /dev/null @@ -1 +0,0 @@ -usr/bin/kube-proxy diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-misc.manpages b/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-misc.manpages deleted file mode 100644 index e7203adc2..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-misc.manpages +++ /dev/null @@ -1,10 +0,0 @@ -# kubernetes-client -src/k8s.io/kubernetes/_output/man/kubeadm* -src/k8s.io/kubernetes/_output/man/kubectl* -# kubernetes-master -src/k8s.io/kubernetes/_output/man/kube-apiserver* -src/k8s.io/kubernetes/_output/man/kube-scheduler* -src/k8s.io/kubernetes/_output/man/kube-controller-manager* -# kubernetes-node -src/k8s.io/kubernetes/_output/man/kubelet* -src/k8s.io/kubernetes/_output/man/kube-proxy* diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-node.install b/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-node.install deleted file mode 100644 index cd9bb3ccd..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-node.install +++ /dev/null @@ -1 +0,0 @@ -usr/local/kubernetes/1.24.4/stage2/usr/bin/kubelet diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-node.lintian-overrides b/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-node.lintian-overrides deleted file mode 100644 index 99d470def..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-node.lintian-overrides +++ /dev/null @@ -1,4 +0,0 @@ -## Override annoying/useless messages -kubernetes-node: spelling-error-in-binary -kubernetes-node: manpage-has-errors-from-man usr/share/man/man1/* -kubernetes-node: manpage-has-bad-whatis-entry usr/share/man/man1/* diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-unit-test.install b/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-unit-test.install deleted file mode 100644 index 4afdbf051..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/kubernetes-1.24.4-unit-test.install +++ /dev/null @@ -1 +0,0 @@ -var/lib/kubernetes-unit-test/ diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch deleted file mode 100644 index 2c7e928d8..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch +++ /dev/null @@ -1,407 +0,0 @@ -From 5e86e6319f5e6d0f0a56863a141238b9c4721ceb Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Mon, 6 May 2024 02:29:04 -0400 -Subject: [PATCH] Identify platform pods based on pod or namespace labels - -Pods with labeled with 'app.starlingx.io/component=platform' -are identified as 'platform'. These have isolated cpu affinity -cpuset when cpu-manager 'static' policy is configured. - -For k8s 1.24.4 to identify the pod as 'platform', keep existing -hardcoded namespace list to support the application that -have not upgraded yet, from old versions, and also to support -the new application, which has pod/namespace labels. - -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/cpumanager/policy_static.go | 81 +++++++++- - .../cm/cpumanager/policy_static_test.go | 147 ++++++++++++++++++ - .../cm/cpumanager/topology_hints_test.go | 3 + - 3 files changed, 229 insertions(+), 2 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index 94f18152d5b..286e983ec32 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -17,11 +17,17 @@ limitations under the License. - package cpumanager - - import ( -+ "context" - "fmt" - "strconv" - -+ k8sclient "k8s.io/client-go/kubernetes" -+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -+ restclient "k8s.io/client-go/rest" - v1 "k8s.io/api/core/v1" -+ "k8s.io/client-go/tools/clientcmd" - "k8s.io/klog/v2" -+ "k8s.io/kubernetes/cmd/kubeadm/app/constants" - v1qos "k8s.io/kubernetes/pkg/apis/core/v1/helper/qos" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" -@@ -41,6 +47,23 @@ const ( - ErrorSMTAlignment = "SMTAlignmentError" - ) - -+// Declared as variables so that they can easily more -+// overridden during testing -+type getPodNamespace func(string) (*v1.Namespace, error) -+type buildFromConfigFlag func(masterUrl string, kubeconfigPath string) (*restclient.Config, error) -+type isKubeInfraFunc func(pod *v1.Pod) bool -+ -+var varGetNamespaceObject getPodNamespace -+var varBuildConfigFromFlags buildFromConfigFlag -+var varIsKubeInfra isKubeInfraFunc -+ -+func init() { -+ varIsKubeInfra = isKubeInfra -+ varGetNamespaceObject = getPodNamespaceObject -+ varBuildConfigFromFlags = clientcmd.BuildConfigFromFlags -+} -+ -+ - // SMTAlignmentError represents an error due to SMT alignment - type SMTAlignmentError struct { - RequestedCPUs int -@@ -286,7 +309,7 @@ func (p *staticPolicy) updateCPUsToReuse(pod *v1.Pod, container *v1.Container, c - - func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Container) error { - // Process infra pods before guaranteed pods -- if isKubeInfra(pod) { -+ if varIsKubeInfra(pod) { - // Container belongs in reserved pool. - // We don't want to fall through to the p.guaranteedCPUs() clause below so return either nil or error. - if _, ok := s.GetCPUSet(string(pod.UID), container.Name); ok { -@@ -451,7 +474,7 @@ func (p *staticPolicy) guaranteedCPUs(pod *v1.Pod, container *v1.Container) int - return 0 - } - // Infrastructure pods use reserved CPUs even if they're in the Guaranteed QoS class -- if isKubeInfra(pod) { -+ if varIsKubeInfra(pod) { - return 0 - } - // Safe downcast to do for all systems with < 2.1 billion CPUs. -@@ -668,14 +691,68 @@ func (p *staticPolicy) generateCPUTopologyHints(availableCPUs cpuset.CPUSet, reu - return hints - } - -+func getPodNamespaceObject(podNamespaceName string) (*v1.Namespace, error) { -+ -+ kubeConfigPath := constants.GetKubeletKubeConfigPath() -+ cfg, err := varBuildConfigFromFlags("", kubeConfigPath) -+ if err != nil { -+ klog.Error("Failed to build client config from ", kubeConfigPath, err.Error()) -+ return nil, err -+ } -+ -+ clientset, err := k8sclient.NewForConfig(cfg) -+ if err != nil { -+ klog.Error("Failed to get clientset for KUBECONFIG ", kubeConfigPath, err.Error()) -+ return nil, err -+ } -+ -+ namespaceObj, err := clientset.CoreV1().Namespaces().Get(context.TODO(), podNamespaceName, metav1.GetOptions{}) -+ if err != nil { -+ klog.Error("Error getting namespace object:", err.Error()) -+ return nil, err -+ } -+ -+ return namespaceObj, nil -+ -+} -+ - // check if a given pod is in a platform infrastructure namespace -+// or check if a given pod is labelled as platform pod or is in -+// a namespace labelled as a platform namespace - func isKubeInfra(pod *v1.Pod) bool { -+ podName := pod.GetName() -+ podNamespaceName := pod.GetNamespace() - for _, namespace := range infraNamespaces { - if namespace == pod.Namespace { -+ klog.Infof("Pod %s has %s namespace. Treating as platform pod.", podName , podNamespaceName) - return true - } - } -+ -+ klog.InfoS("Checking pod ", podName , " for label 'app.starlingx.io/component=platform'.") -+ podLabels := pod.GetLabels() -+ val, ok := podLabels["app.starlingx.io/component"] -+ if (ok && val == "platform") { -+ klog.InfoS("Pod ", podName, " has 'app.starlingx.io/component=platform' label. Treating as platform pod.") -+ return true -+ } -+ -+ klog.V(4).InfoS("Pod ", podName, " does not have 'app.starlingx.io/component=platform' label. Checking its namespace information...") -+ namespaceObj, err := varGetNamespaceObject(podNamespaceName) -+ if err != nil { -+ return false -+ } -+ -+ namespaceLabels := namespaceObj.GetLabels() -+ val, ok = namespaceLabels["app.starlingx.io/component"] -+ if ok && val == "platform" { -+ klog.InfoS("For pod: ", podName, ", its Namespace ", podNamespaceName, " has 'app.starlingx.io/component=platform' label. Treating as platform pod.") -+ return true -+ } -+ -+ klog.InfoS("Neither pod ", podName, " nor its namespace ", podNamespaceName, " has 'app.starlingx.io/component=platform' label. Not treating as platform pod.") - return false -+ - } - - // get the isolated CPUs (if any) from the devices associated with a specific container -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index d0308556c6d..95ed4122aeb 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -17,10 +17,13 @@ limitations under the License. - package cpumanager - - import ( -+ "errors" - "fmt" - "reflect" - "testing" - -+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -+ restclient "k8s.io/client-go/rest" - v1 "k8s.io/api/core/v1" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" -@@ -823,6 +826,7 @@ type staticPolicyTestWithResvList struct { - stAssignments state.ContainerCPUAssignments - stDefaultCPUSet cpuset.CPUSet - pod *v1.Pod -+ isKubeInfraPodfunc isKubeInfraFunc - expErr error - expNewErr error - expCPUAlloc bool -@@ -894,6 +898,14 @@ func TestStaticPolicyStartWithResvList(t *testing.T) { - } - } - -+func fakeIsKubeInfraTrue(pod *v1.Pod) bool { -+ return true -+} -+ -+func fakeIsKubeInfraFalse(pod *v1.Pod) bool { -+ return false -+} -+ - func TestStaticPolicyAddWithResvList(t *testing.T) { - infraPod := makePod("fakePod", "fakeContainer2", "200m", "200m") - infraPod.Namespace = "kube-system" -@@ -907,6 +919,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - stAssignments: state.ContainerCPUAssignments{}, - stDefaultCPUSet: cpuset.NewCPUSet(1, 2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "8000m", "8000m"), -+ isKubeInfraPodfunc: fakeIsKubeInfraFalse, - expErr: fmt.Errorf("not enough cpus available to satisfy request"), - expCPUAlloc: false, - expCSet: cpuset.NewCPUSet(), -@@ -920,6 +933,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - stAssignments: state.ContainerCPUAssignments{}, - stDefaultCPUSet: cpuset.NewCPUSet(2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "1000m", "1000m"), -+ isKubeInfraPodfunc: fakeIsKubeInfraFalse, - expErr: nil, - expCPUAlloc: true, - expCSet: cpuset.NewCPUSet(4), // expect sibling of partial core -@@ -937,6 +951,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - }, - stDefaultCPUSet: cpuset.NewCPUSet(0, 1, 4, 5), - pod: makePod("fakePod", "fakeContainer3", "2000m", "2000m"), -+ isKubeInfraPodfunc: fakeIsKubeInfraFalse, - expErr: nil, - expCPUAlloc: true, - expCSet: cpuset.NewCPUSet(4, 5), -@@ -954,6 +969,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - }, - stDefaultCPUSet: cpuset.NewCPUSet(4, 5), - pod: infraPod, -+ isKubeInfraPodfunc: fakeIsKubeInfraTrue, - expErr: nil, - expCPUAlloc: true, - expCSet: cpuset.NewCPUSet(0, 1), -@@ -971,6 +987,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - }, - stDefaultCPUSet: cpuset.NewCPUSet(4, 5), - pod: infraPod, -+ isKubeInfraPodfunc: fakeIsKubeInfraTrue, - expErr: nil, - expCPUAlloc: true, - expCSet: cpuset.NewCPUSet(0), -@@ -987,6 +1004,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - defaultCPUSet: testCase.stDefaultCPUSet, - } - -+ varIsKubeInfra = testCase.isKubeInfraPodfunc - container := &testCase.pod.Spec.Containers[0] - err := policy.Allocate(st, testCase.pod, container) - if !reflect.DeepEqual(err, testCase.expErr) { -@@ -1106,3 +1124,132 @@ func TestStaticPolicyOptions(t *testing.T) { - }) - } - } -+ -+func makePodWithLabels(podLabels map[string]string) *v1.Pod { -+ return &v1.Pod{ -+ ObjectMeta: metav1.ObjectMeta{ -+ Name: "test-pod", -+ Namespace: "test-namespace", -+ Labels: podLabels, -+ }, -+ } -+} -+ -+func fakeBuildConfigFromFlags(masterUrl string, kubeconfigPath string) (*restclient.Config, error) { -+ -+ return &restclient.Config{}, nil -+} -+ -+func fakeBuildConfigFromFlagsError(masterUrl string, kubeconfigPath string) (*restclient.Config, error) { -+ -+ errString := fmt.Sprintf("%s file not found", kubeconfigPath) -+ return nil, errors.New(errString) -+ -+} -+ -+func getFakeInfraPodNamespace(_ string) (*v1.Namespace, error) { -+ -+ return &v1.Namespace{ -+ ObjectMeta: metav1.ObjectMeta{ -+ Name: "test-namespace", -+ Labels: map[string]string{ -+ "app.starlingx.io/component": "platform", -+ }, -+ }}, nil -+} -+ -+func getFakeNonInfraPodNamespace(_ string) (*v1.Namespace, error) { -+ -+ return &v1.Namespace{ -+ ObjectMeta: metav1.ObjectMeta{ -+ Name: "test-namespace", -+ Labels: map[string]string{ -+ "fake": "label", -+ }}}, nil -+ -+} -+ -+type kubeInfraPodTestCase struct { -+ description string -+ pod *v1.Pod -+ namespaceFunc getPodNamespace -+ expectedValue bool -+} -+ -+func TestKubeInfraPod(t *testing.T) { -+ testCases := []kubeInfraPodTestCase{ -+ { -+ description: "Pod with platform label and namespace with platform label", -+ pod: makePodWithLabels(map[string]string{ -+ "app.starlingx.io/component": "platform", -+ }), -+ namespaceFunc: getFakeInfraPodNamespace, -+ expectedValue: true, -+ }, -+ { -+ description: "Pod with platform label and namespace without platform label", -+ pod: makePodWithLabels(map[string]string{ -+ "app.starlingx.io/component": "platform", -+ }), -+ namespaceFunc: getFakeNonInfraPodNamespace, -+ expectedValue: true, -+ -+ }, -+ { -+ description: "Pod without platform label and namespace with platform label", -+ pod: makePodWithLabels(map[string]string{ -+ "test": "label", -+ }), -+ namespaceFunc: getFakeInfraPodNamespace, -+ expectedValue: true, -+ }, -+ { -+ description: "Pod without platform label and namespace without platform label", -+ pod: makePodWithLabels(map[string]string{ -+ "test": "namespace", -+ }), -+ namespaceFunc: getFakeNonInfraPodNamespace, -+ expectedValue: false, -+ }, -+ -+ } -+ -+ for _, testCase := range testCases { -+ t.Run(testCase.description, func(t *testing.T) { -+ -+ varGetNamespaceObject = testCase.namespaceFunc -+ varBuildConfigFromFlags = fakeBuildConfigFromFlags -+ gotValue := isKubeInfra(testCase.pod) -+ -+ if gotValue != testCase.expectedValue { -+ t.Errorf("StaticPolicy isKubeInfraPod() error %v. expected value %v actual value %v", -+ testCase.description, testCase.expectedValue, gotValue) -+ } else { -+ fmt.Printf("StaticPolicy isKubeInfraPod() test successful. : %v ", testCase.description) -+ } -+ -+ }) -+ } -+ -+ test := kubeInfraPodTestCase{ -+ description: "Failure reading kubeconfig file", -+ pod: makePodWithLabels(map[string]string{ -+ "test": "namespace", -+ }), -+ namespaceFunc: getFakeNonInfraPodNamespace, -+ expectedValue: false, -+ } -+ -+ varGetNamespaceObject = getPodNamespaceObject -+ varBuildConfigFromFlags = fakeBuildConfigFromFlagsError -+ -+ gotValue := isKubeInfra(test.pod) -+ -+ if gotValue != test.expectedValue { -+ t.Errorf("StaticPolicy isKubeInfraPod() error %v. expected value %v actual value %v", -+ test.description, test.expectedValue, gotValue) -+ } else { -+ fmt.Printf("StaticPolicy isKubeInfraPod() test successful. : %v ", test.description) -+ } -+ -+} -diff --git a/pkg/kubelet/cm/cpumanager/topology_hints_test.go b/pkg/kubelet/cm/cpumanager/topology_hints_test.go -index 9b8abe77488..b5a0ca41ab1 100644 ---- a/pkg/kubelet/cm/cpumanager/topology_hints_test.go -+++ b/pkg/kubelet/cm/cpumanager/topology_hints_test.go -@@ -142,6 +142,7 @@ func TestPodGuaranteedCPUs(t *testing.T) { - expectedCPU: 6, - }, - } -+ varIsKubeInfra = fakeIsKubeInfraFalse - for _, tc := range tcases { - requestedCPU := p.podGuaranteedCPUs(tc.pod) - -@@ -184,6 +185,7 @@ func TestGetTopologyHints(t *testing.T) { - sourcesReady: &sourcesReadyStub{}, - } - -+ varIsKubeInfra = fakeIsKubeInfraFalse - hints := m.GetTopologyHints(&tc.pod, &tc.container)[string(v1.ResourceCPU)] - if len(tc.expectedHints) == 0 && len(hints) == 0 { - continue -@@ -237,6 +239,7 @@ func TestGetPodTopologyHints(t *testing.T) { - sourcesReady: &sourcesReadyStub{}, - } - -+ varIsKubeInfra = fakeIsKubeInfraFalse - podHints := m.GetPodTopologyHints(&tc.pod)[string(v1.ResourceCPU)] - if len(tc.expectedHints) == 0 && len(podHints) == 0 { - continue --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-e2e-framework-test_context-add-control-plane-.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-e2e-framework-test_context-add-control-plane-.patch deleted file mode 100644 index a6d07848c..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-e2e-framework-test_context-add-control-plane-.patch +++ /dev/null @@ -1,32 +0,0 @@ -From a218316fb35a2ec67b7c8ad0fc2e8df537ee3434 Mon Sep 17 00:00:00 2001 -From: Jim Gauld -Date: Wed, 12 Oct 2022 13:57:45 -0400 -Subject: [PATCH 1/5] Revert "e2e/framework/test_context: add "control-plane" - to non-blocking-taints" - -This reverts commit 8641897057431d6c89a716d86c997f29049df0f7. ---- - test/e2e/framework/test_context.go | 7 +------ - 1 file changed, 1 insertion(+), 6 deletions(-) - -diff --git a/test/e2e/framework/test_context.go b/test/e2e/framework/test_context.go -index b4c4743b6ea..8bc5827d89a 100644 ---- a/test/e2e/framework/test_context.go -+++ b/test/e2e/framework/test_context.go -@@ -311,12 +311,7 @@ func RegisterCommonFlags(flags *flag.FlagSet) { - flags.StringVar(&TestContext.SystemdServices, "systemd-services", "docker", "The comma separated list of systemd services the framework will dump logs for.") - flags.BoolVar(&TestContext.DumpSystemdJournal, "dump-systemd-journal", false, "Whether to dump the full systemd journal.") - flags.StringVar(&TestContext.ImageServiceEndpoint, "image-service-endpoint", "", "The image service endpoint of cluster VM instances.") -- // TODO: remove the node-role.kubernetes.io/master taint in 1.25 or later. -- // The change will likely require an action for some users that do not -- // use k8s originated tools like kubeadm or kOps for creating clusters -- // and taint their control plane nodes with "master", expecting the test -- // suite to work with this legacy non-blocking taint. -- flags.StringVar(&TestContext.NonblockingTaints, "non-blocking-taints", `node-role.kubernetes.io/control-plane,node-role.kubernetes.io/master`, "Nodes with taints in this comma-delimited list will not block the test framework from starting tests. The default taint 'node-role.kubernetes.io/master' is DEPRECATED and will be removed from the list in a future release.") -+ flags.StringVar(&TestContext.NonblockingTaints, "non-blocking-taints", `node-role.kubernetes.io/master`, "Nodes with taints in this comma-delimited list will not block the test framework from starting tests.") - - flags.BoolVar(&TestContext.ListImages, "list-images", false, "If true, will show list of images used for runnning tests.") - flags.BoolVar(&TestContext.ListConformanceTests, "list-conformance-tests", false, "If true, will show list of conformance tests.") --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-kubeadm-apply-the-new-control-plane-taint-dur.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-kubeadm-apply-the-new-control-plane-taint-dur.patch deleted file mode 100644 index 5de979383..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-kubeadm-apply-the-new-control-plane-taint-dur.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 2c9b24f312305a29de2c861a35c3ec18b4ad3994 Mon Sep 17 00:00:00 2001 -From: Jim Gauld -Date: Wed, 12 Oct 2022 13:59:48 -0400 -Subject: [PATCH 2/5] Revert "kubeadm: apply the new "control-plane" taint - during upgrade" - -This reverts commit db6061f5a6e6eb0002d572fa5ab1142e9b60bc1b. ---- - cmd/kubeadm/app/cmd/upgrade/apply.go | 9 ----- - cmd/kubeadm/app/phases/upgrade/postupgrade.go | 40 ------------------- - 2 files changed, 49 deletions(-) - -diff --git a/cmd/kubeadm/app/cmd/upgrade/apply.go b/cmd/kubeadm/app/cmd/upgrade/apply.go -index 042f10796b6..3644146d804 100644 ---- a/cmd/kubeadm/app/cmd/upgrade/apply.go -+++ b/cmd/kubeadm/app/cmd/upgrade/apply.go -@@ -163,15 +163,6 @@ func runApply(flags *applyFlags, args []string) error { - return err - } - -- // TODO: https://github.com/kubernetes/kubeadm/issues/2200 -- fmt.Printf("[upgrade/postupgrade] Adding the new taint %s to all control plane Nodes. "+ -- "After this step both taints %s and %s should be present on control plane Nodes.\n", -- kubeadmconstants.ControlPlaneTaint.String(), kubeadmconstants.ControlPlaneTaint.String(), -- kubeadmconstants.OldControlPlaneTaint.String()) -- if err := upgrade.AddNewControlPlaneTaint(client); err != nil { -- return err -- } -- - // Upgrade RBAC rules and addons. - klog.V(1).Infoln("[upgrade/postupgrade] upgrading RBAC rules and addons") - if err := upgrade.PerformPostUpgradeTasks(client, cfg, flags.dryRun); err != nil { -diff --git a/cmd/kubeadm/app/phases/upgrade/postupgrade.go b/cmd/kubeadm/app/phases/upgrade/postupgrade.go -index 55828597310..fa215bfedf8 100644 ---- a/cmd/kubeadm/app/phases/upgrade/postupgrade.go -+++ b/cmd/kubeadm/app/phases/upgrade/postupgrade.go -@@ -238,46 +238,6 @@ func RemoveOldControlPlaneLabel(client clientset.Interface) error { - return nil - } - --// AddNewControlPlaneTaint finds all nodes with the new "control-plane" node-role label --// and adds the new "control-plane" taint to them. --// TODO: https://github.com/kubernetes/kubeadm/issues/2200 --func AddNewControlPlaneTaint(client clientset.Interface) error { -- selectorControlPlane := labels.SelectorFromSet(labels.Set(map[string]string{ -- kubeadmconstants.LabelNodeRoleControlPlane: "", -- })) -- nodes, err := client.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{ -- LabelSelector: selectorControlPlane.String(), -- }) -- if err != nil { -- return errors.Wrapf(err, "could not list nodes labeled with %q", kubeadmconstants.LabelNodeRoleControlPlane) -- } -- -- for _, n := range nodes.Items { -- // Check if the node has the old / new taints -- hasOldTaint := false -- hasNewTaint := false -- for _, t := range n.Spec.Taints { -- switch t.String() { -- case kubeadmconstants.OldControlPlaneTaint.String(): -- hasOldTaint = true -- case kubeadmconstants.ControlPlaneTaint.String(): -- hasNewTaint = true -- } -- } -- // If the old taint is present and the new taint is missing, patch the node with the new taint. -- // When the old taint is missing, assume the user has manually untainted the node and take no action. -- if !hasNewTaint && hasOldTaint { -- err = apiclient.PatchNode(client, n.Name, func(n *v1.Node) { -- n.Spec.Taints = append(n.Spec.Taints, kubeadmconstants.ControlPlaneTaint) -- }) -- if err != nil { -- return err -- } -- } -- } -- return nil --} -- - // UpdateKubeletDynamicEnvFileWithURLScheme reads the kubelet dynamic environment file - // from disk, ensure that the CRI endpoint flag has a scheme prefix and writes it - // back to disk. --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-kubeadm-apply-the-new-control-plane-taint-on-.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-kubeadm-apply-the-new-control-plane-taint-on-.patch deleted file mode 100644 index 86ea74c54..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-kubeadm-apply-the-new-control-plane-taint-on-.patch +++ /dev/null @@ -1,144 +0,0 @@ -From 7d898d974f2353b5984deb4ad42347726205696a Mon Sep 17 00:00:00 2001 -From: Jim Gauld -Date: Wed, 12 Oct 2022 14:00:19 -0400 -Subject: [PATCH 3/5] Revert "kubeadm: apply the new "control-plane" taint on - CP nodes" - -This reverts commit 370031cadac6240e49e7b30a644d19735b7d3338. ---- - cmd/kubeadm/app/apis/kubeadm/types.go | 6 +++--- - cmd/kubeadm/app/apis/kubeadm/v1beta2/doc.go | 2 +- - cmd/kubeadm/app/apis/kubeadm/v1beta2/types.go | 6 +++--- - cmd/kubeadm/app/apis/kubeadm/v1beta3/doc.go | 2 +- - cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go | 6 +++--- - cmd/kubeadm/app/util/config/initconfiguration.go | 2 +- - cmd/kubeadm/app/util/config/initconfiguration_test.go | 8 ++++---- - 7 files changed, 16 insertions(+), 16 deletions(-) - -diff --git a/cmd/kubeadm/app/apis/kubeadm/types.go b/cmd/kubeadm/app/apis/kubeadm/types.go -index d49256908e7..55d1fd9a06f 100644 ---- a/cmd/kubeadm/app/apis/kubeadm/types.go -+++ b/cmd/kubeadm/app/apis/kubeadm/types.go -@@ -218,9 +218,9 @@ type NodeRegistrationOptions struct { - // CRISocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use - CRISocket string - -- // Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, -- // it will be defaulted with a control-plane taint for control-plane nodes. If you don't want to taint your control-plane -- // node, set this field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. -+ // Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process -+ // it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an -+ // empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - Taints []v1.Taint - - // KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file -diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta2/doc.go b/cmd/kubeadm/app/apis/kubeadm/v1beta2/doc.go -index 64ae2bb8f7c..24e58868dbe 100644 ---- a/cmd/kubeadm/app/apis/kubeadm/v1beta2/doc.go -+++ b/cmd/kubeadm/app/apis/kubeadm/v1beta2/doc.go -@@ -172,7 +172,7 @@ limitations under the License. - // criSocket: "unix:///var/run/containerd/containerd.sock" - // taints: - // - key: "kubeadmNode" --// value: "someValue" -+// value: "master" - // effect: "NoSchedule" - // kubeletExtraArgs: - // v: 4 -diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta2/types.go b/cmd/kubeadm/app/apis/kubeadm/v1beta2/types.go -index a5cf40c513a..30037e30d40 100644 ---- a/cmd/kubeadm/app/apis/kubeadm/v1beta2/types.go -+++ b/cmd/kubeadm/app/apis/kubeadm/v1beta2/types.go -@@ -201,9 +201,9 @@ type NodeRegistrationOptions struct { - // CRISocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use - CRISocket string `json:"criSocket,omitempty"` - -- // Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, -- // it will be defaulted with a control-plane taint for control-plane nodes. If you don't want to taint your control-plane -- // node, set this field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. -+ // Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process -+ // it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an -+ // empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - Taints []v1.Taint `json:"taints"` - - // KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file -diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta3/doc.go b/cmd/kubeadm/app/apis/kubeadm/v1beta3/doc.go -index 8353359f91a..f7f34a7cffa 100644 ---- a/cmd/kubeadm/app/apis/kubeadm/v1beta3/doc.go -+++ b/cmd/kubeadm/app/apis/kubeadm/v1beta3/doc.go -@@ -176,7 +176,7 @@ limitations under the License. - // criSocket: "unix:///var/run/containerd/containerd.sock" - // taints: - // - key: "kubeadmNode" --// value: "someValue" -+// value: "master" - // effect: "NoSchedule" - // kubeletExtraArgs: - // v: 4 -diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go b/cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go -index 5a5151bf64b..82ae10cc271 100644 ---- a/cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go -+++ b/cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go -@@ -215,9 +215,9 @@ type NodeRegistrationOptions struct { - // +optional - CRISocket string `json:"criSocket,omitempty"` - -- // Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, -- // it will be defaulted with a control-plane taint for control-plane nodes. If you don't want to taint your control-plane -- // node, set this field to an empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. -+ // Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process -+ // it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an -+ // empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - Taints []corev1.Taint `json:"taints"` - - // KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file -diff --git a/cmd/kubeadm/app/util/config/initconfiguration.go b/cmd/kubeadm/app/util/config/initconfiguration.go -index 7d1bb67fc02..71c3c514bf0 100644 ---- a/cmd/kubeadm/app/util/config/initconfiguration.go -+++ b/cmd/kubeadm/app/util/config/initconfiguration.go -@@ -106,7 +106,7 @@ func SetNodeRegistrationDynamicDefaults(cfg *kubeadmapi.NodeRegistrationOptions, - // Only if the slice is nil, we should append the control-plane taint. This allows the user to specify an empty slice for no default control-plane taint - if controlPlaneTaint && cfg.Taints == nil { - // TODO: https://github.com/kubernetes/kubeadm/issues/2200 -- cfg.Taints = []v1.Taint{kubeadmconstants.OldControlPlaneTaint, kubeadmconstants.ControlPlaneTaint} -+ cfg.Taints = []v1.Taint{kubeadmconstants.OldControlPlaneTaint} - } - - if cfg.CRISocket == "" { -diff --git a/cmd/kubeadm/app/util/config/initconfiguration_test.go b/cmd/kubeadm/app/util/config/initconfiguration_test.go -index 074a1d821f4..93d7817a232 100644 ---- a/cmd/kubeadm/app/util/config/initconfiguration_test.go -+++ b/cmd/kubeadm/app/util/config/initconfiguration_test.go -@@ -115,17 +115,17 @@ func TestDefaultTaintsMarshaling(t *testing.T) { - expectedTaintCnt int - }{ - { -- desc: "Uninitialized nodeRegistration field produces expected taints", -+ desc: "Uninitialized nodeRegistration field produces a single taint (the master one)", - cfg: kubeadmapiv1.InitConfiguration{ - TypeMeta: metav1.TypeMeta{ - APIVersion: kubeadmapiv1.SchemeGroupVersion.String(), - Kind: constants.InitConfigurationKind, - }, - }, -- expectedTaintCnt: 2, -+ expectedTaintCnt: 1, - }, - { -- desc: "Uninitialized taints field produces expected taints", -+ desc: "Uninitialized taints field produces a single taint (the master one)", - cfg: kubeadmapiv1.InitConfiguration{ - TypeMeta: metav1.TypeMeta{ - APIVersion: kubeadmapiv1.SchemeGroupVersion.String(), -@@ -133,7 +133,7 @@ func TestDefaultTaintsMarshaling(t *testing.T) { - }, - NodeRegistration: kubeadmapiv1.NodeRegistrationOptions{}, - }, -- expectedTaintCnt: 2, -+ expectedTaintCnt: 1, - }, - { - desc: "Forsing taints to an empty slice produces no taints", --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-kubeadm-delete-the-old-master-label-during-up.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-kubeadm-delete-the-old-master-label-during-up.patch deleted file mode 100644 index b3d33aad3..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-kubeadm-delete-the-old-master-label-during-up.patch +++ /dev/null @@ -1,119 +0,0 @@ -From 42c1abc4763c795b0c9bfb65b1ceba1fd2fa3427 Mon Sep 17 00:00:00 2001 -From: Jim Gauld -Date: Wed, 12 Oct 2022 14:00:47 -0400 -Subject: [PATCH 5/5] Revert "kubeadm: delete the old "master" label during - upgrade" - -This reverts commit c0871b4433783a30c97e204b2011cf17d0457a62. ---- - cmd/kubeadm/app/cmd/join.go | 2 +- - cmd/kubeadm/app/cmd/upgrade/apply.go | 7 +++---- - cmd/kubeadm/app/phases/upgrade/health.go | 21 +++++++++++++++++-- - cmd/kubeadm/app/phases/upgrade/postupgrade.go | 10 ++++++--- - 4 files changed, 30 insertions(+), 10 deletions(-) - -diff --git a/cmd/kubeadm/app/cmd/join.go b/cmd/kubeadm/app/cmd/join.go -index fa0b07e3631..934a0951ff3 100644 ---- a/cmd/kubeadm/app/cmd/join.go -+++ b/cmd/kubeadm/app/cmd/join.go -@@ -64,7 +64,7 @@ var ( - - * Certificate signing request was sent to apiserver and approval was received. - * The Kubelet was informed of the new secure connection details. -- * Control plane label and taint were applied to the new node. -+ * Control plane (master) label and taint were applied to the new node. - * The Kubernetes control plane instances scaled up. - {{.etcdMessage}} - -diff --git a/cmd/kubeadm/app/cmd/upgrade/apply.go b/cmd/kubeadm/app/cmd/upgrade/apply.go -index 3644146d804..d49859aab9d 100644 ---- a/cmd/kubeadm/app/cmd/upgrade/apply.go -+++ b/cmd/kubeadm/app/cmd/upgrade/apply.go -@@ -156,10 +156,9 @@ func runApply(flags *applyFlags, args []string) error { - } - - // TODO: https://github.com/kubernetes/kubeadm/issues/2200 -- fmt.Printf("[upgrade/postupgrade] Removing the deprecated label %s='' from all control plane Nodes. "+ -- "After this step only the label %s='' will be present on control plane Nodes.\n", -- kubeadmconstants.LabelNodeRoleOldControlPlane, kubeadmconstants.LabelNodeRoleControlPlane) -- if err := upgrade.RemoveOldControlPlaneLabel(client); err != nil { -+ fmt.Printf("[upgrade/postupgrade] Applying label %s='' to Nodes with label %s='' (deprecated)\n", -+ kubeadmconstants.LabelNodeRoleControlPlane, kubeadmconstants.LabelNodeRoleOldControlPlane) -+ if err := upgrade.LabelOldControlPlaneNodes(client); err != nil { - return err - } - -diff --git a/cmd/kubeadm/app/phases/upgrade/health.go b/cmd/kubeadm/app/phases/upgrade/health.go -index 55acdf865a6..b14bc6f3bbd 100644 ---- a/cmd/kubeadm/app/phases/upgrade/health.go -+++ b/cmd/kubeadm/app/phases/upgrade/health.go -@@ -212,17 +212,34 @@ func deleteHealthCheckJob(client clientset.Interface, ns, jobName string) error - - // controlPlaneNodesReady checks whether all control-plane Nodes in the cluster are in the Running state - func controlPlaneNodesReady(client clientset.Interface, _ *kubeadmapi.ClusterConfiguration) error { -+ // list nodes labeled with a "master" node-role -+ selectorOldControlPlane := labels.SelectorFromSet(labels.Set(map[string]string{ -+ constants.LabelNodeRoleOldControlPlane: "", -+ })) -+ nodesWithOldLabel, err := client.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{ -+ LabelSelector: selectorOldControlPlane.String(), -+ }) -+ if err != nil { -+ return errors.Wrapf(err, "could not list nodes labeled with %q", constants.LabelNodeRoleOldControlPlane) -+ } -+ -+ // list nodes labeled with a "control-plane" node-role - selectorControlPlane := labels.SelectorFromSet(labels.Set(map[string]string{ - constants.LabelNodeRoleControlPlane: "", - })) -- nodes, err := client.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{ -+ nodesControlPlane, err := client.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{ - LabelSelector: selectorControlPlane.String(), - }) - if err != nil { - return errors.Wrapf(err, "could not list nodes labeled with %q", constants.LabelNodeRoleControlPlane) - } - -- notReadyControlPlanes := getNotReadyNodes(nodes.Items) -+ nodes := append(nodesWithOldLabel.Items, nodesControlPlane.Items...) -+ if len(nodes) == 0 { -+ return errors.New("failed to find any nodes with a control-plane role") -+ } -+ -+ notReadyControlPlanes := getNotReadyNodes(nodes) - if len(notReadyControlPlanes) != 0 { - return errors.Errorf("there are NotReady control-planes in the cluster: %v", notReadyControlPlanes) - } -diff --git a/cmd/kubeadm/app/phases/upgrade/postupgrade.go b/cmd/kubeadm/app/phases/upgrade/postupgrade.go -index fa215bfedf8..36e884195bc 100644 ---- a/cmd/kubeadm/app/phases/upgrade/postupgrade.go -+++ b/cmd/kubeadm/app/phases/upgrade/postupgrade.go -@@ -214,9 +214,10 @@ func rollbackFiles(files map[string]string, originalErr error) error { - return errors.Errorf("couldn't move these files: %v. Got errors: %v", files, errorsutil.NewAggregate(errs)) - } - --// RemoveOldControlPlaneLabel finds all nodes with the legacy node-role label and removes it -+// LabelOldControlPlaneNodes finds all nodes with the legacy node-role label and also applies -+// the "control-plane" node-role label to them. - // TODO: https://github.com/kubernetes/kubeadm/issues/2200 --func RemoveOldControlPlaneLabel(client clientset.Interface) error { -+func LabelOldControlPlaneNodes(client clientset.Interface) error { - selectorOldControlPlane := labels.SelectorFromSet(labels.Set(map[string]string{ - kubeadmconstants.LabelNodeRoleOldControlPlane: "", - })) -@@ -228,8 +229,11 @@ func RemoveOldControlPlaneLabel(client clientset.Interface) error { - } - - for _, n := range nodesWithOldLabel.Items { -+ if _, hasNewLabel := n.ObjectMeta.Labels[kubeadmconstants.LabelNodeRoleControlPlane]; hasNewLabel { -+ continue -+ } - err = apiclient.PatchNode(client, n.Name, func(n *v1.Node) { -- delete(n.ObjectMeta.Labels, kubeadmconstants.LabelNodeRoleOldControlPlane) -+ n.ObjectMeta.Labels[kubeadmconstants.LabelNodeRoleControlPlane] = "" - }) - if err != nil { - return err --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-kubeadm-only-apply-the-new-control-plane-labe.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-kubeadm-only-apply-the-new-control-plane-labe.patch deleted file mode 100644 index acfee1d4a..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-kubeadm-only-apply-the-new-control-plane-labe.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 0119bd093db1d72ebf4fa00c4869979da2f9e2a1 Mon Sep 17 00:00:00 2001 -From: Jim Gauld -Date: Wed, 12 Oct 2022 14:00:33 -0400 -Subject: [PATCH 4/5] Revert "kubeadm: only apply the new "control-plane" label - during init/join" - -This reverts commit a3d5e5598290df09f4ffd5cf6813653a346c8f4c. ---- - .../phases/markcontrolplane/markcontrolplane.go | 14 +++++++++++--- - .../markcontrolplane/markcontrolplane_test.go | 9 ++++++--- - cmd/kubeadm/app/util/staticpod/utils.go | 7 +++++++ - 3 files changed, 24 insertions(+), 6 deletions(-) - -diff --git a/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane.go b/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane.go -index dd4c89eca6d..c68f80f7fd6 100644 ---- a/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane.go -+++ b/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane.go -@@ -19,23 +19,31 @@ package markcontrolplane - import ( - "fmt" - -- v1 "k8s.io/api/core/v1" -+ "k8s.io/api/core/v1" - clientset "k8s.io/client-go/kubernetes" - - "k8s.io/kubernetes/cmd/kubeadm/app/constants" - "k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient" - ) - --// labelsToAdd holds a list of labels that are applied on kubeadm managed control plane nodes - var labelsToAdd = []string{ -+ // TODO: remove this label: -+ // https://github.com/kubernetes/kubeadm/issues/2200 -+ constants.LabelNodeRoleOldControlPlane, - constants.LabelNodeRoleControlPlane, - constants.LabelExcludeFromExternalLB, - } - - // MarkControlPlane taints the control-plane and sets the control-plane label - func MarkControlPlane(client clientset.Interface, controlPlaneName string, taints []v1.Taint) error { -+ // TODO: remove this "deprecated" amend and pass "labelsToAdd" directly: -+ // https://github.com/kubernetes/kubeadm/issues/2200 -+ labels := make([]string, len(labelsToAdd)) -+ copy(labels, labelsToAdd) -+ labels[0] = constants.LabelNodeRoleOldControlPlane + "(deprecated)" -+ - fmt.Printf("[mark-control-plane] Marking the node %s as control-plane by adding the labels: %v\n", -- controlPlaneName, labelsToAdd) -+ controlPlaneName, labels) - - if len(taints) > 0 { - taintStrs := []string{} -diff --git a/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane_test.go b/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane_test.go -index b171072f80a..cb9275124ab 100644 ---- a/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane_test.go -+++ b/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane_test.go -@@ -49,25 +49,26 @@ func TestMarkControlPlane(t *testing.T) { - existingLabels: []string{""}, - existingTaints: nil, - newTaints: []v1.Taint{kubeadmconstants.OldControlPlaneTaint}, -- expectedPatch: `{"metadata":{"labels":{"node-role.kubernetes.io/control-plane":"","node.kubernetes.io/exclude-from-external-load-balancers":""}},"spec":{"taints":[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]}}`, -+ expectedPatch: `{"metadata":{"labels":{"node-role.kubernetes.io/control-plane":"","node-role.kubernetes.io/master":"","node.kubernetes.io/exclude-from-external-load-balancers":""}},"spec":{"taints":[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]}}`, - }, - { - name: "control-plane label and taint missing but taint not wanted", - existingLabels: []string{""}, - existingTaints: nil, - newTaints: nil, -- expectedPatch: `{"metadata":{"labels":{"node-role.kubernetes.io/control-plane":"","node.kubernetes.io/exclude-from-external-load-balancers":""}}}`, -+ expectedPatch: `{"metadata":{"labels":{"node-role.kubernetes.io/control-plane":"","node-role.kubernetes.io/master":"","node.kubernetes.io/exclude-from-external-load-balancers":""}}}`, - }, - { - name: "control-plane label missing", - existingLabels: []string{""}, - existingTaints: []v1.Taint{kubeadmconstants.OldControlPlaneTaint}, - newTaints: []v1.Taint{kubeadmconstants.OldControlPlaneTaint}, -- expectedPatch: `{"metadata":{"labels":{"node-role.kubernetes.io/control-plane":"","node.kubernetes.io/exclude-from-external-load-balancers":""}}}`, -+ expectedPatch: `{"metadata":{"labels":{"node-role.kubernetes.io/control-plane":"","node-role.kubernetes.io/master":"","node.kubernetes.io/exclude-from-external-load-balancers":""}}}`, - }, - { - name: "control-plane taint missing", - existingLabels: []string{ -+ kubeadmconstants.LabelNodeRoleOldControlPlane, - kubeadmconstants.LabelNodeRoleControlPlane, - kubeadmconstants.LabelExcludeFromExternalLB, - }, -@@ -78,6 +79,7 @@ func TestMarkControlPlane(t *testing.T) { - { - name: "nothing missing", - existingLabels: []string{ -+ kubeadmconstants.LabelNodeRoleOldControlPlane, - kubeadmconstants.LabelNodeRoleControlPlane, - kubeadmconstants.LabelExcludeFromExternalLB, - }, -@@ -88,6 +90,7 @@ func TestMarkControlPlane(t *testing.T) { - { - name: "has taint and no new taints wanted", - existingLabels: []string{ -+ kubeadmconstants.LabelNodeRoleOldControlPlane, - kubeadmconstants.LabelNodeRoleControlPlane, - kubeadmconstants.LabelExcludeFromExternalLB, - }, -diff --git a/cmd/kubeadm/app/util/staticpod/utils.go b/cmd/kubeadm/app/util/staticpod/utils.go -index 75efc4f0f98..f0d8fed0d46 100644 ---- a/cmd/kubeadm/app/util/staticpod/utils.go -+++ b/cmd/kubeadm/app/util/staticpod/utils.go -@@ -287,6 +287,13 @@ func createHTTPProbe(host, path string, port int, scheme v1.URIScheme, initialDe - - // GetAPIServerProbeAddress returns the probe address for the API server - func GetAPIServerProbeAddress(endpoint *kubeadmapi.APIEndpoint) string { -+ // In the case of a self-hosted deployment, the initial host on which kubeadm --init is run, -+ // will generate a DaemonSet with a nodeSelector such that all nodes with the label -+ // node-role.kubernetes.io/master='' will have the API server deployed to it. Since the init -+ // is run only once on an initial host, the API advertise address will be invalid for any -+ // future hosts that do not have the same address. Furthermore, since liveness and readiness -+ // probes do not support the Downward API we cannot dynamically set the advertise address to -+ // the node's IP. The only option then is to use localhost. - if endpoint != nil && endpoint.AdvertiseAddress != "" { - return getProbeAddress(endpoint.AdvertiseAddress) - } --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-use-subpath-for-coredns-only-for-default-repo.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-use-subpath-for-coredns-only-for-default-repo.patch deleted file mode 100644 index f56c20ee0..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/Revert-use-subpath-for-coredns-only-for-default-repo.patch +++ /dev/null @@ -1,113 +0,0 @@ -From f9dd597f4e8c8c66f08d661efcbd29479e4e069d Mon Sep 17 00:00:00 2001 -From: Gleb Aronsky -Date: Tue, 25 Jan 2022 13:56:30 -0500 -Subject: [PATCH] Revert "use subpath for coredns only for default repository" - -This reverts commit 38a41e1557649a7cc763bf737779db9aa03ec75e. - -Co-authored-by: Jim Gauld -Signed-off-by: Gleb Aronsky - -diff --git a/cmd/kubeadm/app/constants/constants.go b/cmd/kubeadm/app/constants/constants.go -index c2b8f6e64be..b00ccea315e 100644 ---- a/cmd/kubeadm/app/constants/constants.go -+++ b/cmd/kubeadm/app/constants/constants.go -@@ -337,7 +337,7 @@ const ( - CoreDNSDeploymentName = "coredns" - - // CoreDNSImageName specifies the name of the image for CoreDNS add-on -- CoreDNSImageName = "coredns" -+ CoreDNSImageName = "coredns/coredns" - - // CoreDNSVersion is the version of CoreDNS to be deployed if it is used - CoreDNSVersion = "v1.8.6" -diff --git a/cmd/kubeadm/app/images/images.go b/cmd/kubeadm/app/images/images.go -index ee55eb6c995..bdb61caa373 100644 ---- a/cmd/kubeadm/app/images/images.go -+++ b/cmd/kubeadm/app/images/images.go -@@ -22,7 +22,6 @@ import ( - "k8s.io/klog/v2" - - kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" -- kubeadmapiv1beta2 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2" - "k8s.io/kubernetes/cmd/kubeadm/app/constants" - kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util" - ) -@@ -48,10 +47,6 @@ func GetDNSImage(cfg *kubeadmapi.ClusterConfiguration) string { - if cfg.DNS.ImageRepository != "" { - dnsImageRepository = cfg.DNS.ImageRepository - } -- // Handle the renaming of the official image from "k8s.gcr.io/coredns" to "k8s.gcr.io/coredns/coredns -- if dnsImageRepository == kubeadmapiv1beta2.DefaultImageRepository { -- dnsImageRepository = fmt.Sprintf("%s/coredns", dnsImageRepository) -- } - // DNS uses an imageTag that corresponds to the DNS version matching the Kubernetes version - dnsImageTag := constants.CoreDNSVersion - -diff --git a/cmd/kubeadm/app/images/images_test.go b/cmd/kubeadm/app/images/images_test.go -index 2b8affce236..91cd4294351 100644 ---- a/cmd/kubeadm/app/images/images_test.go -+++ b/cmd/kubeadm/app/images/images_test.go -@@ -22,7 +22,6 @@ import ( - "testing" - - kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" -- kubeadmapiv1beta2 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2" - "k8s.io/kubernetes/cmd/kubeadm/app/constants" - ) - -@@ -227,51 +226,4 @@ func TestGetAllImages(t *testing.T) { - } - } - --func TestGetDNSImage(t *testing.T) { -- var tests = []struct { -- expected string -- cfg *kubeadmapi.ClusterConfiguration -- }{ -- { -- expected: "foo.io/coredns:v1.8.6", -- cfg: &kubeadmapi.ClusterConfiguration{ -- ImageRepository: "foo.io", -- DNS: kubeadmapi.DNS{ -- Type: kubeadmapi.CoreDNS, -- }, -- }, -- }, -- { -- expected: kubeadmapiv1beta2.DefaultImageRepository + "/coredns/coredns:v1.8.6", -- cfg: &kubeadmapi.ClusterConfiguration{ -- ImageRepository: kubeadmapiv1beta2.DefaultImageRepository, -- DNS: kubeadmapi.DNS{ -- Type: kubeadmapi.CoreDNS, -- }, -- }, -- }, -- { -- expected: "foo.io/coredns/coredns:v1.8.6", -- cfg: &kubeadmapi.ClusterConfiguration{ -- ImageRepository: "foo.io", -- DNS: kubeadmapi.DNS{ -- Type: kubeadmapi.CoreDNS, -- ImageMeta: kubeadmapi.ImageMeta{ -- ImageRepository: "foo.io/coredns", -- }, -- }, -- }, -- }, -- } -- -- for _, test := range tests { -- actual := GetDNSImage(test.cfg) -- if actual != test.expected { -- t.Errorf( -- "failed to GetDNSImage:\n\texpected: %s\n\t actual: %s", -- test.expected, -- actual, -- ) -- } -- } - } --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/cpumanager-policy-static-test-refactor.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/cpumanager-policy-static-test-refactor.patch deleted file mode 100644 index d3af49202..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/cpumanager-policy-static-test-refactor.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 9ede7db445ff799d78fae4c20d9558962573ede7 Mon Sep 17 00:00:00 2001 -From: Sachin Gopala Krishna -Date: Tue, 11 Oct 2022 09:09:00 -0400 -Subject: [PATCH] cpumanager policy static test refactor - -This refactors the tests which were breaking due to changes in isolated -CPUs and reserved CPUs. - -Signed-off-by: Sachin Gopala Krishna - ---- - pkg/kubelet/cm/cpumanager/cpu_manager_test.go | 11 ++++++++--- - pkg/kubelet/cm/cpumanager/policy_static_test.go | 5 +++-- - 2 files changed, 11 insertions(+), 5 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -index 31e4d0585fb..87c4ae036ca 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -@@ -715,6 +715,8 @@ func TestCPUManagerRemove(t *testing.T) { - } - - func TestReconcileState(t *testing.T) { -+ testExcl := false -+ testDM, _ := devicemanager.NewManagerStub() - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 8, -@@ -733,8 +735,11 @@ func TestReconcileState(t *testing.T) { - }, - 0, - cpuset.NewCPUSet(), -+ cpuset.NewCPUSet(), - topologymanager.NewFakeManager(), -- nil) -+ nil, -+ testDM, -+ testExcl) - - testCases := []struct { - description string -@@ -1369,8 +1374,8 @@ func TestCPUManagerHandlePolicyOptions(t *testing.T) { - t.Errorf("cannot create state file: %s", err.Error()) - } - defer os.RemoveAll(sDir) -- -- _, err = NewManager(testCase.cpuPolicyName, testCase.cpuPolicyOptions, 5*time.Second, machineInfo, cpuset.NewCPUSet(), nodeAllocatableReservation, sDir, topologymanager.NewFakeManager()) -+ testDM, err := devicemanager.NewManagerStub() -+ _, err = NewManager(testCase.cpuPolicyName, testCase.cpuPolicyOptions, 5*time.Second, machineInfo, cpuset.NewCPUSet(), nodeAllocatableReservation, sDir, topologymanager.NewFakeManager(), testDM) - if err == nil { - t.Errorf("Expected error, but NewManager succeeded") - } -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index 39aaaf95b28..d0308556c6d 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -202,7 +202,6 @@ func TestStaticPolicyAdd(t *testing.T) { - largeTopoCPUSet := largeTopoBuilder.Result() - largeTopoSock0CPUSet := largeTopoSock0Builder.Result() - largeTopoSock1CPUSet := largeTopoSock1Builder.Result() -- testDM, _ := devicemanager.NewManagerStub() - // these are the cases which must behave the same regardless the policy options. - // So we will permutate the options to ensure this holds true. - optionsInsensitiveTestCases := []staticPolicyTest{ -@@ -576,6 +575,8 @@ func runStaticPolicyTestCase(t *testing.T, testCase staticPolicyTest) { - } - - func TestStaticPolicyReuseCPUs(t *testing.T) { -+ excludeReserved := false -+ testDM, _ := devicemanager.NewManagerStub() - testCases := []struct { - staticPolicyTest - expCSetAfterAlloc cpuset.CPUSet -@@ -692,7 +693,7 @@ func TestStaticPolicyRemove(t *testing.T) { - } - - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testDM, excludeReserved) - - st := &mockState{ - assignments: testCase.stAssignments, --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch deleted file mode 100644 index c1b5b79fd..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch +++ /dev/null @@ -1,169 +0,0 @@ -From 099b906fe716e4606bbb405632e0a80503d4a708 Mon Sep 17 00:00:00 2001 -From: Chris Friesen -Date: Fri, 3 Sep 2021 18:05:15 -0400 -Subject: [PATCH] kubeadm: create platform pods with zero CPU resources - -This specifies zero CPU resources when creating the manifests -for the static platform pods, as a workaround for the lack of -separate resource tracking for platform resources. - -This specifies zero CPU and Memory resources for the coredns -deployment. manifests.go is the main source file for this, -not sure if the coredns.yaml are used but they are updated to -be consistent. - -This specifies CPU limit of 1 for kube-apiserver pod so that it is -treated as a burstable QoS. This gives a boost of cgroup CPUShares -since the burstable cgroup parent has significantly more CPUShares -than best-effort on typical systems. This improves kube-apiserver -API responsiveness. - -This increases kube-apiserver Readiness probe periodSeconds to 10 -based on WRS/SS joint recommendation for minimum probe settings. -This reduces likelihood of kube-apiserver probe failure and -subsequent pod-restart under servere load. This also reduces CPU -demand. - -Signed-off-by: Daniel Safta -Signed-off-by: Boovan Rajendran -Signed-off-by: Jim Gauld ---- - cluster/addons/dns/coredns/coredns.yaml.base | 4 ++-- - cluster/addons/dns/coredns/coredns.yaml.in | 4 ++-- - cluster/addons/dns/coredns/coredns.yaml.sed | 4 ++-- - cmd/kubeadm/app/phases/addons/dns/manifests.go | 4 ++-- - .../app/phases/controlplane/manifests.go | 8 +++++--- - cmd/kubeadm/app/util/staticpod/utils.go | 17 ++++++++++++++++- - 6 files changed, 29 insertions(+), 12 deletions(-) - -diff --git a/cluster/addons/dns/coredns/coredns.yaml.base b/cluster/addons/dns/coredns/coredns.yaml.base -index dea3749f217..908fd2b246a 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.base -+++ b/cluster/addons/dns/coredns/coredns.yaml.base -@@ -145,8 +145,8 @@ spec: - limits: - memory: __DNS__MEMORY__LIMIT__ - requests: -- cpu: 100m -- memory: 70Mi -+ cpu: 0 -+ memory: 0 - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume -diff --git a/cluster/addons/dns/coredns/coredns.yaml.in b/cluster/addons/dns/coredns/coredns.yaml.in -index 808dd54b545..1bc9c632a3a 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.in -+++ b/cluster/addons/dns/coredns/coredns.yaml.in -@@ -145,8 +145,8 @@ spec: - limits: - memory: 'dns_memory_limit' - requests: -- cpu: 100m -- memory: 70Mi -+ cpu: 0 -+ memory: 0 - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume -diff --git a/cluster/addons/dns/coredns/coredns.yaml.sed b/cluster/addons/dns/coredns/coredns.yaml.sed -index 8788f41d31c..5be046ad844 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.sed -+++ b/cluster/addons/dns/coredns/coredns.yaml.sed -@@ -145,8 +145,8 @@ spec: - limits: - memory: $DNS_MEMORY_LIMIT - requests: -- cpu: 100m -- memory: 70Mi -+ cpu: 0 -+ memory: 0 - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume -diff --git a/cmd/kubeadm/app/phases/addons/dns/manifests.go b/cmd/kubeadm/app/phases/addons/dns/manifests.go -index 97c7f8b3e60..87df378cfc0 100644 ---- a/cmd/kubeadm/app/phases/addons/dns/manifests.go -+++ b/cmd/kubeadm/app/phases/addons/dns/manifests.go -@@ -95,8 +95,8 @@ spec: - limits: - memory: 170Mi - requests: -- cpu: 100m -- memory: 70Mi -+ cpu: 0 -+ memory: 0 - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume -diff --git a/cmd/kubeadm/app/phases/controlplane/manifests.go b/cmd/kubeadm/app/phases/controlplane/manifests.go -index 8cd0bf577cd..03e5739f5dc 100644 ---- a/cmd/kubeadm/app/phases/controlplane/manifests.go -+++ b/cmd/kubeadm/app/phases/controlplane/manifests.go -@@ -63,7 +63,9 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap - LivenessProbe: staticpodutil.LivenessProbe(staticpodutil.GetAPIServerProbeAddress(endpoint), "/livez", int(endpoint.BindPort), v1.URISchemeHTTPS), - ReadinessProbe: staticpodutil.ReadinessProbe(staticpodutil.GetAPIServerProbeAddress(endpoint), "/readyz", int(endpoint.BindPort), v1.URISchemeHTTPS), - StartupProbe: staticpodutil.StartupProbe(staticpodutil.GetAPIServerProbeAddress(endpoint), "/livez", int(endpoint.BindPort), v1.URISchemeHTTPS, cfg.APIServer.TimeoutForControlPlane), -- Resources: staticpodutil.ComponentResources("250m"), -+ // WRS: Increase kube-apiserver cgroup CPUShares to improve API responsiveness; -+ // achieved by setting CPU Limits to make it burstable QoS. -+ Resources: staticpodutil.ComponentLimitResources("0", "1"), - Env: kubeadmutil.GetProxyEnvVars(), - }, mounts.GetVolumes(kubeadmconstants.KubeAPIServer), - map[string]string{kubeadmconstants.KubeAPIServerAdvertiseAddressEndpointAnnotationKey: endpoint.String()}), -@@ -75,7 +77,7 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap - VolumeMounts: staticpodutil.VolumeMountMapToSlice(mounts.GetVolumeMounts(kubeadmconstants.KubeControllerManager)), - LivenessProbe: staticpodutil.LivenessProbe(staticpodutil.GetControllerManagerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeControllerManagerPort, v1.URISchemeHTTPS), - StartupProbe: staticpodutil.StartupProbe(staticpodutil.GetControllerManagerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeControllerManagerPort, v1.URISchemeHTTPS, cfg.APIServer.TimeoutForControlPlane), -- Resources: staticpodutil.ComponentResources("200m"), -+ Resources: staticpodutil.ComponentResources("0"), - Env: kubeadmutil.GetProxyEnvVars(), - }, mounts.GetVolumes(kubeadmconstants.KubeControllerManager), nil), - kubeadmconstants.KubeScheduler: staticpodutil.ComponentPod(v1.Container{ -@@ -86,7 +88,7 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap - VolumeMounts: staticpodutil.VolumeMountMapToSlice(mounts.GetVolumeMounts(kubeadmconstants.KubeScheduler)), - LivenessProbe: staticpodutil.LivenessProbe(staticpodutil.GetSchedulerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeSchedulerPort, v1.URISchemeHTTPS), - StartupProbe: staticpodutil.StartupProbe(staticpodutil.GetSchedulerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeSchedulerPort, v1.URISchemeHTTPS, cfg.APIServer.TimeoutForControlPlane), -- Resources: staticpodutil.ComponentResources("100m"), -+ Resources: staticpodutil.ComponentResources("0"), - Env: kubeadmutil.GetProxyEnvVars(), - }, mounts.GetVolumes(kubeadmconstants.KubeScheduler), nil), - } -diff --git a/cmd/kubeadm/app/util/staticpod/utils.go b/cmd/kubeadm/app/util/staticpod/utils.go -index 75efc4f0f98..46fa7a006ba 100644 ---- a/cmd/kubeadm/app/util/staticpod/utils.go -+++ b/cmd/kubeadm/app/util/staticpod/utils.go -@@ -92,6 +92,18 @@ func ComponentResources(cpu string) v1.ResourceRequirements { - } - } - -+// ComponentLimitResources returns the v1.ResourceRequirements object needed for allocating a specified amount of the CPU with Limits -+func ComponentLimitResources(cpu string, lcpu string) v1.ResourceRequirements { -+ return v1.ResourceRequirements{ -+ Requests: v1.ResourceList{ -+ v1.ResourceCPU: resource.MustParse(cpu), -+ }, -+ Limits: v1.ResourceList{ -+ v1.ResourceCPU: resource.MustParse(lcpu), -+ }, -+ } -+} -+ - // NewVolume creates a v1.Volume with a hostPath mount to the specified location - func NewVolume(name, path string, pathType *v1.HostPathType) v1.Volume { - return v1.Volume{ -@@ -252,7 +264,10 @@ func LivenessProbe(host, path string, port int, scheme v1.URIScheme) *v1.Probe { - func ReadinessProbe(host, path string, port int, scheme v1.URIScheme) *v1.Probe { - // sets initialDelaySeconds as '0' because we don't want to delay user infrastructure checks - // looking for "ready" status on kubeadm static Pods -- return createHTTPProbe(host, path, port, scheme, 0, 15, 3, 1) -+ // WRS/SS joint recommendation: All pods probes should have following minimum probe -+ // settings unless required by the service (initialDelaySecond 0, periodSeconds 10, -+ // timeoutSeconds 5, successThreshold 1, failureThreshold 3) -+ return createHTTPProbe(host, path, port, scheme, 0, 15, 3, 10) - } - - // StartupProbe creates a Probe object with a HTTPGet handler --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch deleted file mode 100644 index bc030acda..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 583589c3574ffd6e0376579316b30d2a2dcf82f8 Mon Sep 17 00:00:00 2001 -From: Ferdinando Terada -Date: Mon, 23 Dec 2024 17:53:09 -0300 -Subject: [PATCH] Adjust timeout for coredns readinessProbe - -The timeout value for the readinessProbe of CoreDNS was increased. -This adjustment was necessary to avoid issues during stress testing, -ensuring that the component can properly handle high-load situations -and prevent premature failure in readiness checks. ---- - cluster/addons/dns/coredns/coredns.yaml.base | 1 + - cluster/addons/dns/coredns/coredns.yaml.in | 1 + - cluster/addons/dns/coredns/coredns.yaml.sed | 1 + - cmd/kubeadm/app/phases/addons/dns/manifests.go | 1 + - 4 files changed, 4 insertions(+) - -diff --git a/cluster/addons/dns/coredns/coredns.yaml.base b/cluster/addons/dns/coredns/coredns.yaml.base -index 3a0fd7adb72..c8289f7c136 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.base -+++ b/cluster/addons/dns/coredns/coredns.yaml.base -@@ -170,6 +170,7 @@ spec: - path: /ready - port: 8181 - scheme: HTTP -+ timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: -diff --git a/cluster/addons/dns/coredns/coredns.yaml.in b/cluster/addons/dns/coredns/coredns.yaml.in -index 74b59584bc7..974c8337031 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.in -+++ b/cluster/addons/dns/coredns/coredns.yaml.in -@@ -170,6 +170,7 @@ spec: - path: /ready - port: 8181 - scheme: HTTP -+ timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: -diff --git a/cluster/addons/dns/coredns/coredns.yaml.sed b/cluster/addons/dns/coredns/coredns.yaml.sed -index 61afbecd9da..563a8980e07 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.sed -+++ b/cluster/addons/dns/coredns/coredns.yaml.sed -@@ -170,6 +170,7 @@ spec: - path: /ready - port: 8181 - scheme: HTTP -+ timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: -diff --git a/cmd/kubeadm/app/phases/addons/dns/manifests.go b/cmd/kubeadm/app/phases/addons/dns/manifests.go -index 2a2212d5d37..c0be57357e4 100644 ---- a/cmd/kubeadm/app/phases/addons/dns/manifests.go -+++ b/cmd/kubeadm/app/phases/addons/dns/manifests.go -@@ -135,6 +135,7 @@ spec: - path: /ready - port: 8181 - scheme: HTTP -+ timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: --- -2.34.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch deleted file mode 100644 index c12ee4f7b..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 52519a7549da1466d486c19dc5430850bcfdefee Mon Sep 17 00:00:00 2001 -From: Ramesh Kumar Sivanandam -Date: Fri, 15 Mar 2024 03:28:13 -0400 -Subject: [PATCH] kubeadm: reduce UpgradeManifestTimeout - -This modifies kubeadm UpgradeManifestTimeout from 5 minutes default -to 3 minutes to reduce the unnecessary delay in retries during -kubeadm-upgrade-apply failures. - -The typical control-plane upgrade of static pods is 75 to 85 seconds, -so 3 minutes gives adequate buffer to complete the operation. - -Signed-off-by: Ramesh Kumar Sivanandam ---- - cmd/kubeadm/app/phases/upgrade/staticpods.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cmd/kubeadm/app/phases/upgrade/staticpods.go b/cmd/kubeadm/app/phases/upgrade/staticpods.go -index 524a624c34f..37562342368 100644 ---- a/cmd/kubeadm/app/phases/upgrade/staticpods.go -+++ b/cmd/kubeadm/app/phases/upgrade/staticpods.go -@@ -46,7 +46,7 @@ import ( - - const ( - // UpgradeManifestTimeout is timeout of upgrading the static pod manifest -- UpgradeManifestTimeout = 5 * time.Minute -+ UpgradeManifestTimeout = 3 * time.Minute - ) - - // StaticPodPathManager is responsible for tracking the directories used in the static pod upgrade transition --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch deleted file mode 100644 index ee22dcfea..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 2e957044cbcde858abb9c46d177d5cf4ae1407df Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Wed, 30 Nov 2022 04:17:19 -0500 -Subject: [PATCH] kubelet CFS quota throttling for non integer cpulimit - -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/internal_container_lifecycle_linux.go | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/pkg/kubelet/cm/internal_container_lifecycle_linux.go b/pkg/kubelet/cm/internal_container_lifecycle_linux.go -index 75406dd8564..05366ab6fcb 100644 ---- a/pkg/kubelet/cm/internal_container_lifecycle_linux.go -+++ b/pkg/kubelet/cm/internal_container_lifecycle_linux.go -@@ -39,7 +39,11 @@ func (i *internalContainerLifecycleImpl) PreCreateContainer(pod *v1.Pod, contain - // Disable cgroup CFS throttle at the container level. - // /sys/fs/cgroup/cpu/k8s-infra/kubepods///cpu.cfs_quota_us - // /sys/fs/cgroup/cpu/k8s-infra/kubepods///cpu.cfs_period_us -- if i.cpuManager.GetCPUPolicy() == "static" && v1qos.GetPodQOS(pod) == v1.PodQOSGuaranteed { -+ // We can only set CpuQuota to -1 if we're allocating the entire CPU. -+ // For fractional CPUs the CpuQuota is needed to enforce the limit. -+ cpuQuantity := container.Resources.Requests[v1.ResourceCPU] -+ fractionalCpuQuantity := cpuQuantity.MilliValue()%1000 -+ if i.cpuManager.GetCPUPolicy() == "static" && v1qos.GetPodQOS(pod) == v1.PodQOSGuaranteed && fractionalCpuQuantity == 0 { - containerConfig.Linux.Resources.CpuPeriod = int64(100000) - containerConfig.Linux.Resources.CpuQuota = int64(-1) - } --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch deleted file mode 100644 index 19e341571..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch +++ /dev/null @@ -1,255 +0,0 @@ -From 95e547b2d3d0af6b0f2083c064bcbdbe39716250 Mon Sep 17 00:00:00 2001 -From: Sachin Gopala Krishna -Date: Mon, 3 Oct 2022 19:19:48 -0400 -Subject: [PATCH] kubelet cpumanager disable CFS quota throttling - -This disables CFS CPU quota to avoid performance degradation due to -Linux kernel CFS quota implementation. Note that 4.18 kernel attempts -to solve the CFS throttling problem, but there are reports that it is -not completely effective. - -This disables CFS quota throttling for Guaranteed pods for both -parent and container cgroups by writing -1 to cgroup cpu.cfs_quota_us. -Disabling has a dramatic latency improvement for HTTP response times. - -This patch is refactored in 1.22.5 due to new internal_container_lifecycle -framework. We leverage the same mechanism to set Linux resources as: -cpu manager: specify the container CPU set during the creation - -Co-authored-by: Jim Gauld -Signed-off-by: Sachin Gopala Krishna ---- - pkg/kubelet/cm/cpumanager/cpu_manager.go | 7 +++ - pkg/kubelet/cm/cpumanager/fake_cpu_manager.go | 10 ++++- - pkg/kubelet/cm/helpers_linux.go | 10 +++++ - pkg/kubelet/cm/helpers_linux_test.go | 43 ++++++++++--------- - .../cm/internal_container_lifecycle_linux.go | 9 ++++ - 5 files changed, 57 insertions(+), 22 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager.go b/pkg/kubelet/cm/cpumanager/cpu_manager.go -index dde49b6ec8c..df431b06601 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager.go -@@ -72,6 +72,9 @@ type Manager interface { - // State returns a read-only interface to the internal CPU manager state. - State() state.Reader - -+ // GetCPUPolicy returns the assigned CPU manager policy -+ GetCPUPolicy() string -+ - // GetTopologyHints implements the topologymanager.HintProvider Interface - // and is consulted to achieve NUMA aware resource alignment among this - // and other resource controllers. -@@ -314,6 +317,10 @@ func (m *manager) State() state.Reader { - return m.state - } - -+func (m *manager) GetCPUPolicy() string { -+ return m.policy.Name() -+} -+ - func (m *manager) GetTopologyHints(pod *v1.Pod, container *v1.Container) map[string][]topologymanager.TopologyHint { - // The pod is during the admission phase. We need to save the pod to avoid it - // being cleaned before the admission ended -diff --git a/pkg/kubelet/cm/cpumanager/fake_cpu_manager.go b/pkg/kubelet/cm/cpumanager/fake_cpu_manager.go -index 93369705135..2e277da9c84 100644 ---- a/pkg/kubelet/cm/cpumanager/fake_cpu_manager.go -+++ b/pkg/kubelet/cm/cpumanager/fake_cpu_manager.go -@@ -28,7 +28,8 @@ import ( - ) - - type fakeManager struct { -- state state.State -+ policy Policy -+ state state.State - } - - func (m *fakeManager) Start(activePods ActivePodsFunc, sourcesReady config.SourcesReady, podStatusProvider status.PodStatusProvider, containerRuntime runtimeService, initialContainers containermap.ContainerMap) error { -@@ -70,6 +71,10 @@ func (m *fakeManager) State() state.Reader { - return m.state - } - -+func (m *fakeManager) GetCPUPolicy() string { -+ return m.policy.Name() -+} -+ - func (m *fakeManager) GetExclusiveCPUs(podUID, containerName string) cpuset.CPUSet { - klog.InfoS("GetExclusiveCPUs", "podUID", podUID, "containerName", containerName) - return cpuset.CPUSet{} -@@ -88,6 +93,7 @@ func (m *fakeManager) GetCPUAffinity(podUID, containerName string) cpuset.CPUSet - // NewFakeManager creates empty/fake cpu manager - func NewFakeManager() Manager { - return &fakeManager{ -- state: state.NewMemoryState(), -+ policy: &nonePolicy{}, -+ state: state.NewMemoryState(), - } - } -diff --git a/pkg/kubelet/cm/helpers_linux.go b/pkg/kubelet/cm/helpers_linux.go -index 25ff3f13b82..e9ea6bab8dc 100644 ---- a/pkg/kubelet/cm/helpers_linux.go -+++ b/pkg/kubelet/cm/helpers_linux.go -@@ -182,6 +182,16 @@ func ResourceConfigForPod(pod *v1.Pod, enforceCPULimits bool, cpuPeriod uint64, - // build the result - result := &ResourceConfig{} - if qosClass == v1.PodQOSGuaranteed { -+ // Disable CFS CPU quota to avoid performance degradation due to -+ // Linux kernel CFS throttle implementation. -+ // NOTE: 4.18 kernel attempts to solve CFS throttling problem, -+ // but there are reports that it is not completely effective. -+ // This will configure cgroup CFS parameters at pod level: -+ // /sys/fs/cgroup/cpu/k8s-infra/kubepods//cpu.cfs_quota_us -+ // /sys/fs/cgroup/cpu/k8s-infra/kubepods//cpu.cfs_period_us -+ cpuQuota = int64(-1) -+ cpuPeriod = uint64(100000) -+ - result.CpuShares = &cpuShares - result.CpuQuota = &cpuQuota - result.CpuPeriod = &cpuPeriod -diff --git a/pkg/kubelet/cm/helpers_linux_test.go b/pkg/kubelet/cm/helpers_linux_test.go -index 101b21e682a..9b98fb7e1c1 100644 ---- a/pkg/kubelet/cm/helpers_linux_test.go -+++ b/pkg/kubelet/cm/helpers_linux_test.go -@@ -64,8 +64,9 @@ func TestResourceConfigForPod(t *testing.T) { - burstablePartialShares := MilliCPUToShares(200) - burstableQuota := MilliCPUToQuota(200, int64(defaultQuotaPeriod)) - guaranteedShares := MilliCPUToShares(100) -- guaranteedQuota := MilliCPUToQuota(100, int64(defaultQuotaPeriod)) -- guaranteedTunedQuota := MilliCPUToQuota(100, int64(tunedQuotaPeriod)) -+ guaranteedQuotaPeriod := uint64(100000) -+ guaranteedQuota := int64(-1) -+ guaranteedTunedQuota := int64(-1) - memoryQuantity = resource.MustParse("100Mi") - cpuNoLimit := int64(-1) - guaranteedMemory := memoryQuantity.Value() -@@ -204,8 +205,8 @@ func TestResourceConfigForPod(t *testing.T) { - }, - }, - enforceCPULimits: true, -- quotaPeriod: defaultQuotaPeriod, -- expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &guaranteedQuota, CpuPeriod: &defaultQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &guaranteedQuota, CpuPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-no-cpu-enforcement": { - pod: &v1.Pod{ -@@ -218,8 +219,8 @@ func TestResourceConfigForPod(t *testing.T) { - }, - }, - enforceCPULimits: false, -- quotaPeriod: defaultQuotaPeriod, -- expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &cpuNoLimit, CpuPeriod: &defaultQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &cpuNoLimit, CpuPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-with-tuned-quota": { - pod: &v1.Pod{ -@@ -232,8 +233,8 @@ func TestResourceConfigForPod(t *testing.T) { - }, - }, - enforceCPULimits: true, -- quotaPeriod: tunedQuotaPeriod, -- expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &guaranteedTunedQuota, CpuPeriod: &tunedQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &guaranteedTunedQuota, CpuPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-no-cpu-enforcement-with-tuned-quota": { - pod: &v1.Pod{ -@@ -246,8 +247,8 @@ func TestResourceConfigForPod(t *testing.T) { - }, - }, - enforceCPULimits: false, -- quotaPeriod: tunedQuotaPeriod, -- expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &cpuNoLimit, CpuPeriod: &tunedQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &cpuNoLimit, CpuPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "burstable-partial-limits-with-init-containers": { - pod: &v1.Pod{ -@@ -309,8 +310,10 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - burstablePartialShares := MilliCPUToShares(200) - burstableQuota := MilliCPUToQuota(200, int64(defaultQuotaPeriod)) - guaranteedShares := MilliCPUToShares(100) -- guaranteedQuota := MilliCPUToQuota(100, int64(defaultQuotaPeriod)) -- guaranteedTunedQuota := MilliCPUToQuota(100, int64(tunedQuotaPeriod)) -+ guaranteedQuotaPeriod := uint64(100000) -+ guaranteedQuota := int64(-1) -+ guaranteedTunedQuota := int64(-1) -+ - memoryQuantity = resource.MustParse("100Mi") - cpuNoLimit := int64(-1) - guaranteedMemory := memoryQuantity.Value() -@@ -449,8 +452,8 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - }, - }, - enforceCPULimits: true, -- quotaPeriod: defaultQuotaPeriod, -- expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &guaranteedQuota, CpuPeriod: &defaultQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &guaranteedQuota, CpuPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-no-cpu-enforcement": { - pod: &v1.Pod{ -@@ -463,8 +466,8 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - }, - }, - enforceCPULimits: false, -- quotaPeriod: defaultQuotaPeriod, -- expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &cpuNoLimit, CpuPeriod: &defaultQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &cpuNoLimit, CpuPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-with-tuned-quota": { - pod: &v1.Pod{ -@@ -477,8 +480,8 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - }, - }, - enforceCPULimits: true, -- quotaPeriod: tunedQuotaPeriod, -- expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &guaranteedTunedQuota, CpuPeriod: &tunedQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &guaranteedTunedQuota, CpuPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-no-cpu-enforcement-with-tuned-quota": { - pod: &v1.Pod{ -@@ -491,8 +494,8 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - }, - }, - enforceCPULimits: false, -- quotaPeriod: tunedQuotaPeriod, -- expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &cpuNoLimit, CpuPeriod: &tunedQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &cpuNoLimit, CpuPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - } - -diff --git a/pkg/kubelet/cm/internal_container_lifecycle_linux.go b/pkg/kubelet/cm/internal_container_lifecycle_linux.go -index cb7c0cfa543..75406dd8564 100644 ---- a/pkg/kubelet/cm/internal_container_lifecycle_linux.go -+++ b/pkg/kubelet/cm/internal_container_lifecycle_linux.go -@@ -25,6 +25,7 @@ import ( - - "k8s.io/api/core/v1" - runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1" -+ v1qos "k8s.io/kubernetes/pkg/apis/core/v1/helper/qos" - ) - - func (i *internalContainerLifecycleImpl) PreCreateContainer(pod *v1.Pod, container *v1.Container, containerConfig *runtimeapi.ContainerConfig) error { -@@ -35,6 +36,14 @@ func (i *internalContainerLifecycleImpl) PreCreateContainer(pod *v1.Pod, contain - } - } - -+ // Disable cgroup CFS throttle at the container level. -+ // /sys/fs/cgroup/cpu/k8s-infra/kubepods///cpu.cfs_quota_us -+ // /sys/fs/cgroup/cpu/k8s-infra/kubepods///cpu.cfs_period_us -+ if i.cpuManager.GetCPUPolicy() == "static" && v1qos.GetPodQOS(pod) == v1.PodQOSGuaranteed { -+ containerConfig.Linux.Resources.CpuPeriod = int64(100000) -+ containerConfig.Linux.Resources.CpuQuota = int64(-1) -+ } -+ - if i.memoryManager != nil { - numaNodes := i.memoryManager.GetMemoryNUMANodes(pod, container) - if numaNodes.Len() > 0 { --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch deleted file mode 100644 index 58693aa35..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch +++ /dev/null @@ -1,155 +0,0 @@ -From 42ecf1cfaee7f9a5f16643465a964cfda25efaec Mon Sep 17 00:00:00 2001 -From: Gleb Aronsky -Date: Tue, 15 Aug 2023 22:13:29 -0300 -Subject: [PATCH] kubelet cpumanager infra pods use system reserved CPUs - -This assigns system infrastructure pods to the "reserved" cpuset -to isolate them from the shared pool of CPUs. - -Infrastructure pods include any pods that belong to the kube-system, -armada, cert-manager, vault, platform-deployment-manager, portieris, -notification, flux-helm, metrics-server, node-feature-discovery, -intel-power, power-metrics or sriov-fec-system namespaces. - -The implementation is a bit simplistic, it is assumed that the -"reserved" cpuset is large enough to handle all infrastructure pods -CPU allocations. - -This also prevents infrastucture pods from using Guaranteed resources. - -Co-authored-by: Jim Gauld -Signed-off-by: Gleb Aronsky -Signed-off-by: Thiago Miranda -Signed-off-by: Kaustubh Dhokte -Signed-off-by: Marcos Silva -Signed-off-by: Alyson Deives Pereira -Signed-off-by: Marcos Silva - ---- - pkg/kubelet/cm/cpumanager/policy_static.go | 47 +++++++++++++++++-- - .../cm/cpumanager/policy_static_test.go | 19 +++++++- - 2 files changed, 61 insertions(+), 5 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index 09e0fc0ea0e..216b6ce9bf8 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -53,6 +53,11 @@ func (e SMTAlignmentError) Type() string { - return ErrorSMTAlignment - } - -+// Define namespaces used by platform infrastructure pods -+var infraNamespaces = [...]string{ -+ "kube-system", "armada", "cert-manager", "platform-deployment-manager", "portieris", "vault", "notification", "flux-helm", "metrics-server", "node-feature-discovery", "intel-power", "power-metrics", "sriov-fec-system", -+} -+ - // staticPolicy is a CPU manager policy that does not change CPU - // assignments for exclusively pinned guaranteed containers after the main - // container process starts. -@@ -121,10 +126,11 @@ func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reserv - klog.InfoS("Static policy created with configuration", "options", opts) - - policy := &staticPolicy{ -- topology: topology, -- affinity: affinity, -- cpusToReuse: make(map[string]cpuset.CPUSet), -- options: opts, -+ topology: topology, -+ affinity: affinity, -+ excludeReserved: excludeReserved, -+ cpusToReuse: make(map[string]cpuset.CPUSet), -+ options: opts, - } - - allCPUs := topology.CPUDetails.CPUs() -@@ -263,6 +269,25 @@ func (p *staticPolicy) updateCPUsToReuse(pod *v1.Pod, container *v1.Container, c - } - - func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Container) error { -+ // Process infra pods before guaranteed pods -+ if isKubeInfra(pod) { -+ // Container belongs in reserved pool. -+ // We don't want to fall through to the p.guaranteedCPUs() clause below so return either nil or error. -+ if _, ok := s.GetCPUSet(string(pod.UID), container.Name); ok { -+ klog.Infof("[cpumanager] static policy: reserved container already present in state, skipping (namespace: %s, pod UID: %s, pod: %s, container: %s)", pod.Namespace, string(pod.UID), pod.Name, container.Name) -+ return nil -+ } -+ -+ cpuset := p.reserved -+ if cpuset.IsEmpty() { -+ // If this happens then someone messed up. -+ return fmt.Errorf("[cpumanager] static policy: reserved container unable to allocate cpus (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v, reserved:%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset, p.reserved) -+ } -+ s.SetCPUSet(string(pod.UID), container.Name, cpuset) -+ klog.Infof("[cpumanager] static policy: reserved: AddContainer (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset) -+ return nil -+ } -+ - if numCPUs := p.guaranteedCPUs(pod, container); numCPUs != 0 { - klog.InfoS("Static policy: Allocate", "pod", klog.KObj(pod), "containerName", container.Name) - // container belongs in an exclusively allocated pool -@@ -382,6 +407,10 @@ func (p *staticPolicy) guaranteedCPUs(pod *v1.Pod, container *v1.Container) int - if cpuQuantity.Value()*1000 != cpuQuantity.MilliValue() { - return 0 - } -+ // Infrastructure pods use reserved CPUs even if they're in the Guaranteed QoS class -+ if isKubeInfra(pod) { -+ return 0 -+ } - // Safe downcast to do for all systems with < 2.1 billion CPUs. - // Per the language spec, `int` is guaranteed to be at least 32 bits wide. - // https://golang.org/ref/spec#Numeric_types -@@ -595,3 +624,13 @@ func (p *staticPolicy) generateCPUTopologyHints(availableCPUs cpuset.CPUSet, reu - - return hints - } -+ -+// check if a given pod is in a platform infrastructure namespace -+func isKubeInfra(pod *v1.Pod) bool { -+ for _, namespace := range infraNamespaces { -+ if namespace == pod.Namespace { -+ return true -+ } -+ } -+ return false -+} -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index edfb40d880e..7938f787a57 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -886,7 +886,8 @@ func TestStaticPolicyStartWithResvList(t *testing.T) { - } - - func TestStaticPolicyAddWithResvList(t *testing.T) { -- -+ infraPod := makePod("fakePod", "fakeContainer2", "200m", "200m") -+ infraPod.Namespace = "kube-system" - testCases := []staticPolicyTestWithResvList{ - { - description: "GuPodSingleCore, SingleSocketHT, ExpectError", -@@ -928,6 +929,22 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - expCPUAlloc: true, - expCSet: cpuset.NewCPUSet(4, 5), - }, -+ { -+ description: "InfraPod, SingleSocketHT, ExpectAllocReserved", -+ topo: topoSingleSocketHT, -+ numReservedCPUs: 2, -+ reserved: cpuset.NewCPUSet(0, 1), -+ stAssignments: state.ContainerCPUAssignments{ -+ "fakePod": map[string]cpuset.CPUSet{ -+ "fakeContainer100": cpuset.NewCPUSet(2, 3, 6, 7), -+ }, -+ }, -+ stDefaultCPUSet: cpuset.NewCPUSet(4, 5), -+ pod: infraPod, -+ expErr: nil, -+ expCPUAlloc: true, -+ expCSet: cpuset.NewCPUSet(0, 1), -+ }, - } - - testExcl := true --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch deleted file mode 100644 index 0c2220545..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch +++ /dev/null @@ -1,562 +0,0 @@ -From ae7fc7b39bfde784340068b388a13a28b4e76398 Mon Sep 17 00:00:00 2001 -From: Gleb Aronsky -Date: Tue, 25 Jan 2022 13:27:25 -0500 -Subject: [PATCH] kubelet cpumanager introduce concept of isolated CPUs - -This introduces the concept of "isolated CPUs", which are CPUs that -have been isolated at the kernel level via the "isolcpus" kernel boot -parameter. - -When starting the kubelet process, two separate sets of reserved CPUs -may be specified. With this change CPUs reserved via -'--system-reserved=cpu' will be used for infrastructure pods while the -isolated CPUs should be reserved via '--kube-reserved=cpu' to cause -kubelet to skip over them for "normal" CPU resource tracking. The -kubelet code will double-check that the specified isolated CPUs match -what the kernel exposes in "/sys/devices/system/cpu/isolated". - -A plugin (outside the scope of this commit) will expose the isolated -CPUs to kubelet via the device plugin API. - -If a pod specifies some number of "isolcpus" resources, the device -manager will allocate them. In this code we check whether such -resources have been allocated, and if so we set the container cpuset to -the isolated CPUs. This does mean that it really only makes sense to -specify "isolcpus" resources for best-effort or burstable pods, not for -guaranteed ones since that would throw off the accounting code. In -order to ensure the accounting still works as designed, if "isolcpus" -are specified for guaranteed pods, the affinity will be set to the -non-isolated CPUs. - -This patch was refactored in 1.21.3 due to upstream API change -node: podresources: make GetDevices() consistent -(commit ad68f9588c72d6477b5a290c548a9031063ac659). - -The routine podIsolCPUs() was refactored in 1.21.3 since the API -p.deviceManager.GetDevices() is returning multiple devices with -a device per cpu. The resultant cpuset needs to be the aggregate. - -The routine NewStaticPolicy was refactored in 1.22.5, adding a new argument -in its signature: cpuPolicyOptions map[string]string. This change is implies -shifting the new arguments(deviceManager, excludeReserved) with one position -to the right. - -Co-authored-by: Jim Gauld -Co-authored-by: Chris Friesen -Signed-off-by: Gleb Aronsky ---- - pkg/kubelet/cm/container_manager_linux.go | 1 + - pkg/kubelet/cm/cpumanager/cpu_manager.go | 35 +++++++- - pkg/kubelet/cm/cpumanager/cpu_manager_test.go | 14 +++- - pkg/kubelet/cm/cpumanager/policy_static.go | 83 +++++++++++++++++-- - .../cm/cpumanager/policy_static_test.go | 50 ++++++++--- - 5 files changed, 164 insertions(+), 19 deletions(-) - -diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go -index 0f09f3eb331..770922ca55d 100644 ---- a/pkg/kubelet/cm/container_manager_linux.go -+++ b/pkg/kubelet/cm/container_manager_linux.go -@@ -321,6 +321,7 @@ func NewContainerManager(mountUtil mount.Interface, cadvisorInterface cadvisor.I - cm.GetNodeAllocatableReservation(), - nodeConfig.KubeletRootDir, - cm.topologyManager, -+ cm.deviceManager, - ) - if err != nil { - klog.ErrorS(err, "Failed to initialize cpu manager") -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager.go b/pkg/kubelet/cm/cpumanager/cpu_manager.go -index 884c7323a79..ea466dbcd37 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager.go -@@ -18,7 +18,9 @@ package cpumanager - - import ( - "fmt" -+ "io/ioutil" - "math" -+ "strings" - "sync" - "time" - -@@ -32,6 +34,7 @@ import ( - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" - "k8s.io/kubernetes/pkg/kubelet/cm/cpuset" -+ "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - "k8s.io/kubernetes/pkg/kubelet/config" - kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" -@@ -50,6 +53,25 @@ type policyName string - // cpuManagerStateFileName is the file name where cpu manager stores its state - const cpuManagerStateFileName = "cpu_manager_state" - -+// get the system-level isolated CPUs -+func getIsolcpus() cpuset.CPUSet { -+ dat, err := ioutil.ReadFile("/sys/devices/system/cpu/isolated") -+ if err != nil { -+ klog.Errorf("[cpumanager] unable to read sysfs isolcpus subdir") -+ return cpuset.NewCPUSet() -+ } -+ -+ // The isolated cpus string ends in a newline -+ cpustring := strings.TrimSuffix(string(dat), "\n") -+ cset, err := cpuset.Parse(cpustring) -+ if err != nil { -+ klog.Errorf("[cpumanager] unable to parse sysfs isolcpus string to cpuset") -+ return cpuset.NewCPUSet() -+ } -+ -+ return cset -+} -+ - // Manager interface provides methods for Kubelet to manage pod cpus. - type Manager interface { - // Start is called during Kubelet initialization. -@@ -153,7 +175,8 @@ func (s *sourcesReadyStub) AddSource(source string) {} - func (s *sourcesReadyStub) AllReady() bool { return true } - - // NewManager creates new cpu manager based on provided policy --func NewManager(cpuPolicyName string, cpuPolicyOptions map[string]string, reconcilePeriod time.Duration, machineInfo *cadvisorapi.MachineInfo, specificCPUs cpuset.CPUSet, nodeAllocatableReservation v1.ResourceList, stateFileDirectory string, affinity topologymanager.Store) (Manager, error) { -+func NewManager(cpuPolicyName string, cpuPolicyOptions map[string]string, reconcilePeriod time.Duration, machineInfo *cadvisorapi.MachineInfo, specificCPUs cpuset.CPUSet, nodeAllocatableReservation v1.ResourceList, stateFileDirectory string, affinity topologymanager.Store, deviceManager devicemanager.Manager) (Manager, error) { -+ - var topo *topology.CPUTopology - var policy Policy - var err error -@@ -194,7 +217,15 @@ func NewManager(cpuPolicyName string, cpuPolicyOptions map[string]string, reconc - // NOTE: Set excludeReserved unconditionally to exclude reserved CPUs from default cpuset. - // This variable is primarily to make testing easier. - excludeReserved := true -- policy, err = NewStaticPolicy(topo, numReservedCPUs, specificCPUs, affinity, cpuPolicyOptions, excludeReserved) -+ -+ // isolCPUs is the set of kernel-isolated CPUs. They should be a subset of specificCPUs or -+ // of the CPUs that NewStaticPolicy() will pick if numReservedCPUs is set. It's only in the -+ // argument list here for ease of testing, it's really internal to the policy. -+ isolCPUs := getIsolcpus() -+ policy, err = NewStaticPolicy(topo, numReservedCPUs, specificCPUs, isolCPUs, affinity, cpuPolicyOptions, deviceManager, excludeReserved) -+ if err != nil { -+ return nil, fmt.Errorf("new static policy error: %v", err) -+ } - - if err != nil { - return nil, fmt.Errorf("new static policy error: %w", err) -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -index 2c8349662c4..31e4d0585fb 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -@@ -37,6 +37,7 @@ import ( - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" - "k8s.io/kubernetes/pkg/kubelet/cm/cpuset" -+ "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - ) - -@@ -215,6 +216,7 @@ func makeMultiContainerPod(initCPUs, appCPUs []struct{ request, limit string }) - } - - func TestCPUManagerAdd(t *testing.T) { -+ testDM, _ := devicemanager.NewManagerStub() - testExcl := false - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ -@@ -230,8 +232,10 @@ func TestCPUManagerAdd(t *testing.T) { - }, - 0, - cpuset.NewCPUSet(), -+ cpuset.NewCPUSet(), - topologymanager.NewFakeManager(), - nil, -+ testDM, - testExcl) - testCases := []struct { - description string -@@ -482,8 +486,9 @@ func TestCPUManagerAddWithInitContainers(t *testing.T) { - } - - testExcl := false -+ testDM, _ := devicemanager.NewManagerStub() - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testExcl) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testDM, testExcl) - - mockState := &mockState{ - assignments: testCase.stAssignments, -@@ -638,7 +643,9 @@ func TestCPUManagerGenerate(t *testing.T) { - } - defer os.RemoveAll(sDir) - -- mgr, err := NewManager(testCase.cpuPolicyName, nil, 5*time.Second, machineInfo, cpuset.NewCPUSet(), testCase.nodeAllocatableReservation, sDir, topologymanager.NewFakeManager()) -+ testDM, err := devicemanager.NewManagerStub() -+ mgr, err := NewManager(testCase.cpuPolicyName, nil, 5*time.Second, machineInfo, cpuset.NewCPUSet(), testCase.nodeAllocatableReservation, sDir, topologymanager.NewFakeManager(), testDM) -+ - if testCase.expectedError != nil { - if !strings.Contains(err.Error(), testCase.expectedError.Error()) { - t.Errorf("Unexpected error message. Have: %s wants %s", err.Error(), testCase.expectedError.Error()) -@@ -1232,6 +1239,7 @@ func TestReconcileState(t *testing.T) { - // the following tests are with --reserved-cpus configured - func TestCPUManagerAddWithResvList(t *testing.T) { - testExcl := false -+ testDM, _ := devicemanager.NewManagerStub() - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 4, -@@ -1246,8 +1254,10 @@ func TestCPUManagerAddWithResvList(t *testing.T) { - }, - 1, - cpuset.NewCPUSet(0), -+ cpuset.NewCPUSet(), - topologymanager.NewFakeManager(), - nil, -+ testDM, - testExcl) - testCases := []struct { - description string -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index a3c93a896df..d6fe69e7165 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -18,6 +18,7 @@ package cpumanager - - import ( - "fmt" -+ "strconv" - - v1 "k8s.io/api/core/v1" - "k8s.io/klog/v2" -@@ -25,6 +26,7 @@ import ( - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" - "k8s.io/kubernetes/pkg/kubelet/cm/cpuset" -+ "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager/bitmask" - ) -@@ -101,6 +103,10 @@ type staticPolicy struct { - topology *topology.CPUTopology - // set of CPUs that is not available for exclusive assignment - reserved cpuset.CPUSet -+ // subset of reserved CPUs with isolcpus attribute -+ isolcpus cpuset.CPUSet -+ // parent containerManager, used to get device list -+ deviceManager devicemanager.Manager - // If true, default CPUSet should exclude reserved CPUs - excludeReserved bool - // topology manager reference to get container Topology affinity -@@ -117,7 +123,8 @@ var _ Policy = &staticPolicy{} - // NewStaticPolicy returns a CPU manager policy that does not change CPU - // assignments for exclusively pinned guaranteed containers after the main - // container process starts. --func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reservedCPUs cpuset.CPUSet, affinity topologymanager.Store, cpuPolicyOptions map[string]string, excludeReserved bool) (Policy, error) { -+func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reservedCPUs cpuset.CPUSet, isolCPUs cpuset.CPUSet, affinity topologymanager.Store, cpuPolicyOptions map[string]string, deviceManager devicemanager.Manager, excludeReserved bool) (Policy, error) { -+ - opts, err := NewStaticPolicyOptions(cpuPolicyOptions) - if err != nil { - return nil, err -@@ -128,6 +135,8 @@ func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reserv - policy := &staticPolicy{ - topology: topology, - affinity: affinity, -+ isolcpus: isolCPUs, -+ deviceManager: deviceManager, - excludeReserved: excludeReserved, - cpusToReuse: make(map[string]cpuset.CPUSet), - options: opts, -@@ -154,6 +163,12 @@ func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reserv - klog.InfoS("Reserved CPUs not available for exclusive assignment", "reservedSize", reserved.Size(), "reserved", reserved) - policy.reserved = reserved - -+ if !isolCPUs.IsSubsetOf(reserved) { -+ klog.Errorf("[cpumanager] isolCPUs %v is not a subset of reserved %v", isolCPUs, reserved) -+ reserved = reserved.Union(isolCPUs) -+ klog.Warningf("[cpumanager] mismatch isolCPUs %v, force reserved %v", isolCPUs, reserved) -+ } -+ - return policy, nil - } - -@@ -187,8 +202,9 @@ func (p *staticPolicy) validateState(s state.State) error { - } else { - s.SetDefaultCPUSet(allCPUs) - } -- klog.Infof("[cpumanager] static policy: CPUSet: allCPUs:%v, reserved:%v, default:%v\n", -- allCPUs, p.reserved, s.GetDefaultCPUSet()) -+ klog.Infof("[cpumanager] static policy: CPUSet: allCPUs:%v, reserved:%v, isolcpus:%v, default:%v\n", -+ allCPUs, p.reserved, p.isolcpus, s.GetDefaultCPUSet()) -+ - return nil - } - -@@ -278,10 +294,11 @@ func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Contai - return nil - } - -- cpuset := p.reserved -+ cpuset := p.reserved.Clone().Difference(p.isolcpus) - if cpuset.IsEmpty() { - // If this happens then someone messed up. -- return fmt.Errorf("[cpumanager] static policy: reserved container unable to allocate cpus (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v, reserved:%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset, p.reserved) -+ return fmt.Errorf("[cpumanager] static policy: reserved container unable to allocate cpus (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v, reserved:%v, isolcpus:%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset, p.reserved, p.isolcpus) -+ - } - s.SetCPUSet(string(pod.UID), container.Name, cpuset) - klog.Infof("[cpumanager] static policy: reserved: AddContainer (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset) -@@ -325,8 +342,34 @@ func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Contai - } - s.SetCPUSet(string(pod.UID), container.Name, cpuset) - p.updateCPUsToReuse(pod, container, cpuset) -+ klog.Infof("[cpumanager] guaranteed: AddContainer "+ -+ "(namespace: %s, pod UID: %s, pod: %s, container: %s); numCPUS=%d, cpuset=%v", -+ pod.Namespace, string(pod.UID), pod.Name, container.Name, numCPUs, cpuset) -+ return nil -+ } - -+ if isolcpus := p.podIsolCPUs(pod, container); isolcpus.Size() > 0 { -+ // container has requested isolated CPUs -+ if set, ok := s.GetCPUSet(string(pod.UID), container.Name); ok { -+ if set.Equals(isolcpus) { -+ klog.Infof("[cpumanager] isolcpus container already present in state, skipping (namespace: %s, pod UID: %s, pod: %s, container: %s)", -+ pod.Namespace, string(pod.UID), pod.Name, container.Name) -+ return nil -+ } else { -+ klog.Infof("[cpumanager] isolcpus container state has cpus %v, should be %v (namespace: %s, pod UID: %s, pod: %s, container: %s)", -+ isolcpus, set, pod.Namespace, string(pod.UID), pod.Name, container.Name) -+ } -+ } -+ // Note that we do not do anything about init containers here. -+ // It looks like devices are allocated per-pod based on effective requests/limits -+ // and extra devices from initContainers are not freed up when the regular containers start. -+ // TODO: confirm this is still true for 1.20 -+ s.SetCPUSet(string(pod.UID), container.Name, isolcpus) -+ klog.Infof("[cpumanager] isolcpus: AddContainer (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v", -+ pod.Namespace, string(pod.UID), pod.Name, container.Name, isolcpus) -+ return nil - } -+ - // container belongs in the shared pool (nothing to do; use default cpuset) - return nil - } -@@ -634,3 +677,33 @@ func isKubeInfra(pod *v1.Pod) bool { - } - return false - } -+ -+// get the isolated CPUs (if any) from the devices associated with a specific container -+func (p *staticPolicy) podIsolCPUs(pod *v1.Pod, container *v1.Container) cpuset.CPUSet { -+ // NOTE: This is required for TestStaticPolicyAdd() since makePod() does -+ // not create UID. We also need a way to properly stub devicemanager. -+ if len(string(pod.UID)) == 0 { -+ return cpuset.NewCPUSet() -+ } -+ resContDevices := p.deviceManager.GetDevices(string(pod.UID), container.Name) -+ cpuSet := cpuset.NewCPUSet() -+ for resourceName, resourceDevs := range resContDevices { -+ // this resource name needs to match the isolcpus device plugin -+ if resourceName == "windriver.com/isolcpus" { -+ for devID, _ := range resourceDevs { -+ cpuStrList := []string{devID} -+ if len(cpuStrList) > 0 { -+ // loop over the list of strings, convert each one to int, add to cpuset -+ for _, cpuStr := range cpuStrList { -+ cpu, err := strconv.Atoi(cpuStr) -+ if err != nil { -+ panic(err) -+ } -+ cpuSet = cpuSet.Union(cpuset.NewCPUSet(cpu)) -+ } -+ } -+ } -+ } -+ } -+ return cpuSet -+} -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index d4b4b790210..ecd3e9598d0 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -25,6 +25,7 @@ import ( - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" - "k8s.io/kubernetes/pkg/kubelet/cm/cpuset" -+ "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager/bitmask" - ) -@@ -65,8 +66,9 @@ func (spt staticPolicyTest) PseudoClone() staticPolicyTest { - } - - func TestStaticPolicyName(t *testing.T) { -+ testDM, _ := devicemanager.NewManagerStub() - testExcl := false -- policy, _ := NewStaticPolicy(topoSingleSocketHT, 1, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testExcl) -+ policy, _ := NewStaticPolicy(topoSingleSocketHT, 1, cpuset.NewCPUSet(), cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testDM, testExcl) - - policyName := policy.Name() - if policyName != "static" { -@@ -76,6 +78,7 @@ func TestStaticPolicyName(t *testing.T) { - } - - func TestStaticPolicyStart(t *testing.T) { -+ testDM, _ := devicemanager.NewManagerStub() - testCases := []staticPolicyTest{ - { - description: "non-corrupted state", -@@ -151,7 +154,7 @@ func TestStaticPolicyStart(t *testing.T) { - } - for _, testCase := range testCases { - t.Run(testCase.description, func(t *testing.T) { -- p, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testCase.excludeReserved) -+ p, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testDM, testCase.excludeReserved) - - policy := p.(*staticPolicy) - st := &mockState{ -@@ -199,7 +202,7 @@ func TestStaticPolicyAdd(t *testing.T) { - largeTopoCPUSet := largeTopoBuilder.Result() - largeTopoSock0CPUSet := largeTopoSock0Builder.Result() - largeTopoSock1CPUSet := largeTopoSock1Builder.Result() -- -+ testDM, _ := devicemanager.NewManagerStub() - // these are the cases which must behave the same regardless the policy options. - // So we will permutate the options to ensure this holds true. - optionsInsensitiveTestCases := []staticPolicyTest{ -@@ -529,8 +532,9 @@ func TestStaticPolicyAdd(t *testing.T) { - } - - func runStaticPolicyTestCase(t *testing.T, testCase staticPolicyTest) { -+ testDM, _ := devicemanager.NewManagerStub() - testExcl := false -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), testCase.options, testExcl) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), cpuset.NewCPUSet(), topologymanager.NewFakeManager(), testCase.options, testDM, testExcl) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -596,7 +600,7 @@ func TestStaticPolicyReuseCPUs(t *testing.T) { - } - - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testCase.excludeReserved) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testDM, excludeReserved) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -629,6 +633,7 @@ func TestStaticPolicyReuseCPUs(t *testing.T) { - - func TestStaticPolicyRemove(t *testing.T) { - excludeReserved := false -+ testDM, _ := devicemanager.NewManagerStub() - testCases := []staticPolicyTest{ - { - description: "SingleSocketHT, DeAllocOneContainer", -@@ -710,6 +715,7 @@ func TestStaticPolicyRemove(t *testing.T) { - - func TestTopologyAwareAllocateCPUs(t *testing.T) { - excludeReserved := false -+ testDM, _ := devicemanager.NewManagerStub() - testCases := []struct { - description string - topo *topology.CPUTopology -@@ -778,7 +784,8 @@ func TestTopologyAwareAllocateCPUs(t *testing.T) { - }, - } - for _, tc := range testCases { -- p, _ := NewStaticPolicy(tc.topo, 0, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, excludeReserved) -+ p, _ := NewStaticPolicy(tc.topo, 0, cpuset.NewCPUSet(), cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testDM, excludeReserved) -+ - policy := p.(*staticPolicy) - st := &mockState{ - assignments: tc.stAssignments, -@@ -811,6 +818,7 @@ type staticPolicyTestWithResvList struct { - topo *topology.CPUTopology - numReservedCPUs int - reserved cpuset.CPUSet -+ isolcpus cpuset.CPUSet - stAssignments state.ContainerCPUAssignments - stDefaultCPUSet cpuset.CPUSet - pod *v1.Pod -@@ -821,6 +829,8 @@ type staticPolicyTestWithResvList struct { - } - - func TestStaticPolicyStartWithResvList(t *testing.T) { -+ testDM, _ := devicemanager.NewManagerStub() -+ testExcl := false - testCases := []staticPolicyTestWithResvList{ - { - description: "empty cpuset", -@@ -850,11 +860,9 @@ func TestStaticPolicyStartWithResvList(t *testing.T) { - expNewErr: fmt.Errorf("[cpumanager] unable to reserve the required amount of CPUs (size of 0-1 did not equal 1)"), - }, - } -- testExcl := false - for _, testCase := range testCases { - t.Run(testCase.description, func(t *testing.T) { -- p, err := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil, testExcl) -- -+ p, err := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testDM, testExcl) - if !reflect.DeepEqual(err, testCase.expNewErr) { - t.Errorf("StaticPolicy Start() error (%v). expected error: %v but got: %v", - testCase.description, testCase.expNewErr, err) -@@ -894,6 +902,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - topo: topoSingleSocketHT, - numReservedCPUs: 1, - reserved: cpuset.NewCPUSet(0), -+ isolcpus: cpuset.NewCPUSet(), - stAssignments: state.ContainerCPUAssignments{}, - stDefaultCPUSet: cpuset.NewCPUSet(1, 2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "8000m", "8000m"), -@@ -906,6 +915,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - topo: topoSingleSocketHT, - numReservedCPUs: 2, - reserved: cpuset.NewCPUSet(0, 1), -+ isolcpus: cpuset.NewCPUSet(), - stAssignments: state.ContainerCPUAssignments{}, - stDefaultCPUSet: cpuset.NewCPUSet(2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "1000m", "1000m"), -@@ -918,6 +928,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - topo: topoSingleSocketHT, - numReservedCPUs: 2, - reserved: cpuset.NewCPUSet(0, 1), -+ isolcpus: cpuset.NewCPUSet(), - stAssignments: state.ContainerCPUAssignments{ - "fakePod": map[string]cpuset.CPUSet{ - "fakeContainer100": cpuset.NewCPUSet(2, 3, 6, 7), -@@ -934,6 +945,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - topo: topoSingleSocketHT, - numReservedCPUs: 2, - reserved: cpuset.NewCPUSet(0, 1), -+ isolcpus: cpuset.NewCPUSet(), - stAssignments: state.ContainerCPUAssignments{ - "fakePod": map[string]cpuset.CPUSet{ - "fakeContainer100": cpuset.NewCPUSet(2, 3, 6, 7), -@@ -945,11 +957,29 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - expCPUAlloc: true, - expCSet: cpuset.NewCPUSet(0, 1), - }, -+ { -+ description: "InfraPod, SingleSocketHT, Isolcpus, ExpectAllocReserved", -+ topo: topoSingleSocketHT, -+ numReservedCPUs: 2, -+ reserved: cpuset.NewCPUSet(0, 1), -+ isolcpus: cpuset.NewCPUSet(1), -+ stAssignments: state.ContainerCPUAssignments{ -+ "fakePod": map[string]cpuset.CPUSet{ -+ "fakeContainer100": cpuset.NewCPUSet(2, 3, 6, 7), -+ }, -+ }, -+ stDefaultCPUSet: cpuset.NewCPUSet(4, 5), -+ pod: infraPod, -+ expErr: nil, -+ expCPUAlloc: true, -+ expCSet: cpuset.NewCPUSet(0), -+ }, - } - - testExcl := true -+ testDM, _ := devicemanager.NewManagerStub() - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil, testExcl) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, testCase.isolcpus, topologymanager.NewFakeManager(), nil, testDM, testExcl) - - st := &mockState{ - assignments: testCase.stAssignments, --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch deleted file mode 100644 index cbb83b52f..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch +++ /dev/null @@ -1,303 +0,0 @@ -From c827ea3b075774c9c72c33d38c973d05276cb7ac Mon Sep 17 00:00:00 2001 -From: Sachin Gopala Krishna -Date: Mon, 3 Oct 2022 19:22:14 -0400 -Subject: [PATCH] kubelet cpumanager keep normal containers off reserved CPUs - -When starting the kubelet process, two separate sets of reserved CPUs -may be specified. With this change CPUs reserved via -'--system-reserved=cpu' -or '--kube-reserved=cpu' will be ignored by kubernetes itself. A small -tweak to the default CPU affinity ensures that "normal" Kubernetes -pods won't run on the reserved CPUs. - -Co-authored-by: Jim Gauld -Signed-off-by: Sachin Gopala Krishna - ---- - pkg/kubelet/cm/cpumanager/cpu_manager.go | 6 +++- - pkg/kubelet/cm/cpumanager/cpu_manager_test.go | 11 ++++-- - pkg/kubelet/cm/cpumanager/policy_static.go | 29 +++++++++++---- - .../cm/cpumanager/policy_static_test.go | 36 ++++++++++++++----- - 4 files changed, 63 insertions(+), 19 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager.go b/pkg/kubelet/cm/cpumanager/cpu_manager.go -index df431b06601..884c7323a79 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager.go -@@ -191,7 +191,11 @@ func NewManager(cpuPolicyName string, cpuPolicyOptions map[string]string, reconc - // exclusively allocated. - reservedCPUsFloat := float64(reservedCPUs.MilliValue()) / 1000 - numReservedCPUs := int(math.Ceil(reservedCPUsFloat)) -- policy, err = NewStaticPolicy(topo, numReservedCPUs, specificCPUs, affinity, cpuPolicyOptions) -+ // NOTE: Set excludeReserved unconditionally to exclude reserved CPUs from default cpuset. -+ // This variable is primarily to make testing easier. -+ excludeReserved := true -+ policy, err = NewStaticPolicy(topo, numReservedCPUs, specificCPUs, affinity, cpuPolicyOptions, excludeReserved) -+ - if err != nil { - return nil, fmt.Errorf("new static policy error: %w", err) - } -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -index 9b3e24fc3b2..2c8349662c4 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -@@ -215,6 +215,7 @@ func makeMultiContainerPod(initCPUs, appCPUs []struct{ request, limit string }) - } - - func TestCPUManagerAdd(t *testing.T) { -+ testExcl := false - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 4, -@@ -230,7 +231,8 @@ func TestCPUManagerAdd(t *testing.T) { - 0, - cpuset.NewCPUSet(), - topologymanager.NewFakeManager(), -- nil) -+ nil, -+ testExcl) - testCases := []struct { - description string - updateErr error -@@ -479,8 +481,9 @@ func TestCPUManagerAddWithInitContainers(t *testing.T) { - }, - } - -+ testExcl := false - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testExcl) - - mockState := &mockState{ - assignments: testCase.stAssignments, -@@ -1228,6 +1231,7 @@ func TestReconcileState(t *testing.T) { - // above test cases are without kubelet --reserved-cpus cmd option - // the following tests are with --reserved-cpus configured - func TestCPUManagerAddWithResvList(t *testing.T) { -+ testExcl := false - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 4, -@@ -1243,7 +1247,8 @@ func TestCPUManagerAddWithResvList(t *testing.T) { - 1, - cpuset.NewCPUSet(0), - topologymanager.NewFakeManager(), -- nil) -+ nil, -+ testExcl) - testCases := []struct { - description string - updateErr error -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index a872b389c46..09e0fc0ea0e 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -96,6 +96,8 @@ type staticPolicy struct { - topology *topology.CPUTopology - // set of CPUs that is not available for exclusive assignment - reserved cpuset.CPUSet -+ // If true, default CPUSet should exclude reserved CPUs -+ excludeReserved bool - // topology manager reference to get container Topology affinity - affinity topologymanager.Store - // set of CPUs to reuse across allocations in a pod -@@ -110,7 +112,7 @@ var _ Policy = &staticPolicy{} - // NewStaticPolicy returns a CPU manager policy that does not change CPU - // assignments for exclusively pinned guaranteed containers after the main - // container process starts. --func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reservedCPUs cpuset.CPUSet, affinity topologymanager.Store, cpuPolicyOptions map[string]string) (Policy, error) { -+func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reservedCPUs cpuset.CPUSet, affinity topologymanager.Store, cpuPolicyOptions map[string]string, excludeReserved bool) (Policy, error) { - opts, err := NewStaticPolicyOptions(cpuPolicyOptions) - if err != nil { - return nil, err -@@ -172,7 +174,15 @@ func (p *staticPolicy) validateState(s state.State) error { - } - // state is empty initialize - allCPUs := p.topology.CPUDetails.CPUs() -- s.SetDefaultCPUSet(allCPUs) -+ if p.excludeReserved { -+ // Exclude reserved CPUs from the default CPUSet to keep containers off them -+ // unless explicitly affined. -+ s.SetDefaultCPUSet(allCPUs.Difference(p.reserved)) -+ } else { -+ s.SetDefaultCPUSet(allCPUs) -+ } -+ klog.Infof("[cpumanager] static policy: CPUSet: allCPUs:%v, reserved:%v, default:%v\n", -+ allCPUs, p.reserved, s.GetDefaultCPUSet()) - return nil - } - -@@ -180,11 +190,12 @@ func (p *staticPolicy) validateState(s state.State) error { - // 1. Check if the reserved cpuset is not part of default cpuset because: - // - kube/system reserved have changed (increased) - may lead to some containers not being able to start - // - user tampered with file -- if !p.reserved.Intersection(tmpDefaultCPUset).Equals(p.reserved) { -- return fmt.Errorf("not all reserved cpus: \"%s\" are present in defaultCpuSet: \"%s\"", -- p.reserved.String(), tmpDefaultCPUset.String()) -+ if !p.excludeReserved { -+ if !p.reserved.Intersection(tmpDefaultCPUset).Equals(p.reserved) { -+ return fmt.Errorf("not all reserved cpus: \"%s\" are present in defaultCpuSet: \"%s\"", -+ p.reserved.String(), tmpDefaultCPUset.String()) -+ } - } -- - // 2. Check if state for static policy is consistent - for pod := range tmpAssignments { - for container, cset := range tmpAssignments[pod] { -@@ -211,6 +222,9 @@ func (p *staticPolicy) validateState(s state.State) error { - } - } - totalKnownCPUs = totalKnownCPUs.UnionAll(tmpCPUSets) -+ if p.excludeReserved { -+ totalKnownCPUs = totalKnownCPUs.Union(p.reserved) -+ } - if !totalKnownCPUs.Equals(p.topology.CPUDetails.CPUs()) { - return fmt.Errorf("current set of available CPUs \"%s\" doesn't match with CPUs in state \"%s\"", - p.topology.CPUDetails.CPUs().String(), totalKnownCPUs.String()) -@@ -310,6 +324,9 @@ func (p *staticPolicy) RemoveContainer(s state.State, podUID string, containerNa - cpusInUse := getAssignedCPUsOfSiblings(s, podUID, containerName) - if toRelease, ok := s.GetCPUSet(podUID, containerName); ok { - s.Delete(podUID, containerName) -+ if p.excludeReserved { -+ toRelease = toRelease.Difference(p.reserved) -+ } - // Mutate the shared pool, adding released cpus. - toRelease = toRelease.Difference(cpusInUse) - s.SetDefaultCPUSet(s.GetDefaultCPUSet().Union(toRelease)) -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index 4e3255fff01..edfb40d880e 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -33,6 +33,7 @@ type staticPolicyTest struct { - description string - topo *topology.CPUTopology - numReservedCPUs int -+ excludeReserved bool - podUID string - options map[string]string - containerName string -@@ -64,7 +65,8 @@ func (spt staticPolicyTest) PseudoClone() staticPolicyTest { - } - - func TestStaticPolicyName(t *testing.T) { -- policy, _ := NewStaticPolicy(topoSingleSocketHT, 1, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil) -+ testExcl := false -+ policy, _ := NewStaticPolicy(topoSingleSocketHT, 1, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testExcl) - - policyName := policy.Name() - if policyName != "static" { -@@ -94,6 +96,15 @@ func TestStaticPolicyStart(t *testing.T) { - stDefaultCPUSet: cpuset.NewCPUSet(), - expCSet: cpuset.NewCPUSet(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11), - }, -+ { -+ description: "empty cpuset exclude reserved", -+ topo: topoDualSocketHT, -+ numReservedCPUs: 2, -+ excludeReserved: true, -+ stAssignments: state.ContainerCPUAssignments{}, -+ stDefaultCPUSet: cpuset.NewCPUSet(), -+ expCSet: cpuset.NewCPUSet(1, 2, 3, 4, 5, 7, 8, 9, 10, 11), -+ }, - { - description: "reserved cores 0 & 6 are not present in available cpuset", - topo: topoDualSocketHT, -@@ -140,7 +151,8 @@ func TestStaticPolicyStart(t *testing.T) { - } - for _, testCase := range testCases { - t.Run(testCase.description, func(t *testing.T) { -- p, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil) -+ p, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testCase.excludeReserved) -+ - policy := p.(*staticPolicy) - st := &mockState{ - assignments: testCase.stAssignments, -@@ -517,7 +529,8 @@ func TestStaticPolicyAdd(t *testing.T) { - } - - func runStaticPolicyTestCase(t *testing.T, testCase staticPolicyTest) { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), testCase.options) -+ testExcl := false -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), testCase.options, testExcl) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -583,7 +596,7 @@ func TestStaticPolicyReuseCPUs(t *testing.T) { - } - - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testCase.excludeReserved) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -615,6 +628,7 @@ func TestStaticPolicyReuseCPUs(t *testing.T) { - } - - func TestStaticPolicyRemove(t *testing.T) { -+ excludeReserved := false - testCases := []staticPolicyTest{ - { - description: "SingleSocketHT, DeAllocOneContainer", -@@ -695,6 +709,7 @@ func TestStaticPolicyRemove(t *testing.T) { - } - - func TestTopologyAwareAllocateCPUs(t *testing.T) { -+ excludeReserved := false - testCases := []struct { - description string - topo *topology.CPUTopology -@@ -763,7 +778,7 @@ func TestTopologyAwareAllocateCPUs(t *testing.T) { - }, - } - for _, tc := range testCases { -- p, _ := NewStaticPolicy(tc.topo, 0, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil) -+ p, _ := NewStaticPolicy(tc.topo, 0, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, excludeReserved) - policy := p.(*staticPolicy) - st := &mockState{ - assignments: tc.stAssignments, -@@ -835,9 +850,11 @@ func TestStaticPolicyStartWithResvList(t *testing.T) { - expNewErr: fmt.Errorf("[cpumanager] unable to reserve the required amount of CPUs (size of 0-1 did not equal 1)"), - }, - } -+ testExcl := false - for _, testCase := range testCases { - t.Run(testCase.description, func(t *testing.T) { -- p, err := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil) -+ p, err := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil, testExcl) -+ - if !reflect.DeepEqual(err, testCase.expNewErr) { - t.Errorf("StaticPolicy Start() error (%v). expected error: %v but got: %v", - testCase.description, testCase.expNewErr, err) -@@ -877,7 +894,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - numReservedCPUs: 1, - reserved: cpuset.NewCPUSet(0), - stAssignments: state.ContainerCPUAssignments{}, -- stDefaultCPUSet: cpuset.NewCPUSet(0, 1, 2, 3, 4, 5, 6, 7), -+ stDefaultCPUSet: cpuset.NewCPUSet(1, 2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "8000m", "8000m"), - expErr: fmt.Errorf("not enough cpus available to satisfy request"), - expCPUAlloc: false, -@@ -889,7 +906,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - numReservedCPUs: 2, - reserved: cpuset.NewCPUSet(0, 1), - stAssignments: state.ContainerCPUAssignments{}, -- stDefaultCPUSet: cpuset.NewCPUSet(0, 1, 2, 3, 4, 5, 6, 7), -+ stDefaultCPUSet: cpuset.NewCPUSet(2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "1000m", "1000m"), - expErr: nil, - expCPUAlloc: true, -@@ -913,8 +930,9 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - }, - } - -+ testExcl := true - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil, testExcl) - - st := &mockState{ - assignments: testCase.stAssignments, --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch deleted file mode 100644 index a58e47d5b..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch +++ /dev/null @@ -1,50 +0,0 @@ -From ba9ab333c8b7dca5252e604837914293dc232732 Mon Sep 17 00:00:00 2001 -From: Jim Gauld -Date: Fri, 11 Feb 2022 11:06:35 -0500 -Subject: [PATCH] kubelet: sort isolcpus allocation when SMT enabled - -The existing device manager code returns CPUs as devices in unsorted -order. This numerically sorts isolcpus allocations when SMT/HT is -enabled on the host. This logs SMT pairs, singletons, and algorithm -order details to make the algorithm understandable. - -Signed-off-by: Jim Gauld ---- - pkg/kubelet/cm/devicemanager/manager.go | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/pkg/kubelet/cm/devicemanager/manager.go b/pkg/kubelet/cm/devicemanager/manager.go -index 609da8ed86b..a4b247714f7 100644 ---- a/pkg/kubelet/cm/devicemanager/manager.go -+++ b/pkg/kubelet/cm/devicemanager/manager.go -@@ -686,7 +686,16 @@ func order_devices_by_sibling(devices sets.String, needed int) ([]string, error) - return cpu_lst[0] - } - } -+ //Make post-analysis of selection algorithm obvious by numerical sorting -+ //the available isolated cpu_id. -+ cpu_ids := make([]int, 0, int(devices.Len())) - for cpu_id := range devices { -+ cpu_id_, _ := strconv.Atoi(cpu_id) -+ cpu_ids = append(cpu_ids, cpu_id_) -+ } -+ sort.Ints(cpu_ids) -+ for _, _cpu_id := range cpu_ids { -+ cpu_id := strconv.Itoa(_cpu_id) - // If we've already found cpu_id as a sibling, skip it. - if _, ok := _iterated_cpu[cpu_id]; ok { - continue -@@ -728,7 +737,9 @@ func order_devices_by_sibling(devices sets.String, needed int) ([]string, error) - } - } - } -- //klog.Infof("needed=%d ordered_cpu_list=%v", needed, dev_lst) -+ //This algorithm will get some attention. Show minimal details. -+ klog.Infof("order_devices_by_sibling: needed=%d, smtpairs=%v, singletons=%v, order=%v", -+ needed, sibling_lst, single_lst, dev_lst) - return dev_lst, nil - } - func smt_enabled() bool { --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch deleted file mode 100644 index dbc28d503..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 95b7b6e1ddb25511c67a3d4018f62df1e76ee7bc Mon Sep 17 00:00:00 2001 -From: Tao Wang -Date: Tue, 25 Jan 2022 19:25:45 -0500 -Subject: [PATCH] kubernetes: make isolcpus allocation SMT-aware - -Enhance isolcpus support in Kubernetes to allocate isolated SMT -siblings to the same container when SMT/HT is enabled on the host. - -As it stands, the device manager code in Kubernetes is not SMT-aware -(since normally it doesn't deal with CPUs). However, StarlingX -exposes isolated CPUs as devices and if possible we want to allocate -all SMT siblings from a CPU core to the same container in order to -minimize cross- container interference due to resource contention -within the CPU core. - -The solution is basically to take the list of isolated CPUs and -re-order it so that the SMT siblings are next to each other. That -way the existing resource selection code will allocate the siblings -together. As an optimization, if it is known that an odd number -of isolated CPUs are desired, a singleton SMT sibling will be -inserted into the list to avoid breaking up sibling pairs. - -Signed-off-by: Tao Wang ---- - pkg/kubelet/cm/devicemanager/manager.go | 84 ++++++++++++++++++++++++- - 1 file changed, 83 insertions(+), 1 deletion(-) - -diff --git a/pkg/kubelet/cm/devicemanager/manager.go b/pkg/kubelet/cm/devicemanager/manager.go -index 60de14a9..609da8ed 100644 ---- a/pkg/kubelet/cm/devicemanager/manager.go -+++ b/pkg/kubelet/cm/devicemanager/manager.go -@@ -19,11 +19,14 @@ package devicemanager - import ( - "context" - "fmt" -+ "io/ioutil" - "net" - "os" - "path/filepath" - "runtime" - "sort" -+ "strconv" -+ "strings" - "sync" - "time" - -@@ -41,6 +44,7 @@ import ( - "k8s.io/kubernetes/pkg/features" - "k8s.io/kubernetes/pkg/kubelet/checkpointmanager" - "k8s.io/kubernetes/pkg/kubelet/checkpointmanager/errors" -+ "k8s.io/kubernetes/pkg/kubelet/cm/cpuset" - "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/checkpoint" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - "k8s.io/kubernetes/pkg/kubelet/config" -@@ -667,6 +671,75 @@ func (m *ManagerImpl) UpdateAllocatedDevices() { - m.allocatedDevices = m.podDevices.devices() - } - -+//Given a list of isolated CPUs in 'devices', and the number of desired CPUs in 'needed', -+//return an ordered list of isolated CPUs such that the first 'needed' CPUs in the list -+//contain as many hyperthread sibling pairs as possible. -+func order_devices_by_sibling(devices sets.String, needed int) ([]string, error) { -+ var dev_lst []string -+ var single_lst []string -+ sibling_lst := make([]string, 0, int(devices.Len())) -+ _iterated_cpu := make(map[string]string) -+ get_sibling := func(cpu string, cpu_lst []string) string { -+ if cpu_lst[0] == cpu { -+ return cpu_lst[1] -+ } else { -+ return cpu_lst[0] -+ } -+ } -+ for cpu_id := range devices { -+ // If we've already found cpu_id as a sibling, skip it. -+ if _, ok := _iterated_cpu[cpu_id]; ok { -+ continue -+ } -+ devPath := fmt.Sprintf("/sys/devices/system/cpu/cpu%s/topology/thread_siblings_list", cpu_id) -+ dat, err := ioutil.ReadFile(devPath) -+ if err != nil { -+ return dev_lst, fmt.Errorf("Can't read cpu[%s] thread_siblings_list", cpu_id) -+ } -+ cpustring := strings.TrimSuffix(string(dat), "\n") -+ cpu_pair_set, err := cpuset.Parse(cpustring) -+ if err != nil { -+ return dev_lst, fmt.Errorf("Unable to parse thread_siblings_list[%s] string to cpuset", cpustring) -+ } -+ var cpu_pair_lst []string -+ for _, v := range cpu_pair_set.ToSlice() { -+ cpu_pair_lst = append(cpu_pair_lst, strconv.Itoa(v)) -+ } -+ sibling_cpu_id := get_sibling(cpu_id, cpu_pair_lst) -+ if _, ok := devices[sibling_cpu_id]; ok { -+ sibling_lst = append(sibling_lst, cpu_id, sibling_cpu_id) -+ _iterated_cpu[sibling_cpu_id] = "" -+ } else { -+ single_lst = append(single_lst, cpu_id) -+ } -+ _iterated_cpu[cpu_id] = "" -+ } -+ if needed%2 == 0 { -+ dev_lst = append(sibling_lst, single_lst...) -+ } else { -+ if len(single_lst) > 1 { -+ _tmp_list := append(sibling_lst, single_lst[1:]...) -+ dev_lst = append(single_lst[0:1], _tmp_list...) -+ } else { -+ if len(single_lst) == 0 { -+ dev_lst = sibling_lst -+ } else { -+ dev_lst = append(single_lst, sibling_lst...) -+ } -+ } -+ } -+ //klog.Infof("needed=%d ordered_cpu_list=%v", needed, dev_lst) -+ return dev_lst, nil -+} -+func smt_enabled() bool { -+ dat, _ := ioutil.ReadFile("/sys/devices/system/cpu/smt/active") -+ state := strings.TrimSuffix(string(dat), "\n") -+ if state == "0" { -+ return false -+ } -+ return true -+} -+ - // Returns list of device Ids we need to allocate with Allocate rpc call. - // Returns empty list in case we don't need to issue the Allocate rpc call. - func (m *ManagerImpl) devicesToAllocate(podUID, contName, resource string, required int, reusableDevices sets.String) (sets.String, error) { -@@ -702,7 +775,16 @@ func (m *ManagerImpl) devicesToAllocate(podUID, contName, resource string, requi - // Create a closure to help with device allocation - // Returns 'true' once no more devices need to be allocated. - allocateRemainingFrom := func(devices sets.String) bool { -- for device := range devices.Difference(allocated) { -+ availableDevices := devices.Difference(allocated).List() -+ // If we're dealing with isolcpus and SMT is enabled, reorder to group SMT siblings together. -+ if resource == "windriver.com/isolcpus" && len(devices) > 0 && smt_enabled() { -+ var err error -+ availableDevices, err = order_devices_by_sibling(devices.Difference(allocated), needed) -+ if err != nil { -+ klog.Errorf("error in order_devices_by_sibling: %v", err) -+ } -+ } -+ for _, device := range availableDevices { - m.allocatedDevices[resource].Insert(device) - allocated.Insert(device) - needed-- --- -2.22.5 - diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubernetes-pull-117892-vendor-bump-runc-to-1.1.6.patch b/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubernetes-pull-117892-vendor-bump-runc-to-1.1.6.patch deleted file mode 100644 index 045e3e996..000000000 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/patches/kubernetes-pull-117892-vendor-bump-runc-to-1.1.6.patch +++ /dev/null @@ -1,23798 +0,0 @@ -From 2c12977ea5ce40ebc413fc4b1c425b41ad561418 Mon Sep 17 00:00:00 2001 -From: Kir Kolyshkin -Date: Tue, 9 May 2023 11:21:56 -0700 -Subject: [PATCH] kubernetes pull 117892 vendor bump runc to 1.1.6 - -This reduces the number of log entries in daemon.log reducing the cpu -usage during platform upgrade. - -This issue comes from the integration of the Misc controller in -Kernel 5.13 . Problem comes from a discrepancy between the code -creating the "Misc" Cgroup and the code cleaning the Cgroup that -doesn't handle the "Misc" Cgroup, leaving it behind. runc integrated -a fix in 1.1.6, HOWEVER kubelet depends on runc's cgroup libraries. -In order to clean up pods using the new "Misc" controller, -runc cgroup library need to be updated to be aware of it. -So even if our system run 1.1.6 but kubelet is not build -with these library, the problem occurs. - -Cherry-pick of: https://github.com/kubernetes/kubernetes/pull/117892/ -([1.24] vendor: bump runc to 1.1.6) - -Signed-off-by: Saba Touheed Mujawar ---- - go.mod | 31 +- - go.sum | 37 +- - staging/src/k8s.io/api/go.mod | 2 + - staging/src/k8s.io/api/go.sum | 8 +- - .../src/k8s.io/apiextensions-apiserver/go.mod | 7 + - .../src/k8s.io/apiextensions-apiserver/go.sum | 28 +- - staging/src/k8s.io/apimachinery/go.mod | 3 +- - staging/src/k8s.io/apimachinery/go.sum | 10 +- - staging/src/k8s.io/apiserver/go.mod | 8 +- - staging/src/k8s.io/apiserver/go.sum | 20 +- - staging/src/k8s.io/cli-runtime/go.mod | 5 +- - staging/src/k8s.io/cli-runtime/go.sum | 16 +- - staging/src/k8s.io/client-go/go.mod | 6 +- - staging/src/k8s.io/client-go/go.sum | 16 +- - staging/src/k8s.io/cloud-provider/go.mod | 5 + - staging/src/k8s.io/cloud-provider/go.sum | 21 +- - staging/src/k8s.io/cluster-bootstrap/go.mod | 2 + - staging/src/k8s.io/cluster-bootstrap/go.sum | 8 +- - .../src/k8s.io/code-generator/examples/go.sum | 21 +- - staging/src/k8s.io/code-generator/go.mod | 6 +- - staging/src/k8s.io/code-generator/go.sum | 21 +- - staging/src/k8s.io/component-base/go.mod | 5 +- - staging/src/k8s.io/component-base/go.sum | 16 +- - staging/src/k8s.io/component-helpers/go.mod | 4 + - staging/src/k8s.io/component-helpers/go.sum | 16 +- - staging/src/k8s.io/controller-manager/go.mod | 5 + - staging/src/k8s.io/controller-manager/go.sum | 20 +- - staging/src/k8s.io/cri-api/go.mod | 5 +- - staging/src/k8s.io/cri-api/go.sum | 12 +- - staging/src/k8s.io/csi-translation-lib/go.mod | 2 + - staging/src/k8s.io/csi-translation-lib/go.sum | 8 +- - staging/src/k8s.io/kube-aggregator/go.mod | 8 +- - staging/src/k8s.io/kube-aggregator/go.sum | 28 +- - .../src/k8s.io/kube-controller-manager/go.mod | 2 + - .../src/k8s.io/kube-controller-manager/go.sum | 8 +- - staging/src/k8s.io/kube-proxy/go.mod | 2 + - staging/src/k8s.io/kube-proxy/go.sum | 8 +- - staging/src/k8s.io/kube-scheduler/go.mod | 2 + - staging/src/k8s.io/kube-scheduler/go.sum | 10 + - staging/src/k8s.io/kubectl/go.mod | 5 +- - staging/src/k8s.io/kubectl/go.sum | 16 +- - staging/src/k8s.io/kubelet/go.mod | 3 + - staging/src/k8s.io/kubelet/go.sum | 12 +- - .../src/k8s.io/legacy-cloud-providers/go.mod | 4 + - .../src/k8s.io/legacy-cloud-providers/go.sum | 16 +- - staging/src/k8s.io/metrics/go.mod | 6 + - staging/src/k8s.io/metrics/go.sum | 25 +- - .../src/k8s.io/pod-security-admission/go.mod | 5 + - .../src/k8s.io/pod-security-admission/go.sum | 20 +- - staging/src/k8s.io/sample-apiserver/go.mod | 7 + - staging/src/k8s.io/sample-apiserver/go.sum | 28 +- - staging/src/k8s.io/sample-cli-plugin/go.mod | 4 + - staging/src/k8s.io/sample-cli-plugin/go.sum | 16 +- - staging/src/k8s.io/sample-controller/go.mod | 6 + - staging/src/k8s.io/sample-controller/go.sum | 25 +- - .../runc/libcontainer/README.md | 16 - - .../libcontainer/cgroups/ebpf/ebpf_linux.go | 2 +- - .../runc/libcontainer/cgroups/fs/fs.go | 1 + - .../libcontainer/cgroups/systemd/common.go | 70 +- - .../libcontainer/cgroups/systemd/cpuset.go | 5 + - .../runc/libcontainer/cgroups/systemd/dbus.go | 8 +- - .../runc/libcontainer/cgroups/systemd/v1.go | 12 +- - .../runc/libcontainer/cgroups/systemd/v2.go | 2 +- - .../runc/libcontainer/cgroups/utils.go | 6 +- - .../configs/validate/validator.go | 5 +- - .../runc/libcontainer/container_linux.go | 2 +- - .../runc/libcontainer/eaccess_go119.go | 17 + - .../runc/libcontainer/eaccess_stub.go | 10 + - .../runc/libcontainer/factory_linux.go | 12 +- - .../runc/libcontainer/init_linux.go | 5 +- - .../runc/libcontainer/process_linux.go | 4 - - .../runc/libcontainer/rootfs_linux.go | 85 +- - .../runc/libcontainer/seccomp/config.go | 16 +- - .../seccomp/patchbpf/enosys_linux.go | 48 +- - .../libcontainer/seccomp/seccomp_linux.go | 6 +- - .../runc/libcontainer/standard_init_linux.go | 8 + - .../opencontainers/runc/libcontainer/sync.go | 14 +- - .../runc/libcontainer/user/user.go | 14 +- - .../seccomp/libseccomp-golang/.golangci.yml | 4 + - .../seccomp/libseccomp-golang/.travis.yml | 57 - - .../seccomp/libseccomp-golang/CONTRIBUTING.md | 26 +- - .../seccomp/libseccomp-golang/Makefile | 7 +- - .../seccomp/libseccomp-golang/README.md | 24 +- - .../seccomp/libseccomp-golang/SECURITY.md | 47 + - .../seccomp/libseccomp-golang/seccomp.go | 253 +- - .../libseccomp-golang/seccomp_internal.go | 175 +- - vendor/golang.org/x/mod/module/module.go | 8 +- - vendor/golang.org/x/net/html/doc.go | 15 + - vendor/golang.org/x/net/html/escape.go | 81 + - vendor/golang.org/x/net/html/render.go | 2 +- - vendor/golang.org/x/net/html/token.go | 7 +- - .../x/sync/singleflight/singleflight.go | 11 +- - vendor/golang.org/x/sys/cpu/hwcap_linux.go | 15 + - vendor/golang.org/x/sys/cpu/runtime_auxv.go | 16 + - .../x/sys/cpu/runtime_auxv_go121.go | 19 + - vendor/golang.org/x/sys/execabs/execabs.go | 2 +- - .../golang.org/x/sys/execabs/execabs_go118.go | 18 + - .../golang.org/x/sys/execabs/execabs_go119.go | 21 + - vendor/golang.org/x/sys/unix/ioctl.go | 17 +- - vendor/golang.org/x/sys/unix/ioctl_zos.go | 8 +- - vendor/golang.org/x/sys/unix/ptrace_darwin.go | 6 + - vendor/golang.org/x/sys/unix/ptrace_ios.go | 6 + - vendor/golang.org/x/sys/unix/syscall_aix.go | 5 +- - vendor/golang.org/x/sys/unix/syscall_bsd.go | 3 +- - .../golang.org/x/sys/unix/syscall_darwin.go | 12 +- - .../x/sys/unix/syscall_darwin_amd64.go | 1 + - .../x/sys/unix/syscall_darwin_arm64.go | 1 + - .../x/sys/unix/syscall_dragonfly.go | 1 + - .../golang.org/x/sys/unix/syscall_freebsd.go | 52 + - .../x/sys/unix/syscall_freebsd_386.go | 8 + - .../x/sys/unix/syscall_freebsd_amd64.go | 8 + - .../x/sys/unix/syscall_freebsd_arm.go | 7 + - .../x/sys/unix/syscall_freebsd_arm64.go | 7 + - .../x/sys/unix/syscall_freebsd_riscv64.go | 61 + - vendor/golang.org/x/sys/unix/syscall_hurd.go | 30 + - vendor/golang.org/x/sys/unix/syscall_linux.go | 36 +- - .../golang.org/x/sys/unix/syscall_netbsd.go | 5 +- - .../golang.org/x/sys/unix/syscall_openbsd.go | 1 + - .../golang.org/x/sys/unix/syscall_solaris.go | 85 +- - .../x/sys/unix/syscall_zos_s390x.go | 4 +- - vendor/golang.org/x/sys/unix/zerrors_linux.go | 10 +- - .../x/sys/unix/zptrace_armnn_linux.go | 8 +- - .../x/sys/unix/zptrace_linux_arm64.go | 4 +- - .../x/sys/unix/zptrace_mipsnn_linux.go | 8 +- - .../x/sys/unix/zptrace_mipsnnle_linux.go | 8 +- - .../x/sys/unix/zptrace_x86_linux.go | 8 +- - .../golang.org/x/sys/unix/zsyscall_aix_ppc.go | 10 + - .../x/sys/unix/zsyscall_aix_ppc64.go | 10 + - .../x/sys/unix/zsyscall_aix_ppc64_gc.go | 7 + - .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go | 8 + - .../x/sys/unix/zsyscall_darwin_amd64.go | 16 + - .../x/sys/unix/zsyscall_darwin_arm64.go | 16 + - .../x/sys/unix/zsyscall_dragonfly_amd64.go | 10 + - .../x/sys/unix/zsyscall_freebsd_386.go | 20 + - .../x/sys/unix/zsyscall_freebsd_amd64.go | 20 + - .../x/sys/unix/zsyscall_freebsd_arm.go | 39 + - .../x/sys/unix/zsyscall_freebsd_arm64.go | 20 + - .../x/sys/unix/zsyscall_freebsd_riscv64.go | 1919 ++++++++++++++ - .../golang.org/x/sys/unix/zsyscall_linux.go | 10 + - .../x/sys/unix/zsyscall_netbsd_386.go | 10 + - .../x/sys/unix/zsyscall_netbsd_amd64.go | 10 + - .../x/sys/unix/zsyscall_netbsd_arm.go | 10 + - .../x/sys/unix/zsyscall_netbsd_arm64.go | 10 + - .../x/sys/unix/zsyscall_openbsd_386.go | 15 + - .../x/sys/unix/zsyscall_openbsd_amd64.go | 15 + - .../x/sys/unix/zsyscall_openbsd_arm.go | 15 + - .../x/sys/unix/zsyscall_openbsd_arm64.go | 15 + - .../x/sys/unix/zsyscall_openbsd_mips64.go | 15 + - .../x/sys/unix/zsyscall_openbsd_ppc64.go | 2243 +++++++++++++++++ - .../x/sys/unix/zsyscall_openbsd_riscv64.go | 2243 +++++++++++++++++ - .../x/sys/unix/zsyscall_solaris_amd64.go | 11 + - .../x/sys/unix/zsyscall_zos_s390x.go | 10 + - .../x/sys/unix/ztypes_freebsd_386.go | 2 +- - .../x/sys/unix/ztypes_freebsd_amd64.go | 2 +- - .../x/sys/unix/ztypes_freebsd_arm.go | 2 +- - .../x/sys/unix/ztypes_freebsd_arm64.go | 2 +- - .../x/sys/unix/ztypes_freebsd_riscv64.go | 638 +++++ - vendor/golang.org/x/sys/unix/ztypes_linux.go | 1732 ++++++++++++- - .../golang.org/x/sys/unix/ztypes_linux_386.go | 2 +- - .../x/sys/unix/ztypes_linux_amd64.go | 2 +- - .../golang.org/x/sys/unix/ztypes_linux_arm.go | 2 +- - .../x/sys/unix/ztypes_linux_arm64.go | 2 +- - .../x/sys/unix/ztypes_linux_loong64.go | 691 +++++ - .../x/sys/unix/ztypes_linux_mips.go | 2 +- - .../x/sys/unix/ztypes_linux_mips64.go | 2 +- - .../x/sys/unix/ztypes_linux_mips64le.go | 2 +- - .../x/sys/unix/ztypes_linux_mipsle.go | 2 +- - .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 2 +- - .../x/sys/unix/ztypes_linux_ppc64.go | 2 +- - .../x/sys/unix/ztypes_linux_ppc64le.go | 2 +- - .../x/sys/unix/ztypes_linux_riscv64.go | 2 +- - .../x/sys/unix/ztypes_linux_s390x.go | 2 +- - .../x/sys/unix/ztypes_linux_sparc64.go | 2 +- - .../x/sys/windows/syscall_windows.go | 6 +- - .../golang.org/x/sys/windows/types_windows.go | 133 + - .../x/sys/windows/zsyscall_windows.go | 27 + - .../x/text/encoding/internal/internal.go | 2 +- - .../x/text/unicode/norm/forminfo.go | 2 +- - .../x/tools/container/intsets/sparse.go | 2 +- - .../x/tools/go/gcexportdata/gcexportdata.go | 33 +- - .../go/internal/gcimporter/gcimporter.go | 1084 -------- - .../golang.org/x/tools/go/packages/golist.go | 26 +- - .../x/tools/go/packages/packages.go | 87 +- - .../internal/fastwalk/fastwalk_darwin.go | 119 + - .../internal/fastwalk/fastwalk_dirent_ino.go | 6 +- - .../fastwalk/fastwalk_dirent_namlen_bsd.go | 4 +- - .../tools/internal/fastwalk/fastwalk_unix.go | 4 +- - .../{go => }/internal/gcimporter/bexport.go | 9 +- - .../{go => }/internal/gcimporter/bimport.go | 0 - .../internal/gcimporter/exportdata.go | 0 - .../x/tools/internal/gcimporter/gcimporter.go | 265 ++ - .../{go => }/internal/gcimporter/iexport.go | 198 +- - .../{go => }/internal/gcimporter/iimport.go | 112 +- - .../internal/gcimporter/newInterface10.go | 0 - .../internal/gcimporter/newInterface11.go | 0 - .../internal/gcimporter/support_go117.go | 0 - .../internal/gcimporter/support_go118.go | 14 + - .../x/tools/internal/gcimporter/unified_no.go | 10 + - .../tools/internal/gcimporter/unified_yes.go | 10 + - .../x/tools/internal/gcimporter/ureader_no.go | 19 + - .../tools/internal/gcimporter/ureader_yes.go | 738 ++++++ - .../x/tools/internal/gocommand/invoke.go | 83 +- - .../x/tools/internal/gocommand/version.go | 36 +- - .../x/tools/internal/imports/fix.go | 18 +- - .../x/tools/internal/imports/mod.go | 29 +- - .../x/tools/internal/imports/sortimports.go | 1 + - .../x/tools/internal/imports/zstdlib.go | 633 +++-- - .../x/tools/internal/pkgbits/codes.go | 77 + - .../x/tools/internal/pkgbits/decoder.go | 517 ++++ - .../x/tools/internal/pkgbits/doc.go | 32 + - .../x/tools/internal/pkgbits/encoder.go | 383 +++ - .../x/tools/internal/pkgbits/flags.go | 9 + - .../x/tools/internal/pkgbits/frames_go1.go | 21 + - .../x/tools/internal/pkgbits/frames_go17.go | 28 + - .../x/tools/internal/pkgbits/reloc.go | 42 + - .../x/tools/internal/pkgbits/support.go | 17 + - .../x/tools/internal/pkgbits/sync.go | 113 + - .../internal/pkgbits/syncmarker_string.go | 89 + - .../internal/tokeninternal/tokeninternal.go | 59 + - .../tools/internal/typesinternal/errorcode.go | 196 +- - .../typesinternal/errorcode_string.go | 40 +- - vendor/modules.txt | 63 +- - 222 files changed, 15307 insertions(+), 2139 deletions(-) - create mode 100644 vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go - create mode 100644 vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go - create mode 100644 vendor/github.com/seccomp/libseccomp-golang/.golangci.yml - delete mode 100644 vendor/github.com/seccomp/libseccomp-golang/.travis.yml - create mode 100644 vendor/github.com/seccomp/libseccomp-golang/SECURITY.md - create mode 100644 vendor/golang.org/x/sys/cpu/runtime_auxv.go - create mode 100644 vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go - create mode 100644 vendor/golang.org/x/sys/execabs/execabs_go118.go - create mode 100644 vendor/golang.org/x/sys/execabs/execabs_go119.go - create mode 100644 vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go - create mode 100644 vendor/golang.org/x/sys/unix/syscall_hurd.go - create mode 100644 vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go - create mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go - create mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go - create mode 100644 vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go - create mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go - delete mode 100644 vendor/golang.org/x/tools/go/internal/gcimporter/gcimporter.go - create mode 100644 vendor/golang.org/x/tools/internal/fastwalk/fastwalk_darwin.go - rename vendor/golang.org/x/tools/{go => }/internal/gcimporter/bexport.go (99%) - rename vendor/golang.org/x/tools/{go => }/internal/gcimporter/bimport.go (100%) - rename vendor/golang.org/x/tools/{go => }/internal/gcimporter/exportdata.go (100%) - create mode 100644 vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go - rename vendor/golang.org/x/tools/{go => }/internal/gcimporter/iexport.go (78%) - rename vendor/golang.org/x/tools/{go => }/internal/gcimporter/iimport.go (86%) - rename vendor/golang.org/x/tools/{go => }/internal/gcimporter/newInterface10.go (100%) - rename vendor/golang.org/x/tools/{go => }/internal/gcimporter/newInterface11.go (100%) - rename vendor/golang.org/x/tools/{go => }/internal/gcimporter/support_go117.go (100%) - rename vendor/golang.org/x/tools/{go => }/internal/gcimporter/support_go118.go (62%) - create mode 100644 vendor/golang.org/x/tools/internal/gcimporter/unified_no.go - create mode 100644 vendor/golang.org/x/tools/internal/gcimporter/unified_yes.go - create mode 100644 vendor/golang.org/x/tools/internal/gcimporter/ureader_no.go - create mode 100644 vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go - create mode 100644 vendor/golang.org/x/tools/internal/pkgbits/codes.go - create mode 100644 vendor/golang.org/x/tools/internal/pkgbits/decoder.go - create mode 100644 vendor/golang.org/x/tools/internal/pkgbits/doc.go - create mode 100644 vendor/golang.org/x/tools/internal/pkgbits/encoder.go - create mode 100644 vendor/golang.org/x/tools/internal/pkgbits/flags.go - create mode 100644 vendor/golang.org/x/tools/internal/pkgbits/frames_go1.go - create mode 100644 vendor/golang.org/x/tools/internal/pkgbits/frames_go17.go - create mode 100644 vendor/golang.org/x/tools/internal/pkgbits/reloc.go - create mode 100644 vendor/golang.org/x/tools/internal/pkgbits/support.go - create mode 100644 vendor/golang.org/x/tools/internal/pkgbits/sync.go - create mode 100644 vendor/golang.org/x/tools/internal/pkgbits/syncmarker_string.go - create mode 100644 vendor/golang.org/x/tools/internal/tokeninternal/tokeninternal.go - -diff --git a/go.mod b/go.mod -index 16e9a0c81b0..0f261d1e439 100644 ---- a/go.mod -+++ b/go.mod -@@ -63,7 +63,7 @@ require ( - github.com/mvdan/xurls v1.1.0 - github.com/onsi/ginkgo v1.14.0 - github.com/onsi/gomega v1.10.1 -- github.com/opencontainers/runc v1.1.1 -+ github.com/opencontainers/runc v1.1.6 - github.com/opencontainers/selinux v1.10.0 - github.com/pkg/errors v0.9.1 - github.com/pmezard/go-difflib v1.0.0 -@@ -88,13 +88,13 @@ require ( - go.uber.org/zap v1.19.0 - golang.org/x/crypto v0.0.0-20220214200702-86341886e292 - golang.org/x/exp v0.0.0-20210220032938-85be41e4509f // indirect -- golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd -+ golang.org/x/net v0.8.0 - golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 -- golang.org/x/sync v0.0.0-20210220032951-036812b2e83c -- golang.org/x/sys v0.0.0-20220209214540-3681064d5158 -- golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 -+ golang.org/x/sync v0.1.0 -+ golang.org/x/sys v0.6.0 -+ golang.org/x/term v0.6.0 - golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 -- golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717 -+ golang.org/x/tools v0.6.0 - gonum.org/v1/gonum v0.6.2 - gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e // indirect - google.golang.org/api v0.46.0 -@@ -337,7 +337,7 @@ replace ( - github.com/onsi/gomega => github.com/onsi/gomega v1.10.1 - github.com/opencontainers/go-digest => github.com/opencontainers/go-digest v1.0.0 - github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2 -- github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.1 -+ github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.6 - github.com/opencontainers/runtime-spec => github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 - github.com/opencontainers/selinux => github.com/opencontainers/selinux v1.10.0 - github.com/opentracing/opentracing-go => github.com/opentracing/opentracing-go v1.1.0 -@@ -358,8 +358,9 @@ replace ( - github.com/rubiojr/go-vhd => github.com/rubiojr/go-vhd v0.0.0-20200706105327-02e210299021 - github.com/russross/blackfriday => github.com/russross/blackfriday v1.5.2 - github.com/russross/blackfriday/v2 => github.com/russross/blackfriday/v2 v2.1.0 -- github.com/seccomp/libseccomp-golang => github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921 -+ github.com/seccomp/libseccomp-golang => github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 - github.com/sergi/go-diff => github.com/sergi/go-diff v1.1.0 -+ github.com/shurcooL/sanitized_anchor_name => github.com/shurcooL/sanitized_anchor_name v1.0.0 - github.com/sirupsen/logrus => github.com/sirupsen/logrus v1.8.1 - github.com/smartystreets/assertions => github.com/smartystreets/assertions v1.1.0 - github.com/smartystreets/goconvey => github.com/smartystreets/goconvey v1.6.4 -@@ -413,15 +414,15 @@ replace ( - golang.org/x/image => golang.org/x/image v0.0.0-20190802002840-cff245a6509b - golang.org/x/lint => golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 - golang.org/x/mobile => golang.org/x/mobile v0.0.0-20201217150744-e6ae53a27f4f -- golang.org/x/mod => golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 -- golang.org/x/net => golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd -+ golang.org/x/mod => golang.org/x/mod v0.8.0 -+ golang.org/x/net => golang.org/x/net v0.8.0 - golang.org/x/oauth2 => golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 -- golang.org/x/sync => golang.org/x/sync v0.0.0-20210220032951-036812b2e83c -- golang.org/x/sys => golang.org/x/sys v0.0.0-20220209214540-3681064d5158 -- golang.org/x/term => golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 -- golang.org/x/text => golang.org/x/text v0.3.7 -+ golang.org/x/sync => golang.org/x/sync v0.1.0 -+ golang.org/x/sys => golang.org/x/sys v0.6.0 -+ golang.org/x/term => golang.org/x/term v0.6.0 -+ golang.org/x/text => golang.org/x/text v0.8.0 - golang.org/x/time => golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 -- golang.org/x/tools => golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717 -+ golang.org/x/tools => golang.org/x/tools v0.6.0 - golang.org/x/xerrors => golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 - gonum.org/v1/gonum => gonum.org/v1/gonum v0.6.2 - gonum.org/v1/netlib => gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e -diff --git a/go.sum b/go.sum -index 49c547ebf4d..9c79ab3d64f 100644 ---- a/go.sum -+++ b/go.sum -@@ -343,8 +343,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 - github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= - github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM= - github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= --github.com/opencontainers/runc v1.1.1 h1:PJ9DSs2sVwE0iVr++pAHE6QkS9tzcVWozlPifdwMgrU= --github.com/opencontainers/runc v1.1.1/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= -+github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA= -+github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50= - github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= - github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= - github.com/opencontainers/selinux v1.10.0 h1:rAiKF8hTcgLI3w0DHm6i0ylVVcOrlgR1kK99DRLDhyU= -@@ -380,10 +380,11 @@ github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNue - github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= - github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= - github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= --github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921 h1:58EBmR2dMNL2n/FnbQewK3D14nXr0V9CObDSvMJLq+Y= --github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= -+github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 h1:RpforrEYXWkmGwJHIGnLZ3tTWStkjVVstwzNGqxX2Ds= -+github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= - github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= - github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= - github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= - github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= - github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo= -@@ -483,24 +484,24 @@ golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+o - golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug= - golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= - golang.org/x/mobile v0.0.0-20201217150744-e6ae53a27f4f/go.mod h1:skQtrUTUwhdJvXM/2KKJzY8pDgNr9I/FOMqDVRPBUS4= --golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= --golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= -+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg= - golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= --golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= --golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw= -+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -+golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= -+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= -+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -+golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= -+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= - golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= - golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= --golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717 h1:hI3jKY4Hpf63ns040onEbB3dAkR/H/P83hw1TG8dD3Y= --golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= -+golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= -+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= - golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= - golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - gonum.org/v1/gonum v0.6.2 h1:4r+yNT0+8SWcOkXP+63H2zQbN+USnC73cjGUxnDF94Q= -diff --git a/staging/src/k8s.io/api/go.mod b/staging/src/k8s.io/api/go.mod -index f0cd56596f5..7dd90384db4 100644 ---- a/staging/src/k8s.io/api/go.mod -+++ b/staging/src/k8s.io/api/go.mod -@@ -8,6 +8,8 @@ require ( - github.com/gogo/protobuf v1.3.2 - github.com/stretchr/testify v1.7.0 - k8s.io/apimachinery v0.0.0 -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - ) - - replace ( -diff --git a/staging/src/k8s.io/api/go.sum b/staging/src/k8s.io/api/go.sum -index 35daf19d8bf..031d6cbeeda 100644 ---- a/staging/src/k8s.io/api/go.sum -+++ b/staging/src/k8s.io/api/go.sum -@@ -130,8 +130,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL - golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= - golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= - golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -@@ -160,8 +160,8 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= - golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= - golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= - golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -diff --git a/staging/src/k8s.io/apiextensions-apiserver/go.mod b/staging/src/k8s.io/apiextensions-apiserver/go.mod -index 55cfaa26a41..b82eff757df 100644 ---- a/staging/src/k8s.io/apiextensions-apiserver/go.mod -+++ b/staging/src/k8s.io/apiextensions-apiserver/go.mod -@@ -34,6 +34,13 @@ require ( - sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 - sigs.k8s.io/structured-merge-diff/v4 v4.2.1 - sigs.k8s.io/yaml v1.2.0 -+ golang.org/x/mod v0.8.0 // indirect -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/sync v0.1.0 // indirect -+ golang.org/x/sys v0.6.0 // indirect -+ golang.org/x/term v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect -+ golang.org/x/tools v0.6.0 // indirect - ) - - replace ( -diff --git a/staging/src/k8s.io/apiextensions-apiserver/go.sum b/staging/src/k8s.io/apiextensions-apiserver/go.sum -index b5941e8bab6..c734886c6f2 100644 ---- a/staging/src/k8s.io/apiextensions-apiserver/go.sum -+++ b/staging/src/k8s.io/apiextensions-apiserver/go.sum -@@ -597,8 +597,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= --golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= --golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= -+golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= -+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= - golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -@@ -646,8 +646,8 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx - golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -672,8 +672,8 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ - golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= --golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= --golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= -+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -@@ -737,11 +737,11 @@ golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -750,8 +750,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -@@ -815,8 +815,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f - golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= - golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= - golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= --golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717 h1:hI3jKY4Hpf63ns040onEbB3dAkR/H/P83hw1TG8dD3Y= --golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= -+golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= -+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= - golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -diff --git a/staging/src/k8s.io/apimachinery/go.mod b/staging/src/k8s.io/apimachinery/go.mod -index fe8e250fd2b..5d14be76f59 100644 ---- a/staging/src/k8s.io/apimachinery/go.mod -+++ b/staging/src/k8s.io/apimachinery/go.mod -@@ -24,7 +24,8 @@ require ( - github.com/pkg/errors v0.9.1 // indirect - github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.7.0 -- golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd -+ golang.org/x/net v0.8.0 -+ golang.org/x/text v0.8.0 // indirect - golang.org/x/sys v0.0.0-20220209214540-3681064d5158 // indirect - google.golang.org/protobuf v1.27.1 // indirect - gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect -diff --git a/staging/src/k8s.io/apimachinery/go.sum b/staging/src/k8s.io/apimachinery/go.sum -index 1a44f06f9f4..67273880d09 100644 ---- a/staging/src/k8s.io/apimachinery/go.sum -+++ b/staging/src/k8s.io/apimachinery/go.sum -@@ -146,8 +146,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL - golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= - golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= - golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -@@ -171,14 +171,14 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= - golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= - golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= - golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -diff --git a/staging/src/k8s.io/apiserver/go.mod b/staging/src/k8s.io/apiserver/go.mod -index 6959ec03dae..f53b391334b 100644 ---- a/staging/src/k8s.io/apiserver/go.mod -+++ b/staging/src/k8s.io/apiserver/go.mod -@@ -36,9 +36,9 @@ require ( - go.opentelemetry.io/otel/trace v0.20.0 - go.uber.org/zap v1.19.0 - golang.org/x/crypto v0.0.0-20220214200702-86341886e292 -- golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd -- golang.org/x/sync v0.0.0-20210220032951-036812b2e83c -- golang.org/x/sys v0.0.0-20220209214540-3681064d5158 -+ golang.org/x/net v0.8.0 -+ golang.org/x/sync v0.1.0 -+ golang.org/x/sys v0.6.0 - google.golang.org/grpc v1.40.0 - gopkg.in/natefinch/lumberjack.v2 v2.0.0 - gopkg.in/square/go-jose.v2 v2.2.2 -@@ -53,6 +53,8 @@ require ( - sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 - sigs.k8s.io/structured-merge-diff/v4 v4.2.1 - sigs.k8s.io/yaml v1.2.0 -+ golang.org/x/term v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - ) - - replace ( -diff --git a/staging/src/k8s.io/apiserver/go.sum b/staging/src/k8s.io/apiserver/go.sum -index ca512d9db5a..2036683c0fe 100644 ---- a/staging/src/k8s.io/apiserver/go.sum -+++ b/staging/src/k8s.io/apiserver/go.sum -@@ -629,8 +629,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b - golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -655,8 +655,8 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ - golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= --golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= --golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= -+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -@@ -719,11 +719,11 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -732,8 +732,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -diff --git a/staging/src/k8s.io/cli-runtime/go.mod b/staging/src/k8s.io/cli-runtime/go.mod -index 4e1d0a98fa1..348ab97ccf5 100644 ---- a/staging/src/k8s.io/cli-runtime/go.mod -+++ b/staging/src/k8s.io/cli-runtime/go.mod -@@ -13,7 +13,10 @@ require ( - github.com/spf13/cobra v1.4.0 - github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.7.0 -- golang.org/x/text v0.3.7 -+ golang.org/x/text v0.8.0 -+ golang.org/x/net -+ golang.org/x/sys v0.6.0 // indirect -+ golang.org/x/term v0.6.0 // indirect - gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.0.0 - k8s.io/apimachinery v0.0.0 -diff --git a/staging/src/k8s.io/cli-runtime/go.sum b/staging/src/k8s.io/cli-runtime/go.sum -index 37a2fc0155d..bde77a867ca 100644 ---- a/staging/src/k8s.io/cli-runtime/go.sum -+++ b/staging/src/k8s.io/cli-runtime/go.sum -@@ -439,8 +439,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v - golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= - golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -515,11 +515,11 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w - golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -528,8 +528,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -diff --git a/staging/src/k8s.io/client-go/go.mod b/staging/src/k8s.io/client-go/go.mod -index bb254bb9858..6f77c0cdff3 100644 ---- a/staging/src/k8s.io/client-go/go.mod -+++ b/staging/src/k8s.io/client-go/go.mod -@@ -29,9 +29,11 @@ require ( - github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.7.0 - golang.org/x/crypto v0.0.0-20220214200702-86341886e292 // indirect -- golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd -+ golang.org/x/net v0.8.0 - golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 -- golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 -+ golang.org/x/term v0.5.0 -+ golang.org/x/sys v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 - google.golang.org/protobuf v1.27.1 - k8s.io/api v0.0.0 -diff --git a/staging/src/k8s.io/client-go/go.sum b/staging/src/k8s.io/client-go/go.sum -index 8c1598ddf2b..e9ceaf2b9e3 100644 ---- a/staging/src/k8s.io/client-go/go.sum -+++ b/staging/src/k8s.io/client-go/go.sum -@@ -352,8 +352,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v - golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= - golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -423,11 +423,11 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w - golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -436,8 +436,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -diff --git a/staging/src/k8s.io/cloud-provider/go.mod b/staging/src/k8s.io/cloud-provider/go.mod -index 0ce70d44140..1ba786332f6 100644 ---- a/staging/src/k8s.io/cloud-provider/go.mod -+++ b/staging/src/k8s.io/cloud-provider/go.mod -@@ -18,6 +18,11 @@ require ( - k8s.io/controller-manager v0.0.0 - k8s.io/klog/v2 v2.60.1 - k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/sync v0.1.0 // indirect -+ golang.org/x/sys v0.6.0 // indirect -+ golang.org/x/term v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - ) - - replace ( -diff --git a/staging/src/k8s.io/cloud-provider/go.sum b/staging/src/k8s.io/cloud-provider/go.sum -index 7e13605f7fa..621e22a98c6 100644 ---- a/staging/src/k8s.io/cloud-provider/go.sum -+++ b/staging/src/k8s.io/cloud-provider/go.sum -@@ -624,8 +624,9 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b - golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxo - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -650,8 +651,8 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ - golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= --golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= --golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= -+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -@@ -714,11 +715,11 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -727,8 +728,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -diff --git a/staging/src/k8s.io/cluster-bootstrap/go.mod b/staging/src/k8s.io/cluster-bootstrap/go.mod -index be3f29f32e0..4b1bc8e05c0 100644 ---- a/staging/src/k8s.io/cluster-bootstrap/go.mod -+++ b/staging/src/k8s.io/cluster-bootstrap/go.mod -@@ -11,6 +11,8 @@ require ( - k8s.io/api v0.0.0 - k8s.io/apimachinery v0.0.0 - k8s.io/klog/v2 v2.60.1 -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - ) - - replace ( -diff --git a/staging/src/k8s.io/cluster-bootstrap/go.sum b/staging/src/k8s.io/cluster-bootstrap/go.sum -index 9de50f1a159..be6efe24b06 100644 ---- a/staging/src/k8s.io/cluster-bootstrap/go.sum -+++ b/staging/src/k8s.io/cluster-bootstrap/go.sum -@@ -132,8 +132,8 @@ golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/ - golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= - golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -@@ -164,8 +164,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= - golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= - golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= - golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -diff --git a/staging/src/k8s.io/code-generator/examples/go.sum b/staging/src/k8s.io/code-generator/examples/go.sum -index 32aaa6a2b46..d58c75a76e3 100644 ---- a/staging/src/k8s.io/code-generator/examples/go.sum -+++ b/staging/src/k8s.io/code-generator/examples/go.sum -@@ -298,6 +298,7 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= - golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -@@ -335,9 +336,9 @@ golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v - golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= - golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= - golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= --golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -362,6 +363,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ - golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -@@ -407,11 +409,11 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w - golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -420,8 +422,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -@@ -477,6 +479,7 @@ golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4f - golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= - golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= - golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= - golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -diff --git a/staging/src/k8s.io/code-generator/go.mod b/staging/src/k8s.io/code-generator/go.mod -index b4a5f51241b..bab85228926 100644 ---- a/staging/src/k8s.io/code-generator/go.mod -+++ b/staging/src/k8s.io/code-generator/go.mod -@@ -16,7 +16,11 @@ require ( - github.com/stretchr/testify v1.7.0 // indirect - golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect - golang.org/x/sys v0.0.0-20220209214540-3681064d5158 // indirect -- golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717 -+ golang.org/x/tools v0.6.0 -+ golang.org/x/mod v0.8.0 // indirect -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/sys v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - google.golang.org/protobuf v1.27.1 // indirect - gopkg.in/yaml.v2 v2.4.0 - k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 -diff --git a/staging/src/k8s.io/code-generator/go.sum b/staging/src/k8s.io/code-generator/go.sum -index ce4cf9c24d5..450280d54dc 100644 ---- a/staging/src/k8s.io/code-generator/go.sum -+++ b/staging/src/k8s.io/code-generator/go.sum -@@ -132,8 +132,8 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl - golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= --golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= --golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= -+golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= -+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= - golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -@@ -148,8 +148,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY - golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= - golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= - golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -@@ -157,6 +157,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ - golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= - golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -@@ -174,16 +175,16 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= - golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= - golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= - golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -@@ -194,8 +195,8 @@ golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roY - golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= - golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= - golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= --golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717 h1:hI3jKY4Hpf63ns040onEbB3dAkR/H/P83hw1TG8dD3Y= --golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= -+golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= -+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= - golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -diff --git a/staging/src/k8s.io/component-base/go.mod b/staging/src/k8s.io/component-base/go.mod -index 6c504e475a3..b039a5086fc 100644 ---- a/staging/src/k8s.io/component-base/go.mod -+++ b/staging/src/k8s.io/component-base/go.mod -@@ -25,7 +25,10 @@ require ( - go.opentelemetry.io/otel/trace v0.20.0 - go.uber.org/zap v1.19.0 - golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect -- golang.org/x/sys v0.0.0-20220209214540-3681064d5158 -+ golang.org/x/sys v0.6.0 -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/term v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717 // indirect - google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368 // indirect - gotest.tools/v3 v3.0.3 // indirect -diff --git a/staging/src/k8s.io/component-base/go.sum b/staging/src/k8s.io/component-base/go.sum -index aaa39121745..40ed36a8396 100644 ---- a/staging/src/k8s.io/component-base/go.sum -+++ b/staging/src/k8s.io/component-base/go.sum -@@ -470,8 +470,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b - golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -553,11 +553,11 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -566,8 +566,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -diff --git a/staging/src/k8s.io/component-helpers/go.mod b/staging/src/k8s.io/component-helpers/go.mod -index 075b760b637..b76c6105b5b 100644 ---- a/staging/src/k8s.io/component-helpers/go.mod -+++ b/staging/src/k8s.io/component-helpers/go.mod -@@ -9,6 +9,10 @@ require ( - k8s.io/api v0.0.0 - k8s.io/apimachinery v0.0.0 - k8s.io/client-go v0.0.0 -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/sys v0.6.0 // indirect -+ golang.org/x/term v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - k8s.io/klog/v2 v2.60.1 - k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 - ) -diff --git a/staging/src/k8s.io/component-helpers/go.sum b/staging/src/k8s.io/component-helpers/go.sum -index 84635535e9f..7f7293b317d 100644 ---- a/staging/src/k8s.io/component-helpers/go.sum -+++ b/staging/src/k8s.io/component-helpers/go.sum -@@ -334,8 +334,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v - golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= - golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -405,11 +405,11 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w - golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -418,8 +418,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -diff --git a/staging/src/k8s.io/controller-manager/go.mod b/staging/src/k8s.io/controller-manager/go.mod -index 94848e766be..fae61b6f763 100644 ---- a/staging/src/k8s.io/controller-manager/go.mod -+++ b/staging/src/k8s.io/controller-manager/go.mod -@@ -12,6 +12,11 @@ require ( - k8s.io/apimachinery v0.0.0 - k8s.io/apiserver v0.0.0 - k8s.io/client-go v0.0.0 -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/sync v0.1.0 // indirect -+ golang.org/x/sys v0.6.0 // indirect -+ golang.org/x/term v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - k8s.io/component-base v0.0.0 - k8s.io/klog/v2 v2.60.1 - k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 -diff --git a/staging/src/k8s.io/controller-manager/go.sum b/staging/src/k8s.io/controller-manager/go.sum -index 76b994fb548..c447a8c044e 100644 ---- a/staging/src/k8s.io/controller-manager/go.sum -+++ b/staging/src/k8s.io/controller-manager/go.sum -@@ -732,8 +732,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b - golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -758,8 +758,8 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ - golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= --golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= --golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= -+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -@@ -822,11 +822,11 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -835,8 +835,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -diff --git a/staging/src/k8s.io/cri-api/go.mod b/staging/src/k8s.io/cri-api/go.mod -index d3019d75129..ec053f7abda 100644 ---- a/staging/src/k8s.io/cri-api/go.mod -+++ b/staging/src/k8s.io/cri-api/go.mod -@@ -10,8 +10,9 @@ require ( - github.com/kr/text v0.2.0 // indirect - github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect - github.com/stretchr/testify v1.7.0 -- golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect -- golang.org/x/sys v0.0.0-20220209214540-3681064d5158 // indirect -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/sys v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368 // indirect - google.golang.org/grpc v1.40.0 - gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect -diff --git a/staging/src/k8s.io/cri-api/go.sum b/staging/src/k8s.io/cri-api/go.sum -index efd4761dbda..01ae77176f7 100644 ---- a/staging/src/k8s.io/cri-api/go.sum -+++ b/staging/src/k8s.io/cri-api/go.sum -@@ -87,8 +87,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL - golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= - golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= - golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -@@ -107,15 +107,15 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w - golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= - golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= - golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -diff --git a/staging/src/k8s.io/csi-translation-lib/go.mod b/staging/src/k8s.io/csi-translation-lib/go.mod -index 648f05294d5..5dde41c2dd2 100644 ---- a/staging/src/k8s.io/csi-translation-lib/go.mod -+++ b/staging/src/k8s.io/csi-translation-lib/go.mod -@@ -9,6 +9,8 @@ require ( - k8s.io/api v0.0.0 - k8s.io/apimachinery v0.0.0 - k8s.io/klog/v2 v2.60.1 -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - ) - - replace ( -diff --git a/staging/src/k8s.io/csi-translation-lib/go.sum b/staging/src/k8s.io/csi-translation-lib/go.sum -index 4c5e7755fb4..6523af78991 100644 ---- a/staging/src/k8s.io/csi-translation-lib/go.sum -+++ b/staging/src/k8s.io/csi-translation-lib/go.sum -@@ -130,8 +130,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL - golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= - golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= - golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -@@ -160,8 +160,8 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= - golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= - golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= - golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -diff --git a/staging/src/k8s.io/kube-aggregator/go.mod b/staging/src/k8s.io/kube-aggregator/go.mod -index d5841aad615..e62b51fcc34 100644 ---- a/staging/src/k8s.io/kube-aggregator/go.mod -+++ b/staging/src/k8s.io/kube-aggregator/go.mod -@@ -11,7 +11,13 @@ require ( - github.com/spf13/cobra v1.4.0 - github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.7.0 -- golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd -+ golang.org/x/net v0.8.0 -+ golang.org/x/mod v0.8.0 // indirect -+ golang.org/x/sync v0.1.0 // indirect -+ golang.org/x/sys v0.6.0 // indirect -+ golang.org/x/term v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect -+ golang.org/x/tools v0.6.0 // indirect - k8s.io/api v0.0.0 - k8s.io/apimachinery v0.0.0 - k8s.io/apiserver v0.0.0 -diff --git a/staging/src/k8s.io/kube-aggregator/go.sum b/staging/src/k8s.io/kube-aggregator/go.sum -index 6a284739d1f..b09f8267a9e 100644 ---- a/staging/src/k8s.io/kube-aggregator/go.sum -+++ b/staging/src/k8s.io/kube-aggregator/go.sum -@@ -575,8 +575,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= --golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= --golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= -+golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= -+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= - golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -@@ -623,8 +623,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b - golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -649,8 +649,8 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ - golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= --golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= --golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= -+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -@@ -713,11 +713,11 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -726,8 +726,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -@@ -791,8 +791,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f - golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= - golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= - golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= --golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717 h1:hI3jKY4Hpf63ns040onEbB3dAkR/H/P83hw1TG8dD3Y= --golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= -+golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= -+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= - golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -diff --git a/staging/src/k8s.io/kube-controller-manager/go.mod b/staging/src/k8s.io/kube-controller-manager/go.mod -index d2c13261f3d..ebb52141cbe 100644 ---- a/staging/src/k8s.io/kube-controller-manager/go.mod -+++ b/staging/src/k8s.io/kube-controller-manager/go.mod -@@ -8,6 +8,8 @@ require ( - k8s.io/apimachinery v0.0.0 - k8s.io/cloud-provider v0.0.0 - k8s.io/controller-manager v0.0.0 -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - ) - - replace ( -diff --git a/staging/src/k8s.io/kube-controller-manager/go.sum b/staging/src/k8s.io/kube-controller-manager/go.sum -index 2f44c1c910d..5fcbb67ff8d 100644 ---- a/staging/src/k8s.io/kube-controller-manager/go.sum -+++ b/staging/src/k8s.io/kube-controller-manager/go.sum -@@ -543,8 +543,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b - golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -642,8 +642,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -diff --git a/staging/src/k8s.io/kube-proxy/go.mod b/staging/src/k8s.io/kube-proxy/go.mod -index bb791295cba..393596c1ecd 100644 ---- a/staging/src/k8s.io/kube-proxy/go.mod -+++ b/staging/src/k8s.io/kube-proxy/go.mod -@@ -7,6 +7,8 @@ go 1.16 - require ( - k8s.io/apimachinery v0.0.0 - k8s.io/component-base v0.0.0 -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - ) - - replace ( -diff --git a/staging/src/k8s.io/kube-proxy/go.sum b/staging/src/k8s.io/kube-proxy/go.sum -index 021cce48ffa..c31686a77ba 100644 ---- a/staging/src/k8s.io/kube-proxy/go.sum -+++ b/staging/src/k8s.io/kube-proxy/go.sum -@@ -419,8 +419,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b - golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -512,8 +512,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -diff --git a/staging/src/k8s.io/kube-scheduler/go.mod b/staging/src/k8s.io/kube-scheduler/go.mod -index b1bb3deea8e..c2b2cbcd2db 100644 ---- a/staging/src/k8s.io/kube-scheduler/go.mod -+++ b/staging/src/k8s.io/kube-scheduler/go.mod -@@ -10,6 +10,8 @@ require ( - k8s.io/apimachinery v0.0.0 - k8s.io/component-base v0.0.0 - sigs.k8s.io/yaml v1.2.0 -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - ) - - replace ( -diff --git a/staging/src/k8s.io/kube-scheduler/go.sum b/staging/src/k8s.io/kube-scheduler/go.sum -index 021cce48ffa..e9e50cc853c 100644 ---- a/staging/src/k8s.io/kube-scheduler/go.sum -+++ b/staging/src/k8s.io/kube-scheduler/go.sum -@@ -409,6 +409,7 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R - golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= - golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= - golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -+<<<<<<< HEAD - golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= - golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= - golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -@@ -438,6 +439,10 @@ golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJ - golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -+======= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -+>>>>>>> bce91ce265f... [1.24] vendor: bump runc to 1.1.6 - golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -@@ -509,6 +514,7 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= - golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -+<<<<<<< HEAD - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -@@ -518,6 +524,10 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -+======= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -+>>>>>>> bce91ce265f... [1.24] vendor: bump runc to 1.1.6 - golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= - golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= - golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -diff --git a/staging/src/k8s.io/kubectl/go.mod b/staging/src/k8s.io/kubectl/go.mod -index 71b4c0592ca..197cbda3f16 100644 ---- a/staging/src/k8s.io/kubectl/go.mod -+++ b/staging/src/k8s.io/kubectl/go.mod -@@ -29,7 +29,10 @@ require ( - github.com/spf13/cobra v1.4.0 - github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.7.0 -- golang.org/x/sys v0.0.0-20220209214540-3681064d5158 -+ golang.org/x/sys v0.6.0 -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/term v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.0.0 - k8s.io/apimachinery v0.0.0 -diff --git a/staging/src/k8s.io/kubectl/go.sum b/staging/src/k8s.io/kubectl/go.sum -index a041bc7123b..c09a256f49f 100644 ---- a/staging/src/k8s.io/kubectl/go.sum -+++ b/staging/src/k8s.io/kubectl/go.sum -@@ -565,8 +565,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b - golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -653,11 +653,11 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -666,8 +666,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -diff --git a/staging/src/k8s.io/kubelet/go.mod b/staging/src/k8s.io/kubelet/go.mod -index e543a161e78..5205f37c876 100644 ---- a/staging/src/k8s.io/kubelet/go.mod -+++ b/staging/src/k8s.io/kubelet/go.mod -@@ -11,6 +11,9 @@ require ( - k8s.io/api v0.0.0 - k8s.io/apimachinery v0.0.0 - k8s.io/component-base v0.0.0 -+ golang.org/x/net v0.8.0 -+ golang.org/x/sys v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - ) - - replace ( -diff --git a/staging/src/k8s.io/kubelet/go.sum b/staging/src/k8s.io/kubelet/go.sum -index 5b68822ef82..53832837a49 100644 ---- a/staging/src/k8s.io/kubelet/go.sum -+++ b/staging/src/k8s.io/kubelet/go.sum -@@ -419,8 +419,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b - golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -501,8 +501,8 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -513,8 +513,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -diff --git a/staging/src/k8s.io/legacy-cloud-providers/go.mod b/staging/src/k8s.io/legacy-cloud-providers/go.mod -index f583f69a58f..57eb9bb4500 100644 ---- a/staging/src/k8s.io/legacy-cloud-providers/go.mod -+++ b/staging/src/k8s.io/legacy-cloud-providers/go.mod -@@ -40,6 +40,10 @@ require ( - k8s.io/mount-utils v0.0.0 - k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 - sigs.k8s.io/yaml v1.2.0 -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/sys v0.6.0 // indirect -+ golang.org/x/term v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - ) - - replace ( -diff --git a/staging/src/k8s.io/legacy-cloud-providers/go.sum b/staging/src/k8s.io/legacy-cloud-providers/go.sum -index 4628457653f..41fecfe0db2 100644 ---- a/staging/src/k8s.io/legacy-cloud-providers/go.sum -+++ b/staging/src/k8s.io/legacy-cloud-providers/go.sum -@@ -615,8 +615,8 @@ golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qx - golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -707,11 +707,11 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -720,8 +720,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -diff --git a/staging/src/k8s.io/metrics/go.mod b/staging/src/k8s.io/metrics/go.mod -index 15c628a1629..e2ee52e1a91 100644 ---- a/staging/src/k8s.io/metrics/go.mod -+++ b/staging/src/k8s.io/metrics/go.mod -@@ -11,6 +11,12 @@ require ( - k8s.io/apimachinery v0.0.0 - k8s.io/client-go v0.0.0 - k8s.io/code-generator v0.0.0 -+ golang.org/x/mod v0.8.0 // indirect -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/sys v0.6.0 // indirect -+ golang.org/x/term v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect -+ golang.org/x/tools v0.6.0 // indirect - ) - - replace ( -diff --git a/staging/src/k8s.io/metrics/go.sum b/staging/src/k8s.io/metrics/go.sum -index 87a869f1dc2..7a6f8fa158f 100644 ---- a/staging/src/k8s.io/metrics/go.sum -+++ b/staging/src/k8s.io/metrics/go.sum -@@ -297,8 +297,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= --golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= --golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= -+golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= -+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= - golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -@@ -338,8 +338,8 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd - golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= - golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -364,6 +364,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ - golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= - golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -@@ -410,11 +411,11 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -423,8 +424,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -@@ -480,8 +481,8 @@ golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4f - golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= - golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= - golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= --golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717 h1:hI3jKY4Hpf63ns040onEbB3dAkR/H/P83hw1TG8dD3Y= --golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= -+golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= -+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= - golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -diff --git a/staging/src/k8s.io/pod-security-admission/go.mod b/staging/src/k8s.io/pod-security-admission/go.mod -index 75fdbaaa8ee..b8f75e92e54 100644 ---- a/staging/src/k8s.io/pod-security-admission/go.mod -+++ b/staging/src/k8s.io/pod-security-admission/go.mod -@@ -13,6 +13,11 @@ require ( - k8s.io/api v0.0.0 - k8s.io/apimachinery v0.0.0 - k8s.io/apiserver v0.0.0 -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/sync v0.1.0 // indirect -+ golang.org/x/sys v0.6.0 // indirect -+ golang.org/x/term v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - k8s.io/client-go v0.0.0 - k8s.io/component-base v0.0.0 - k8s.io/klog/v2 v2.60.1 -diff --git a/staging/src/k8s.io/pod-security-admission/go.sum b/staging/src/k8s.io/pod-security-admission/go.sum -index 2daeeed9843..f37b428756c 100644 ---- a/staging/src/k8s.io/pod-security-admission/go.sum -+++ b/staging/src/k8s.io/pod-security-admission/go.sum -@@ -621,8 +621,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b - golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -647,8 +647,8 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ - golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= --golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= --golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= -+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -@@ -711,11 +711,11 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -724,8 +724,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -diff --git a/staging/src/k8s.io/sample-apiserver/go.mod b/staging/src/k8s.io/sample-apiserver/go.mod -index 41b26ab049a..401308167af 100644 ---- a/staging/src/k8s.io/sample-apiserver/go.mod -+++ b/staging/src/k8s.io/sample-apiserver/go.mod -@@ -14,6 +14,13 @@ require ( - k8s.io/component-base v0.0.0 - k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 - k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 -+ golang.org/x/mod v0.8.0 // indirect -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/sync v0.1.0 // indirect -+ golang.org/x/sys v0.6.0 // indirect -+ golang.org/x/term v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect -+ golang.org/x/tools v0.6.0 // indirect - ) - - replace ( -diff --git a/staging/src/k8s.io/sample-apiserver/go.sum b/staging/src/k8s.io/sample-apiserver/go.sum -index 43e0f187db8..927b3883d28 100644 ---- a/staging/src/k8s.io/sample-apiserver/go.sum -+++ b/staging/src/k8s.io/sample-apiserver/go.sum -@@ -574,8 +574,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= --golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= --golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= -+golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= -+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= - golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -@@ -622,8 +622,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b - golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -648,8 +648,8 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ - golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= --golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= --golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= -+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -@@ -712,11 +712,11 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -725,8 +725,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -@@ -790,8 +790,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f - golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= - golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= - golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= --golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717 h1:hI3jKY4Hpf63ns040onEbB3dAkR/H/P83hw1TG8dD3Y= --golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= -+golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= -+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= - golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -diff --git a/staging/src/k8s.io/sample-cli-plugin/go.mod b/staging/src/k8s.io/sample-cli-plugin/go.mod -index f3f649a0e6c..093a94b532d 100644 ---- a/staging/src/k8s.io/sample-cli-plugin/go.mod -+++ b/staging/src/k8s.io/sample-cli-plugin/go.mod -@@ -9,6 +9,10 @@ require ( - github.com/spf13/pflag v1.0.5 - k8s.io/cli-runtime v0.0.0 - k8s.io/client-go v0.0.0 -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/sys v0.6.0 // indirect -+ golang.org/x/term v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect - ) - - replace ( -diff --git a/staging/src/k8s.io/sample-cli-plugin/go.sum b/staging/src/k8s.io/sample-cli-plugin/go.sum -index 37a2fc0155d..bde77a867ca 100644 ---- a/staging/src/k8s.io/sample-cli-plugin/go.sum -+++ b/staging/src/k8s.io/sample-cli-plugin/go.sum -@@ -439,8 +439,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v - golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= - golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -515,11 +515,11 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w - golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -528,8 +528,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -diff --git a/staging/src/k8s.io/sample-controller/go.mod b/staging/src/k8s.io/sample-controller/go.mod -index e5025eea8df..b428cbeeb6f 100644 ---- a/staging/src/k8s.io/sample-controller/go.mod -+++ b/staging/src/k8s.io/sample-controller/go.mod -@@ -10,6 +10,12 @@ require ( - k8s.io/client-go v0.0.0 - k8s.io/code-generator v0.0.0 - k8s.io/klog/v2 v2.60.1 -+ golang.org/x/mod v0.8.0 // indirect -+ golang.org/x/net v0.8.0 // indirect -+ golang.org/x/sys v0.6.0 // indirect -+ golang.org/x/term v0.6.0 // indirect -+ golang.org/x/text v0.8.0 // indirect -+ golang.org/x/tools v0.6.0 // indirect - ) - - replace ( -diff --git a/staging/src/k8s.io/sample-controller/go.sum b/staging/src/k8s.io/sample-controller/go.sum -index ca5e29310e9..5735504fe75 100644 ---- a/staging/src/k8s.io/sample-controller/go.sum -+++ b/staging/src/k8s.io/sample-controller/go.sum -@@ -300,8 +300,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= --golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= --golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= -+golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= -+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= - golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -@@ -341,8 +341,8 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd - golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= - golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= --golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -367,6 +367,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ - golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= - golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -@@ -413,11 +414,11 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc - golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= --golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= --golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= - golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= - golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -426,8 +427,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= --golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -@@ -483,8 +484,8 @@ golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4f - golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= - golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= - golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= --golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717 h1:hI3jKY4Hpf63ns040onEbB3dAkR/H/P83hw1TG8dD3Y= --golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= -+golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= -+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= - golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/README.md b/vendor/github.com/opencontainers/runc/libcontainer/README.md -index 0d91fb71d54..211c8c91e05 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/README.md -+++ b/vendor/github.com/opencontainers/runc/libcontainer/README.md -@@ -96,22 +96,6 @@ config := &configs.Config{ - "CAP_KILL", - "CAP_AUDIT_WRITE", - }, -- Inheritable: []string{ -- "CAP_CHOWN", -- "CAP_DAC_OVERRIDE", -- "CAP_FSETID", -- "CAP_FOWNER", -- "CAP_MKNOD", -- "CAP_NET_RAW", -- "CAP_SETGID", -- "CAP_SETUID", -- "CAP_SETFCAP", -- "CAP_SETPCAP", -- "CAP_NET_BIND_SERVICE", -- "CAP_SYS_CHROOT", -- "CAP_KILL", -- "CAP_AUDIT_WRITE", -- }, - Permitted: []string{ - "CAP_CHOWN", - "CAP_DAC_OVERRIDE", -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go -index 104c74a890f..35b00aaf055 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go -@@ -93,7 +93,7 @@ var ( - ) - - // Loosely based on the BPF_F_REPLACE support check in --// . -+// https://github.com/cilium/ebpf/blob/v0.6.0/link/syscalls.go. - // - // TODO: move this logic to cilium/ebpf - func haveBpfProgReplace() bool { -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go -index fb4fcc7f75b..9e2f0ec04c8 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go -@@ -28,6 +28,7 @@ var subsystems = []subsystem{ - &FreezerGroup{}, - &RdmaGroup{}, - &NameGroup{GroupName: "name=systemd", Join: true}, -+ &NameGroup{GroupName: "misc", Join: true}, - } - - var errSubsystemDoesNotExist = errors.New("cgroup: subsystem does not exist") -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go -index 98ccc51655c..50746ae0c56 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go -@@ -288,6 +288,24 @@ func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, err - case devices.CharDevice: - entry.Path = fmt.Sprintf("/dev/char/%d:%d", rule.Major, rule.Minor) - } -+ // systemd will issue a warning if the path we give here doesn't exist. -+ // Since all of this logic is best-effort anyway (we manually set these -+ // rules separately to systemd) we can safely skip entries that don't -+ // have a corresponding path. -+ if _, err := os.Stat(entry.Path); err != nil { -+ // Also check /sys/dev so that we don't depend on /dev/{block,char} -+ // being populated. (/dev/{block,char} is populated by udev, which -+ // isn't strictly required for systemd). Ironically, this happens most -+ // easily when starting containerd within a runc created container -+ // itself. -+ -+ // We don't bother with securejoin here because we create entry.Path -+ // right above here, so we know it's safe. -+ if _, err := os.Stat("/sys" + entry.Path); err != nil { -+ logrus.Warnf("skipping device %s for systemd: %s", entry.Path, err) -+ continue -+ } -+ } - } - deviceAllowList = append(deviceAllowList, entry) - } -@@ -335,32 +353,52 @@ func isUnitExists(err error) bool { - return isDbusError(err, "org.freedesktop.systemd1.UnitExists") - } - --func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Property) error { -+func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Property, ignoreExist bool) error { - statusChan := make(chan string, 1) -+ retry := true -+ -+retry: - err := cm.retryOnDisconnect(func(c *systemdDbus.Conn) error { - _, err := c.StartTransientUnitContext(context.TODO(), unitName, "replace", properties, statusChan) - return err - }) -- if err == nil { -- timeout := time.NewTimer(30 * time.Second) -- defer timeout.Stop() -- -- select { -- case s := <-statusChan: -- close(statusChan) -- // Please refer to https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus#Conn.StartUnit -- if s != "done" { -- resetFailedUnit(cm, unitName) -- return fmt.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s) -- } -- case <-timeout.C: -+ if err != nil { -+ if !isUnitExists(err) { -+ return err -+ } -+ if ignoreExist { -+ // TODO: remove this hack. -+ // This is kubelet making sure a slice exists (see -+ // https://github.com/opencontainers/runc/pull/1124). -+ return nil -+ } -+ if retry { -+ // In case a unit with the same name exists, this may -+ // be a leftover failed unit. Reset it, so systemd can -+ // remove it, and retry once. - resetFailedUnit(cm, unitName) -- return errors.New("Timeout waiting for systemd to create " + unitName) -+ retry = false -+ goto retry - } -- } else if !isUnitExists(err) { - return err - } - -+ timeout := time.NewTimer(30 * time.Second) -+ defer timeout.Stop() -+ -+ select { -+ case s := <-statusChan: -+ close(statusChan) -+ // Please refer to https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus#Conn.StartUnit -+ if s != "done" { -+ resetFailedUnit(cm, unitName) -+ return fmt.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s) -+ } -+ case <-timeout.C: -+ resetFailedUnit(cm, unitName) -+ return errors.New("Timeout waiting for systemd to create " + unitName) -+ } -+ - return nil - } - -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go -index 83d10dd705f..dd474cf1b16 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go -@@ -51,5 +51,10 @@ func RangeToBits(str string) ([]byte, error) { - // do not allow empty values - return nil, errors.New("empty value") - } -+ -+ // fit cpuset parsing order in systemd -+ for l, r := 0, len(ret)-1; l < r; l, r = l+1, r-1 { -+ ret[l], ret[r] = ret[r], ret[l] -+ } - return ret, nil - } -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/dbus.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/dbus.go -index 3e547e282b5..bb87ae83aef 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/dbus.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/dbus.go -@@ -2,6 +2,7 @@ package systemd - - import ( - "context" -+ "errors" - "fmt" - "sync" - -@@ -80,8 +81,6 @@ func (d *dbusConnManager) resetConnection(conn *systemdDbus.Conn) { - } - } - --var errDbusConnClosed = dbus.ErrClosed.Error() -- - // retryOnDisconnect calls op, and if the error it returns is about closed dbus - // connection, the connection is re-established and the op is retried. This helps - // with the situation when dbus is restarted and we have a stale connection. -@@ -92,7 +91,10 @@ func (d *dbusConnManager) retryOnDisconnect(op func(*systemdDbus.Conn) error) er - return err - } - err = op(conn) -- if !isDbusError(err, errDbusConnClosed) { -+ if err == nil { -+ return nil -+ } -+ if !errors.Is(err, dbus.ErrClosed) { - return err - } - d.resetConnection(conn) -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go -index a74a05a5cd0..046c3056fba 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go -@@ -71,6 +71,7 @@ var legacySubsystems = []subsystem{ - &fs.NetClsGroup{}, - &fs.NameGroup{GroupName: "name=systemd"}, - &fs.RdmaGroup{}, -+ &fs.NameGroup{GroupName: "misc"}, - } - - func genV1ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) { -@@ -206,7 +207,7 @@ func (m *legacyManager) Apply(pid int) error { - - properties = append(properties, c.SystemdProps...) - -- if err := startUnit(m.dbus, unitName, properties); err != nil { -+ if err := startUnit(m.dbus, unitName, properties, pid == -1); err != nil { - return err - } - -@@ -273,14 +274,7 @@ func getSubsystemPath(slice, unit, subsystem string) (string, error) { - return "", err - } - -- initPath, err := cgroups.GetInitCgroup(subsystem) -- if err != nil { -- return "", err -- } -- // if pid 1 is systemd 226 or later, it will be in init.scope, not the root -- initPath = strings.TrimSuffix(filepath.Clean(initPath), "init.scope") -- -- return filepath.Join(mountpoint, initPath, slice, unit), nil -+ return filepath.Join(mountpoint, slice, unit), nil - } - - func (m *legacyManager) Freeze(state configs.FreezerState) error { -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go -index de0cb974d46..94d24ee4502 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go -@@ -284,7 +284,7 @@ func (m *unifiedManager) Apply(pid int) error { - - properties = append(properties, c.SystemdProps...) - -- if err := startUnit(m.dbus, unitName, properties); err != nil { -+ if err := startUnit(m.dbus, unitName, properties, pid == -1); err != nil { - return fmt.Errorf("unable to start unit %q (properties %+v): %w", unitName, properties, err) - } - -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go -index b32af4ee530..fc4ae44a485 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go -@@ -162,8 +162,10 @@ func readProcsFile(dir string) ([]int, error) { - - // ParseCgroupFile parses the given cgroup file, typically /proc/self/cgroup - // or /proc//cgroup, into a map of subsystems to cgroup paths, e.g. --// "cpu": "/user.slice/user-1000.slice" --// "pids": "/user.slice/user-1000.slice" -+// -+// "cpu": "/user.slice/user-1000.slice" -+// "pids": "/user.slice/user-1000.slice" -+// - // etc. - // - // Note that for cgroup v2 unified hierarchy, there are no per-controller -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go -index 627621a58d8..4fbd308dadd 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go -@@ -131,9 +131,8 @@ func (v *ConfigValidator) cgroupnamespace(config *configs.Config) error { - // convertSysctlVariableToDotsSeparator can return sysctl variables in dots separator format. - // The '/' separator is also accepted in place of a '.'. - // Convert the sysctl variables to dots separator format for validation. --// More info: --// https://man7.org/linux/man-pages/man8/sysctl.8.html --// https://man7.org/linux/man-pages/man5/sysctl.d.5.html -+// More info: sysctl(8), sysctl.d(5). -+// - // For example: - // Input sysctl variable "net/ipv4/conf/eno2.100.rp_filter" - // will return the converted value "net.ipv4.conf.eno2/100.rp_filter" -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go -index 9df830d8cdb..dd61dfd3c90 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go -@@ -926,7 +926,7 @@ func (c *linuxContainer) criuSupportsExtNS(t configs.NamespaceType) bool { - } - - func criuNsToKey(t configs.NamespaceType) string { -- return "extRoot" + strings.Title(configs.NsName(t)) + "NS" -+ return "extRoot" + strings.Title(configs.NsName(t)) + "NS" //nolint:staticcheck // SA1019: strings.Title is deprecated - } - - func (c *linuxContainer) handleCheckpointingExternalNamespaces(rpcOpts *criurpc.CriuOpts, t configs.NamespaceType) error { -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go -new file mode 100644 -index 00000000000..cc1e2079a79 ---- /dev/null -+++ b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go -@@ -0,0 +1,17 @@ -+//go:build !go1.20 -+// +build !go1.20 -+ -+package libcontainer -+ -+import "golang.org/x/sys/unix" -+ -+func eaccess(path string) error { -+ // This check is similar to access(2) with X_OK except for -+ // setuid/setgid binaries where it checks against the effective -+ // (rather than real) uid and gid. It is not needed in go 1.20 -+ // and beyond and will be removed later. -+ -+ // Relies on code added in https://go-review.googlesource.com/c/sys/+/468877 -+ // and older CLs linked from there. -+ return unix.Faccessat(unix.AT_FDCWD, path, unix.X_OK, unix.AT_EACCESS) -+} -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go -new file mode 100644 -index 00000000000..7c049fd7aa0 ---- /dev/null -+++ b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go -@@ -0,0 +1,10 @@ -+//go:build go1.20 -+ -+package libcontainer -+ -+func eaccess(path string) error { -+ // Not needed in Go 1.20+ as the functionality is already in there -+ // (added by https://go.dev/cl/416115, https://go.dev/cl/414824, -+ // and fixed in Go 1.20.2 by https://go.dev/cl/469956). -+ return nil -+} -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go -index 023d623f370..a1fa7de2d24 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go -@@ -179,6 +179,12 @@ func (l *LinuxFactory) Create(id string, config *configs.Config) (Container, err - return nil, fmt.Errorf("unable to get cgroup PIDs: %w", err) - } - if len(pids) != 0 { -+ if config.Cgroups.Systemd { -+ // systemd cgroup driver can't add a pid to an -+ // existing systemd unit and will return an -+ // error anyway, so let's error out early. -+ return nil, fmt.Errorf("container's cgroup is not empty: %d process(es) found", len(pids)) -+ } - // TODO: return an error. - logrus.Warnf("container's cgroup is not empty: %d process(es) found", len(pids)) - logrus.Warn("DEPRECATED: running container in a non-empty cgroup won't be supported in runc 1.2; https://github.com/opencontainers/runc/issues/3132") -@@ -338,7 +344,11 @@ func (l *LinuxFactory) StartInitialization() (err error) { - - defer func() { - if e := recover(); e != nil { -- err = fmt.Errorf("panic from initialization: %w, %v", e, string(debug.Stack())) -+ if ee, ok := e.(error); ok { -+ err = fmt.Errorf("panic from initialization: %w, %s", ee, debug.Stack()) -+ } else { -+ err = fmt.Errorf("panic from initialization: %v, %s", e, debug.Stack()) -+ } - } - }() - -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go -index 1e5c394c3e0..2e4c59353c8 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go -@@ -411,8 +411,9 @@ func fixStdioPermissions(u *user.ExecUser) error { - return &os.PathError{Op: "fstat", Path: file.Name(), Err: err} - } - -- // Skip chown if uid is already the one we want. -- if int(s.Uid) == u.Uid { -+ // Skip chown if uid is already the one we want or any of the STDIO descriptors -+ // were redirected to /dev/null. -+ if int(s.Uid) == u.Uid || s.Rdev == null.Rdev { - continue - } - -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/process_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/process_linux.go -index e025445d330..446649af843 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/process_linux.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/process_linux.go -@@ -39,13 +39,9 @@ type parentProcess interface { - - // startTime returns the process start time. - startTime() (uint64, error) -- - signal(os.Signal) error -- - externalDescriptors() []string -- - setExternalDescriptors(fds []string) -- - forwardChildLogs() chan error - } - -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go -index 51660f5efb9..c3f88fc7038 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go -@@ -80,6 +80,8 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds []int) (err - // Therefore, we can access mountFds[i] without any concerns. - if mountFds != nil && mountFds[i] != -1 { - mountConfig.fd = &mountFds[i] -+ } else { -+ mountConfig.fd = nil - } - - if err := mountToRootfs(m, mountConfig); err != nil { -@@ -327,26 +329,41 @@ func mountCgroupV2(m *configs.Mount, c *mountConfig) error { - if err := os.MkdirAll(dest, 0o755); err != nil { - return err - } -- return utils.WithProcfd(c.root, m.Destination, func(procfd string) error { -- if err := mount(m.Source, m.Destination, procfd, "cgroup2", uintptr(m.Flags), m.Data); err != nil { -- // when we are in UserNS but CgroupNS is not unshared, we cannot mount cgroup2 (#2158) -- if errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY) { -- src := fs2.UnifiedMountpoint -- if c.cgroupns && c.cgroup2Path != "" { -- // Emulate cgroupns by bind-mounting -- // the container cgroup path rather than -- // the whole /sys/fs/cgroup. -- src = c.cgroup2Path -- } -- err = mount(src, m.Destination, procfd, "", uintptr(m.Flags)|unix.MS_BIND, "") -- if c.rootlessCgroups && errors.Is(err, unix.ENOENT) { -- err = nil -- } -- } -- return err -- } -- return nil -+ err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error { -+ return mount(m.Source, m.Destination, procfd, "cgroup2", uintptr(m.Flags), m.Data) - }) -+ if err == nil || !(errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY)) { -+ return err -+ } -+ -+ // When we are in UserNS but CgroupNS is not unshared, we cannot mount -+ // cgroup2 (#2158), so fall back to bind mount. -+ bindM := &configs.Mount{ -+ Device: "bind", -+ Source: fs2.UnifiedMountpoint, -+ Destination: m.Destination, -+ Flags: unix.MS_BIND | m.Flags, -+ PropagationFlags: m.PropagationFlags, -+ } -+ if c.cgroupns && c.cgroup2Path != "" { -+ // Emulate cgroupns by bind-mounting the container cgroup path -+ // rather than the whole /sys/fs/cgroup. -+ bindM.Source = c.cgroup2Path -+ } -+ // mountToRootfs() handles remounting for MS_RDONLY. -+ // No need to set c.fd here, because mountToRootfs() calls utils.WithProcfd() by itself in mountPropagate(). -+ err = mountToRootfs(bindM, c) -+ if c.rootlessCgroups && errors.Is(err, unix.ENOENT) { -+ // ENOENT (for `src = c.cgroup2Path`) happens when rootless runc is being executed -+ // outside the userns+mountns. -+ // -+ // Mask `/sys/fs/cgroup` to ensure it is read-only, even when `/sys` is mounted -+ // with `rbind,ro` (`runc spec --rootless` produces `rbind,ro` for `/sys`). -+ err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error { -+ return maskPath(procfd, c.label) -+ }) -+ } -+ return err - } - - func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) { -@@ -396,32 +413,43 @@ func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) { - - func mountToRootfs(m *configs.Mount, c *mountConfig) error { - rootfs := c.root -- mountLabel := c.label -- mountFd := c.fd -- dest, err := securejoin.SecureJoin(rootfs, m.Destination) -- if err != nil { -- return err -- } - -+ // procfs and sysfs are special because we need to ensure they are actually -+ // mounted on a specific path in a container without any funny business. - switch m.Device { - case "proc", "sysfs": - // If the destination already exists and is not a directory, we bail -- // out This is to avoid mounting through a symlink or similar -- which -+ // out. This is to avoid mounting through a symlink or similar -- which - // has been a "fun" attack scenario in the past. - // TODO: This won't be necessary once we switch to libpathrs and we can - // stop all of these symlink-exchange attacks. -+ dest := filepath.Clean(m.Destination) -+ if !strings.HasPrefix(dest, rootfs) { -+ // Do not use securejoin as it resolves symlinks. -+ dest = filepath.Join(rootfs, dest) -+ } - if fi, err := os.Lstat(dest); err != nil { - if !os.IsNotExist(err) { - return err - } -- } else if fi.Mode()&os.ModeDir == 0 { -+ } else if !fi.IsDir() { - return fmt.Errorf("filesystem %q must be mounted on ordinary directory", m.Device) - } - if err := os.MkdirAll(dest, 0o755); err != nil { - return err - } -- // Selinux kernels do not support labeling of /proc or /sys -+ // Selinux kernels do not support labeling of /proc or /sys. - return mountPropagate(m, rootfs, "", nil) -+ } -+ -+ mountLabel := c.label -+ mountFd := c.fd -+ dest, err := securejoin.SecureJoin(rootfs, m.Destination) -+ if err != nil { -+ return err -+ } -+ -+ switch m.Device { - case "mqueue": - if err := os.MkdirAll(dest, 0o755); err != nil { - return err -@@ -577,6 +605,7 @@ func checkProcMount(rootfs, dest, source string) error { - "/proc/loadavg", - "/proc/slabinfo", - "/proc/net/dev", -+ "/proc/sys/kernel/ns_last_pid", - } - for _, valid := range validProcMounts { - path, err := filepath.Rel(filepath.Join(rootfs, valid), dest) -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/seccomp/config.go b/vendor/github.com/opencontainers/runc/libcontainer/seccomp/config.go -index d0c9bb71fb0..98e08e8f0b6 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/seccomp/config.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/seccomp/config.go -@@ -29,13 +29,15 @@ func KnownOperators() []string { - } - - var actions = map[string]configs.Action{ -- "SCMP_ACT_KILL": configs.Kill, -- "SCMP_ACT_ERRNO": configs.Errno, -- "SCMP_ACT_TRAP": configs.Trap, -- "SCMP_ACT_ALLOW": configs.Allow, -- "SCMP_ACT_TRACE": configs.Trace, -- "SCMP_ACT_LOG": configs.Log, -- "SCMP_ACT_NOTIFY": configs.Notify, -+ "SCMP_ACT_KILL": configs.Kill, -+ "SCMP_ACT_ERRNO": configs.Errno, -+ "SCMP_ACT_TRAP": configs.Trap, -+ "SCMP_ACT_ALLOW": configs.Allow, -+ "SCMP_ACT_TRACE": configs.Trace, -+ "SCMP_ACT_LOG": configs.Log, -+ "SCMP_ACT_NOTIFY": configs.Notify, -+ "SCMP_ACT_KILL_THREAD": configs.KillThread, -+ "SCMP_ACT_KILL_PROCESS": configs.KillProcess, - } - - // KnownActions returns the list of the known actions. -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/seccomp/patchbpf/enosys_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/seccomp/patchbpf/enosys_linux.go -index dfb8a0a8e59..7d4ec6a42e5 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/seccomp/patchbpf/enosys_linux.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/seccomp/patchbpf/enosys_linux.go -@@ -72,6 +72,11 @@ import "C" - - var retErrnoEnosys = uint32(C.C_ACT_ERRNO_ENOSYS) - -+// This syscall is used for multiplexing "large" syscalls on s390(x). Unknown -+// syscalls will end up with this syscall number, so we need to explcitly -+// return -ENOSYS for this syscall on those architectures. -+const s390xMultiplexSyscall libseccomp.ScmpSyscall = 0 -+ - func isAllowAction(action configs.Action) bool { - switch action { - // Trace is considered an "allow" action because a good tracer should -@@ -305,7 +310,7 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) - // directly from the arch code so we need to do it here. Sadly we can't - // share this code between architecture branches. - section := []bpf.Instruction{ -- // load [0] -+ // load [0] (syscall number) - bpf.LoadAbsolute{Off: 0, Size: 4}, // NOTE: We assume sizeof(int) == 4. - } - -@@ -314,10 +319,37 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) - // No syscalls found for this arch -- skip it and move on. - continue - case 1: -- // Get the only syscall in the map. -- var sysno libseccomp.ScmpSyscall -- for _, no := range maxSyscalls { -+ // Get the only syscall and scmpArch in the map. -+ var ( -+ scmpArch libseccomp.ScmpArch -+ sysno libseccomp.ScmpSyscall -+ ) -+ for arch, no := range maxSyscalls { - sysno = no -+ scmpArch = arch -+ } -+ -+ switch scmpArch { -+ // Return -ENOSYS for setup(2) on s390(x). This syscall is used for -+ // multiplexing "large syscall number" syscalls, but if the syscall -+ // number is not known to the kernel then the syscall number is -+ // left unchanged (and because it is sysno=0, you'll end up with -+ // EPERM for syscalls the kernel doesn't know about). -+ // -+ // The actual setup(2) syscall is never used by userspace anymore -+ // (and hasn't existed for decades) outside of this multiplexing -+ // scheme so returning -ENOSYS is fine. -+ case libseccomp.ArchS390, libseccomp.ArchS390X: -+ section = append(section, []bpf.Instruction{ -+ // jne [setup=0],1 -+ bpf.JumpIf{ -+ Cond: bpf.JumpNotEqual, -+ Val: uint32(s390xMultiplexSyscall), -+ SkipTrue: 1, -+ }, -+ // ret [ENOSYS] -+ bpf.RetConstant{Val: retErrnoEnosys}, -+ }...) - } - - // The simplest case just boils down to a single jgt instruction, -@@ -349,12 +381,6 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) - // If we're on x86 we need to add a check for x32 and if we're in - // the wrong mode we jump over the section. - if uint32(nativeArch) == uint32(C.C_AUDIT_ARCH_X86_64) { -- // Grab the only architecture in the map. -- var scmpArch libseccomp.ScmpArch -- for arch := range maxSyscalls { -- scmpArch = arch -- } -- - // Generate a prefix to check the mode. - switch scmpArch { - case libseccomp.ArchAMD64: -@@ -512,7 +538,7 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) - - // Prepend the load instruction for the architecture. - programTail = append([]bpf.Instruction{ -- // load [4] -+ // load [4] (architecture) - bpf.LoadAbsolute{Off: 4, Size: 4}, // NOTE: We assume sizeof(int) == 4. - }, programTail...) - -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/seccomp/seccomp_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/seccomp/seccomp_linux.go -index f177b7f05f2..8c12af72be9 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/seccomp/seccomp_linux.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/seccomp/seccomp_linux.go -@@ -113,8 +113,8 @@ func InitSeccomp(config *configs.Seccomp) (int, error) { - // Convert Libcontainer Action to Libseccomp ScmpAction - func getAction(act configs.Action, errnoRet *uint) (libseccomp.ScmpAction, error) { - switch act { -- case configs.Kill: -- return libseccomp.ActKill, nil -+ case configs.Kill, configs.KillThread: -+ return libseccomp.ActKillThread, nil - case configs.Errno: - if errnoRet != nil { - return libseccomp.ActErrno.SetReturnCode(int16(*errnoRet)), nil -@@ -133,8 +133,6 @@ func getAction(act configs.Action, errnoRet *uint) (libseccomp.ScmpAction, error - return libseccomp.ActLog, nil - case configs.Notify: - return libseccomp.ActNotify, nil -- case configs.KillThread: -- return libseccomp.ActKillThread, nil - case configs.KillProcess: - return libseccomp.ActKillProcess, nil - default: -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go -index 585a04fa080..c09a7bed30e 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go -@@ -198,6 +198,14 @@ func (l *linuxStandardInit) Init() error { - if err != nil { - return err - } -+ // exec.LookPath in Go < 1.20 might return no error for an executable -+ // residing on a file system mounted with noexec flag, so perform this -+ // extra check now while we can still return a proper error. -+ // TODO: remove this once go < 1.20 is not supported. -+ if err := eaccess(name); err != nil { -+ return &os.PathError{Op: "eaccess", Path: name, Err: err} -+ } -+ - // Set seccomp as close to execve as possible, so as few syscalls take - // place afterward (reducing the amount of syscalls that users need to - // enable in their seccomp profiles). However, this needs to be done -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/sync.go b/vendor/github.com/opencontainers/runc/libcontainer/sync.go -index c9a23ef3a76..25dc2863071 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/sync.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/sync.go -@@ -15,16 +15,16 @@ type syncType string - // during container setup. They come in pairs (with procError being a generic - // response which is followed by an &initError). - // --// [ child ] <-> [ parent ] -+// [ child ] <-> [ parent ] - // --// procHooks --> [run hooks] --// <-- procResume -+// procHooks --> [run hooks] -+// <-- procResume - // --// procReady --> [final setup] --// <-- procRun -+// procReady --> [final setup] -+// <-- procRun - // --// procSeccomp --> [pick up seccomp fd with pidfd_getfd()] --// <-- procSeccompDone -+// procSeccomp --> [pick up seccomp fd with pidfd_getfd()] -+// <-- procSeccompDone - const ( - procError syncType = "procError" - procReady syncType = "procReady" -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go -index 2473c5eaddc..a1e216683d9 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go -@@ -280,13 +280,13 @@ func GetExecUserPath(userSpec string, defaults *ExecUser, passwdPath, groupPath - // found in any entry in passwd and group respectively. - // - // Examples of valid user specifications are: --// * "" --// * "user" --// * "uid" --// * "user:group" --// * "uid:gid --// * "user:gid" --// * "uid:group" -+// - "" -+// - "user" -+// - "uid" -+// - "user:group" -+// - "uid:gid -+// - "user:gid" -+// - "uid:group" - // - // It should be noted that if you specify a numeric user or group id, they will - // not be evaluated as usernames (only the metadata will be filled). So attempting -diff --git a/vendor/github.com/seccomp/libseccomp-golang/.golangci.yml b/vendor/github.com/seccomp/libseccomp-golang/.golangci.yml -new file mode 100644 -index 00000000000..7df8aa19838 ---- /dev/null -+++ b/vendor/github.com/seccomp/libseccomp-golang/.golangci.yml -@@ -0,0 +1,4 @@ -+# For documentation, see https://golangci-lint.run/usage/configuration/ -+linters: -+ enable: -+ - gofumpt -diff --git a/vendor/github.com/seccomp/libseccomp-golang/.travis.yml b/vendor/github.com/seccomp/libseccomp-golang/.travis.yml -deleted file mode 100644 -index 5240d462280..00000000000 ---- a/vendor/github.com/seccomp/libseccomp-golang/.travis.yml -+++ /dev/null -@@ -1,57 +0,0 @@ --# Travis CI configuration for libseccomp-golang -- --# https://docs.travis-ci.com/user/reference/bionic --# https://wiki.ubuntu.com/Releases -- --dist: bionic --sudo: false -- --notifications: -- email: -- on_success: always -- on_failure: always -- --arch: -- - amd64 -- --os: -- - linux -- --language: go -- --jobs: -- include: -- - name: "last libseccomp 2.5.0" -- env: -- - SECCOMP_VER=2.5.0 -- - SECCOMP_SHA256SUM=1ffa7038d2720ad191919816db3479295a4bcca1ec14e02f672539f4983014f3 -- - name: "compat libseccomp 2.4.4" -- env: -- - SECCOMP_VER=2.4.4 -- - SECCOMP_SHA256SUM=4e79738d1ef3c9b7ca9769f1f8b8d84fc17143c2c1c432e53b9c64787e0ff3eb -- - name: "compat libseccomp 2.2.1" -- env: -- - SECCOMP_VER=2.2.1 -- - SECCOMP_SHA256SUM=0ba1789f54786c644af54cdffc9fd0dd0a8bb2b2ee153933f658855d2851a740 -- --addons: -- apt: -- packages: -- - build-essential -- - astyle -- - golint -- - gperf -- --install: -- - go get -u golang.org/x/lint/golint -- --# run all of the tests independently, fail if any of the tests error --script: -- - wget https://github.com/seccomp/libseccomp/releases/download/v$SECCOMP_VER/libseccomp-$SECCOMP_VER.tar.gz -- - echo $SECCOMP_SHA256SUM libseccomp-$SECCOMP_VER.tar.gz | sha256sum -c -- - tar xf libseccomp-$SECCOMP_VER.tar.gz -- - pushd libseccomp-$SECCOMP_VER && ./configure --prefix=/opt/libseccomp-$SECCOMP_VER && make && sudo make install && popd -- - make check-syntax -- - make lint -- - PKG_CONFIG_PATH=/opt/libseccomp-$SECCOMP_VER/lib/pkgconfig LD_LIBRARY_PATH=/opt/libseccomp-$SECCOMP_VER/lib make vet -- - PKG_CONFIG_PATH=/opt/libseccomp-$SECCOMP_VER/lib/pkgconfig LD_LIBRARY_PATH=/opt/libseccomp-$SECCOMP_VER/lib make test -diff --git a/vendor/github.com/seccomp/libseccomp-golang/CONTRIBUTING.md b/vendor/github.com/seccomp/libseccomp-golang/CONTRIBUTING.md -index d6862cbd5f9..c2fc80d5af6 100644 ---- a/vendor/github.com/seccomp/libseccomp-golang/CONTRIBUTING.md -+++ b/vendor/github.com/seccomp/libseccomp-golang/CONTRIBUTING.md -@@ -1,31 +1,23 @@ --How to Submit Patches to the libseccomp Project -+How to Submit Patches to the libseccomp-golang Project - =============================================================================== - https://github.com/seccomp/libseccomp-golang - - This document is intended to act as a guide to help you contribute to the --libseccomp project. It is not perfect, and there will always be exceptions --to the rules described here, but by following the instructions below you --should have a much easier time getting your work merged with the upstream -+libseccomp-golang project. It is not perfect, and there will always be -+exceptions to the rules described here, but by following the instructions below -+you should have a much easier time getting your work merged with the upstream - project. - - ## Test Your Code Using Existing Tests - --There are two possible tests you can run to verify your code. The first --test is used to check the formatting and coding style of your changes, you --can run the test with the following command: -- -- # make check-syntax -- --... if there are any problems with your changes a diff/patch will be shown --which indicates the problems and how to fix them. -- --The second possible test is used to ensure the sanity of your code changes --and to test these changes against the included tests. You can run the test --with the following command: -+A number of tests and lint related recipes are provided in the Makefile, if -+you want to run the standard regression tests, you can execute the following: - - # make check - --... if there are any faults or errors they will be displayed. -+In order to use it, the 'golangci-lint' tool is needed, which can be found at: -+ -+* https://github.com/golangci/golangci-lint - - ## Add New Tests for New Functionality - -diff --git a/vendor/github.com/seccomp/libseccomp-golang/Makefile b/vendor/github.com/seccomp/libseccomp-golang/Makefile -index 38cfa852cd6..530f5b4adbc 100644 ---- a/vendor/github.com/seccomp/libseccomp-golang/Makefile -+++ b/vendor/github.com/seccomp/libseccomp-golang/Makefile -@@ -4,7 +4,7 @@ - - all: check-build - --check: vet test -+check: lint test - - check-build: - go build -@@ -16,7 +16,7 @@ fix-syntax: - gofmt -w . - - vet: -- go vet -v -+ go vet -v ./... - - # Previous bugs have made the tests freeze until the timeout. Golang default - # timeout for tests is 10 minutes, which is too long, considering current tests -@@ -28,5 +28,4 @@ test: - go test -v -timeout $(TEST_TIMEOUT) - - lint: -- @$(if $(shell which golint),true,$(error "install golint and include it in your PATH")) -- golint -set_exit_status -+ golangci-lint run . -diff --git a/vendor/github.com/seccomp/libseccomp-golang/README.md b/vendor/github.com/seccomp/libseccomp-golang/README.md -index 806a5ddf29b..6430f1c9e25 100644 ---- a/vendor/github.com/seccomp/libseccomp-golang/README.md -+++ b/vendor/github.com/seccomp/libseccomp-golang/README.md -@@ -2,7 +2,9 @@ - =============================================================================== - https://github.com/seccomp/libseccomp-golang - --[![Build Status](https://img.shields.io/travis/seccomp/libseccomp-golang/main.svg)](https://travis-ci.org/seccomp/libseccomp-golang) -+[![Go Reference](https://pkg.go.dev/badge/github.com/seccomp/libseccomp-golang.svg)](https://pkg.go.dev/github.com/seccomp/libseccomp-golang) -+[![validate](https://github.com/seccomp/libseccomp-golang/actions/workflows/validate.yml/badge.svg)](https://github.com/seccomp/libseccomp-golang/actions/workflows/validate.yml) -+[![test](https://github.com/seccomp/libseccomp-golang/actions/workflows/test.yml/badge.svg)](https://github.com/seccomp/libseccomp-golang/actions/workflows/test.yml) - - The libseccomp library provides an easy to use, platform independent, interface - to the Linux Kernel's syscall filtering mechanism. The libseccomp API is -@@ -26,26 +28,14 @@ list. - - * https://groups.google.com/d/forum/libseccomp - --Documentation is also available at: -+Documentation for this package is also available at: - --* https://godoc.org/github.com/seccomp/libseccomp-golang -+* https://pkg.go.dev/github.com/seccomp/libseccomp-golang - - ## Installing the package - --The libseccomp-golang bindings require at least Go v1.2.1 and GCC v4.8.4; --earlier versions may yield unpredictable results. If you meet these --requirements you can install this package using the command below: -- - # go get github.com/seccomp/libseccomp-golang - --## Testing the Library -- --A number of tests and lint related recipes are provided in the Makefile, if --you want to run the standard regression tests, you can excute the following: -- -- # make check -- --In order to execute the 'make lint' recipe the 'golint' tool is needed, it --can be found at: -+## Contributing - --* https://github.com/golang/lint -+See [CONTRIBUTING.md](CONTRIBUTING.md). -diff --git a/vendor/github.com/seccomp/libseccomp-golang/SECURITY.md b/vendor/github.com/seccomp/libseccomp-golang/SECURITY.md -new file mode 100644 -index 00000000000..c448faa8e80 ---- /dev/null -+++ b/vendor/github.com/seccomp/libseccomp-golang/SECURITY.md -@@ -0,0 +1,47 @@ -+The libseccomp-golang Security Vulnerability Handling Process -+=============================================================================== -+https://github.com/seccomp/libseccomp-golang -+ -+This document document attempts to describe the processes through which -+sensitive security relevant bugs can be responsibly disclosed to the -+libseccomp-golang project and how the project maintainers should handle these -+reports. Just like the other libseccomp-golang process documents, this -+document should be treated as a guiding document and not a hard, unyielding set -+of regulations; the bug reporters and project maintainers are encouraged to -+work together to address the issues as best they can, in a manner which works -+best for all parties involved. -+ -+### Reporting Problems -+ -+Problems with the libseccomp-golang library that are not suitable for immediate -+public disclosure should be emailed to the current libseccomp-golang -+maintainers, the list is below. We typically request at most a 90 day time -+period to address the issue before it is made public, but we will make every -+effort to address the issue as quickly as possible and shorten the disclosure -+window. -+ -+* Paul Moore, paul@paul-moore.com -+* Tom Hromatka, tom.hromatka@oracle.com -+ -+### Resolving Sensitive Security Issues -+ -+Upon disclosure of a bug, the maintainers should work together to investigate -+the problem and decide on a solution. In order to prevent an early disclosure -+of the problem, those working on the solution should do so privately and -+outside of the traditional libseccomp-golang development practices. One -+possible solution to this is to leverage the GitHub "Security" functionality to -+create a private development fork that can be shared among the maintainers, and -+optionally the reporter. A placeholder GitHub issue may be created, but -+details should remain extremely limited until such time as the problem has been -+fixed and responsibly disclosed. If a CVE, or other tag, has been assigned to -+the problem, the GitHub issue title should include the vulnerability tag once -+the problem has been disclosed. -+ -+### Public Disclosure -+ -+Whenever possible, responsible reporting and patching practices should be -+followed, including notification to the linux-distros and oss-security mailing -+lists. -+ -+* https://oss-security.openwall.org/wiki/mailing-lists/distros -+* https://oss-security.openwall.org/wiki/mailing-lists/oss-security -diff --git a/vendor/github.com/seccomp/libseccomp-golang/seccomp.go b/vendor/github.com/seccomp/libseccomp-golang/seccomp.go -index e9b92e2219a..8dad12fdbb9 100644 ---- a/vendor/github.com/seccomp/libseccomp-golang/seccomp.go -+++ b/vendor/github.com/seccomp/libseccomp-golang/seccomp.go -@@ -1,5 +1,3 @@ --// +build linux -- - // Public API specification for libseccomp Go bindings - // Contains public API for the bindings - -@@ -18,48 +16,36 @@ import ( - "unsafe" - ) - --// C wrapping code -- --// To compile libseccomp-golang against a specific version of libseccomp: --// cd ../libseccomp && mkdir -p prefix --// ./configure --prefix=$PWD/prefix && make && make install --// cd ../libseccomp-golang --// PKG_CONFIG_PATH=$PWD/../libseccomp/prefix/lib/pkgconfig/ make --// LD_PRELOAD=$PWD/../libseccomp/prefix/lib/libseccomp.so.2.5.0 PKG_CONFIG_PATH=$PWD/../libseccomp/prefix/lib/pkgconfig/ make test -- --// #cgo pkg-config: libseccomp - // #include - // #include - import "C" - - // Exported types - --// VersionError denotes that the system libseccomp version is incompatible --// with this package. -+// VersionError represents an error when either the system libseccomp version -+// or the kernel version is too old to perform the operation requested. - type VersionError struct { -- message string -- minimum string -+ op string // operation that failed or would fail -+ major, minor, micro uint // minimally required libseccomp version -+ curAPI, minAPI uint // current and minimally required API versions - } - - func init() { - // This forces the cgo libseccomp to initialize its internal API support state, - // which is necessary on older versions of libseccomp in order to work - // correctly. -- GetAPI() -+ _, _ = getAPI() - } - - func (e VersionError) Error() string { -- messageStr := "" -- if e.message != "" { -- messageStr = e.message + ": " -+ if e.minAPI != 0 { -+ return fmt.Sprintf("%s requires libseccomp >= %d.%d.%d and API level >= %d "+ -+ "(current version: %d.%d.%d, API level: %d)", -+ e.op, e.major, e.minor, e.micro, e.minAPI, -+ verMajor, verMinor, verMicro, e.curAPI) - } -- minimumStr := "" -- if e.minimum != "" { -- minimumStr = e.minimum -- } else { -- minimumStr = "2.2.0" -- } -- return fmt.Sprintf("Libseccomp version too low: %sminimum supported is %s: detected %d.%d.%d", messageStr, minimumStr, verMajor, verMinor, verMicro) -+ return fmt.Sprintf("%s requires libseccomp >= %d.%d.%d (current version: %d.%d.%d)", -+ e.op, e.major, e.minor, e.micro, verMajor, verMinor, verMicro) - } - - // ScmpArch represents a CPU architecture. Seccomp can restrict syscalls on a -@@ -148,44 +134,46 @@ const ( - // variables are invalid - ArchInvalid ScmpArch = iota - // ArchNative is the native architecture of the kernel -- ArchNative ScmpArch = iota -+ ArchNative - // ArchX86 represents 32-bit x86 syscalls -- ArchX86 ScmpArch = iota -+ ArchX86 - // ArchAMD64 represents 64-bit x86-64 syscalls -- ArchAMD64 ScmpArch = iota -+ ArchAMD64 - // ArchX32 represents 64-bit x86-64 syscalls (32-bit pointers) -- ArchX32 ScmpArch = iota -+ ArchX32 - // ArchARM represents 32-bit ARM syscalls -- ArchARM ScmpArch = iota -+ ArchARM - // ArchARM64 represents 64-bit ARM syscalls -- ArchARM64 ScmpArch = iota -+ ArchARM64 - // ArchMIPS represents 32-bit MIPS syscalls -- ArchMIPS ScmpArch = iota -+ ArchMIPS - // ArchMIPS64 represents 64-bit MIPS syscalls -- ArchMIPS64 ScmpArch = iota -+ ArchMIPS64 - // ArchMIPS64N32 represents 64-bit MIPS syscalls (32-bit pointers) -- ArchMIPS64N32 ScmpArch = iota -+ ArchMIPS64N32 - // ArchMIPSEL represents 32-bit MIPS syscalls (little endian) -- ArchMIPSEL ScmpArch = iota -+ ArchMIPSEL - // ArchMIPSEL64 represents 64-bit MIPS syscalls (little endian) -- ArchMIPSEL64 ScmpArch = iota -+ ArchMIPSEL64 - // ArchMIPSEL64N32 represents 64-bit MIPS syscalls (little endian, - // 32-bit pointers) -- ArchMIPSEL64N32 ScmpArch = iota -+ ArchMIPSEL64N32 - // ArchPPC represents 32-bit POWERPC syscalls -- ArchPPC ScmpArch = iota -+ ArchPPC - // ArchPPC64 represents 64-bit POWER syscalls (big endian) -- ArchPPC64 ScmpArch = iota -+ ArchPPC64 - // ArchPPC64LE represents 64-bit POWER syscalls (little endian) -- ArchPPC64LE ScmpArch = iota -+ ArchPPC64LE - // ArchS390 represents 31-bit System z/390 syscalls -- ArchS390 ScmpArch = iota -+ ArchS390 - // ArchS390X represents 64-bit System z/390 syscalls -- ArchS390X ScmpArch = iota -+ ArchS390X - // ArchPARISC represents 32-bit PA-RISC -- ArchPARISC ScmpArch = iota -+ ArchPARISC - // ArchPARISC64 represents 64-bit PA-RISC -- ArchPARISC64 ScmpArch = iota -+ ArchPARISC64 -+ // ArchRISCV64 represents RISCV64 -+ ArchRISCV64 - ) - - const ( -@@ -194,34 +182,36 @@ const ( - // ActInvalid is a placeholder to ensure uninitialized ScmpAction - // variables are invalid - ActInvalid ScmpAction = iota -- // ActKill kills the thread that violated the rule. It is the same as ActKillThread. -+ // ActKillThread kills the thread that violated the rule. - // All other threads from the same thread group will continue to execute. -- ActKill ScmpAction = iota -+ ActKillThread - // ActTrap throws SIGSYS -- ActTrap ScmpAction = iota -+ ActTrap - // ActNotify triggers a userspace notification. This action is only usable when - // libseccomp API level 6 or higher is supported. -- ActNotify ScmpAction = iota -+ ActNotify - // ActErrno causes the syscall to return a negative error code. This - // code can be set with the SetReturnCode method -- ActErrno ScmpAction = iota -+ ActErrno - // ActTrace causes the syscall to notify tracing processes with the - // given error code. This code can be set with the SetReturnCode method -- ActTrace ScmpAction = iota -+ ActTrace - // ActAllow permits the syscall to continue execution -- ActAllow ScmpAction = iota -+ ActAllow - // ActLog permits the syscall to continue execution after logging it. - // This action is only usable when libseccomp API level 3 or higher is - // supported. -- ActLog ScmpAction = iota -- // ActKillThread kills the thread that violated the rule. It is the same as ActKill. -- // All other threads from the same thread group will continue to execute. -- ActKillThread ScmpAction = iota -+ ActLog - // ActKillProcess kills the process that violated the rule. - // All threads in the thread group are also terminated. - // This action is only usable when libseccomp API level 3 or higher is - // supported. -- ActKillProcess ScmpAction = iota -+ ActKillProcess -+ // ActKill kills the thread that violated the rule. -+ // All other threads from the same thread group will continue to execute. -+ // -+ // Deprecated: use ActKillThread -+ ActKill = ActKillThread - ) - - const ( -@@ -234,36 +224,35 @@ const ( - CompareInvalid ScmpCompareOp = iota - // CompareNotEqual returns true if the argument is not equal to the - // given value -- CompareNotEqual ScmpCompareOp = iota -+ CompareNotEqual - // CompareLess returns true if the argument is less than the given value -- CompareLess ScmpCompareOp = iota -+ CompareLess - // CompareLessOrEqual returns true if the argument is less than or equal - // to the given value -- CompareLessOrEqual ScmpCompareOp = iota -+ CompareLessOrEqual - // CompareEqual returns true if the argument is equal to the given value -- CompareEqual ScmpCompareOp = iota -+ CompareEqual - // CompareGreaterEqual returns true if the argument is greater than or - // equal to the given value -- CompareGreaterEqual ScmpCompareOp = iota -+ CompareGreaterEqual - // CompareGreater returns true if the argument is greater than the given - // value -- CompareGreater ScmpCompareOp = iota -- // CompareMaskedEqual returns true if the argument is equal to the given -- // value, when masked (bitwise &) against the second given value -- CompareMaskedEqual ScmpCompareOp = iota -+ CompareGreater -+ // CompareMaskedEqual returns true if the masked argument value is -+ // equal to the masked datum value. Mask is the first argument, and -+ // datum is the second one. -+ CompareMaskedEqual - ) - --var ( -- // ErrSyscallDoesNotExist represents an error condition where -- // libseccomp is unable to resolve the syscall -- ErrSyscallDoesNotExist = fmt.Errorf("could not resolve syscall name") --) -+// ErrSyscallDoesNotExist represents an error condition where -+// libseccomp is unable to resolve the syscall -+var ErrSyscallDoesNotExist = fmt.Errorf("could not resolve syscall name") - - const ( - // Userspace notification response flags - - // NotifRespFlagContinue tells the kernel to continue executing the system -- // call that triggered the notification. Must only be used when the notication -+ // call that triggered the notification. Must only be used when the notification - // response's error is 0. - NotifRespFlagContinue uint32 = 1 - ) -@@ -314,6 +303,8 @@ func GetArchFromString(arch string) (ScmpArch, error) { - return ArchPARISC, nil - case "parisc64": - return ArchPARISC64, nil -+ case "riscv64": -+ return ArchRISCV64, nil - default: - return ArchInvalid, fmt.Errorf("cannot convert unrecognized string %q", arch) - } -@@ -358,6 +349,8 @@ func (a ScmpArch) String() string { - return "parisc" - case ArchPARISC64: - return "parisc64" -+ case ArchRISCV64: -+ return "riscv64" - case ArchNative: - return "native" - case ArchInvalid: -@@ -394,7 +387,7 @@ func (a ScmpCompareOp) String() string { - // String returns a string representation of a seccomp match action - func (a ScmpAction) String() string { - switch a & 0xFFFF { -- case ActKill, ActKillThread: -+ case ActKillThread: - return "Action: Kill thread" - case ActKillProcess: - return "Action: Kill process" -@@ -556,8 +549,8 @@ func MakeCondition(arg uint, comparison ScmpCompareOp, values ...uint64) (ScmpCo - return condStruct, err - } - -- if comparison == CompareInvalid { -- return condStruct, fmt.Errorf("invalid comparison operator") -+ if err := sanitizeCompareOp(comparison); err != nil { -+ return condStruct, err - } else if arg > 5 { - return condStruct, fmt.Errorf("syscalls only have up to 6 arguments (%d given)", arg) - } else if len(values) > 2 { -@@ -874,10 +867,8 @@ func (f *ScmpFilter) GetNoNewPrivsBit() (bool, error) { - func (f *ScmpFilter) GetLogBit() (bool, error) { - log, err := f.getFilterAttr(filterAttrLog) - if err != nil { -- // Ignore error, if not supported returns apiLevel == 0 -- apiLevel, _ := GetAPI() -- if apiLevel < 3 { -- return false, fmt.Errorf("getting the log bit is only supported in libseccomp 2.4.0 and newer with API level 3 or higher") -+ if e := checkAPI("GetLogBit", 3, 2, 4, 0); e != nil { -+ err = e - } - - return false, err -@@ -899,9 +890,8 @@ func (f *ScmpFilter) GetLogBit() (bool, error) { - func (f *ScmpFilter) GetSSB() (bool, error) { - ssb, err := f.getFilterAttr(filterAttrSSB) - if err != nil { -- api, apiErr := getAPI() -- if (apiErr != nil && api == 0) || (apiErr == nil && api < 4) { -- return false, fmt.Errorf("getting the SSB flag is only supported in libseccomp 2.5.0 and newer with API level 4 or higher") -+ if e := checkAPI("GetSSB", 4, 2, 5, 0); e != nil { -+ err = e - } - - return false, err -@@ -914,6 +904,42 @@ func (f *ScmpFilter) GetSSB() (bool, error) { - return true, nil - } - -+// GetOptimize returns the current optimization level of the filter, -+// or an error if an issue was encountered retrieving the value. -+// See SetOptimize for more details. -+func (f *ScmpFilter) GetOptimize() (int, error) { -+ level, err := f.getFilterAttr(filterAttrOptimize) -+ if err != nil { -+ if e := checkAPI("GetOptimize", 4, 2, 5, 0); e != nil { -+ err = e -+ } -+ -+ return 0, err -+ } -+ -+ return int(level), nil -+} -+ -+// GetRawRC returns the current state of RawRC flag, or an error -+// if an issue was encountered retrieving the value. -+// See SetRawRC for more details. -+func (f *ScmpFilter) GetRawRC() (bool, error) { -+ rawrc, err := f.getFilterAttr(filterAttrRawRC) -+ if err != nil { -+ if e := checkAPI("GetRawRC", 4, 2, 5, 0); e != nil { -+ err = e -+ } -+ -+ return false, err -+ } -+ -+ if rawrc == 0 { -+ return false, nil -+ } -+ -+ return true, nil -+} -+ - // SetBadArchAction sets the default action taken on a syscall for an - // architecture not in the filter, or an error if an issue was encountered - // setting the value. -@@ -953,10 +979,8 @@ func (f *ScmpFilter) SetLogBit(state bool) error { - - err := f.setFilterAttr(filterAttrLog, toSet) - if err != nil { -- // Ignore error, if not supported returns apiLevel == 0 -- apiLevel, _ := GetAPI() -- if apiLevel < 3 { -- return fmt.Errorf("setting the log bit is only supported in libseccomp 2.4.0 and newer with API level 3 or higher") -+ if e := checkAPI("SetLogBit", 3, 2, 4, 0); e != nil { -+ err = e - } - } - -@@ -976,9 +1000,52 @@ func (f *ScmpFilter) SetSSB(state bool) error { - - err := f.setFilterAttr(filterAttrSSB, toSet) - if err != nil { -- api, apiErr := getAPI() -- if (apiErr != nil && api == 0) || (apiErr == nil && api < 4) { -- return fmt.Errorf("setting the SSB flag is only supported in libseccomp 2.5.0 and newer with API level 4 or higher") -+ if e := checkAPI("SetSSB", 4, 2, 5, 0); e != nil { -+ err = e -+ } -+ } -+ -+ return err -+} -+ -+// SetOptimize sets optimization level of the seccomp filter. By default -+// libseccomp generates a set of sequential "if" statements for each rule in -+// the filter. SetSyscallPriority can be used to prioritize the order for the -+// default cause. The binary tree optimization sorts by syscall numbers and -+// generates consistent O(log n) filter traversal for every rule in the filter. -+// The binary tree may be advantageous for large filters. Note that -+// SetSyscallPriority is ignored when level == 2. -+// -+// The different optimization levels are: -+// 0: Reserved value, not currently used. -+// 1: Rules sorted by priority and complexity (DEFAULT). -+// 2: Binary tree sorted by syscall number. -+func (f *ScmpFilter) SetOptimize(level int) error { -+ cLevel := C.uint32_t(level) -+ -+ err := f.setFilterAttr(filterAttrOptimize, cLevel) -+ if err != nil { -+ if e := checkAPI("SetOptimize", 4, 2, 5, 0); e != nil { -+ err = e -+ } -+ } -+ -+ return err -+} -+ -+// SetRawRC sets whether libseccomp should pass system error codes back to the -+// caller, instead of the default ECANCELED. Defaults to false. -+func (f *ScmpFilter) SetRawRC(state bool) error { -+ var toSet C.uint32_t = 0x0 -+ -+ if state { -+ toSet = 0x1 -+ } -+ -+ err := f.setFilterAttr(filterAttrRawRC, toSet) -+ if err != nil { -+ if e := checkAPI("SetRawRC", 4, 2, 5, 0); e != nil { -+ err = e - } - } - -@@ -1029,9 +1096,6 @@ func (f *ScmpFilter) AddRuleExact(call ScmpSyscall, action ScmpAction) error { - // AddRuleConditional adds a single rule for a conditional action on a syscall. - // Returns an error if an issue was encountered adding the rule. - // All conditions must match for the rule to match. --// There is a bug in library versions below v2.2.1 which can, in some cases, --// cause conditions to be lost when more than one are used. Consequently, --// AddRuleConditional is disabled on library versions lower than v2.2.1 - func (f *ScmpFilter) AddRuleConditional(call ScmpSyscall, action ScmpAction, conds []ScmpCondition) error { - return f.addRuleGeneric(call, action, false, conds) - } -@@ -1043,9 +1107,6 @@ func (f *ScmpFilter) AddRuleConditional(call ScmpSyscall, action ScmpAction, con - // The rule will function exactly as described, but it may not function identically - // (or be able to be applied to) all architectures. - // Returns an error if an issue was encountered adding the rule. --// There is a bug in library versions below v2.2.1 which can, in some cases, --// cause conditions to be lost when more than one are used. Consequently, --// AddRuleConditionalExact is disabled on library versions lower than v2.2.1 - func (f *ScmpFilter) AddRuleConditionalExact(call ScmpSyscall, action ScmpAction, conds []ScmpCondition) error { - return f.addRuleGeneric(call, action, true, conds) - } -diff --git a/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go b/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go -index 8dc7b296f3b..df4dfb7eba8 100644 ---- a/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go -+++ b/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go -@@ -1,11 +1,10 @@ --// +build linux -- - // Internal functions for libseccomp Go bindings - // No exported functions - - package seccomp - - import ( -+ "errors" - "fmt" - "syscall" - ) -@@ -27,10 +26,10 @@ import ( - #include - #include - --#if SCMP_VER_MAJOR < 2 --#error Minimum supported version of Libseccomp is v2.2.0 --#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 2 --#error Minimum supported version of Libseccomp is v2.2.0 -+#if (SCMP_VER_MAJOR < 2) || \ -+ (SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 3) || \ -+ (SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR == 3 && SCMP_VER_MICRO < 1) -+#error This package requires libseccomp >= v2.3.1 - #endif - - #define ARCH_BAD ~0 -@@ -65,6 +64,10 @@ const uint32_t C_ARCH_BAD = ARCH_BAD; - #define SCMP_ARCH_PARISC64 ARCH_BAD - #endif - -+#ifndef SCMP_ARCH_RISCV64 -+#define SCMP_ARCH_RISCV64 ARCH_BAD -+#endif -+ - const uint32_t C_ARCH_NATIVE = SCMP_ARCH_NATIVE; - const uint32_t C_ARCH_X86 = SCMP_ARCH_X86; - const uint32_t C_ARCH_X86_64 = SCMP_ARCH_X86_64; -@@ -84,6 +87,7 @@ const uint32_t C_ARCH_S390 = SCMP_ARCH_S390; - const uint32_t C_ARCH_S390X = SCMP_ARCH_S390X; - const uint32_t C_ARCH_PARISC = SCMP_ARCH_PARISC; - const uint32_t C_ARCH_PARISC64 = SCMP_ARCH_PARISC64; -+const uint32_t C_ARCH_RISCV64 = SCMP_ARCH_RISCV64; - - #ifndef SCMP_ACT_LOG - #define SCMP_ACT_LOG 0x7ffc0000U -@@ -113,20 +117,25 @@ const uint32_t C_ACT_NOTIFY = SCMP_ACT_NOTIFY; - - // The libseccomp SCMP_FLTATR_CTL_LOG member of the scmp_filter_attr enum was - // added in v2.4.0 --#if (SCMP_VER_MAJOR < 2) || \ -- (SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 4) -+#if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 4 - #define SCMP_FLTATR_CTL_LOG _SCMP_FLTATR_MIN - #endif -+ -+// The following SCMP_FLTATR_* were added in libseccomp v2.5.0. - #if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 5 --#define SCMP_FLTATR_CTL_SSB _SCMP_FLTATR_MIN -+#define SCMP_FLTATR_CTL_SSB _SCMP_FLTATR_MIN -+#define SCMP_FLTATR_CTL_OPTIMIZE _SCMP_FLTATR_MIN -+#define SCMP_FLTATR_API_SYSRAWRC _SCMP_FLTATR_MIN - #endif - --const uint32_t C_ATTRIBUTE_DEFAULT = (uint32_t)SCMP_FLTATR_ACT_DEFAULT; --const uint32_t C_ATTRIBUTE_BADARCH = (uint32_t)SCMP_FLTATR_ACT_BADARCH; --const uint32_t C_ATTRIBUTE_NNP = (uint32_t)SCMP_FLTATR_CTL_NNP; --const uint32_t C_ATTRIBUTE_TSYNC = (uint32_t)SCMP_FLTATR_CTL_TSYNC; --const uint32_t C_ATTRIBUTE_LOG = (uint32_t)SCMP_FLTATR_CTL_LOG; --const uint32_t C_ATTRIBUTE_SSB = (uint32_t)SCMP_FLTATR_CTL_SSB; -+const uint32_t C_ATTRIBUTE_DEFAULT = (uint32_t)SCMP_FLTATR_ACT_DEFAULT; -+const uint32_t C_ATTRIBUTE_BADARCH = (uint32_t)SCMP_FLTATR_ACT_BADARCH; -+const uint32_t C_ATTRIBUTE_NNP = (uint32_t)SCMP_FLTATR_CTL_NNP; -+const uint32_t C_ATTRIBUTE_TSYNC = (uint32_t)SCMP_FLTATR_CTL_TSYNC; -+const uint32_t C_ATTRIBUTE_LOG = (uint32_t)SCMP_FLTATR_CTL_LOG; -+const uint32_t C_ATTRIBUTE_SSB = (uint32_t)SCMP_FLTATR_CTL_SSB; -+const uint32_t C_ATTRIBUTE_OPTIMIZE = (uint32_t)SCMP_FLTATR_CTL_OPTIMIZE; -+const uint32_t C_ATTRIBUTE_SYSRAWRC = (uint32_t)SCMP_FLTATR_API_SYSRAWRC; - - const int C_CMP_NE = (int)SCMP_CMP_NE; - const int C_CMP_LT = (int)SCMP_CMP_LT; -@@ -173,8 +182,7 @@ unsigned int get_micro_version() - #endif - - // The libseccomp API level functions were added in v2.4.0 --#if (SCMP_VER_MAJOR < 2) || \ -- (SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 4) -+#if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 4 - const unsigned int seccomp_api_get(void) - { - // libseccomp-golang requires libseccomp v2.2.0, at a minimum, which -@@ -217,8 +225,7 @@ void add_struct_arg_cmp( - } - - // The seccomp notify API functions were added in v2.5.0 --#if (SCMP_VER_MAJOR < 2) || \ -- (SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 5) -+#if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 5 - - struct seccomp_data { - int nr; -@@ -270,11 +277,13 @@ type scmpFilterAttr uint32 - - const ( - filterAttrActDefault scmpFilterAttr = iota -- filterAttrActBadArch scmpFilterAttr = iota -- filterAttrNNP scmpFilterAttr = iota -- filterAttrTsync scmpFilterAttr = iota -- filterAttrLog scmpFilterAttr = iota -- filterAttrSSB scmpFilterAttr = iota -+ filterAttrActBadArch -+ filterAttrNNP -+ filterAttrTsync -+ filterAttrLog -+ filterAttrSSB -+ filterAttrOptimize -+ filterAttrRawRC - ) - - const ( -@@ -282,9 +291,9 @@ const ( - scmpError C.int = -1 - // Comparison boundaries to check for architecture validity - archStart ScmpArch = ArchNative -- archEnd ScmpArch = ArchPARISC64 -+ archEnd ScmpArch = ArchRISCV64 - // Comparison boundaries to check for action validity -- actionStart ScmpAction = ActKill -+ actionStart ScmpAction = ActKillThread - actionEnd ScmpAction = ActKillProcess - // Comparison boundaries to check for comparison operator validity - compareOpStart ScmpCompareOp = CompareNotEqual -@@ -292,8 +301,9 @@ const ( - ) - - var ( -- // Error thrown on bad filter context -- errBadFilter = fmt.Errorf("filter is invalid or uninitialized") -+ // errBadFilter is thrown on bad filter context. -+ errBadFilter = errors.New("filter is invalid or uninitialized") -+ errDefAction = errors.New("requested action matches default action of filter") - // Constants representing library major, minor, and micro versions - verMajor = uint(C.get_major_version()) - verMinor = uint(C.get_minor_version()) -@@ -302,19 +312,28 @@ var ( - - // Nonexported functions - --// Check if library version is greater than or equal to the given one --func checkVersionAbove(major, minor, micro uint) bool { -- return (verMajor > major) || -+// checkVersion returns an error if the libseccomp version being used -+// is less than the one specified by major, minor, and micro arguments. -+// Argument op is an arbitrary non-empty operation description, which -+// is used as a part of the error message returned. -+// -+// Most users should use checkAPI instead. -+func checkVersion(op string, major, minor, micro uint) error { -+ if (verMajor > major) || - (verMajor == major && verMinor > minor) || -- (verMajor == major && verMinor == minor && verMicro >= micro) -+ (verMajor == major && verMinor == minor && verMicro >= micro) { -+ return nil -+ } -+ return &VersionError{ -+ op: op, -+ major: major, -+ minor: minor, -+ micro: micro, -+ } - } - --// Ensure that the library is supported, i.e. >= 2.2.0. - func ensureSupportedVersion() error { -- if !checkVersionAbove(2, 2, 0) { -- return VersionError{} -- } -- return nil -+ return checkVersion("seccomp", 2, 3, 1) - } - - // Get the API level -@@ -406,8 +425,10 @@ func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction, exact b - switch e := errRc(retCode); e { - case syscall.EFAULT: - return fmt.Errorf("unrecognized syscall %#x", int32(call)) -- case syscall.EPERM: -- return fmt.Errorf("requested action matches default action of filter") -+ // libseccomp >= v2.5.0 returns EACCES, older versions return EPERM. -+ // TODO: remove EPERM once libseccomp < v2.5.0 is not supported. -+ case syscall.EPERM, syscall.EACCES: -+ return errDefAction - case syscall.EINVAL: - return fmt.Errorf("two checks on same syscall argument") - default: -@@ -432,14 +453,6 @@ func (f *ScmpFilter) addRuleGeneric(call ScmpSyscall, action ScmpAction, exact b - return err - } - } else { -- // We don't support conditional filtering in library version v2.1 -- if !checkVersionAbove(2, 2, 1) { -- return VersionError{ -- message: "conditional filtering is not supported", -- minimum: "2.2.1", -- } -- } -- - argsArr := C.make_arg_cmp_array(C.uint(len(conds))) - if argsArr == nil { - return fmt.Errorf("error allocating memory for conditions") -@@ -536,6 +549,8 @@ func archFromNative(a C.uint32_t) (ScmpArch, error) { - return ArchPARISC, nil - case C.C_ARCH_PARISC64: - return ArchPARISC64, nil -+ case C.C_ARCH_RISCV64: -+ return ArchRISCV64, nil - default: - return 0x0, fmt.Errorf("unrecognized architecture %#x", uint32(a)) - } -@@ -580,6 +595,8 @@ func (a ScmpArch) toNative() C.uint32_t { - return C.C_ARCH_PARISC - case ArchPARISC64: - return C.C_ARCH_PARISC64 -+ case ArchRISCV64: -+ return C.C_ARCH_RISCV64 - case ArchNative: - return C.C_ARCH_NATIVE - default: -@@ -612,8 +629,6 @@ func (a ScmpCompareOp) toNative() C.int { - func actionFromNative(a C.uint32_t) (ScmpAction, error) { - aTmp := a & 0xFFFF - switch a & 0xFFFF0000 { -- case C.C_ACT_KILL: -- return ActKill, nil - case C.C_ACT_KILL_PROCESS: - return ActKillProcess, nil - case C.C_ACT_KILL_THREAD: -@@ -638,8 +653,6 @@ func actionFromNative(a C.uint32_t) (ScmpAction, error) { - // Only use with sanitized actions, no error handling - func (a ScmpAction) toNative() C.uint32_t { - switch a & 0xFFFF { -- case ActKill: -- return C.C_ACT_KILL - case ActKillProcess: - return C.C_ACT_KILL_PROCESS - case ActKillThread: -@@ -676,15 +689,15 @@ func (a scmpFilterAttr) toNative() uint32 { - return uint32(C.C_ATTRIBUTE_LOG) - case filterAttrSSB: - return uint32(C.C_ATTRIBUTE_SSB) -+ case filterAttrOptimize: -+ return uint32(C.C_ATTRIBUTE_OPTIMIZE) -+ case filterAttrRawRC: -+ return uint32(C.C_ATTRIBUTE_SYSRAWRC) - default: - return 0x0 - } - } - --func (a ScmpSyscall) toNative() C.uint32_t { -- return C.uint32_t(a) --} -- - func syscallFromNative(a C.int) ScmpSyscall { - return ScmpSyscall(a) - } -@@ -724,9 +737,34 @@ func (scmpResp *ScmpNotifResp) toNative(resp *C.struct_seccomp_notif_resp) { - resp.flags = C.__u32(scmpResp.Flags) - } - -+// checkAPI checks that both the API level and the seccomp version is equal to -+// or greater than the specified minLevel and major, minor, micro, -+// respectively, and returns an error otherwise. Argument op is an arbitrary -+// non-empty operation description, used as a part of the error message -+// returned. -+func checkAPI(op string, minLevel uint, major, minor, micro uint) error { -+ // Ignore error from getAPI, as it returns level == 0 in case of error. -+ level, _ := getAPI() -+ if level >= minLevel { -+ return checkVersion(op, major, minor, micro) -+ } -+ return &VersionError{ -+ op: op, -+ curAPI: level, -+ minAPI: minLevel, -+ major: major, -+ minor: minor, -+ micro: micro, -+ } -+} -+ - // Userspace Notification API - // Calls to C.seccomp_notify* hidden from seccomp.go - -+func notifSupported() error { -+ return checkAPI("seccomp notification", 6, 2, 5, 0) -+} -+ - func (f *ScmpFilter) getNotifFd() (ScmpFd, error) { - f.lock.Lock() - defer f.lock.Unlock() -@@ -734,11 +772,8 @@ func (f *ScmpFilter) getNotifFd() (ScmpFd, error) { - if !f.valid { - return -1, errBadFilter - } -- -- // Ignore error, if not supported returns apiLevel == 0 -- apiLevel, _ := GetAPI() -- if apiLevel < 6 { -- return -1, fmt.Errorf("seccomp notification requires API level >= 6; current level = %d", apiLevel) -+ if err := notifSupported(); err != nil { -+ return -1, err - } - - fd := C.seccomp_notify_fd(f.filterCtx) -@@ -750,10 +785,8 @@ func notifReceive(fd ScmpFd) (*ScmpNotifReq, error) { - var req *C.struct_seccomp_notif - var resp *C.struct_seccomp_notif_resp - -- // Ignore error, if not supported returns apiLevel == 0 -- apiLevel, _ := GetAPI() -- if apiLevel < 6 { -- return nil, fmt.Errorf("seccomp notification requires API level >= 6; current level = %d", apiLevel) -+ if err := notifSupported(); err != nil { -+ return nil, err - } - - // we only use the request here; the response is unused -@@ -789,13 +822,11 @@ func notifRespond(fd ScmpFd, scmpResp *ScmpNotifResp) error { - var req *C.struct_seccomp_notif - var resp *C.struct_seccomp_notif_resp - -- // Ignore error, if not supported returns apiLevel == 0 -- apiLevel, _ := GetAPI() -- if apiLevel < 6 { -- return fmt.Errorf("seccomp notification requires API level >= 6; current level = %d", apiLevel) -+ if err := notifSupported(); err != nil { -+ return err - } - -- // we only use the reponse here; the request is discarded -+ // we only use the response here; the request is discarded - if retCode := C.seccomp_notify_alloc(&req, &resp); retCode != 0 { - return errRc(retCode) - } -@@ -827,10 +858,8 @@ func notifRespond(fd ScmpFd, scmpResp *ScmpNotifResp) error { - } - - func notifIDValid(fd ScmpFd, id uint64) error { -- // Ignore error, if not supported returns apiLevel == 0 -- apiLevel, _ := GetAPI() -- if apiLevel < 6 { -- return fmt.Errorf("seccomp notification requires API level >= 6; current level = %d", apiLevel) -+ if err := notifSupported(); err != nil { -+ return err - } - - for { -diff --git a/vendor/golang.org/x/mod/module/module.go b/vendor/golang.org/x/mod/module/module.go -index 355b5a45685..e9dec6e6148 100644 ---- a/vendor/golang.org/x/mod/module/module.go -+++ b/vendor/golang.org/x/mod/module/module.go -@@ -15,7 +15,7 @@ - // but additional checking functions, most notably Check, verify that - // a particular path, version pair is valid. - // --// Escaped Paths -+// # Escaped Paths - // - // Module paths appear as substrings of file system paths - // (in the download cache) and of web server URLs in the proxy protocol. -@@ -55,7 +55,7 @@ - // Import paths have never allowed exclamation marks, so there is no - // need to define how to escape a literal !. - // --// Unicode Restrictions -+// # Unicode Restrictions - // - // Today, paths are disallowed from using Unicode. - // -@@ -96,6 +96,7 @@ package module - // Changes to the semantics in this file require approval from rsc. - - import ( -+ "errors" - "fmt" - "path" - "sort" -@@ -104,7 +105,6 @@ import ( - "unicode/utf8" - - "golang.org/x/mod/semver" -- errors "golang.org/x/xerrors" - ) - - // A Version (for clients, a module.Version) is defined by a module path and version pair. -@@ -258,7 +258,7 @@ func modPathOK(r rune) bool { - return false - } - --// modPathOK reports whether r can appear in a package import path element. -+// importPathOK reports whether r can appear in a package import path element. - // - // Import paths are intermediate between module paths and file paths: we allow - // disallow characters that would be confusing or ambiguous as arguments to -diff --git a/vendor/golang.org/x/net/html/doc.go b/vendor/golang.org/x/net/html/doc.go -index 822ed42a04c..7a96eae3310 100644 ---- a/vendor/golang.org/x/net/html/doc.go -+++ b/vendor/golang.org/x/net/html/doc.go -@@ -92,6 +92,21 @@ example, to process each anchor node in depth-first order: - The relevant specifications include: - https://html.spec.whatwg.org/multipage/syntax.html and - https://html.spec.whatwg.org/multipage/syntax.html#tokenization -+ -+# Security Considerations -+ -+Care should be taken when parsing and interpreting HTML, whether full documents -+or fragments, within the framework of the HTML specification, especially with -+regard to untrusted inputs. -+ -+This package provides both a tokenizer and a parser. Only the parser constructs -+a DOM according to the HTML specification, resolving malformed and misplaced -+tags where appropriate. The tokenizer simply tokenizes the HTML presented to it, -+and as such does not resolve issues that may exist in the processed HTML, -+producing a literal interpretation of the input. -+ -+If your use case requires semantically well-formed HTML, as defined by the -+WHATWG specifiction, the parser should be used rather than the tokenizer. - */ - package html // import "golang.org/x/net/html" - -diff --git a/vendor/golang.org/x/net/html/escape.go b/vendor/golang.org/x/net/html/escape.go -index d8561396200..04c6bec2107 100644 ---- a/vendor/golang.org/x/net/html/escape.go -+++ b/vendor/golang.org/x/net/html/escape.go -@@ -193,6 +193,87 @@ func lower(b []byte) []byte { - return b - } - -+// escapeComment is like func escape but escapes its input bytes less often. -+// Per https://github.com/golang/go/issues/58246 some HTML comments are (1) -+// meaningful and (2) contain angle brackets that we'd like to avoid escaping -+// unless we have to. -+// -+// "We have to" includes the '&' byte, since that introduces other escapes. -+// -+// It also includes those bytes (not including EOF) that would otherwise end -+// the comment. Per the summary table at the bottom of comment_test.go, this is -+// the '>' byte that, per above, we'd like to avoid escaping unless we have to. -+// -+// Studying the summary table (and T actions in its '>' column) closely, we -+// only need to escape in states 43, 44, 49, 51 and 52. State 43 is at the -+// start of the comment data. State 52 is after a '!'. The other three states -+// are after a '-'. -+// -+// Our algorithm is thus to escape every '&' and to escape '>' if and only if: -+// - The '>' is after a '!' or '-' (in the unescaped data) or -+// - The '>' is at the start of the comment data (after the opening ""); err != nil { -diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go -index 877709f991b..6636fbd018e 100644 ---- a/vendor/golang.org/x/net/html/token.go -+++ b/vendor/golang.org/x/net/html/token.go -@@ -110,7 +110,7 @@ func (t Token) String() string { - case SelfClosingTagToken: - return "<" + t.tagString() + "/>" - case CommentToken: -- return "" -+ return "" - case DoctypeToken: - return "" - } -@@ -598,6 +598,11 @@ scriptDataDoubleEscapeEnd: - // readComment reads the next comment token starting with " [run hooks] --// <-- procResume -+// procHooks --> [run hooks] -+// <-- procResume - // --// procReady --> [final setup] --// <-- procRun -+// procReady --> [final setup] -+// <-- procRun - // --// procSeccomp --> [pick up seccomp fd with pidfd_getfd()] --// <-- procSeccompDone -+// procSeccomp --> [pick up seccomp fd with pidfd_getfd()] -+// <-- procSeccompDone - const ( - procError syncType = "procError" - procReady syncType = "procReady" -diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go -index 2473c5eaddc..a1e216683d9 100644 ---- a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go -+++ b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go -@@ -280,13 +280,13 @@ func GetExecUserPath(userSpec string, defaults *ExecUser, passwdPath, groupPath - // found in any entry in passwd and group respectively. - // - // Examples of valid user specifications are: --// * "" --// * "user" --// * "uid" --// * "user:group" --// * "uid:gid --// * "user:gid" --// * "uid:group" -+// - "" -+// - "user" -+// - "uid" -+// - "user:group" -+// - "uid:gid -+// - "user:gid" -+// - "uid:group" - // - // It should be noted that if you specify a numeric user or group id, they will - // not be evaluated as usernames (only the metadata will be filled). So attempting -diff --git a/vendor/golang.org/x/mod/module/module.go b/vendor/golang.org/x/mod/module/module.go -index c26d1d29ec3..e9dec6e6148 100644 ---- a/vendor/golang.org/x/mod/module/module.go -+++ b/vendor/golang.org/x/mod/module/module.go -@@ -96,13 +96,13 @@ package module - // Changes to the semantics in this file require approval from rsc. - - import ( -+ "errors" - "fmt" - "path" - "sort" - "strings" - "unicode" - "unicode/utf8" -- "errors" - - "golang.org/x/mod/semver" - ) -@@ -258,7 +258,7 @@ func modPathOK(r rune) bool { - return false - } - --// modPathOK reports whether r can appear in a package import path element. -+// importPathOK reports whether r can appear in a package import path element. - // - // Import paths are intermediate between module paths and file paths: we allow - // disallow characters that would be confusing or ambiguous as arguments to -diff --git a/vendor/golang.org/x/net/html/doc.go b/vendor/golang.org/x/net/html/doc.go -index 822ed42a04c..7a96eae3310 100644 ---- a/vendor/golang.org/x/net/html/doc.go -+++ b/vendor/golang.org/x/net/html/doc.go -@@ -92,6 +92,21 @@ example, to process each anchor node in depth-first order: - The relevant specifications include: - https://html.spec.whatwg.org/multipage/syntax.html and - https://html.spec.whatwg.org/multipage/syntax.html#tokenization -+ -+# Security Considerations -+ -+Care should be taken when parsing and interpreting HTML, whether full documents -+or fragments, within the framework of the HTML specification, especially with -+regard to untrusted inputs. -+ -+This package provides both a tokenizer and a parser. Only the parser constructs -+a DOM according to the HTML specification, resolving malformed and misplaced -+tags where appropriate. The tokenizer simply tokenizes the HTML presented to it, -+and as such does not resolve issues that may exist in the processed HTML, -+producing a literal interpretation of the input. -+ -+If your use case requires semantically well-formed HTML, as defined by the -+WHATWG specifiction, the parser should be used rather than the tokenizer. - */ - package html // import "golang.org/x/net/html" - -diff --git a/vendor/golang.org/x/net/html/escape.go b/vendor/golang.org/x/net/html/escape.go -index d8561396200..04c6bec2107 100644 ---- a/vendor/golang.org/x/net/html/escape.go -+++ b/vendor/golang.org/x/net/html/escape.go -@@ -193,6 +193,87 @@ func lower(b []byte) []byte { - return b - } - -+// escapeComment is like func escape but escapes its input bytes less often. -+// Per https://github.com/golang/go/issues/58246 some HTML comments are (1) -+// meaningful and (2) contain angle brackets that we'd like to avoid escaping -+// unless we have to. -+// -+// "We have to" includes the '&' byte, since that introduces other escapes. -+// -+// It also includes those bytes (not including EOF) that would otherwise end -+// the comment. Per the summary table at the bottom of comment_test.go, this is -+// the '>' byte that, per above, we'd like to avoid escaping unless we have to. -+// -+// Studying the summary table (and T actions in its '>' column) closely, we -+// only need to escape in states 43, 44, 49, 51 and 52. State 43 is at the -+// start of the comment data. State 52 is after a '!'. The other three states -+// are after a '-'. -+// -+// Our algorithm is thus to escape every '&' and to escape '>' if and only if: -+// - The '>' is after a '!' or '-' (in the unescaped data) or -+// - The '>' is at the start of the comment data (after the opening ""); err != nil { - return err - } -diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go -index 877709f991b..933550fde19 100644 ---- a/vendor/golang.org/x/net/html/token.go -+++ b/vendor/golang.org/x/net/html/token.go -@@ -110,7 +110,7 @@ func (t Token) String() string { - case SelfClosingTagToken: - return "<" + t.tagString() + "/>" - case CommentToken: -- return "" -+ return "" - case DoctypeToken: - return "" - } -diff --git a/vendor/golang.org/x/sync/singleflight/singleflight.go b/vendor/golang.org/x/sync/singleflight/singleflight.go -index 690eb850134..8473fb7922c 100644 ---- a/vendor/golang.org/x/sync/singleflight/singleflight.go -+++ b/vendor/golang.org/x/sync/singleflight/singleflight.go -@@ -52,10 +52,6 @@ type call struct { - val interface{} - err error - -- // forgotten indicates whether Forget was called with this call's key -- // while the call was still in flight. -- forgotten bool -- - // These fields are read and written with the singleflight - // mutex held before the WaitGroup is done, and are read but - // not written after the WaitGroup is done. -@@ -148,10 +144,10 @@ func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) { - c.err = errGoexit - } - -- c.wg.Done() - g.mu.Lock() - defer g.mu.Unlock() -- if !c.forgotten { -+ c.wg.Done() -+ if g.m[key] == c { - delete(g.m, key) - } - -@@ -204,9 +200,6 @@ func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) { - // an earlier call to complete. - func (g *Group) Forget(key string) { - g.mu.Lock() -- if c, ok := g.m[key]; ok { -- c.forgotten = true -- } - delete(g.m, key) - g.mu.Unlock() - } -diff --git a/vendor/golang.org/x/sys/cpu/hwcap_linux.go b/vendor/golang.org/x/sys/cpu/hwcap_linux.go -index f3baa379328..1d9d91f3ed8 100644 ---- a/vendor/golang.org/x/sys/cpu/hwcap_linux.go -+++ b/vendor/golang.org/x/sys/cpu/hwcap_linux.go -@@ -24,6 +24,21 @@ var hwCap uint - var hwCap2 uint - - func readHWCAP() error { -+ // For Go 1.21+, get auxv from the Go runtime. -+ if a := getAuxv(); len(a) > 0 { -+ for len(a) >= 2 { -+ tag, val := a[0], uint(a[1]) -+ a = a[2:] -+ switch tag { -+ case _AT_HWCAP: -+ hwCap = val -+ case _AT_HWCAP2: -+ hwCap2 = val -+ } -+ } -+ return nil -+ } -+ - buf, err := ioutil.ReadFile(procAuxv) - if err != nil { - // e.g. on android /proc/self/auxv is not accessible, so silently -diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv.go b/vendor/golang.org/x/sys/cpu/runtime_auxv.go -new file mode 100644 -index 00000000000..5f92ac9a2e2 ---- /dev/null -+++ b/vendor/golang.org/x/sys/cpu/runtime_auxv.go -@@ -0,0 +1,16 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+package cpu -+ -+// getAuxvFn is non-nil on Go 1.21+ (via runtime_auxv_go121.go init) -+// on platforms that use auxv. -+var getAuxvFn func() []uintptr -+ -+func getAuxv() []uintptr { -+ if getAuxvFn == nil { -+ return nil -+ } -+ return getAuxvFn() -+} -diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go -new file mode 100644 -index 00000000000..b975ea2a04e ---- /dev/null -+++ b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go -@@ -0,0 +1,19 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build go1.21 -+// +build go1.21 -+ -+package cpu -+ -+import ( -+ _ "unsafe" // for linkname -+) -+ -+//go:linkname runtime_getAuxv runtime.getAuxv -+func runtime_getAuxv() []uintptr -+ -+func init() { -+ getAuxvFn = runtime_getAuxv -+} -diff --git a/vendor/golang.org/x/sys/execabs/execabs.go b/vendor/golang.org/x/sys/execabs/execabs.go -index b981cfbb4ae..3bf40fdfecd 100644 ---- a/vendor/golang.org/x/sys/execabs/execabs.go -+++ b/vendor/golang.org/x/sys/execabs/execabs.go -@@ -63,7 +63,7 @@ func LookPath(file string) (string, error) { - } - - func fixCmd(name string, cmd *exec.Cmd) { -- if filepath.Base(name) == name && !filepath.IsAbs(cmd.Path) { -+ if filepath.Base(name) == name && !filepath.IsAbs(cmd.Path) && !isGo119ErrFieldSet(cmd) { - // exec.Command was called with a bare binary name and - // exec.LookPath returned a path which is not absolute. - // Set cmd.lookPathErr and clear cmd.Path so that it -diff --git a/vendor/golang.org/x/sys/execabs/execabs_go118.go b/vendor/golang.org/x/sys/execabs/execabs_go118.go -index 6ab5f50894e..2000064a812 100644 ---- a/vendor/golang.org/x/sys/execabs/execabs_go118.go -+++ b/vendor/golang.org/x/sys/execabs/execabs_go118.go -@@ -7,6 +7,12 @@ - - package execabs - -+import "os/exec" -+ - func isGo119ErrDot(err error) bool { - return false - } -+ -+func isGo119ErrFieldSet(cmd *exec.Cmd) bool { -+ return false -+} -diff --git a/vendor/golang.org/x/sys/execabs/execabs_go119.go b/vendor/golang.org/x/sys/execabs/execabs_go119.go -index 1e7a9ada0b0..9984dbfa9cc 100644 ---- a/vendor/golang.org/x/sys/execabs/execabs_go119.go -+++ b/vendor/golang.org/x/sys/execabs/execabs_go119.go -@@ -7,9 +7,16 @@ - - package execabs - --import "strings" -+import ( -+ "os/exec" -+ "strings" -+) - - func isGo119ErrDot(err error) bool { - // TODO: return errors.Is(err, exec.ErrDot) - return strings.Contains(err.Error(), "current directory") - } -+ -+func isGo119ErrFieldSet(cmd *exec.Cmd) bool { -+ return cmd.Err != nil -+} -diff --git a/vendor/golang.org/x/sys/unix/ioctl.go b/vendor/golang.org/x/sys/unix/ioctl.go -index 6c7ad052e6b..01ed4093a40 100644 ---- a/vendor/golang.org/x/sys/unix/ioctl.go -+++ b/vendor/golang.org/x/sys/unix/ioctl.go -@@ -8,7 +8,6 @@ - package unix - - import ( -- "runtime" - "unsafe" - ) - -@@ -27,7 +26,7 @@ func IoctlSetInt(fd int, req uint, value int) error { - // passing the integer value directly. - func IoctlSetPointerInt(fd int, req uint, value int) error { - v := int32(value) -- return ioctl(fd, req, uintptr(unsafe.Pointer(&v))) -+ return ioctlPtr(fd, req, unsafe.Pointer(&v)) - } - - // IoctlSetWinsize performs an ioctl on fd with a *Winsize argument. -@@ -36,9 +35,7 @@ func IoctlSetPointerInt(fd int, req uint, value int) error { - func IoctlSetWinsize(fd int, req uint, value *Winsize) error { - // TODO: if we get the chance, remove the req parameter and - // hardcode TIOCSWINSZ. -- err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) -- runtime.KeepAlive(value) -- return err -+ return ioctlPtr(fd, req, unsafe.Pointer(value)) - } - - // IoctlSetTermios performs an ioctl on fd with a *Termios. -@@ -46,9 +43,7 @@ func IoctlSetWinsize(fd int, req uint, value *Winsize) error { - // The req value will usually be TCSETA or TIOCSETA. - func IoctlSetTermios(fd int, req uint, value *Termios) error { - // TODO: if we get the chance, remove the req parameter. -- err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) -- runtime.KeepAlive(value) -- return err -+ return ioctlPtr(fd, req, unsafe.Pointer(value)) - } - - // IoctlGetInt performs an ioctl operation which gets an integer value -@@ -58,18 +53,18 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error { - // for those, IoctlRetInt should be used instead of this function. - func IoctlGetInt(fd int, req uint) (int, error) { - var value int -- err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) -+ err := ioctlPtr(fd, req, unsafe.Pointer(&value)) - return value, err - } - - func IoctlGetWinsize(fd int, req uint) (*Winsize, error) { - var value Winsize -- err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) -+ err := ioctlPtr(fd, req, unsafe.Pointer(&value)) - return &value, err - } - - func IoctlGetTermios(fd int, req uint) (*Termios, error) { - var value Termios -- err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) -+ err := ioctlPtr(fd, req, unsafe.Pointer(&value)) - return &value, err - } -diff --git a/vendor/golang.org/x/sys/unix/ioctl_zos.go b/vendor/golang.org/x/sys/unix/ioctl_zos.go -index 5384e7d91d7..6532f09af2e 100644 ---- a/vendor/golang.org/x/sys/unix/ioctl_zos.go -+++ b/vendor/golang.org/x/sys/unix/ioctl_zos.go -@@ -27,9 +27,7 @@ func IoctlSetInt(fd int, req uint, value int) error { - func IoctlSetWinsize(fd int, req uint, value *Winsize) error { - // TODO: if we get the chance, remove the req parameter and - // hardcode TIOCSWINSZ. -- err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) -- runtime.KeepAlive(value) -- return err -+ return ioctlPtr(fd, req, unsafe.Pointer(value)) - } - - // IoctlSetTermios performs an ioctl on fd with a *Termios. -@@ -51,13 +49,13 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error { - // for those, IoctlRetInt should be used instead of this function. - func IoctlGetInt(fd int, req uint) (int, error) { - var value int -- err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) -+ err := ioctlPtr(fd, req, unsafe.Pointer(&value)) - return value, err - } - - func IoctlGetWinsize(fd int, req uint) (*Winsize, error) { - var value Winsize -- err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) -+ err := ioctlPtr(fd, req, unsafe.Pointer(&value)) - return &value, err - } - -diff --git a/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/vendor/golang.org/x/sys/unix/ptrace_darwin.go -index 463c3eff7fd..39dba6ca6a3 100644 ---- a/vendor/golang.org/x/sys/unix/ptrace_darwin.go -+++ b/vendor/golang.org/x/sys/unix/ptrace_darwin.go -@@ -7,6 +7,12 @@ - - package unix - -+import "unsafe" -+ - func ptrace(request int, pid int, addr uintptr, data uintptr) error { - return ptrace1(request, pid, addr, data) - } -+ -+func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) error { -+ return ptrace1Ptr(request, pid, addr, data) -+} -diff --git a/vendor/golang.org/x/sys/unix/ptrace_ios.go b/vendor/golang.org/x/sys/unix/ptrace_ios.go -index ed0509a0117..9ea66330a96 100644 ---- a/vendor/golang.org/x/sys/unix/ptrace_ios.go -+++ b/vendor/golang.org/x/sys/unix/ptrace_ios.go -@@ -7,6 +7,12 @@ - - package unix - -+import "unsafe" -+ - func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) { - return ENOTSUP - } -+ -+func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { -+ return ENOTSUP -+} -diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go -index ac579c60feb..1f08021e438 100644 ---- a/vendor/golang.org/x/sys/unix/syscall_aix.go -+++ b/vendor/golang.org/x/sys/unix/syscall_aix.go -@@ -243,9 +243,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { - break - } - } -- -- bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] -- sa.Name = string(bytes) -+ sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) - return sa, nil - - case AF_INET: -@@ -362,6 +360,7 @@ func (w WaitStatus) CoreDump() bool { return w&0x80 == 0x80 } - func (w WaitStatus) TrapCause() int { return -1 } - - //sys ioctl(fd int, req uint, arg uintptr) (err error) -+//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = ioctl - - // fcntl must never be called with cmd=F_DUP2FD because it doesn't work on AIX - // There is no way to create a custom fcntl and to keep //sys fcntl easily, -diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go -index c437fc5d7bb..59dbe1abbbd 100644 ---- a/vendor/golang.org/x/sys/unix/syscall_bsd.go -+++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go -@@ -245,8 +245,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { - break - } - } -- bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] -- sa.Name = string(bytes) -+ sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) - return sa, nil - - case AF_INET: -diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go -index 4f87f16ea7c..91e15ce7ea2 100644 ---- a/vendor/golang.org/x/sys/unix/syscall_darwin.go -+++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go -@@ -14,7 +14,6 @@ package unix - - import ( - "fmt" -- "runtime" - "syscall" - "unsafe" - ) -@@ -285,11 +284,10 @@ func Flistxattr(fd int, dest []byte) (sz int, err error) { - func Kill(pid int, signum syscall.Signal) (err error) { return kill(pid, int(signum), 1) } - - //sys ioctl(fd int, req uint, arg uintptr) (err error) -+//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL - - func IoctlCtlInfo(fd int, ctlInfo *CtlInfo) error { -- err := ioctl(fd, CTLIOCGINFO, uintptr(unsafe.Pointer(ctlInfo))) -- runtime.KeepAlive(ctlInfo) -- return err -+ return ioctlPtr(fd, CTLIOCGINFO, unsafe.Pointer(ctlInfo)) - } - - // IfreqMTU is struct ifreq used to get or set a network device's MTU. -@@ -303,16 +301,14 @@ type IfreqMTU struct { - func IoctlGetIfreqMTU(fd int, ifname string) (*IfreqMTU, error) { - var ifreq IfreqMTU - copy(ifreq.Name[:], ifname) -- err := ioctl(fd, SIOCGIFMTU, uintptr(unsafe.Pointer(&ifreq))) -+ err := ioctlPtr(fd, SIOCGIFMTU, unsafe.Pointer(&ifreq)) - return &ifreq, err - } - - // IoctlSetIfreqMTU performs the SIOCSIFMTU ioctl operation on fd to set the MTU - // of the network device specified by ifreq.Name. - func IoctlSetIfreqMTU(fd int, ifreq *IfreqMTU) error { -- err := ioctl(fd, SIOCSIFMTU, uintptr(unsafe.Pointer(ifreq))) -- runtime.KeepAlive(ifreq) -- return err -+ return ioctlPtr(fd, SIOCSIFMTU, unsafe.Pointer(ifreq)) - } - - //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS_SYSCTL -diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go -index b37310ce9b4..9fa879806bc 100644 ---- a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go -+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go -@@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, - //sys getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT64 - //sys Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64 - //sys ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace -+//sys ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace - //sys Stat(path string, stat *Stat_t) (err error) = SYS_STAT64 - //sys Statfs(path string, stat *Statfs_t) (err error) = SYS_STATFS64 -diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go -index d51ec996304..f17b8c526a5 100644 ---- a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go -+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go -@@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, - //sys getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT - //sys Lstat(path string, stat *Stat_t) (err error) - //sys ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace -+//sys ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace - //sys Stat(path string, stat *Stat_t) (err error) - //sys Statfs(path string, stat *Statfs_t) (err error) -diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go -index 61c0d0de15d..7841fe92454 100644 ---- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go -+++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go -@@ -172,6 +172,7 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { - } - - //sys ioctl(fd int, req uint, arg uintptr) (err error) -+//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL - - //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL - -diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go -index de7c23e0648..52b03186f83 100644 ---- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go -+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go -@@ -161,7 +161,8 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { - return - } - --//sys ioctl(fd int, req uint, arg uintptr) (err error) -+//sys ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL -+//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL - - //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL - -@@ -253,6 +254,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e - } - - //sys ptrace(request int, pid int, addr uintptr, data int) (err error) -+//sys ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) = SYS_PTRACE - - func PtraceAttach(pid int) (err error) { - return ptrace(PT_ATTACH, pid, 0, 0) -@@ -267,7 +269,24 @@ func PtraceDetach(pid int) (err error) { - } - - func PtraceGetFpRegs(pid int, fpregsout *FpReg) (err error) { -- return ptrace(PT_GETFPREGS, pid, uintptr(unsafe.Pointer(fpregsout)), 0) -+ return ptracePtr(PT_GETREGS, pid, unsafe.Pointer(regsout), 0) -+} -+ -+func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { -+ ioDesc := PtraceIoDesc{ -+ Op: int32(req), -+ Offs: offs, -+ } -+ if countin > 0 { -+ _ = out[:countin] // check bounds -+ ioDesc.Addr = &out[0] -+ } else if out != nil { -+ ioDesc.Addr = (*byte)(unsafe.Pointer(&_zero)) -+ } -+ ioDesc.SetLen(countin) -+ -+ err = ptracePtr(PT_IO, pid, unsafe.Pointer(&ioDesc), 0) -+ return int(ioDesc.Len), err - } - - func PtraceGetRegs(pid int, regsout *Reg) (err error) { -@@ -278,8 +297,8 @@ func PtraceLwpEvents(pid int, enable int) (err error) { - return ptrace(PT_LWP_EVENTS, pid, 0, enable) - } - --func PtraceLwpInfo(pid int, info uintptr) (err error) { -- return ptrace(PT_LWPINFO, pid, info, int(unsafe.Sizeof(PtraceLwpInfoStruct{}))) -+func PtraceLwpInfo(pid int, info *PtraceLwpInfoStruct) (err error) { -+ return ptracePtr(PT_LWPINFO, pid, unsafe.Pointer(info), int(unsafe.Sizeof(*info))) - } - - func PtracePeekData(pid int, addr uintptr, out []byte) (count int, err error) { -@@ -299,13 +318,25 @@ func PtracePokeText(pid int, addr uintptr, data []byte) (count int, err error) { - } - - func PtraceSetRegs(pid int, regs *Reg) (err error) { -- return ptrace(PT_SETREGS, pid, uintptr(unsafe.Pointer(regs)), 0) -+ return ptracePtr(PT_SETREGS, pid, unsafe.Pointer(regs), 0) - } - - func PtraceSingleStep(pid int) (err error) { - return ptrace(PT_STEP, pid, 1, 0) - } - -+func Dup3(oldfd, newfd, flags int) error { -+ if oldfd == newfd || flags&^O_CLOEXEC != 0 { -+ return EINVAL -+ } -+ how := F_DUP2FD -+ if flags&O_CLOEXEC != 0 { -+ how = F_DUP2FD_CLOEXEC -+ } -+ _, err := fcntl(oldfd, how, newfd) -+ return err -+} -+ - /* - * Exposed directly - */ -diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go -index c3c4c698e07..df6a529b1d3 100644 ---- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go -+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go -@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { - cmsg.Len = uint32(length) - } - -+func (d *PtraceIoDesc) SetLen(length int) { -+ d.Len = uint32(length) -+} -+ - func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { - var writtenOut uint64 = 0 - _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0) -@@ -57,7 +61,7 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e - func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) - - func PtraceGetFsBase(pid int, fsbase *int64) (err error) { -- return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) -+ return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0) - } - - func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { -diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go -index 82be61a2f98..2ff683f8b66 100644 ---- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go -+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go -@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { - cmsg.Len = uint32(length) - } - -+func (d *PtraceIoDesc) SetLen(length int) { -+ d.Len = uint64(length) -+} -+ - func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { - var writtenOut uint64 = 0 - _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0) -@@ -57,7 +61,7 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e - func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) - - func PtraceGetFsBase(pid int, fsbase *int64) (err error) { -- return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) -+ return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0) - } - - func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { -diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go -index cd58f1026c0..08932093fa2 100644 ---- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go -+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go -@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { - cmsg.Len = uint32(length) - } - -+func (d *PtraceIoDesc) SetLen(length int) { -+ d.Len = uint32(length) -+} -+ - func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { - var writtenOut uint64 = 0 - _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0) -@@ -55,9 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e - } - - func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) -- --func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { -- ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint32(countin)} -- err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) -- return int(ioDesc.Len), err --} -diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go -index d6f538f9e00..d151a0d0e53 100644 ---- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go -+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go -@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { - cmsg.Len = uint32(length) - } - -+func (d *PtraceIoDesc) SetLen(length int) { -+ d.Len = uint64(length) -+} -+ - func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { - var writtenOut uint64 = 0 - _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0) -@@ -55,9 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e - } - - func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) -- --func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { -- ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)} -- err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) -- return int(ioDesc.Len), err --} -diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go -index 8ea6e96100a..d5cd64b3787 100644 ---- a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go -+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go -@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { - cmsg.Len = uint32(length) - } - -+func (d *PtraceIoDesc) SetLen(length int) { -+ d.Len = uint64(length) -+} -+ - func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { - var writtenOut uint64 = 0 - _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0) -@@ -55,9 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e - } - - func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) -- --func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { -- ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)} -- err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) -- return int(ioDesc.Len), err --} -diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd.go b/vendor/golang.org/x/sys/unix/syscall_hurd.go -new file mode 100644 -index 00000000000..f0ec2a2c5a7 ---- /dev/null -+++ b/vendor/golang.org/x/sys/unix/syscall_hurd.go -@@ -0,0 +1,30 @@ -+//go:build hurd -+// +build hurd -+ -+// Copyright 2022 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+package unix -+ -+/* -+#include -+int ioctl(int, unsigned long int, uintptr_t); -+*/ -+import "C" -+import "unsafe" -+ -+func ioctl(fd int, req uint, arg uintptr) (err error) { -+ r0, er := C.ioctl(C.int(fd), C.ulong(req), C.uintptr_t(arg)) -+ if r0 == -1 && er != nil { -+ err = er -+ } -+ return -+} -+ -+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { -+ r0, er := C.ioctl(C.int(fd), C.ulong(req), C.uintptr_t(uintptr(arg))) -+ if r0 == -1 && er != nil { -+ err = er -+ } -+ return -+} -diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go -index 5e4a94f7311..459726a1509 100644 ---- a/vendor/golang.org/x/sys/unix/syscall_linux.go -+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go -@@ -1014,8 +1014,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { - for n < len(pp.Path) && pp.Path[n] != 0 { - n++ - } -- bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] -- sa.Name = string(bytes) -+ sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) - return sa, nil - - case AF_INET: -@@ -1364,6 +1363,10 @@ func SetsockoptTCPRepairOpt(fd, level, opt int, o []TCPRepairOpt) (err error) { - return setsockopt(fd, level, opt, unsafe.Pointer(&o[0]), uintptr(SizeofTCPRepairOpt*len(o))) - } - -+func SetsockoptTCPMD5Sig(fd, level, opt int, s *TCPMD5Sig) error { -+ return setsockopt(fd, level, opt, unsafe.Pointer(s), unsafe.Sizeof(*s)) -+} -+ - // Keyctl Commands (http://man7.org/linux/man-pages/man2/keyctl.2.html) - - // KeyctlInt calls keyctl commands in which each argument is an int. -@@ -1577,6 +1580,7 @@ func BindToDevice(fd int, device string) (err error) { - } - - //sys ptrace(request int, pid int, addr uintptr, data uintptr) (err error) -+//sys ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) = SYS_PTRACE - - func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err error) { - // The peek requests are machine-size oriented, so we wrap it -@@ -1594,7 +1598,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro - // boundary. - n := 0 - if addr%SizeofPtr != 0 { -- err = ptrace(req, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0]))) -+ err = ptracePtr(req, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0])) - if err != nil { - return 0, err - } -@@ -1606,7 +1610,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro - for len(out) > 0 { - // We use an internal buffer to guarantee alignment. - // It's not documented if this is necessary, but we're paranoid. -- err = ptrace(req, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0]))) -+ err = ptracePtr(req, pid, addr+uintptr(n), unsafe.Pointer(&buf[0])) - if err != nil { - return n, err - } -@@ -1638,7 +1642,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c - n := 0 - if addr%SizeofPtr != 0 { - var buf [SizeofPtr]byte -- err = ptrace(peekReq, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0]))) -+ err = ptracePtr(peekReq, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0])) - if err != nil { - return 0, err - } -@@ -1665,7 +1669,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c - // Trailing edge. - if len(data) > 0 { - var buf [SizeofPtr]byte -- err = ptrace(peekReq, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0]))) -+ err = ptracePtr(peekReq, pid, addr+uintptr(n), unsafe.Pointer(&buf[0])) - if err != nil { - return n, err - } -@@ -1694,11 +1698,11 @@ func PtracePokeUser(pid int, addr uintptr, data []byte) (count int, err error) { - } - - func PtraceGetRegs(pid int, regsout *PtraceRegs) (err error) { -- return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) -+ return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) - } - - func PtraceSetRegs(pid int, regs *PtraceRegs) (err error) { -- return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) -+ return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) - } - - func PtraceSetOptions(pid int, options int) (err error) { -@@ -1707,7 +1711,7 @@ func PtraceSetOptions(pid int, options int) (err error) { - - func PtraceGetEventMsg(pid int) (msg uint, err error) { - var data _C_long -- err = ptrace(PTRACE_GETEVENTMSG, pid, 0, uintptr(unsafe.Pointer(&data))) -+ err = ptracePtr(PTRACE_GETEVENTMSG, pid, 0, unsafe.Pointer(&data)) - msg = uint(data) - return - } -@@ -2126,6 +2130,14 @@ func isGroupMember(gid int) bool { - return false - } - -+func isCapDacOverrideSet() bool { -+ hdr := CapUserHeader{Version: LINUX_CAPABILITY_VERSION_3} -+ data := [2]CapUserData{} -+ err := Capget(&hdr, &data[0]) -+ -+ return err == nil && data[0].Effective&(1< 0 { -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go -index 039c4aa06c2..9a71121e1ff 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go -@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { -+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - var _p0 unsafe.Pointer - if len(mib) > 0 { -@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { -+ _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func Access(path string, mode uint32) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go -index 0535d3cfdf2..016baede1af 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go -@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { -+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - var _p0 unsafe.Pointer - if len(mib) > 0 { -@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { -+ _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func Access(path string, mode uint32) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go -index 1018b522170..ad6e1cc642f 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go -@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { -+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - var _p0 unsafe.Pointer - if len(mib) > 0 { -@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { -+ _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func Access(path string, mode uint32) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go -index 3802f4b379a..2a3bc4edd38 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go -@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { -+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - var _p0 unsafe.Pointer - if len(mib) > 0 { -@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { -+ _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func Access(path string, mode uint32) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go -index 8a2db7da9f3..c89f8a244a3 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go -@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { -+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - var _p0 unsafe.Pointer - if len(mib) > 0 { -@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { -+ _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func Access(path string, mode uint32) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go -index bc4a2753114..b23c3dc9738 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go -@@ -379,6 +379,16 @@ func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { -+ _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(arg) -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go -index 4af561a48d8..49a1dc88832 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go -@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { -+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - var _p0 unsafe.Pointer - if len(mib) > 0 { -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go -index 3b90e9448ad..47e96bf6a65 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go -@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { -+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - var _p0 unsafe.Pointer - if len(mib) > 0 { -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go -index 890f4ccd131..4f7bcbd8922 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go -@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { -+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - var _p0 unsafe.Pointer - if len(mib) > 0 { -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go -index c79f071fc6a..c59f8b9b271 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go -@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { -+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - var _p0 unsafe.Pointer - if len(mib) > 0 { -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go -index a057fc5d351..f75830950ba 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go -@@ -405,6 +405,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { -+ _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ - func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - var _p0 unsafe.Pointer - if len(mib) > 0 { -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go -index 04db8fa2fea..1fc7964e3d0 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go -@@ -405,6 +405,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { -+ _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ - func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - var _p0 unsafe.Pointer - if len(mib) > 0 { -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go -index 69f80300674..ec4fe25e4ee 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go -@@ -405,6 +405,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { -+ _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ - func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - var _p0 unsafe.Pointer - if len(mib) > 0 { -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go -index c96a505178f..dea487f5143 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go -@@ -405,6 +405,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { -+ _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ - func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - var _p0 unsafe.Pointer - if len(mib) > 0 { -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go -index 016d959bc66..3ade9b530e8 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go -@@ -405,6 +405,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { -+ _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ - func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - var _p0 unsafe.Pointer - if len(mib) > 0 { -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go -index fdf53f8daf3..d359431b576 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go -@@ -648,6 +648,17 @@ func ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) { -+ r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0) -+ ret = int(r0) -+ if e1 != 0 { -+ err = e1 -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { - r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpoll)), 3, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout), 0, 0, 0) - n = int(r0) -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go -index f2079457c6b..07bfe2ef9ad 100644 ---- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go -+++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go -@@ -267,6 +267,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { - - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { -+ _, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ - func Access(path string, mode uint32) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go -index 86984798754..cde63e0a69d 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go -@@ -420,36 +420,60 @@ type Ucred struct { - } - - type TCPInfo struct { -- State uint8 -- Ca_state uint8 -- Retransmits uint8 -- Probes uint8 -- Backoff uint8 -- Options uint8 -- Rto uint32 -- Ato uint32 -- Snd_mss uint32 -- Rcv_mss uint32 -- Unacked uint32 -- Sacked uint32 -- Lost uint32 -- Retrans uint32 -- Fackets uint32 -- Last_data_sent uint32 -- Last_ack_sent uint32 -- Last_data_recv uint32 -- Last_ack_recv uint32 -- Pmtu uint32 -- Rcv_ssthresh uint32 -- Rtt uint32 -- Rttvar uint32 -- Snd_ssthresh uint32 -- Snd_cwnd uint32 -- Advmss uint32 -- Reordering uint32 -- Rcv_rtt uint32 -- Rcv_space uint32 -- Total_retrans uint32 -+ State uint8 -+ Ca_state uint8 -+ Retransmits uint8 -+ Probes uint8 -+ Backoff uint8 -+ Options uint8 -+ Rto uint32 -+ Ato uint32 -+ Snd_mss uint32 -+ Rcv_mss uint32 -+ Unacked uint32 -+ Sacked uint32 -+ Lost uint32 -+ Retrans uint32 -+ Fackets uint32 -+ Last_data_sent uint32 -+ Last_ack_sent uint32 -+ Last_data_recv uint32 -+ Last_ack_recv uint32 -+ Pmtu uint32 -+ Rcv_ssthresh uint32 -+ Rtt uint32 -+ Rttvar uint32 -+ Snd_ssthresh uint32 -+ Snd_cwnd uint32 -+ Advmss uint32 -+ Reordering uint32 -+ Rcv_rtt uint32 -+ Rcv_space uint32 -+ Total_retrans uint32 -+ Pacing_rate uint64 -+ Max_pacing_rate uint64 -+ Bytes_acked uint64 -+ Bytes_received uint64 -+ Segs_out uint32 -+ Segs_in uint32 -+ Notsent_bytes uint32 -+ Min_rtt uint32 -+ Data_segs_in uint32 -+ Data_segs_out uint32 -+ Delivery_rate uint64 -+ Busy_time uint64 -+ Rwnd_limited uint64 -+ Sndbuf_limited uint64 -+ Delivered uint32 -+ Delivered_ce uint32 -+ Bytes_sent uint64 -+ Bytes_retrans uint64 -+ Dsack_dups uint32 -+ Reord_seen uint32 -+ Rcv_ooopack uint32 -+ Snd_wnd uint32 -+ Rcv_wnd uint32 -+ Rehash uint32 - } - - type CanFilter struct { -@@ -492,7 +516,7 @@ const ( - SizeofIPv6MTUInfo = 0x20 - SizeofICMPv6Filter = 0x20 - SizeofUcred = 0xc -- SizeofTCPInfo = 0x68 -+ SizeofTCPInfo = 0xf0 - SizeofCanFilter = 0x8 - SizeofTCPRepairOpt = 0x8 - ) -@@ -1004,6 +1028,7 @@ const ( - PerfBitCommExec = CBitFieldMaskBit24 - PerfBitUseClockID = CBitFieldMaskBit25 - PerfBitContextSwitch = CBitFieldMaskBit26 -+ PerfBitWriteBackward = CBitFieldMaskBit27 - ) - - const ( -@@ -1194,7 +1219,7 @@ type TCPMD5Sig struct { - Flags uint8 - Prefixlen uint8 - Keylen uint16 -- _ uint32 -+ Ifindex int32 - Key [80]uint8 - } - -@@ -1889,7 +1914,11 @@ const ( - NFT_MSG_GETOBJ = 0x13 - NFT_MSG_DELOBJ = 0x14 - NFT_MSG_GETOBJ_RESET = 0x15 -- NFT_MSG_MAX = 0x19 -+ NFT_MSG_NEWFLOWTABLE = 0x16 -+ NFT_MSG_GETFLOWTABLE = 0x17 -+ NFT_MSG_DELFLOWTABLE = 0x18 -+ NFT_MSG_GETRULE_RESET = 0x19 -+ NFT_MSG_MAX = 0x1a - NFTA_LIST_UNSPEC = 0x0 - NFTA_LIST_ELEM = 0x1 - NFTA_HOOK_UNSPEC = 0x0 -@@ -2393,9 +2422,11 @@ const ( - SOF_TIMESTAMPING_OPT_STATS = 0x1000 - SOF_TIMESTAMPING_OPT_PKTINFO = 0x2000 - SOF_TIMESTAMPING_OPT_TX_SWHW = 0x4000 -+ SOF_TIMESTAMPING_BIND_PHC = 0x8000 -+ SOF_TIMESTAMPING_OPT_ID_TCP = 0x10000 - -- SOF_TIMESTAMPING_LAST = 0x8000 -- SOF_TIMESTAMPING_MASK = 0xffff -+ SOF_TIMESTAMPING_LAST = 0x10000 -+ SOF_TIMESTAMPING_MASK = 0x1ffff - - SCM_TSTAMP_SND = 0x0 - SCM_TSTAMP_SCHED = 0x1 -@@ -3200,7 +3231,7 @@ const ( - DEVLINK_ATTR_RATE_NODE_NAME = 0xa8 - DEVLINK_ATTR_RATE_PARENT_NODE_NAME = 0xa9 - DEVLINK_ATTR_REGION_MAX_SNAPSHOTS = 0xaa -- DEVLINK_ATTR_MAX = 0xae -+ DEVLINK_ATTR_MAX = 0xb3 - DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE = 0x0 - DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX = 0x1 - DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT = 0x0 -@@ -3216,7 +3247,8 @@ const ( - DEVLINK_PORT_FUNCTION_ATTR_HW_ADDR = 0x1 - DEVLINK_PORT_FN_ATTR_STATE = 0x2 - DEVLINK_PORT_FN_ATTR_OPSTATE = 0x3 -- DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x3 -+ DEVLINK_PORT_FN_ATTR_CAPS = 0x4 -+ DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x4 - ) - - type FsverityDigest struct { -@@ -3504,7 +3536,8 @@ const ( - ETHTOOL_MSG_PHC_VCLOCKS_GET = 0x21 - ETHTOOL_MSG_MODULE_GET = 0x22 - ETHTOOL_MSG_MODULE_SET = 0x23 -- ETHTOOL_MSG_USER_MAX = 0x23 -+ ETHTOOL_MSG_RSS_GET = 0x26 -+ ETHTOOL_MSG_USER_MAX = 0x26 - ETHTOOL_MSG_KERNEL_NONE = 0x0 - ETHTOOL_MSG_STRSET_GET_REPLY = 0x1 - ETHTOOL_MSG_LINKINFO_GET_REPLY = 0x2 -@@ -3542,7 +3575,8 @@ const ( - ETHTOOL_MSG_PHC_VCLOCKS_GET_REPLY = 0x22 - ETHTOOL_MSG_MODULE_GET_REPLY = 0x23 - ETHTOOL_MSG_MODULE_NTF = 0x24 -- ETHTOOL_MSG_KERNEL_MAX = 0x24 -+ ETHTOOL_MSG_RSS_GET_REPLY = 0x26 -+ ETHTOOL_MSG_KERNEL_MAX = 0x26 - ETHTOOL_A_HEADER_UNSPEC = 0x0 - ETHTOOL_A_HEADER_DEV_INDEX = 0x1 - ETHTOOL_A_HEADER_DEV_NAME = 0x2 -@@ -3609,7 +3643,8 @@ const ( - ETHTOOL_A_LINKSTATE_SQI_MAX = 0x4 - ETHTOOL_A_LINKSTATE_EXT_STATE = 0x5 - ETHTOOL_A_LINKSTATE_EXT_SUBSTATE = 0x6 -- ETHTOOL_A_LINKSTATE_MAX = 0x6 -+ ETHTOOL_A_LINKSTATE_EXT_DOWN_CNT = 0x7 -+ ETHTOOL_A_LINKSTATE_MAX = 0x7 - ETHTOOL_A_DEBUG_UNSPEC = 0x0 - ETHTOOL_A_DEBUG_HEADER = 0x1 - ETHTOOL_A_DEBUG_MSGMASK = 0x2 -@@ -4329,7 +4364,7 @@ const ( - NL80211_ATTR_MAC_HINT = 0xc8 - NL80211_ATTR_MAC_MASK = 0xd7 - NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca -- NL80211_ATTR_MAX = 0x137 -+ NL80211_ATTR_MAX = 0x141 - NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4 - NL80211_ATTR_MAX_CSA_COUNTERS = 0xce - NL80211_ATTR_MAX_MATCH_SETS = 0x85 -@@ -4461,6 +4496,7 @@ const ( - NL80211_ATTR_SUPPORT_MESH_AUTH = 0x73 - NL80211_ATTR_SURVEY_INFO = 0x54 - NL80211_ATTR_SURVEY_RADIO_STATS = 0xda -+ NL80211_ATTR_TD_BITMAP = 0x141 - NL80211_ATTR_TDLS_ACTION = 0x88 - NL80211_ATTR_TDLS_DIALOG_TOKEN = 0x89 - NL80211_ATTR_TDLS_EXTERNAL_SETUP = 0x8c -@@ -5599,3 +5635,25 @@ const ( - AUDIT_NLGRP_NONE = 0x0 - AUDIT_NLGRP_READLOG = 0x1 - ) -+ -+const ( -+ TUN_F_CSUM = 0x1 -+ TUN_F_TSO4 = 0x2 -+ TUN_F_TSO6 = 0x4 -+ TUN_F_TSO_ECN = 0x8 -+ TUN_F_UFO = 0x10 -+) -+ -+const ( -+ VIRTIO_NET_HDR_F_NEEDS_CSUM = 0x1 -+ VIRTIO_NET_HDR_F_DATA_VALID = 0x2 -+ VIRTIO_NET_HDR_F_RSC_INFO = 0x4 -+) -+ -+const ( -+ VIRTIO_NET_HDR_GSO_NONE = 0x0 -+ VIRTIO_NET_HDR_GSO_TCPV4 = 0x1 -+ VIRTIO_NET_HDR_GSO_UDP = 0x3 -+ VIRTIO_NET_HDR_GSO_TCPV6 = 0x4 -+ VIRTIO_NET_HDR_GSO_ECN = 0x80 -+) -\ No newline at end of file -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go -index 7551af48318..6366df65da2 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go -@@ -408,7 +408,7 @@ const ( - - type SockaddrStorage struct { - Family uint16 -- _ [122]int8 -+ Data [122]byte - _ uint32 - } - -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go -index 3e738ac0bbf..786d53e328c 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go -@@ -421,7 +421,7 @@ const ( - - type SockaddrStorage struct { - Family uint16 -- _ [118]int8 -+ Data [118]byte - _ uint64 - } - -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go -index 6183eef4a40..1611394f2b7 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go -@@ -399,7 +399,7 @@ const ( - - type SockaddrStorage struct { - Family uint16 -- _ [122]uint8 -+ Data [122]byte - _ uint32 - } - -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go -index 968cecb17e8..f122542e943 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go -@@ -400,7 +400,7 @@ const ( - - type SockaddrStorage struct { - Family uint16 -- _ [118]int8 -+ Data [118]byte - _ uint64 - } - -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go -index 8fe4c522a9c..5b0171e4558 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go -@@ -401,7 +401,7 @@ const ( - - type SockaddrStorage struct { - Family uint16 -- _ [118]int8 -+ Data [118]byte - _ uint64 - } - -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go -index 11426a3010b..6091aa0ff1b 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go -@@ -404,7 +404,7 @@ const ( - - type SockaddrStorage struct { - Family uint16 -- _ [122]int8 -+ Data [122]byte - _ uint32 - } - -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go -index ad1c3b3de59..8593b1cd095 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go -@@ -403,7 +403,7 @@ const ( - - type SockaddrStorage struct { - Family uint16 -- _ [118]int8 -+ Data [118]byte - _ uint64 - } - -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go -index 15fd84e4dd0..7fd5fb14e1a 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go -@@ -403,7 +403,7 @@ const ( - - type SockaddrStorage struct { - Family uint16 -- _ [118]int8 -+ Data [118]byte - _ uint64 - } - -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go -index 49c49825ab3..a83f9bf5d7b 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go -@@ -404,7 +404,7 @@ const ( - - type SockaddrStorage struct { - Family uint16 -- _ [122]int8 -+ Data [122]byte - _ uint32 - } - -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go -index cd36d0da26a..76b2e2197ae 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go -@@ -411,7 +411,7 @@ const ( - - type SockaddrStorage struct { - Family uint16 -- _ [122]uint8 -+ Data [122]byte - _ uint32 - } - -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go -index 8c6fce03950..4bb2152e6e2 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go -@@ -410,7 +410,7 @@ const ( - - type SockaddrStorage struct { - Family uint16 -- _ [118]uint8 -+ Data [118]byte - _ uint64 - } - -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go -index 20910f2ad78..c9234b41f29 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go -@@ -410,7 +410,7 @@ const ( - - type SockaddrStorage struct { - Family uint16 -- _ [118]uint8 -+ Data [118]byte - _ uint64 - } - -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go -index 71b7b3331db..4e3956b62b8 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go -@@ -428,7 +428,7 @@ const ( - - type SockaddrStorage struct { - Family uint16 -- _ [118]uint8 -+ Data [118]byte - _ uint64 - } - -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go -index 71184cc2cda..000b4c4a542 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go -@@ -423,7 +423,7 @@ const ( - - type SockaddrStorage struct { - Family uint16 -- _ [118]int8 -+ Data [118]byte - _ uint64 - } - -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go -index 06156285d9e..a22ae9499a6 100644 ---- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go -@@ -405,7 +405,7 @@ const ( - - type SockaddrStorage struct { - Family uint16 -- _ [118]int8 -+ Data [118]byte - _ uint64 - } - -diff --git a/vendor/golang.org/x/tools/container/intsets/sparse.go b/vendor/golang.org/x/tools/container/intsets/sparse.go -index c06aec80b0d..d5fe156ed36 100644 ---- a/vendor/golang.org/x/tools/container/intsets/sparse.go -+++ b/vendor/golang.org/x/tools/container/intsets/sparse.go -@@ -190,7 +190,7 @@ func (b *block) min(take bool) int { - if take { - b.bits[i] = w &^ (1 << uint(tz)) - } -- return b.offset + int(i*bitsPerWord) + tz -+ return b.offset + i*bitsPerWord + tz - } - } - panic("BUG: empty block") -diff --git a/vendor/golang.org/x/tools/go/ast/inspector/inspector.go b/vendor/golang.org/x/tools/go/ast/inspector/inspector.go -index af5e17feeea..3c54d1acea7 100644 ---- a/vendor/golang.org/x/tools/go/ast/inspector/inspector.go -+++ b/vendor/golang.org/x/tools/go/ast/inspector/inspector.go -@@ -53,8 +53,8 @@ func New(files []*ast.File) *Inspector { - // of an ast.Node during a traversal. - type event struct { - node ast.Node -- typ uint64 // typeOf(node) -- index int // 1 + index of corresponding pop event, or 0 if this is a pop -+ typ uint64 // typeOf(node) on push event, or union of typ strictly between push and pop events on pop events -+ index int // index of corresponding push or pop event - } - - // Preorder visits all the nodes of the files supplied to New in -@@ -72,10 +72,17 @@ func (in *Inspector) Preorder(types []ast.Node, f func(ast.Node)) { - mask := maskOf(types) - for i := 0; i < len(in.events); { - ev := in.events[i] -- if ev.typ&mask != 0 { -- if ev.index > 0 { -+ if ev.index > i { -+ // push -+ if ev.typ&mask != 0 { - f(ev.node) - } -+ pop := ev.index -+ if in.events[pop].typ&mask == 0 { -+ // Subtrees do not contain types: skip them and pop. -+ i = pop + 1 -+ continue -+ } - } - i++ - } -@@ -94,15 +101,26 @@ func (in *Inspector) Nodes(types []ast.Node, f func(n ast.Node, push bool) (proc - mask := maskOf(types) - for i := 0; i < len(in.events); { - ev := in.events[i] -- if ev.typ&mask != 0 { -- if ev.index > 0 { -- // push -+ if ev.index > i { -+ // push -+ pop := ev.index -+ if ev.typ&mask != 0 { - if !f(ev.node, true) { -- i = ev.index // jump to corresponding pop + 1 -+ i = pop + 1 // jump to corresponding pop + 1 - continue - } - } else { - // pop -+ } -+ if in.events[pop].typ&mask == 0 { -+ // Subtrees do not contain types: skip them. -+ i = pop -+ continue -+ } -+ } else { -+ // pop -+ push := ev.index -+ if in.events[push].typ&mask != 0 { - f(ev.node, false) - } - } -@@ -119,19 +137,26 @@ func (in *Inspector) WithStack(types []ast.Node, f func(n ast.Node, push bool, s - var stack []ast.Node - for i := 0; i < len(in.events); { - ev := in.events[i] -- if ev.index > 0 { -+ if ev.index > i { - // push -+ pop := ev.index - stack = append(stack, ev.node) - if ev.typ&mask != 0 { - if !f(ev.node, true, stack) { -- i = ev.index -+ i = pop + 1 - stack = stack[:len(stack)-1] - continue - } - } -+ if in.events[pop].typ&mask == 0 { -+ // Subtrees does not contain types: skip them. -+ i = pop -+ continue -+ } - } else { - // pop -- if ev.typ&mask != 0 { -+ push := ev.index -+ if in.events[push].typ&mask != 0 { - f(ev.node, false, stack) - } - stack = stack[:len(stack)-1] -@@ -157,25 +182,30 @@ func traverse(files []*ast.File) []event { - events := make([]event, 0, capacity) - - var stack []event -+ stack = append(stack, event{}) // include an extra event so file nodes have a parent - for _, f := range files { - ast.Inspect(f, func(n ast.Node) bool { - if n != nil { - // push - ev := event{ - node: n, -- typ: typeOf(n), -+ typ: 0, // temporarily used to accumulate type bits of subtree - index: len(events), // push event temporarily holds own index - } - stack = append(stack, ev) - events = append(events, ev) - } else { - // pop -- ev := stack[len(stack)-1] -- stack = stack[:len(stack)-1] -- -- events[ev.index].index = len(events) + 1 // make push refer to pop -+ top := len(stack) - 1 -+ ev := stack[top] -+ typ := typeOf(ev.node) -+ push := ev.index -+ parent := top - 1 -+ events[push].typ = typ // set type of push -+ stack[parent].typ |= typ | ev.typ // parent's typ contains push and pop's typs. -+ events[push].index = len(events) // make push refer to pop - -- ev.index = 0 // turn ev into a pop event -+ stack = stack[:top] - events = append(events, ev) - } - return true -diff --git a/vendor/golang.org/x/tools/go/ast/inspector/typeof.go b/vendor/golang.org/x/tools/go/ast/inspector/typeof.go -index 11ab2bc85aa..703c8139544 100644 ---- a/vendor/golang.org/x/tools/go/ast/inspector/typeof.go -+++ b/vendor/golang.org/x/tools/go/ast/inspector/typeof.go -@@ -11,6 +11,7 @@ package inspector - - import ( - "go/ast" -+ "math" - - "golang.org/x/tools/internal/typeparams" - ) -@@ -218,7 +219,7 @@ func typeOf(n ast.Node) uint64 { - - func maskOf(nodes []ast.Node) uint64 { - if nodes == nil { -- return 1<<64 - 1 // match all node types -+ return math.MaxUint64 // match all node types - } - var mask uint64 - for _, n := range nodes { -diff --git a/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go b/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go -index 2ed25a75024..165ede0f8f3 100644 ---- a/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go -+++ b/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go -@@ -27,10 +27,9 @@ import ( - "go/token" - "go/types" - "io" -- "io/ioutil" - "os/exec" - -- "golang.org/x/tools/go/internal/gcimporter" -+ "golang.org/x/tools/internal/gcimporter" - ) - - // Find returns the name of an object (.o) or archive (.a) file -@@ -85,9 +84,26 @@ func NewReader(r io.Reader) (io.Reader, error) { - } - } - -+// readAll works the same way as io.ReadAll, but avoids allocations and copies -+// by preallocating a byte slice of the necessary size if the size is known up -+// front. This is always possible when the input is an archive. In that case, -+// NewReader will return the known size using an io.LimitedReader. -+func readAll(r io.Reader) ([]byte, error) { -+ if lr, ok := r.(*io.LimitedReader); ok { -+ data := make([]byte, lr.N) -+ _, err := io.ReadFull(lr, data) -+ return data, err -+ } -+ return io.ReadAll(r) -+} -+ - // Read reads export data from in, decodes it, and returns type - // information for the package. --// The package name is specified by path. -+// -+// The package path (effectively its linker symbol prefix) is -+// specified by path, since unlike the package name, this information -+// may not be recorded in the export data. -+// - // File position information is added to fset. - // - // Read may inspect and add to the imports map to ensure that references -@@ -98,7 +114,7 @@ func NewReader(r io.Reader) (io.Reader, error) { - // - // On return, the state of the reader is undefined. - func Read(in io.Reader, fset *token.FileSet, imports map[string]*types.Package, path string) (*types.Package, error) { -- data, err := ioutil.ReadAll(in) -+ data, err := readAll(in) - if err != nil { - return nil, fmt.Errorf("reading export data for %q: %v", path, err) - } -@@ -107,12 +123,6 @@ func Read(in io.Reader, fset *token.FileSet, imports map[string]*types.Package, - return nil, fmt.Errorf("can't read export data for %q directly from an archive file (call gcexportdata.NewReader first to extract export data)", path) - } - -- // The App Engine Go runtime v1.6 uses the old export data format. -- // TODO(adonovan): delete once v1.7 has been around for a while. -- if bytes.HasPrefix(data, []byte("package ")) { -- return gcimporter.ImportData(imports, path, path, bytes.NewReader(data)) -- } -- - // The indexed export format starts with an 'i'; the older - // binary export format starts with a 'c', 'd', or 'v' - // (from "version"). Select appropriate importer. -@@ -161,7 +171,7 @@ func Write(out io.Writer, fset *token.FileSet, pkg *types.Package) error { - // - // Experimental: This API is experimental and may change in the future. - func ReadBundle(in io.Reader, fset *token.FileSet, imports map[string]*types.Package) ([]*types.Package, error) { -- data, err := ioutil.ReadAll(in) -+ data, err := readAll(in) - if err != nil { - return nil, fmt.Errorf("reading export bundle: %v", err) - } -diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/gcimporter.go b/vendor/golang.org/x/tools/go/internal/gcimporter/gcimporter.go -deleted file mode 100644 -index e96c39600d1..00000000000 ---- a/vendor/golang.org/x/tools/go/internal/gcimporter/gcimporter.go -+++ /dev/null -@@ -1,1125 +0,0 @@ --// Copyright 2011 The Go Authors. All rights reserved. --// Use of this source code is governed by a BSD-style --// license that can be found in the LICENSE file. -- --// This file is a modified copy of $GOROOT/src/go/internal/gcimporter/gcimporter.go, --// but it also contains the original source-based importer code for Go1.6. --// Once we stop supporting 1.6, we can remove that code. -- --// Package gcimporter provides various functions for reading --// gc-generated object files that can be used to implement the --// Importer interface defined by the Go 1.5 standard library package. --package gcimporter // import "golang.org/x/tools/go/internal/gcimporter" -- --import ( -- "bufio" -- "errors" -- "fmt" -- "go/build" -- "go/constant" -- "go/token" -- "go/types" -- "io" -- "io/ioutil" -- "os" -- "path/filepath" -- "sort" -- "strconv" -- "strings" -- "text/scanner" --) -- --const ( -- // Enable debug during development: it adds some additional checks, and -- // prevents errors from being recovered. -- debug = false -- -- // If trace is set, debugging output is printed to std out. -- trace = false --) -- --var pkgExts = [...]string{".a", ".o"} -- --// FindPkg returns the filename and unique package id for an import --// path based on package information provided by build.Import (using --// the build.Default build.Context). A relative srcDir is interpreted --// relative to the current working directory. --// If no file was found, an empty filename is returned. --func FindPkg(path, srcDir string) (filename, id string) { -- if path == "" { -- return -- } -- -- var noext string -- switch { -- default: -- // "x" -> "$GOPATH/pkg/$GOOS_$GOARCH/x.ext", "x" -- // Don't require the source files to be present. -- if abs, err := filepath.Abs(srcDir); err == nil { // see issue 14282 -- srcDir = abs -- } -- bp, _ := build.Import(path, srcDir, build.FindOnly|build.AllowBinary) -- if bp.PkgObj == "" { -- id = path // make sure we have an id to print in error message -- return -- } -- noext = strings.TrimSuffix(bp.PkgObj, ".a") -- id = bp.ImportPath -- -- case build.IsLocalImport(path): -- // "./x" -> "/this/directory/x.ext", "/this/directory/x" -- noext = filepath.Join(srcDir, path) -- id = noext -- -- case filepath.IsAbs(path): -- // for completeness only - go/build.Import -- // does not support absolute imports -- // "/x" -> "/x.ext", "/x" -- noext = path -- id = path -- } -- -- if false { // for debugging -- if path != id { -- fmt.Printf("%s -> %s\n", path, id) -- } -- } -- -- // try extensions -- for _, ext := range pkgExts { -- filename = noext + ext -- if f, err := os.Stat(filename); err == nil && !f.IsDir() { -- return -- } -- } -- -- filename = "" // not found -- return --} -- --// ImportData imports a package by reading the gc-generated export data, --// adds the corresponding package object to the packages map indexed by id, --// and returns the object. --// --// The packages map must contains all packages already imported. The data --// reader position must be the beginning of the export data section. The --// filename is only used in error messages. --// --// If packages[id] contains the completely imported package, that package --// can be used directly, and there is no need to call this function (but --// there is also no harm but for extra time used). --func ImportData(packages map[string]*types.Package, filename, id string, data io.Reader) (pkg *types.Package, err error) { -- // support for parser error handling -- defer func() { -- switch r := recover().(type) { -- case nil: -- // nothing to do -- case importError: -- err = r -- default: -- panic(r) // internal error -- } -- }() -- -- var p parser -- p.init(filename, id, data, packages) -- pkg = p.parseExport() -- -- return --} -- --// Import imports a gc-generated package given its import path and srcDir, adds --// the corresponding package object to the packages map, and returns the object. --// The packages map must contain all packages already imported. --func Import(packages map[string]*types.Package, path, srcDir string, lookup func(path string) (io.ReadCloser, error)) (pkg *types.Package, err error) { -- var rc io.ReadCloser -- var filename, id string -- if lookup != nil { -- // With custom lookup specified, assume that caller has -- // converted path to a canonical import path for use in the map. -- if path == "unsafe" { -- return types.Unsafe, nil -- } -- id = path -- -- // No need to re-import if the package was imported completely before. -- if pkg = packages[id]; pkg != nil && pkg.Complete() { -- return -- } -- f, err := lookup(path) -- if err != nil { -- return nil, err -- } -- rc = f -- } else { -- filename, id = FindPkg(path, srcDir) -- if filename == "" { -- if path == "unsafe" { -- return types.Unsafe, nil -- } -- return nil, fmt.Errorf("can't find import: %q", id) -- } -- -- // no need to re-import if the package was imported completely before -- if pkg = packages[id]; pkg != nil && pkg.Complete() { -- return -- } -- -- // open file -- f, err := os.Open(filename) -- if err != nil { -- return nil, err -- } -- defer func() { -- if err != nil { -- // add file name to error -- err = fmt.Errorf("%s: %v", filename, err) -- } -- }() -- rc = f -- } -- defer rc.Close() -- -- var hdr string -- var size int64 -- buf := bufio.NewReader(rc) -- if hdr, size, err = FindExportData(buf); err != nil { -- return -- } -- -- switch hdr { -- case "$$\n": -- // Work-around if we don't have a filename; happens only if lookup != nil. -- // Either way, the filename is only needed for importer error messages, so -- // this is fine. -- if filename == "" { -- filename = path -- } -- return ImportData(packages, filename, id, buf) -- -- case "$$B\n": -- var data []byte -- data, err = ioutil.ReadAll(buf) -- if err != nil { -- break -- } -- -- // TODO(gri): allow clients of go/importer to provide a FileSet. -- // Or, define a new standard go/types/gcexportdata package. -- fset := token.NewFileSet() -- -- // The indexed export format starts with an 'i'; the older -- // binary export format starts with a 'c', 'd', or 'v' -- // (from "version"). Select appropriate importer. -- if len(data) > 0 { -- switch data[0] { -- case 'i': -- _, pkg, err := IImportData(fset, packages, data[1:], id) -- return pkg, err -- -- case 'v', 'c', 'd': -- _, pkg, err := BImportData(fset, packages, data, id) -- return pkg, err -- -- case 'u': -- _, pkg, err := UImportData(fset, packages, data[1:size], id) -- return pkg, err -- -- default: -- l := len(data) -- if l > 10 { -- l = 10 -- } -- return nil, fmt.Errorf("unexpected export data with prefix %q for path %s", string(data[:l]), id) -- } -- } -- -- default: -- err = fmt.Errorf("unknown export data header: %q", hdr) -- } -- -- return --} -- --// ---------------------------------------------------------------------------- --// Parser -- --// TODO(gri) Imported objects don't have position information. --// Ideally use the debug table line info; alternatively --// create some fake position (or the position of the --// import). That way error messages referring to imported --// objects can print meaningful information. -- --// parser parses the exports inside a gc compiler-produced --// object/archive file and populates its scope with the results. --type parser struct { -- scanner scanner.Scanner -- tok rune // current token -- lit string // literal string; only valid for Ident, Int, String tokens -- id string // package id of imported package -- sharedPkgs map[string]*types.Package // package id -> package object (across importer) -- localPkgs map[string]*types.Package // package id -> package object (just this package) --} -- --func (p *parser) init(filename, id string, src io.Reader, packages map[string]*types.Package) { -- p.scanner.Init(src) -- p.scanner.Error = func(_ *scanner.Scanner, msg string) { p.error(msg) } -- p.scanner.Mode = scanner.ScanIdents | scanner.ScanInts | scanner.ScanChars | scanner.ScanStrings | scanner.ScanComments | scanner.SkipComments -- p.scanner.Whitespace = 1<<'\t' | 1<<' ' -- p.scanner.Filename = filename // for good error messages -- p.next() -- p.id = id -- p.sharedPkgs = packages -- if debug { -- // check consistency of packages map -- for _, pkg := range packages { -- if pkg.Name() == "" { -- fmt.Printf("no package name for %s\n", pkg.Path()) -- } -- } -- } --} -- --func (p *parser) next() { -- p.tok = p.scanner.Scan() -- switch p.tok { -- case scanner.Ident, scanner.Int, scanner.Char, scanner.String, '·': -- p.lit = p.scanner.TokenText() -- default: -- p.lit = "" -- } -- if debug { -- fmt.Printf("%s: %q -> %q\n", scanner.TokenString(p.tok), p.scanner.TokenText(), p.lit) -- } --} -- --func declTypeName(pkg *types.Package, name string) *types.TypeName { -- scope := pkg.Scope() -- if obj := scope.Lookup(name); obj != nil { -- return obj.(*types.TypeName) -- } -- obj := types.NewTypeName(token.NoPos, pkg, name, nil) -- // a named type may be referred to before the underlying type -- // is known - set it up -- types.NewNamed(obj, nil, nil) -- scope.Insert(obj) -- return obj --} -- --// ---------------------------------------------------------------------------- --// Error handling -- --// Internal errors are boxed as importErrors. --type importError struct { -- pos scanner.Position -- err error --} -- --func (e importError) Error() string { -- return fmt.Sprintf("import error %s (byte offset = %d): %s", e.pos, e.pos.Offset, e.err) --} -- --func (p *parser) error(err interface{}) { -- if s, ok := err.(string); ok { -- err = errors.New(s) -- } -- // panic with a runtime.Error if err is not an error -- panic(importError{p.scanner.Pos(), err.(error)}) --} -- --func (p *parser) errorf(format string, args ...interface{}) { -- p.error(fmt.Sprintf(format, args...)) --} -- --func (p *parser) expect(tok rune) string { -- lit := p.lit -- if p.tok != tok { -- p.errorf("expected %s, got %s (%s)", scanner.TokenString(tok), scanner.TokenString(p.tok), lit) -- } -- p.next() -- return lit --} -- --func (p *parser) expectSpecial(tok string) { -- sep := 'x' // not white space -- i := 0 -- for i < len(tok) && p.tok == rune(tok[i]) && sep > ' ' { -- sep = p.scanner.Peek() // if sep <= ' ', there is white space before the next token -- p.next() -- i++ -- } -- if i < len(tok) { -- p.errorf("expected %q, got %q", tok, tok[0:i]) -- } --} -- --func (p *parser) expectKeyword(keyword string) { -- lit := p.expect(scanner.Ident) -- if lit != keyword { -- p.errorf("expected keyword %s, got %q", keyword, lit) -- } --} -- --// ---------------------------------------------------------------------------- --// Qualified and unqualified names -- --// parsePackageID parses a PackageId: --// --// PackageId = string_lit . --func (p *parser) parsePackageID() string { -- id, err := strconv.Unquote(p.expect(scanner.String)) -- if err != nil { -- p.error(err) -- } -- // id == "" stands for the imported package id -- // (only known at time of package installation) -- if id == "" { -- id = p.id -- } -- return id --} -- --// parsePackageName parse a PackageName: --// --// PackageName = ident . --func (p *parser) parsePackageName() string { -- return p.expect(scanner.Ident) --} -- --// parseDotIdent parses a dotIdentifier: --// --// dotIdentifier = ( ident | '·' ) { ident | int | '·' } . --func (p *parser) parseDotIdent() string { -- ident := "" -- if p.tok != scanner.Int { -- sep := 'x' // not white space -- for (p.tok == scanner.Ident || p.tok == scanner.Int || p.tok == '·') && sep > ' ' { -- ident += p.lit -- sep = p.scanner.Peek() // if sep <= ' ', there is white space before the next token -- p.next() -- } -- } -- if ident == "" { -- p.expect(scanner.Ident) // use expect() for error handling -- } -- return ident --} -- --// parseQualifiedName parses a QualifiedName: --// --// QualifiedName = "@" PackageId "." ( "?" | dotIdentifier ) . --func (p *parser) parseQualifiedName() (id, name string) { -- p.expect('@') -- id = p.parsePackageID() -- p.expect('.') -- // Per rev f280b8a485fd (10/2/2013), qualified names may be used for anonymous fields. -- if p.tok == '?' { -- p.next() -- } else { -- name = p.parseDotIdent() -- } -- return --} -- --// getPkg returns the package for a given id. If the package is --// not found, create the package and add it to the p.localPkgs --// and p.sharedPkgs maps. name is the (expected) name of the --// package. If name == "", the package name is expected to be --// set later via an import clause in the export data. --// --// id identifies a package, usually by a canonical package path like --// "encoding/json" but possibly by a non-canonical import path like --// "./json". --func (p *parser) getPkg(id, name string) *types.Package { -- // package unsafe is not in the packages maps - handle explicitly -- if id == "unsafe" { -- return types.Unsafe -- } -- -- pkg := p.localPkgs[id] -- if pkg == nil { -- // first import of id from this package -- pkg = p.sharedPkgs[id] -- if pkg == nil { -- // first import of id by this importer; -- // add (possibly unnamed) pkg to shared packages -- pkg = types.NewPackage(id, name) -- p.sharedPkgs[id] = pkg -- } -- // add (possibly unnamed) pkg to local packages -- if p.localPkgs == nil { -- p.localPkgs = make(map[string]*types.Package) -- } -- p.localPkgs[id] = pkg -- } else if name != "" { -- // package exists already and we have an expected package name; -- // make sure names match or set package name if necessary -- if pname := pkg.Name(); pname == "" { -- pkg.SetName(name) -- } else if pname != name { -- p.errorf("%s package name mismatch: %s (given) vs %s (expected)", id, pname, name) -- } -- } -- return pkg --} -- --// parseExportedName is like parseQualifiedName, but --// the package id is resolved to an imported *types.Package. --func (p *parser) parseExportedName() (pkg *types.Package, name string) { -- id, name := p.parseQualifiedName() -- pkg = p.getPkg(id, "") -- return --} -- --// ---------------------------------------------------------------------------- --// Types -- --// parseBasicType parses a BasicType: --// --// BasicType = identifier . --func (p *parser) parseBasicType() types.Type { -- id := p.expect(scanner.Ident) -- obj := types.Universe.Lookup(id) -- if obj, ok := obj.(*types.TypeName); ok { -- return obj.Type() -- } -- p.errorf("not a basic type: %s", id) -- return nil --} -- --// parseArrayType parses an ArrayType: --// --// ArrayType = "[" int_lit "]" Type . --func (p *parser) parseArrayType(parent *types.Package) types.Type { -- // "[" already consumed and lookahead known not to be "]" -- lit := p.expect(scanner.Int) -- p.expect(']') -- elem := p.parseType(parent) -- n, err := strconv.ParseInt(lit, 10, 64) -- if err != nil { -- p.error(err) -- } -- return types.NewArray(elem, n) --} -- --// parseMapType parses a MapType: --// --// MapType = "map" "[" Type "]" Type . --func (p *parser) parseMapType(parent *types.Package) types.Type { -- p.expectKeyword("map") -- p.expect('[') -- key := p.parseType(parent) -- p.expect(']') -- elem := p.parseType(parent) -- return types.NewMap(key, elem) --} -- --// parseName parses a Name: --// --// Name = identifier | "?" | QualifiedName . --// --// For unqualified and anonymous names, the returned package is the parent --// package unless parent == nil, in which case the returned package is the --// package being imported. (The parent package is not nil if the name --// is an unqualified struct field or interface method name belonging to a --// type declared in another package.) --// --// For qualified names, the returned package is nil (and not created if --// it doesn't exist yet) unless materializePkg is set (which creates an --// unnamed package with valid package path). In the latter case, a --// subsequent import clause is expected to provide a name for the package. --func (p *parser) parseName(parent *types.Package, materializePkg bool) (pkg *types.Package, name string) { -- pkg = parent -- if pkg == nil { -- pkg = p.sharedPkgs[p.id] -- } -- switch p.tok { -- case scanner.Ident: -- name = p.lit -- p.next() -- case '?': -- // anonymous -- p.next() -- case '@': -- // exported name prefixed with package path -- pkg = nil -- var id string -- id, name = p.parseQualifiedName() -- if materializePkg { -- pkg = p.getPkg(id, "") -- } -- default: -- p.error("name expected") -- } -- return --} -- --func deref(typ types.Type) types.Type { -- if p, _ := typ.(*types.Pointer); p != nil { -- return p.Elem() -- } -- return typ --} -- --// parseField parses a Field: --// --// Field = Name Type [ string_lit ] . --func (p *parser) parseField(parent *types.Package) (*types.Var, string) { -- pkg, name := p.parseName(parent, true) -- -- if name == "_" { -- // Blank fields should be package-qualified because they -- // are unexported identifiers, but gc does not qualify them. -- // Assuming that the ident belongs to the current package -- // causes types to change during re-exporting, leading -- // to spurious "can't assign A to B" errors from go/types. -- // As a workaround, pretend all blank fields belong -- // to the same unique dummy package. -- const blankpkg = "<_>" -- pkg = p.getPkg(blankpkg, blankpkg) -- } -- -- typ := p.parseType(parent) -- anonymous := false -- if name == "" { -- // anonymous field - typ must be T or *T and T must be a type name -- switch typ := deref(typ).(type) { -- case *types.Basic: // basic types are named types -- pkg = nil // objects defined in Universe scope have no package -- name = typ.Name() -- case *types.Named: -- name = typ.Obj().Name() -- default: -- p.errorf("anonymous field expected") -- } -- anonymous = true -- } -- tag := "" -- if p.tok == scanner.String { -- s := p.expect(scanner.String) -- var err error -- tag, err = strconv.Unquote(s) -- if err != nil { -- p.errorf("invalid struct tag %s: %s", s, err) -- } -- } -- return types.NewField(token.NoPos, pkg, name, typ, anonymous), tag --} -- --// parseStructType parses a StructType: --// --// StructType = "struct" "{" [ FieldList ] "}" . --// FieldList = Field { ";" Field } . --func (p *parser) parseStructType(parent *types.Package) types.Type { -- var fields []*types.Var -- var tags []string -- -- p.expectKeyword("struct") -- p.expect('{') -- for i := 0; p.tok != '}' && p.tok != scanner.EOF; i++ { -- if i > 0 { -- p.expect(';') -- } -- fld, tag := p.parseField(parent) -- if tag != "" && tags == nil { -- tags = make([]string, i) -- } -- if tags != nil { -- tags = append(tags, tag) -- } -- fields = append(fields, fld) -- } -- p.expect('}') -- -- return types.NewStruct(fields, tags) --} -- --// parseParameter parses a Parameter: --// --// Parameter = ( identifier | "?" ) [ "..." ] Type [ string_lit ] . --func (p *parser) parseParameter() (par *types.Var, isVariadic bool) { -- _, name := p.parseName(nil, false) -- // remove gc-specific parameter numbering -- if i := strings.Index(name, "·"); i >= 0 { -- name = name[:i] -- } -- if p.tok == '.' { -- p.expectSpecial("...") -- isVariadic = true -- } -- typ := p.parseType(nil) -- if isVariadic { -- typ = types.NewSlice(typ) -- } -- // ignore argument tag (e.g. "noescape") -- if p.tok == scanner.String { -- p.next() -- } -- // TODO(gri) should we provide a package? -- par = types.NewVar(token.NoPos, nil, name, typ) -- return --} -- --// parseParameters parses a Parameters: --// --// Parameters = "(" [ ParameterList ] ")" . --// ParameterList = { Parameter "," } Parameter . --func (p *parser) parseParameters() (list []*types.Var, isVariadic bool) { -- p.expect('(') -- for p.tok != ')' && p.tok != scanner.EOF { -- if len(list) > 0 { -- p.expect(',') -- } -- par, variadic := p.parseParameter() -- list = append(list, par) -- if variadic { -- if isVariadic { -- p.error("... not on final argument") -- } -- isVariadic = true -- } -- } -- p.expect(')') -- -- return --} -- --// parseSignature parses a Signature: --// --// Signature = Parameters [ Result ] . --// Result = Type | Parameters . --func (p *parser) parseSignature(recv *types.Var) *types.Signature { -- params, isVariadic := p.parseParameters() -- -- // optional result type -- var results []*types.Var -- if p.tok == '(' { -- var variadic bool -- results, variadic = p.parseParameters() -- if variadic { -- p.error("... not permitted on result type") -- } -- } -- -- return types.NewSignature(recv, types.NewTuple(params...), types.NewTuple(results...), isVariadic) --} -- --// parseInterfaceType parses an InterfaceType: --// --// InterfaceType = "interface" "{" [ MethodList ] "}" . --// MethodList = Method { ";" Method } . --// Method = Name Signature . --// --// The methods of embedded interfaces are always "inlined" --// by the compiler and thus embedded interfaces are never --// visible in the export data. --func (p *parser) parseInterfaceType(parent *types.Package) types.Type { -- var methods []*types.Func -- -- p.expectKeyword("interface") -- p.expect('{') -- for i := 0; p.tok != '}' && p.tok != scanner.EOF; i++ { -- if i > 0 { -- p.expect(';') -- } -- pkg, name := p.parseName(parent, true) -- sig := p.parseSignature(nil) -- methods = append(methods, types.NewFunc(token.NoPos, pkg, name, sig)) -- } -- p.expect('}') -- -- // Complete requires the type's embedded interfaces to be fully defined, -- // but we do not define any -- return newInterface(methods, nil).Complete() --} -- --// parseChanType parses a ChanType: --// --// ChanType = ( "chan" [ "<-" ] | "<-" "chan" ) Type . --func (p *parser) parseChanType(parent *types.Package) types.Type { -- dir := types.SendRecv -- if p.tok == scanner.Ident { -- p.expectKeyword("chan") -- if p.tok == '<' { -- p.expectSpecial("<-") -- dir = types.SendOnly -- } -- } else { -- p.expectSpecial("<-") -- p.expectKeyword("chan") -- dir = types.RecvOnly -- } -- elem := p.parseType(parent) -- return types.NewChan(dir, elem) --} -- --// parseType parses a Type: --// --// Type = --// BasicType | TypeName | ArrayType | SliceType | StructType | --// PointerType | FuncType | InterfaceType | MapType | ChanType | --// "(" Type ")" . --// --// BasicType = ident . --// TypeName = ExportedName . --// SliceType = "[" "]" Type . --// PointerType = "*" Type . --// FuncType = "func" Signature . --func (p *parser) parseType(parent *types.Package) types.Type { -- switch p.tok { -- case scanner.Ident: -- switch p.lit { -- default: -- return p.parseBasicType() -- case "struct": -- return p.parseStructType(parent) -- case "func": -- // FuncType -- p.next() -- return p.parseSignature(nil) -- case "interface": -- return p.parseInterfaceType(parent) -- case "map": -- return p.parseMapType(parent) -- case "chan": -- return p.parseChanType(parent) -- } -- case '@': -- // TypeName -- pkg, name := p.parseExportedName() -- return declTypeName(pkg, name).Type() -- case '[': -- p.next() // look ahead -- if p.tok == ']' { -- // SliceType -- p.next() -- return types.NewSlice(p.parseType(parent)) -- } -- return p.parseArrayType(parent) -- case '*': -- // PointerType -- p.next() -- return types.NewPointer(p.parseType(parent)) -- case '<': -- return p.parseChanType(parent) -- case '(': -- // "(" Type ")" -- p.next() -- typ := p.parseType(parent) -- p.expect(')') -- return typ -- } -- p.errorf("expected type, got %s (%q)", scanner.TokenString(p.tok), p.lit) -- return nil --} -- --// ---------------------------------------------------------------------------- --// Declarations -- --// parseImportDecl parses an ImportDecl: --// --// ImportDecl = "import" PackageName PackageId . --func (p *parser) parseImportDecl() { -- p.expectKeyword("import") -- name := p.parsePackageName() -- p.getPkg(p.parsePackageID(), name) --} -- --// parseInt parses an int_lit: --// --// int_lit = [ "+" | "-" ] { "0" ... "9" } . --func (p *parser) parseInt() string { -- s := "" -- switch p.tok { -- case '-': -- s = "-" -- p.next() -- case '+': -- p.next() -- } -- return s + p.expect(scanner.Int) --} -- --// parseNumber parses a number: --// --// number = int_lit [ "p" int_lit ] . --func (p *parser) parseNumber() (typ *types.Basic, val constant.Value) { -- // mantissa -- mant := constant.MakeFromLiteral(p.parseInt(), token.INT, 0) -- if mant == nil { -- panic("invalid mantissa") -- } -- -- if p.lit == "p" { -- // exponent (base 2) -- p.next() -- exp, err := strconv.ParseInt(p.parseInt(), 10, 0) -- if err != nil { -- p.error(err) -- } -- if exp < 0 { -- denom := constant.MakeInt64(1) -- denom = constant.Shift(denom, token.SHL, uint(-exp)) -- typ = types.Typ[types.UntypedFloat] -- val = constant.BinaryOp(mant, token.QUO, denom) -- return -- } -- if exp > 0 { -- mant = constant.Shift(mant, token.SHL, uint(exp)) -- } -- typ = types.Typ[types.UntypedFloat] -- val = mant -- return -- } -- -- typ = types.Typ[types.UntypedInt] -- val = mant -- return --} -- --// parseConstDecl parses a ConstDecl: --// --// ConstDecl = "const" ExportedName [ Type ] "=" Literal . --// Literal = bool_lit | int_lit | float_lit | complex_lit | rune_lit | string_lit . --// bool_lit = "true" | "false" . --// complex_lit = "(" float_lit "+" float_lit "i" ")" . --// rune_lit = "(" int_lit "+" int_lit ")" . --// string_lit = `"` { unicode_char } `"` . --func (p *parser) parseConstDecl() { -- p.expectKeyword("const") -- pkg, name := p.parseExportedName() -- -- var typ0 types.Type -- if p.tok != '=' { -- // constant types are never structured - no need for parent type -- typ0 = p.parseType(nil) -- } -- -- p.expect('=') -- var typ types.Type -- var val constant.Value -- switch p.tok { -- case scanner.Ident: -- // bool_lit -- if p.lit != "true" && p.lit != "false" { -- p.error("expected true or false") -- } -- typ = types.Typ[types.UntypedBool] -- val = constant.MakeBool(p.lit == "true") -- p.next() -- -- case '-', scanner.Int: -- // int_lit -- typ, val = p.parseNumber() -- -- case '(': -- // complex_lit or rune_lit -- p.next() -- if p.tok == scanner.Char { -- p.next() -- p.expect('+') -- typ = types.Typ[types.UntypedRune] -- _, val = p.parseNumber() -- p.expect(')') -- break -- } -- _, re := p.parseNumber() -- p.expect('+') -- _, im := p.parseNumber() -- p.expectKeyword("i") -- p.expect(')') -- typ = types.Typ[types.UntypedComplex] -- val = constant.BinaryOp(re, token.ADD, constant.MakeImag(im)) -- -- case scanner.Char: -- // rune_lit -- typ = types.Typ[types.UntypedRune] -- val = constant.MakeFromLiteral(p.lit, token.CHAR, 0) -- p.next() -- -- case scanner.String: -- // string_lit -- typ = types.Typ[types.UntypedString] -- val = constant.MakeFromLiteral(p.lit, token.STRING, 0) -- p.next() -- -- default: -- p.errorf("expected literal got %s", scanner.TokenString(p.tok)) -- } -- -- if typ0 == nil { -- typ0 = typ -- } -- -- pkg.Scope().Insert(types.NewConst(token.NoPos, pkg, name, typ0, val)) --} -- --// parseTypeDecl parses a TypeDecl: --// --// TypeDecl = "type" ExportedName Type . --func (p *parser) parseTypeDecl() { -- p.expectKeyword("type") -- pkg, name := p.parseExportedName() -- obj := declTypeName(pkg, name) -- -- // The type object may have been imported before and thus already -- // have a type associated with it. We still need to parse the type -- // structure, but throw it away if the object already has a type. -- // This ensures that all imports refer to the same type object for -- // a given type declaration. -- typ := p.parseType(pkg) -- -- if name := obj.Type().(*types.Named); name.Underlying() == nil { -- name.SetUnderlying(typ) -- } --} -- --// parseVarDecl parses a VarDecl: --// --// VarDecl = "var" ExportedName Type . --func (p *parser) parseVarDecl() { -- p.expectKeyword("var") -- pkg, name := p.parseExportedName() -- typ := p.parseType(pkg) -- pkg.Scope().Insert(types.NewVar(token.NoPos, pkg, name, typ)) --} -- --// parseFunc parses a Func: --// --// Func = Signature [ Body ] . --// Body = "{" ... "}" . --func (p *parser) parseFunc(recv *types.Var) *types.Signature { -- sig := p.parseSignature(recv) -- if p.tok == '{' { -- p.next() -- for i := 1; i > 0; p.next() { -- switch p.tok { -- case '{': -- i++ -- case '}': -- i-- -- } -- } -- } -- return sig --} -- --// parseMethodDecl parses a MethodDecl: --// --// MethodDecl = "func" Receiver Name Func . --// Receiver = "(" ( identifier | "?" ) [ "*" ] ExportedName ")" . --func (p *parser) parseMethodDecl() { -- // "func" already consumed -- p.expect('(') -- recv, _ := p.parseParameter() // receiver -- p.expect(')') -- -- // determine receiver base type object -- base := deref(recv.Type()).(*types.Named) -- -- // parse method name, signature, and possibly inlined body -- _, name := p.parseName(nil, false) -- sig := p.parseFunc(recv) -- -- // methods always belong to the same package as the base type object -- pkg := base.Obj().Pkg() -- -- // add method to type unless type was imported before -- // and method exists already -- // TODO(gri) This leads to a quadratic algorithm - ok for now because method counts are small. -- base.AddMethod(types.NewFunc(token.NoPos, pkg, name, sig)) --} -- --// parseFuncDecl parses a FuncDecl: --// --// FuncDecl = "func" ExportedName Func . --func (p *parser) parseFuncDecl() { -- // "func" already consumed -- pkg, name := p.parseExportedName() -- typ := p.parseFunc(nil) -- pkg.Scope().Insert(types.NewFunc(token.NoPos, pkg, name, typ)) --} -- --// parseDecl parses a Decl: --// --// Decl = [ ImportDecl | ConstDecl | TypeDecl | VarDecl | FuncDecl | MethodDecl ] "\n" . --func (p *parser) parseDecl() { -- if p.tok == scanner.Ident { -- switch p.lit { -- case "import": -- p.parseImportDecl() -- case "const": -- p.parseConstDecl() -- case "type": -- p.parseTypeDecl() -- case "var": -- p.parseVarDecl() -- case "func": -- p.next() // look ahead -- if p.tok == '(' { -- p.parseMethodDecl() -- } else { -- p.parseFuncDecl() -- } -- } -- } -- p.expect('\n') --} -- --// ---------------------------------------------------------------------------- --// Export -- --// parseExport parses an Export: --// --// Export = "PackageClause { Decl } "$$" . --// PackageClause = "package" PackageName [ "safe" ] "\n" . --func (p *parser) parseExport() *types.Package { -- p.expectKeyword("package") -- name := p.parsePackageName() -- if p.tok == scanner.Ident && p.lit == "safe" { -- // package was compiled with -u option - ignore -- p.next() -- } -- p.expect('\n') -- -- pkg := p.getPkg(p.id, name) -- -- for p.tok != '$' && p.tok != scanner.EOF { -- p.parseDecl() -- } -- -- if ch := p.scanner.Peek(); p.tok != '$' || ch != '$' { -- // don't call next()/expect() since reading past the -- // export data may cause scanner errors (e.g. NUL chars) -- p.errorf("expected '$$', got %s %c", scanner.TokenString(p.tok), ch) -- } -- -- if n := p.scanner.ErrorCount; n != 0 { -- p.errorf("expected no scanner errors, got %d", n) -- } -- -- // Record all locally referenced packages as imports. -- var imports []*types.Package -- for id, pkg2 := range p.localPkgs { -- if pkg2.Name() == "" { -- p.errorf("%s package has no name", id) -- } -- if id == p.id { -- continue // avoid self-edge -- } -- imports = append(imports, pkg2) -- } -- sort.Sort(byPath(imports)) -- pkg.SetImports(imports) -- -- // package was imported completely and without errors -- pkg.MarkComplete() -- -- return pkg --} -- --type byPath []*types.Package -- --func (a byPath) Len() int { return len(a) } --func (a byPath) Swap(i, j int) { a[i], a[j] = a[j], a[i] } --func (a byPath) Less(i, j int) bool { return a[i].Path() < a[j].Path() } -diff --git a/vendor/golang.org/x/tools/go/packages/golist.go b/vendor/golang.org/x/tools/go/packages/golist.go -index de881562de1..6bb7168d2e3 100644 ---- a/vendor/golang.org/x/tools/go/packages/golist.go -+++ b/vendor/golang.org/x/tools/go/packages/golist.go -@@ -60,6 +60,7 @@ func (r *responseDeduper) addAll(dr *driverResponse) { - for _, root := range dr.Roots { - r.addRoot(root) - } -+ r.dr.GoVersion = dr.GoVersion - } - - func (r *responseDeduper) addPackage(p *Package) { -@@ -454,11 +455,14 @@ func (state *golistState) createDriverResponse(words ...string) (*driverResponse - if err != nil { - return nil, err - } -+ - seen := make(map[string]*jsonPackage) - pkgs := make(map[string]*Package) - additionalErrors := make(map[string][]Error) - // Decode the JSON and convert it to Package form. -- var response driverResponse -+ response := &driverResponse{ -+ GoVersion: goVersion, -+ } - for dec := json.NewDecoder(buf); dec.More(); { - p := new(jsonPackage) - if err := dec.Decode(p); err != nil { -@@ -600,17 +604,12 @@ func (state *golistState) createDriverResponse(words ...string) (*driverResponse - - // Work around https://golang.org/issue/28749: - // cmd/go puts assembly, C, and C++ files in CompiledGoFiles. -- // Filter out any elements of CompiledGoFiles that are also in OtherFiles. -- // We have to keep this workaround in place until go1.12 is a distant memory. -- if len(pkg.OtherFiles) > 0 { -- other := make(map[string]bool, len(pkg.OtherFiles)) -- for _, f := range pkg.OtherFiles { -- other[f] = true -- } -- -+ // Remove files from CompiledGoFiles that are non-go files -+ // (or are not files that look like they are from the cache). -+ if len(pkg.CompiledGoFiles) > 0 { - out := pkg.CompiledGoFiles[:0] - for _, f := range pkg.CompiledGoFiles { -- if other[f] { -+ if ext := filepath.Ext(f); ext != ".go" && ext != "" { // ext == "" means the file is from the cache, so probably cgo-processed file - continue - } - out = append(out, f) -@@ -730,7 +729,7 @@ func (state *golistState) createDriverResponse(words ...string) (*driverResponse - } - sort.Slice(response.Packages, func(i, j int) bool { return response.Packages[i].ID < response.Packages[j].ID }) - -- return &response, nil -+ return response, nil - } - - func (state *golistState) shouldAddFilenameFromError(p *jsonPackage) bool { -@@ -756,6 +755,7 @@ func (state *golistState) shouldAddFilenameFromError(p *jsonPackage) bool { - return len(p.Error.ImportStack) == 0 || p.Error.ImportStack[len(p.Error.ImportStack)-1] == p.ImportPath - } - -+// getGoVersion returns the effective minor version of the go command. - func (state *golistState) getGoVersion() (int, error) { - state.goVersionOnce.Do(func() { - state.goVersion, state.goVersionError = gocommand.GoVersion(state.ctx, state.cfgInvocation(), state.cfg.gocmdRunner) -diff --git a/vendor/golang.org/x/tools/go/packages/packages.go b/vendor/golang.org/x/tools/go/packages/packages.go -index a93dc6add4d..864da533472 100644 ---- a/vendor/golang.org/x/tools/go/packages/packages.go -+++ b/vendor/golang.org/x/tools/go/packages/packages.go -@@ -15,10 +15,12 @@ import ( - "go/scanner" - "go/token" - "go/types" -+ "io" - "io/ioutil" - "log" - "os" - "path/filepath" -+ "runtime" - "strings" - "sync" - "time" -@@ -233,6 +235,11 @@ type driverResponse struct { - // Imports will be connected and then type and syntax information added in a - // later pass (see refine). - Packages []*Package -+ -+ // GoVersion is the minor version number used by the driver -+ // (e.g. the go command on the PATH) when selecting .go files. -+ // Zero means unknown. -+ GoVersion int - } - - // Load loads and returns the Go packages named by the given patterns. -@@ -256,7 +263,7 @@ func Load(cfg *Config, patterns ...string) ([]*Package, error) { - return nil, err - } - l.sizes = response.Sizes -- return l.refine(response.Roots, response.Packages...) -+ return l.refine(response) - } - - // defaultDriver is a driver that implements go/packages' fallback behavior. -@@ -297,6 +304,9 @@ type Package struct { - // of the package, or while parsing or type-checking its files. - Errors []Error - -+ // TypeErrors contains the subset of errors produced during type checking. -+ TypeErrors []types.Error -+ - // GoFiles lists the absolute file paths of the package's Go source files. - GoFiles []string - -@@ -532,6 +542,7 @@ type loaderPackage struct { - needsrc bool // load from source (Mode >= LoadTypes) - needtypes bool // type information is either requested or depended on - initial bool // package was matched by a pattern -+ goVersion int // minor version number of go command on PATH - } - - // loader holds the working state of a single call to load. -@@ -618,7 +629,8 @@ func newLoader(cfg *Config) *loader { - - // refine connects the supplied packages into a graph and then adds type and - // and syntax information as requested by the LoadMode. --func (ld *loader) refine(roots []string, list ...*Package) ([]*Package, error) { -+func (ld *loader) refine(response *driverResponse) ([]*Package, error) { -+ roots := response.Roots - rootMap := make(map[string]int, len(roots)) - for i, root := range roots { - rootMap[root] = i -@@ -626,7 +638,7 @@ func (ld *loader) refine(roots []string, list ...*Package) ([]*Package, error) { - ld.pkgs = make(map[string]*loaderPackage) - // first pass, fixup and build the map and roots - var initial = make([]*loaderPackage, len(roots)) -- for _, pkg := range list { -+ for _, pkg := range response.Packages { - rootIndex := -1 - if i, found := rootMap[pkg.ID]; found { - rootIndex = i -@@ -648,6 +660,7 @@ func (ld *loader) refine(roots []string, list ...*Package) ([]*Package, error) { - Package: pkg, - needtypes: needtypes, - needsrc: needsrc, -+ goVersion: response.GoVersion, - } - ld.pkgs[lpkg.ID] = lpkg - if rootIndex >= 0 { -@@ -870,7 +883,13 @@ func (ld *loader) loadPackage(lpkg *loaderPackage) { - return - } - if !lpkg.needsrc { -- ld.loadFromExportData(lpkg) -+ if err := ld.loadFromExportData(lpkg); err != nil { -+ lpkg.Errors = append(lpkg.Errors, Error{ -+ Pos: "-", -+ Msg: err.Error(), -+ Kind: UnknownError, // e.g. can't find/open/parse export data -+ }) -+ } - return // not a source package, don't get syntax trees - } - -@@ -902,6 +921,7 @@ func (ld *loader) loadPackage(lpkg *loaderPackage) { - - case types.Error: - // from type checker -+ lpkg.TypeErrors = append(lpkg.TypeErrors, err) - errs = append(errs, Error{ - Pos: err.Fset.Position(err.Pos).String(), - Msg: err.Msg, -@@ -923,11 +943,41 @@ func (ld *loader) loadPackage(lpkg *loaderPackage) { - lpkg.Errors = append(lpkg.Errors, errs...) - } - -+ // If the go command on the PATH is newer than the runtime, -+ // then the go/{scanner,ast,parser,types} packages from the -+ // standard library may be unable to process the files -+ // selected by go list. -+ // -+ // There is currently no way to downgrade the effective -+ // version of the go command (see issue 52078), so we proceed -+ // with the newer go command but, in case of parse or type -+ // errors, we emit an additional diagnostic. -+ // -+ // See: -+ // - golang.org/issue/52078 (flag to set release tags) -+ // - golang.org/issue/50825 (gopls legacy version support) -+ // - golang.org/issue/55883 (go/packages confusing error) -+ // -+ // Should we assert a hard minimum of (currently) go1.16 here? -+ var runtimeVersion int -+ if _, err := fmt.Sscanf(runtime.Version(), "go1.%d", &runtimeVersion); err == nil && runtimeVersion < lpkg.goVersion { -+ defer func() { -+ if len(lpkg.Errors) > 0 { -+ appendError(Error{ -+ Pos: "-", -+ Msg: fmt.Sprintf("This application uses version go1.%d of the source-processing packages but runs version go1.%d of 'go list'. It may fail to process source files that rely on newer language features. If so, rebuild the application using a newer version of Go.", runtimeVersion, lpkg.goVersion), -+ Kind: UnknownError, -+ }) -+ } -+ }() -+ } -+ - if ld.Config.Mode&NeedTypes != 0 && len(lpkg.CompiledGoFiles) == 0 && lpkg.ExportFile != "" { - // The config requested loading sources and types, but sources are missing. - // Add an error to the package and fall back to loading from export data. - appendError(Error{"-", fmt.Sprintf("sources missing for package %s", lpkg.ID), ParseError}) -- ld.loadFromExportData(lpkg) -+ _ = ld.loadFromExportData(lpkg) // ignore any secondary errors -+ - return // can't get syntax trees for this package - } - -@@ -981,7 +1031,7 @@ func (ld *loader) loadPackage(lpkg *loaderPackage) { - tc := &types.Config{ - Importer: importer, - -- // Type-check bodies of functions only in non-initial packages. -+ // Type-check bodies of functions only in initial packages. - // Example: for import graph A->B->C and initial packages {A,C}, - // we can ignore function bodies in B. - IgnoreFuncBodies: ld.Mode&NeedDeps == 0 && !lpkg.initial, -@@ -1153,7 +1203,8 @@ func sameFile(x, y string) bool { - - // loadFromExportData returns type information for the specified - // package, loading it from an export data file on the first request. --func (ld *loader) loadFromExportData(lpkg *loaderPackage) (*types.Package, error) { -+// On success it sets lpkg.Types to a new Package. -+func (ld *loader) loadFromExportData(lpkg *loaderPackage) error { - if lpkg.PkgPath == "" { - log.Fatalf("internal error: Package %s has no PkgPath", lpkg) - } -@@ -1164,8 +1215,8 @@ func (ld *loader) loadFromExportData(lpkg *loaderPackage) (*types.Package, error - // must be sequential. (Finer-grained locking would require - // changes to the gcexportdata API.) - // -- // The exportMu lock guards the Package.Pkg field and the -- // types.Package it points to, for each Package in the graph. -+ // The exportMu lock guards the lpkg.Types field and the -+ // types.Package it points to, for each loaderPackage in the graph. - // - // Not all accesses to Package.Pkg need to be protected by exportMu: - // graph ordering ensures that direct dependencies of source -@@ -1174,18 +1225,18 @@ func (ld *loader) loadFromExportData(lpkg *loaderPackage) (*types.Package, error - defer ld.exportMu.Unlock() - - if tpkg := lpkg.Types; tpkg != nil && tpkg.Complete() { -- return tpkg, nil // cache hit -+ return nil // cache hit - } - - lpkg.IllTyped = true // fail safe - - if lpkg.ExportFile == "" { - // Errors while building export data will have been printed to stderr. -- return nil, fmt.Errorf("no export data file") -+ return fmt.Errorf("no export data file") - } - f, err := os.Open(lpkg.ExportFile) - if err != nil { -- return nil, err -+ return err - } - defer f.Close() - -@@ -1197,7 +1248,7 @@ func (ld *loader) loadFromExportData(lpkg *loaderPackage) (*types.Package, error - // queries.) - r, err := gcexportdata.NewReader(f) - if err != nil { -- return nil, fmt.Errorf("reading %s: %v", lpkg.ExportFile, err) -+ return fmt.Errorf("reading %s: %v", lpkg.ExportFile, err) - } - - // Build the view. -@@ -1241,7 +1292,7 @@ func (ld *loader) loadFromExportData(lpkg *loaderPackage) (*types.Package, error - // (May modify incomplete packages in view but not create new ones.) - tpkg, err := gcexportdata.Read(r, ld.Fset, view, lpkg.PkgPath) - if err != nil { -- return nil, fmt.Errorf("reading %s: %v", lpkg.ExportFile, err) -+ return fmt.Errorf("reading %s: %v", lpkg.ExportFile, err) - } - if _, ok := view["go.shape"]; ok { - // Account for the pseudopackage "go.shape" that gets -@@ -1254,8 +1305,7 @@ func (ld *loader) loadFromExportData(lpkg *loaderPackage) (*types.Package, error - - lpkg.Types = tpkg - lpkg.IllTyped = false -- -- return tpkg, nil -+ return nil - } - - // impliedLoadMode returns loadMode with its dependencies. -@@ -1271,3 +1321,5 @@ func impliedLoadMode(loadMode LoadMode) LoadMode { - func usesExportData(cfg *Config) bool { - return cfg.Mode&NeedExportFile != 0 || cfg.Mode&NeedTypes != 0 && cfg.Mode&NeedDeps == 0 - } -+ -+var _ interface{} = io.Discard // assert build toolchain is go1.16 or later -diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_darwin.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_darwin.go -new file mode 100644 -index 00000000000..acfae1e4a1c ---- /dev/null -+++ b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_darwin.go -@@ -0,0 +1,118 @@ -+// Copyright 2022 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build darwin && cgo -+// +build darwin,cgo -+ -+package fastwalk -+ -+/* -+#include -+// fastwalk_readdir_r wraps readdir_r so that we don't have to pass a dirent** -+// result pointer which triggers CGO's "Go pointer to Go pointer" check unless -+// we allocat the result dirent* with malloc. -+// -+// fastwalk_readdir_r returns 0 on success, -1 upon reaching the end of the -+// directory, or a positive error number to indicate failure. -+static int fastwalk_readdir_r(DIR *fd, struct dirent *entry) { -+ struct dirent *result; -+ int ret = readdir_r(fd, entry, &result); -+ if (ret == 0 && result == NULL) { -+ ret = -1; // EOF -+ } -+ return ret; -+} -+*/ -+import "C" -+ -+import ( -+ "os" -+ "syscall" -+ "unsafe" -+) -+ -+func readDir(dirName string, fn func(dirName, entName string, typ os.FileMode) error) error { -+ fd, err := openDir(dirName) -+ if err != nil { -+ return &os.PathError{Op: "opendir", Path: dirName, Err: err} -+ } -+ defer C.closedir(fd) -+ -+ skipFiles := false -+ var dirent syscall.Dirent -+ for { -+ ret := int(C.fastwalk_readdir_r(fd, (*C.struct_dirent)(unsafe.Pointer(&dirent)))) -+ if ret != 0 { -+ if ret == -1 { -+ break // EOF -+ } -+ if ret == int(syscall.EINTR) { -+ continue -+ } -+ return &os.PathError{Op: "readdir", Path: dirName, Err: syscall.Errno(ret)} -+ } -+ if dirent.Ino == 0 { -+ continue -+ } -+ typ := dtToType(dirent.Type) -+ if skipFiles && typ.IsRegular() { -+ continue -+ } -+ name := (*[len(syscall.Dirent{}.Name)]byte)(unsafe.Pointer(&dirent.Name))[:] -+ name = name[:dirent.Namlen] -+ for i, c := range name { -+ if c == 0 { -+ name = name[:i] -+ break -+ } -+ } -+ // Check for useless names before allocating a string. -+ if string(name) == "." || string(name) == ".." { -+ continue -+ } -+ if err := fn(dirName, string(name), typ); err != nil { -+ if err != ErrSkipFiles { -+ return err -+ } -+ skipFiles = true -+ } -+ } -+ -+ return nil -+} -+ -+func dtToType(typ uint8) os.FileMode { -+ switch typ { -+ case syscall.DT_BLK: -+ return os.ModeDevice -+ case syscall.DT_CHR: -+ return os.ModeDevice | os.ModeCharDevice -+ case syscall.DT_DIR: -+ return os.ModeDir -+ case syscall.DT_FIFO: -+ return os.ModeNamedPipe -+ case syscall.DT_LNK: -+ return os.ModeSymlink -+ case syscall.DT_REG: -+ return 0 -+ case syscall.DT_SOCK: -+ return os.ModeSocket -+ } -+ return ^os.FileMode(0) -+} -+ -+// openDir wraps opendir(3) and handles any EINTR errors. The returned *DIR -+// needs to be closed with closedir(3). -+func openDir(path string) (*C.DIR, error) { -+ name, err := syscall.BytePtrFromString(path) -+ if err != nil { -+ return nil, err -+ } -+ for { -+ fd, err := C.opendir((*C.char)(unsafe.Pointer(name))) -+ if err != syscall.EINTR { -+ return fd, err -+ } -+ } -+} -diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_ino.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_ino.go -index ea02b9ebfe8..d3922890b0b 100644 ---- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_ino.go -+++ b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_ino.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build (linux || darwin) && !appengine --// +build linux darwin -+//go:build (linux || (darwin && !cgo)) && !appengine -+// +build linux darwin,!cgo - // +build !appengine - - package fastwalk -@@ -11,5 +11,5 @@ package fastwalk - import "syscall" - - func direntInode(dirent *syscall.Dirent) uint64 { -- return uint64(dirent.Ino) -+ return dirent.Ino - } -diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_bsd.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_bsd.go -index d5c9c321ed2..38a4db6af3a 100644 ---- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_bsd.go -+++ b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_bsd.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build darwin || freebsd || openbsd || netbsd --// +build darwin freebsd openbsd netbsd -+//go:build (darwin && !cgo) || freebsd || openbsd || netbsd -+// +build darwin,!cgo freebsd openbsd netbsd - - package fastwalk - -diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_unix.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_unix.go -index 58bd87841e1..f12f1a734cc 100644 ---- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_unix.go -+++ b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_unix.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build (linux || darwin || freebsd || openbsd || netbsd) && !appengine --// +build linux darwin freebsd openbsd netbsd -+//go:build (linux || freebsd || openbsd || netbsd || (darwin && !cgo)) && !appengine -+// +build linux freebsd openbsd netbsd darwin,!cgo - // +build !appengine - - package fastwalk -diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/bexport.go b/vendor/golang.org/x/tools/internal/gcimporter/bexport.go -similarity index 99% -rename from vendor/golang.org/x/tools/go/internal/gcimporter/bexport.go -rename to vendor/golang.org/x/tools/internal/gcimporter/bexport.go -index 196cb3f9b41..30582ed6d3d 100644 ---- a/vendor/golang.org/x/tools/go/internal/gcimporter/bexport.go -+++ b/vendor/golang.org/x/tools/internal/gcimporter/bexport.go -@@ -12,7 +12,6 @@ import ( - "bytes" - "encoding/binary" - "fmt" -- "go/ast" - "go/constant" - "go/token" - "go/types" -@@ -145,7 +144,7 @@ func BExportData(fset *token.FileSet, pkg *types.Package) (b []byte, err error) - objcount := 0 - scope := pkg.Scope() - for _, name := range scope.Names() { -- if !ast.IsExported(name) { -+ if !token.IsExported(name) { - continue - } - if trace { -@@ -482,7 +481,7 @@ func (p *exporter) method(m *types.Func) { - - p.pos(m) - p.string(m.Name()) -- if m.Name() != "_" && !ast.IsExported(m.Name()) { -+ if m.Name() != "_" && !token.IsExported(m.Name()) { - p.pkg(m.Pkg(), false) - } - -@@ -501,7 +500,7 @@ func (p *exporter) fieldName(f *types.Var) { - // 3) field name doesn't match base type name (alias name) - bname := basetypeName(f.Type()) - if name == bname { -- if ast.IsExported(name) { -+ if token.IsExported(name) { - name = "" // 1) we don't need to know the field name or package - } else { - name = "?" // 2) use unexported name "?" to force package export -@@ -514,7 +513,7 @@ func (p *exporter) fieldName(f *types.Var) { - } - - p.string(name) -- if name != "" && !ast.IsExported(name) { -+ if name != "" && !token.IsExported(name) { - p.pkg(f.Pkg(), false) - } - } -diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/bimport.go b/vendor/golang.org/x/tools/internal/gcimporter/bimport.go -similarity index 100% -rename from vendor/golang.org/x/tools/go/internal/gcimporter/bimport.go -rename to vendor/golang.org/x/tools/internal/gcimporter/bimport.go -diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/exportdata.go b/vendor/golang.org/x/tools/internal/gcimporter/exportdata.go -similarity index 100% -rename from vendor/golang.org/x/tools/go/internal/gcimporter/exportdata.go -rename to vendor/golang.org/x/tools/internal/gcimporter/exportdata.go -diff --git a/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go b/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go -new file mode 100644 -index 00000000000..0372fb3a646 ---- /dev/null -+++ b/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go -@@ -0,0 +1,265 @@ -+// Copyright 2011 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// This file is a reduced copy of $GOROOT/src/go/internal/gcimporter/gcimporter.go. -+ -+// Package gcimporter provides various functions for reading -+// gc-generated object files that can be used to implement the -+// Importer interface defined by the Go 1.5 standard library package. -+package gcimporter // import "golang.org/x/tools/internal/gcimporter" -+ -+import ( -+ "bufio" -+ "bytes" -+ "fmt" -+ "go/build" -+ "go/token" -+ "go/types" -+ "io" -+ "io/ioutil" -+ "os" -+ "os/exec" -+ "path/filepath" -+ "strings" -+ "sync" -+) -+ -+const ( -+ // Enable debug during development: it adds some additional checks, and -+ // prevents errors from being recovered. -+ debug = false -+ -+ // If trace is set, debugging output is printed to std out. -+ trace = false -+) -+ -+var exportMap sync.Map // package dir → func() (string, bool) -+ -+// lookupGorootExport returns the location of the export data -+// (normally found in the build cache, but located in GOROOT/pkg -+// in prior Go releases) for the package located in pkgDir. -+// -+// (We use the package's directory instead of its import path -+// mainly to simplify handling of the packages in src/vendor -+// and cmd/vendor.) -+func lookupGorootExport(pkgDir string) (string, bool) { -+ f, ok := exportMap.Load(pkgDir) -+ if !ok { -+ var ( -+ listOnce sync.Once -+ exportPath string -+ ) -+ f, _ = exportMap.LoadOrStore(pkgDir, func() (string, bool) { -+ listOnce.Do(func() { -+ cmd := exec.Command("go", "list", "-export", "-f", "{{.Export}}", pkgDir) -+ cmd.Dir = build.Default.GOROOT -+ var output []byte -+ output, err := cmd.Output() -+ if err != nil { -+ return -+ } -+ -+ exports := strings.Split(string(bytes.TrimSpace(output)), "\n") -+ if len(exports) != 1 { -+ return -+ } -+ -+ exportPath = exports[0] -+ }) -+ -+ return exportPath, exportPath != "" -+ }) -+ } -+ -+ return f.(func() (string, bool))() -+} -+ -+var pkgExts = [...]string{".a", ".o"} -+ -+// FindPkg returns the filename and unique package id for an import -+// path based on package information provided by build.Import (using -+// the build.Default build.Context). A relative srcDir is interpreted -+// relative to the current working directory. -+// If no file was found, an empty filename is returned. -+func FindPkg(path, srcDir string) (filename, id string) { -+ if path == "" { -+ return -+ } -+ -+ var noext string -+ switch { -+ default: -+ // "x" -> "$GOPATH/pkg/$GOOS_$GOARCH/x.ext", "x" -+ // Don't require the source files to be present. -+ if abs, err := filepath.Abs(srcDir); err == nil { // see issue 14282 -+ srcDir = abs -+ } -+ bp, _ := build.Import(path, srcDir, build.FindOnly|build.AllowBinary) -+ if bp.PkgObj == "" { -+ var ok bool -+ if bp.Goroot && bp.Dir != "" { -+ filename, ok = lookupGorootExport(bp.Dir) -+ } -+ if !ok { -+ id = path // make sure we have an id to print in error message -+ return -+ } -+ } else { -+ noext = strings.TrimSuffix(bp.PkgObj, ".a") -+ id = bp.ImportPath -+ } -+ -+ case build.IsLocalImport(path): -+ // "./x" -> "/this/directory/x.ext", "/this/directory/x" -+ noext = filepath.Join(srcDir, path) -+ id = noext -+ -+ case filepath.IsAbs(path): -+ // for completeness only - go/build.Import -+ // does not support absolute imports -+ // "/x" -> "/x.ext", "/x" -+ noext = path -+ id = path -+ } -+ -+ if false { // for debugging -+ if path != id { -+ fmt.Printf("%s -> %s\n", path, id) -+ } -+ } -+ -+ if filename != "" { -+ if f, err := os.Stat(filename); err == nil && !f.IsDir() { -+ return -+ } -+ } -+ -+ // try extensions -+ for _, ext := range pkgExts { -+ filename = noext + ext -+ if f, err := os.Stat(filename); err == nil && !f.IsDir() { -+ return -+ } -+ } -+ -+ filename = "" // not found -+ return -+} -+ -+// Import imports a gc-generated package given its import path and srcDir, adds -+// the corresponding package object to the packages map, and returns the object. -+// The packages map must contain all packages already imported. -+func Import(packages map[string]*types.Package, path, srcDir string, lookup func(path string) (io.ReadCloser, error)) (pkg *types.Package, err error) { -+ var rc io.ReadCloser -+ var filename, id string -+ if lookup != nil { -+ // With custom lookup specified, assume that caller has -+ // converted path to a canonical import path for use in the map. -+ if path == "unsafe" { -+ return types.Unsafe, nil -+ } -+ id = path -+ -+ // No need to re-import if the package was imported completely before. -+ if pkg = packages[id]; pkg != nil && pkg.Complete() { -+ return -+ } -+ f, err := lookup(path) -+ if err != nil { -+ return nil, err -+ } -+ rc = f -+ } else { -+ filename, id = FindPkg(path, srcDir) -+ if filename == "" { -+ if path == "unsafe" { -+ return types.Unsafe, nil -+ } -+ return nil, fmt.Errorf("can't find import: %q", id) -+ } -+ -+ // no need to re-import if the package was imported completely before -+ if pkg = packages[id]; pkg != nil && pkg.Complete() { -+ return -+ } -+ -+ // open file -+ f, err := os.Open(filename) -+ if err != nil { -+ return nil, err -+ } -+ defer func() { -+ if err != nil { -+ // add file name to error -+ err = fmt.Errorf("%s: %v", filename, err) -+ } -+ }() -+ rc = f -+ } -+ defer rc.Close() -+ -+ var hdr string -+ var size int64 -+ buf := bufio.NewReader(rc) -+ if hdr, size, err = FindExportData(buf); err != nil { -+ return -+ } -+ -+ switch hdr { -+ case "$$B\n": -+ var data []byte -+ data, err = ioutil.ReadAll(buf) -+ if err != nil { -+ break -+ } -+ -+ // TODO(gri): allow clients of go/importer to provide a FileSet. -+ // Or, define a new standard go/types/gcexportdata package. -+ fset := token.NewFileSet() -+ -+ // The indexed export format starts with an 'i'; the older -+ // binary export format starts with a 'c', 'd', or 'v' -+ // (from "version"). Select appropriate importer. -+ if len(data) > 0 { -+ switch data[0] { -+ case 'i': -+ _, pkg, err := IImportData(fset, packages, data[1:], id) -+ return pkg, err -+ -+ case 'v', 'c', 'd': -+ _, pkg, err := BImportData(fset, packages, data, id) -+ return pkg, err -+ -+ case 'u': -+ _, pkg, err := UImportData(fset, packages, data[1:size], id) -+ return pkg, err -+ -+ default: -+ l := len(data) -+ if l > 10 { -+ l = 10 -+ } -+ return nil, fmt.Errorf("unexpected export data with prefix %q for path %s", string(data[:l]), id) -+ } -+ } -+ -+ default: -+ err = fmt.Errorf("unknown export data header: %q", hdr) -+ } -+ -+ return -+} -+ -+func deref(typ types.Type) types.Type { -+ if p, _ := typ.(*types.Pointer); p != nil { -+ return p.Elem() -+ } -+ return typ -+} -+ -+type byPath []*types.Package -+ -+func (a byPath) Len() int { return len(a) } -+func (a byPath) Swap(i, j int) { a[i], a[j] = a[j], a[i] } -+func (a byPath) Less(i, j int) bool { return a[i].Path() < a[j].Path() } -diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/iexport.go b/vendor/golang.org/x/tools/internal/gcimporter/iexport.go -similarity index 78% -rename from vendor/golang.org/x/tools/go/internal/gcimporter/iexport.go -rename to vendor/golang.org/x/tools/internal/gcimporter/iexport.go -index 9a4ff329e12..6e642c80daa 100644 ---- a/vendor/golang.org/x/tools/go/internal/gcimporter/iexport.go -+++ b/vendor/golang.org/x/tools/internal/gcimporter/iexport.go -@@ -12,7 +12,6 @@ import ( - "bytes" - "encoding/binary" - "fmt" -- "go/ast" - "go/constant" - "go/token" - "go/types" -@@ -23,9 +22,45 @@ import ( - "strconv" - "strings" - -+ "golang.org/x/tools/internal/tokeninternal" - "golang.org/x/tools/internal/typeparams" - ) - -+// IExportShallow encodes "shallow" export data for the specified package. -+// -+// No promises are made about the encoding other than that it can be -+// decoded by the same version of IIExportShallow. If you plan to save -+// export data in the file system, be sure to include a cryptographic -+// digest of the executable in the key to avoid version skew. -+func IExportShallow(fset *token.FileSet, pkg *types.Package) ([]byte, error) { -+ // In principle this operation can only fail if out.Write fails, -+ // but that's impossible for bytes.Buffer---and as a matter of -+ // fact iexportCommon doesn't even check for I/O errors. -+ // TODO(adonovan): handle I/O errors properly. -+ // TODO(adonovan): use byte slices throughout, avoiding copying. -+ const bundle, shallow = false, true -+ var out bytes.Buffer -+ err := iexportCommon(&out, fset, bundle, shallow, iexportVersion, []*types.Package{pkg}) -+ return out.Bytes(), err -+} -+ -+// IImportShallow decodes "shallow" types.Package data encoded by IExportShallow -+// in the same executable. This function cannot import data from -+// cmd/compile or gcexportdata.Write. -+func IImportShallow(fset *token.FileSet, imports map[string]*types.Package, data []byte, path string, insert InsertType) (*types.Package, error) { -+ const bundle = false -+ pkgs, err := iimportCommon(fset, imports, data, bundle, path, insert) -+ if err != nil { -+ return nil, err -+ } -+ return pkgs[0], nil -+} -+ -+// InsertType is the type of a function that creates a types.TypeName -+// object for a named type and inserts it into the scope of the -+// specified Package. -+type InsertType = func(pkg *types.Package, name string) -+ - // Current bundled export format version. Increase with each format change. - // 0: initial implementation - const bundleVersion = 0 -@@ -36,15 +71,17 @@ const bundleVersion = 0 - // The package path of the top-level package will not be recorded, - // so that calls to IImportData can override with a provided package path. - func IExportData(out io.Writer, fset *token.FileSet, pkg *types.Package) error { -- return iexportCommon(out, fset, false, iexportVersion, []*types.Package{pkg}) -+ const bundle, shallow = false, false -+ return iexportCommon(out, fset, bundle, shallow, iexportVersion, []*types.Package{pkg}) - } - - // IExportBundle writes an indexed export bundle for pkgs to out. - func IExportBundle(out io.Writer, fset *token.FileSet, pkgs []*types.Package) error { -- return iexportCommon(out, fset, true, iexportVersion, pkgs) -+ const bundle, shallow = true, false -+ return iexportCommon(out, fset, bundle, shallow, iexportVersion, pkgs) - } - --func iexportCommon(out io.Writer, fset *token.FileSet, bundle bool, version int, pkgs []*types.Package) (err error) { -+func iexportCommon(out io.Writer, fset *token.FileSet, bundle, shallow bool, version int, pkgs []*types.Package) (err error) { - if !debug { - defer func() { - if e := recover(); e != nil { -@@ -61,6 +98,7 @@ func iexportCommon(out io.Writer, fset *token.FileSet, bundle bool, version int, - p := iexporter{ - fset: fset, - version: version, -+ shallow: shallow, - allPkgs: map[*types.Package]bool{}, - stringIndex: map[string]uint64{}, - declIndex: map[types.Object]uint64{}, -@@ -82,7 +120,7 @@ func iexportCommon(out io.Writer, fset *token.FileSet, bundle bool, version int, - for _, pkg := range pkgs { - scope := pkg.Scope() - for _, name := range scope.Names() { -- if ast.IsExported(name) { -+ if token.IsExported(name) { - p.pushDecl(scope.Lookup(name)) - } - } -@@ -101,6 +139,17 @@ func iexportCommon(out io.Writer, fset *token.FileSet, bundle bool, version int, - p.doDecl(p.declTodo.popHead()) - } - -+ // Produce index of offset of each file record in files. -+ var files intWriter -+ var fileOffset []uint64 // fileOffset[i] is offset in files of file encoded as i -+ if p.shallow { -+ fileOffset = make([]uint64, len(p.fileInfos)) -+ for i, info := range p.fileInfos { -+ fileOffset[i] = uint64(files.Len()) -+ p.encodeFile(&files, info.file, info.needed) -+ } -+ } -+ - // Append indices to data0 section. - dataLen := uint64(p.data0.Len()) - w := p.newWriter() -@@ -126,16 +175,75 @@ func iexportCommon(out io.Writer, fset *token.FileSet, bundle bool, version int, - } - hdr.uint64(uint64(p.version)) - hdr.uint64(uint64(p.strings.Len())) -+ if p.shallow { -+ hdr.uint64(uint64(files.Len())) -+ hdr.uint64(uint64(len(fileOffset))) -+ for _, offset := range fileOffset { -+ hdr.uint64(offset) -+ } -+ } - hdr.uint64(dataLen) - - // Flush output. - io.Copy(out, &hdr) - io.Copy(out, &p.strings) -+ if p.shallow { -+ io.Copy(out, &files) -+ } - io.Copy(out, &p.data0) - - return nil - } - -+// encodeFile writes to w a representation of the file sufficient to -+// faithfully restore position information about all needed offsets. -+// Mutates the needed array. -+func (p *iexporter) encodeFile(w *intWriter, file *token.File, needed []uint64) { -+ _ = needed[0] // precondition: needed is non-empty -+ -+ w.uint64(p.stringOff(file.Name())) -+ -+ size := uint64(file.Size()) -+ w.uint64(size) -+ -+ // Sort the set of needed offsets. Duplicates are harmless. -+ sort.Slice(needed, func(i, j int) bool { return needed[i] < needed[j] }) -+ -+ lines := tokeninternal.GetLines(file) // byte offset of each line start -+ w.uint64(uint64(len(lines))) -+ -+ // Rather than record the entire array of line start offsets, -+ // we save only a sparse list of (index, offset) pairs for -+ // the start of each line that contains a needed position. -+ var sparse [][2]int // (index, offset) pairs -+outer: -+ for i, lineStart := range lines { -+ lineEnd := size -+ if i < len(lines)-1 { -+ lineEnd = uint64(lines[i+1]) -+ } -+ // Does this line contains a needed offset? -+ if needed[0] < lineEnd { -+ sparse = append(sparse, [2]int{i, lineStart}) -+ for needed[0] < lineEnd { -+ needed = needed[1:] -+ if len(needed) == 0 { -+ break outer -+ } -+ } -+ } -+ } -+ -+ // Delta-encode the columns. -+ w.uint64(uint64(len(sparse))) -+ var prev [2]int -+ for _, pair := range sparse { -+ w.uint64(uint64(pair[0] - prev[0])) -+ w.uint64(uint64(pair[1] - prev[1])) -+ prev = pair -+ } -+} -+ - // writeIndex writes out an object index. mainIndex indicates whether - // we're writing out the main index, which is also read by - // non-compiler tools and includes a complete package description -@@ -205,7 +313,8 @@ type iexporter struct { - out *bytes.Buffer - version int - -- localpkg *types.Package -+ shallow bool // don't put types from other packages in the index -+ localpkg *types.Package // (nil in bundle mode) - - // allPkgs tracks all packages that have been referenced by - // the export data, so we can ensure to include them in the -@@ -217,6 +326,12 @@ type iexporter struct { - strings intWriter - stringIndex map[string]uint64 - -+ // In shallow mode, object positions are encoded as (file, offset). -+ // Each file is recorded as a line-number table. -+ // Only the lines of needed positions are saved faithfully. -+ fileInfo map[*token.File]uint64 // value is index in fileInfos -+ fileInfos []*filePositions -+ - data0 intWriter - declIndex map[types.Object]uint64 - tparamNames map[types.Object]string // typeparam->exported name -@@ -225,6 +340,11 @@ type iexporter struct { - indent int // for tracing support - } - -+type filePositions struct { -+ file *token.File -+ needed []uint64 // unordered list of needed file offsets -+} -+ - func (p *iexporter) trace(format string, args ...interface{}) { - if !trace { - // Call sites should also be guarded, but having this check here allows -@@ -248,6 +368,25 @@ func (p *iexporter) stringOff(s string) uint64 { - return off - } - -+// fileIndexAndOffset returns the index of the token.File and the byte offset of pos within it. -+func (p *iexporter) fileIndexAndOffset(file *token.File, pos token.Pos) (uint64, uint64) { -+ index, ok := p.fileInfo[file] -+ if !ok { -+ index = uint64(len(p.fileInfo)) -+ p.fileInfos = append(p.fileInfos, &filePositions{file: file}) -+ if p.fileInfo == nil { -+ p.fileInfo = make(map[*token.File]uint64) -+ } -+ p.fileInfo[file] = index -+ } -+ // Record each needed offset. -+ info := p.fileInfos[index] -+ offset := uint64(file.Offset(pos)) -+ info.needed = append(info.needed, offset) -+ -+ return index, offset -+} -+ - // pushDecl adds n to the declaration work queue, if not already present. - func (p *iexporter) pushDecl(obj types.Object) { - // Package unsafe is known to the compiler and predeclared. -@@ -256,6 +395,11 @@ func (p *iexporter) pushDecl(obj types.Object) { - panic("cannot export package unsafe") - } - -+ // Shallow export data: don't index decls from other packages. -+ if p.shallow && obj.Pkg() != p.localpkg { -+ return -+ } -+ - if _, ok := p.declIndex[obj]; ok { - return - } -@@ -303,7 +447,13 @@ func (p *iexporter) doDecl(obj types.Object) { - case *types.Func: - sig, _ := obj.Type().(*types.Signature) - if sig.Recv() != nil { -- panic(internalErrorf("unexpected method: %v", sig)) -+ // We shouldn't see methods in the package scope, -+ // but the type checker may repair "func () F() {}" -+ // to "func (Invalid) F()" and then treat it like "func F()", -+ // so allow that. See golang/go#57729. -+ if sig.Recv().Type() != types.Typ[types.Invalid] { -+ panic(internalErrorf("unexpected method: %v", sig)) -+ } - } - - // Function. -@@ -415,13 +565,30 @@ func (w *exportWriter) tag(tag byte) { - } - - func (w *exportWriter) pos(pos token.Pos) { -- if w.p.version >= iexportVersionPosCol { -+ if w.p.shallow { -+ w.posV2(pos) -+ } else if w.p.version >= iexportVersionPosCol { - w.posV1(pos) - } else { - w.posV0(pos) - } - } - -+// posV2 encoding (used only in shallow mode) records positions as -+// (file, offset), where file is the index in the token.File table -+// (which records the file name and newline offsets) and offset is a -+// byte offset. It effectively ignores //line directives. -+func (w *exportWriter) posV2(pos token.Pos) { -+ if pos == token.NoPos { -+ w.uint64(0) -+ return -+ } -+ file := w.p.fset.File(pos) // fset must be non-nil -+ index, offset := w.p.fileIndexAndOffset(file, pos) -+ w.uint64(1 + index) -+ w.uint64(offset) -+} -+ - func (w *exportWriter) posV1(pos token.Pos) { - if w.p.fset == nil { - w.int64(0) -@@ -497,7 +664,7 @@ func (w *exportWriter) pkg(pkg *types.Package) { - w.string(w.exportPath(pkg)) - } - --func (w *exportWriter) qualifiedIdent(obj types.Object) { -+func (w *exportWriter) qualifiedType(obj *types.TypeName) { - name := w.p.exportName(obj) - - // Ensure any referenced declarations are written out too. -@@ -556,11 +723,11 @@ func (w *exportWriter) doTyp(t types.Type, pkg *types.Package) { - return - } - w.startType(definedType) -- w.qualifiedIdent(t.Obj()) -+ w.qualifiedType(t.Obj()) - - case *typeparams.TypeParam: - w.startType(typeParamType) -- w.qualifiedIdent(t.Obj()) -+ w.qualifiedType(t.Obj()) - - case *types.Pointer: - w.startType(pointerType) -@@ -602,14 +769,18 @@ func (w *exportWriter) doTyp(t types.Type, pkg *types.Package) { - - case *types.Struct: - w.startType(structType) -- w.setPkg(pkg, true) - - n := t.NumFields() -+ if n > 0 { -+ w.setPkg(t.Field(0).Pkg(), true) // qualifying package for field objects -+ } else { -+ w.setPkg(pkg, true) -+ } - w.uint64(uint64(n)) - for i := 0; i < n; i++ { - f := t.Field(i) - w.pos(f.Pos()) -- w.string(f.Name()) -+ w.string(f.Name()) // unexported fields implicitly qualified by prior setPkg - w.typ(f.Type(), pkg) - w.bool(f.Anonymous()) - w.string(t.Tag(i)) // note (or tag) -diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/iimport.go b/vendor/golang.org/x/tools/internal/gcimporter/iimport.go -similarity index 86% -rename from vendor/golang.org/x/tools/go/internal/gcimporter/iimport.go -rename to vendor/golang.org/x/tools/internal/gcimporter/iimport.go -index 4caa0f55d9d..448f903e86a 100644 ---- a/vendor/golang.org/x/tools/go/internal/gcimporter/iimport.go -+++ b/vendor/golang.org/x/tools/internal/gcimporter/iimport.go -@@ -51,6 +51,8 @@ const ( - iexportVersionPosCol = 1 - iexportVersionGo1_18 = 2 - iexportVersionGenerics = 2 -+ -+ iexportVersionCurrent = 2 - ) - - type ident struct { -@@ -83,7 +85,7 @@ const ( - // If the export data version is not recognized or the format is otherwise - // compromised, an error is returned. - func IImportData(fset *token.FileSet, imports map[string]*types.Package, data []byte, path string) (int, *types.Package, error) { -- pkgs, err := iimportCommon(fset, imports, data, false, path) -+ pkgs, err := iimportCommon(fset, imports, data, false, path, nil) - if err != nil { - return 0, nil, err - } -@@ -92,11 +94,11 @@ func IImportData(fset *token.FileSet, imports map[string]*types.Package, data [] - - // IImportBundle imports a set of packages from the serialized package bundle. - func IImportBundle(fset *token.FileSet, imports map[string]*types.Package, data []byte) ([]*types.Package, error) { -- return iimportCommon(fset, imports, data, true, "") -+ return iimportCommon(fset, imports, data, true, "", nil) - } - --func iimportCommon(fset *token.FileSet, imports map[string]*types.Package, data []byte, bundle bool, path string) (pkgs []*types.Package, err error) { -- const currentVersion = 1 -+func iimportCommon(fset *token.FileSet, imports map[string]*types.Package, data []byte, bundle bool, path string, insert InsertType) (pkgs []*types.Package, err error) { -+ const currentVersion = iexportVersionCurrent - version := int64(-1) - if !debug { - defer func() { -@@ -135,19 +137,34 @@ func iimportCommon(fset *token.FileSet, imports map[string]*types.Package, data - } - - sLen := int64(r.uint64()) -+ var fLen int64 -+ var fileOffset []uint64 -+ if insert != nil { -+ // Shallow mode uses a different position encoding. -+ fLen = int64(r.uint64()) -+ fileOffset = make([]uint64, r.uint64()) -+ for i := range fileOffset { -+ fileOffset[i] = r.uint64() -+ } -+ } - dLen := int64(r.uint64()) - - whence, _ := r.Seek(0, io.SeekCurrent) - stringData := data[whence : whence+sLen] -- declData := data[whence+sLen : whence+sLen+dLen] -- r.Seek(sLen+dLen, io.SeekCurrent) -+ fileData := data[whence+sLen : whence+sLen+fLen] -+ declData := data[whence+sLen+fLen : whence+sLen+fLen+dLen] -+ r.Seek(sLen+fLen+dLen, io.SeekCurrent) - - p := iimporter{ - version: int(version), - ipath: path, -+ insert: insert, - - stringData: stringData, - stringCache: make(map[uint64]string), -+ fileOffset: fileOffset, -+ fileData: fileData, -+ fileCache: make([]*token.File, len(fileOffset)), - pkgCache: make(map[uint64]*types.Package), - - declData: declData, -@@ -185,11 +202,18 @@ func iimportCommon(fset *token.FileSet, imports map[string]*types.Package, data - } else if pkg.Name() != pkgName { - errorf("conflicting names %s and %s for package %q", pkg.Name(), pkgName, path) - } -+ if i == 0 && !bundle { -+ p.localpkg = pkg -+ } - - p.pkgCache[pkgPathOff] = pkg - -+ // Read index for package. - nameIndex := make(map[string]uint64) -- for nSyms := r.uint64(); nSyms > 0; nSyms-- { -+ nSyms := r.uint64() -+ // In shallow mode we don't expect an index for other packages. -+ assert(nSyms == 0 || p.localpkg == pkg || p.insert == nil) -+ for ; nSyms > 0; nSyms-- { - name := p.stringAt(r.uint64()) - nameIndex[name] = r.uint64() - } -@@ -265,8 +289,14 @@ type iimporter struct { - version int - ipath string - -+ localpkg *types.Package -+ insert func(pkg *types.Package, name string) // "shallow" mode only -+ - stringData []byte - stringCache map[uint64]string -+ fileOffset []uint64 // fileOffset[i] is offset in fileData for info about file encoded as i -+ fileData []byte -+ fileCache []*token.File // memoized decoding of file encoded as i - pkgCache map[uint64]*types.Package - - declData []byte -@@ -308,6 +338,13 @@ func (p *iimporter) doDecl(pkg *types.Package, name string) { - - off, ok := p.pkgIndex[pkg][name] - if !ok { -+ // In "shallow" mode, call back to the application to -+ // find the object and insert it into the package scope. -+ if p.insert != nil { -+ assert(pkg != p.localpkg) -+ p.insert(pkg, name) // "can't fail" -+ return -+ } - errorf("%v.%v not in index", pkg, name) - } - -@@ -332,6 +369,55 @@ func (p *iimporter) stringAt(off uint64) string { - return s - } - -+func (p *iimporter) fileAt(index uint64) *token.File { -+ file := p.fileCache[index] -+ if file == nil { -+ off := p.fileOffset[index] -+ file = p.decodeFile(intReader{bytes.NewReader(p.fileData[off:]), p.ipath}) -+ p.fileCache[index] = file -+ } -+ return file -+} -+ -+func (p *iimporter) decodeFile(rd intReader) *token.File { -+ filename := p.stringAt(rd.uint64()) -+ size := int(rd.uint64()) -+ file := p.fake.fset.AddFile(filename, -1, size) -+ -+ // SetLines requires a nondecreasing sequence. -+ // Because it is common for clients to derive the interval -+ // [start, start+len(name)] from a start position, and we -+ // want to ensure that the end offset is on the same line, -+ // we fill in the gaps of the sparse encoding with values -+ // that strictly increase by the largest possible amount. -+ // This allows us to avoid having to record the actual end -+ // offset of each needed line. -+ -+ lines := make([]int, int(rd.uint64())) -+ var index, offset int -+ for i, n := 0, int(rd.uint64()); i < n; i++ { -+ index += int(rd.uint64()) -+ offset += int(rd.uint64()) -+ lines[index] = offset -+ -+ // Ensure monotonicity between points. -+ for j := index - 1; j > 0 && lines[j] == 0; j-- { -+ lines[j] = lines[j+1] - 1 -+ } -+ } -+ -+ // Ensure monotonicity after last point. -+ for j := len(lines) - 1; j > 0 && lines[j] == 0; j-- { -+ size-- -+ lines[j] = size -+ } -+ -+ if !file.SetLines(lines) { -+ errorf("SetLines failed: %d", lines) // can't happen -+ } -+ return file -+} -+ - func (p *iimporter) pkgAt(off uint64) *types.Package { - if pkg, ok := p.pkgCache[off]; ok { - return pkg -@@ -625,6 +711,9 @@ func (r *importReader) qualifiedIdent() (*types.Package, string) { - } - - func (r *importReader) pos() token.Pos { -+ if r.p.insert != nil { // shallow mode -+ return r.posv2() -+ } - if r.p.version >= iexportVersionPosCol { - r.posv1() - } else { -@@ -661,6 +750,15 @@ func (r *importReader) posv1() { - } - } - -+func (r *importReader) posv2() token.Pos { -+ file := r.uint64() -+ if file == 0 { -+ return token.NoPos -+ } -+ tf := r.p.fileAt(file - 1) -+ return tf.Pos(int(r.uint64())) -+} -+ - func (r *importReader) typ() types.Type { - return r.p.typAt(r.uint64(), nil) - } -diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/newInterface10.go b/vendor/golang.org/x/tools/internal/gcimporter/newInterface10.go -similarity index 100% -rename from vendor/golang.org/x/tools/go/internal/gcimporter/newInterface10.go -rename to vendor/golang.org/x/tools/internal/gcimporter/newInterface10.go -diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/newInterface11.go b/vendor/golang.org/x/tools/internal/gcimporter/newInterface11.go -similarity index 100% -rename from vendor/golang.org/x/tools/go/internal/gcimporter/newInterface11.go -rename to vendor/golang.org/x/tools/internal/gcimporter/newInterface11.go -diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/support_go117.go b/vendor/golang.org/x/tools/internal/gcimporter/support_go117.go -similarity index 100% -rename from vendor/golang.org/x/tools/go/internal/gcimporter/support_go117.go -rename to vendor/golang.org/x/tools/internal/gcimporter/support_go117.go -diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/support_go118.go b/vendor/golang.org/x/tools/internal/gcimporter/support_go118.go -similarity index 62% -rename from vendor/golang.org/x/tools/go/internal/gcimporter/support_go118.go -rename to vendor/golang.org/x/tools/internal/gcimporter/support_go118.go -index a993843230c..edbe6ea7041 100644 ---- a/vendor/golang.org/x/tools/go/internal/gcimporter/support_go118.go -+++ b/vendor/golang.org/x/tools/internal/gcimporter/support_go118.go -@@ -21,3 +21,17 @@ func additionalPredeclared() []types.Type { - types.Universe.Lookup("any").Type(), - } - } -+ -+// See cmd/compile/internal/types.SplitVargenSuffix. -+func splitVargenSuffix(name string) (base, suffix string) { -+ i := len(name) -+ for i > 0 && name[i-1] >= '0' && name[i-1] <= '9' { -+ i-- -+ } -+ const dot = "·" -+ if i >= len(dot) && name[i-len(dot):i] == dot { -+ i -= len(dot) -+ return name[:i], name[i:] -+ } -+ return name, "" -+} -diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/unified_no.go b/vendor/golang.org/x/tools/internal/gcimporter/unified_no.go -similarity index 100% -rename from vendor/golang.org/x/tools/go/internal/gcimporter/unified_no.go -rename to vendor/golang.org/x/tools/internal/gcimporter/unified_no.go -diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/unified_yes.go b/vendor/golang.org/x/tools/internal/gcimporter/unified_yes.go -similarity index 100% -rename from vendor/golang.org/x/tools/go/internal/gcimporter/unified_yes.go -rename to vendor/golang.org/x/tools/internal/gcimporter/unified_yes.go -diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/ureader_no.go b/vendor/golang.org/x/tools/internal/gcimporter/ureader_no.go -similarity index 100% -rename from vendor/golang.org/x/tools/go/internal/gcimporter/ureader_no.go -rename to vendor/golang.org/x/tools/internal/gcimporter/ureader_no.go -diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/ureader_yes.go b/vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go -similarity index 70% -rename from vendor/golang.org/x/tools/go/internal/gcimporter/ureader_yes.go -rename to vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go -index 3c1a4375435..20bd58832d1 100644 ---- a/vendor/golang.org/x/tools/go/internal/gcimporter/ureader_yes.go -+++ b/vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go -@@ -14,7 +14,7 @@ import ( - "go/types" - "strings" - -- "golang.org/x/tools/go/internal/pkgbits" -+ "golang.org/x/tools/internal/pkgbits" - ) - - // A pkgReader holds the shared state for reading a unified IR package -@@ -36,6 +36,12 @@ type pkgReader struct { - // laterFns holds functions that need to be invoked at the end of - // import reading. - laterFns []func() -+ // laterFors is used in case of 'type A B' to ensure that B is processed before A. -+ laterFors map[types.Type]int -+ -+ // ifaces holds a list of constructed Interfaces, which need to have -+ // Complete called after importing is done. -+ ifaces []*types.Interface - } - - // later adds a function to be invoked at the end of import reading. -@@ -63,6 +69,15 @@ func UImportData(fset *token.FileSet, imports map[string]*types.Package, data [] - return - } - -+// laterFor adds a function to be invoked at the end of import reading, and records the type that function is finishing. -+func (pr *pkgReader) laterFor(t types.Type, fn func()) { -+ if pr.laterFors == nil { -+ pr.laterFors = make(map[types.Type]int) -+ } -+ pr.laterFors[t] = len(pr.laterFns) -+ pr.laterFns = append(pr.laterFns, fn) -+} -+ - // readUnifiedPackage reads a package description from the given - // unified IR export data decoder. - func readUnifiedPackage(fset *token.FileSet, ctxt *types.Context, imports map[string]*types.Package, input pkgbits.PkgDecoder) *types.Package { -@@ -102,6 +117,10 @@ func readUnifiedPackage(fset *token.FileSet, ctxt *types.Context, imports map[st - fn() - } - -+ for _, iface := range pr.ifaces { -+ iface.Complete() -+ } -+ - pkg.MarkComplete() - return pkg - } -@@ -139,6 +158,17 @@ func (pr *pkgReader) newReader(k pkgbits.RelocKind, idx pkgbits.Index, marker pk - } - } - -+func (pr *pkgReader) tempReader(k pkgbits.RelocKind, idx pkgbits.Index, marker pkgbits.SyncMarker) *reader { -+ return &reader{ -+ Decoder: pr.TempDecoder(k, idx, marker), -+ p: pr, -+ } -+} -+ -+func (pr *pkgReader) retireReader(r *reader) { -+ pr.RetireDecoder(&r.Decoder) -+} -+ - // @@@ Positions - - func (r *reader) pos() token.Pos { -@@ -163,26 +193,29 @@ func (pr *pkgReader) posBaseIdx(idx pkgbits.Index) string { - return b - } - -- r := pr.newReader(pkgbits.RelocPosBase, idx, pkgbits.SyncPosBase) -+ var filename string -+ { -+ r := pr.tempReader(pkgbits.RelocPosBase, idx, pkgbits.SyncPosBase) - -- // Within types2, position bases have a lot more details (e.g., -- // keeping track of where //line directives appeared exactly). -- // -- // For go/types, we just track the file name. -+ // Within types2, position bases have a lot more details (e.g., -+ // keeping track of where //line directives appeared exactly). -+ // -+ // For go/types, we just track the file name. - -- filename := r.String() -+ filename = r.String() - -- if r.Bool() { // file base -- // Was: "b = token.NewTrimmedFileBase(filename, true)" -- } else { // line base -- pos := r.pos() -- line := r.Uint() -- col := r.Uint() -+ if r.Bool() { // file base -+ // Was: "b = token.NewTrimmedFileBase(filename, true)" -+ } else { // line base -+ pos := r.pos() -+ line := r.Uint() -+ col := r.Uint() - -- // Was: "b = token.NewLineBase(pos, filename, true, line, col)" -- _, _, _ = pos, line, col -+ // Was: "b = token.NewLineBase(pos, filename, true, line, col)" -+ _, _, _ = pos, line, col -+ } -+ pr.retireReader(r) - } -- - b := filename - pr.posBases[idx] = b - return b -@@ -231,11 +264,35 @@ func (r *reader) doPkg() *types.Package { - for i := range imports { - imports[i] = r.pkg() - } -- pkg.SetImports(imports) -+ pkg.SetImports(flattenImports(imports)) - - return pkg - } - -+// flattenImports returns the transitive closure of all imported -+// packages rooted from pkgs. -+func flattenImports(pkgs []*types.Package) []*types.Package { -+ var res []*types.Package -+ seen := make(map[*types.Package]struct{}) -+ for _, pkg := range pkgs { -+ if _, ok := seen[pkg]; ok { -+ continue -+ } -+ seen[pkg] = struct{}{} -+ res = append(res, pkg) -+ -+ // pkg.Imports() is already flattened. -+ for _, pkg := range pkg.Imports() { -+ if _, ok := seen[pkg]; ok { -+ continue -+ } -+ seen[pkg] = struct{}{} -+ res = append(res, pkg) -+ } -+ } -+ return res -+} -+ - // @@@ Types - - func (r *reader) typ() types.Type { -@@ -264,11 +321,15 @@ func (pr *pkgReader) typIdx(info typeInfo, dict *readerDict) types.Type { - return typ - } - -- r := pr.newReader(pkgbits.RelocType, idx, pkgbits.SyncTypeIdx) -- r.dict = dict -+ var typ types.Type -+ { -+ r := pr.tempReader(pkgbits.RelocType, idx, pkgbits.SyncTypeIdx) -+ r.dict = dict - -- typ := r.doTyp() -- assert(typ != nil) -+ typ = r.doTyp() -+ assert(typ != nil) -+ pr.retireReader(r) -+ } - - // See comment in pkgReader.typIdx explaining how this happens. - if prev := *where; prev != nil { -@@ -372,6 +433,16 @@ func (r *reader) interfaceType() *types.Interface { - if implicit { - iface.MarkImplicit() - } -+ -+ // We need to call iface.Complete(), but if there are any embedded -+ // defined types, then we may not have set their underlying -+ // interface type yet. So we need to defer calling Complete until -+ // after we've called SetUnderlying everywhere. -+ // -+ // TODO(mdempsky): After CL 424876 lands, it should be safe to call -+ // iface.Complete() immediately. -+ r.p.ifaces = append(r.p.ifaces, iface) -+ - return iface - } - -@@ -425,18 +496,28 @@ func (r *reader) obj() (types.Object, []types.Type) { - } - - func (pr *pkgReader) objIdx(idx pkgbits.Index) (*types.Package, string) { -- rname := pr.newReader(pkgbits.RelocName, idx, pkgbits.SyncObject1) -- -- objPkg, objName := rname.qualifiedIdent() -- assert(objName != "") -+ var objPkg *types.Package -+ var objName string -+ var tag pkgbits.CodeObj -+ { -+ rname := pr.tempReader(pkgbits.RelocName, idx, pkgbits.SyncObject1) -+ objPkg, objName = rname.qualifiedIdent() -+ assert(objName != "") - -- tag := pkgbits.CodeObj(rname.Code(pkgbits.SyncCodeObj)) -+ tag = pkgbits.CodeObj(rname.Code(pkgbits.SyncCodeObj)) -+ pr.retireReader(rname) -+ } - - if tag == pkgbits.ObjStub { - assert(objPkg == nil || objPkg == types.Unsafe) - return objPkg, objName - } - -+ // Ignore local types promoted to global scope (#55110). -+ if _, suffix := splitVargenSuffix(objName); suffix != "" { -+ return objPkg, objName -+ } -+ - if objPkg.Scope().Lookup(objName) == nil { - dict := pr.objDictIdx(idx) - -@@ -477,15 +558,56 @@ func (pr *pkgReader) objIdx(idx pkgbits.Index) (*types.Package, string) { - - named.SetTypeParams(r.typeParamNames()) - -- // TODO(mdempsky): Rewrite receiver types to underlying is an -- // Interface? The go/types importer does this (I think because -- // unit tests expected that), but cmd/compile doesn't care -- // about it, so maybe we can avoid worrying about that here. -- rhs := r.typ() -- r.p.later(func() { -- underlying := rhs.Underlying() -+ setUnderlying := func(underlying types.Type) { -+ // If the underlying type is an interface, we need to -+ // duplicate its methods so we can replace the receiver -+ // parameter's type (#49906). -+ if iface, ok := underlying.(*types.Interface); ok && iface.NumExplicitMethods() != 0 { -+ methods := make([]*types.Func, iface.NumExplicitMethods()) -+ for i := range methods { -+ fn := iface.ExplicitMethod(i) -+ sig := fn.Type().(*types.Signature) -+ -+ recv := types.NewVar(fn.Pos(), fn.Pkg(), "", named) -+ methods[i] = types.NewFunc(fn.Pos(), fn.Pkg(), fn.Name(), types.NewSignature(recv, sig.Params(), sig.Results(), sig.Variadic())) -+ } -+ -+ embeds := make([]types.Type, iface.NumEmbeddeds()) -+ for i := range embeds { -+ embeds[i] = iface.EmbeddedType(i) -+ } -+ -+ newIface := types.NewInterfaceType(methods, embeds) -+ r.p.ifaces = append(r.p.ifaces, newIface) -+ underlying = newIface -+ } -+ - named.SetUnderlying(underlying) -- }) -+ } -+ -+ // Since go.dev/cl/455279, we can assume rhs.Underlying() will -+ // always be non-nil. However, to temporarily support users of -+ // older snapshot releases, we continue to fallback to the old -+ // behavior for now. -+ // -+ // TODO(mdempsky): Remove fallback code and simplify after -+ // allowing time for snapshot users to upgrade. -+ rhs := r.typ() -+ if underlying := rhs.Underlying(); underlying != nil { -+ setUnderlying(underlying) -+ } else { -+ pk := r.p -+ pk.laterFor(named, func() { -+ // First be sure that the rhs is initialized, if it needs to be initialized. -+ delete(pk.laterFors, named) // prevent cycles -+ if i, ok := pk.laterFors[rhs]; ok { -+ f := pk.laterFns[i] -+ pk.laterFns[i] = func() {} // function is running now, so replace it with a no-op -+ f() // initialize RHS -+ } -+ setUnderlying(rhs.Underlying()) -+ }) -+ } - - for i, n := 0, r.Len(); i < n; i++ { - named.AddMethod(r.method()) -@@ -502,23 +624,27 @@ func (pr *pkgReader) objIdx(idx pkgbits.Index) (*types.Package, string) { - } - - func (pr *pkgReader) objDictIdx(idx pkgbits.Index) *readerDict { -- r := pr.newReader(pkgbits.RelocObjDict, idx, pkgbits.SyncObject1) - - var dict readerDict - -- if implicits := r.Len(); implicits != 0 { -- errorf("unexpected object with %v implicit type parameter(s)", implicits) -- } -+ { -+ r := pr.tempReader(pkgbits.RelocObjDict, idx, pkgbits.SyncObject1) -+ if implicits := r.Len(); implicits != 0 { -+ errorf("unexpected object with %v implicit type parameter(s)", implicits) -+ } - -- dict.bounds = make([]typeInfo, r.Len()) -- for i := range dict.bounds { -- dict.bounds[i] = r.typInfo() -- } -+ dict.bounds = make([]typeInfo, r.Len()) -+ for i := range dict.bounds { -+ dict.bounds[i] = r.typInfo() -+ } -+ -+ dict.derived = make([]derivedInfo, r.Len()) -+ dict.derivedTypes = make([]types.Type, len(dict.derived)) -+ for i := range dict.derived { -+ dict.derived[i] = derivedInfo{r.Reloc(pkgbits.RelocType), r.Bool()} -+ } - -- dict.derived = make([]derivedInfo, r.Len()) -- dict.derivedTypes = make([]types.Type, len(dict.derived)) -- for i := range dict.derived { -- dict.derived[i] = derivedInfo{r.Reloc(pkgbits.RelocType), r.Bool()} -+ pr.retireReader(r) - } - - // function references follow, but reader doesn't need those -diff --git a/vendor/golang.org/x/tools/internal/gocommand/invoke.go b/vendor/golang.org/x/tools/internal/gocommand/invoke.go -index 67256dc3974..6beb4a3a024 100644 ---- a/vendor/golang.org/x/tools/internal/gocommand/invoke.go -+++ b/vendor/golang.org/x/tools/internal/gocommand/invoke.go -@@ -10,8 +10,10 @@ import ( - "context" - "fmt" - "io" -+ "log" - "os" - "regexp" -+ "runtime" - "strconv" - "strings" - "sync" -@@ -232,6 +234,12 @@ func (i *Invocation) run(ctx context.Context, stdout, stderr io.Writer) error { - return runCmdContext(ctx, cmd) - } - -+// DebugHangingGoCommands may be set by tests to enable additional -+// instrumentation (including panics) for debugging hanging Go commands. -+// -+// See golang/go#54461 for details. -+var DebugHangingGoCommands = false -+ - // runCmdContext is like exec.CommandContext except it sends os.Interrupt - // before os.Kill. - func runCmdContext(ctx context.Context, cmd *exec.Cmd) error { -@@ -243,11 +251,24 @@ func runCmdContext(ctx context.Context, cmd *exec.Cmd) error { - resChan <- cmd.Wait() - }() - -- select { -- case err := <-resChan: -- return err -- case <-ctx.Done(): -+ // If we're interested in debugging hanging Go commands, stop waiting after a -+ // minute and panic with interesting information. -+ if DebugHangingGoCommands { -+ select { -+ case err := <-resChan: -+ return err -+ case <-time.After(1 * time.Minute): -+ HandleHangingGoCommand(cmd.Process) -+ case <-ctx.Done(): -+ } -+ } else { -+ select { -+ case err := <-resChan: -+ return err -+ case <-ctx.Done(): -+ } - } -+ - // Cancelled. Interrupt and see if it ends voluntarily. - cmd.Process.Signal(os.Interrupt) - select { -@@ -255,11 +276,61 @@ func runCmdContext(ctx context.Context, cmd *exec.Cmd) error { - return err - case <-time.After(time.Second): - } -+ - // Didn't shut down in response to interrupt. Kill it hard. -- cmd.Process.Kill() -+ // TODO(rfindley): per advice from bcmills@, it may be better to send SIGQUIT -+ // on certain platforms, such as unix. -+ if err := cmd.Process.Kill(); err != nil && DebugHangingGoCommands { -+ // Don't panic here as this reliably fails on windows with EINVAL. -+ log.Printf("error killing the Go command: %v", err) -+ } -+ -+ // See above: don't wait indefinitely if we're debugging hanging Go commands. -+ if DebugHangingGoCommands { -+ select { -+ case err := <-resChan: -+ return err -+ case <-time.After(10 * time.Second): // a shorter wait as resChan should return quickly following Kill -+ HandleHangingGoCommand(cmd.Process) -+ } -+ } - return <-resChan - } - -+func HandleHangingGoCommand(proc *os.Process) { -+ switch runtime.GOOS { -+ case "linux", "darwin", "freebsd", "netbsd": -+ fmt.Fprintln(os.Stderr, `DETECTED A HANGING GO COMMAND -+The gopls test runner has detected a hanging go command. In order to debug -+this, the output of ps and lsof/fstat is printed below. -+See golang/go#54461 for more details.`) -+ -+ fmt.Fprintln(os.Stderr, "\nps axo ppid,pid,command:") -+ fmt.Fprintln(os.Stderr, "-------------------------") -+ psCmd := exec.Command("ps", "axo", "ppid,pid,command") -+ psCmd.Stdout = os.Stderr -+ psCmd.Stderr = os.Stderr -+ if err := psCmd.Run(); err != nil { -+ panic(fmt.Sprintf("running ps: %v", err)) -+ } -+ -+ listFiles := "lsof" -+ if runtime.GOOS == "freebsd" || runtime.GOOS == "netbsd" { -+ listFiles = "fstat" -+ } -+ -+ fmt.Fprintln(os.Stderr, "\n"+listFiles+":") -+ fmt.Fprintln(os.Stderr, "-----") -+ listFilesCmd := exec.Command(listFiles) -+ listFilesCmd.Stdout = os.Stderr -+ listFilesCmd.Stderr = os.Stderr -+ if err := listFilesCmd.Run(); err != nil { -+ panic(fmt.Sprintf("running %s: %v", listFiles, err)) -+ } -+ } -+ panic(fmt.Sprintf("detected hanging go command (pid %d): see golang/go#54461 for more details", proc.Pid)) -+} -+ - func cmdDebugStr(cmd *exec.Cmd) string { - env := make(map[string]string) - for _, kv := range cmd.Env { -diff --git a/vendor/golang.org/x/tools/internal/gocommand/version.go b/vendor/golang.org/x/tools/internal/gocommand/version.go -index 71304368020..307a76d474a 100644 ---- a/vendor/golang.org/x/tools/internal/gocommand/version.go -+++ b/vendor/golang.org/x/tools/internal/gocommand/version.go -@@ -7,11 +7,19 @@ package gocommand - import ( - "context" - "fmt" -+ "regexp" - "strings" - ) - --// GoVersion checks the go version by running "go list" with modules off. --// It returns the X in Go 1.X. -+// GoVersion reports the minor version number of the highest release -+// tag built into the go command on the PATH. -+// -+// Note that this may be higher than the version of the go tool used -+// to build this application, and thus the versions of the standard -+// go/{scanner,parser,ast,types} packages that are linked into it. -+// In that case, callers should either downgrade to the version of -+// go used to build the application, or report an error that the -+// application is too old to use the go command on the PATH. - func GoVersion(ctx context.Context, inv Invocation, r *Runner) (int, error) { - inv.Verb = "list" - inv.Args = []string{"-e", "-f", `{{context.ReleaseTags}}`, `--`, `unsafe`} -@@ -38,7 +46,7 @@ func GoVersion(ctx context.Context, inv Invocation, r *Runner) (int, error) { - if len(stdout) < 3 { - return 0, fmt.Errorf("bad ReleaseTags output: %q", stdout) - } -- // Split up "[go1.1 go1.15]" -+ // Split up "[go1.1 go1.15]" and return highest go1.X value. - tags := strings.Fields(stdout[1 : len(stdout)-2]) - for i := len(tags) - 1; i >= 0; i-- { - var version int -@@ -49,3 +57,25 @@ func GoVersion(ctx context.Context, inv Invocation, r *Runner) (int, error) { - } - return 0, fmt.Errorf("no parseable ReleaseTags in %v", tags) - } -+ -+// GoVersionOutput returns the complete output of the go version command. -+func GoVersionOutput(ctx context.Context, inv Invocation, r *Runner) (string, error) { -+ inv.Verb = "version" -+ goVersion, err := r.Run(ctx, inv) -+ if err != nil { -+ return "", err -+ } -+ return goVersion.String(), nil -+} -+ -+// ParseGoVersionOutput extracts the Go version string -+// from the output of the "go version" command. -+// Given an unrecognized form, it returns an empty string. -+func ParseGoVersionOutput(data string) string { -+ re := regexp.MustCompile(`^go version (go\S+|devel \S+)`) -+ m := re.FindStringSubmatch(data) -+ if len(m) != 2 { -+ return "" // unrecognized version -+ } -+ return m[1] -+} -diff --git a/vendor/golang.org/x/tools/internal/imports/fix.go b/vendor/golang.org/x/tools/internal/imports/fix.go -index 9e373d64ebc..642a5ac2d75 100644 ---- a/vendor/golang.org/x/tools/internal/imports/fix.go -+++ b/vendor/golang.org/x/tools/internal/imports/fix.go -@@ -697,6 +697,9 @@ func candidateImportName(pkg *pkg) string { - - // GetAllCandidates calls wrapped for each package whose name starts with - // searchPrefix, and can be imported from filename with the package name filePkg. -+// -+// Beware that the wrapped function may be called multiple times concurrently. -+// TODO(adonovan): encapsulate the concurrency. - func GetAllCandidates(ctx context.Context, wrapped func(ImportFix), searchPrefix, filename, filePkg string, env *ProcessEnv) error { - callback := &scanCallback{ - rootFound: func(gopathwalk.Root) bool { -@@ -796,7 +799,7 @@ func GetPackageExports(ctx context.Context, wrapped func(PackageExport), searchP - return getCandidatePkgs(ctx, callback, filename, filePkg, env) - } - --var RequiredGoEnvVars = []string{"GO111MODULE", "GOFLAGS", "GOINSECURE", "GOMOD", "GOMODCACHE", "GONOPROXY", "GONOSUMDB", "GOPATH", "GOPROXY", "GOROOT", "GOSUMDB", "GOWORK"} -+var requiredGoEnvVars = []string{"GO111MODULE", "GOFLAGS", "GOINSECURE", "GOMOD", "GOMODCACHE", "GONOPROXY", "GONOSUMDB", "GOPATH", "GOPROXY", "GOROOT", "GOSUMDB", "GOWORK"} - - // ProcessEnv contains environment variables and settings that affect the use of - // the go command, the go/build package, etc. -@@ -807,6 +810,11 @@ type ProcessEnv struct { - ModFlag string - ModFile string - -+ // SkipPathInScan returns true if the path should be skipped from scans of -+ // the RootCurrentModule root type. The function argument is a clean, -+ // absolute path. -+ SkipPathInScan func(string) bool -+ - // Env overrides the OS environment, and can be used to specify - // GOPROXY, GO111MODULE, etc. PATH cannot be set here, because - // exec.Command will not honor it. -@@ -861,7 +869,7 @@ func (e *ProcessEnv) init() error { - } - - foundAllRequired := true -- for _, k := range RequiredGoEnvVars { -+ for _, k := range requiredGoEnvVars { - if _, ok := e.Env[k]; !ok { - foundAllRequired = false - break -@@ -877,7 +885,7 @@ func (e *ProcessEnv) init() error { - } - - goEnv := map[string]string{} -- stdout, err := e.invokeGo(context.TODO(), "env", append([]string{"-json"}, RequiredGoEnvVars...)...) -+ stdout, err := e.invokeGo(context.TODO(), "env", append([]string{"-json"}, requiredGoEnvVars...)...) - if err != nil { - return err - } -@@ -1367,9 +1375,9 @@ func (r *gopathResolver) scan(ctx context.Context, callback *scanCallback) error - return err - } - var roots []gopathwalk.Root -- roots = append(roots, gopathwalk.Root{filepath.Join(goenv["GOROOT"], "src"), gopathwalk.RootGOROOT}) -+ roots = append(roots, gopathwalk.Root{Path: filepath.Join(goenv["GOROOT"], "src"), Type: gopathwalk.RootGOROOT}) - for _, p := range filepath.SplitList(goenv["GOPATH"]) { -- roots = append(roots, gopathwalk.Root{filepath.Join(p, "src"), gopathwalk.RootGOPATH}) -+ roots = append(roots, gopathwalk.Root{Path: filepath.Join(p, "src"), Type: gopathwalk.RootGOPATH}) - } - // The callback is not necessarily safe to use in the goroutine below. Process roots eagerly. - roots = filterRoots(roots, callback.rootFound) -diff --git a/vendor/golang.org/x/tools/internal/imports/mod.go b/vendor/golang.org/x/tools/internal/imports/mod.go -index 46693f24339..62b1724410e 100644 ---- a/vendor/golang.org/x/tools/internal/imports/mod.go -+++ b/vendor/golang.org/x/tools/internal/imports/mod.go -@@ -129,11 +129,11 @@ func (r *ModuleResolver) init() error { - }) - - r.roots = []gopathwalk.Root{ -- {filepath.Join(goenv["GOROOT"], "/src"), gopathwalk.RootGOROOT}, -+ {Path: filepath.Join(goenv["GOROOT"], "/src"), Type: gopathwalk.RootGOROOT}, - } - r.mainByDir = make(map[string]*gocommand.ModuleJSON) - for _, main := range r.mains { -- r.roots = append(r.roots, gopathwalk.Root{main.Dir, gopathwalk.RootCurrentModule}) -+ r.roots = append(r.roots, gopathwalk.Root{Path: main.Dir, Type: gopathwalk.RootCurrentModule}) - r.mainByDir[main.Dir] = main - } - if vendorEnabled { -@@ -144,7 +144,7 @@ func (r *ModuleResolver) init() error { - // This is redundant with the cache, but we'll skip it cheaply enough. - r.roots = append(r.roots, gopathwalk.Root{mod.Dir, gopathwalk.RootModuleCache}) - } else { -- r.roots = append(r.roots, gopathwalk.Root{mod.Dir, gopathwalk.RootOther}) -+ r.roots = append(r.roots, gopathwalk.Root{Path: mod.Dir, Type: gopathwalk.RootOther}) - } - } - // Walk dependent modules before scanning the full mod cache, direct deps first. -@@ -158,7 +158,7 @@ func (r *ModuleResolver) init() error { - addDep(mod) - } - } -- r.roots = append(r.roots, gopathwalk.Root{r.moduleCacheDir, gopathwalk.RootModuleCache}) -+ r.roots = append(r.roots, gopathwalk.Root{Path: r.moduleCacheDir, Type: gopathwalk.RootModuleCache}) - } - - r.scannedRoots = map[gopathwalk.Root]bool{} -@@ -466,6 +466,16 @@ func (r *ModuleResolver) scan(ctx context.Context, callback *scanCallback) error - // We assume cached directories are fully cached, including all their - // children, and have not changed. We can skip them. - skip := func(root gopathwalk.Root, dir string) bool { -+ if r.env.SkipPathInScan != nil && root.Type == gopathwalk.RootCurrentModule { -+ if root.Path == dir { -+ return false -+ } -+ -+ if r.env.SkipPathInScan(filepath.Clean(dir)) { -+ return true -+ } -+ } -+ - info, ok := r.cacheLoad(dir) - if !ok { - return false -diff --git a/vendor/golang.org/x/tools/internal/imports/sortimports.go b/vendor/golang.org/x/tools/internal/imports/sortimports.go -index 85144db1dfa..1a0a7ebd9e4 100644 ---- a/vendor/golang.org/x/tools/internal/imports/sortimports.go -+++ b/vendor/golang.org/x/tools/internal/imports/sortimports.go -@@ -52,6 +52,7 @@ func sortImports(localPrefix string, tokFile *token.File, f *ast.File) { - d.Specs = specs - - // Deduping can leave a blank line before the rparen; clean that up. -+ // Ignore line directives. - if len(d.Specs) > 0 { - lastSpec := d.Specs[len(d.Specs)-1] - lastLine := tokFile.PositionFor(lastSpec.Pos(), false).Line -diff --git a/vendor/golang.org/x/tools/internal/imports/zstdlib.go b/vendor/golang.org/x/tools/internal/imports/zstdlib.go -index 437fbb78dbd..75dbe425ed2 100644 ---- a/vendor/golang.org/x/tools/internal/imports/zstdlib.go -+++ b/vendor/golang.org/x/tools/internal/imports/zstdlib.go -@@ -1,11 +1,16 @@ -+// Copyright 2022 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ - // Code generated by mkstdlib.go. DO NOT EDIT. - - package imports - - var stdlib = map[string][]string{ -- "archive/tar": []string{ -+ "archive/tar": { - "ErrFieldTooLong", - "ErrHeader", -+ "ErrInsecurePath", - "ErrWriteAfterClose", - "ErrWriteTooLong", - "FileInfoHeader", -@@ -34,13 +39,14 @@ var stdlib = map[string][]string{ - "TypeXHeader", - "Writer", - }, -- "archive/zip": []string{ -+ "archive/zip": { - "Compressor", - "Decompressor", - "Deflate", - "ErrAlgorithm", - "ErrChecksum", - "ErrFormat", -+ "ErrInsecurePath", - "File", - "FileHeader", - "FileInfoHeader", -@@ -54,7 +60,7 @@ var stdlib = map[string][]string{ - "Store", - "Writer", - }, -- "bufio": []string{ -+ "bufio": { - "ErrAdvanceTooFar", - "ErrBadReadCount", - "ErrBufferFull", -@@ -81,14 +87,17 @@ var stdlib = map[string][]string{ - "SplitFunc", - "Writer", - }, -- "bytes": []string{ -+ "bytes": { - "Buffer", -+ "Clone", - "Compare", - "Contains", - "ContainsAny", - "ContainsRune", - "Count", - "Cut", -+ "CutPrefix", -+ "CutSuffix", - "Equal", - "EqualFold", - "ErrTooLarge", -@@ -138,11 +147,11 @@ var stdlib = map[string][]string{ - "TrimSpace", - "TrimSuffix", - }, -- "compress/bzip2": []string{ -+ "compress/bzip2": { - "NewReader", - "StructuralError", - }, -- "compress/flate": []string{ -+ "compress/flate": { - "BestCompression", - "BestSpeed", - "CorruptInputError", -@@ -160,7 +169,7 @@ var stdlib = map[string][]string{ - "WriteError", - "Writer", - }, -- "compress/gzip": []string{ -+ "compress/gzip": { - "BestCompression", - "BestSpeed", - "DefaultCompression", -@@ -175,7 +184,7 @@ var stdlib = map[string][]string{ - "Reader", - "Writer", - }, -- "compress/lzw": []string{ -+ "compress/lzw": { - "LSB", - "MSB", - "NewReader", -@@ -184,7 +193,7 @@ var stdlib = map[string][]string{ - "Reader", - "Writer", - }, -- "compress/zlib": []string{ -+ "compress/zlib": { - "BestCompression", - "BestSpeed", - "DefaultCompression", -@@ -201,7 +210,7 @@ var stdlib = map[string][]string{ - "Resetter", - "Writer", - }, -- "container/heap": []string{ -+ "container/heap": { - "Fix", - "Init", - "Interface", -@@ -209,28 +218,31 @@ var stdlib = map[string][]string{ - "Push", - "Remove", - }, -- "container/list": []string{ -+ "container/list": { - "Element", - "List", - "New", - }, -- "container/ring": []string{ -+ "container/ring": { - "New", - "Ring", - }, -- "context": []string{ -+ "context": { - "Background", -+ "CancelCauseFunc", - "CancelFunc", - "Canceled", -+ "Cause", - "Context", - "DeadlineExceeded", - "TODO", - "WithCancel", -+ "WithCancelCause", - "WithDeadline", - "WithTimeout", - "WithValue", - }, -- "crypto": []string{ -+ "crypto": { - "BLAKE2b_256", - "BLAKE2b_384", - "BLAKE2b_512", -@@ -264,7 +276,7 @@ var stdlib = map[string][]string{ - "KeySizeError", - "NewCipher", - }, -- "crypto/cipher": []string{ -+ "crypto/cipher": { - "AEAD", - "Block", - "BlockMode", -@@ -281,13 +293,13 @@ var stdlib = map[string][]string{ - "StreamReader", - "StreamWriter", - }, -- "crypto/des": []string{ -+ "crypto/des": { - "BlockSize", - "KeySizeError", - "NewCipher", - "NewTripleDESCipher", - }, -- "crypto/dsa": []string{ -+ "crypto/dsa": { - "ErrInvalidPublicKey", - "GenerateKey", - "GenerateParameters", -@@ -302,7 +314,16 @@ var stdlib = map[string][]string{ - "Sign", - "Verify", - }, -- "crypto/ecdsa": []string{ -+ "crypto/ecdh": { -+ "Curve", -+ "P256", -+ "P384", -+ "P521", -+ "PrivateKey", -+ "PublicKey", -+ "X25519", -+ }, -+ "crypto/ecdsa": { - "GenerateKey", - "PrivateKey", - "PublicKey", -@@ -311,9 +332,10 @@ var stdlib = map[string][]string{ - "Verify", - "VerifyASN1", - }, -- "crypto/ed25519": []string{ -+ "crypto/ed25519": { - "GenerateKey", - "NewKeyFromSeed", -+ "Options", - "PrivateKey", - "PrivateKeySize", - "PublicKey", -@@ -322,8 +344,9 @@ var stdlib = map[string][]string{ - "Sign", - "SignatureSize", - "Verify", -+ "VerifyWithOptions", - }, -- "crypto/elliptic": []string{ -+ "crypto/elliptic": { - "Curve", - "CurveParams", - "GenerateKey", -@@ -336,28 +359,28 @@ var stdlib = map[string][]string{ - "Unmarshal", - "UnmarshalCompressed", - }, -- "crypto/hmac": []string{ -+ "crypto/hmac": { - "Equal", - "New", - }, -- "crypto/md5": []string{ -+ "crypto/md5": { - "BlockSize", - "New", - "Size", - "Sum", - }, -- "crypto/rand": []string{ -+ "crypto/rand": { - "Int", - "Prime", - "Read", - "Reader", - }, -- "crypto/rc4": []string{ -+ "crypto/rc4": { - "Cipher", - "KeySizeError", - "NewCipher", - }, -- "crypto/rsa": []string{ -+ "crypto/rsa": { - "CRTValue", - "DecryptOAEP", - "DecryptPKCS1v15", -@@ -382,13 +405,13 @@ var stdlib = map[string][]string{ - "VerifyPKCS1v15", - "VerifyPSS", - }, -- "crypto/sha1": []string{ -+ "crypto/sha1": { - "BlockSize", - "New", - "Size", - "Sum", - }, -- "crypto/sha256": []string{ -+ "crypto/sha256": { - "BlockSize", - "New", - "New224", -@@ -397,7 +420,7 @@ var stdlib = map[string][]string{ - "Sum224", - "Sum256", - }, -- "crypto/sha512": []string{ -+ "crypto/sha512": { - "BlockSize", - "New", - "New384", -@@ -412,7 +435,7 @@ var stdlib = map[string][]string{ - "Sum512_224", - "Sum512_256", - }, -- "crypto/subtle": []string{ -+ "crypto/subtle": { - "ConstantTimeByteEq", - "ConstantTimeCompare", - "ConstantTimeCopy", -@@ -420,9 +443,10 @@ var stdlib = map[string][]string{ - "ConstantTimeLessOrEq", - "ConstantTimeSelect", - }, -- "crypto/tls": []string{ -+ "crypto/tls": { - "Certificate", - "CertificateRequestInfo", -+ "CertificateVerificationError", - "CipherSuite", - "CipherSuiteName", - "CipherSuites", -@@ -506,7 +530,7 @@ var stdlib = map[string][]string{ - "X25519", - "X509KeyPair", - }, -- "crypto/x509": []string{ -+ "crypto/x509": { - "CANotAuthorizedForExtKeyUsage", - "CANotAuthorizedForThisName", - "CertPool", -@@ -588,6 +612,7 @@ var stdlib = map[string][]string{ - "ParsePKCS1PublicKey", - "ParsePKCS8PrivateKey", - "ParsePKIXPublicKey", -+ "ParseRevocationList", - "PublicKeyAlgorithm", - "PureEd25519", - "RSA", -@@ -599,6 +624,7 @@ var stdlib = map[string][]string{ - "SHA384WithRSAPSS", - "SHA512WithRSA", - "SHA512WithRSAPSS", -+ "SetFallbackRoots", - "SignatureAlgorithm", - "SystemCertPool", - "SystemRootsError", -@@ -611,7 +637,7 @@ var stdlib = map[string][]string{ - "UnknownSignatureAlgorithm", - "VerifyOptions", - }, -- "crypto/x509/pkix": []string{ -+ "crypto/x509/pkix": { - "AlgorithmIdentifier", - "AttributeTypeAndValue", - "AttributeTypeAndValueSET", -@@ -623,7 +649,7 @@ var stdlib = map[string][]string{ - "RevokedCertificate", - "TBSCertificateList", - }, -- "database/sql": []string{ -+ "database/sql": { - "ColumnType", - "Conn", - "DB", -@@ -664,7 +690,7 @@ var stdlib = map[string][]string{ - "Tx", - "TxOptions", - }, -- "database/sql/driver": []string{ -+ "database/sql/driver": { - "Bool", - "ColumnConverter", - "Conn", -@@ -712,12 +738,12 @@ var stdlib = map[string][]string{ - "ValueConverter", - "Valuer", - }, -- "debug/buildinfo": []string{ -+ "debug/buildinfo": { - "BuildInfo", - "Read", - "ReadFile", - }, -- "debug/dwarf": []string{ -+ "debug/dwarf": { - "AddrType", - "ArrayType", - "Attr", -@@ -968,7 +994,7 @@ var stdlib = map[string][]string{ - "UnsupportedType", - "VoidType", - }, -- "debug/elf": []string{ -+ "debug/elf": { - "ARM_MAGIC_TRAMP_NUMBER", - "COMPRESS_HIOS", - "COMPRESS_HIPROC", -@@ -1238,6 +1264,7 @@ var stdlib = map[string][]string{ - "EM_L10M", - "EM_LANAI", - "EM_LATTICEMICO32", -+ "EM_LOONGARCH", - "EM_M16C", - "EM_M32", - "EM_M32C", -@@ -1820,6 +1847,96 @@ var stdlib = map[string][]string{ - "R_ARM_XPC25", - "R_INFO", - "R_INFO32", -+ "R_LARCH", -+ "R_LARCH_32", -+ "R_LARCH_32_PCREL", -+ "R_LARCH_64", -+ "R_LARCH_ABS64_HI12", -+ "R_LARCH_ABS64_LO20", -+ "R_LARCH_ABS_HI20", -+ "R_LARCH_ABS_LO12", -+ "R_LARCH_ADD16", -+ "R_LARCH_ADD24", -+ "R_LARCH_ADD32", -+ "R_LARCH_ADD64", -+ "R_LARCH_ADD8", -+ "R_LARCH_B16", -+ "R_LARCH_B21", -+ "R_LARCH_B26", -+ "R_LARCH_COPY", -+ "R_LARCH_GNU_VTENTRY", -+ "R_LARCH_GNU_VTINHERIT", -+ "R_LARCH_GOT64_HI12", -+ "R_LARCH_GOT64_LO20", -+ "R_LARCH_GOT64_PC_HI12", -+ "R_LARCH_GOT64_PC_LO20", -+ "R_LARCH_GOT_HI20", -+ "R_LARCH_GOT_LO12", -+ "R_LARCH_GOT_PC_HI20", -+ "R_LARCH_GOT_PC_LO12", -+ "R_LARCH_IRELATIVE", -+ "R_LARCH_JUMP_SLOT", -+ "R_LARCH_MARK_LA", -+ "R_LARCH_MARK_PCREL", -+ "R_LARCH_NONE", -+ "R_LARCH_PCALA64_HI12", -+ "R_LARCH_PCALA64_LO20", -+ "R_LARCH_PCALA_HI20", -+ "R_LARCH_PCALA_LO12", -+ "R_LARCH_RELATIVE", -+ "R_LARCH_RELAX", -+ "R_LARCH_SOP_ADD", -+ "R_LARCH_SOP_AND", -+ "R_LARCH_SOP_ASSERT", -+ "R_LARCH_SOP_IF_ELSE", -+ "R_LARCH_SOP_NOT", -+ "R_LARCH_SOP_POP_32_S_0_10_10_16_S2", -+ "R_LARCH_SOP_POP_32_S_0_5_10_16_S2", -+ "R_LARCH_SOP_POP_32_S_10_12", -+ "R_LARCH_SOP_POP_32_S_10_16", -+ "R_LARCH_SOP_POP_32_S_10_16_S2", -+ "R_LARCH_SOP_POP_32_S_10_5", -+ "R_LARCH_SOP_POP_32_S_5_20", -+ "R_LARCH_SOP_POP_32_U", -+ "R_LARCH_SOP_POP_32_U_10_12", -+ "R_LARCH_SOP_PUSH_ABSOLUTE", -+ "R_LARCH_SOP_PUSH_DUP", -+ "R_LARCH_SOP_PUSH_GPREL", -+ "R_LARCH_SOP_PUSH_PCREL", -+ "R_LARCH_SOP_PUSH_PLT_PCREL", -+ "R_LARCH_SOP_PUSH_TLS_GD", -+ "R_LARCH_SOP_PUSH_TLS_GOT", -+ "R_LARCH_SOP_PUSH_TLS_TPREL", -+ "R_LARCH_SOP_SL", -+ "R_LARCH_SOP_SR", -+ "R_LARCH_SOP_SUB", -+ "R_LARCH_SUB16", -+ "R_LARCH_SUB24", -+ "R_LARCH_SUB32", -+ "R_LARCH_SUB64", -+ "R_LARCH_SUB8", -+ "R_LARCH_TLS_DTPMOD32", -+ "R_LARCH_TLS_DTPMOD64", -+ "R_LARCH_TLS_DTPREL32", -+ "R_LARCH_TLS_DTPREL64", -+ "R_LARCH_TLS_GD_HI20", -+ "R_LARCH_TLS_GD_PC_HI20", -+ "R_LARCH_TLS_IE64_HI12", -+ "R_LARCH_TLS_IE64_LO20", -+ "R_LARCH_TLS_IE64_PC_HI12", -+ "R_LARCH_TLS_IE64_PC_LO20", -+ "R_LARCH_TLS_IE_HI20", -+ "R_LARCH_TLS_IE_LO12", -+ "R_LARCH_TLS_IE_PC_HI20", -+ "R_LARCH_TLS_IE_PC_LO12", -+ "R_LARCH_TLS_LD_HI20", -+ "R_LARCH_TLS_LD_PC_HI20", -+ "R_LARCH_TLS_LE64_HI12", -+ "R_LARCH_TLS_LE64_LO20", -+ "R_LARCH_TLS_LE_HI20", -+ "R_LARCH_TLS_LE_LO12", -+ "R_LARCH_TLS_TPREL32", -+ "R_LARCH_TLS_TPREL64", - "R_MIPS", - "R_MIPS_16", - "R_MIPS_26", -@@ -1881,15 +1998,25 @@ var stdlib = map[string][]string{ - "R_PPC64_ADDR16_HIGH", - "R_PPC64_ADDR16_HIGHA", - "R_PPC64_ADDR16_HIGHER", -+ "R_PPC64_ADDR16_HIGHER34", - "R_PPC64_ADDR16_HIGHERA", -+ "R_PPC64_ADDR16_HIGHERA34", - "R_PPC64_ADDR16_HIGHEST", -+ "R_PPC64_ADDR16_HIGHEST34", - "R_PPC64_ADDR16_HIGHESTA", -+ "R_PPC64_ADDR16_HIGHESTA34", - "R_PPC64_ADDR16_LO", - "R_PPC64_ADDR16_LO_DS", - "R_PPC64_ADDR24", - "R_PPC64_ADDR32", - "R_PPC64_ADDR64", - "R_PPC64_ADDR64_LOCAL", -+ "R_PPC64_COPY", -+ "R_PPC64_D28", -+ "R_PPC64_D34", -+ "R_PPC64_D34_HA30", -+ "R_PPC64_D34_HI30", -+ "R_PPC64_D34_LO", - "R_PPC64_DTPMOD64", - "R_PPC64_DTPREL16", - "R_PPC64_DTPREL16_DS", -@@ -1903,8 +2030,12 @@ var stdlib = map[string][]string{ - "R_PPC64_DTPREL16_HIGHESTA", - "R_PPC64_DTPREL16_LO", - "R_PPC64_DTPREL16_LO_DS", -+ "R_PPC64_DTPREL34", - "R_PPC64_DTPREL64", - "R_PPC64_ENTRY", -+ "R_PPC64_GLOB_DAT", -+ "R_PPC64_GNU_VTENTRY", -+ "R_PPC64_GNU_VTINHERIT", - "R_PPC64_GOT16", - "R_PPC64_GOT16_DS", - "R_PPC64_GOT16_HA", -@@ -1915,29 +2046,50 @@ var stdlib = map[string][]string{ - "R_PPC64_GOT_DTPREL16_HA", - "R_PPC64_GOT_DTPREL16_HI", - "R_PPC64_GOT_DTPREL16_LO_DS", -+ "R_PPC64_GOT_DTPREL_PCREL34", -+ "R_PPC64_GOT_PCREL34", - "R_PPC64_GOT_TLSGD16", - "R_PPC64_GOT_TLSGD16_HA", - "R_PPC64_GOT_TLSGD16_HI", - "R_PPC64_GOT_TLSGD16_LO", -+ "R_PPC64_GOT_TLSGD_PCREL34", - "R_PPC64_GOT_TLSLD16", - "R_PPC64_GOT_TLSLD16_HA", - "R_PPC64_GOT_TLSLD16_HI", - "R_PPC64_GOT_TLSLD16_LO", -+ "R_PPC64_GOT_TLSLD_PCREL34", - "R_PPC64_GOT_TPREL16_DS", - "R_PPC64_GOT_TPREL16_HA", - "R_PPC64_GOT_TPREL16_HI", - "R_PPC64_GOT_TPREL16_LO_DS", -+ "R_PPC64_GOT_TPREL_PCREL34", - "R_PPC64_IRELATIVE", - "R_PPC64_JMP_IREL", - "R_PPC64_JMP_SLOT", - "R_PPC64_NONE", -+ "R_PPC64_PCREL28", -+ "R_PPC64_PCREL34", -+ "R_PPC64_PCREL_OPT", -+ "R_PPC64_PLT16_HA", -+ "R_PPC64_PLT16_HI", -+ "R_PPC64_PLT16_LO", - "R_PPC64_PLT16_LO_DS", -+ "R_PPC64_PLT32", -+ "R_PPC64_PLT64", -+ "R_PPC64_PLTCALL", -+ "R_PPC64_PLTCALL_NOTOC", - "R_PPC64_PLTGOT16", - "R_PPC64_PLTGOT16_DS", - "R_PPC64_PLTGOT16_HA", - "R_PPC64_PLTGOT16_HI", - "R_PPC64_PLTGOT16_LO", - "R_PPC64_PLTGOT_LO_DS", -+ "R_PPC64_PLTREL32", -+ "R_PPC64_PLTREL64", -+ "R_PPC64_PLTSEQ", -+ "R_PPC64_PLTSEQ_NOTOC", -+ "R_PPC64_PLT_PCREL34", -+ "R_PPC64_PLT_PCREL34_NOTOC", - "R_PPC64_REL14", - "R_PPC64_REL14_BRNTAKEN", - "R_PPC64_REL14_BRTAKEN", -@@ -1945,13 +2097,28 @@ var stdlib = map[string][]string{ - "R_PPC64_REL16DX_HA", - "R_PPC64_REL16_HA", - "R_PPC64_REL16_HI", -+ "R_PPC64_REL16_HIGH", -+ "R_PPC64_REL16_HIGHA", -+ "R_PPC64_REL16_HIGHER", -+ "R_PPC64_REL16_HIGHER34", -+ "R_PPC64_REL16_HIGHERA", -+ "R_PPC64_REL16_HIGHERA34", -+ "R_PPC64_REL16_HIGHEST", -+ "R_PPC64_REL16_HIGHEST34", -+ "R_PPC64_REL16_HIGHESTA", -+ "R_PPC64_REL16_HIGHESTA34", - "R_PPC64_REL16_LO", - "R_PPC64_REL24", - "R_PPC64_REL24_NOTOC", -+ "R_PPC64_REL30", - "R_PPC64_REL32", - "R_PPC64_REL64", - "R_PPC64_RELATIVE", -+ "R_PPC64_SECTOFF", - "R_PPC64_SECTOFF_DS", -+ "R_PPC64_SECTOFF_HA", -+ "R_PPC64_SECTOFF_HI", -+ "R_PPC64_SECTOFF_LO", - "R_PPC64_SECTOFF_LO_DS", - "R_PPC64_TLS", - "R_PPC64_TLSGD", -@@ -1976,7 +2143,11 @@ var stdlib = map[string][]string{ - "R_PPC64_TPREL16_HIGHESTA", - "R_PPC64_TPREL16_LO", - "R_PPC64_TPREL16_LO_DS", -+ "R_PPC64_TPREL34", - "R_PPC64_TPREL64", -+ "R_PPC64_UADDR16", -+ "R_PPC64_UADDR32", -+ "R_PPC64_UADDR64", - "R_PPC_ADDR14", - "R_PPC_ADDR14_BRNTAKEN", - "R_PPC_ADDR14_BRTAKEN", -@@ -2315,7 +2486,7 @@ var stdlib = map[string][]string{ - "Type", - "Version", - }, -- "debug/gosym": []string{ -+ "debug/gosym": { - "DecodingError", - "Func", - "LineTable", -@@ -2327,7 +2498,7 @@ var stdlib = map[string][]string{ - "UnknownFileError", - "UnknownLineError", - }, -- "debug/macho": []string{ -+ "debug/macho": { - "ARM64_RELOC_ADDEND", - "ARM64_RELOC_BRANCH26", - "ARM64_RELOC_GOT_LOAD_PAGE21", -@@ -2457,13 +2628,20 @@ var stdlib = map[string][]string{ - "X86_64_RELOC_TLV", - "X86_64_RELOC_UNSIGNED", - }, -- "debug/pe": []string{ -+ "debug/pe": { - "COFFSymbol", -+ "COFFSymbolAuxFormat5", - "COFFSymbolSize", - "DataDirectory", - "File", - "FileHeader", - "FormatError", -+ "IMAGE_COMDAT_SELECT_ANY", -+ "IMAGE_COMDAT_SELECT_ASSOCIATIVE", -+ "IMAGE_COMDAT_SELECT_EXACT_MATCH", -+ "IMAGE_COMDAT_SELECT_LARGEST", -+ "IMAGE_COMDAT_SELECT_NODUPLICATES", -+ "IMAGE_COMDAT_SELECT_SAME_SIZE", - "IMAGE_DIRECTORY_ENTRY_ARCHITECTURE", - "IMAGE_DIRECTORY_ENTRY_BASERELOC", - "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT", -@@ -2508,6 +2686,8 @@ var stdlib = map[string][]string{ - "IMAGE_FILE_MACHINE_EBC", - "IMAGE_FILE_MACHINE_I386", - "IMAGE_FILE_MACHINE_IA64", -+ "IMAGE_FILE_MACHINE_LOONGARCH32", -+ "IMAGE_FILE_MACHINE_LOONGARCH64", - "IMAGE_FILE_MACHINE_M32R", - "IMAGE_FILE_MACHINE_MIPS16", - "IMAGE_FILE_MACHINE_MIPSFPU", -@@ -2515,6 +2695,9 @@ var stdlib = map[string][]string{ - "IMAGE_FILE_MACHINE_POWERPC", - "IMAGE_FILE_MACHINE_POWERPCFP", - "IMAGE_FILE_MACHINE_R4000", -+ "IMAGE_FILE_MACHINE_RISCV128", -+ "IMAGE_FILE_MACHINE_RISCV32", -+ "IMAGE_FILE_MACHINE_RISCV64", - "IMAGE_FILE_MACHINE_SH3", - "IMAGE_FILE_MACHINE_SH3DSP", - "IMAGE_FILE_MACHINE_SH4", -@@ -2527,6 +2710,14 @@ var stdlib = map[string][]string{ - "IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP", - "IMAGE_FILE_SYSTEM", - "IMAGE_FILE_UP_SYSTEM_ONLY", -+ "IMAGE_SCN_CNT_CODE", -+ "IMAGE_SCN_CNT_INITIALIZED_DATA", -+ "IMAGE_SCN_CNT_UNINITIALIZED_DATA", -+ "IMAGE_SCN_LNK_COMDAT", -+ "IMAGE_SCN_MEM_DISCARDABLE", -+ "IMAGE_SCN_MEM_EXECUTE", -+ "IMAGE_SCN_MEM_READ", -+ "IMAGE_SCN_MEM_WRITE", - "IMAGE_SUBSYSTEM_EFI_APPLICATION", - "IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER", - "IMAGE_SUBSYSTEM_EFI_ROM", -@@ -2553,7 +2744,7 @@ var stdlib = map[string][]string{ - "StringTable", - "Symbol", - }, -- "debug/plan9obj": []string{ -+ "debug/plan9obj": { - "ErrNoSymbols", - "File", - "FileHeader", -@@ -2567,16 +2758,16 @@ var stdlib = map[string][]string{ - "SectionHeader", - "Sym", - }, -- "embed": []string{ -+ "embed": { - "FS", - }, -- "encoding": []string{ -+ "encoding": { - "BinaryMarshaler", - "BinaryUnmarshaler", - "TextMarshaler", - "TextUnmarshaler", - }, -- "encoding/ascii85": []string{ -+ "encoding/ascii85": { - "CorruptInputError", - "Decode", - "Encode", -@@ -2584,7 +2775,7 @@ var stdlib = map[string][]string{ - "NewDecoder", - "NewEncoder", - }, -- "encoding/asn1": []string{ -+ "encoding/asn1": { - "BitString", - "ClassApplication", - "ClassContextSpecific", -@@ -2622,7 +2813,7 @@ var stdlib = map[string][]string{ - "Unmarshal", - "UnmarshalWithParams", - }, -- "encoding/base32": []string{ -+ "encoding/base32": { - "CorruptInputError", - "Encoding", - "HexEncoding", -@@ -2633,7 +2824,7 @@ var stdlib = map[string][]string{ - "StdEncoding", - "StdPadding", - }, -- "encoding/base64": []string{ -+ "encoding/base64": { - "CorruptInputError", - "Encoding", - "NewDecoder", -@@ -2646,7 +2837,10 @@ var stdlib = map[string][]string{ - "StdPadding", - "URLEncoding", - }, -- "encoding/binary": []string{ -+ "encoding/binary": { -+ "AppendByteOrder", -+ "AppendUvarint", -+ "AppendVarint", - "BigEndian", - "ByteOrder", - "LittleEndian", -@@ -2663,7 +2857,7 @@ var stdlib = map[string][]string{ - "Varint", - "Write", - }, -- "encoding/csv": []string{ -+ "encoding/csv": { - "ErrBareQuote", - "ErrFieldCount", - "ErrQuote", -@@ -2674,7 +2868,7 @@ var stdlib = map[string][]string{ - "Reader", - "Writer", - }, -- "encoding/gob": []string{ -+ "encoding/gob": { - "CommonType", - "Decoder", - "Encoder", -@@ -2685,7 +2879,7 @@ var stdlib = map[string][]string{ - "Register", - "RegisterName", - }, -- "encoding/hex": []string{ -+ "encoding/hex": { - "Decode", - "DecodeString", - "DecodedLen", -@@ -2699,7 +2893,7 @@ var stdlib = map[string][]string{ - "NewDecoder", - "NewEncoder", - }, -- "encoding/json": []string{ -+ "encoding/json": { - "Compact", - "Decoder", - "Delim", -@@ -2726,13 +2920,13 @@ var stdlib = map[string][]string{ - "UnsupportedValueError", - "Valid", - }, -- "encoding/pem": []string{ -+ "encoding/pem": { - "Block", - "Decode", - "Encode", - "EncodeToMemory", - }, -- "encoding/xml": []string{ -+ "encoding/xml": { - "Attr", - "CharData", - "Comment", -@@ -2766,13 +2960,13 @@ var stdlib = map[string][]string{ - "UnmarshalerAttr", - "UnsupportedTypeError", - }, -- "errors": []string{ -+ "errors": { - "As", - "Is", - "New", - "Unwrap", - }, -- "expvar": []string{ -+ "expvar": { - "Do", - "Float", - "Func", -@@ -2789,7 +2983,7 @@ var stdlib = map[string][]string{ - "String", - "Var", - }, -- "flag": []string{ -+ "flag": { - "Arg", - "Args", - "Bool", -@@ -2822,6 +3016,7 @@ var stdlib = map[string][]string{ - "Set", - "String", - "StringVar", -+ "TextVar", - "Uint", - "Uint64", - "Uint64Var", -@@ -2833,8 +3028,12 @@ var stdlib = map[string][]string{ - "Visit", - "VisitAll", - }, -- "fmt": []string{ -+ "fmt": { -+ "Append", -+ "Appendf", -+ "Appendln", - "Errorf", -+ "FormatString", - "Formatter", - "Fprint", - "Fprintf", -@@ -2860,7 +3059,7 @@ var stdlib = map[string][]string{ - "State", - "Stringer", - }, -- "go/ast": []string{ -+ "go/ast": { - "ArrayType", - "AssignStmt", - "Bad", -@@ -2963,7 +3162,7 @@ var stdlib = map[string][]string{ - "Visitor", - "Walk", - }, -- "go/build": []string{ -+ "go/build": { - "AllowBinary", - "ArchChar", - "Context", -@@ -2980,7 +3179,7 @@ var stdlib = map[string][]string{ - "Package", - "ToolDir", - }, -- "go/build/constraint": []string{ -+ "go/build/constraint": { - "AndExpr", - "Expr", - "IsGoBuild", -@@ -2992,7 +3191,7 @@ var stdlib = map[string][]string{ - "SyntaxError", - "TagExpr", - }, -- "go/constant": []string{ -+ "go/constant": { - "BinaryOp", - "BitLen", - "Bool", -@@ -3033,7 +3232,7 @@ var stdlib = map[string][]string{ - "Val", - "Value", - }, -- "go/doc": []string{ -+ "go/doc": { - "AllDecls", - "AllMethods", - "Example", -@@ -3054,17 +3253,35 @@ var stdlib = map[string][]string{ - "Type", - "Value", - }, -- "go/format": []string{ -+ "go/doc/comment": { -+ "Block", -+ "Code", -+ "DefaultLookupPackage", -+ "Doc", -+ "DocLink", -+ "Heading", -+ "Italic", -+ "Link", -+ "LinkDef", -+ "List", -+ "ListItem", -+ "Paragraph", -+ "Parser", -+ "Plain", -+ "Printer", -+ "Text", -+ }, -+ "go/format": { - "Node", - "Source", - }, -- "go/importer": []string{ -+ "go/importer": { - "Default", - "For", - "ForCompiler", - "Lookup", - }, -- "go/parser": []string{ -+ "go/parser": { - "AllErrors", - "DeclarationErrors", - "ImportsOnly", -@@ -3079,7 +3296,7 @@ var stdlib = map[string][]string{ - "SpuriousErrors", - "Trace", - }, -- "go/printer": []string{ -+ "go/printer": { - "CommentedNode", - "Config", - "Fprint", -@@ -3089,7 +3306,7 @@ var stdlib = map[string][]string{ - "TabIndent", - "UseSpaces", - }, -- "go/scanner": []string{ -+ "go/scanner": { - "Error", - "ErrorHandler", - "ErrorList", -@@ -3098,7 +3315,7 @@ var stdlib = map[string][]string{ - "ScanComments", - "Scanner", - }, -- "go/token": []string{ -+ "go/token": { - "ADD", - "ADD_ASSIGN", - "AND", -@@ -3196,7 +3413,7 @@ var stdlib = map[string][]string{ - "XOR", - "XOR_ASSIGN", - }, -- "go/types": []string{ -+ "go/types": { - "ArgumentError", - "Array", - "AssertableTo", -@@ -3302,6 +3519,7 @@ var stdlib = map[string][]string{ - "RecvOnly", - "RelativeTo", - "Rune", -+ "Satisfies", - "Scope", - "Selection", - "SelectionKind", -@@ -3347,17 +3565,17 @@ var stdlib = map[string][]string{ - "WriteSignature", - "WriteType", - }, -- "hash": []string{ -+ "hash": { - "Hash", - "Hash32", - "Hash64", - }, -- "hash/adler32": []string{ -+ "hash/adler32": { - "Checksum", - "New", - "Size", - }, -- "hash/crc32": []string{ -+ "hash/crc32": { - "Castagnoli", - "Checksum", - "ChecksumIEEE", -@@ -3371,7 +3589,7 @@ var stdlib = map[string][]string{ - "Table", - "Update", - }, -- "hash/crc64": []string{ -+ "hash/crc64": { - "Checksum", - "ECMA", - "ISO", -@@ -3381,7 +3599,7 @@ var stdlib = map[string][]string{ - "Table", - "Update", - }, -- "hash/fnv": []string{ -+ "hash/fnv": { - "New128", - "New128a", - "New32", -@@ -3389,16 +3607,17 @@ var stdlib = map[string][]string{ - "New64", - "New64a", - }, -- "hash/maphash": []string{ -+ "hash/maphash": { -+ "Bytes", - "Hash", - "MakeSeed", - "Seed", - }, -- "html": []string{ -+ "html": { - "EscapeString", - "UnescapeString", - }, -- "html/template": []string{ -+ "html/template": { - "CSS", - "ErrAmbigContext", - "ErrBadHTML", -@@ -3436,7 +3655,7 @@ var stdlib = map[string][]string{ - "URL", - "URLQueryEscaper", - }, -- "image": []string{ -+ "image": { - "Alpha", - "Alpha16", - "Black", -@@ -3489,7 +3708,7 @@ var stdlib = map[string][]string{ - "ZP", - "ZR", - }, -- "image/color": []string{ -+ "image/color": { - "Alpha", - "Alpha16", - "Alpha16Model", -@@ -3525,11 +3744,11 @@ var stdlib = map[string][]string{ - "YCbCrModel", - "YCbCrToRGB", - }, -- "image/color/palette": []string{ -+ "image/color/palette": { - "Plan9", - "WebSafe", - }, -- "image/draw": []string{ -+ "image/draw": { - "Draw", - "DrawMask", - "Drawer", -@@ -3541,7 +3760,7 @@ var stdlib = map[string][]string{ - "RGBA64Image", - "Src", - }, -- "image/gif": []string{ -+ "image/gif": { - "Decode", - "DecodeAll", - "DecodeConfig", -@@ -3553,7 +3772,7 @@ var stdlib = map[string][]string{ - "GIF", - "Options", - }, -- "image/jpeg": []string{ -+ "image/jpeg": { - "Decode", - "DecodeConfig", - "DefaultQuality", -@@ -3563,7 +3782,7 @@ var stdlib = map[string][]string{ - "Reader", - "UnsupportedError", - }, -- "image/png": []string{ -+ "image/png": { - "BestCompression", - "BestSpeed", - "CompressionLevel", -@@ -3578,11 +3797,11 @@ var stdlib = map[string][]string{ - "NoCompression", - "UnsupportedError", - }, -- "index/suffixarray": []string{ -+ "index/suffixarray": { - "Index", - "New", - }, -- "io": []string{ -+ "io": { - "ByteReader", - "ByteScanner", - "ByteWriter", -@@ -3601,8 +3820,10 @@ var stdlib = map[string][]string{ - "LimitedReader", - "MultiReader", - "MultiWriter", -+ "NewOffsetWriter", - "NewSectionReader", - "NopCloser", -+ "OffsetWriter", - "Pipe", - "PipeReader", - "PipeWriter", -@@ -3634,7 +3855,7 @@ var stdlib = map[string][]string{ - "WriterAt", - "WriterTo", - }, -- "io/fs": []string{ -+ "io/fs": { - "DirEntry", - "ErrClosed", - "ErrExist", -@@ -3669,6 +3890,7 @@ var stdlib = map[string][]string{ - "ReadDirFile", - "ReadFile", - "ReadFileFS", -+ "SkipAll", - "SkipDir", - "Stat", - "StatFS", -@@ -3678,7 +3900,7 @@ var stdlib = map[string][]string{ - "WalkDir", - "WalkDirFunc", - }, -- "io/ioutil": []string{ -+ "io/ioutil": { - "Discard", - "NopCloser", - "ReadAll", -@@ -3688,7 +3910,7 @@ var stdlib = map[string][]string{ - "TempFile", - "WriteFile", - }, -- "log": []string{ -+ "log": { - "Default", - "Fatal", - "Fatalf", -@@ -3717,7 +3939,7 @@ var stdlib = map[string][]string{ - "SetPrefix", - "Writer", - }, -- "log/syslog": []string{ -+ "log/syslog": { - "Dial", - "LOG_ALERT", - "LOG_AUTH", -@@ -3752,7 +3974,7 @@ var stdlib = map[string][]string{ - "Priority", - "Writer", - }, -- "math": []string{ -+ "math": { - "Abs", - "Acos", - "Acosh", -@@ -3851,7 +4073,7 @@ var stdlib = map[string][]string{ - "Y1", - "Yn", - }, -- "math/big": []string{ -+ "math/big": { - "Above", - "Accuracy", - "AwayFromZero", -@@ -3878,7 +4100,7 @@ var stdlib = map[string][]string{ - "ToZero", - "Word", - }, -- "math/bits": []string{ -+ "math/bits": { - "Add", - "Add32", - "Add64", -@@ -3930,7 +4152,7 @@ var stdlib = map[string][]string{ - "TrailingZeros8", - "UintSize", - }, -- "math/cmplx": []string{ -+ "math/cmplx": { - "Abs", - "Acos", - "Acosh", -@@ -3959,7 +4181,7 @@ var stdlib = map[string][]string{ - "Tan", - "Tanh", - }, -- "math/rand": []string{ -+ "math/rand": { - "ExpFloat64", - "Float32", - "Float64", -@@ -3984,7 +4206,7 @@ var stdlib = map[string][]string{ - "Uint64", - "Zipf", - }, -- "mime": []string{ -+ "mime": { - "AddExtensionType", - "BEncoding", - "ErrInvalidMediaParameter", -@@ -3996,7 +4218,7 @@ var stdlib = map[string][]string{ - "WordDecoder", - "WordEncoder", - }, -- "mime/multipart": []string{ -+ "mime/multipart": { - "ErrMessageTooLarge", - "File", - "FileHeader", -@@ -4007,13 +4229,13 @@ var stdlib = map[string][]string{ - "Reader", - "Writer", - }, -- "mime/quotedprintable": []string{ -+ "mime/quotedprintable": { - "NewReader", - "NewWriter", - "Reader", - "Writer", - }, -- "net": []string{ -+ "net": { - "Addr", - "AddrError", - "Buffers", -@@ -4115,7 +4337,7 @@ var stdlib = map[string][]string{ - "UnixListener", - "UnknownNetworkError", - }, -- "net/http": []string{ -+ "net/http": { - "AllowQuerySemicolons", - "CanonicalHeaderKey", - "Client", -@@ -4168,6 +4390,7 @@ var stdlib = map[string][]string{ - "ListenAndServe", - "ListenAndServeTLS", - "LocalAddrContextKey", -+ "MaxBytesError", - "MaxBytesHandler", - "MaxBytesReader", - "MethodConnect", -@@ -4182,6 +4405,7 @@ var stdlib = map[string][]string{ - "NewFileTransport", - "NewRequest", - "NewRequestWithContext", -+ "NewResponseController", - "NewServeMux", - "NoBody", - "NotFound", -@@ -4201,6 +4425,7 @@ var stdlib = map[string][]string{ - "RedirectHandler", - "Request", - "Response", -+ "ResponseController", - "ResponseWriter", - "RoundTripper", - "SameSite", -@@ -4290,25 +4515,25 @@ var stdlib = map[string][]string{ - "TrailerPrefix", - "Transport", - }, -- "net/http/cgi": []string{ -+ "net/http/cgi": { - "Handler", - "Request", - "RequestFromMap", - "Serve", - }, -- "net/http/cookiejar": []string{ -+ "net/http/cookiejar": { - "Jar", - "New", - "Options", - "PublicSuffixList", - }, -- "net/http/fcgi": []string{ -+ "net/http/fcgi": { - "ErrConnClosed", - "ErrRequestAborted", - "ProcessEnv", - "Serve", - }, -- "net/http/httptest": []string{ -+ "net/http/httptest": { - "DefaultRemoteAddr", - "NewRecorder", - "NewRequest", -@@ -4318,7 +4543,7 @@ var stdlib = map[string][]string{ - "ResponseRecorder", - "Server", - }, -- "net/http/httptrace": []string{ -+ "net/http/httptrace": { - "ClientTrace", - "ContextClientTrace", - "DNSDoneInfo", -@@ -4327,7 +4552,7 @@ var stdlib = map[string][]string{ - "WithClientTrace", - "WroteRequestInfo", - }, -- "net/http/httputil": []string{ -+ "net/http/httputil": { - "BufferPool", - "ClientConn", - "DumpRequest", -@@ -4343,10 +4568,11 @@ var stdlib = map[string][]string{ - "NewProxyClientConn", - "NewServerConn", - "NewSingleHostReverseProxy", -+ "ProxyRequest", - "ReverseProxy", - "ServerConn", - }, -- "net/http/pprof": []string{ -+ "net/http/pprof": { - "Cmdline", - "Handler", - "Index", -@@ -4354,7 +4580,7 @@ var stdlib = map[string][]string{ - "Symbol", - "Trace", - }, -- "net/mail": []string{ -+ "net/mail": { - "Address", - "AddressParser", - "ErrHeaderNotPresent", -@@ -4365,7 +4591,7 @@ var stdlib = map[string][]string{ - "ParseDate", - "ReadMessage", - }, -- "net/netip": []string{ -+ "net/netip": { - "Addr", - "AddrFrom16", - "AddrFrom4", -@@ -4374,6 +4600,8 @@ var stdlib = map[string][]string{ - "AddrPortFrom", - "IPv4Unspecified", - "IPv6LinkLocalAllNodes", -+ "IPv6LinkLocalAllRouters", -+ "IPv6Loopback", - "IPv6Unspecified", - "MustParseAddr", - "MustParseAddrPort", -@@ -4384,7 +4612,7 @@ var stdlib = map[string][]string{ - "Prefix", - "PrefixFrom", - }, -- "net/rpc": []string{ -+ "net/rpc": { - "Accept", - "Call", - "Client", -@@ -4411,14 +4639,14 @@ var stdlib = map[string][]string{ - "ServerCodec", - "ServerError", - }, -- "net/rpc/jsonrpc": []string{ -+ "net/rpc/jsonrpc": { - "Dial", - "NewClient", - "NewClientCodec", - "NewServerCodec", - "ServeConn", - }, -- "net/smtp": []string{ -+ "net/smtp": { - "Auth", - "CRAMMD5Auth", - "Client", -@@ -4428,7 +4656,7 @@ var stdlib = map[string][]string{ - "SendMail", - "ServerInfo", - }, -- "net/textproto": []string{ -+ "net/textproto": { - "CanonicalMIMEHeaderKey", - "Conn", - "Dial", -@@ -4444,7 +4672,7 @@ var stdlib = map[string][]string{ - "TrimString", - "Writer", - }, -- "net/url": []string{ -+ "net/url": { - "Error", - "EscapeError", - "InvalidHostError", -@@ -4461,7 +4689,7 @@ var stdlib = map[string][]string{ - "Userinfo", - "Values", - }, -- "os": []string{ -+ "os": { - "Args", - "Chdir", - "Chmod", -@@ -4577,16 +4805,18 @@ var stdlib = map[string][]string{ - "UserHomeDir", - "WriteFile", - }, -- "os/exec": []string{ -+ "os/exec": { - "Cmd", - "Command", - "CommandContext", -+ "ErrDot", - "ErrNotFound", -+ "ErrWaitDelay", - "Error", - "ExitError", - "LookPath", - }, -- "os/signal": []string{ -+ "os/signal": { - "Ignore", - "Ignored", - "Notify", -@@ -4594,7 +4824,7 @@ var stdlib = map[string][]string{ - "Reset", - "Stop", - }, -- "os/user": []string{ -+ "os/user": { - "Current", - "Group", - "Lookup", -@@ -4607,7 +4837,7 @@ var stdlib = map[string][]string{ - "UnknownUserIdError", - "User", - }, -- "path": []string{ -+ "path": { - "Base", - "Clean", - "Dir", -@@ -4618,7 +4848,7 @@ var stdlib = map[string][]string{ - "Match", - "Split", - }, -- "path/filepath": []string{ -+ "path/filepath": { - "Abs", - "Base", - "Clean", -@@ -4630,11 +4860,13 @@ var stdlib = map[string][]string{ - "Glob", - "HasPrefix", - "IsAbs", -+ "IsLocal", - "Join", - "ListSeparator", - "Match", - "Rel", - "Separator", -+ "SkipAll", - "SkipDir", - "Split", - "SplitList", -@@ -4644,12 +4876,12 @@ var stdlib = map[string][]string{ - "WalkDir", - "WalkFunc", - }, -- "plugin": []string{ -+ "plugin": { - "Open", - "Plugin", - "Symbol", - }, -- "reflect": []string{ -+ "reflect": { - "Append", - "AppendSlice", - "Array", -@@ -4724,7 +4956,7 @@ var stdlib = map[string][]string{ - "VisibleFields", - "Zero", - }, -- "regexp": []string{ -+ "regexp": { - "Compile", - "CompilePOSIX", - "Match", -@@ -4735,7 +4967,7 @@ var stdlib = map[string][]string{ - "QuoteMeta", - "Regexp", - }, -- "regexp/syntax": []string{ -+ "regexp/syntax": { - "ClassNL", - "Compile", - "DotNL", -@@ -4756,9 +4988,11 @@ var stdlib = map[string][]string{ - "ErrInvalidRepeatOp", - "ErrInvalidRepeatSize", - "ErrInvalidUTF8", -+ "ErrLarge", - "ErrMissingBracket", - "ErrMissingParen", - "ErrMissingRepeatArgument", -+ "ErrNestingDepth", - "ErrTrailingBackslash", - "ErrUnexpectedParen", - "Error", -@@ -4813,7 +5047,7 @@ var stdlib = map[string][]string{ - "UnicodeGroups", - "WasDollar", - }, -- "runtime": []string{ -+ "runtime": { - "BlockProfile", - "BlockProfileRecord", - "Breakpoint", -@@ -4861,11 +5095,19 @@ var stdlib = map[string][]string{ - "UnlockOSThread", - "Version", - }, -- "runtime/cgo": []string{ -+ "runtime/cgo": { - "Handle", -+ "Incomplete", - "NewHandle", - }, -- "runtime/debug": []string{ -+ "runtime/coverage": { -+ "ClearCounters", -+ "WriteCounters", -+ "WriteCountersDir", -+ "WriteMeta", -+ "WriteMetaDir", -+ }, -+ "runtime/debug": { - "BuildInfo", - "BuildSetting", - "FreeOSMemory", -@@ -4878,12 +5120,13 @@ var stdlib = map[string][]string{ - "SetGCPercent", - "SetMaxStack", - "SetMaxThreads", -+ "SetMemoryLimit", - "SetPanicOnFault", - "SetTraceback", - "Stack", - "WriteHeapDump", - }, -- "runtime/metrics": []string{ -+ "runtime/metrics": { - "All", - "Description", - "Float64Histogram", -@@ -4896,7 +5139,7 @@ var stdlib = map[string][]string{ - "Value", - "ValueKind", - }, -- "runtime/pprof": []string{ -+ "runtime/pprof": { - "Do", - "ForLabels", - "Label", -@@ -4912,7 +5155,7 @@ var stdlib = map[string][]string{ - "WithLabels", - "WriteHeapProfile", - }, -- "runtime/trace": []string{ -+ "runtime/trace": { - "IsEnabled", - "Log", - "Logf", -@@ -4924,7 +5167,8 @@ var stdlib = map[string][]string{ - "Task", - "WithRegion", - }, -- "sort": []string{ -+ "sort": { -+ "Find", - "Float64Slice", - "Float64s", - "Float64sAreSorted", -@@ -4947,7 +5191,7 @@ var stdlib = map[string][]string{ - "Strings", - "StringsAreSorted", - }, -- "strconv": []string{ -+ "strconv": { - "AppendBool", - "AppendFloat", - "AppendInt", -@@ -4987,7 +5231,7 @@ var stdlib = map[string][]string{ - "Unquote", - "UnquoteChar", - }, -- "strings": []string{ -+ "strings": { - "Builder", - "Clone", - "Compare", -@@ -4996,6 +5240,8 @@ var stdlib = map[string][]string{ - "ContainsRune", - "Count", - "Cut", -+ "CutPrefix", -+ "CutSuffix", - "EqualFold", - "Fields", - "FieldsFunc", -@@ -5041,7 +5287,7 @@ var stdlib = map[string][]string{ - "TrimSpace", - "TrimSuffix", - }, -- "sync": []string{ -+ "sync": { - "Cond", - "Locker", - "Map", -@@ -5052,24 +5298,28 @@ var stdlib = map[string][]string{ - "RWMutex", - "WaitGroup", - }, -- "sync/atomic": []string{ -+ "sync/atomic": { - "AddInt32", - "AddInt64", - "AddUint32", - "AddUint64", - "AddUintptr", -+ "Bool", - "CompareAndSwapInt32", - "CompareAndSwapInt64", - "CompareAndSwapPointer", - "CompareAndSwapUint32", - "CompareAndSwapUint64", - "CompareAndSwapUintptr", -+ "Int32", -+ "Int64", - "LoadInt32", - "LoadInt64", - "LoadPointer", - "LoadUint32", - "LoadUint64", - "LoadUintptr", -+ "Pointer", - "StoreInt32", - "StoreInt64", - "StorePointer", -@@ -5082,9 +5332,12 @@ var stdlib = map[string][]string{ - "SwapUint32", - "SwapUint64", - "SwapUintptr", -+ "Uint32", -+ "Uint64", -+ "Uintptr", - "Value", - }, -- "syscall": []string{ -+ "syscall": { - "AF_ALG", - "AF_APPLETALK", - "AF_ARP", -@@ -5158,6 +5411,7 @@ var stdlib = map[string][]string{ - "AF_TIPC", - "AF_UNIX", - "AF_UNSPEC", -+ "AF_UTUN", - "AF_VENDOR00", - "AF_VENDOR01", - "AF_VENDOR02", -@@ -5496,20 +5750,25 @@ var stdlib = map[string][]string{ - "CLOCAL", - "CLONE_CHILD_CLEARTID", - "CLONE_CHILD_SETTID", -+ "CLONE_CLEAR_SIGHAND", - "CLONE_CSIGNAL", - "CLONE_DETACHED", - "CLONE_FILES", - "CLONE_FS", -+ "CLONE_INTO_CGROUP", - "CLONE_IO", -+ "CLONE_NEWCGROUP", - "CLONE_NEWIPC", - "CLONE_NEWNET", - "CLONE_NEWNS", - "CLONE_NEWPID", -+ "CLONE_NEWTIME", - "CLONE_NEWUSER", - "CLONE_NEWUTS", - "CLONE_PARENT", - "CLONE_PARENT_SETTID", - "CLONE_PID", -+ "CLONE_PIDFD", - "CLONE_PTRACE", - "CLONE_SETTLS", - "CLONE_SIGHAND", -@@ -6052,6 +6311,7 @@ var stdlib = map[string][]string{ - "EPROTONOSUPPORT", - "EPROTOTYPE", - "EPWROFF", -+ "EQFULL", - "ERANGE", - "EREMCHG", - "EREMOTE", -@@ -6478,6 +6738,7 @@ var stdlib = map[string][]string{ - "F_DUPFD", - "F_DUPFD_CLOEXEC", - "F_EXLCK", -+ "F_FINDSIGS", - "F_FLUSH_DATA", - "F_FREEZE_FS", - "F_FSCTL", -@@ -6488,6 +6749,7 @@ var stdlib = map[string][]string{ - "F_FSPRIV", - "F_FSVOID", - "F_FULLFSYNC", -+ "F_GETCODEDIR", - "F_GETFD", - "F_GETFL", - "F_GETLEASE", -@@ -6501,6 +6763,7 @@ var stdlib = map[string][]string{ - "F_GETPATH_MTMINFO", - "F_GETPIPE_SZ", - "F_GETPROTECTIONCLASS", -+ "F_GETPROTECTIONLEVEL", - "F_GETSIG", - "F_GLOBAL_NOCACHE", - "F_LOCK", -@@ -6533,6 +6796,7 @@ var stdlib = map[string][]string{ - "F_SETLK64", - "F_SETLKW", - "F_SETLKW64", -+ "F_SETLKWTIMEOUT", - "F_SETLK_REMOTE", - "F_SETNOSIGPIPE", - "F_SETOWN", -@@ -6542,9 +6806,11 @@ var stdlib = map[string][]string{ - "F_SETSIG", - "F_SETSIZE", - "F_SHLCK", -+ "F_SINGLE_WRITER", - "F_TEST", - "F_THAW_FS", - "F_TLOCK", -+ "F_TRANSCODEKEY", - "F_ULOCK", - "F_UNLCK", - "F_UNLCKSYS", -@@ -7740,12 +8006,20 @@ var stdlib = map[string][]string{ - "NOFLSH", - "NOTE_ABSOLUTE", - "NOTE_ATTRIB", -+ "NOTE_BACKGROUND", - "NOTE_CHILD", -+ "NOTE_CRITICAL", - "NOTE_DELETE", - "NOTE_EOF", - "NOTE_EXEC", - "NOTE_EXIT", - "NOTE_EXITSTATUS", -+ "NOTE_EXIT_CSERROR", -+ "NOTE_EXIT_DECRYPTFAIL", -+ "NOTE_EXIT_DETAIL", -+ "NOTE_EXIT_DETAIL_MASK", -+ "NOTE_EXIT_MEMORY", -+ "NOTE_EXIT_REPARENTED", - "NOTE_EXTEND", - "NOTE_FFAND", - "NOTE_FFCOPY", -@@ -7754,6 +8028,7 @@ var stdlib = map[string][]string{ - "NOTE_FFNOP", - "NOTE_FFOR", - "NOTE_FORK", -+ "NOTE_LEEWAY", - "NOTE_LINK", - "NOTE_LOWAT", - "NOTE_NONE", -@@ -7832,6 +8107,7 @@ var stdlib = map[string][]string{ - "O_CREAT", - "O_DIRECT", - "O_DIRECTORY", -+ "O_DP_GETRAWENCRYPTED", - "O_DSYNC", - "O_EVTONLY", - "O_EXCL", -@@ -8121,6 +8397,7 @@ var stdlib = map[string][]string{ - "RLIMIT_AS", - "RLIMIT_CORE", - "RLIMIT_CPU", -+ "RLIMIT_CPU_USAGE_MONITOR", - "RLIMIT_DATA", - "RLIMIT_FSIZE", - "RLIMIT_NOFILE", -@@ -8233,9 +8510,11 @@ var stdlib = map[string][]string{ - "RTF_PROTO1", - "RTF_PROTO2", - "RTF_PROTO3", -+ "RTF_PROXY", - "RTF_REINSTATE", - "RTF_REJECT", - "RTF_RNH_LOCKED", -+ "RTF_ROUTER", - "RTF_SOURCE", - "RTF_SRC", - "RTF_STATIC", -@@ -8754,6 +9033,7 @@ var stdlib = map[string][]string{ - "SO_NO_OFFLOAD", - "SO_NP_EXTENSIONS", - "SO_NREAD", -+ "SO_NUMRCVPKT", - "SO_NWRITE", - "SO_OOBINLINE", - "SO_OVERFLOWED", -@@ -8923,6 +9203,7 @@ var stdlib = map[string][]string{ - "SYS_CREAT", - "SYS_CREATE_MODULE", - "SYS_CSOPS", -+ "SYS_CSOPS_AUDITTOKEN", - "SYS_DELETE", - "SYS_DELETE_MODULE", - "SYS_DUP", -@@ -9109,6 +9390,7 @@ var stdlib = map[string][]string{ - "SYS_JAIL_GET", - "SYS_JAIL_REMOVE", - "SYS_JAIL_SET", -+ "SYS_KAS_INFO", - "SYS_KDEBUG_TRACE", - "SYS_KENV", - "SYS_KEVENT", -@@ -9136,6 +9418,7 @@ var stdlib = map[string][]string{ - "SYS_LCHMOD", - "SYS_LCHOWN", - "SYS_LCHOWN32", -+ "SYS_LEDGER", - "SYS_LGETFH", - "SYS_LGETXATTR", - "SYS_LINK", -@@ -9232,6 +9515,7 @@ var stdlib = map[string][]string{ - "SYS_OPENAT", - "SYS_OPENBSD_POLL", - "SYS_OPEN_BY_HANDLE_AT", -+ "SYS_OPEN_DPROTECTED_NP", - "SYS_OPEN_EXTENDED", - "SYS_OPEN_NOCANCEL", - "SYS_OVADVISE", -@@ -9864,6 +10148,7 @@ var stdlib = map[string][]string{ - "TCP_CONNECTIONTIMEOUT", - "TCP_CORK", - "TCP_DEFER_ACCEPT", -+ "TCP_ENABLE_ECN", - "TCP_INFO", - "TCP_KEEPALIVE", - "TCP_KEEPCNT", -@@ -9886,11 +10171,13 @@ var stdlib = map[string][]string{ - "TCP_NODELAY", - "TCP_NOOPT", - "TCP_NOPUSH", -+ "TCP_NOTSENT_LOWAT", - "TCP_NSTATES", - "TCP_QUICKACK", - "TCP_RXT_CONNDROPTIME", - "TCP_RXT_FINDROP", - "TCP_SACK_ENABLE", -+ "TCP_SENDMOREACKS", - "TCP_SYNCNT", - "TCP_VENDOR", - "TCP_WINDOW_CLAMP", -@@ -10234,7 +10521,7 @@ var stdlib = map[string][]string{ - "XP1_UNI_RECV", - "XP1_UNI_SEND", - }, -- "syscall/js": []string{ -+ "syscall/js": { - "CopyBytesToGo", - "CopyBytesToJS", - "Error", -@@ -10256,7 +10543,7 @@ var stdlib = map[string][]string{ - "ValueError", - "ValueOf", - }, -- "testing": []string{ -+ "testing": { - "AllocsPerRun", - "B", - "Benchmark", -@@ -10284,12 +10571,12 @@ var stdlib = map[string][]string{ - "TB", - "Verbose", - }, -- "testing/fstest": []string{ -+ "testing/fstest": { - "MapFS", - "MapFile", - "TestFS", - }, -- "testing/iotest": []string{ -+ "testing/iotest": { - "DataErrReader", - "ErrReader", - "ErrTimeout", -@@ -10301,7 +10588,7 @@ var stdlib = map[string][]string{ - "TimeoutReader", - "TruncateWriter", - }, -- "testing/quick": []string{ -+ "testing/quick": { - "Check", - "CheckEqual", - "CheckEqualError", -@@ -10311,7 +10598,7 @@ var stdlib = map[string][]string{ - "SetupError", - "Value", - }, -- "text/scanner": []string{ -+ "text/scanner": { - "Char", - "Comment", - "EOF", -@@ -10334,7 +10621,7 @@ var stdlib = map[string][]string{ - "String", - "TokenString", - }, -- "text/tabwriter": []string{ -+ "text/tabwriter": { - "AlignRight", - "Debug", - "DiscardEmptyColumns", -@@ -10345,7 +10632,7 @@ var stdlib = map[string][]string{ - "TabIndent", - "Writer", - }, -- "text/template": []string{ -+ "text/template": { - "ExecError", - "FuncMap", - "HTMLEscape", -@@ -10363,7 +10650,7 @@ var stdlib = map[string][]string{ - "Template", - "URLQueryEscaper", - }, -- "text/template/parse": []string{ -+ "text/template/parse": { - "ActionNode", - "BoolNode", - "BranchNode", -@@ -10419,13 +10706,15 @@ var stdlib = map[string][]string{ - "VariableNode", - "WithNode", - }, -- "time": []string{ -+ "time": { - "ANSIC", - "After", - "AfterFunc", - "April", - "August", - "Date", -+ "DateOnly", -+ "DateTime", - "December", - "Duration", - "February", -@@ -10480,6 +10769,7 @@ var stdlib = map[string][]string{ - "Tick", - "Ticker", - "Time", -+ "TimeOnly", - "Timer", - "Tuesday", - "UTC", -@@ -10491,7 +10781,7 @@ var stdlib = map[string][]string{ - "Wednesday", - "Weekday", - }, -- "unicode": []string{ -+ "unicode": { - "ASCII_Hex_Digit", - "Adlam", - "Ahom", -@@ -10777,14 +11067,15 @@ var stdlib = map[string][]string{ - "Zp", - "Zs", - }, -- "unicode/utf16": []string{ -+ "unicode/utf16": { -+ "AppendRune", - "Decode", - "DecodeRune", - "Encode", - "EncodeRune", - "IsSurrogate", - }, -- "unicode/utf8": []string{ -+ "unicode/utf8": { - "AppendRune", - "DecodeLastRune", - "DecodeLastRuneInString", -@@ -10805,11 +11096,16 @@ var stdlib = map[string][]string{ - "ValidRune", - "ValidString", - }, -- "unsafe": []string{ -+ "unsafe": { -+ "Add", - "Alignof", - "ArbitraryType", - "Offsetof", - "Pointer", - "Sizeof", -+ "Slice", -+ "SliceData", -+ "String", -+ "StringData", - }, - } -diff --git a/vendor/golang.org/x/tools/go/internal/pkgbits/codes.go b/vendor/golang.org/x/tools/internal/pkgbits/codes.go -similarity index 100% -rename from vendor/golang.org/x/tools/go/internal/pkgbits/codes.go -rename to vendor/golang.org/x/tools/internal/pkgbits/codes.go -diff --git a/vendor/golang.org/x/tools/go/internal/pkgbits/decoder.go b/vendor/golang.org/x/tools/internal/pkgbits/decoder.go -similarity index 83% -rename from vendor/golang.org/x/tools/go/internal/pkgbits/decoder.go -rename to vendor/golang.org/x/tools/internal/pkgbits/decoder.go -index 2bc793668ec..b92e8e6eb32 100644 ---- a/vendor/golang.org/x/tools/go/internal/pkgbits/decoder.go -+++ b/vendor/golang.org/x/tools/internal/pkgbits/decoder.go -@@ -6,9 +6,11 @@ package pkgbits - - import ( - "encoding/binary" -+ "errors" - "fmt" - "go/constant" - "go/token" -+ "io" - "math/big" - "os" - "runtime" -@@ -51,6 +53,8 @@ type PkgDecoder struct { - // For example, section K's end positions start at elemEndsEnds[K-1] - // (or 0, if K==0) and end at elemEndsEnds[K]. - elemEndsEnds [numRelocs]uint32 -+ -+ scratchRelocEnt []RelocEnt - } - - // PkgPath returns the package path for the package -@@ -94,7 +98,7 @@ func NewPkgDecoder(pkgPath, input string) PkgDecoder { - pr.elemEnds = make([]uint32, pr.elemEndsEnds[len(pr.elemEndsEnds)-1]) - assert(binary.Read(r, binary.LittleEndian, pr.elemEnds[:]) == nil) - -- pos, err := r.Seek(0, os.SEEK_CUR) -+ pos, err := r.Seek(0, io.SeekCurrent) - assert(err == nil) - - pr.elemData = input[pos:] -@@ -164,6 +168,21 @@ func (pr *PkgDecoder) NewDecoder(k RelocKind, idx Index, marker SyncMarker) Deco - return r - } - -+// TempDecoder returns a Decoder for the given (section, index) pair, -+// and decodes the given SyncMarker from the element bitstream. -+// If possible the Decoder should be RetireDecoder'd when it is no longer -+// needed, this will avoid heap allocations. -+func (pr *PkgDecoder) TempDecoder(k RelocKind, idx Index, marker SyncMarker) Decoder { -+ r := pr.TempDecoderRaw(k, idx) -+ r.Sync(marker) -+ return r -+} -+ -+func (pr *PkgDecoder) RetireDecoder(d *Decoder) { -+ pr.scratchRelocEnt = d.Relocs -+ d.Relocs = nil -+} -+ - // NewDecoderRaw returns a Decoder for the given (section, index) pair. - // - // Most callers should use NewDecoder instead. -@@ -187,6 +206,30 @@ func (pr *PkgDecoder) NewDecoderRaw(k RelocKind, idx Index) Decoder { - return r - } - -+func (pr *PkgDecoder) TempDecoderRaw(k RelocKind, idx Index) Decoder { -+ r := Decoder{ -+ common: pr, -+ k: k, -+ Idx: idx, -+ } -+ -+ r.Data.Reset(pr.DataIdx(k, idx)) -+ r.Sync(SyncRelocs) -+ l := r.Len() -+ if cap(pr.scratchRelocEnt) >= l { -+ r.Relocs = pr.scratchRelocEnt[:l] -+ pr.scratchRelocEnt = nil -+ } else { -+ r.Relocs = make([]RelocEnt, l) -+ } -+ for i := range r.Relocs { -+ r.Sync(SyncReloc) -+ r.Relocs[i] = RelocEnt{RelocKind(r.Len()), Index(r.Len())} -+ } -+ -+ return r -+} -+ - // A Decoder provides methods for decoding an individual element's - // bitstream data. - type Decoder struct { -@@ -206,11 +249,39 @@ func (r *Decoder) checkErr(err error) { - } - - func (r *Decoder) rawUvarint() uint64 { -- x, err := binary.ReadUvarint(&r.Data) -+ x, err := readUvarint(&r.Data) - r.checkErr(err) - return x - } - -+// readUvarint is a type-specialized copy of encoding/binary.ReadUvarint. -+// This avoids the interface conversion and thus has better escape properties, -+// which flows up the stack. -+func readUvarint(r *strings.Reader) (uint64, error) { -+ var x uint64 -+ var s uint -+ for i := 0; i < binary.MaxVarintLen64; i++ { -+ b, err := r.ReadByte() -+ if err != nil { -+ if i > 0 && err == io.EOF { -+ err = io.ErrUnexpectedEOF -+ } -+ return x, err -+ } -+ if b < 0x80 { -+ if i == binary.MaxVarintLen64-1 && b > 1 { -+ return x, overflow -+ } -+ return x | uint64(b)<= 0); w.Uint64(uint64(x)) } - // Int encodes and writes an int value into the element bitstream. - func (w *Encoder) Int(x int) { w.Int64(int64(x)) } - --// Len encodes and writes a uint value into the element bitstream. -+// Uint encodes and writes a uint value into the element bitstream. - func (w *Encoder) Uint(x uint) { w.Uint64(uint64(x)) } - - // Reloc encodes and writes a relocation for the given (section, -diff --git a/vendor/golang.org/x/tools/go/internal/pkgbits/flags.go b/vendor/golang.org/x/tools/internal/pkgbits/flags.go -similarity index 100% -rename from vendor/golang.org/x/tools/go/internal/pkgbits/flags.go -rename to vendor/golang.org/x/tools/internal/pkgbits/flags.go -diff --git a/vendor/golang.org/x/tools/go/internal/pkgbits/frames_go1.go b/vendor/golang.org/x/tools/internal/pkgbits/frames_go1.go -similarity index 100% -rename from vendor/golang.org/x/tools/go/internal/pkgbits/frames_go1.go -rename to vendor/golang.org/x/tools/internal/pkgbits/frames_go1.go -diff --git a/vendor/golang.org/x/tools/go/internal/pkgbits/frames_go17.go b/vendor/golang.org/x/tools/internal/pkgbits/frames_go17.go -similarity index 100% -rename from vendor/golang.org/x/tools/go/internal/pkgbits/frames_go17.go -rename to vendor/golang.org/x/tools/internal/pkgbits/frames_go17.go -diff --git a/vendor/golang.org/x/tools/go/internal/pkgbits/reloc.go b/vendor/golang.org/x/tools/internal/pkgbits/reloc.go -similarity index 95% -rename from vendor/golang.org/x/tools/go/internal/pkgbits/reloc.go -rename to vendor/golang.org/x/tools/internal/pkgbits/reloc.go -index 7a8f04ab3fc..fcdfb97ca99 100644 ---- a/vendor/golang.org/x/tools/go/internal/pkgbits/reloc.go -+++ b/vendor/golang.org/x/tools/internal/pkgbits/reloc.go -@@ -5,11 +5,11 @@ - package pkgbits - - // A RelocKind indicates a particular section within a unified IR export. --type RelocKind int -+type RelocKind int32 - - // An Index represents a bitstream element index within a particular - // section. --type Index int -+type Index int32 - - // A relocEnt (relocation entry) is an entry in an element's local - // reference table. -diff --git a/vendor/golang.org/x/tools/go/internal/pkgbits/support.go b/vendor/golang.org/x/tools/internal/pkgbits/support.go -similarity index 100% -rename from vendor/golang.org/x/tools/go/internal/pkgbits/support.go -rename to vendor/golang.org/x/tools/internal/pkgbits/support.go -diff --git a/vendor/golang.org/x/tools/go/internal/pkgbits/sync.go b/vendor/golang.org/x/tools/internal/pkgbits/sync.go -similarity index 100% -rename from vendor/golang.org/x/tools/go/internal/pkgbits/sync.go -rename to vendor/golang.org/x/tools/internal/pkgbits/sync.go -diff --git a/vendor/golang.org/x/tools/go/internal/pkgbits/syncmarker_string.go b/vendor/golang.org/x/tools/internal/pkgbits/syncmarker_string.go -similarity index 100% -rename from vendor/golang.org/x/tools/go/internal/pkgbits/syncmarker_string.go -rename to vendor/golang.org/x/tools/internal/pkgbits/syncmarker_string.go -diff --git a/vendor/golang.org/x/tools/internal/tokeninternal/tokeninternal.go b/vendor/golang.org/x/tools/internal/tokeninternal/tokeninternal.go -new file mode 100644 -index 00000000000..a3fb2d4f29d ---- /dev/null -+++ b/vendor/golang.org/x/tools/internal/tokeninternal/tokeninternal.go -@@ -0,0 +1,59 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// package tokeninternal provides access to some internal features of the token -+// package. -+package tokeninternal -+ -+import ( -+ "go/token" -+ "sync" -+ "unsafe" -+) -+ -+// GetLines returns the table of line-start offsets from a token.File. -+func GetLines(file *token.File) []int { -+ // token.File has a Lines method on Go 1.21 and later. -+ if file, ok := (interface{})(file).(interface{ Lines() []int }); ok { -+ return file.Lines() -+ } -+ -+ // This declaration must match that of token.File. -+ // This creates a risk of dependency skew. -+ // For now we check that the size of the two -+ // declarations is the same, on the (fragile) assumption -+ // that future changes would add fields. -+ type tokenFile119 struct { -+ _ string -+ _ int -+ _ int -+ mu sync.Mutex // we're not complete monsters -+ lines []int -+ _ []struct{} -+ } -+ type tokenFile118 struct { -+ _ *token.FileSet // deleted in go1.19 -+ tokenFile119 -+ } -+ -+ type uP = unsafe.Pointer -+ switch unsafe.Sizeof(*file) { -+ case unsafe.Sizeof(tokenFile118{}): -+ var ptr *tokenFile118 -+ *(*uP)(uP(&ptr)) = uP(file) -+ ptr.mu.Lock() -+ defer ptr.mu.Unlock() -+ return ptr.lines -+ -+ case unsafe.Sizeof(tokenFile119{}): -+ var ptr *tokenFile119 -+ *(*uP)(uP(&ptr)) = uP(file) -+ ptr.mu.Lock() -+ defer ptr.mu.Unlock() -+ return ptr.lines -+ -+ default: -+ panic("unexpected token.File size") -+ } -+} -diff --git a/vendor/golang.org/x/tools/internal/typesinternal/errorcode.go b/vendor/golang.org/x/tools/internal/typesinternal/errorcode.go -index d38ee3c27cd..07484073a57 100644 ---- a/vendor/golang.org/x/tools/internal/typesinternal/errorcode.go -+++ b/vendor/golang.org/x/tools/internal/typesinternal/errorcode.go -@@ -30,6 +30,12 @@ type ErrorCode int - // convention that "bad" implies a problem with syntax, and "invalid" implies a - // problem with types. - -+const ( -+ // InvalidSyntaxTree occurs if an invalid syntax tree is provided -+ // to the type checker. It should never happen. -+ InvalidSyntaxTree ErrorCode = -1 -+) -+ - const ( - _ ErrorCode = iota - -@@ -153,12 +159,12 @@ const ( - - /* decls > var (+ other variable assignment codes) */ - -- // UntypedNil occurs when the predeclared (untyped) value nil is used to -+ // UntypedNilUse occurs when the predeclared (untyped) value nil is used to - // initialize a variable declared without an explicit type. - // - // Example: - // var x = nil -- UntypedNil -+ UntypedNilUse - - // WrongAssignCount occurs when the number of values on the right-hand side - // of an assignment or or initialization expression does not match the number -@@ -1523,4 +1529,32 @@ const ( - // Example: - // type T[P any] struct{ *P } - MisplacedTypeParam -+ -+ // InvalidUnsafeSliceData occurs when unsafe.SliceData is called with -+ // an argument that is not of slice type. It also occurs if it is used -+ // in a package compiled for a language version before go1.20. -+ // -+ // Example: -+ // import "unsafe" -+ // -+ // var x int -+ // var _ = unsafe.SliceData(x) -+ InvalidUnsafeSliceData -+ -+ // InvalidUnsafeString occurs when unsafe.String is called with -+ // a length argument that is not of integer type, negative, or -+ // out of bounds. It also occurs if it is used in a package -+ // compiled for a language version before go1.20. -+ // -+ // Example: -+ // import "unsafe" -+ // -+ // var b [10]byte -+ // var _ = unsafe.String(&b[0], -1) -+ InvalidUnsafeString -+ -+ // InvalidUnsafeStringData occurs if it is used in a package -+ // compiled for a language version before go1.20. -+ _ // not used anymore -+ - ) -diff --git a/vendor/golang.org/x/tools/internal/typesinternal/errorcode_string.go b/vendor/golang.org/x/tools/internal/typesinternal/errorcode_string.go -index de90e9515ae..15ecf7c5ded 100644 ---- a/vendor/golang.org/x/tools/internal/typesinternal/errorcode_string.go -+++ b/vendor/golang.org/x/tools/internal/typesinternal/errorcode_string.go -@@ -8,6 +8,7 @@ func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} -+ _ = x[InvalidSyntaxTree - -1] - _ = x[Test-1] - _ = x[BlankPkgName-2] - _ = x[MismatchedPkgName-3] -@@ -23,7 +24,7 @@ func _() { - _ = x[InvalidConstInit-13] - _ = x[InvalidConstVal-14] - _ = x[InvalidConstType-15] -- _ = x[UntypedNil-16] -+ _ = x[UntypedNilUse-16] - _ = x[WrongAssignCount-17] - _ = x[UnassignableOperand-18] - _ = x[NoNewVar-19] -@@ -152,16 +153,27 @@ func _() { - _ = x[MisplacedConstraintIface-142] - _ = x[InvalidMethodTypeParams-143] - _ = x[MisplacedTypeParam-144] -+ _ = x[InvalidUnsafeSliceData-145] -+ _ = x[InvalidUnsafeString-146] - } - --const _ErrorCode_name = "TestBlankPkgNameMismatchedPkgNameInvalidPkgUseBadImportPathBrokenImportImportCRenamedUnusedImportInvalidInitCycleDuplicateDeclInvalidDeclCycleInvalidTypeCycleInvalidConstInitInvalidConstValInvalidConstTypeUntypedNilWrongAssignCountUnassignableOperandNoNewVarMultiValAssignOpInvalidIfaceAssignInvalidChanAssignIncompatibleAssignUnaddressableFieldAssignNotATypeInvalidArrayLenBlankIfaceMethodIncomparableMapKeyInvalidIfaceEmbedInvalidPtrEmbedBadRecvInvalidRecvDuplicateFieldAndMethodDuplicateMethodInvalidBlankInvalidIotaMissingInitBodyInvalidInitSigInvalidInitDeclInvalidMainDeclTooManyValuesNotAnExprTruncatedFloatNumericOverflowUndefinedOpMismatchedTypesDivByZeroNonNumericIncDecUnaddressableOperandInvalidIndirectionNonIndexableOperandInvalidIndexSwappedSliceIndicesNonSliceableOperandInvalidSliceExprInvalidShiftCountInvalidShiftOperandInvalidReceiveInvalidSendDuplicateLitKeyMissingLitKeyInvalidLitIndexOversizeArrayLitMixedStructLitInvalidStructLitMissingLitFieldDuplicateLitFieldUnexportedLitFieldInvalidLitFieldUntypedLitInvalidLitAmbiguousSelectorUndeclaredImportedNameUnexportedNameUndeclaredNameMissingFieldOrMethodBadDotDotDotSyntaxNonVariadicDotDotDotMisplacedDotDotDotInvalidDotDotDotOperandInvalidDotDotDotUncalledBuiltinInvalidAppendInvalidCapInvalidCloseInvalidCopyInvalidComplexInvalidDeleteInvalidImagInvalidLenSwappedMakeArgsInvalidMakeInvalidRealInvalidAssertImpossibleAssertInvalidConversionInvalidUntypedConversionBadOffsetofSyntaxInvalidOffsetofUnusedExprUnusedVarMissingReturnWrongResultCountOutOfScopeResultInvalidCondInvalidPostDeclInvalidChanRangeInvalidIterVarInvalidRangeExprMisplacedBreakMisplacedContinueMisplacedFallthroughDuplicateCaseDuplicateDefaultBadTypeKeywordInvalidTypeSwitchInvalidExprSwitchInvalidSelectCaseUndeclaredLabelDuplicateLabelMisplacedLabelUnusedLabelJumpOverDeclJumpIntoBlockInvalidMethodExprWrongArgCountInvalidCallUnusedResultsInvalidDeferInvalidGoBadDeclRepeatedDeclInvalidUnsafeAddInvalidUnsafeSliceUnsupportedFeatureNotAGenericTypeWrongTypeArgCountCannotInferTypeArgsInvalidTypeArgInvalidInstanceCycleInvalidUnionMisplacedConstraintIfaceInvalidMethodTypeParamsMisplacedTypeParam" -+const ( -+ _ErrorCode_name_0 = "InvalidSyntaxTree" -+ _ErrorCode_name_1 = "TestBlankPkgNameMismatchedPkgNameInvalidPkgUseBadImportPathBrokenImportImportCRenamedUnusedImportInvalidInitCycleDuplicateDeclInvalidDeclCycleInvalidTypeCycleInvalidConstInitInvalidConstValInvalidConstTypeUntypedNilUseWrongAssignCountUnassignableOperandNoNewVarMultiValAssignOpInvalidIfaceAssignInvalidChanAssignIncompatibleAssignUnaddressableFieldAssignNotATypeInvalidArrayLenBlankIfaceMethodIncomparableMapKeyInvalidIfaceEmbedInvalidPtrEmbedBadRecvInvalidRecvDuplicateFieldAndMethodDuplicateMethodInvalidBlankInvalidIotaMissingInitBodyInvalidInitSigInvalidInitDeclInvalidMainDeclTooManyValuesNotAnExprTruncatedFloatNumericOverflowUndefinedOpMismatchedTypesDivByZeroNonNumericIncDecUnaddressableOperandInvalidIndirectionNonIndexableOperandInvalidIndexSwappedSliceIndicesNonSliceableOperandInvalidSliceExprInvalidShiftCountInvalidShiftOperandInvalidReceiveInvalidSendDuplicateLitKeyMissingLitKeyInvalidLitIndexOversizeArrayLitMixedStructLitInvalidStructLitMissingLitFieldDuplicateLitFieldUnexportedLitFieldInvalidLitFieldUntypedLitInvalidLitAmbiguousSelectorUndeclaredImportedNameUnexportedNameUndeclaredNameMissingFieldOrMethodBadDotDotDotSyntaxNonVariadicDotDotDotMisplacedDotDotDotInvalidDotDotDotOperandInvalidDotDotDotUncalledBuiltinInvalidAppendInvalidCapInvalidCloseInvalidCopyInvalidComplexInvalidDeleteInvalidImagInvalidLenSwappedMakeArgsInvalidMakeInvalidRealInvalidAssertImpossibleAssertInvalidConversionInvalidUntypedConversionBadOffsetofSyntaxInvalidOffsetofUnusedExprUnusedVarMissingReturnWrongResultCountOutOfScopeResultInvalidCondInvalidPostDeclInvalidChanRangeInvalidIterVarInvalidRangeExprMisplacedBreakMisplacedContinueMisplacedFallthroughDuplicateCaseDuplicateDefaultBadTypeKeywordInvalidTypeSwitchInvalidExprSwitchInvalidSelectCaseUndeclaredLabelDuplicateLabelMisplacedLabelUnusedLabelJumpOverDeclJumpIntoBlockInvalidMethodExprWrongArgCountInvalidCallUnusedResultsInvalidDeferInvalidGoBadDeclRepeatedDeclInvalidUnsafeAddInvalidUnsafeSliceUnsupportedFeatureNotAGenericTypeWrongTypeArgCountCannotInferTypeArgsInvalidTypeArgInvalidInstanceCycleInvalidUnionMisplacedConstraintIfaceInvalidMethodTypeParamsMisplacedTypeParamInvalidUnsafeSliceDataInvalidUnsafeString" -+) - --var _ErrorCode_index = [...]uint16{0, 4, 16, 33, 46, 59, 71, 85, 97, 113, 126, 142, 158, 174, 189, 205, 215, 231, 250, 258, 274, 292, 309, 327, 351, 359, 374, 390, 408, 425, 440, 447, 458, 481, 496, 508, 519, 534, 548, 563, 578, 591, 600, 614, 629, 640, 655, 664, 680, 700, 718, 737, 749, 768, 787, 803, 820, 839, 853, 864, 879, 892, 907, 923, 937, 953, 968, 985, 1003, 1018, 1028, 1038, 1055, 1077, 1091, 1105, 1125, 1143, 1163, 1181, 1204, 1220, 1235, 1248, 1258, 1270, 1281, 1295, 1308, 1319, 1329, 1344, 1355, 1366, 1379, 1395, 1412, 1436, 1453, 1468, 1478, 1487, 1500, 1516, 1532, 1543, 1558, 1574, 1588, 1604, 1618, 1635, 1655, 1668, 1684, 1698, 1715, 1732, 1749, 1764, 1778, 1792, 1803, 1815, 1828, 1845, 1858, 1869, 1882, 1894, 1903, 1910, 1922, 1938, 1956, 1974, 1989, 2006, 2025, 2039, 2059, 2071, 2095, 2118, 2136} -+var ( -+ _ErrorCode_index_1 = [...]uint16{0, 4, 16, 33, 46, 59, 71, 85, 97, 113, 126, 142, 158, 174, 189, 205, 218, 234, 253, 261, 277, 295, 312, 330, 354, 362, 377, 393, 411, 428, 443, 450, 461, 484, 499, 511, 522, 537, 551, 566, 581, 594, 603, 617, 632, 643, 658, 667, 683, 703, 721, 740, 752, 771, 790, 806, 823, 842, 856, 867, 882, 895, 910, 926, 940, 956, 971, 988, 1006, 1021, 1031, 1041, 1058, 1080, 1094, 1108, 1128, 1146, 1166, 1184, 1207, 1223, 1238, 1251, 1261, 1273, 1284, 1298, 1311, 1322, 1332, 1347, 1358, 1369, 1382, 1398, 1415, 1439, 1456, 1471, 1481, 1490, 1503, 1519, 1535, 1546, 1561, 1577, 1591, 1607, 1621, 1638, 1658, 1671, 1687, 1701, 1718, 1735, 1752, 1767, 1781, 1795, 1806, 1818, 1831, 1848, 1861, 1872, 1885, 1897, 1906, 1913, 1925, 1941, 1959, 1977, 1992, 2009, 2028, 2042, 2062, 2074, 2098, 2121, 2139, 2161, 2180} -+) - - func (i ErrorCode) String() string { -- i -= 1 -- if i < 0 || i >= ErrorCode(len(_ErrorCode_index)-1) { -- return "ErrorCode(" + strconv.FormatInt(int64(i+1), 10) + ")" -+ switch { -+ case i == -1: -+ return _ErrorCode_name_0 -+ case 1 <= i && i <= 146: -+ i -= 1 -+ return _ErrorCode_name_1[_ErrorCode_index_1[i]:_ErrorCode_index_1[i+1]] -+ default: -+ return "ErrorCode(" + strconv.FormatInt(int64(i), 10) + ")" - } -- return _ErrorCode_name[_ErrorCode_index[i]:_ErrorCode_index[i+1]] - } -diff --git a/vendor/modules.txt b/vendor/modules.txt -index 2518cc4fd65..503db02185d 100644 ---- a/vendor/modules.txt -+++ b/vendor/modules.txt -@@ -662,8 +662,8 @@ github.com/onsi/gomega/types - # github.com/opencontainers/go-digest v1.0.0 => github.com/opencontainers/go-digest v1.0.0 - ## explicit; go 1.13 - github.com/opencontainers/go-digest --# github.com/opencontainers/runc v1.1.3 => github.com/opencontainers/runc v1.1.3 --## explicit; go 1.16 -+# github.com/opencontainers/runc v1.1.6 => github.com/opencontainers/runc v1.1.6 -+## explicit; go 1.17 - github.com/opencontainers/runc/libcontainer - github.com/opencontainers/runc/libcontainer/apparmor - github.com/opencontainers/runc/libcontainer/capabilities -@@ -1061,12 +1061,12 @@ golang.org/x/crypto/ssh - golang.org/x/crypto/ssh/internal/bcrypt_pbkdf - # golang.org/x/exp v0.0.0-20210220032938-85be41e4509f => golang.org/x/exp v0.0.0-20210220032938-85be41e4509f - ## explicit; go 1.12 --# golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 => golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 -+# golang.org/x/mod v0.8.0 => golang.org/x/mod v0.8.0 - ## explicit; go 1.17 - golang.org/x/mod/internal/lazyregexp - golang.org/x/mod/module - golang.org/x/mod/semver --# golang.org/x/net v0.0.0-20220722155237-a158d28d115b => golang.org/x/net v0.0.0-20220722155237-a158d28d115b -+# golang.org/x/net v0.8.0 => golang.org/x/net v0.8.0 - ## explicit; go 1.17 - golang.org/x/net/bpf - golang.org/x/net/context -@@ -1092,10 +1092,10 @@ golang.org/x/oauth2/google/internal/externalaccount - golang.org/x/oauth2/internal - golang.org/x/oauth2/jws - golang.org/x/oauth2/jwt --# golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 => golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 -+# golang.org/x/sync v0.1.0 => golang.org/x/sync v0.1.0 - ## explicit - golang.org/x/sync/singleflight --# golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f => golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f -+# golang.org/x/sys v0.6.0 => golang.org/x/sys v0.6.0 - ## explicit; go 1.17 - golang.org/x/sys/cpu - golang.org/x/sys/execabs -@@ -1106,10 +1106,10 @@ golang.org/x/sys/windows - golang.org/x/sys/windows/registry - golang.org/x/sys/windows/svc - golang.org/x/sys/windows/svc/mgr --# golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 => golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 -+# golang.org/x/term v0.6.0 => golang.org/x/term v0.6.0 - ## explicit; go 1.17 - golang.org/x/term --# golang.org/x/text v0.3.7 => golang.org/x/text v0.3.7 -+# golang.org/x/text v0.8.0 => golang.org/x/text v0.8.0 - ## explicit; go 1.17 - golang.org/x/text/encoding - golang.org/x/text/encoding/charmap -@@ -1135,16 +1135,14 @@ golang.org/x/text/width - # golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 => golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 - ## explicit - golang.org/x/time/rate --# golang.org/x/tools v0.1.12 => golang.org/x/tools v0.1.12 -+# golang.org/x/tools v0.6.0 => golang.org/x/tools v0.6.0 - ## explicit; go 1.18 - golang.org/x/tools/benchmark/parse - golang.org/x/tools/container/intsets - golang.org/x/tools/go/ast/astutil - golang.org/x/tools/go/ast/inspector - golang.org/x/tools/go/gcexportdata --golang.org/x/tools/go/internal/gcimporter - golang.org/x/tools/go/internal/packagesdriver --golang.org/x/tools/go/internal/pkgbits - golang.org/x/tools/go/packages - golang.org/x/tools/imports - golang.org/x/tools/internal/event -@@ -1152,10 +1150,13 @@ golang.org/x/tools/internal/event/core - golang.org/x/tools/internal/event/keys - golang.org/x/tools/internal/event/label - golang.org/x/tools/internal/fastwalk -+golang.org/x/tools/internal/gcimporter - golang.org/x/tools/internal/gocommand - golang.org/x/tools/internal/gopathwalk - golang.org/x/tools/internal/imports - golang.org/x/tools/internal/packagesinternal -+golang.org/x/tools/internal/pkgbits -+golang.org/x/tools/internal/tokeninternal - golang.org/x/tools/internal/typeparams - golang.org/x/tools/internal/typesinternal - # gonum.org/v1/gonum v0.6.2 => gonum.org/v1/gonum v0.6.2 -@@ -2752,7 +2753,7 @@ sigs.k8s.io/yaml - # github.com/onsi/gomega => github.com/onsi/gomega v1.20.1 - # github.com/opencontainers/go-digest => github.com/opencontainers/go-digest v1.0.0 - # github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2 --# github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.3 -+# github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.6 - # github.com/opencontainers/runtime-spec => github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 - # github.com/opencontainers/selinux => github.com/opencontainers/selinux v1.10.0 - # github.com/opentracing/opentracing-go => github.com/opentracing/opentracing-go v1.1.0 -@@ -2774,6 +2775,7 @@ sigs.k8s.io/yaml - # github.com/russross/blackfriday/v2 => github.com/russross/blackfriday/v2 v2.1.0 - # github.com/seccomp/libseccomp-golang => github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 - # github.com/sergi/go-diff => github.com/sergi/go-diff v1.1.0 -+# github.com/shurcooL/sanitized_anchor_name => github.com/shurcooL/sanitized_anchor_name v1.0.0 - # github.com/sirupsen/logrus => github.com/sirupsen/logrus v1.8.1 - # github.com/smartystreets/assertions => github.com/smartystreets/assertions v1.1.0 - # github.com/smartystreets/goconvey => github.com/smartystreets/goconvey v1.6.4 -@@ -2827,15 +2829,15 @@ sigs.k8s.io/yaml - # golang.org/x/image => golang.org/x/image v0.0.0-20190802002840-cff245a6509b - # golang.org/x/lint => golang.org/x/lint v0.0.0-20190930215403-16217165b5de - # golang.org/x/mobile => golang.org/x/mobile v0.0.0-20201217150744-e6ae53a27f4f --# golang.org/x/mod => golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 --# golang.org/x/net => golang.org/x/net v0.0.0-20220722155237-a158d28d115b -+# golang.org/x/mod => golang.org/x/mod v0.8.0 -+# golang.org/x/net => golang.org/x/net v0.8.0 - # golang.org/x/oauth2 => golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 --# golang.org/x/sync => golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 --# golang.org/x/sys => golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f --# golang.org/x/term => golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 --# golang.org/x/text => golang.org/x/text v0.3.7 -+# golang.org/x/sync => golang.org/x/sync v0.1.0 -+# golang.org/x/sys => golang.org/x/sys v0.6.0 -+# golang.org/x/term => golang.org/x/term v0.6.0 -+# golang.org/x/text => golang.org/x/text v0.8.0 - # golang.org/x/time => golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 --# golang.org/x/tools => golang.org/x/tools v0.1.12 -+# golang.org/x/tools => golang.org/x/tools v0.6.0 - # golang.org/x/xerrors => golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 - # gonum.org/v1/gonum => gonum.org/v1/gonum v0.6.2 - # gonum.org/v1/netlib => gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/series b/kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/series deleted file mode 100644 index a2b5d968d..000000000 --- a/kubernetes/kubernetes-1.25.3/debian/deb_folder/patches/series +++ /dev/null @@ -1,14 +0,0 @@ -kubeadm-create-platform-pods-with-zero-CPU-resources.patch -kubernetes-make-isolcpus-allocation-SMT-aware.patch -kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch -kubelet-cpumanager-disable-CFS-quota-throttling.patch -kubelet-cpumanager-keep-normal-containers-off-reserv.patch -kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch -kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch -kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch -Revert-kubeadm-remove-RemoveOldControlPlaneLabel.patch -Revert-kubeadm-cleanup-the-master-taint-on-CP-nodes-.patch -kubeadm-reduce-UpgradeManifestTimeout.patch -Identify-platform-pods-based-on-pod-or-namespace-labels.patch -kubeadm-readiness-probe-timeout-core-dns.patch -kubernetes-pull-117682-vendor-bump-runc-to-1.1.6.patch diff --git a/kubernetes/kubernetes-1.25.3/debian/deb_folder/rules b/kubernetes/kubernetes-1.25.3/debian/deb_folder/rules deleted file mode 100755 index ad661ea27..000000000 --- a/kubernetes/kubernetes-1.25.3/debian/deb_folder/rules +++ /dev/null @@ -1,116 +0,0 @@ -#!/usr/bin/make -f - -# -# Copyright (c) 2022 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -# This debian/rules file is based on: -# https://packages.debian.org/source/bookworm/kubernetes -# http://deb.debian.org/debian/pool/main/k/kubernetes/kubernetes_1.20.5+really1.20.2-1.1.debian.tar.xz - -# Customizations support kubernetes upgrades: -# - specific directory locations with kubernetes version, upgrades stage, -# and version specific golang compiler -# - build output not required on the production host is moved to -# kubernetes-misc package - -kube_version := 1.25.3 -kube_git_version := v${kube_version} -name := kubernetes-${kube_version} -go_version := 1.19.2 -_stage1 := /usr/local/kubernetes/${kube_version}/stage1 -_stage2 := /usr/local/kubernetes/${kube_version}/stage2 -_bindir := /usr/bin -kube_dir := src/k8s.io/kubernetes -output_dir := ${kube_dir}/_output -output_bindir := ${output_dir}/bin -output_mandir := ${output_dir}/man -DEBIAN_DESTDIR := $(CURDIR)/debian/tmp -export DH_VERBOSE = 1 -export PATH := /usr/lib/go-1.19/bin:$(PATH) -export KUBE_GIT_TREE_STATE="clean" -export KUBE_GIT_COMMIT=${kube_version} -export KUBE_GIT_VERSION=${kube_git_version} -export KUBE_EXTRA_GOPATH=$(pwd)/Godeps/_workspace -export PBR_VERSION=${kube_git_version} - -bins = kube-proxy kube-apiserver kube-controller-manager kubelet kubeadm kube-scheduler kubectl - -%: - dh $@ --with=bash-completion --builddirectory=src --without=build-stamp - -override_dh_auto_build: - # we support multiple go compilers; indicate the version we are using - go version - which go - - mkdir -pv ${kube_dir} - mv -v $$(ls | grep -v "^src$$" | grep -v "^debian$$") ${kube_dir}/. - cd ${kube_dir} && make WHAT="$(addprefix cmd/,$(bins) genman)" - - # manpages - mkdir -p ${output_mandir} - echo $(bins) | xargs --max-args=1 ${output_bindir}/genman ${output_mandir} - - # NOTICE files - find ${kube_dir}/vendor -name '*NOTICE*' -print0 | xargs -0 head -n1000 > ${output_dir}/NOTICE - -override_dh_install: - # kube_version stage1 - install -m 755 -d ${DEBIAN_DESTDIR}${_stage1}${_bindir} - install -p -m 755 -t ${DEBIAN_DESTDIR}${_stage1}${_bindir} ${output_bindir}/kubeadm - - # kube_version stage2 - install -m 755 -d ${DEBIAN_DESTDIR}${_stage2}${_bindir} - install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d - install -p -m 0644 -t ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d debian/kubeadm.conf - install -p -m 750 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet - install -p -m 755 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl - # bash completions - install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/ - ${DEBIAN_DESTDIR}${_stage2}${_bindir}/kubectl completion bash > ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/kubectl - - # remaining are not kube_version staged, i.e., kubernetes-master, kubernetes-misc - install -m 755 -d ${DEBIAN_DESTDIR}${_bindir} - install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver - install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager - install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler - install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy - - # specific cluster addons for optional use - install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons - - # Addon: volumesnapshots - install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots - install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/crd - install -m 0644 -t ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/crd ${kube_dir}/cluster/addons/volumesnapshots/crd/* - install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/volume-snapshot-controller - install -m 0644 -t ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/volume-snapshot-controller ${kube_dir}/cluster/addons/volumesnapshots/volume-snapshot-controller/* - - # unit-test - # - everything from the root directory is needed - # - unit-tests needs source code - # - integration tests needs docs and other files - # - test-cmd.sh atm needs cluster, examples and other - install -d -m 0755 ${DEBIAN_DESTDIR}/var/lib/kubernetes-unit-test/ - cp -a src ${DEBIAN_DESTDIR}/var/lib/kubernetes-unit-test/ - # remove generated output, i.e., binaries, go cache, man pages, violations report - rm -rf ${DEBIAN_DESTDIR}/var/lib/kubernetes-unit-test/${output_dir} - - dh_install - -override_dh_auto_test: - ${kube_dir}/hack/test-cmd.sh - ${kube_dir}/hack/benchmark-go.sh - ${kube_dir}/hack/test-go.sh - ${kube_dir}/hack/test-integration.sh --use_go_build - -override_dh_fixperms: - dh_fixperms -Xkube-apiserver -Xkubeadm -Xkubeadm.conf \ - -Xkubelet-cgroup-setup.sh -Xkube-apiserver \ - -Xkube-controller-manager -Xkube-scheduler \ - -Xkube-proxy -Xkubelet -Xkubectl - -override_dh_usrlocal: diff --git a/kubernetes/kubernetes-1.25.3/debian/deb_folder/source/format b/kubernetes/kubernetes-1.25.3/debian/deb_folder/source/format deleted file mode 100644 index 163aaf8d8..000000000 --- a/kubernetes/kubernetes-1.25.3/debian/deb_folder/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (quilt) diff --git a/kubernetes/kubernetes-1.25.3/debian/meta_data.yaml b/kubernetes/kubernetes-1.25.3/debian/meta_data.yaml deleted file mode 100644 index d6d2f6448..000000000 --- a/kubernetes/kubernetes-1.25.3/debian/meta_data.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -debver: 1.25.3 -dl_path: - name: kubernetes-1.25.3.tar.gz - url: https://github.com/kubernetes/kubernetes/archive/refs/tags/v1.25.3.tar.gz - md5sum: 595ce52826e10827086a1c0f1c0dcef2 - sha256sum: 957428759c846ed6a71453ce39b9bd7a91501209c222dcae5d73348b90d68ced -revision: - dist: $STX_DIST - GITREVCOUNT: - BASE_SRCREV: aacf601fd5983a950a1fe205cac2490b9cb0a5ad - SRC_DIR: ${MY_REPO}/stx/integ/kubernetes/kubernetes-1.25.3 diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/changelog b/kubernetes/kubernetes-1.26.1/debian/deb_folder/changelog deleted file mode 100644 index 389c371a5..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/changelog +++ /dev/null @@ -1,271 +0,0 @@ -kubernetes-1.26.1 (1.26.1-1) unstable; urgency=medium - - * Updated for stx debian packaging - - -- Saba Touheed Mujawar sabatouheed.mujawar@windriver.com Thu, 16 Feb 2023 18:38:00 +0000 - -kubernetes-1.25.3 (1.25.3-1) unstable; urgency=medium - - * Updated for stx debian packaging - - -- Ramesh Kumar Sivanandam rameshkumar.sivanandam@windriver.com Thu, 14 Nov 2022 14:30:00 +0000 - -kubernetes-1.24.4 (1.24.4-1) unstable; urgency=medium - - * Updated for stx debian packaging - - -- James Gauld james.gauld@windriver.com Wed, 14 Sep 2022 11:30:00 +0000 - -kubernetes-1.23.1 (1.23.1-1) unstable; urgency=medium - - * Updated for stx debian packaging - - -- Kaustubh Dhokte Tue, 22 Feb 2022 20:57:45 +0000 - -kubernetes (1.21.8-1) unstable; urgency=medium - - * Updated for stx debian packaging - - -- Mihnea Saracin mihnea.saracin@opendev.org Fri, 29 Oct 2021 12:51:12 +0000 - -kubernetes (1.20.5+really1.20.2-1.1) unstable; urgency=medium - - * Non-maintainer upload. - * Build using golang-go (Closes: #1000980) - - -- Florian Ernst Sat, 02 Apr 2022 16:49:13 +0200 - -kubernetes (1.20.5+really1.20.2-1) unstable; urgency=medium - - * This is actually still 1.20.2 - * Only contains the client, for the server binaries see unstable/fasttrack - - -- Janos Lenart Sun, 13 Jun 2021 07:08:18 +0000 - -kubernetes (1.20.2-1) unstable; urgency=medium - - * New upstream release: 1.20.2 - - -- Janos Lenart Thu, 14 Jan 2021 10:55:09 +0000 - -kubernetes (1.20.0-1) unstable; urgency=medium - - * New upstream release: 1.20.0 - * Fixes CVE-2020-8565 - - -- Janos Lenart Wed, 09 Dec 2020 12:33:59 +0000 - -kubernetes (1.19.4-2) unstable; urgency=medium - - * Updated README.Debian - - -- Janos Lenart Sat, 21 Nov 2020 14:06:21 +0000 - -kubernetes (1.19.4-1) unstable; urgency=medium - - * New upstream release: 1.19.4 - - -- Janos Lenart Tue, 17 Nov 2020 09:30:59 +0000 - -kubernetes (1.19.3-1) unstable; urgency=medium - - * New upstream release: 1.19.3 - * Building with golang-1.15 - * Fixes CVE-2020-8564, CVE-2020-8566 - - -- Janos Lenart Wed, 21 Oct 2020 10:38:41 +0100 - -kubernetes (1.18.6-1) unstable; urgency=medium - - * New upstream release: 1.18.6 - * (An earlier version, 1.17.4-1 fixes CVE-2019-9946) - - -- Janos Lenart Thu, 16 Jul 2020 10:08:46 +0100 - -kubernetes (1.18.5-1) unstable; urgency=medium - - * New upstream release: 1.18.5 - * Fixes CVE-2020-8557, CVE-2020-8558, CVE-2020-8559 - - -- Janos Lenart Wed, 15 Jul 2020 17:19:40 +0100 - -kubernetes (1.18.3-1) unstable; urgency=medium - - * New upstream release: 1.18.3 - * Improved build reproducibility - - -- Janos Lenart Tue, 02 Jun 2020 11:18:12 +0000 - -kubernetes (1.18.2-3) unstable; urgency=medium - - * Bumped Standards-Version - * Improved build reproducibility - - -- Janos Lenart Fri, 15 May 2020 13:17:53 +0000 - -kubernetes (1.18.2-2) unstable; urgency=medium - - * Added i386 back - - -- Janos Lenart Sun, 03 May 2020 21:13:17 +0000 - -kubernetes (1.18.2-1) unstable; urgency=medium - - * New upstream release: 1.18.2 - - -- Janos Lenart Sun, 03 May 2020 19:25:37 +0000 - -kubernetes (1.18.0-1) unstable; urgency=medium - - * New upstream release: 1.18.0 - - -- Janos Lenart Sat, 28 Mar 2020 12:58:42 +0000 - -kubernetes (1.17.4-1) unstable; urgency=high - - * New maintainer (Closes: #886739) - * New upstream release: 1.17.4 (Closes: #887741) - * New Debian packaging from scratch. See README.Debian - * kubernetes-node - - Moved docker from Depends into Recommends as kubelet can also work with - rkt, cri-o, etc. (Closes: #872690) - - Not shipping systemd units for kubelet and kube-proxy for now - * kubernetes-master - - Moved etcd from Depends into Recommends as apiserver can also connect to - a remote etcd/cluster. - - Not shipping systemd units for kube-apiserver, kube-schedules and - kube-controller-manager for now - - -- Janos Lenart Sun, 15 Mar 2020 21:46:45 +0000 - -kubernetes (1.7.16+dfsg-1) unstable; urgency=medium - - [ Michael Stapelberg ] - * Switch to XS-Go-Import-Path - - [ Dmitry Smirnov ] - * Resurrected "mergo.patch" that has been mistakenly removed - (Closes: #878254). - * Re-enabled safeguard test for the above problem. - * New upstream release: - + CVE-2017-1002101 (Closes: #892801) - + CVE-2017-1002102 (Closes: #894051) - * Updated Vcs URLs for Salsa. - * Standards-Version: 4.1.4 - * Build-Depends: - - golang-go - + golang-any - + golang-github-appc-cni-dev - + golang-github-armon-circbuf-dev - + golang-github-azure-azure-sdk-for-go-dev - + golang-github-dgrijalva-jwt-go-v3-dev - + golang-github-docker-distribution-dev - + golang-github-docker-docker-dev - + golang-github-emicklei-go-restful-swagger12-dev - + golang-github-gogo-protobuf-dev - + golang-github-gorilla-websocket-dev - + golang-github-grpc-ecosystem-go-grpc-prometheus-dev - + golang-github-karlseguin-ccache-dev - - golang-github-opencontainers-runc-dev - + golang-github-opencontainers-docker-runc-dev - + golang-github-pmezard-go-difflib-dev - + golang-golang-x-time-dev - + golang-golang-x-tools-dev - + golang-google-grpc-dev - + golang-gopkg-warnings.v0-dev - + golang-goprotobuf-dev - - -- Dmitry Smirnov Sun, 06 May 2018 16:20:21 +1000 - -kubernetes (1.7.7+dfsg-3) unstable; urgency=medium - - * kubernetes-master should depend on etcd (Closes: #855218). - - -- Andrew Shadura Sun, 22 Oct 2017 19:40:46 +0100 - -kubernetes (1.7.7+dfsg-2) unstable; urgency=medium - - * Use CURDIR, not PWD, unbreaks the build at buildds. - - -- Andrew Shadura Fri, 06 Oct 2017 19:25:45 +0200 - -kubernetes (1.7.7+dfsg-1) unstable; urgency=medium - - [ Tim Potter ] - * Open work for new release - * Remove unused Files-Excluded entries from d/copyright - * Remove Skydns B-D as no longer used - * Don't build on ppc64 or ppc64le architectures - - [ Andrew Shadura ] - * New upstream release. - * Refresh patches. - * Update build dependencies. - * Symlink vendor packages to the build directory. - - -- Andrew Shadura Fri, 06 Oct 2017 18:54:06 +0200 - -kubernetes (1.5.5+dfsg-2) unstable; urgency=medium - - * Team upload. - * Don't build on ppc64le due to Go linker problems. See GitHub issue - https://github.com/golang/go/issues/15823. - * Don't build on ppc64 as it's not supported by upstream at the - moment. (Closes: #860505) - - -- Tim Potter Sat, 03 Jun 2017 08:00:51 +1000 - -kubernetes (1.5.5+dfsg-1) unstable; urgency=low - - [ Dmitry Smirnov ] - * Switch to bundled "rkt". - * rules: remove "-p" option from build and test overrides. - * control: drop obsolete "golang-clockwork-dev" alternative. - * New patch to disable test failing on [armel]. - * Upload to unstable. - - [ Tim Potter ] - * New upstream version. [March 2017] - * Big updates to d/rules and d/copyright to update to upstream - changes made since the 1.2.x release. - * Refresh patches to bring up to date with upstream changes since - 1.2.x. - * control: add lsb-base as dependency for sysvinit scripts. - * Suppress spelling-error-in-binary Lintian messages. - - -- Tim Potter Thu, 13 Apr 2017 16:45:57 +1000 - -kubernetes (1.2.5+dfsg-1) experimental; urgency=medium - - * New upstream release [June 2016]. - * Switch to private "github.com/golang/glog" due to log noise. - * Disabled failing tests; no longer ignore failures in tests. - * Build/test using 2 cores only. - * New patch to update appc/cni name space (fixes FTBFS). - * Removed obsolete "spf13-cobra.patch". - - -- Dmitry Smirnov Sun, 03 Jul 2016 04:12:28 +1000 - -kubernetes (1.2.4+dfsg-2) experimental; urgency=medium - - * Added new patch to fix incompatibility with "imdario/mergo" v0.2.2 - (Closes: #825753). - Thanks, Florian Ernst. - * Enable tests but ignore failures for now. - - -- Dmitry Smirnov Fri, 17 Jun 2016 01:41:38 +1000 - -kubernetes (1.2.4+dfsg-1) experimental; urgency=medium - - * New upstream release [May 2016]. - * New patch to print output of "uname -m" on unsupported architectures. - * New "docker.patch" to fix potential FTBFS. - + Build-Depends += "golang-github-docker-distribution-dev". - - -- Dmitry Smirnov Wed, 15 Jun 2016 21:03:01 +1000 - -kubernetes (1.2.3+dfsg-1) experimental; urgency=low - - * Initial release (Closes: #795652). - - -- Dmitry Smirnov Mon, 25 Apr 2016 22:40:12 +1000 diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/control b/kubernetes/kubernetes-1.26.1/debian/deb_folder/control deleted file mode 100644 index 71be774c5..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/control +++ /dev/null @@ -1,93 +0,0 @@ -Source: kubernetes-1.26.1 -Section: admin -Priority: optional -Maintainer: StarlingX Developers -Build-Depends: debhelper-compat (= 13), - build-essential, - bash-completion, - jq, - rsync, - go-bindata, - go-md2man, - golang-1.19 -Standards-Version: 4.4.1 -Homepage: http://kubernetes.io/ -XS-Build-Size: 15GB - -Package: kubernetes-1.26.1-client -Provides: kubernetes-utils -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends} -Recommends: ${misc:Recommends} -Built-Using: ${misc:Built-Using} -Description: Kubernetes Command Line Tool - The Kubernetes command line tool for interacting with the Kubernetes API. - -Package: kubernetes-1.26.1-master -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends}, - adduser, - lsb-base, - etcd -Recommends: ${misc:Recommends}, kubernetes-1.26.1-client -Built-Using: ${misc:Built-Using} -Description: Kubernetes services for master host - Container Cluster Manager from Google. Kubernetes is an open source system - for managing containerized applications across multiple hosts, providing - basic mechanisms for deployment, maintenance, and scaling of applications. - . - Linux kernel version 3.8 or above is required for proper operation of the - daemon process, and that any lower versions may have subtle and/or glaring - issues. - . - This package provides "kube-apiserver", "kube-controller-manager" and - "kube-scheduler" daemons. - -Package: kubernetes-1.26.1-node -Provides: cadvisor -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends}, - adduser, - conntrack, - conntrackd, - docker.io, - lsb-base, - socat, -Recommends: ${misc:Recommends}, kubernetes-1.26.1-client -Built-Using: ${misc:Built-Using} -Description: Kubernetes services for node host - Container Cluster Manager from Google. Kubernetes is an open source system - for managing containerized applications across multiple hosts, providing - basic mechanisms for deployment, maintenance, and scaling of applications. - . - Linux kernel version 3.8 or above is required for proper operation of the - daemon process, and that any lower versions may have subtle and/or glaring - issues. - -Package: kubernetes-1.26.1-kubeadm -Architecture: amd64 -Depends: ${misc:Depends}, containernetworking-plugins -Recommends: ${misc:Recommends}, kubernetes-1.26.1-client -Built-Using: ${misc:Built-Using} -Description: Kubernetes Cluster Bootstrapping Tool - The Kubernetes command line tool for bootstrapping a Kubernetes cluster. - -Package: kubernetes-1.26.1-misc -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends} -Recommends: ${misc:Recommends} -Built-Using: ${misc:Built-Using} -Description: dummy package - Kubernetes dummy package for misc stuff we don't want to install in production. - -Package: kubernetes-1.26.1-unit-test -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends}, - hostname, - rsync, - etcd (>= 2.0.9), - network-manager, -Recommends: ${misc:Recommends} -Built-Using: ${misc:Built-Using} -Description: Kubernetes unit test - Kubernetes unit-test framework. diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/copyright b/kubernetes/kubernetes-1.26.1/debian/deb_folder/copyright deleted file mode 100644 index c491e21c9..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/copyright +++ /dev/null @@ -1,1820 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: Kubernetes -Source: https://github.com/kubernetes/kubernetes - -Files: - debian/kubeadm.conf - debian/kubelet-cgroup-setup.sh -Copyright: 2023 Wind River Systems, Inc. -License: Apache-2.0 - -Files: * -Copyright: 2014-2020 The Kubernetes Authors -License: Apache-2.0 - -Files: debian/* -Copyright: 2020 Janos Lenart -License: Apache-2.0 - -License: Apache-2.0 - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - . - http://www.apache.org/licenses/LICENSE-2.0 - . - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - . - On Debian systems the full text of the Apache-2.0 license can be found in - /usr/share/common-licenses/Apache-2.0 . - -Files: vendor/bitbucket.org/bertimus9/systemstat/* -Copyright: 2013 Phillip Bond -License: Expat - -Files: vendor/cloud.google.com/go/* -Copyright: 2014 Google LLC -License: Apache-2.0 - -Files: vendor/github.com/armon/circbuf/* -Copyright: 2013 Armon Dadgar -License: Expat - -Files: vendor/github.com/asaskevich/govalidator/* -Copyright: 2014 Alex Saskevich -License: Expat - -Files: vendor/github.com/aws/aws-sdk-go/* -Copyright: 2015 Amazon.com, Inc. or its affiliates. - 2014-2015 Stripe, Inc. -License: Apache-2.0 - -Files: vendor/github.com/Azure/azure-sdk-for-go/* -Copyright: 2014-2017 Microsoft and contributors -License: Apache-2.0 - -Files: vendor/github.com/Azure/go-ansiterm/* -Copyright: 2015 Microsoft Corporation -License: Expat - -Files: vendor/github.com/Azure/go-autorest/* -Copyright: 2015, 2017, 2018 Microsoft Corporation -License: Apache-2.0 - -Files: vendor/github.com/bazelbuild/* -Copyright: 2014, 2016-2019 The Bazel Authors. - 2016-2017 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/beorn7/perks/* -Copyright: 2013 Blake Mizerany -License: Expat - -Files: vendor/github.com/blang/semver/* -Copyright: 2014 Benedikt Lang -License: Expat - -Files: vendor/github.com/BurntSushi/toml/* -Copyright: 2013 TOML authors - 2010 The Go Authors -License: Expat and BSD-3-clause - -Files: vendor/github.com/caddyserver/caddy/* -Copyright: 2015 Light Code Labs, LLC -License: Apache-2.0 - -Files: vendor/github.com/cespare/prettybench/* -Copyright: 2014 Caleb Spare -License: Expat - -Files: vendor/github.com/chai2010/gettext-go/* -Copyright: 2013 ChaiShushan -License: BSD-3-clause - -Files: vendor/github.com/checkpoint-restore/go-criu/* -Copyright: The go-criu contributors -License: Apache-2.0 - -Files: vendor/github.com/client9/misspell/* -Copyright: 2015-2017 Nick Galbreath - 2009, 2011 The Go Authors -License: Expat and BSD-3-clause - -Files: vendor/github.com/clusterhq/flocker-go/* -Copyright: 2014-2016 ClusterHQ -License: Apache-2.0 - -Files: vendor/github.com/containerd/* -Copyright: 2012-2016 Docker, Inc. -License: Apache-2.0 and CC-BY-4.0 - -Files: vendor/github.com/containernetworking/cni/* -Copyright: 2015,2016 CNI authors -License: Apache-2.0 - -Files: vendor/github.com/container-storage-interface/spec/* -Copyright: 2017-2020 container-storage-interface/spec contributors -License: Apache-2.0 - -Files: vendor/github.com/coredns/corefile-migration/* -Copyright: 2019-2020 coredns/corefile-migration contributors -License: Apache-2.0 - -Files: vendor/github.com/coreos/go-oidc/* -Copyright: 2014 CoreOS, Inc - 2004, 2006 The Linux Foundation and its contributors -License: Apache-2.0 - -Files: vendor/github.com/coreos/go-semver/* -Copyright: 2013-2015, 2018 CoreOS, Inc -License: Apache-2.0 - -Files: vendor/github.com/coreos/go-systemd/* -Copyright: 2014 Docker, Inc. - 2015-2018 CoreOS, Inc -License: Apache-2.0 - -Files: vendor/github.com/coreos/pkg/* -Copyright: 2014-2016 CoreOS, Inc -License: Apache-2.0 - -Files: vendor/github.com/cpuguy83/go-md2man/* -Copyright: 2014 Brian Goff -License: Expat - -Files: vendor/github.com/cyphar/filepath-securejoin/* -Copyright: 2014-2015 Docker Inc & Go Authors - 2017 SUSE LLC. -License: BSD-3-clause - -Files: vendor/github.com/davecgh/go-spew/* -Copyright: 2012-2016 Dave Collins -License: ISC - -Files: vendor/github.com/daviddengcn/go-colortext/* -Copyright: 2016, David Deng -License: Expat or BSD-3-clause - -Files: vendor/github.com/dgrijalva/jwt-go/* -Copyright: 2012 Dave Grijalva -License: Expat - -Files: vendor/github.com/docker/distribution/* -Copyright: 2014-2020 docker/distribution contributors - 2013 Damien Le Berrigaud and Nick Wade -License: Apache-2.0 and Expat and CC-BY-4.0 - -Files: vendor/github.com/docker/docker/* -Copyright: 2012-2018 Docker, Inc. - 2019 Keith Rarick -License: Apache-2.0 and Expat - -Files: vendor/github.com/docker/go-connections/* -Copyright: 2015 Docker, Inc. -License: Apache-2.0 - -Files: vendor/github.com/docker/go-units/* -Copyright: 2015 Docker, Inc. - 2004, 2006 The Linux Foundation and its contributors. -License: Apache-2.0 - -Files: vendor/github.com/docker/libnetwork/* -Copyright: 2015-2020 docker/libnetwork contributors -License: Apache-2.0 - -Files: vendor/github.com/docker/spdystream/* -Copyright: 2014-2015 Docker, Inc. - 2011, 2013 The Go Authors -License: Apache-2.0 and BSD-3-clause and CC-BY-SA-4.0 - -Files: vendor/github.com/dustin/go-humanize/* -Copyright: 2005-2008 Dustin Sallings -License: Expat - -Files: vendor/github.com/elazarl/goproxy/* -Copyright: 2012 Elazar Leibovich -License: BSD-3-clause - -Files: vendor/github.com/emicklei/go-restful/* -Copyright: 2012-2015, 2018 Ernest Micklei -License: Expat - -Files: vendor/github.com/euank/go-kmsg-parser/* -Copyright: 2016 Euan Kemp -License: Apache-2.0 - -Files: vendor/github.com/evanphx/json-patch/* -Copyright: 2014, Evan Phoenix -License: BSD-3-clause - -Files: vendor/github.com/exponent-io/jsonpath/* -Copyright: 2015 Exponent Labs LLC -License: Expat - -Files: vendor/github.com/fatih/camelcase/* -Copyright: 2015 Fatih Arslan -License: Expat - -Files: vendor/github.com/fatih/color/* -Copyright: 2013 Fatih Arslan -License: Expat - -Files: vendor/github.com/fsnotify/fsnotify/* -Copyright: 2010-2013, 2015 The Go Authors - 2012 fsnotify Authors -License: BSD-3-clause - -Files: vendor/github.com/ghodss/yaml/* -Copyright: 2014 Sam Ghods - 2012, 2013 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/go-bindata/go-bindata/* -Copyright: The go-bindata contributors -License: CC0-1.0 - -Files: vendor/github.com/godbus/dbus/* -Copyright: 2013, Georg Reinke (), Google -License: BSD-2-clause - -Files: vendor/github.com/gogo/protobuf/* -Copyright: 2013, The GoGo Authors - 2010-2012, 2015-2018 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/golang/groupcache/* -Copyright: 2013 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/golang/mock/* -Copyright: 2010, 2011 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/golang/protobuf/* -Copyright: 2008, 2010-2012, 2015-2018 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/googleapis/gnostic/* -Copyright: 2017 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/google/btree/* -Copyright: 2014 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/google/cadvisor/* -Copyright: 2014-2019 Google Inc. - 2014 The cAdvisor Authors -License: Apache-2.0 - -Files: vendor/github.com/GoogleCloudPlatform/k8s-cloud-provider/* -Copyright: 2018, 2019 Google LLC -License: Apache-2.0 - -Files: vendor/github.com/google/go-cmp/* -Copyright: 2017-2019 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/google/gofuzz/* -Copyright: 2014 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/google/uuid/* -Copyright: 2009, 2014, 2016-2018 Google Inc. -License: BSD-3-clause - -Files: vendor/github.com/go-openapi/analysis/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/errors/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/jsonpointer/* -Copyright: 2013 sigu-399 ( https://github.com/sigu-399 ) -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/jsonreference/* -Copyright: 2013 sigu-399 ( https://github.com/sigu-399 ) -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/loads/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/runtime/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/spec/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/strfmt/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/swag/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/validate/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-ozzo/ozzo-validation/* -Copyright: 2016, 2018 Qiang Xue, Google LLC -License: Expat - -Files: vendor/github.com/gophercloud/gophercloud/* -Copyright: 2012-2013 Rackspace, Inc. -License: Apache-2.0 - -Files: vendor/github.com/gorilla/websocket/* -Copyright: 2013, 2016, 2017 The Gorilla WebSocket Authors -License: BSD-2-clause - -Files: vendor/github.com/go-stack/stack/* -Copyright: 2014 Chris Hines -License: Expat - -Files: vendor/github.com/gregjones/httpcache/* -Copyright: 2012 Greg Jones (greg.jones@gmail.com) -License: Expat - -Files: vendor/github.com/grpc-ecosystem/go-grpc-middleware/* -Copyright: 2016 Michal Witkowski -License: Apache-2.0 - -Files: vendor/github.com/grpc-ecosystem/go-grpc-prometheus/* -Copyright: 2016 Michal Witkowski -License: Apache-2.0 - -Files: vendor/github.com/grpc-ecosystem/grpc-gateway/* -Copyright: 2015, Gengo, Inc. -License: BSD-3-clause - -Files: vendor/github.com/hashicorp/golang-lru/* -Copyright: 2014-2020 hashicorp/golang-lru contributors -License: MPL-2.0 - -Files: vendor/github.com/hashicorp/hcl/* -Copyright: 2014-2020 hashicorp/hcl contributors -License: MPL-2.0 - -Files: vendor/github.com/heketi/heketi/* -Copyright: 2015, 2016, 2018 The heketi Authors - 1989, 1991, 2007 Free Software Foundation, Inc. -License: (Apache-2.0 or LGPL-3.0) and (LGPL-3.0 or GPL-2.0) - -Files: vendor/github.com/hpcloud/tail/* -Copyright: 2015 Hewlett Packard Enterprise Development LP - 2015 HPE Software Inc. - 2013, 2014 ActiveState Software Inc. - 2013 99designs -License: Expat - -Files: vendor/github.com/imdario/mergo/* -Copyright: 2009, 2013, 2014 Dario Castañé - 2009, 2012 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/inconshreveable/mousetrap/* -Copyright: 2014 Alan Shreve -License: Apache-2.0 - -Files: vendor/github.com/JeffAshton/win_pdh/* -Copyright: 2010, 2013 The win_pdh Authors -License: BSD-3-clause - -Files: vendor/github.com/jmespath/go-jmespath/* -Copyright: 2015 James Saryerwinnie -License: Apache-2.0 - -Files: vendor/github.com/jonboulle/clockwork/* -Copyright: 2014-2020 jonboulle/clockwork contributors -License: Apache-2.0 - -Files: vendor/github.com/json-iterator/go/* -Copyright: 2016 json-iterator -License: Expat - -Files: vendor/github.com/karrick/godirwalk/* -Copyright: 2017, Karrick McDermott -License: BSD-2-clause - -Files: vendor/github.com/konsorten/go-windows-terminal-sequences/* -Copyright: 2016, 2017 marvin + konsorten GmbH (open-source@konsorten.de) -License: Expat - -Files: vendor/github.com/libopenstorage/openstorage/* -Copyright: 2015 Openstorage.org -License: Apache-2.0 - -Files: vendor/github.com/liggitt/tabwriter/* -Copyright: 2009 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/lithammer/dedent/* -Copyright: 2018 Peter Lithammer -License: Expat - -Files: vendor/github.com/magiconair/properties/* -Copyright: 2011 The Go Authors - 2013-2018 Frank Schroeder -License: BSD-2-clause - -Files: vendor/github.com/mailru/easyjson/* -Copyright: 2016 Mail.Ru Group -License: Expat - -Files: vendor/github.com/MakeNowJust/heredoc/* -Copyright: 2014-2017 TSUYUSATO Kitsune -License: Expat - -Files: vendor/github.com/mattn/go-colorable/* -Copyright: 2016 Yasuhiro Matsumoto -License: Expat - -Files: vendor/github.com/mattn/go-isatty/* -Copyright: Yasuhiro MATSUMOTO -License: Expat - -Files: vendor/github.com/mattn/go-shellwords/* -Copyright: 2017 Yasuhiro Matsumoto -License: Expat - -Files: vendor/github.com/matttproud/golang_protobuf_extensions/* -Copyright: 2012 Matt T. Proud (matt.proud@gmail.com) -License: Apache-2.0 - -Files: vendor/github.com/Microsoft/go-winio/* -Copyright: 2015 Microsoft -License: Expat - -Files: vendor/github.com/Microsoft/hcsshim/* -Copyright: 2015, 2018 Microsoft Corp. -License: Expat - -Files: vendor/github.com/miekg/dns/* -Copyright: 2011 Miek Gieben - 2009, 2013 The Go Authors - 2014 CloudFlare -License: BSD-3-clause - -Files: vendor/github.com/mindprince/gonvml/* -Copyright: 2017 Google Inc. - 1993-2016 NVIDIA Corporation -License: Apache-2.0 - -Files: vendor/github.com/mistifyio/go-zfs/* -Copyright: 2014 OmniTI Computer Consulting, Inc. -License: Apache-2.0 - -Files: vendor/github.com/mitchellh/go-wordwrap/* -Copyright: 2014 Mitchell Hashimoto -License: Expat - -Files: vendor/github.com/mitchellh/mapstructure/* -Copyright: 2013 Mitchell Hashimoto -License: Expat - -Files: vendor/github.com/modern-go/concurrent/* -Copyright: 2018-2020 modern-go/concurrent contributors -License: Apache-2.0 - -Files: vendor/github.com/modern-go/reflect2/* -Copyright: 2018-2020 modern-go/reflec2 contributors -License: Apache-2.0 - -Files: vendor/github.com/mohae/deepcopy/* -Copyright: 2014-2016 Joel Scoble (github.com/mohae) -License: Expat - -Files: vendor/github.com/morikuni/aec/* -Copyright: 2016 Taihei Morikuni -License: Expat - -Files: vendor/github.com/mrunalp/fileutils/* -Copyright: 2014 Docker Inc. -License: Apache-2.0 - -Files: vendor/github.com/munnerz/goautoneg/* -Copyright: 2011, Open Knowledge Foundation Ltd -License: BSD-3-clause - -Files: vendor/github.com/mvdan/xurls/* -Copyright: 2015, Daniel Martí -License: BSD-3-clause - -Files: vendor/github.com/mxk/go-flowrate/* -Copyright: 2014 The Go-FlowRate Authors -License: BSD-3-clause - -Files: vendor/github.com/NYTimes/gziphandler/* -Copyright: 2015 The New York Times Company -License: Apache-2.0 - -Files: vendor/github.com/onsi/ginkgo/* -Copyright: 2013-2014 Onsi Fakhouri - 2016 Yasuhiro Matsumoto -License: Expat - -Files: vendor/github.com/onsi/gomega/* -Copyright: 2013-2014 Onsi Fakhouri -License: Expat - -Files: vendor/github.com/opencontainers/go-digest/* -Copyright: 2017 Docker, Inc. - 2004, 2006 The Linux Foundation and its contributors -License: Apache-2.0 and CC-BY-SA-4.0 - -Files: vendor/github.com/opencontainers/image-spec/* -Copyright: 2016 The Linux Foundation -License: Apache-2.0 - -Files: vendor/github.com/opencontainers/runc/* -Copyright: 2012-2015 Docker, Inc. - 2016, 2017 SUSE LLC -License: Apache-2.0 - -Files: vendor/github.com/opencontainers/runtime-spec/* -Copyright: 2015 The Linux Foundation -License: Apache-2.0 - -Files: vendor/github.com/opencontainers/selinux/* -Copyright: 2017-2020 opencontainers/selinux contributors -License: Apache-2.0 - -Files: vendor/github.com/pelletier/go-toml/* -Copyright: 2013-2017 Thomas Pelletier, Eric Anderton -License: Expat - -Files: vendor/github.com/peterbourgon/diskv/* -Copyright: 2011-2012 Peter Bourgon -License: Expat - -Files: vendor/github.com/pkg/errors/* -Copyright: 2015, Dave Cheney -License: BSD-2-clause - -Files: vendor/github.com/pmezard/go-difflib/* -Copyright: 2013, Patrick Mezard -License: BSD-3-clause - -Files: vendor/github.com/pquerna/cachecontrol/* -Copyright: 2015 Paul Querna - 2009 The Go Authors -License: Apache-2.0 and BSD-3-clause - -Files: vendor/github.com/prometheus/client_golang/* -Copyright: 2012-2019 The Prometheus Authors - 2010 The Go Authors - 2013-2015 Blake Mizerany, Björn Rabenstein - 2013 Matt T. Proud -License: Apache-2.0 - -Files: vendor/github.com/prometheus/client_model/* -Copyright: 2012-2015 The Prometheus Authors -License: Apache-2.0 - -Files: vendor/github.com/prometheus/common/* -Copyright: 2013-2015 The Prometheus Authors - 2011, Open Knowledge Foundation Ltd. -License: Apache-2.0 - -Files: vendor/github.com/prometheus/procfs/* -Copyright: 2014-2015,2017-2019 The Prometheus Authors - 2017 Roger Luethi -License: Apache-2.0 - -Files: vendor/github.com/PuerkitoBio/purell/* -Copyright: 2012, Martin Angers -License: BSD-3-clause - -Files: vendor/github.com/PuerkitoBio/urlesc/* -Copyright: 2009, 2012 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/quobyte/api/* -Copyright: 2016, Quobyte Inc. -License: BSD-3-clause - -Files: vendor/github.com/robfig/cron/* -Copyright: 2012 Rob Figueiredo -License: Expat - -Files: vendor/github.com/rubiojr/go-vhd/* -Copyright: 2015 Sergio Rubio -License: Expat - -Files: vendor/github.com/russross/blackfriday/* -Copyright: 2011 Russ Ross -License: BSD-2-clause - -Files: vendor/github.com/satori/go.uuid/* -Copyright: 2013-2018 by Maxim Bublis -License: Expat - -Files: vendor/github.com/seccomp/libseccomp-golang/* -Copyright: 2015 Matthew Heon - 2015 Paul Moore -License: BSD-2-clause - -Files: vendor/github.com/sirupsen/logrus/* -Copyright: 2014 Simon Eskildsen -License: Expat - -Files: vendor/github.com/soheilhy/cmux/* -Copyright: 2016 The CMux Authors -License: Apache-2.0 - -Files: vendor/github.com/spf13/afero/* -Copyright: 2009, 2015 The Go Authors - 2014-2016,2018 Steve Francia - 2015 The Hugo Authors - 2013 The tsuru authors - 2016-present Bjørn Erik Pedersen -License: Apache-2.0 - -Files: vendor/github.com/spf13/cast/* -Copyright: 2014 Steve Francia - 2011 The Go Authors -License: Expat - -Files: vendor/github.com/spf13/cobra/* -Copyright: 2013 Steve Francia . - 2015 Red Hat Inc. - 2016 French Ben -License: Apache-2.0 - -Files: vendor/github.com/spf13/jwalterweatherman/* -Copyright: 2014, 2016 Steve Francia -License: Expat - -Files: vendor/github.com/spf13/pflag/* -Copyright: 2012 Alex Ogier - 2009, 2012 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/spf13/viper/* -Copyright: 2014 Steve Francia -License: Expat - -Files: vendor/github.com/storageos/go-api/* -Copyright: 2015-2018 StorageOS - 2013-2017 go-dockerclient Authors -License: Expat and BSD-2-clause - -Files: vendor/github.com/stretchr/objx/* -Copyright: 2014 Stretchr, Inc. - 2017-2018 objx contributors -License: Expat - -Files: vendor/github.com/stretchr/testify/* -Copyright: 2012-2018 Mat Ryer and Tyler Bunnell -License: Expat - -Files: vendor/github.com/syndtr/gocapability/* -Copyright: 2013 Suryandaru Triandana -License: BSD-2-clause - -Files: vendor/github.com/thecodeteam/goscaleio/* -Copyright: 2015-2019 thecodeteam/goscaleio contributors -License: Apache-2.0 - -Files: vendor/github.com/tmc/grpc-websocket-proxy/* -Copyright: 2016 Travis Cline -License: Expat - -Files: vendor/github.com/vishvananda/netlink/* -Copyright: 2014 Vishvananda Ishaya. - 2014 Docker, Inc. -License: Apache-2.0 - -Files: vendor/github.com/vishvananda/netns/* -Copyright: 2014 Vishvananda Ishaya. - 2014 Docker, Inc. -License: Apache-2.0 - -Files: vendor/github.com/vmware/govmomi/* -Copyright: 2014-2018 VMware, Inc. - 2009, 2011, 2012 The Go Authors -License: Apache-2.0 - -Files: vendor/github.com/xiang90/probing/* -Copyright: 2015 Xiang Li -License: Expat - -Files: vendor/go.etcd.io/bbolt/* -Copyright: 2013 Ben Johnson -License: Expat - -Files: vendor/go.etcd.io/etcd/* -Copyright: 2014 CoreOS, Inc - 2015-2019 The etcd Authors - 2015 The Go Authors -License: Apache-2.0 - -Files: vendor/go.mongodb.org/mongo-driver/* -Copyright: MongoDB Inc. 2017-present. -License: Apache-2.0 - -Files: vendor/go.opencensus.io/* -Copyright: 2017-2019 OpenCensus Authors -License: Apache-2.0 - -Files: vendor/go.uber.org/atomic/* -Copyright: 2016 Uber Technologies, Inc. -License: Expat - -Files: vendor/go.uber.org/multierr/* -Copyright: 2017 Uber Technologies, Inc. -License: Expat - -Files: vendor/go.uber.org/zap/* -Copyright: 2016-2017 Uber Technologies, Inc. -License: Expat - -Files: vendor/golang.org/x/crypto/* -Copyright: 2009,2011-2016,2018 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/lint/* -Copyright: 2013,2018 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/net/* -Copyright: 2009-2019 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/oauth2/* -Copyright: 2009,2014-2018 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/sync/* -Copyright: 2009,2016 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/sys/* -Copyright: 2009-2019 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/text/* -Copyright: 2009,2011,2013-2018 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/time/* -Copyright: 2009,2015 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/tools/* -Copyright: 2009,2011-2019 The Go Authors -License: BSD-3-clause - -Files: vendor/gonum.org/v1/gonum/* -Copyright: 2013-2019 The Gonum Authors - 2009, 2010, 2012 The Go Authors - 1984, 1987, 1989, 1992, 2000 Stephen L. Moshier - 2017 Robin Eklind -License: BSD-3-clause - -Files: vendor/google.golang.org/api/* -Copyright: 2011-2013 Google Inc - 2015-2019 Google LLC - 2013 Joshua Tacoma - 2015-2017 The Go Authors -License: BSD-3-clause - -Files: vendor/google.golang.org/appengine/* -Copyright: 2011-2015,2018 Google Inc. -License: Apache-2.0 - -Files: vendor/google.golang.org/genproto/* -Copyright: 2016-2020 google.golang.org/genproto contributors -License: Apache-2.0 - -Files: vendor/google.golang.org/grpc/* -Copyright: 2014-2019 gRPC authors -License: Apache-2.0 - -Files: vendor/gopkg.in/fsnotify.v1/* -Copyright: 2012 The Go Authors - 2012 fsnotify Authors -License: BSD-3-clause - -Files: vendor/gopkg.in/gcfg.v1/* -Copyright: 2012 Péter Surányi - 2009 The Go Authors -License: BSD-3-clause - -Files: vendor/gopkg.in/inf.v0/* -Copyright: 2012 Péter Surányi - 2009 The Go Authors -License: BSD-3-clause - -Files: vendor/gopkg.in/natefinch/lumberjack.v2/* -Copyright: 2014 Nate Finch -License: Expat - -Files: vendor/gopkg.in/square/go-jose.v2/* -Copyright: 2014,2016,2017,2018 Square Inc. - 2016 Zbigniew Mandziejewicz - 2010 The Go Authors -License: Apache-2.0 - -Files: vendor/gopkg.in/tomb.v1/* -Copyright: 2010-2011 - Gustavo Niemeyer -License: BSD-3-clause - -Files: vendor/gopkg.in/warnings.v0/* -Copyright: 2016 Péter Surányi -License: BSD-2-clause - -Files: vendor/gopkg.in/yaml.v2/* -Copyright: 2006 Kirill Simonov -License: Apache-2.0 - -Files: vendor/gotest.tools/* -Copyright: 2018 gotest.tools authors -License: Apache-2.0 - -Files: vendor/honnef.co/go/tools/* -Copyright: 2016, 2018, 2019 Dominik Honnef - 2009, 2013-2015, 2017, 2018 The Go Authors - 2018 Google Inc. - 2013 Kamil Kisiel - 2013 TOML authors -License: Expat - -Files: vendor/vbom.ml/util/* -Copyright: 2015 Frits van Bommel -License: Expat - -License: Expat - Permission is hereby granted, free of charge, to any person obtaining a copy of - this software and associated documentation files (the "Software"), to deal in - the Software without restriction, including without limitation the rights to - use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - the Software, and to permit persons to whom the Software is furnished to do so, - subject to the following conditions: - . - The above copyright notice and this permission notice shall be included in all - copies or substantial portions of the Software. - . - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -License: BSD-3-clause - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - . - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - . - THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -License: BSD-2-clause - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - . - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - . - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - . - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -License: MPL-2.0 - This Source Code Form is subject to the terms of the Mozilla Public - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. - . - On Debian systems the full text of the MPL 2.0 license can be found in - /usr/share/common-licenses/MPL-2.0 . - -License: ISC - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - . - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -License: CC0-1.0 - To the extent possible under law, the author(s) have dedicated all copyright - and related and neighboring rights to this software to the public domain - worldwide. This software is distributed without any warranty. - . - You should have received a copy of the CC0 Public Domain Dedication along with - this software. If not, see . - . - On Debian systems, the full text of the CC0 Public Domain Dedication version - version 1.0 can be found in the file /usr/share/common-licenses/CC0-1.0 . - -License: LGPL-3.0 - This package is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 3 of the License, or (at your option) any later version. - . - This package is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - . - You should have received a copy of the GNU Lesser General Public - License along with this package; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - . - On Debian systems, the complete text of the GNU Lesser General - Public License can be found in /usr/share/common-licenses/LGPL-3 - -License: GPL-2.0 - This package is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - . - This package is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this package; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - . - On Debian systems, the complete text of the GNU General - Public License can be found in /usr/share/common-licenses/GPL-2 . - -License: CC-BY-SA-4.0 - Attribution-ShareAlike 4.0 International - . - ======================================================================= - . - Creative Commons Corporation ("Creative Commons") is not a law firm and - does not provide legal services or legal advice. Distribution of - Creative Commons public licenses does not create a lawyer-client or - other relationship. Creative Commons makes its licenses and related - information available on an "as-is" basis. Creative Commons gives no - warranties regarding its licenses, any material licensed under their - terms and conditions, or any related information. Creative Commons - disclaims all liability for damages resulting from their use to the - fullest extent possible. - . - Using Creative Commons Public Licenses - . - Creative Commons public licenses provide a standard set of terms and - conditions that creators and other rights holders may use to share - original works of authorship and other material subject to copyright - and certain other rights specified in the public license below. The - following considerations are for informational purposes only, are not - exhaustive, and do not form part of our licenses. - . - Considerations for licensors: Our public licenses are - intended for use by those authorized to give the public - permission to use material in ways otherwise restricted by - copyright and certain other rights. Our licenses are - irrevocable. Licensors should read and understand the terms - and conditions of the license they choose before applying it. - Licensors should also secure all rights necessary before - applying our licenses so that the public can reuse the - material as expected. Licensors should clearly mark any - material not subject to the license. This includes other CC- - licensed material, or material used under an exception or - limitation to copyright. More considerations for licensors: - wiki.creativecommons.org/Considerations_for_licensors - . - Considerations for the public: By using one of our public - licenses, a licensor grants the public permission to use the - licensed material under specified terms and conditions. If - the licensor's permission is not necessary for any reason--for - example, because of any applicable exception or limitation to - copyright--then that use is not regulated by the license. Our - licenses grant only permissions under copyright and certain - other rights that a licensor has authority to grant. Use of - the licensed material may still be restricted for other - reasons, including because others have copyright or other - rights in the material. A licensor may make special requests, - such as asking that all changes be marked or described. - Although not required by our licenses, you are encouraged to - respect those requests where reasonable. More_considerations - for the public: - wiki.creativecommons.org/Considerations_for_licensees - . - ======================================================================= - . - Creative Commons Attribution-ShareAlike 4.0 International Public - License - . - By exercising the Licensed Rights (defined below), You accept and agree - to be bound by the terms and conditions of this Creative Commons - Attribution-ShareAlike 4.0 International Public License ("Public - License"). To the extent this Public License may be interpreted as a - contract, You are granted the Licensed Rights in consideration of Your - acceptance of these terms and conditions, and the Licensor grants You - such rights in consideration of benefits the Licensor receives from - making the Licensed Material available under these terms and - conditions. - . - . - Section 1 -- Definitions. - . - a. Adapted Material means material subject to Copyright and Similar - Rights that is derived from or based upon the Licensed Material - and in which the Licensed Material is translated, altered, - arranged, transformed, or otherwise modified in a manner requiring - permission under the Copyright and Similar Rights held by the - Licensor. For purposes of this Public License, where the Licensed - Material is a musical work, performance, or sound recording, - Adapted Material is always produced where the Licensed Material is - synched in timed relation with a moving image. - . - b. Adapter's License means the license You apply to Your Copyright - and Similar Rights in Your contributions to Adapted Material in - accordance with the terms and conditions of this Public License. - . - c. BY-SA Compatible License means a license listed at - creativecommons.org/compatiblelicenses, approved by Creative - Commons as essentially the equivalent of this Public License. - . - d. Copyright and Similar Rights means copyright and/or similar rights - closely related to copyright including, without limitation, - performance, broadcast, sound recording, and Sui Generis Database - Rights, without regard to how the rights are labeled or - categorized. For purposes of this Public License, the rights - specified in Section 2(b)(1)-(2) are not Copyright and Similar - Rights. - . - e. Effective Technological Measures means those measures that, in the - absence of proper authority, may not be circumvented under laws - fulfilling obligations under Article 11 of the WIPO Copyright - Treaty adopted on December 20, 1996, and/or similar international - agreements. - . - f. Exceptions and Limitations means fair use, fair dealing, and/or - any other exception or limitation to Copyright and Similar Rights - that applies to Your use of the Licensed Material. - . - g. License Elements means the license attributes listed in the name - of a Creative Commons Public License. The License Elements of this - Public License are Attribution and ShareAlike. - . - h. Licensed Material means the artistic or literary work, database, - or other material to which the Licensor applied this Public - License. - . - i. Licensed Rights means the rights granted to You subject to the - terms and conditions of this Public License, which are limited to - all Copyright and Similar Rights that apply to Your use of the - Licensed Material and that the Licensor has authority to license. - . - j. Licensor means the individual(s) or entity(ies) granting rights - under this Public License. - . - k. Share means to provide material to the public by any means or - process that requires permission under the Licensed Rights, such - as reproduction, public display, public performance, distribution, - dissemination, communication, or importation, and to make material - available to the public including in ways that members of the - public may access the material from a place and at a time - individually chosen by them. - . - l. Sui Generis Database Rights means rights other than copyright - resulting from Directive 96/9/EC of the European Parliament and of - the Council of 11 March 1996 on the legal protection of databases, - as amended and/or succeeded, as well as other essentially - equivalent rights anywhere in the world. - . - m. You means the individual or entity exercising the Licensed Rights - under this Public License. Your has a corresponding meaning. - . - . - Section 2 -- Scope. - . - a. License grant. - . - 1. Subject to the terms and conditions of this Public License, - the Licensor hereby grants You a worldwide, royalty-free, - non-sublicensable, non-exclusive, irrevocable license to - exercise the Licensed Rights in the Licensed Material to: - . - a. reproduce and Share the Licensed Material, in whole or - in part; and - . - b. produce, reproduce, and Share Adapted Material. - . - 2. Exceptions and Limitations. For the avoidance of doubt, where - Exceptions and Limitations apply to Your use, this Public - License does not apply, and You do not need to comply with - its terms and conditions. - . - 3. Term. The term of this Public License is specified in Section - 6(a). - . - 4. Media and formats; technical modifications allowed. The - Licensor authorizes You to exercise the Licensed Rights in - all media and formats whether now known or hereafter created, - and to make technical modifications necessary to do so. The - Licensor waives and/or agrees not to assert any right or - authority to forbid You from making technical modifications - necessary to exercise the Licensed Rights, including - technical modifications necessary to circumvent Effective - Technological Measures. For purposes of this Public License, - simply making modifications authorized by this Section 2(a) - (4) never produces Adapted Material. - . - 5. Downstream recipients. - . - a. Offer from the Licensor -- Licensed Material. Every - recipient of the Licensed Material automatically - receives an offer from the Licensor to exercise the - Licensed Rights under the terms and conditions of this - Public License. - . - b. Additional offer from the Licensor -- Adapted Material. - Every recipient of Adapted Material from You - automatically receives an offer from the Licensor to - exercise the Licensed Rights in the Adapted Material - under the conditions of the Adapter's License You apply. - . - c. No downstream restrictions. You may not offer or impose - any additional or different terms or conditions on, or - apply any Effective Technological Measures to, the - Licensed Material if doing so restricts exercise of the - Licensed Rights by any recipient of the Licensed - Material. - . - 6. No endorsement. Nothing in this Public License constitutes or - may be construed as permission to assert or imply that You - are, or that Your use of the Licensed Material is, connected - with, or sponsored, endorsed, or granted official status by, - the Licensor or others designated to receive attribution as - provided in Section 3(a)(1)(A)(i). - . - b. Other rights. - . - 1. Moral rights, such as the right of integrity, are not - licensed under this Public License, nor are publicity, - privacy, and/or other similar personality rights; however, to - the extent possible, the Licensor waives and/or agrees not to - assert any such rights held by the Licensor to the limited - extent necessary to allow You to exercise the Licensed - Rights, but not otherwise. - . - 2. Patent and trademark rights are not licensed under this - Public License. - . - 3. To the extent possible, the Licensor waives any right to - collect royalties from You for the exercise of the Licensed - Rights, whether directly or through a collecting society - under any voluntary or waivable statutory or compulsory - licensing scheme. In all other cases the Licensor expressly - reserves any right to collect such royalties. - . - . - Section 3 -- License Conditions. - . - Your exercise of the Licensed Rights is expressly made subject to the - following conditions. - . - a. Attribution. - . - 1. If You Share the Licensed Material (including in modified - form), You must: - . - a. retain the following if it is supplied by the Licensor - with the Licensed Material: - . - i. identification of the creator(s) of the Licensed - Material and any others designated to receive - attribution, in any reasonable manner requested by - the Licensor (including by pseudonym if - designated); - . - ii. a copyright notice; - . - iii. a notice that refers to this Public License; - . - iv. a notice that refers to the disclaimer of - warranties; - . - v. a URI or hyperlink to the Licensed Material to the - extent reasonably practicable; - . - b. indicate if You modified the Licensed Material and - retain an indication of any previous modifications; and - . - c. indicate the Licensed Material is licensed under this - Public License, and include the text of, or the URI or - hyperlink to, this Public License. - . - 2. You may satisfy the conditions in Section 3(a)(1) in any - reasonable manner based on the medium, means, and context in - which You Share the Licensed Material. For example, it may be - reasonable to satisfy the conditions by providing a URI or - hyperlink to a resource that includes the required - information. - . - 3. If requested by the Licensor, You must remove any of the - information required by Section 3(a)(1)(A) to the extent - reasonably practicable. - . - b. ShareAlike. - . - In addition to the conditions in Section 3(a), if You Share - Adapted Material You produce, the following conditions also apply. - . - 1. The Adapter's License You apply must be a Creative Commons - license with the same License Elements, this version or - later, or a BY-SA Compatible License. - . - 2. You must include the text of, or the URI or hyperlink to, the - Adapter's License You apply. You may satisfy this condition - in any reasonable manner based on the medium, means, and - context in which You Share Adapted Material. - . - 3. You may not offer or impose any additional or different terms - or conditions on, or apply any Effective Technological - Measures to, Adapted Material that restrict exercise of the - rights granted under the Adapter's License You apply. - . - . - Section 4 -- Sui Generis Database Rights. - . - Where the Licensed Rights include Sui Generis Database Rights that - apply to Your use of the Licensed Material: - . - a. for the avoidance of doubt, Section 2(a)(1) grants You the right - to extract, reuse, reproduce, and Share all or a substantial - portion of the contents of the database; - . - b. if You include all or a substantial portion of the database - contents in a database in which You have Sui Generis Database - Rights, then the database in which You have Sui Generis Database - Rights (but not its individual contents) is Adapted Material, - . - including for purposes of Section 3(b); and - c. You must comply with the conditions in Section 3(a) if You Share - all or a substantial portion of the contents of the database. - . - For the avoidance of doubt, this Section 4 supplements and does not - replace Your obligations under this Public License where the Licensed - Rights include other Copyright and Similar Rights. - . - . - Section 5 -- Disclaimer of Warranties and Limitation of Liability. - . - a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE - EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS - AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF - ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, - IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, - WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR - PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, - ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT - KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT - ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. - . - b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE - TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, - NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, - INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, - COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR - USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN - ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR - DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR - IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. - . - c. The disclaimer of warranties and limitation of liability provided - above shall be interpreted in a manner that, to the extent - possible, most closely approximates an absolute disclaimer and - waiver of all liability. - . - . - Section 6 -- Term and Termination. - . - a. This Public License applies for the term of the Copyright and - Similar Rights licensed here. However, if You fail to comply with - this Public License, then Your rights under this Public License - terminate automatically. - . - b. Where Your right to use the Licensed Material has terminated under - Section 6(a), it reinstates: - . - 1. automatically as of the date the violation is cured, provided - it is cured within 30 days of Your discovery of the - violation; or - . - 2. upon express reinstatement by the Licensor. - . - For the avoidance of doubt, this Section 6(b) does not affect any - right the Licensor may have to seek remedies for Your violations - of this Public License. - . - c. For the avoidance of doubt, the Licensor may also offer the - Licensed Material under separate terms or conditions or stop - distributing the Licensed Material at any time; however, doing so - will not terminate this Public License. - . - d. Sections 1, 5, 6, 7, and 8 survive termination of this Public - License. - . - . - Section 7 -- Other Terms and Conditions. - . - a. The Licensor shall not be bound by any additional or different - terms or conditions communicated by You unless expressly agreed. - . - b. Any arrangements, understandings, or agreements regarding the - Licensed Material not stated herein are separate from and - independent of the terms and conditions of this Public License. - . - . - Section 8 -- Interpretation. - . - a. For the avoidance of doubt, this Public License does not, and - shall not be interpreted to, reduce, limit, restrict, or impose - conditions on any use of the Licensed Material that could lawfully - be made without permission under this Public License. - . - b. To the extent possible, if any provision of this Public License is - deemed unenforceable, it shall be automatically reformed to the - minimum extent necessary to make it enforceable. If the provision - cannot be reformed, it shall be severed from this Public License - without affecting the enforceability of the remaining terms and - conditions. - . - c. No term or condition of this Public License will be waived and no - failure to comply consented to unless expressly agreed to by the - Licensor. - . - d. Nothing in this Public License constitutes or may be interpreted - as a limitation upon, or waiver of, any privileges and immunities - that apply to the Licensor or You, including from the legal - processes of any jurisdiction or authority. - . - . - ======================================================================= - . - Creative Commons is not a party to its public - licenses. Notwithstanding, Creative Commons may elect to apply one of - its public licenses to material it publishes and in those instances - will be considered the “Licensor.” The text of the Creative Commons - public licenses is dedicated to the public domain under the CC0 Public - Domain Dedication. Except for the limited purpose of indicating that - material is shared under a Creative Commons public license or as - otherwise permitted by the Creative Commons policies published at - creativecommons.org/policies, Creative Commons does not authorize the - use of the trademark "Creative Commons" or any other trademark or logo - of Creative Commons without its prior written consent including, - without limitation, in connection with any unauthorized modifications - to any of its public licenses or any other arrangements, - understandings, or agreements concerning use of licensed material. For - the avoidance of doubt, this paragraph does not form part of the - public licenses. - . - Creative Commons may be contacted at creativecommons.org. - -License: CC-BY-4.0 - Attribution 4.0 International - . - ======================================================================= - . - Creative Commons Corporation ("Creative Commons") is not a law firm and - does not provide legal services or legal advice. Distribution of - Creative Commons public licenses does not create a lawyer-client or - other relationship. Creative Commons makes its licenses and related - information available on an "as-is" basis. Creative Commons gives no - warranties regarding its licenses, any material licensed under their - terms and conditions, or any related information. Creative Commons - disclaims all liability for damages resulting from their use to the - fullest extent possible. - . - Using Creative Commons Public Licenses - . - Creative Commons public licenses provide a standard set of terms and - conditions that creators and other rights holders may use to share - original works of authorship and other material subject to copyright - and certain other rights specified in the public license below. The - following considerations are for informational purposes only, are not - exhaustive, and do not form part of our licenses. - . - Considerations for licensors: Our public licenses are - intended for use by those authorized to give the public - permission to use material in ways otherwise restricted by - copyright and certain other rights. Our licenses are - irrevocable. Licensors should read and understand the terms - and conditions of the license they choose before applying it. - Licensors should also secure all rights necessary before - applying our licenses so that the public can reuse the - material as expected. Licensors should clearly mark any - material not subject to the license. This includes other CC- - licensed material, or material used under an exception or - limitation to copyright. More considerations for licensors: - wiki.creativecommons.org/Considerations_for_licensors - . - Considerations for the public: By using one of our public - licenses, a licensor grants the public permission to use the - licensed material under specified terms and conditions. If - the licensor's permission is not necessary for any reason--for - example, because of any applicable exception or limitation to - copyright--then that use is not regulated by the license. Our - licenses grant only permissions under copyright and certain - other rights that a licensor has authority to grant. Use of - the licensed material may still be restricted for other - reasons, including because others have copyright or other - rights in the material. A licensor may make special requests, - such as asking that all changes be marked or described. - Although not required by our licenses, you are encouraged to - respect those requests where reasonable. More_considerations - for the public: - wiki.creativecommons.org/Considerations_for_licensees - . - ======================================================================= - . - Creative Commons Attribution 4.0 International Public License - . - By exercising the Licensed Rights (defined below), You accept and agree - to be bound by the terms and conditions of this Creative Commons - Attribution 4.0 International Public License ("Public License"). To the - extent this Public License may be interpreted as a contract, You are - granted the Licensed Rights in consideration of Your acceptance of - these terms and conditions, and the Licensor grants You such rights in - consideration of benefits the Licensor receives from making the - Licensed Material available under these terms and conditions. - . - . - Section 1 -- Definitions. - . - a. Adapted Material means material subject to Copyright and Similar - Rights that is derived from or based upon the Licensed Material - and in which the Licensed Material is translated, altered, - arranged, transformed, or otherwise modified in a manner requiring - permission under the Copyright and Similar Rights held by the - Licensor. For purposes of this Public License, where the Licensed - Material is a musical work, performance, or sound recording, - Adapted Material is always produced where the Licensed Material is - synched in timed relation with a moving image. - . - b. Adapter's License means the license You apply to Your Copyright - and Similar Rights in Your contributions to Adapted Material in - accordance with the terms and conditions of this Public License. - . - c. Copyright and Similar Rights means copyright and/or similar rights - closely related to copyright including, without limitation, - performance, broadcast, sound recording, and Sui Generis Database - Rights, without regard to how the rights are labeled or - categorized. For purposes of this Public License, the rights - specified in Section 2(b)(1)-(2) are not Copyright and Similar - Rights. - . - d. Effective Technological Measures means those measures that, in the - absence of proper authority, may not be circumvented under laws - fulfilling obligations under Article 11 of the WIPO Copyright - Treaty adopted on December 20, 1996, and/or similar international - agreements. - . - e. Exceptions and Limitations means fair use, fair dealing, and/or - any other exception or limitation to Copyright and Similar Rights - that applies to Your use of the Licensed Material. - . - f. Licensed Material means the artistic or literary work, database, - or other material to which the Licensor applied this Public - License. - . - g. Licensed Rights means the rights granted to You subject to the - terms and conditions of this Public License, which are limited to - all Copyright and Similar Rights that apply to Your use of the - Licensed Material and that the Licensor has authority to license. - . - h. Licensor means the individual(s) or entity(ies) granting rights - under this Public License. - . - i. Share means to provide material to the public by any means or - process that requires permission under the Licensed Rights, such - as reproduction, public display, public performance, distribution, - dissemination, communication, or importation, and to make material - available to the public including in ways that members of the - public may access the material from a place and at a time - individually chosen by them. - . - j. Sui Generis Database Rights means rights other than copyright - resulting from Directive 96/9/EC of the European Parliament and of - the Council of 11 March 1996 on the legal protection of databases, - as amended and/or succeeded, as well as other essentially - equivalent rights anywhere in the world. - . - k. You means the individual or entity exercising the Licensed Rights - under this Public License. Your has a corresponding meaning. - . - . - Section 2 -- Scope. - . - a. License grant. - . - 1. Subject to the terms and conditions of this Public License, - the Licensor hereby grants You a worldwide, royalty-free, - non-sublicensable, non-exclusive, irrevocable license to - exercise the Licensed Rights in the Licensed Material to: - . - a. reproduce and Share the Licensed Material, in whole or - in part; and - . - b. produce, reproduce, and Share Adapted Material. - . - 2. Exceptions and Limitations. For the avoidance of doubt, where - Exceptions and Limitations apply to Your use, this Public - License does not apply, and You do not need to comply with - its terms and conditions. - . - 3. Term. The term of this Public License is specified in Section - 6(a). - . - 4. Media and formats; technical modifications allowed. The - Licensor authorizes You to exercise the Licensed Rights in - all media and formats whether now known or hereafter created, - and to make technical modifications necessary to do so. The - Licensor waives and/or agrees not to assert any right or - authority to forbid You from making technical modifications - necessary to exercise the Licensed Rights, including - technical modifications necessary to circumvent Effective - Technological Measures. For purposes of this Public License, - simply making modifications authorized by this Section 2(a) - (4) never produces Adapted Material. - . - 5. Downstream recipients. - . - a. Offer from the Licensor -- Licensed Material. Every - recipient of the Licensed Material automatically - receives an offer from the Licensor to exercise the - Licensed Rights under the terms and conditions of this - Public License. - . - b. No downstream restrictions. You may not offer or impose - any additional or different terms or conditions on, or - apply any Effective Technological Measures to, the - Licensed Material if doing so restricts exercise of the - Licensed Rights by any recipient of the Licensed - Material. - . - 6. No endorsement. Nothing in this Public License constitutes or - may be construed as permission to assert or imply that You - are, or that Your use of the Licensed Material is, connected - with, or sponsored, endorsed, or granted official status by, - the Licensor or others designated to receive attribution as - provided in Section 3(a)(1)(A)(i). - . - b. Other rights. - . - 1. Moral rights, such as the right of integrity, are not - licensed under this Public License, nor are publicity, - privacy, and/or other similar personality rights; however, to - the extent possible, the Licensor waives and/or agrees not to - assert any such rights held by the Licensor to the limited - extent necessary to allow You to exercise the Licensed - Rights, but not otherwise. - . - 2. Patent and trademark rights are not licensed under this - Public License. - . - 3. To the extent possible, the Licensor waives any right to - collect royalties from You for the exercise of the Licensed - Rights, whether directly or through a collecting society - under any voluntary or waivable statutory or compulsory - licensing scheme. In all other cases the Licensor expressly - reserves any right to collect such royalties. - . - . - Section 3 -- License Conditions. - . - Your exercise of the Licensed Rights is expressly made subject to the - following conditions. - . - a. Attribution. - . - 1. If You Share the Licensed Material (including in modified - form), You must: - . - a. retain the following if it is supplied by the Licensor - with the Licensed Material: - . - i. identification of the creator(s) of the Licensed - Material and any others designated to receive - attribution, in any reasonable manner requested by - the Licensor (including by pseudonym if - designated); - . - ii. a copyright notice; - . - iii. a notice that refers to this Public License; - . - iv. a notice that refers to the disclaimer of - warranties; - . - v. a URI or hyperlink to the Licensed Material to the - extent reasonably practicable; - . - b. indicate if You modified the Licensed Material and - retain an indication of any previous modifications; and - . - c. indicate the Licensed Material is licensed under this - Public License, and include the text of, or the URI or - hyperlink to, this Public License. - . - 2. You may satisfy the conditions in Section 3(a)(1) in any - reasonable manner based on the medium, means, and context in - which You Share the Licensed Material. For example, it may be - reasonable to satisfy the conditions by providing a URI or - hyperlink to a resource that includes the required - information. - . - 3. If requested by the Licensor, You must remove any of the - information required by Section 3(a)(1)(A) to the extent - reasonably practicable. - . - 4. If You Share Adapted Material You produce, the Adapter's - License You apply must not prevent recipients of the Adapted - Material from complying with this Public License. - . - . - Section 4 -- Sui Generis Database Rights. - . - Where the Licensed Rights include Sui Generis Database Rights that - apply to Your use of the Licensed Material: - . - a. for the avoidance of doubt, Section 2(a)(1) grants You the right - to extract, reuse, reproduce, and Share all or a substantial - portion of the contents of the database; - . - b. if You include all or a substantial portion of the database - contents in a database in which You have Sui Generis Database - Rights, then the database in which You have Sui Generis Database - Rights (but not its individual contents) is Adapted Material; and - . - c. You must comply with the conditions in Section 3(a) if You Share - all or a substantial portion of the contents of the database. - . - For the avoidance of doubt, this Section 4 supplements and does not - replace Your obligations under this Public License where the Licensed - Rights include other Copyright and Similar Rights. - . - . - Section 5 -- Disclaimer of Warranties and Limitation of Liability. - . - a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE - EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS - AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF - ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, - IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, - WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR - PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, - ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT - KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT - ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. - . - b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE - TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, - NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, - INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, - COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR - USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN - ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR - DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR - IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. - . - c. The disclaimer of warranties and limitation of liability provided - above shall be interpreted in a manner that, to the extent - possible, most closely approximates an absolute disclaimer and - waiver of all liability. - . - . - Section 6 -- Term and Termination. - . - a. This Public License applies for the term of the Copyright and - Similar Rights licensed here. However, if You fail to comply with - this Public License, then Your rights under this Public License - terminate automatically. - . - b. Where Your right to use the Licensed Material has terminated under - Section 6(a), it reinstates: - . - 1. automatically as of the date the violation is cured, provided - it is cured within 30 days of Your discovery of the - violation; or - . - 2. upon express reinstatement by the Licensor. - . - For the avoidance of doubt, this Section 6(b) does not affect any - right the Licensor may have to seek remedies for Your violations - of this Public License. - . - c. For the avoidance of doubt, the Licensor may also offer the - Licensed Material under separate terms or conditions or stop - distributing the Licensed Material at any time; however, doing so - will not terminate this Public License. - . - d. Sections 1, 5, 6, 7, and 8 survive termination of this Public - License. - . - . - Section 7 -- Other Terms and Conditions. - . - a. The Licensor shall not be bound by any additional or different - terms or conditions communicated by You unless expressly agreed. - . - b. Any arrangements, understandings, or agreements regarding the - Licensed Material not stated herein are separate from and - independent of the terms and conditions of this Public License. - . - . - Section 8 -- Interpretation. - . - a. For the avoidance of doubt, this Public License does not, and - shall not be interpreted to, reduce, limit, restrict, or impose - conditions on any use of the Licensed Material that could lawfully - be made without permission under this Public License. - . - b. To the extent possible, if any provision of this Public License is - deemed unenforceable, it shall be automatically reformed to the - minimum extent necessary to make it enforceable. If the provision - cannot be reformed, it shall be severed from this Public License - without affecting the enforceability of the remaining terms and - conditions. - . - c. No term or condition of this Public License will be waived and no - failure to comply consented to unless expressly agreed to by the - Licensor. - . - d. Nothing in this Public License constitutes or may be interpreted - as a limitation upon, or waiver of, any privileges and immunities - that apply to the Licensor or You, including from the legal - processes of any jurisdiction or authority. - . - . - ======================================================================= - . - Creative Commons is not a party to its public - licenses. Notwithstanding, Creative Commons may elect to apply one of - its public licenses to material it publishes and in those instances - will be considered the “Licensor.” The text of the Creative Commons - public licenses is dedicated to the public domain under the CC0 Public - Domain Dedication. Except for the limited purpose of indicating that - material is shared under a Creative Commons public license or as - otherwise permitted by the Creative Commons policies published at - creativecommons.org/policies, Creative Commons does not authorize the - use of the trademark "Creative Commons" or any other trademark or logo - of Creative Commons without its prior written consent including, - without limitation, in connection with any unauthorized modifications - to any of its public licenses or any other arrangements, - understandings, or agreements concerning use of licensed material. For - the avoidance of doubt, this paragraph does not form part of the - public licenses. - . - Creative Commons may be contacted at creativecommons.org. - diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubeadm.conf b/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubeadm.conf deleted file mode 100644 index 238704288..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubeadm.conf +++ /dev/null @@ -1,17 +0,0 @@ -# Note: This dropin only works with kubeadm and kubelet v1.11+ -[Service] -Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf" -Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml" -# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically -EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env -# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use -# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file. -EnvironmentFile=-/etc/default/kubelet -ExecStart= -ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS -ExecStartPre=-/usr/local/sbin/sanitize_kubelet_reserved_cpus.sh /etc/default/kubelet -ExecStartPre=-/usr/bin/kubelet-cgroup-setup.sh -ExecStartPost=/bin/bash -c 'echo $MAINPID > /var/run/kubelet.pid;' -ExecStopPost=/bin/rm -f /var/run/kubelet.pid -StartLimitInterval=0 -RestartSec=10 diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-client.install b/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-client.install deleted file mode 100644 index c4d4a49ab..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-client.install +++ /dev/null @@ -1,2 +0,0 @@ -usr/local/kubernetes/1.26.1/stage2/usr/bin/kubectl -usr/local/kubernetes/1.26.1/stage2/usr/share/bash-completion/completions/kubectl diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-client.lintian-overrides b/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-client.lintian-overrides deleted file mode 100644 index 160b6783b..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-client.lintian-overrides +++ /dev/null @@ -1,9 +0,0 @@ -## Generated man pages: TODO -manpage-has-bad-whatis-entry usr/share/man/* -manpage-has-errors-from-man usr/share/man/man1/* - -## Bash-completion script does not have to be executable: -script-not-executable usr/share/bash-completion/completions/kubectl - -## Override annoying/useless messages -kubernetes-client: spelling-error-in-binary diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-kubeadm.dirs b/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-kubeadm.dirs deleted file mode 100644 index cc0213be3..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-kubeadm.dirs +++ /dev/null @@ -1 +0,0 @@ -usr/local/kubernetes/1.26.1/stage2/etc/systemd/system/kubelet.service.d/ diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-kubeadm.install b/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-kubeadm.install deleted file mode 100644 index b533df80f..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-kubeadm.install +++ /dev/null @@ -1,2 +0,0 @@ -usr/local/kubernetes/1.26.1/stage1/usr/bin/kubeadm -usr/local/kubernetes/1.26.1/stage2/etc/systemd/system/kubelet.service.d/kubeadm.conf diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-master.dirs b/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-master.dirs deleted file mode 100644 index ccb7aa0b9..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-master.dirs +++ /dev/null @@ -1,5 +0,0 @@ -etc/kubernetes-1.26.1 -etc/kubernetes-1.26.1/addons -etc/kubernetes-1.26.1/addons/volumesnapshots -etc/kubernetes-1.26.1/addons/volumesnapshots/crd -etc/kubernetes-1.26.1/addons/volumesnapshots/volume-snapshot-controller diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-master.install b/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-master.install deleted file mode 100644 index f71fce3a5..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-master.install +++ /dev/null @@ -1,8 +0,0 @@ -usr/bin/kube-apiserver -usr/bin/kube-controller-manager -usr/bin/kube-scheduler -etc/kubernetes-1.26.1/addons/volumesnapshots/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml -etc/kubernetes-1.26.1/addons/volumesnapshots/crd/snapshot.storage.k8s.io_volumesnapshotclasses.yaml -etc/kubernetes-1.26.1/addons/volumesnapshots/crd/snapshot.storage.k8s.io_volumesnapshots.yaml -etc/kubernetes-1.26.1/addons/volumesnapshots/volume-snapshot-controller/volume-snapshot-controller-deployment.yaml -etc/kubernetes-1.26.1/addons/volumesnapshots/volume-snapshot-controller/rbac-volume-snapshot-controller.yaml diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-master.lintian-overrides b/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-master.lintian-overrides deleted file mode 100644 index f73c63ffd..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-master.lintian-overrides +++ /dev/null @@ -1,7 +0,0 @@ -## No manual page for hyperkube -kubernetes-master: binary-without-manpage usr/bin/hyperkube - -## Override annoying/useless messages -kubernetes-master: spelling-error-in-binary -kubernetes-master: manpage-has-errors-from-man usr/share/man/man1/* -kubernetes-master: manpage-has-bad-whatis-entry usr/share/man/man1/* diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-misc.docs b/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-misc.docs deleted file mode 100644 index 1dc3a103d..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-misc.docs +++ /dev/null @@ -1,3 +0,0 @@ -src/k8s.io/kubernetes/README.md -src/k8s.io/kubernetes/SUPPORT.md -src/k8s.io/kubernetes/_output/NOTICE diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-misc.install b/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-misc.install deleted file mode 100644 index f5d4f5581..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-misc.install +++ /dev/null @@ -1 +0,0 @@ -usr/bin/kube-proxy diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-misc.manpages b/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-misc.manpages deleted file mode 100644 index e7203adc2..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-misc.manpages +++ /dev/null @@ -1,10 +0,0 @@ -# kubernetes-client -src/k8s.io/kubernetes/_output/man/kubeadm* -src/k8s.io/kubernetes/_output/man/kubectl* -# kubernetes-master -src/k8s.io/kubernetes/_output/man/kube-apiserver* -src/k8s.io/kubernetes/_output/man/kube-scheduler* -src/k8s.io/kubernetes/_output/man/kube-controller-manager* -# kubernetes-node -src/k8s.io/kubernetes/_output/man/kubelet* -src/k8s.io/kubernetes/_output/man/kube-proxy* diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-node.install b/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-node.install deleted file mode 100644 index 0e34cfc23..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-node.install +++ /dev/null @@ -1 +0,0 @@ -usr/local/kubernetes/1.26.1/stage2/usr/bin/kubelet diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-node.lintian-overrides b/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-node.lintian-overrides deleted file mode 100644 index 99d470def..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-node.lintian-overrides +++ /dev/null @@ -1,4 +0,0 @@ -## Override annoying/useless messages -kubernetes-node: spelling-error-in-binary -kubernetes-node: manpage-has-errors-from-man usr/share/man/man1/* -kubernetes-node: manpage-has-bad-whatis-entry usr/share/man/man1/* diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-unit-test.install b/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-unit-test.install deleted file mode 100644 index 4afdbf051..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/kubernetes-1.26.1-unit-test.install +++ /dev/null @@ -1 +0,0 @@ -var/lib/kubernetes-unit-test/ diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch b/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch deleted file mode 100644 index d13c73d17..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch +++ /dev/null @@ -1,34 +0,0 @@ -From d51af14bfd2653f80d31e5cfdb60335367a4a137 Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Mon, 6 Nov 2023 02:22:16 -0500 -Subject: [PATCH] Affinity of guaranteed pod to non-isolated CPUs - -This corrects kubelet cpumanager static cpuset tracking for isolcpus -for versions 1.26.1 and 1.27.5. This ensures that pods specified with -isolcpus + guaranteed QoS + integer cpu requests, are affined to -exclusive cpuset and tracked as non-isolated cpus. - -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/cpumanager/policy_static.go | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index 98b8d1d882d..125429035a5 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -317,7 +317,10 @@ func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Contai - return nil - } - -- if isolcpus := p.podIsolCPUs(pod, container); isolcpus.Size() > 0 { -+ cpuQuantity := container.Resources.Requests[v1.ResourceCPU] -+ fractionalCpuQuantity := cpuQuantity.MilliValue() % 1000 -+ if isolcpus := p.podIsolCPUs(pod, container); isolcpus.Size() > 0 && -+ v1qos.GetPodQOS(pod) != v1.PodQOSGuaranteed && fractionalCpuQuantity == 0{ - // container has requested isolated CPUs - if set, ok := s.GetCPUSet(string(pod.UID), container.Name); ok { - if set.Equals(isolcpus) { --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch b/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch deleted file mode 100644 index b0f8c5e72..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch +++ /dev/null @@ -1,430 +0,0 @@ -From 031518e66a0c34c34b688f4a877455f4433ccba6 Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Thu, 28 Mar 2024 11:28:39 -0400 -Subject: [PATCH] Identify platform pods based on pod or namespace labels - -Pods with namespace 'kube-system', or labeled with -'app.starlingx.io/component=platform' are identified as 'platform'. -These have isolated cpu affinity cpuset when cpu-manager 'static' -policy is configured. - -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/cpumanager/policy_static.go | 96 ++++++++++-- - .../cm/cpumanager/policy_static_test.go | 148 +++++++++++++++++- - .../cm/cpumanager/topology_hints_test.go | 4 + - 3 files changed, 235 insertions(+), 13 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index 125429035a5..991da37721b 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -17,12 +17,18 @@ limitations under the License. - package cpumanager - - import ( -+ "context" - "fmt" - "strconv" - -+ k8sclient "k8s.io/client-go/kubernetes" -+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -+ restclient "k8s.io/client-go/rest" - v1 "k8s.io/api/core/v1" -+ "k8s.io/client-go/tools/clientcmd" - "k8s.io/klog/v2" - -+ "k8s.io/kubernetes/cmd/kubeadm/app/constants" - v1qos "k8s.io/kubernetes/pkg/apis/core/v1/helper/qos" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" -@@ -43,6 +49,23 @@ const ( - ErrorSMTAlignment = "SMTAlignmentError" - ) - -+// Declared as variables so that they can easily more -+// overridden during testing -+type getPodNamespace func(string) (*v1.Namespace, error) -+type buildFromConfigFlag func(masterUrl string, kubeconfigPath string) (*restclient.Config, error) -+type isKubeInfraFunc func(pod *v1.Pod) bool -+ -+var varGetNamespaceObject getPodNamespace -+var varBuildConfigFromFlags buildFromConfigFlag -+var varIsKubeInfra isKubeInfraFunc -+ -+func init() { -+ varIsKubeInfra = isKubeInfra -+ varGetNamespaceObject = getPodNamespaceObject -+ varBuildConfigFromFlags = clientcmd.BuildConfigFromFlags -+} -+ -+ - // SMTAlignmentError represents an error due to SMT alignment - type SMTAlignmentError struct { - RequestedCPUs int -@@ -58,11 +81,6 @@ func (e SMTAlignmentError) Type() string { - return ErrorSMTAlignment - } - --// Define namespaces used by platform infrastructure pods --var infraNamespaces = [...]string{ -- "kube-system", "armada", "cert-manager", "platform-deployment-manager", "portieris", "vault", "notification", "flux-helm", "metrics-server", "node-feature-discovery", "intel-power", "power-metrics", "sriov-fec-system", --} -- - // staticPolicy is a CPU manager policy that does not change CPU - // assignments for exclusively pinned guaranteed containers after the main - // container process starts. -@@ -298,7 +316,7 @@ func (p *staticPolicy) updateCPUsToReuse(pod *v1.Pod, container *v1.Container, c - - func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Container) (rerr error) { - // Process infra pods before guaranteed pods -- if isKubeInfra(pod) { -+ if varIsKubeInfra(pod) { - // Container belongs in reserved pool. - // We don't want to fall through to the p.guaranteedCPUs() clause below so return either nil or error. - if _, ok := s.GetCPUSet(string(pod.UID), container.Name); ok { -@@ -470,7 +488,7 @@ func (p *staticPolicy) guaranteedCPUs(pod *v1.Pod, container *v1.Container) int - return 0 - } - // Infrastructure pods use reserved CPUs even if they're in the Guaranteed QoS class -- if isKubeInfra(pod) { -+ if varIsKubeInfra(pod) { - return 0 - } - // Safe downcast to do for all systems with < 2.1 billion CPUs. -@@ -691,14 +709,68 @@ func (p *staticPolicy) generateCPUTopologyHints(availableCPUs cpuset.CPUSet, reu - return hints - } - --// check if a given pod is in a platform infrastructure namespace -+func getPodNamespaceObject(podNamespaceName string) (*v1.Namespace, error) { -+ -+ kubeConfigPath := constants.GetKubeletKubeConfigPath() -+ cfg, err := varBuildConfigFromFlags("", kubeConfigPath) -+ if err != nil { -+ klog.Error("Failed to build client config from ", kubeConfigPath, err.Error()) -+ return nil, err -+ } -+ -+ clientset, err := k8sclient.NewForConfig(cfg) -+ if err != nil { -+ klog.Error("Failed to get clientset for KUBECONFIG ", kubeConfigPath, err.Error()) -+ return nil, err -+ } -+ -+ namespaceObj, err := clientset.CoreV1().Namespaces().Get(context.TODO(), podNamespaceName, metav1.GetOptions{}) -+ if err != nil { -+ klog.Error("Error getting namespace object:", err.Error()) -+ return nil, err -+ } -+ -+ return namespaceObj, nil -+ -+} -+ -+// check if a given pod is labelled as platform pod or -+// is in a namespace labelled as a platform namespace - func isKubeInfra(pod *v1.Pod) bool { -- for _, namespace := range infraNamespaces { -- if namespace == pod.Namespace { -- return true -- } -+ -+ podName := pod.GetName() -+ podNamespaceName := pod.GetNamespace() -+ -+ if podNamespaceName == "kube-system" { -+ klog.Infof("Pod %s has %s namespace. Treating as platform pod.", podName , podNamespaceName) -+ return true -+ } -+ -+ klog.InfoS("Checking pod ", podName , " for label 'app.starlingx.io/component=platform'.") -+ podLabels := pod.GetLabels() -+ val, ok := podLabels["app.starlingx.io/component"] -+ if (ok && val == "platform") { -+ klog.InfoS("Pod ", podName, " has 'app.starlingx.io/component=platform' label. Treating as platform pod.") -+ return true - } -+ -+ klog.V(4).InfoS("Pod ", pod.GetName(), " does not have 'app.starlingx.io/component=platform' label. Checking its namespace information...") -+ -+ namespaceObj, err := varGetNamespaceObject(podNamespaceName) -+ if err != nil { -+ return false -+ } -+ -+ namespaceLabels := namespaceObj.GetLabels() -+ val, ok = namespaceLabels["app.starlingx.io/component"] -+ if ok && val == "platform" { -+ klog.InfoS("For pod: ", podName, ", its Namespace ", podNamespaceName, " has 'app.starlingx.io/component=platform' label. Treating as platform pod.") -+ return true -+ } -+ -+ klog.InfoS("Neither pod ", podName, " nor its namespace ", podNamespaceName, " has 'app.starlingx.io/component=platform' label. Not treating as platform pod.") - return false -+ - } - - // get the isolated CPUs (if any) from the devices associated with a specific container -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index 1c43df3b85f..50b9dc500c1 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -17,10 +17,13 @@ limitations under the License. - package cpumanager - - import ( -+ "errors" - "fmt" - "reflect" - "testing" - -+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -+ restclient "k8s.io/client-go/rest" - v1 "k8s.io/api/core/v1" - utilfeature "k8s.io/apiserver/pkg/util/feature" - featuregatetesting "k8s.io/component-base/featuregate/testing" -@@ -877,6 +880,7 @@ type staticPolicyTestWithResvList struct { - stAssignments state.ContainerCPUAssignments - stDefaultCPUSet cpuset.CPUSet - pod *v1.Pod -+ isKubeInfraPodfunc isKubeInfraFunc - expErr error - expNewErr error - expCPUAlloc bool -@@ -949,6 +953,14 @@ func TestStaticPolicyStartWithResvList(t *testing.T) { - } - } - -+func fakeIsKubeInfraTrue(pod *v1.Pod) bool { -+ return true -+} -+ -+func fakeIsKubeInfraFalse(pod *v1.Pod) bool { -+ return false -+} -+ - func TestStaticPolicyAddWithResvList(t *testing.T) { - infraPod := makePod("fakePod", "fakeContainer2", "200m", "200m") - infraPod.Namespace = "kube-system" -@@ -962,6 +974,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - stAssignments: state.ContainerCPUAssignments{}, - stDefaultCPUSet: cpuset.NewCPUSet(1, 2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "8000m", "8000m"), -+ isKubeInfraPodfunc: fakeIsKubeInfraFalse, - expErr: fmt.Errorf("not enough cpus available to satisfy request"), - expCPUAlloc: false, - expCSet: cpuset.NewCPUSet(), -@@ -975,6 +988,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - stAssignments: state.ContainerCPUAssignments{}, - stDefaultCPUSet: cpuset.NewCPUSet(2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "1000m", "1000m"), -+ isKubeInfraPodfunc: fakeIsKubeInfraFalse, - expErr: nil, - expCPUAlloc: true, - expCSet: cpuset.NewCPUSet(4), // expect sibling of partial core -@@ -992,6 +1006,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - }, - stDefaultCPUSet: cpuset.NewCPUSet(0, 1, 4, 5), - pod: makePod("fakePod", "fakeContainer3", "2000m", "2000m"), -+ isKubeInfraPodfunc: fakeIsKubeInfraFalse, - expErr: nil, - expCPUAlloc: true, - expCSet: cpuset.NewCPUSet(4, 5), -@@ -1009,6 +1024,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - }, - stDefaultCPUSet: cpuset.NewCPUSet(4, 5), - pod: infraPod, -+ isKubeInfraPodfunc: fakeIsKubeInfraTrue, - expErr: nil, - expCPUAlloc: true, - expCSet: cpuset.NewCPUSet(0, 1), -@@ -1026,6 +1042,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - }, - stDefaultCPUSet: cpuset.NewCPUSet(4, 5), - pod: infraPod, -+ isKubeInfraPodfunc: fakeIsKubeInfraTrue, - expErr: nil, - expCPUAlloc: true, - expCSet: cpuset.NewCPUSet(0), -@@ -1041,7 +1058,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - assignments: testCase.stAssignments, - defaultCPUSet: testCase.stDefaultCPUSet, - } -- -+ varIsKubeInfra = testCase.isKubeInfraPodfunc - container := &testCase.pod.Spec.Containers[0] - err := policy.Allocate(st, testCase.pod, container) - if !reflect.DeepEqual(err, testCase.expErr) { -@@ -1161,3 +1178,132 @@ func TestStaticPolicyOptions(t *testing.T) { - }) - } - } -+ -+func makePodWithLabels(podLabels map[string]string) *v1.Pod { -+ return &v1.Pod{ -+ ObjectMeta: metav1.ObjectMeta{ -+ Name: "test-pod", -+ Namespace: "test-namespace", -+ Labels: podLabels, -+ }, -+ } -+} -+ -+func fakeBuildConfigFromFlags(masterUrl string, kubeconfigPath string) (*restclient.Config, error) { -+ -+ return &restclient.Config{}, nil -+} -+ -+func fakeBuildConfigFromFlagsError(masterUrl string, kubeconfigPath string) (*restclient.Config, error) { -+ -+ errString := fmt.Sprintf("%s file not found", kubeconfigPath) -+ return nil, errors.New(errString) -+ -+} -+ -+func getFakeInfraPodNamespace(_ string) (*v1.Namespace, error) { -+ -+ return &v1.Namespace{ -+ ObjectMeta: metav1.ObjectMeta{ -+ Name: "test-namespace", -+ Labels: map[string]string{ -+ "app.starlingx.io/component": "platform", -+ }, -+ }}, nil -+} -+ -+func getFakeNonInfraPodNamespace(_ string) (*v1.Namespace, error) { -+ -+ return &v1.Namespace{ -+ ObjectMeta: metav1.ObjectMeta{ -+ Name: "test-namespace", -+ Labels: map[string]string{ -+ "fake": "label", -+ }}}, nil -+ -+} -+ -+type kubeInfraPodTestCase struct { -+ description string -+ pod *v1.Pod -+ namespaceFunc getPodNamespace -+ expectedValue bool -+} -+ -+func TestKubeInfraPod(t *testing.T) { -+ testCases := []kubeInfraPodTestCase{ -+ { -+ description: "Pod with platform label and namespace with platform label", -+ pod: makePodWithLabels(map[string]string{ -+ "app.starlingx.io/component": "platform", -+ }), -+ namespaceFunc: getFakeInfraPodNamespace, -+ expectedValue: true, -+ }, -+ { -+ description: "Pod with platform label and namespace without platform label", -+ pod: makePodWithLabels(map[string]string{ -+ "app.starlingx.io/component": "platform", -+ }), -+ namespaceFunc: getFakeNonInfraPodNamespace, -+ expectedValue: true, -+ -+ }, -+ { -+ description: "Pod without platform label and namespace with platform label", -+ pod: makePodWithLabels(map[string]string{ -+ "test": "label", -+ }), -+ namespaceFunc: getFakeInfraPodNamespace, -+ expectedValue: true, -+ }, -+ { -+ description: "Pod without platform label and namespace without platform label", -+ pod: makePodWithLabels(map[string]string{ -+ "test": "namespace", -+ }), -+ namespaceFunc: getFakeNonInfraPodNamespace, -+ expectedValue: false, -+ }, -+ -+ } -+ -+ for _, testCase := range testCases { -+ t.Run(testCase.description, func(t *testing.T) { -+ -+ varGetNamespaceObject = testCase.namespaceFunc -+ varBuildConfigFromFlags = fakeBuildConfigFromFlags -+ gotValue := isKubeInfra(testCase.pod) -+ -+ if gotValue != testCase.expectedValue { -+ t.Errorf("StaticPolicy isKubeInfraPod() error %v. expected value %v actual value %v", -+ testCase.description, testCase.expectedValue, gotValue) -+ } else { -+ fmt.Printf("StaticPolicy isKubeInfraPod() test successful. : %v ", testCase.description) -+ } -+ -+ }) -+ } -+ -+ test := kubeInfraPodTestCase{ -+ description: "Failure reading kubeconfig file", -+ pod: makePodWithLabels(map[string]string{ -+ "test": "namespace", -+ }), -+ namespaceFunc: getFakeNonInfraPodNamespace, -+ expectedValue: false, -+ } -+ -+ varGetNamespaceObject = getPodNamespaceObject -+ varBuildConfigFromFlags = fakeBuildConfigFromFlagsError -+ -+ gotValue := isKubeInfra(test.pod) -+ -+ if gotValue != test.expectedValue { -+ t.Errorf("StaticPolicy isKubeInfraPod() error %v. expected value %v actual value %v", -+ test.description, test.expectedValue, gotValue) -+ } else { -+ fmt.Printf("StaticPolicy isKubeInfraPod() test successful. : %v ", test.description) -+ } -+ -+} -diff --git a/pkg/kubelet/cm/cpumanager/topology_hints_test.go b/pkg/kubelet/cm/cpumanager/topology_hints_test.go -index 5b6951cb2d7..d1ff1288306 100644 ---- a/pkg/kubelet/cm/cpumanager/topology_hints_test.go -+++ b/pkg/kubelet/cm/cpumanager/topology_hints_test.go -@@ -145,6 +145,7 @@ func TestPodGuaranteedCPUs(t *testing.T) { - expectedCPU: 6, - }, - } -+ varIsKubeInfra = fakeIsKubeInfraFalse - for _, tc := range tcases { - requestedCPU := p.podGuaranteedCPUs(tc.pod) - -@@ -187,6 +188,7 @@ func TestGetTopologyHints(t *testing.T) { - sourcesReady: &sourcesReadyStub{}, - } - -+ varIsKubeInfra = fakeIsKubeInfraFalse - hints := m.GetTopologyHints(&tc.pod, &tc.container)[string(v1.ResourceCPU)] - if len(tc.expectedHints) == 0 && len(hints) == 0 { - continue -@@ -240,6 +242,7 @@ func TestGetPodTopologyHints(t *testing.T) { - sourcesReady: &sourcesReadyStub{}, - } - -+ varIsKubeInfra = fakeIsKubeInfraFalse - podHints := m.GetPodTopologyHints(&tc.pod)[string(v1.ResourceCPU)] - if len(tc.expectedHints) == 0 && len(podHints) == 0 { - continue -@@ -423,6 +426,7 @@ func TestGetPodTopologyHintsWithPolicyOptions(t *testing.T) { - sourcesReady: &sourcesReadyStub{}, - } - -+ varIsKubeInfra = fakeIsKubeInfraFalse - podHints := m.GetPodTopologyHints(&testCase.pod)[string(v1.ResourceCPU)] - sort.SliceStable(podHints, func(i, j int) bool { - return podHints[i].LessThan(podHints[j]) --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch b/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch deleted file mode 100644 index 1af5b6fdc..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch +++ /dev/null @@ -1,169 +0,0 @@ -From 9f3efbfff49e3df7cb95fd58df7f649c2e580e35 Mon Sep 17 00:00:00 2001 -From: Chris Friesen -Date: Fri, 3 Sep 2021 18:05:15 -0400 -Subject: [PATCH] kubeadm: create platform pods with zero CPU resources - -This specifies zero CPU resources when creating the manifests -for the static platform pods, as a workaround for the lack of -separate resource tracking for platform resources. - -This specifies zero CPU and Memory resources for the coredns -deployment. manifests.go is the main source file for this, -not sure if the coredns.yaml are used but they are updated to -be consistent. - -This specifies CPU limit of 1 for kube-apiserver pod so that it is -treated as a burstable QoS. This gives a boost of cgroup CPUShares -since the burstable cgroup parent has significantly more CPUShares -than best-effort on typical systems. This improves kube-apiserver -API responsiveness. - -This increases kube-apiserver Readiness probe periodSeconds to 10 -based on WRS/SS joint recommendation for minimum probe settings. -This reduces likelihood of kube-apiserver probe failure and -subsequent pod-restart under servere load. This also reduces CPU -demand. - -Signed-off-by: Daniel Safta -Signed-off-by: Boovan Rajendran -Signed-off-by: Jim Gauld ---- - cluster/addons/dns/coredns/coredns.yaml.base | 4 ++-- - cluster/addons/dns/coredns/coredns.yaml.in | 4 ++-- - cluster/addons/dns/coredns/coredns.yaml.sed | 4 ++-- - cmd/kubeadm/app/phases/addons/dns/manifests.go | 4 ++-- - .../app/phases/controlplane/manifests.go | 8 +++++--- - cmd/kubeadm/app/util/staticpod/utils.go | 17 ++++++++++++++++- - 6 files changed, 29 insertions(+), 12 deletions(-) - -diff --git a/cluster/addons/dns/coredns/coredns.yaml.base b/cluster/addons/dns/coredns/coredns.yaml.base -index e03559423e6..49e88afc976 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.base -+++ b/cluster/addons/dns/coredns/coredns.yaml.base -@@ -145,8 +145,8 @@ spec: - limits: - memory: __DNS__MEMORY__LIMIT__ - requests: -- cpu: 100m -- memory: 70Mi -+ cpu: 0 -+ memory: 0 - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume -diff --git a/cluster/addons/dns/coredns/coredns.yaml.in b/cluster/addons/dns/coredns/coredns.yaml.in -index 9b241370bea..78a23317b56 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.in -+++ b/cluster/addons/dns/coredns/coredns.yaml.in -@@ -145,8 +145,8 @@ spec: - limits: - memory: 'dns_memory_limit' - requests: -- cpu: 100m -- memory: 70Mi -+ cpu: 0 -+ memory: 0 - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume -diff --git a/cluster/addons/dns/coredns/coredns.yaml.sed b/cluster/addons/dns/coredns/coredns.yaml.sed -index 561fdf9aea8..536513d1e9d 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.sed -+++ b/cluster/addons/dns/coredns/coredns.yaml.sed -@@ -145,8 +145,8 @@ spec: - limits: - memory: $DNS_MEMORY_LIMIT - requests: -- cpu: 100m -- memory: 70Mi -+ cpu: 0 -+ memory: 0 - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume -diff --git a/cmd/kubeadm/app/phases/addons/dns/manifests.go b/cmd/kubeadm/app/phases/addons/dns/manifests.go -index 0e3c6c98c29..0aa23679caa 100644 ---- a/cmd/kubeadm/app/phases/addons/dns/manifests.go -+++ b/cmd/kubeadm/app/phases/addons/dns/manifests.go -@@ -104,8 +104,8 @@ spec: - limits: - memory: 170Mi - requests: -- cpu: 100m -- memory: 70Mi -+ cpu: 0 -+ memory: 0 - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume -diff --git a/cmd/kubeadm/app/phases/controlplane/manifests.go b/cmd/kubeadm/app/phases/controlplane/manifests.go -index 73f4fa56270..343a9011498 100644 ---- a/cmd/kubeadm/app/phases/controlplane/manifests.go -+++ b/cmd/kubeadm/app/phases/controlplane/manifests.go -@@ -63,7 +63,9 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap - LivenessProbe: staticpodutil.LivenessProbe(staticpodutil.GetAPIServerProbeAddress(endpoint), "/livez", int(endpoint.BindPort), v1.URISchemeHTTPS), - ReadinessProbe: staticpodutil.ReadinessProbe(staticpodutil.GetAPIServerProbeAddress(endpoint), "/readyz", int(endpoint.BindPort), v1.URISchemeHTTPS), - StartupProbe: staticpodutil.StartupProbe(staticpodutil.GetAPIServerProbeAddress(endpoint), "/livez", int(endpoint.BindPort), v1.URISchemeHTTPS, cfg.APIServer.TimeoutForControlPlane), -- Resources: staticpodutil.ComponentResources("250m"), -+ // WRS: Increase kube-apiserver cgroup CPUShares to improve API responsiveness; -+ // achieved by setting CPU Limits to make it burstable QoS. -+ Resources: staticpodutil.ComponentLimitResources("0", "1"), - Env: kubeadmutil.GetProxyEnvVars(), - }, mounts.GetVolumes(kubeadmconstants.KubeAPIServer), - map[string]string{kubeadmconstants.KubeAPIServerAdvertiseAddressEndpointAnnotationKey: endpoint.String()}), -@@ -75,7 +77,7 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap - VolumeMounts: staticpodutil.VolumeMountMapToSlice(mounts.GetVolumeMounts(kubeadmconstants.KubeControllerManager)), - LivenessProbe: staticpodutil.LivenessProbe(staticpodutil.GetControllerManagerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeControllerManagerPort, v1.URISchemeHTTPS), - StartupProbe: staticpodutil.StartupProbe(staticpodutil.GetControllerManagerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeControllerManagerPort, v1.URISchemeHTTPS, cfg.APIServer.TimeoutForControlPlane), -- Resources: staticpodutil.ComponentResources("200m"), -+ Resources: staticpodutil.ComponentResources("0"), - Env: kubeadmutil.GetProxyEnvVars(), - }, mounts.GetVolumes(kubeadmconstants.KubeControllerManager), nil), - kubeadmconstants.KubeScheduler: staticpodutil.ComponentPod(v1.Container{ -@@ -86,7 +88,7 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap - VolumeMounts: staticpodutil.VolumeMountMapToSlice(mounts.GetVolumeMounts(kubeadmconstants.KubeScheduler)), - LivenessProbe: staticpodutil.LivenessProbe(staticpodutil.GetSchedulerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeSchedulerPort, v1.URISchemeHTTPS), - StartupProbe: staticpodutil.StartupProbe(staticpodutil.GetSchedulerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeSchedulerPort, v1.URISchemeHTTPS, cfg.APIServer.TimeoutForControlPlane), -- Resources: staticpodutil.ComponentResources("100m"), -+ Resources: staticpodutil.ComponentResources("0"), - Env: kubeadmutil.GetProxyEnvVars(), - }, mounts.GetVolumes(kubeadmconstants.KubeScheduler), nil), - } -diff --git a/cmd/kubeadm/app/util/staticpod/utils.go b/cmd/kubeadm/app/util/staticpod/utils.go -index 56a3f25b72a..4ea5e4635df 100644 ---- a/cmd/kubeadm/app/util/staticpod/utils.go -+++ b/cmd/kubeadm/app/util/staticpod/utils.go -@@ -92,6 +92,18 @@ func ComponentResources(cpu string) v1.ResourceRequirements { - } - } - -+// ComponentLimitResources returns the v1.ResourceRequirements object needed for allocating a specified amount of the CPU with Limits -+func ComponentLimitResources(cpu string, lcpu string) v1.ResourceRequirements { -+ return v1.ResourceRequirements{ -+ Requests: v1.ResourceList{ -+ v1.ResourceCPU: resource.MustParse(cpu), -+ }, -+ Limits: v1.ResourceList{ -+ v1.ResourceCPU: resource.MustParse(lcpu), -+ }, -+ } -+} -+ - // NewVolume creates a v1.Volume with a hostPath mount to the specified location - func NewVolume(name, path string, pathType *v1.HostPathType) v1.Volume { - return v1.Volume{ -@@ -245,7 +257,10 @@ func LivenessProbe(host, path string, port int, scheme v1.URIScheme) *v1.Probe { - func ReadinessProbe(host, path string, port int, scheme v1.URIScheme) *v1.Probe { - // sets initialDelaySeconds as '0' because we don't want to delay user infrastructure checks - // looking for "ready" status on kubeadm static Pods -- return createHTTPProbe(host, path, port, scheme, 0, 15, 3, 1) -+ // WRS/SS joint recommendation: All pods probes should have following minimum probe -+ // settings unless required by the service (initialDelaySecond 0, periodSeconds 10, -+ // timeoutSeconds 5, successThreshold 1, failureThreshold 3) -+ return createHTTPProbe(host, path, port, scheme, 0, 15, 3, 10) - } - - // StartupProbe creates a Probe object with a HTTPGet handler --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch b/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch deleted file mode 100644 index bc030acda..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 583589c3574ffd6e0376579316b30d2a2dcf82f8 Mon Sep 17 00:00:00 2001 -From: Ferdinando Terada -Date: Mon, 23 Dec 2024 17:53:09 -0300 -Subject: [PATCH] Adjust timeout for coredns readinessProbe - -The timeout value for the readinessProbe of CoreDNS was increased. -This adjustment was necessary to avoid issues during stress testing, -ensuring that the component can properly handle high-load situations -and prevent premature failure in readiness checks. ---- - cluster/addons/dns/coredns/coredns.yaml.base | 1 + - cluster/addons/dns/coredns/coredns.yaml.in | 1 + - cluster/addons/dns/coredns/coredns.yaml.sed | 1 + - cmd/kubeadm/app/phases/addons/dns/manifests.go | 1 + - 4 files changed, 4 insertions(+) - -diff --git a/cluster/addons/dns/coredns/coredns.yaml.base b/cluster/addons/dns/coredns/coredns.yaml.base -index 3a0fd7adb72..c8289f7c136 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.base -+++ b/cluster/addons/dns/coredns/coredns.yaml.base -@@ -170,6 +170,7 @@ spec: - path: /ready - port: 8181 - scheme: HTTP -+ timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: -diff --git a/cluster/addons/dns/coredns/coredns.yaml.in b/cluster/addons/dns/coredns/coredns.yaml.in -index 74b59584bc7..974c8337031 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.in -+++ b/cluster/addons/dns/coredns/coredns.yaml.in -@@ -170,6 +170,7 @@ spec: - path: /ready - port: 8181 - scheme: HTTP -+ timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: -diff --git a/cluster/addons/dns/coredns/coredns.yaml.sed b/cluster/addons/dns/coredns/coredns.yaml.sed -index 61afbecd9da..563a8980e07 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.sed -+++ b/cluster/addons/dns/coredns/coredns.yaml.sed -@@ -170,6 +170,7 @@ spec: - path: /ready - port: 8181 - scheme: HTTP -+ timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: -diff --git a/cmd/kubeadm/app/phases/addons/dns/manifests.go b/cmd/kubeadm/app/phases/addons/dns/manifests.go -index 2a2212d5d37..c0be57357e4 100644 ---- a/cmd/kubeadm/app/phases/addons/dns/manifests.go -+++ b/cmd/kubeadm/app/phases/addons/dns/manifests.go -@@ -135,6 +135,7 @@ spec: - path: /ready - port: 8181 - scheme: HTTP -+ timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: --- -2.34.1 - diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch b/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch deleted file mode 100644 index cc740363d..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 1168a33565667c030f73b55df8c227a051e06b9e Mon Sep 17 00:00:00 2001 -From: Ramesh Kumar Sivanandam -Date: Fri, 15 Mar 2024 03:46:02 -0400 -Subject: [PATCH] kubeadm: reduce UpgradeManifestTimeout - -This modifies kubeadm UpgradeManifestTimeout from 5 minutes default -to 3 minutes to reduce the unnecessary delay in retries during -kubeadm-upgrade-apply failures. - -The typical control-plane upgrade of static pods is 75 to 85 seconds, -so 3 minutes gives adequate buffer to complete the operation. - -Signed-off-by: Ramesh Kumar Sivanandam ---- - cmd/kubeadm/app/phases/upgrade/staticpods.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cmd/kubeadm/app/phases/upgrade/staticpods.go b/cmd/kubeadm/app/phases/upgrade/staticpods.go -index 524a624c34f..37562342368 100644 ---- a/cmd/kubeadm/app/phases/upgrade/staticpods.go -+++ b/cmd/kubeadm/app/phases/upgrade/staticpods.go -@@ -46,7 +46,7 @@ import ( - - const ( - // UpgradeManifestTimeout is timeout of upgrading the static pod manifest -- UpgradeManifestTimeout = 5 * time.Minute -+ UpgradeManifestTimeout = 3 * time.Minute - ) - - // StaticPodPathManager is responsible for tracking the directories used in the static pod upgrade transition --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch b/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch deleted file mode 100644 index a80519407..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 763da9f5ced5bb40cfc314e0b8199bcf46742f14 Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Wed, 30 Nov 2022 04:17:19 -0500 -Subject: [PATCH 10/10] kubelet CFS quota throttling for non integer cpulimit - -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/internal_container_lifecycle_linux.go | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/pkg/kubelet/cm/internal_container_lifecycle_linux.go b/pkg/kubelet/cm/internal_container_lifecycle_linux.go -index 75406dd8564..05366ab6fcb 100644 ---- a/pkg/kubelet/cm/internal_container_lifecycle_linux.go -+++ b/pkg/kubelet/cm/internal_container_lifecycle_linux.go -@@ -39,7 +39,11 @@ func (i *internalContainerLifecycleImpl) PreCreateContainer(pod *v1.Pod, contain - // Disable cgroup CFS throttle at the container level. - // /sys/fs/cgroup/cpu/k8s-infra/kubepods///cpu.cfs_quota_us - // /sys/fs/cgroup/cpu/k8s-infra/kubepods///cpu.cfs_period_us -- if i.cpuManager.GetCPUPolicy() == "static" && v1qos.GetPodQOS(pod) == v1.PodQOSGuaranteed { -+ // We can only set CpuQuota to -1 if we're allocating the entire CPU. -+ // For fractional CPUs the CpuQuota is needed to enforce the limit. -+ cpuQuantity := container.Resources.Requests[v1.ResourceCPU] -+ fractionalCpuQuantity := cpuQuantity.MilliValue()%1000 -+ if i.cpuManager.GetCPUPolicy() == "static" && v1qos.GetPodQOS(pod) == v1.PodQOSGuaranteed && fractionalCpuQuantity == 0 { - containerConfig.Linux.Resources.CpuPeriod = int64(100000) - containerConfig.Linux.Resources.CpuQuota = int64(-1) - } --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch b/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch deleted file mode 100644 index e2ff23c9b..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch +++ /dev/null @@ -1,255 +0,0 @@ -From 403a466bb82d8c285d6a2b814e467bb949cc9ca3 Mon Sep 17 00:00:00 2001 -From: Sachin Gopala Krishna -Date: Mon, 3 Oct 2022 19:19:48 -0400 -Subject: [PATCH 05/10] kubelet cpumanager disable CFS quota throttling - -This disables CFS CPU quota to avoid performance degradation due to -Linux kernel CFS quota implementation. Note that 4.18 kernel attempts -to solve the CFS throttling problem, but there are reports that it is -not completely effective. - -This disables CFS quota throttling for Guaranteed pods for both -parent and container cgroups by writing -1 to cgroup cpu.cfs_quota_us. -Disabling has a dramatic latency improvement for HTTP response times. - -This patch is refactored in 1.22.5 due to new internal_container_lifecycle -framework. We leverage the same mechanism to set Linux resources as: -cpu manager: specify the container CPU set during the creation - -Co-authored-by: Jim Gauld -Signed-off-by: Sachin Gopala Krishna ---- - pkg/kubelet/cm/cpumanager/cpu_manager.go | 7 +++ - pkg/kubelet/cm/cpumanager/fake_cpu_manager.go | 10 ++++- - pkg/kubelet/cm/helpers_linux.go | 10 +++++ - pkg/kubelet/cm/helpers_linux_test.go | 43 ++++++++++--------- - .../cm/internal_container_lifecycle_linux.go | 9 ++++ - 5 files changed, 57 insertions(+), 22 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager.go b/pkg/kubelet/cm/cpumanager/cpu_manager.go -index 443eecd2d36..9e2dce60501 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager.go -@@ -73,6 +73,9 @@ type Manager interface { - // State returns a read-only interface to the internal CPU manager state. - State() state.Reader - -+ // GetCPUPolicy returns the assigned CPU manager policy -+ GetCPUPolicy() string -+ - // GetTopologyHints implements the topologymanager.HintProvider Interface - // and is consulted to achieve NUMA aware resource alignment among this - // and other resource controllers. -@@ -315,6 +318,10 @@ func (m *manager) State() state.Reader { - return m.state - } - -+func (m *manager) GetCPUPolicy() string { -+ return m.policy.Name() -+} -+ - func (m *manager) GetTopologyHints(pod *v1.Pod, container *v1.Container) map[string][]topologymanager.TopologyHint { - // The pod is during the admission phase. We need to save the pod to avoid it - // being cleaned before the admission ended -diff --git a/pkg/kubelet/cm/cpumanager/fake_cpu_manager.go b/pkg/kubelet/cm/cpumanager/fake_cpu_manager.go -index 93369705135..2e277da9c84 100644 ---- a/pkg/kubelet/cm/cpumanager/fake_cpu_manager.go -+++ b/pkg/kubelet/cm/cpumanager/fake_cpu_manager.go -@@ -28,7 +28,8 @@ import ( - ) - - type fakeManager struct { -- state state.State -+ policy Policy -+ state state.State - } - - func (m *fakeManager) Start(activePods ActivePodsFunc, sourcesReady config.SourcesReady, podStatusProvider status.PodStatusProvider, containerRuntime runtimeService, initialContainers containermap.ContainerMap) error { -@@ -70,6 +71,10 @@ func (m *fakeManager) State() state.Reader { - return m.state - } - -+func (m *fakeManager) GetCPUPolicy() string { -+ return m.policy.Name() -+} -+ - func (m *fakeManager) GetExclusiveCPUs(podUID, containerName string) cpuset.CPUSet { - klog.InfoS("GetExclusiveCPUs", "podUID", podUID, "containerName", containerName) - return cpuset.CPUSet{} -@@ -88,6 +93,7 @@ func (m *fakeManager) GetCPUAffinity(podUID, containerName string) cpuset.CPUSet - // NewFakeManager creates empty/fake cpu manager - func NewFakeManager() Manager { - return &fakeManager{ -- state: state.NewMemoryState(), -+ policy: &nonePolicy{}, -+ state: state.NewMemoryState(), - } - } -diff --git a/pkg/kubelet/cm/helpers_linux.go b/pkg/kubelet/cm/helpers_linux.go -index e0292496fe9..9a22bb2d312 100644 ---- a/pkg/kubelet/cm/helpers_linux.go -+++ b/pkg/kubelet/cm/helpers_linux.go -@@ -186,6 +186,16 @@ func ResourceConfigForPod(pod *v1.Pod, enforceCPULimits bool, cpuPeriod uint64, - // build the result - result := &ResourceConfig{} - if qosClass == v1.PodQOSGuaranteed { -+ // Disable CFS CPU quota to avoid performance degradation due to -+ // Linux kernel CFS throttle implementation. -+ // NOTE: 4.18 kernel attempts to solve CFS throttling problem, -+ // but there are reports that it is not completely effective. -+ // This will configure cgroup CFS parameters at pod level: -+ // /sys/fs/cgroup/cpu/k8s-infra/kubepods//cpu.cfs_quota_us -+ // /sys/fs/cgroup/cpu/k8s-infra/kubepods//cpu.cfs_period_us -+ cpuQuota = int64(-1) -+ cpuPeriod = uint64(100000) -+ - result.CpuShares = &cpuShares - result.CpuQuota = &cpuQuota - result.CpuPeriod = &cpuPeriod -diff --git a/pkg/kubelet/cm/helpers_linux_test.go b/pkg/kubelet/cm/helpers_linux_test.go -index 9296ea29e2a..08c5a92cd4c 100644 ---- a/pkg/kubelet/cm/helpers_linux_test.go -+++ b/pkg/kubelet/cm/helpers_linux_test.go -@@ -64,8 +64,9 @@ func TestResourceConfigForPod(t *testing.T) { - burstablePartialShares := MilliCPUToShares(200) - burstableQuota := MilliCPUToQuota(200, int64(defaultQuotaPeriod)) - guaranteedShares := MilliCPUToShares(100) -- guaranteedQuota := MilliCPUToQuota(100, int64(defaultQuotaPeriod)) -- guaranteedTunedQuota := MilliCPUToQuota(100, int64(tunedQuotaPeriod)) -+ guaranteedQuotaPeriod := uint64(100000) -+ guaranteedQuota := int64(-1) -+ guaranteedTunedQuota := int64(-1) - memoryQuantity = resource.MustParse("100Mi") - cpuNoLimit := int64(-1) - guaranteedMemory := memoryQuantity.Value() -@@ -204,8 +205,8 @@ func TestResourceConfigForPod(t *testing.T) { - }, - }, - enforceCPULimits: true, -- quotaPeriod: defaultQuotaPeriod, -- expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &guaranteedQuota, CpuPeriod: &defaultQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &guaranteedQuota, CpuPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-no-cpu-enforcement": { - pod: &v1.Pod{ -@@ -218,8 +219,8 @@ func TestResourceConfigForPod(t *testing.T) { - }, - }, - enforceCPULimits: false, -- quotaPeriod: defaultQuotaPeriod, -- expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &cpuNoLimit, CpuPeriod: &defaultQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &cpuNoLimit, CpuPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-with-tuned-quota": { - pod: &v1.Pod{ -@@ -232,8 +233,8 @@ func TestResourceConfigForPod(t *testing.T) { - }, - }, - enforceCPULimits: true, -- quotaPeriod: tunedQuotaPeriod, -- expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &guaranteedTunedQuota, CpuPeriod: &tunedQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &guaranteedTunedQuota, CpuPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-no-cpu-enforcement-with-tuned-quota": { - pod: &v1.Pod{ -@@ -246,8 +247,8 @@ func TestResourceConfigForPod(t *testing.T) { - }, - }, - enforceCPULimits: false, -- quotaPeriod: tunedQuotaPeriod, -- expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &cpuNoLimit, CpuPeriod: &tunedQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &cpuNoLimit, CpuPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "burstable-partial-limits-with-init-containers": { - pod: &v1.Pod{ -@@ -309,8 +310,10 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - burstablePartialShares := MilliCPUToShares(200) - burstableQuota := MilliCPUToQuota(200, int64(defaultQuotaPeriod)) - guaranteedShares := MilliCPUToShares(100) -- guaranteedQuota := MilliCPUToQuota(100, int64(defaultQuotaPeriod)) -- guaranteedTunedQuota := MilliCPUToQuota(100, int64(tunedQuotaPeriod)) -+ guaranteedQuotaPeriod := uint64(100000) -+ guaranteedQuota := int64(-1) -+ guaranteedTunedQuota := int64(-1) -+ - memoryQuantity = resource.MustParse("100Mi") - cpuNoLimit := int64(-1) - guaranteedMemory := memoryQuantity.Value() -@@ -449,8 +452,8 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - }, - }, - enforceCPULimits: true, -- quotaPeriod: defaultQuotaPeriod, -- expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &guaranteedQuota, CpuPeriod: &defaultQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &guaranteedQuota, CpuPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-no-cpu-enforcement": { - pod: &v1.Pod{ -@@ -463,8 +466,8 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - }, - }, - enforceCPULimits: false, -- quotaPeriod: defaultQuotaPeriod, -- expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &cpuNoLimit, CpuPeriod: &defaultQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &cpuNoLimit, CpuPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-with-tuned-quota": { - pod: &v1.Pod{ -@@ -477,8 +480,8 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - }, - }, - enforceCPULimits: true, -- quotaPeriod: tunedQuotaPeriod, -- expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &guaranteedTunedQuota, CpuPeriod: &tunedQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &guaranteedTunedQuota, CpuPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-no-cpu-enforcement-with-tuned-quota": { - pod: &v1.Pod{ -@@ -491,8 +494,8 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - }, - }, - enforceCPULimits: false, -- quotaPeriod: tunedQuotaPeriod, -- expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &cpuNoLimit, CpuPeriod: &tunedQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CpuShares: &guaranteedShares, CpuQuota: &cpuNoLimit, CpuPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - } - -diff --git a/pkg/kubelet/cm/internal_container_lifecycle_linux.go b/pkg/kubelet/cm/internal_container_lifecycle_linux.go -index cb7c0cfa543..75406dd8564 100644 ---- a/pkg/kubelet/cm/internal_container_lifecycle_linux.go -+++ b/pkg/kubelet/cm/internal_container_lifecycle_linux.go -@@ -25,6 +25,7 @@ import ( - - "k8s.io/api/core/v1" - runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1" -+ v1qos "k8s.io/kubernetes/pkg/apis/core/v1/helper/qos" - ) - - func (i *internalContainerLifecycleImpl) PreCreateContainer(pod *v1.Pod, container *v1.Container, containerConfig *runtimeapi.ContainerConfig) error { -@@ -35,6 +36,14 @@ func (i *internalContainerLifecycleImpl) PreCreateContainer(pod *v1.Pod, contain - } - } - -+ // Disable cgroup CFS throttle at the container level. -+ // /sys/fs/cgroup/cpu/k8s-infra/kubepods///cpu.cfs_quota_us -+ // /sys/fs/cgroup/cpu/k8s-infra/kubepods///cpu.cfs_period_us -+ if i.cpuManager.GetCPUPolicy() == "static" && v1qos.GetPodQOS(pod) == v1.PodQOSGuaranteed { -+ containerConfig.Linux.Resources.CpuPeriod = int64(100000) -+ containerConfig.Linux.Resources.CpuQuota = int64(-1) -+ } -+ - if i.memoryManager != nil { - numaNodes := i.memoryManager.GetMemoryNUMANodes(pod, container) - if numaNodes.Len() > 0 { --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch b/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch deleted file mode 100644 index b8c59f566..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch +++ /dev/null @@ -1,171 +0,0 @@ -From b6a88b7063cdf3384e3fe37474a7388847a9cf43 Mon Sep 17 00:00:00 2001 -From: Ramesh Kumar Sivanandam -Date: Tue, 15 Aug 2023 23:03:53 -0300 -Subject: [PATCH 07/10] kubelet cpumanager infra pods use system reserved CPUs - -This assigns system infrastructure pods to the "reserved" cpuset -to isolate them from the shared pool of CPUs. - -Infrastructure pods include any pods that belong to the kube-system, -armada, cert-manager, vault, platform-deployment-manager, portieris, -notification, flux-helm, metrics-server, node-feature-discovery, -intel-power, power-metrics or sriov-fec-system namespaces. - -The implementation is a bit simplistic, it is assumed that the -"reserved" cpuset is large enough to handle all infrastructure pods -CPU allocations. - -This also prevents infrastucture pods from using Guaranteed resources. - -Co-authored-by: Jim Gauld -Signed-off-by: Gleb Aronsky -Signed-off-by: Thiago Miranda -Signed-off-by: Kaustubh Dhokte -Signed-off-by: Ramesh Kumar Sivanandam -Signed-off-by: Sachin Gopala Krishna -Signed-off-by: Marcos Silva -Signed-off-by: Alyson Deives Pereira -Signed-off-by: Marcos Silva - ---- - pkg/kubelet/cm/cpumanager/policy_static.go | 50 ++++++++++++++++--- - .../cm/cpumanager/policy_static_test.go | 19 ++++++- - 2 files changed, 62 insertions(+), 7 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index 4c4164a9099..26eb400cee6 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -56,6 +56,11 @@ func (e SMTAlignmentError) Type() string { - return ErrorSMTAlignment - } - -+// Define namespaces used by platform infrastructure pods -+var infraNamespaces = [...]string{ -+ "kube-system", "armada", "cert-manager", "platform-deployment-manager", "portieris", "vault", "notification", "flux-helm", "metrics-server", "node-feature-discovery", "intel-power", "power-metrics", "sriov-fec-system", -+} -+ - // staticPolicy is a CPU manager policy that does not change CPU - // assignments for exclusively pinned guaranteed containers after the main - // container process starts. -@@ -128,11 +133,11 @@ func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reserv - klog.InfoS("Static policy created with configuration", "options", opts) - - policy := &staticPolicy{ -- topology: topology, -- affinity: affinity, -+ topology: topology, -+ affinity: affinity, - excludeReserved: excludeReserved, -- cpusToReuse: make(map[string]cpuset.CPUSet), -- options: opts, -+ cpusToReuse: make(map[string]cpuset.CPUSet), -+ options: opts, - } - - allCPUs := topology.CPUDetails.CPUs() -@@ -200,8 +205,8 @@ func (p *staticPolicy) validateState(s state.State) error { - // - user tampered with file - if !p.excludeReserved { - if !p.reserved.Intersection(tmpDefaultCPUset).Equals(p.reserved) { -- return fmt.Errorf("not all reserved cpus: \"%s\" are present in defaultCpuSet: \"%s\"", -- p.reserved.String(), tmpDefaultCPUset.String()) -+ return fmt.Errorf("not all reserved cpus: \"%s\" are present in defaultCpuSet: \"%s\"", -+ p.reserved.String(), tmpDefaultCPUset.String()) - } - } - // 2. Check if state for static policy is consistent -@@ -276,6 +281,25 @@ func (p *staticPolicy) updateCPUsToReuse(pod *v1.Pod, container *v1.Container, c - } - - func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Container) (rerr error) { -+ // Process infra pods before guaranteed pods -+ if isKubeInfra(pod) { -+ // Container belongs in reserved pool. -+ // We don't want to fall through to the p.guaranteedCPUs() clause below so return either nil or error. -+ if _, ok := s.GetCPUSet(string(pod.UID), container.Name); ok { -+ klog.Infof("[cpumanager] static policy: reserved container already present in state, skipping (namespace: %s, pod UID: %s, pod: %s, container: %s)", pod.Namespace, string(pod.UID), pod.Name, container.Name) -+ return nil -+ } -+ -+ cpuset := p.reserved -+ if cpuset.IsEmpty() { -+ // If this happens then someone messed up. -+ return fmt.Errorf("[cpumanager] static policy: reserved container unable to allocate cpus (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v, reserved:%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset, p.reserved) -+ } -+ s.SetCPUSet(string(pod.UID), container.Name, cpuset) -+ klog.Infof("[cpumanager] static policy: reserved: AddContainer (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset) -+ return nil -+ } -+ - numCPUs := p.guaranteedCPUs(pod, container) - if numCPUs == 0 { - // container belongs in the shared pool (nothing to do; use default cpuset) -@@ -401,6 +425,10 @@ func (p *staticPolicy) guaranteedCPUs(pod *v1.Pod, container *v1.Container) int - if cpuQuantity.Value()*1000 != cpuQuantity.MilliValue() { - return 0 - } -+ // Infrastructure pods use reserved CPUs even if they're in the Guaranteed QoS class -+ if isKubeInfra(pod) { -+ return 0 -+ } - // Safe downcast to do for all systems with < 2.1 billion CPUs. - // Per the language spec, `int` is guaranteed to be at least 32 bits wide. - // https://golang.org/ref/spec#Numeric_types -@@ -619,6 +647,16 @@ func (p *staticPolicy) generateCPUTopologyHints(availableCPUs cpuset.CPUSet, reu - return hints - } - -+// check if a given pod is in a platform infrastructure namespace -+func isKubeInfra(pod *v1.Pod) bool { -+ for _, namespace := range infraNamespaces { -+ if namespace == pod.Namespace { -+ return true -+ } -+ } -+ return false -+} -+ - // isHintSocketAligned function return true if numa nodes in hint are socket aligned. - func (p *staticPolicy) isHintSocketAligned(hint topologymanager.TopologyHint, minAffinitySize int) bool { - numaNodesBitMask := hint.NUMANodeAffinity.GetBits() -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index 80a0c5a9e70..414e5ce144c 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -939,7 +939,8 @@ func TestStaticPolicyStartWithResvList(t *testing.T) { - } - - func TestStaticPolicyAddWithResvList(t *testing.T) { -- -+ infraPod := makePod("fakePod", "fakeContainer2", "200m", "200m") -+ infraPod.Namespace = "kube-system" - testCases := []staticPolicyTestWithResvList{ - { - description: "GuPodSingleCore, SingleSocketHT, ExpectError", -@@ -981,6 +982,22 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - expCPUAlloc: true, - expCSet: cpuset.NewCPUSet(4, 5), - }, -+ { -+ description: "InfraPod, SingleSocketHT, ExpectAllocReserved", -+ topo: topoSingleSocketHT, -+ numReservedCPUs: 2, -+ reserved: cpuset.NewCPUSet(0, 1), -+ stAssignments: state.ContainerCPUAssignments{ -+ "fakePod": map[string]cpuset.CPUSet{ -+ "fakeContainer100": cpuset.NewCPUSet(2, 3, 6, 7), -+ }, -+ }, -+ stDefaultCPUSet: cpuset.NewCPUSet(4, 5), -+ pod: infraPod, -+ expErr: nil, -+ expCPUAlloc: true, -+ expCSet: cpuset.NewCPUSet(0, 1), -+ }, - } - - testExcl := true --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch b/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch deleted file mode 100644 index 6485b4ab3..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch +++ /dev/null @@ -1,744 +0,0 @@ -From ed1f8c6a04e7fed096eaae5081c2b5e0c3bc6fed Mon Sep 17 00:00:00 2001 -From: Ramesh Kumar Sivanandam -Date: Mon, 7 Nov 2022 13:33:03 -0500 -Subject: [PATCH 08/10] kubelet cpumanager introduce concept of isolated CPUs - -This introduces the concept of "isolated CPUs", which are CPUs that -have been isolated at the kernel level via the "isolcpus" kernel boot -parameter. - -When starting the kubelet process, two separate sets of reserved CPUs -may be specified. With this change CPUs reserved via -'--system-reserved=cpu' will be used for infrastructure pods while the -isolated CPUs should be reserved via '--kube-reserved=cpu' to cause -kubelet to skip over them for "normal" CPU resource tracking. The -kubelet code will double-check that the specified isolated CPUs match -what the kernel exposes in "/sys/devices/system/cpu/isolated". - -A plugin (outside the scope of this commit) will expose the isolated -CPUs to kubelet via the device plugin API. - -If a pod specifies some number of "isolcpus" resources, the device -manager will allocate them. In this code we check whether such -resources have been allocated, and if so we set the container cpuset to -the isolated CPUs. This does mean that it really only makes sense to -specify "isolcpus" resources for best-effort or burstable pods, not for -guaranteed ones since that would throw off the accounting code. In -order to ensure the accounting still works as designed, if "isolcpus" -are specified for guaranteed pods, the affinity will be set to the -non-isolated CPUs. - -This patch was refactored in 1.21.3 due to upstream API change -node: podresources: make GetDevices() consistent -(commit ad68f9588c72d6477b5a290c548a9031063ac659). - -The routine podIsolCPUs() was refactored in 1.21.3 since the API -p.deviceManager.GetDevices() is returning multiple devices with -a device per cpu. The resultant cpuset needs to be the aggregate. - -The routine NewStaticPolicy was refactored in 1.22.5, adding a new argument -in its signature: cpuPolicyOptions map[string]string. This change is implies -shifting the new arguments(deviceManager, excludeReserved) with one position -to the right. - -Co-authored-by: Jim Gauld -Co-authored-by: Chris Friesen -Signed-off-by: Gleb Aronsky -Signed-off-by: Ramesh Kumar Sivanandam -Signed-off-by: Sachin Gopala Krishna ---- - pkg/kubelet/cm/container_manager_linux.go | 1 + - pkg/kubelet/cm/cpumanager/cpu_manager.go | 35 ++++++- - pkg/kubelet/cm/cpumanager/cpu_manager_test.go | 23 ++++- - pkg/kubelet/cm/cpumanager/policy_static.go | 83 ++++++++++++++-- - .../cm/cpumanager/policy_static_test.go | 53 ++++++++-- - pkg/kubelet/cm/devicemanager/manager_stub.go | 99 +++++++++++++++++++ - 6 files changed, 273 insertions(+), 21 deletions(-) - create mode 100644 pkg/kubelet/cm/devicemanager/manager_stub.go - -diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go -index 332e99e72ee..5ac571d9abd 100644 ---- a/pkg/kubelet/cm/container_manager_linux.go -+++ b/pkg/kubelet/cm/container_manager_linux.go -@@ -331,6 +331,7 @@ func NewContainerManager(mountUtil mount.Interface, cadvisorInterface cadvisor.I - cm.GetNodeAllocatableReservation(), - nodeConfig.KubeletRootDir, - cm.topologyManager, -+ cm.deviceManager, - ) - if err != nil { - klog.ErrorS(err, "Failed to initialize cpu manager") -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager.go b/pkg/kubelet/cm/cpumanager/cpu_manager.go -index e2c89efeb2e..95a4246e840 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager.go -@@ -19,7 +19,9 @@ package cpumanager - import ( - "context" - "fmt" -+ "io/ioutil" - "math" -+ "strings" - "sync" - "time" - -@@ -33,6 +35,7 @@ import ( - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" - "k8s.io/kubernetes/pkg/kubelet/cm/cpuset" -+ "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - "k8s.io/kubernetes/pkg/kubelet/config" - kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" -@@ -51,6 +54,25 @@ type policyName string - // cpuManagerStateFileName is the file name where cpu manager stores its state - const cpuManagerStateFileName = "cpu_manager_state" - -+// get the system-level isolated CPUs -+func getIsolcpus() cpuset.CPUSet { -+ dat, err := ioutil.ReadFile("/sys/devices/system/cpu/isolated") -+ if err != nil { -+ klog.Errorf("[cpumanager] unable to read sysfs isolcpus subdir") -+ return cpuset.NewCPUSet() -+ } -+ -+ // The isolated cpus string ends in a newline -+ cpustring := strings.TrimSuffix(string(dat), "\n") -+ cset, err := cpuset.Parse(cpustring) -+ if err != nil { -+ klog.Errorf("[cpumanager] unable to parse sysfs isolcpus string to cpuset") -+ return cpuset.NewCPUSet() -+ } -+ -+ return cset -+} -+ - // Manager interface provides methods for Kubelet to manage pod cpus. - type Manager interface { - // Start is called during Kubelet initialization. -@@ -154,7 +176,8 @@ func (s *sourcesReadyStub) AddSource(source string) {} - func (s *sourcesReadyStub) AllReady() bool { return true } - - // NewManager creates new cpu manager based on provided policy --func NewManager(cpuPolicyName string, cpuPolicyOptions map[string]string, reconcilePeriod time.Duration, machineInfo *cadvisorapi.MachineInfo, specificCPUs cpuset.CPUSet, nodeAllocatableReservation v1.ResourceList, stateFileDirectory string, affinity topologymanager.Store) (Manager, error) { -+func NewManager(cpuPolicyName string, cpuPolicyOptions map[string]string, reconcilePeriod time.Duration, machineInfo *cadvisorapi.MachineInfo, specificCPUs cpuset.CPUSet, nodeAllocatableReservation v1.ResourceList, stateFileDirectory string, affinity topologymanager.Store, deviceManager devicemanager.Manager) (Manager, error) { -+ - var topo *topology.CPUTopology - var policy Policy - var err error -@@ -195,7 +218,15 @@ func NewManager(cpuPolicyName string, cpuPolicyOptions map[string]string, reconc - // NOTE: Set excludeReserved unconditionally to exclude reserved CPUs from default cpuset. - // This variable is primarily to make testing easier. - excludeReserved := true -- policy, err = NewStaticPolicy(topo, numReservedCPUs, specificCPUs, affinity, cpuPolicyOptions, excludeReserved) -+ -+ // isolCPUs is the set of kernel-isolated CPUs. They should be a subset of specificCPUs or -+ // of the CPUs that NewStaticPolicy() will pick if numReservedCPUs is set. It's only in the -+ // argument list here for ease of testing, it's really internal to the policy. -+ isolCPUs := getIsolcpus() -+ policy, err = NewStaticPolicy(topo, numReservedCPUs, specificCPUs, isolCPUs, affinity, cpuPolicyOptions, deviceManager, excludeReserved) -+ if err != nil { -+ return nil, fmt.Errorf("new static policy error: %v", err) -+ } - - if err != nil { - return nil, fmt.Errorf("new static policy error: %w", err) -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -index e7c74453472..78b4ada1a73 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -@@ -37,6 +37,7 @@ import ( - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" - "k8s.io/kubernetes/pkg/kubelet/cm/cpuset" -+ "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - ) - -@@ -215,6 +216,7 @@ func makeMultiContainerPod(initCPUs, appCPUs []struct{ request, limit string }) - } - - func TestCPUManagerAdd(t *testing.T) { -+ testDM, _ := devicemanager.NewManagerStub() - testExcl := false - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ -@@ -230,8 +232,10 @@ func TestCPUManagerAdd(t *testing.T) { - }, - 0, - cpuset.NewCPUSet(), -+ cpuset.NewCPUSet(), - topologymanager.NewFakeManager(), - nil, -+ testDM, - testExcl) - testCases := []struct { - description string -@@ -482,8 +486,9 @@ func TestCPUManagerAddWithInitContainers(t *testing.T) { - } - - testExcl := false -+ testDM, _ := devicemanager.NewManagerStub() - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testExcl) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testDM, testExcl) - - mockState := &mockState{ - assignments: testCase.stAssignments, -@@ -638,7 +643,9 @@ func TestCPUManagerGenerate(t *testing.T) { - } - defer os.RemoveAll(sDir) - -- mgr, err := NewManager(testCase.cpuPolicyName, nil, 5*time.Second, machineInfo, cpuset.NewCPUSet(), testCase.nodeAllocatableReservation, sDir, topologymanager.NewFakeManager()) -+ testDM, err := devicemanager.NewManagerStub() -+ mgr, err := NewManager(testCase.cpuPolicyName, nil, 5*time.Second, machineInfo, cpuset.NewCPUSet(), testCase.nodeAllocatableReservation, sDir, topologymanager.NewFakeManager(), testDM) -+ - if testCase.expectedError != nil { - if !strings.Contains(err.Error(), testCase.expectedError.Error()) { - t.Errorf("Unexpected error message. Have: %s wants %s", err.Error(), testCase.expectedError.Error()) -@@ -709,6 +716,7 @@ func TestCPUManagerRemove(t *testing.T) { - - func TestReconcileState(t *testing.T) { - testExcl := false -+ testDM, _ := devicemanager.NewManagerStub() - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 8, -@@ -727,8 +735,10 @@ func TestReconcileState(t *testing.T) { - }, - 0, - cpuset.NewCPUSet(), -+ cpuset.NewCPUSet(), - topologymanager.NewFakeManager(), - nil, -+ testDM, - testExcl) - - testCases := []struct { -@@ -1234,6 +1244,7 @@ func TestReconcileState(t *testing.T) { - // the following tests are with --reserved-cpus configured - func TestCPUManagerAddWithResvList(t *testing.T) { - testExcl := false -+ testDM, _ := devicemanager.NewManagerStub() - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 4, -@@ -1248,8 +1259,10 @@ func TestCPUManagerAddWithResvList(t *testing.T) { - }, - 1, - cpuset.NewCPUSet(0), -+ cpuset.NewCPUSet(), - topologymanager.NewFakeManager(), - nil, -+ testDM, - testExcl) - testCases := []struct { - description string -@@ -1362,7 +1375,8 @@ func TestCPUManagerHandlePolicyOptions(t *testing.T) { - } - defer os.RemoveAll(sDir) - -- _, err = NewManager(testCase.cpuPolicyName, testCase.cpuPolicyOptions, 5*time.Second, machineInfo, cpuset.NewCPUSet(), nodeAllocatableReservation, sDir, topologymanager.NewFakeManager()) -+ testDM, err := devicemanager.NewManagerStub() -+ _, err = NewManager(testCase.cpuPolicyName, testCase.cpuPolicyOptions, 5*time.Second, machineInfo, cpuset.NewCPUSet(), nodeAllocatableReservation, sDir, topologymanager.NewFakeManager(), testDM) - if err == nil { - t.Errorf("Expected error, but NewManager succeeded") - } -@@ -1376,6 +1390,7 @@ func TestCPUManagerHandlePolicyOptions(t *testing.T) { - - func TestCPUManagerGetAllocatableCPUs(t *testing.T) { - testExcl := false -+ testDm, _ := devicemanager.NewManagerStub() - nonePolicy, _ := NewNonePolicy(nil) - staticPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ -@@ -1391,8 +1406,10 @@ func TestCPUManagerGetAllocatableCPUs(t *testing.T) { - }, - 1, - cpuset.NewCPUSet(0), -+ cpuset.NewCPUSet(), - topologymanager.NewFakeManager(), - nil, -+ testDm, - testExcl) - - testCases := []struct { -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index 180d018565c..8d18ce65309 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -18,6 +18,7 @@ package cpumanager - - import ( - "fmt" -+ "strconv" - - v1 "k8s.io/api/core/v1" - "k8s.io/klog/v2" -@@ -26,6 +27,7 @@ import ( - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" - "k8s.io/kubernetes/pkg/kubelet/cm/cpuset" -+ "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager/bitmask" - "k8s.io/kubernetes/pkg/kubelet/metrics" -@@ -104,6 +106,10 @@ type staticPolicy struct { - topology *topology.CPUTopology - // set of CPUs that is not available for exclusive assignment - reserved cpuset.CPUSet -+ // subset of reserved CPUs with isolcpus attribute -+ isolcpus cpuset.CPUSet -+ // parent containerManager, used to get device list -+ deviceManager devicemanager.Manager - // If true, default CPUSet should exclude reserved CPUs - excludeReserved bool - // topology manager reference to get container Topology affinity -@@ -120,7 +126,8 @@ var _ Policy = &staticPolicy{} - // NewStaticPolicy returns a CPU manager policy that does not change CPU - // assignments for exclusively pinned guaranteed containers after the main - // container process starts. --func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reservedCPUs cpuset.CPUSet, affinity topologymanager.Store, cpuPolicyOptions map[string]string, excludeReserved bool) (Policy, error) { -+func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reservedCPUs cpuset.CPUSet, isolCPUs cpuset.CPUSet, affinity topologymanager.Store, cpuPolicyOptions map[string]string, deviceManager devicemanager.Manager, excludeReserved bool) (Policy, error) { -+ - opts, err := NewStaticPolicyOptions(cpuPolicyOptions) - if err != nil { - return nil, err -@@ -135,6 +142,8 @@ func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reserv - policy := &staticPolicy{ - topology: topology, - affinity: affinity, -+ isolcpus: isolCPUs, -+ deviceManager: deviceManager, - excludeReserved: excludeReserved, - cpusToReuse: make(map[string]cpuset.CPUSet), - options: opts, -@@ -161,6 +170,12 @@ func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reserv - klog.InfoS("Reserved CPUs not available for exclusive assignment", "reservedSize", reserved.Size(), "reserved", reserved) - policy.reserved = reserved - -+ if !isolCPUs.IsSubsetOf(reserved) { -+ klog.Errorf("[cpumanager] isolCPUs %v is not a subset of reserved %v", isolCPUs, reserved) -+ reserved = reserved.Union(isolCPUs) -+ klog.Warningf("[cpumanager] mismatch isolCPUs %v, force reserved %v", isolCPUs, reserved) -+ } -+ - return policy, nil - } - -@@ -194,8 +209,9 @@ func (p *staticPolicy) validateState(s state.State) error { - } else { - s.SetDefaultCPUSet(allCPUs) - } -- klog.Infof("[cpumanager] static policy: CPUSet: allCPUs:%v, reserved:%v, default:%v\n", -- allCPUs, p.reserved, s.GetDefaultCPUSet()) -+ klog.Infof("[cpumanager] static policy: CPUSet: allCPUs:%v, reserved:%v, isolcpus:%v, default:%v\n", -+ allCPUs, p.reserved, p.isolcpus, s.GetDefaultCPUSet()) -+ - return nil - } - -@@ -290,16 +306,39 @@ func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Contai - return nil - } - -- cpuset := p.reserved -+ cpuset := p.reserved.Clone().Difference(p.isolcpus) - if cpuset.IsEmpty() { - // If this happens then someone messed up. -- return fmt.Errorf("[cpumanager] static policy: reserved container unable to allocate cpus (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v, reserved:%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset, p.reserved) -+ return fmt.Errorf("[cpumanager] static policy: reserved container unable to allocate cpus (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v, reserved:%v, isolcpus:%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset, p.reserved, p.isolcpus) -+ - } - s.SetCPUSet(string(pod.UID), container.Name, cpuset) - klog.Infof("[cpumanager] static policy: reserved: AddContainer (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset) - return nil - } - -+ if isolcpus := p.podIsolCPUs(pod, container); isolcpus.Size() > 0 { -+ // container has requested isolated CPUs -+ if set, ok := s.GetCPUSet(string(pod.UID), container.Name); ok { -+ if set.Equals(isolcpus) { -+ klog.Infof("[cpumanager] isolcpus container already present in state, skipping (namespace: %s, pod UID: %s, pod: %s, container: %s)", -+ pod.Namespace, string(pod.UID), pod.Name, container.Name) -+ return nil -+ } else { -+ klog.Infof("[cpumanager] isolcpus container state has cpus %v, should be %v (namespace: %s, pod UID: %s, pod: %s, container: %s)", -+ isolcpus, set, pod.Namespace, string(pod.UID), pod.Name, container.Name) -+ } -+ } -+ // Note that we do not do anything about init containers here. -+ // It looks like devices are allocated per-pod based on effective requests/limits -+ // and extra devices from initContainers are not freed up when the regular containers start. -+ // TODO: confirm this is still true for 1.20 -+ s.SetCPUSet(string(pod.UID), container.Name, isolcpus) -+ klog.Infof("[cpumanager] isolcpus: AddContainer (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v", -+ pod.Namespace, string(pod.UID), pod.Name, container.Name, isolcpus) -+ return nil -+ } -+ - numCPUs := p.guaranteedCPUs(pod, container) - if numCPUs == 0 { - // container belongs in the shared pool (nothing to do; use default cpuset) -@@ -348,7 +387,9 @@ func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Contai - } - s.SetCPUSet(string(pod.UID), container.Name, cpuset) - p.updateCPUsToReuse(pod, container, cpuset) -- -+ klog.Infof("[cpumanager] guaranteed: AddContainer "+ -+ "(namespace: %s, pod UID: %s, pod: %s, container: %s); numCPUS=%d, cpuset=%v", -+ pod.Namespace, string(pod.UID), pod.Name, container.Name, numCPUs, cpuset) - return nil - } - -@@ -657,6 +698,36 @@ func isKubeInfra(pod *v1.Pod) bool { - return false - } - -+// get the isolated CPUs (if any) from the devices associated with a specific container -+func (p *staticPolicy) podIsolCPUs(pod *v1.Pod, container *v1.Container) cpuset.CPUSet { -+ // NOTE: This is required for TestStaticPolicyAdd() since makePod() does -+ // not create UID. We also need a way to properly stub devicemanager. -+ if len(string(pod.UID)) == 0 { -+ return cpuset.NewCPUSet() -+ } -+ resContDevices := p.deviceManager.GetDevices(string(pod.UID), container.Name) -+ cpuSet := cpuset.NewCPUSet() -+ for resourceName, resourceDevs := range resContDevices { -+ // this resource name needs to match the isolcpus device plugin -+ if resourceName == "windriver.com/isolcpus" { -+ for devID, _ := range resourceDevs { -+ cpuStrList := []string{devID} -+ if len(cpuStrList) > 0 { -+ // loop over the list of strings, convert each one to int, add to cpuset -+ for _, cpuStr := range cpuStrList { -+ cpu, err := strconv.Atoi(cpuStr) -+ if err != nil { -+ panic(err) -+ } -+ cpuSet = cpuSet.Union(cpuset.NewCPUSet(cpu)) -+ } -+ } -+ } -+ } -+ } -+ return cpuSet -+} -+ - // isHintSocketAligned function return true if numa nodes in hint are socket aligned. - func (p *staticPolicy) isHintSocketAligned(hint topologymanager.TopologyHint, minAffinitySize int) bool { - numaNodesBitMask := hint.NUMANodeAffinity.GetBits() -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index 414e5ce144c..1c43df3b85f 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -28,6 +28,7 @@ import ( - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" - "k8s.io/kubernetes/pkg/kubelet/cm/cpuset" -+ "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager/bitmask" - ) -@@ -69,8 +70,9 @@ func (spt staticPolicyTest) PseudoClone() staticPolicyTest { - } - - func TestStaticPolicyName(t *testing.T) { -+ testDM, _ := devicemanager.NewManagerStub() - testExcl := false -- policy, _ := NewStaticPolicy(topoSingleSocketHT, 1, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testExcl) -+ policy, _ := NewStaticPolicy(topoSingleSocketHT, 1, cpuset.NewCPUSet(), cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testDM, testExcl) - - policyName := policy.Name() - if policyName != "static" { -@@ -80,6 +82,7 @@ func TestStaticPolicyName(t *testing.T) { - } - - func TestStaticPolicyStart(t *testing.T) { -+ testDM, _ := devicemanager.NewManagerStub() - testCases := []staticPolicyTest{ - { - description: "non-corrupted state", -@@ -155,7 +158,7 @@ func TestStaticPolicyStart(t *testing.T) { - } - for _, testCase := range testCases { - t.Run(testCase.description, func(t *testing.T) { -- p, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testCase.excludeReserved) -+ p, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testDM, testCase.excludeReserved) - - policy := p.(*staticPolicy) - st := &mockState{ -@@ -203,7 +206,6 @@ func TestStaticPolicyAdd(t *testing.T) { - largeTopoCPUSet := largeTopoBuilder.Result() - largeTopoSock0CPUSet := largeTopoSock0Builder.Result() - largeTopoSock1CPUSet := largeTopoSock1Builder.Result() -- - // these are the cases which must behave the same regardless the policy options. - // So we will permutate the options to ensure this holds true. - -@@ -577,8 +579,10 @@ func runStaticPolicyTestCase(t *testing.T, testCase staticPolicyTest) { - if testCase.topologyHint != nil { - tm = topologymanager.NewFakeManagerWithHint(testCase.topologyHint) - } -+ testDM, _ := devicemanager.NewManagerStub() - testExcl := false -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), tm, testCase.options, testExcl) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), cpuset.NewCPUSet(), tm, testCase.options, testDM, testExcl) -+ - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -625,6 +629,8 @@ func runStaticPolicyTestCaseWithFeatureGate(t *testing.T, testCase staticPolicyT - } - - func TestStaticPolicyReuseCPUs(t *testing.T) { -+ excludeReserved := false -+ testDM, _ := devicemanager.NewManagerStub() - testCases := []struct { - staticPolicyTest - expCSetAfterAlloc cpuset.CPUSet -@@ -649,7 +655,7 @@ func TestStaticPolicyReuseCPUs(t *testing.T) { - } - - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testCase.excludeReserved) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testDM, excludeReserved) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -682,6 +688,7 @@ func TestStaticPolicyReuseCPUs(t *testing.T) { - - func TestStaticPolicyRemove(t *testing.T) { - excludeReserved := false -+ testDM, _ := devicemanager.NewManagerStub() - testCases := []staticPolicyTest{ - { - description: "SingleSocketHT, DeAllocOneContainer", -@@ -740,7 +747,7 @@ func TestStaticPolicyRemove(t *testing.T) { - } - - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, excludeReserved) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testDM, excludeReserved) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -763,6 +770,7 @@ func TestStaticPolicyRemove(t *testing.T) { - - func TestTopologyAwareAllocateCPUs(t *testing.T) { - excludeReserved := false -+ testDM, _ := devicemanager.NewManagerStub() - testCases := []struct { - description string - topo *topology.CPUTopology -@@ -831,7 +839,8 @@ func TestTopologyAwareAllocateCPUs(t *testing.T) { - }, - } - for _, tc := range testCases { -- p, _ := NewStaticPolicy(tc.topo, 0, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, excludeReserved) -+ p, _ := NewStaticPolicy(tc.topo, 0, cpuset.NewCPUSet(), cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testDM, excludeReserved) -+ - policy := p.(*staticPolicy) - st := &mockState{ - assignments: tc.stAssignments, -@@ -864,6 +873,7 @@ type staticPolicyTestWithResvList struct { - topo *topology.CPUTopology - numReservedCPUs int - reserved cpuset.CPUSet -+ isolcpus cpuset.CPUSet - stAssignments state.ContainerCPUAssignments - stDefaultCPUSet cpuset.CPUSet - pod *v1.Pod -@@ -874,6 +884,8 @@ type staticPolicyTestWithResvList struct { - } - - func TestStaticPolicyStartWithResvList(t *testing.T) { -+ testDM, _ := devicemanager.NewManagerStub() -+ testExcl := false - testCases := []staticPolicyTestWithResvList{ - { - description: "empty cpuset", -@@ -903,11 +915,10 @@ func TestStaticPolicyStartWithResvList(t *testing.T) { - expNewErr: fmt.Errorf("[cpumanager] unable to reserve the required amount of CPUs (size of 0-1 did not equal 1)"), - }, - } -- testExcl := false - for _, testCase := range testCases { - t.Run(testCase.description, func(t *testing.T) { -- p, err := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil, testExcl) - -+ p, err := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testDM, testExcl) - if !reflect.DeepEqual(err, testCase.expNewErr) { - t.Errorf("StaticPolicy Start() error (%v). expected error: %v but got: %v", - testCase.description, testCase.expNewErr, err) -@@ -947,6 +958,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - topo: topoSingleSocketHT, - numReservedCPUs: 1, - reserved: cpuset.NewCPUSet(0), -+ isolcpus: cpuset.NewCPUSet(), - stAssignments: state.ContainerCPUAssignments{}, - stDefaultCPUSet: cpuset.NewCPUSet(1, 2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "8000m", "8000m"), -@@ -959,6 +971,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - topo: topoSingleSocketHT, - numReservedCPUs: 2, - reserved: cpuset.NewCPUSet(0, 1), -+ isolcpus: cpuset.NewCPUSet(), - stAssignments: state.ContainerCPUAssignments{}, - stDefaultCPUSet: cpuset.NewCPUSet(2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "1000m", "1000m"), -@@ -971,6 +984,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - topo: topoSingleSocketHT, - numReservedCPUs: 2, - reserved: cpuset.NewCPUSet(0, 1), -+ isolcpus: cpuset.NewCPUSet(), - stAssignments: state.ContainerCPUAssignments{ - "fakePod": map[string]cpuset.CPUSet{ - "fakeContainer100": cpuset.NewCPUSet(2, 3, 6, 7), -@@ -987,6 +1001,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - topo: topoSingleSocketHT, - numReservedCPUs: 2, - reserved: cpuset.NewCPUSet(0, 1), -+ isolcpus: cpuset.NewCPUSet(), - stAssignments: state.ContainerCPUAssignments{ - "fakePod": map[string]cpuset.CPUSet{ - "fakeContainer100": cpuset.NewCPUSet(2, 3, 6, 7), -@@ -998,11 +1013,29 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - expCPUAlloc: true, - expCSet: cpuset.NewCPUSet(0, 1), - }, -+ { -+ description: "InfraPod, SingleSocketHT, Isolcpus, ExpectAllocReserved", -+ topo: topoSingleSocketHT, -+ numReservedCPUs: 2, -+ reserved: cpuset.NewCPUSet(0, 1), -+ isolcpus: cpuset.NewCPUSet(1), -+ stAssignments: state.ContainerCPUAssignments{ -+ "fakePod": map[string]cpuset.CPUSet{ -+ "fakeContainer100": cpuset.NewCPUSet(2, 3, 6, 7), -+ }, -+ }, -+ stDefaultCPUSet: cpuset.NewCPUSet(4, 5), -+ pod: infraPod, -+ expErr: nil, -+ expCPUAlloc: true, -+ expCSet: cpuset.NewCPUSet(0), -+ }, - } - - testExcl := true -+ testDM, _ := devicemanager.NewManagerStub() - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil, testExcl) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, testCase.isolcpus, topologymanager.NewFakeManager(), nil, testDM, testExcl) - - st := &mockState{ - assignments: testCase.stAssignments, -diff --git a/pkg/kubelet/cm/devicemanager/manager_stub.go b/pkg/kubelet/cm/devicemanager/manager_stub.go -new file mode 100644 -index 00000000000..e6874f88d8a ---- /dev/null -+++ b/pkg/kubelet/cm/devicemanager/manager_stub.go -@@ -0,0 +1,99 @@ -+/* -+Copyright 2017 The Kubernetes Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/ -+ -+package devicemanager -+ -+import ( -+ v1 "k8s.io/api/core/v1" -+ "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" -+ "k8s.io/kubernetes/pkg/kubelet/config" -+ "k8s.io/kubernetes/pkg/kubelet/lifecycle" -+ "k8s.io/kubernetes/pkg/kubelet/pluginmanager/cache" -+ schedulerframework "k8s.io/kubernetes/pkg/scheduler/framework" -+) -+ -+// ManagerStub provides a simple stub implementation for the Device Manager. -+type ManagerStub struct{} -+ -+// NewManagerStub creates a ManagerStub. -+func NewManagerStub() (*ManagerStub, error) { -+ return &ManagerStub{}, nil -+} -+ -+// Start simply returns nil. -+func (h *ManagerStub) Start(activePods ActivePodsFunc, sourcesReady config.SourcesReady) error { -+ return nil -+} -+ -+// Stop simply returns nil. -+func (h *ManagerStub) Stop() error { -+ return nil -+} -+ -+// Allocate simply returns nil. -+func (h *ManagerStub) Allocate(pod *v1.Pod, container *v1.Container) error { -+ return nil -+} -+ -+// UpdatePluginResources simply returns nil. -+func (h *ManagerStub) UpdatePluginResources(node *schedulerframework.NodeInfo, attrs *lifecycle.PodAdmitAttributes) error { -+ return nil -+} -+ -+// GetDeviceRunContainerOptions simply returns nil. -+func (h *ManagerStub) GetDeviceRunContainerOptions(pod *v1.Pod, container *v1.Container) (*DeviceRunContainerOptions, error) { -+ return nil, nil -+} -+ -+// GetCapacity simply returns nil capacity and empty removed resource list. -+func (h *ManagerStub) GetCapacity() (v1.ResourceList, v1.ResourceList, []string) { -+ return nil, nil, []string{} -+} -+ -+// GetWatcherHandler returns plugin watcher interface -+func (h *ManagerStub) GetWatcherHandler() cache.PluginHandler { -+ return nil -+} -+ -+// GetTopologyHints returns an empty TopologyHint map -+func (h *ManagerStub) GetTopologyHints(pod *v1.Pod, container *v1.Container) map[string][]topologymanager.TopologyHint { -+ return map[string][]topologymanager.TopologyHint{} -+} -+ -+// GetPodTopologyHints returns an empty TopologyHint map -+func (h *ManagerStub) GetPodTopologyHints(pod *v1.Pod) map[string][]topologymanager.TopologyHint { -+ return map[string][]topologymanager.TopologyHint{} -+} -+ -+// GetDevices returns nil -+func (h *ManagerStub) GetDevices(_, _ string) ResourceDeviceInstances { -+ return nil -+} -+ -+// GetAllocatableDevices returns nothing -+func (h *ManagerStub) GetAllocatableDevices() ResourceDeviceInstances { -+ return nil -+} -+ -+// ShouldResetExtendedResourceCapacity returns false -+func (h *ManagerStub) ShouldResetExtendedResourceCapacity() bool { -+ return false -+} -+ -+// UpdateAllocatedDevices returns nothing -+func (h *ManagerStub) UpdateAllocatedDevices() { -+ return -+} --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch b/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch deleted file mode 100644 index 383e0a232..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch +++ /dev/null @@ -1,356 +0,0 @@ -From 7b4e8029de25b57c25b510178a41ceddf556d428 Mon Sep 17 00:00:00 2001 -From: Ramesh Kumar Sivanandam -Date: Mon, 7 Nov 2022 08:43:43 -0500 -Subject: [PATCH 06/10] kubelet cpumanager keep normal containers off reserved CPUs - -When starting the kubelet process, two separate sets of reserved CPUs -may be specified. With this change CPUs reserved via -'--system-reserved=cpu' -or '--kube-reserved=cpu' will be ignored by kubernetes itself. A small -tweak to the default CPU affinity ensures that "normal" Kubernetes -pods won't run on the reserved CPUs. - -Co-authored-by: Jim Gauld -Signed-off-by: Sachin Gopala Krishna -Signed-off-by: Ramesh Kumar Sivanandam ---- - pkg/kubelet/cm/cpumanager/cpu_manager.go | 6 ++- - pkg/kubelet/cm/cpumanager/cpu_manager_test.go | 19 +++++++--- - pkg/kubelet/cm/cpumanager/policy_static.go | 30 ++++++++++++--- - .../cm/cpumanager/policy_static_test.go | 38 ++++++++++++++----- - 4 files changed, 71 insertions(+), 22 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager.go b/pkg/kubelet/cm/cpumanager/cpu_manager.go -index 9e2dce60501..e2c89efeb2e 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager.go -@@ -192,7 +192,11 @@ func NewManager(cpuPolicyName string, cpuPolicyOptions map[string]string, reconc - // exclusively allocated. - reservedCPUsFloat := float64(reservedCPUs.MilliValue()) / 1000 - numReservedCPUs := int(math.Ceil(reservedCPUsFloat)) -- policy, err = NewStaticPolicy(topo, numReservedCPUs, specificCPUs, affinity, cpuPolicyOptions) -+ // NOTE: Set excludeReserved unconditionally to exclude reserved CPUs from default cpuset. -+ // This variable is primarily to make testing easier. -+ excludeReserved := true -+ policy, err = NewStaticPolicy(topo, numReservedCPUs, specificCPUs, affinity, cpuPolicyOptions, excludeReserved) -+ - if err != nil { - return nil, fmt.Errorf("new static policy error: %w", err) - } -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -index 29941611a53..e7c74453472 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -@@ -215,6 +215,7 @@ func makeMultiContainerPod(initCPUs, appCPUs []struct{ request, limit string }) - } - - func TestCPUManagerAdd(t *testing.T) { -+ testExcl := false - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 4, -@@ -230,7 +231,8 @@ func TestCPUManagerAdd(t *testing.T) { - 0, - cpuset.NewCPUSet(), - topologymanager.NewFakeManager(), -- nil) -+ nil, -+ testExcl) - testCases := []struct { - description string - updateErr error -@@ -479,8 +481,9 @@ func TestCPUManagerAddWithInitContainers(t *testing.T) { - }, - } - -+ testExcl := false - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testExcl) - - mockState := &mockState{ - assignments: testCase.stAssignments, -@@ -705,6 +708,7 @@ func TestCPUManagerRemove(t *testing.T) { - } - - func TestReconcileState(t *testing.T) { -+ testExcl := false - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 8, -@@ -724,7 +728,8 @@ func TestReconcileState(t *testing.T) { - 0, - cpuset.NewCPUSet(), - topologymanager.NewFakeManager(), -- nil) -+ nil, -+ testExcl) - - testCases := []struct { - description string -@@ -1228,6 +1233,7 @@ func TestReconcileState(t *testing.T) { - // above test cases are without kubelet --reserved-cpus cmd option - // the following tests are with --reserved-cpus configured - func TestCPUManagerAddWithResvList(t *testing.T) { -+ testExcl := false - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 4, -@@ -1243,7 +1249,8 @@ func TestCPUManagerAddWithResvList(t *testing.T) { - 1, - cpuset.NewCPUSet(0), - topologymanager.NewFakeManager(), -- nil) -+ nil, -+ testExcl) - testCases := []struct { - description string - updateErr error -@@ -1368,6 +1375,7 @@ func TestCPUManagerHandlePolicyOptions(t *testing.T) { - } - - func TestCPUManagerGetAllocatableCPUs(t *testing.T) { -+ testExcl := false - nonePolicy, _ := NewNonePolicy(nil) - staticPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ -@@ -1384,7 +1392,8 @@ func TestCPUManagerGetAllocatableCPUs(t *testing.T) { - 1, - cpuset.NewCPUSet(0), - topologymanager.NewFakeManager(), -- nil) -+ nil, -+ testExcl) - - testCases := []struct { - description string -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index 4d7f7c0b0de..4c4164a9099 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -99,6 +99,8 @@ type staticPolicy struct { - topology *topology.CPUTopology - // set of CPUs that is not available for exclusive assignment - reserved cpuset.CPUSet -+ // If true, default CPUSet should exclude reserved CPUs -+ excludeReserved bool - // topology manager reference to get container Topology affinity - affinity topologymanager.Store - // set of CPUs to reuse across allocations in a pod -@@ -113,7 +115,7 @@ var _ Policy = &staticPolicy{} - // NewStaticPolicy returns a CPU manager policy that does not change CPU - // assignments for exclusively pinned guaranteed containers after the main - // container process starts. --func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reservedCPUs cpuset.CPUSet, affinity topologymanager.Store, cpuPolicyOptions map[string]string) (Policy, error) { -+func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reservedCPUs cpuset.CPUSet, affinity topologymanager.Store, cpuPolicyOptions map[string]string, excludeReserved bool) (Policy, error) { - opts, err := NewStaticPolicyOptions(cpuPolicyOptions) - if err != nil { - return nil, err -@@ -128,6 +130,7 @@ func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reserv - policy := &staticPolicy{ - topology: topology, - affinity: affinity, -+ excludeReserved: excludeReserved, - cpusToReuse: make(map[string]cpuset.CPUSet), - options: opts, - } -@@ -179,7 +182,15 @@ func (p *staticPolicy) validateState(s state.State) error { - } - // state is empty initialize - allCPUs := p.topology.CPUDetails.CPUs() -- s.SetDefaultCPUSet(allCPUs) -+ if p.excludeReserved { -+ // Exclude reserved CPUs from the default CPUSet to keep containers off them -+ // unless explicitly affined. -+ s.SetDefaultCPUSet(allCPUs.Difference(p.reserved)) -+ } else { -+ s.SetDefaultCPUSet(allCPUs) -+ } -+ klog.Infof("[cpumanager] static policy: CPUSet: allCPUs:%v, reserved:%v, default:%v\n", -+ allCPUs, p.reserved, s.GetDefaultCPUSet()) - return nil - } - -@@ -187,11 +198,12 @@ func (p *staticPolicy) validateState(s state.State) error { - // 1. Check if the reserved cpuset is not part of default cpuset because: - // - kube/system reserved have changed (increased) - may lead to some containers not being able to start - // - user tampered with file -- if !p.reserved.Intersection(tmpDefaultCPUset).Equals(p.reserved) { -- return fmt.Errorf("not all reserved cpus: \"%s\" are present in defaultCpuSet: \"%s\"", -- p.reserved.String(), tmpDefaultCPUset.String()) -+ if !p.excludeReserved { -+ if !p.reserved.Intersection(tmpDefaultCPUset).Equals(p.reserved) { -+ return fmt.Errorf("not all reserved cpus: \"%s\" are present in defaultCpuSet: \"%s\"", -+ p.reserved.String(), tmpDefaultCPUset.String()) -+ } - } -- - // 2. Check if state for static policy is consistent - for pod := range tmpAssignments { - for container, cset := range tmpAssignments[pod] { -@@ -218,6 +230,9 @@ func (p *staticPolicy) validateState(s state.State) error { - } - } - totalKnownCPUs = totalKnownCPUs.UnionAll(tmpCPUSets) -+ if p.excludeReserved { -+ totalKnownCPUs = totalKnownCPUs.Union(p.reserved) -+ } - if !totalKnownCPUs.Equals(p.topology.CPUDetails.CPUs()) { - return fmt.Errorf("current set of available CPUs \"%s\" doesn't match with CPUs in state \"%s\"", - p.topology.CPUDetails.CPUs().String(), totalKnownCPUs.String()) -@@ -331,6 +346,9 @@ func (p *staticPolicy) RemoveContainer(s state.State, podUID string, containerNa - cpusInUse := getAssignedCPUsOfSiblings(s, podUID, containerName) - if toRelease, ok := s.GetCPUSet(podUID, containerName); ok { - s.Delete(podUID, containerName) -+ if p.excludeReserved { -+ toRelease = toRelease.Difference(p.reserved) -+ } - // Mutate the shared pool, adding released cpus. - toRelease = toRelease.Difference(cpusInUse) - s.SetDefaultCPUSet(s.GetDefaultCPUSet().Union(toRelease)) -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index 4c10af065a4..80a0c5a9e70 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -36,6 +36,7 @@ type staticPolicyTest struct { - description string - topo *topology.CPUTopology - numReservedCPUs int -+ excludeReserved bool - podUID string - options map[string]string - containerName string -@@ -68,7 +69,8 @@ func (spt staticPolicyTest) PseudoClone() staticPolicyTest { - } - - func TestStaticPolicyName(t *testing.T) { -- policy, _ := NewStaticPolicy(topoSingleSocketHT, 1, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil) -+ testExcl := false -+ policy, _ := NewStaticPolicy(topoSingleSocketHT, 1, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testExcl) - - policyName := policy.Name() - if policyName != "static" { -@@ -98,6 +100,15 @@ func TestStaticPolicyStart(t *testing.T) { - stDefaultCPUSet: cpuset.NewCPUSet(), - expCSet: cpuset.NewCPUSet(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11), - }, -+ { -+ description: "empty cpuset exclude reserved", -+ topo: topoDualSocketHT, -+ numReservedCPUs: 2, -+ excludeReserved: true, -+ stAssignments: state.ContainerCPUAssignments{}, -+ stDefaultCPUSet: cpuset.NewCPUSet(), -+ expCSet: cpuset.NewCPUSet(1, 2, 3, 4, 5, 7, 8, 9, 10, 11), -+ }, - { - description: "reserved cores 0 & 6 are not present in available cpuset", - topo: topoDualSocketHT, -@@ -144,7 +155,8 @@ func TestStaticPolicyStart(t *testing.T) { - } - for _, testCase := range testCases { - t.Run(testCase.description, func(t *testing.T) { -- p, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil) -+ p, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testCase.excludeReserved) -+ - policy := p.(*staticPolicy) - st := &mockState{ - assignments: testCase.stAssignments, -@@ -565,7 +577,8 @@ func runStaticPolicyTestCase(t *testing.T, testCase staticPolicyTest) { - if testCase.topologyHint != nil { - tm = topologymanager.NewFakeManagerWithHint(testCase.topologyHint) - } -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), tm, testCase.options) -+ testExcl := false -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), tm, testCase.options, testExcl) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -636,7 +649,7 @@ func TestStaticPolicyReuseCPUs(t *testing.T) { - } - - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, testCase.excludeReserved) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -668,6 +681,7 @@ func TestStaticPolicyReuseCPUs(t *testing.T) { - } - - func TestStaticPolicyRemove(t *testing.T) { -+ excludeReserved := false - testCases := []staticPolicyTest{ - { - description: "SingleSocketHT, DeAllocOneContainer", -@@ -726,7 +740,7 @@ func TestStaticPolicyRemove(t *testing.T) { - } - - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, excludeReserved) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -748,6 +762,7 @@ func TestStaticPolicyRemove(t *testing.T) { - } - - func TestTopologyAwareAllocateCPUs(t *testing.T) { -+ excludeReserved := false - testCases := []struct { - description string - topo *topology.CPUTopology -@@ -816,7 +831,7 @@ func TestTopologyAwareAllocateCPUs(t *testing.T) { - }, - } - for _, tc := range testCases { -- p, _ := NewStaticPolicy(tc.topo, 0, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil) -+ p, _ := NewStaticPolicy(tc.topo, 0, cpuset.NewCPUSet(), topologymanager.NewFakeManager(), nil, excludeReserved) - policy := p.(*staticPolicy) - st := &mockState{ - assignments: tc.stAssignments, -@@ -888,9 +903,11 @@ func TestStaticPolicyStartWithResvList(t *testing.T) { - expNewErr: fmt.Errorf("[cpumanager] unable to reserve the required amount of CPUs (size of 0-1 did not equal 1)"), - }, - } -+ testExcl := false - for _, testCase := range testCases { - t.Run(testCase.description, func(t *testing.T) { -- p, err := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil) -+ p, err := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil, testExcl) -+ - if !reflect.DeepEqual(err, testCase.expNewErr) { - t.Errorf("StaticPolicy Start() error (%v). expected error: %v but got: %v", - testCase.description, testCase.expNewErr, err) -@@ -930,7 +947,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - numReservedCPUs: 1, - reserved: cpuset.NewCPUSet(0), - stAssignments: state.ContainerCPUAssignments{}, -- stDefaultCPUSet: cpuset.NewCPUSet(0, 1, 2, 3, 4, 5, 6, 7), -+ stDefaultCPUSet: cpuset.NewCPUSet(1, 2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "8000m", "8000m"), - expErr: fmt.Errorf("not enough cpus available to satisfy request"), - expCPUAlloc: false, -@@ -942,7 +959,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - numReservedCPUs: 2, - reserved: cpuset.NewCPUSet(0, 1), - stAssignments: state.ContainerCPUAssignments{}, -- stDefaultCPUSet: cpuset.NewCPUSet(0, 1, 2, 3, 4, 5, 6, 7), -+ stDefaultCPUSet: cpuset.NewCPUSet(2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "1000m", "1000m"), - expErr: nil, - expCPUAlloc: true, -@@ -966,8 +983,9 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - }, - } - -+ testExcl := true - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil, testExcl) - - st := &mockState{ - assignments: testCase.stAssignments, --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch b/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch deleted file mode 100644 index 335a41b77..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch +++ /dev/null @@ -1,50 +0,0 @@ -From d4aa04d78e4a2692e93c1fa638dd624720a8504a Mon Sep 17 00:00:00 2001 -From: Jim Gauld -Date: Fri, 11 Feb 2022 11:06:35 -0500 -Subject: [PATCH 04/10] kubelet: sort isolcpus allocation when SMT enabled - -The existing device manager code returns CPUs as devices in unsorted -order. This numerically sorts isolcpus allocations when SMT/HT is -enabled on the host. This logs SMT pairs, singletons, and algorithm -order details to make the algorithm understandable. - -Signed-off-by: Jim Gauld ---- - pkg/kubelet/cm/devicemanager/manager.go | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/pkg/kubelet/cm/devicemanager/manager.go b/pkg/kubelet/cm/devicemanager/manager.go -index 191861d9e4a..4c897f0e032 100644 ---- a/pkg/kubelet/cm/devicemanager/manager.go -+++ b/pkg/kubelet/cm/devicemanager/manager.go -@@ -545,7 +545,16 @@ func order_devices_by_sibling(devices sets.String, needed int) ([]string, error) - return cpu_lst[0] - } - } -+ //Make post-analysis of selection algorithm obvious by numerical sorting -+ //the available isolated cpu_id. -+ cpu_ids := make([]int, 0, int(devices.Len())) - for cpu_id := range devices { -+ cpu_id_, _ := strconv.Atoi(cpu_id) -+ cpu_ids = append(cpu_ids, cpu_id_) -+ } -+ sort.Ints(cpu_ids) -+ for _, _cpu_id := range cpu_ids { -+ cpu_id := strconv.Itoa(_cpu_id) - // If we've already found cpu_id as a sibling, skip it. - if _, ok := _iterated_cpu[cpu_id]; ok { - continue -@@ -587,7 +596,9 @@ func order_devices_by_sibling(devices sets.String, needed int) ([]string, error) - } - } - } -- //klog.Infof("needed=%d ordered_cpu_list=%v", needed, dev_lst) -+ //This algorithm will get some attention. Show minimal details. -+ klog.Infof("order_devices_by_sibling: needed=%d, smtpairs=%v, singletons=%v, order=%v", -+ needed, sibling_lst, single_lst, dev_lst) - return dev_lst, nil - } - func smt_enabled() bool { --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch b/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch deleted file mode 100644 index 8308a82c3..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch +++ /dev/null @@ -1,151 +0,0 @@ -From c054164c9012eb9dbe7a36775c9623fefb914996 Mon Sep 17 00:00:00 2001 -From: Ramesh Kumar Sivanandam -Date: Tue, 25 Oct 2022 11:13:35 -0400 -Subject: [PATCH 03/10] kubernetes: make isolcpus allocation SMT-aware - -Enhance isolcpus support in Kubernetes to allocate isolated SMT -siblings to the same container when SMT/HT is enabled on the host. - -As it stands, the device manager code in Kubernetes is not SMT-aware -(since normally it doesn't deal with CPUs). However, StarlingX -exposes isolated CPUs as devices and if possible we want to allocate -all SMT siblings from a CPU core to the same container in order to -minimize cross- container interference due to resource contention -within the CPU core. - -The solution is basically to take the list of isolated CPUs and -re-order it so that the SMT siblings are next to each other. That -way the existing resource selection code will allocate the siblings -together. As an optimization, if it is known that an odd number -of isolated CPUs are desired, a singleton SMT sibling will be -inserted into the list to avoid breaking up sibling pairs. - -Signed-off-by: Tao Wang -Signed-off-by: Ramesh Kumar Sivanandam ---- - pkg/kubelet/cm/devicemanager/manager.go | 84 ++++++++++++++++++++++++- - 1 file changed, 83 insertions(+), 1 deletion(-) - -diff --git a/pkg/kubelet/cm/devicemanager/manager.go b/pkg/kubelet/cm/devicemanager/manager.go -index 8cb57aa8190..191861d9e4a 100644 ---- a/pkg/kubelet/cm/devicemanager/manager.go -+++ b/pkg/kubelet/cm/devicemanager/manager.go -@@ -19,10 +19,13 @@ package devicemanager - import ( - "context" - "fmt" -+ "io/ioutil" - "os" - "path/filepath" - "runtime" - "sort" -+ "strconv" -+ "strings" - "sync" - "time" - -@@ -36,6 +39,7 @@ import ( - pluginapi "k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1" - "k8s.io/kubernetes/pkg/kubelet/checkpointmanager" - "k8s.io/kubernetes/pkg/kubelet/checkpointmanager/errors" -+ "k8s.io/kubernetes/pkg/kubelet/cm/cpuset" - "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/checkpoint" - plugin "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/plugin/v1beta1" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" -@@ -526,6 +530,75 @@ func (m *ManagerImpl) UpdateAllocatedDevices() { - m.allocatedDevices = m.podDevices.devices() - } - -+//Given a list of isolated CPUs in 'devices', and the number of desired CPUs in 'needed', -+//return an ordered list of isolated CPUs such that the first 'needed' CPUs in the list -+//contain as many hyperthread sibling pairs as possible. -+func order_devices_by_sibling(devices sets.String, needed int) ([]string, error) { -+ var dev_lst []string -+ var single_lst []string -+ sibling_lst := make([]string, 0, int(devices.Len())) -+ _iterated_cpu := make(map[string]string) -+ get_sibling := func(cpu string, cpu_lst []string) string { -+ if cpu_lst[0] == cpu { -+ return cpu_lst[1] -+ } else { -+ return cpu_lst[0] -+ } -+ } -+ for cpu_id := range devices { -+ // If we've already found cpu_id as a sibling, skip it. -+ if _, ok := _iterated_cpu[cpu_id]; ok { -+ continue -+ } -+ devPath := fmt.Sprintf("/sys/devices/system/cpu/cpu%s/topology/thread_siblings_list", cpu_id) -+ dat, err := ioutil.ReadFile(devPath) -+ if err != nil { -+ return dev_lst, fmt.Errorf("Can't read cpu[%s] thread_siblings_list", cpu_id) -+ } -+ cpustring := strings.TrimSuffix(string(dat), "\n") -+ cpu_pair_set, err := cpuset.Parse(cpustring) -+ if err != nil { -+ return dev_lst, fmt.Errorf("Unable to parse thread_siblings_list[%s] string to cpuset", cpustring) -+ } -+ var cpu_pair_lst []string -+ for _, v := range cpu_pair_set.ToSlice() { -+ cpu_pair_lst = append(cpu_pair_lst, strconv.Itoa(v)) -+ } -+ sibling_cpu_id := get_sibling(cpu_id, cpu_pair_lst) -+ if _, ok := devices[sibling_cpu_id]; ok { -+ sibling_lst = append(sibling_lst, cpu_id, sibling_cpu_id) -+ _iterated_cpu[sibling_cpu_id] = "" -+ } else { -+ single_lst = append(single_lst, cpu_id) -+ } -+ _iterated_cpu[cpu_id] = "" -+ } -+ if needed%2 == 0 { -+ dev_lst = append(sibling_lst, single_lst...) -+ } else { -+ if len(single_lst) > 1 { -+ _tmp_list := append(sibling_lst, single_lst[1:]...) -+ dev_lst = append(single_lst[0:1], _tmp_list...) -+ } else { -+ if len(single_lst) == 0 { -+ dev_lst = sibling_lst -+ } else { -+ dev_lst = append(single_lst, sibling_lst...) -+ } -+ } -+ } -+ //klog.Infof("needed=%d ordered_cpu_list=%v", needed, dev_lst) -+ return dev_lst, nil -+} -+func smt_enabled() bool { -+ dat, _ := ioutil.ReadFile("/sys/devices/system/cpu/smt/active") -+ state := strings.TrimSuffix(string(dat), "\n") -+ if state == "0" { -+ return false -+ } -+ return true -+} -+ - // Returns list of device Ids we need to allocate with Allocate rpc call. - // Returns empty list in case we don't need to issue the Allocate rpc call. - func (m *ManagerImpl) devicesToAllocate(podUID, contName, resource string, required int, reusableDevices sets.String) (sets.String, error) { -@@ -561,7 +634,16 @@ func (m *ManagerImpl) devicesToAllocate(podUID, contName, resource string, requi - // Create a closure to help with device allocation - // Returns 'true' once no more devices need to be allocated. - allocateRemainingFrom := func(devices sets.String) bool { -- for device := range devices.Difference(allocated) { -+ availableDevices := devices.Difference(allocated).List() -+ // If we're dealing with isolcpus and SMT is enabled, reorder to group SMT siblings together. -+ if resource == "windriver.com/isolcpus" && len(devices) > 0 && smt_enabled() { -+ var err error -+ availableDevices, err = order_devices_by_sibling(devices.Difference(allocated), needed) -+ if err != nil { -+ klog.Errorf("error in order_devices_by_sibling: %v", err) -+ } -+ } -+ for _, device := range availableDevices { - m.allocatedDevices[resource].Insert(device) - allocated.Insert(device) - needed-- --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/series b/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/series deleted file mode 100644 index b4282f426..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/patches/series +++ /dev/null @@ -1,12 +0,0 @@ -kubeadm-create-platform-pods-with-zero-CPU-resources.patch -kubernetes-make-isolcpus-allocation-SMT-aware.patch -kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch -kubelet-cpumanager-disable-CFS-quota-throttling.patch -kubelet-cpumanager-keep-normal-containers-off-reserv.patch -kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch -kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch -Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch -kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch -kubeadm-reduce-UpgradeManifestTimeout.patch -Identify-platform-pods-based-on-pod-or-namespace-labels.patch -kubeadm-readiness-probe-timeout-core-dns.patch diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/rules b/kubernetes/kubernetes-1.26.1/debian/deb_folder/rules deleted file mode 100755 index 3f1713662..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/rules +++ /dev/null @@ -1,116 +0,0 @@ -#!/usr/bin/make -f - -# -# Copyright (c) 2023 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -# This debian/rules file is based on: -# https://packages.debian.org/source/bookworm/kubernetes -# http://deb.debian.org/debian/pool/main/k/kubernetes/kubernetes_1.20.5+really1.20.2-1.1.debian.tar.xz - -# Customizations support kubernetes upgrades: -# - specific directory locations with kubernetes version, upgrades stage, -# and version specific golang compiler -# - build output not required on the production host is moved to -# kubernetes-misc package - -kube_version := 1.26.1 -kube_git_version := v${kube_version} -name := kubernetes-${kube_version} -go_version := 1.19.5 -_stage1 := /usr/local/kubernetes/${kube_version}/stage1 -_stage2 := /usr/local/kubernetes/${kube_version}/stage2 -_bindir := /usr/bin -kube_dir := src/k8s.io/kubernetes -output_dir := ${kube_dir}/_output -output_bindir := ${output_dir}/bin -output_mandir := ${output_dir}/man -DEBIAN_DESTDIR := $(CURDIR)/debian/tmp -export DH_VERBOSE = 1 -export PATH := /usr/lib/go-1.19/bin:$(PATH) -export KUBE_GIT_TREE_STATE="clean" -export KUBE_GIT_COMMIT=${kube_version} -export KUBE_GIT_VERSION=${kube_git_version} -export KUBE_EXTRA_GOPATH=$(pwd)/Godeps/_workspace -export PBR_VERSION=${kube_git_version} - -bins = kube-proxy kube-apiserver kube-controller-manager kubelet kubeadm kube-scheduler kubectl - -%: - dh $@ --with=bash-completion --builddirectory=src --without=build-stamp - -override_dh_auto_build: - # we support multiple go compilers; indicate the version we are using - go version - which go - - mkdir -pv ${kube_dir} - mv -v $$(ls | grep -v "^src$$" | grep -v "^debian$$") ${kube_dir}/. - cd ${kube_dir} && make WHAT="$(addprefix cmd/,$(bins) genman)" - - # manpages - mkdir -p ${output_mandir} - echo $(bins) | xargs --max-args=1 ${output_bindir}/genman ${output_mandir} - - # NOTICE files - find ${kube_dir}/vendor -name '*NOTICE*' -print0 | xargs -0 head -n1000 > ${output_dir}/NOTICE - -override_dh_install: - # kube_version stage1 - install -m 755 -d ${DEBIAN_DESTDIR}${_stage1}${_bindir} - install -p -m 755 -t ${DEBIAN_DESTDIR}${_stage1}${_bindir} ${output_bindir}/kubeadm - - # kube_version stage2 - install -m 755 -d ${DEBIAN_DESTDIR}${_stage2}${_bindir} - install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d - install -p -m 0644 -t ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d debian/kubeadm.conf - install -p -m 750 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet - install -p -m 755 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl - # bash completions - install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/ - ${DEBIAN_DESTDIR}${_stage2}${_bindir}/kubectl completion bash > ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/kubectl - - # remaining are not kube_version staged, i.e., kubernetes-master, kubernetes-misc - install -m 755 -d ${DEBIAN_DESTDIR}${_bindir} - install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver - install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager - install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler - install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy - - # specific cluster addons for optional use - install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons - - # Addon: volumesnapshots - install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots - install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/crd - install -m 0644 -t ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/crd ${kube_dir}/cluster/addons/volumesnapshots/crd/* - install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/volume-snapshot-controller - install -m 0644 -t ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/volume-snapshot-controller ${kube_dir}/cluster/addons/volumesnapshots/volume-snapshot-controller/* - - # unit-test - # - everything from the root directory is needed - # - unit-tests needs source code - # - integration tests needs docs and other files - # - test-cmd.sh atm needs cluster, examples and other - install -d -m 0755 ${DEBIAN_DESTDIR}/var/lib/kubernetes-unit-test/ - cp -a src ${DEBIAN_DESTDIR}/var/lib/kubernetes-unit-test/ - # remove generated output, i.e., binaries, go cache, man pages, violations report - rm -rf ${DEBIAN_DESTDIR}/var/lib/kubernetes-unit-test/${output_dir} - - dh_install - -override_dh_auto_test: - ${kube_dir}/hack/test-cmd.sh - ${kube_dir}/hack/benchmark-go.sh - ${kube_dir}/hack/test-go.sh - ${kube_dir}/hack/test-integration.sh --use_go_build - -override_dh_fixperms: - dh_fixperms -Xkube-apiserver -Xkubeadm -Xkubeadm.conf \ - -Xkubelet-cgroup-setup.sh -Xkube-apiserver \ - -Xkube-controller-manager -Xkube-scheduler \ - -Xkube-proxy -Xkubelet -Xkubectl - -override_dh_usrlocal: diff --git a/kubernetes/kubernetes-1.26.1/debian/deb_folder/source/format b/kubernetes/kubernetes-1.26.1/debian/deb_folder/source/format deleted file mode 100644 index 163aaf8d8..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/deb_folder/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (quilt) diff --git a/kubernetes/kubernetes-1.26.1/debian/meta_data.yaml b/kubernetes/kubernetes-1.26.1/debian/meta_data.yaml deleted file mode 100644 index 4cbb22434..000000000 --- a/kubernetes/kubernetes-1.26.1/debian/meta_data.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -debver: 1.26.1 -dl_path: - name: kubernetes-1.26.1.tar.gz - url: https://github.com/kubernetes/kubernetes/archive/refs/tags/v1.26.1.tar.gz - sha256sum: 0e19d477b5123c74d12bb46bc72e5b6f4c407473af3772ef31cfff3a1d64d311 -revision: - dist: ${STX_DIST} - GITREVCOUNT: - BASE_SRCREV: a8f7a06d8f962e1a8fc0935e6086fd046fcaa790 - SRC_DIR: ${MY_REPO}/stx/integ/kubernetes/kubernetes-1.26.1 diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/changelog b/kubernetes/kubernetes-1.27.5/debian/deb_folder/changelog deleted file mode 100644 index 30914f02c..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/changelog +++ /dev/null @@ -1,220 +0,0 @@ -kubernetes-1.27.5 (1.27.5-1) unstable; urgency=medium - - * Updated to support building 1.27.5 - - -- Ramesh Kumar Sivanandam rameshkumar.sivanandam@windriver.com Mon, 28 Aug 2023 13:30:00 +0000 - -kubernetes (1.19.4-2) unstable; urgency=medium - - * Updated README.Debian - - -- Janos Lenart Sat, 21 Nov 2020 14:06:21 +0000 - -kubernetes (1.19.4-1) unstable; urgency=medium - - * New upstream release: 1.19.4 - - -- Janos Lenart Tue, 17 Nov 2020 09:30:59 +0000 - -kubernetes (1.19.3-1) unstable; urgency=medium - - * New upstream release: 1.19.3 - * Building with golang-1.15 - * Fixes CVE-2020-8564, CVE-2020-8566 - - -- Janos Lenart Wed, 21 Oct 2020 10:38:41 +0100 - -kubernetes (1.18.6-1) unstable; urgency=medium - - * New upstream release: 1.18.6 - * (An earlier version, 1.17.4-1 fixes CVE-2019-9946) - - -- Janos Lenart Thu, 16 Jul 2020 10:08:46 +0100 - -kubernetes (1.18.5-1) unstable; urgency=medium - - * New upstream release: 1.18.5 - * Fixes CVE-2020-8557, CVE-2020-8558, CVE-2020-8559 - - -- Janos Lenart Wed, 15 Jul 2020 17:19:40 +0100 - -kubernetes (1.18.3-1) unstable; urgency=medium - - * New upstream release: 1.18.3 - * Improved build reproducibility - - -- Janos Lenart Tue, 02 Jun 2020 11:18:12 +0000 - -kubernetes (1.18.2-3) unstable; urgency=medium - - * Bumped Standards-Version - * Improved build reproducibility - - -- Janos Lenart Fri, 15 May 2020 13:17:53 +0000 - -kubernetes (1.18.2-2) unstable; urgency=medium - - * Added i386 back - - -- Janos Lenart Sun, 03 May 2020 21:13:17 +0000 - -kubernetes (1.18.2-1) unstable; urgency=medium - - * New upstream release: 1.18.2 - - -- Janos Lenart Sun, 03 May 2020 19:25:37 +0000 - -kubernetes (1.18.0-1) unstable; urgency=medium - - * New upstream release: 1.18.0 - - -- Janos Lenart Sat, 28 Mar 2020 12:58:42 +0000 - -kubernetes (1.17.4-1) unstable; urgency=high - - * New maintainer (Closes: #886739) - * New upstream release: 1.17.4 (Closes: #887741) - * New Debian packaging from scratch. See README.Debian - * kubernetes-node - - Moved docker from Depends into Recommends as kubelet can also work with - rkt, cri-o, etc. (Closes: #872690) - - Not shipping systemd units for kubelet and kube-proxy for now - * kubernetes-master - - Moved etcd from Depends into Recommends as apiserver can also connect to - a remote etcd/cluster. - - Not shipping systemd units for kube-apiserver, kube-schedules and - kube-controller-manager for now - - -- Janos Lenart Sun, 15 Mar 2020 21:46:45 +0000 - -kubernetes (1.7.16+dfsg-1) unstable; urgency=medium - - [ Michael Stapelberg ] - * Switch to XS-Go-Import-Path - - [ Dmitry Smirnov ] - * Resurrected "mergo.patch" that has been mistakenly removed - (Closes: #878254). - * Re-enabled safeguard test for the above problem. - * New upstream release: - + CVE-2017-1002101 (Closes: #892801) - + CVE-2017-1002102 (Closes: #894051) - * Updated Vcs URLs for Salsa. - * Standards-Version: 4.1.4 - * Build-Depends: - - golang-go - + golang-any - + golang-github-appc-cni-dev - + golang-github-armon-circbuf-dev - + golang-github-azure-azure-sdk-for-go-dev - + golang-github-dgrijalva-jwt-go-v3-dev - + golang-github-docker-distribution-dev - + golang-github-docker-docker-dev - + golang-github-emicklei-go-restful-swagger12-dev - + golang-github-gogo-protobuf-dev - + golang-github-gorilla-websocket-dev - + golang-github-grpc-ecosystem-go-grpc-prometheus-dev - + golang-github-karlseguin-ccache-dev - - golang-github-opencontainers-runc-dev - + golang-github-opencontainers-docker-runc-dev - + golang-github-pmezard-go-difflib-dev - + golang-golang-x-time-dev - + golang-golang-x-tools-dev - + golang-google-grpc-dev - + golang-gopkg-warnings.v0-dev - + golang-goprotobuf-dev - - -- Dmitry Smirnov Sun, 06 May 2018 16:20:21 +1000 - -kubernetes (1.7.7+dfsg-3) unstable; urgency=medium - - * kubernetes-master should depend on etcd (Closes: #855218). - - -- Andrew Shadura Sun, 22 Oct 2017 19:40:46 +0100 - -kubernetes (1.7.7+dfsg-2) unstable; urgency=medium - - * Use CURDIR, not PWD, unbreaks the build at buildds. - - -- Andrew Shadura Fri, 06 Oct 2017 19:25:45 +0200 - -kubernetes (1.7.7+dfsg-1) unstable; urgency=medium - - [ Tim Potter ] - * Open work for new release - * Remove unused Files-Excluded entries from d/copyright - * Remove Skydns B-D as no longer used - * Don't build on ppc64 or ppc64le architectures - - [ Andrew Shadura ] - * New upstream release. - * Refresh patches. - * Update build dependencies. - * Symlink vendor packages to the build directory. - - -- Andrew Shadura Fri, 06 Oct 2017 18:54:06 +0200 - -kubernetes (1.5.5+dfsg-2) unstable; urgency=medium - - * Team upload. - * Don't build on ppc64le due to Go linker problems. See GitHub issue - https://github.com/golang/go/issues/15823. - * Don't build on ppc64 as it's not supported by upstream at the - moment. (Closes: #860505) - - -- Tim Potter Sat, 03 Jun 2017 08:00:51 +1000 - -kubernetes (1.5.5+dfsg-1) unstable; urgency=low - - [ Dmitry Smirnov ] - * Switch to bundled "rkt". - * rules: remove "-p" option from build and test overrides. - * control: drop obsolete "golang-clockwork-dev" alternative. - * New patch to disable test failing on [armel]. - * Upload to unstable. - - [ Tim Potter ] - * New upstream version. [March 2017] - * Big updates to d/rules and d/copyright to update to upstream - changes made since the 1.2.x release. - * Refresh patches to bring up to date with upstream changes since - 1.2.x. - * control: add lsb-base as dependency for sysvinit scripts. - * Suppress spelling-error-in-binary Lintian messages. - - -- Tim Potter Thu, 13 Apr 2017 16:45:57 +1000 - -kubernetes (1.2.5+dfsg-1) experimental; urgency=medium - - * New upstream release [June 2016]. - * Switch to private "github.com/golang/glog" due to log noise. - * Disabled failing tests; no longer ignore failures in tests. - * Build/test using 2 cores only. - * New patch to update appc/cni name space (fixes FTBFS). - * Removed obsolete "spf13-cobra.patch". - - -- Dmitry Smirnov Sun, 03 Jul 2016 04:12:28 +1000 - -kubernetes (1.2.4+dfsg-2) experimental; urgency=medium - - * Added new patch to fix incompatibility with "imdario/mergo" v0.2.2 - (Closes: #825753). - Thanks, Florian Ernst. - * Enable tests but ignore failures for now. - - -- Dmitry Smirnov Fri, 17 Jun 2016 01:41:38 +1000 - -kubernetes (1.2.4+dfsg-1) experimental; urgency=medium - - * New upstream release [May 2016]. - * New patch to print output of "uname -m" on unsupported architectures. - * New "docker.patch" to fix potential FTBFS. - + Build-Depends += "golang-github-docker-distribution-dev". - - -- Dmitry Smirnov Wed, 15 Jun 2016 21:03:01 +1000 - -kubernetes (1.2.3+dfsg-1) experimental; urgency=low - - * Initial release (Closes: #795652). - - -- Dmitry Smirnov Mon, 25 Apr 2016 22:40:12 +1000 diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/control b/kubernetes/kubernetes-1.27.5/debian/deb_folder/control deleted file mode 100644 index f084db2b8..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/control +++ /dev/null @@ -1,93 +0,0 @@ -Source: kubernetes-1.27.5 -Section: admin -Priority: optional -Maintainer: StarlingX Developers -Build-Depends: debhelper-compat (= 13), - build-essential, - bash-completion, - jq, - rsync, - go-bindata, - go-md2man, - golang-1.20 -Standards-Version: 4.4.1 -Homepage: http://kubernetes.io/ -XS-Build-Size: 15GB - -Package: kubernetes-1.27.5-client -Provides: kubernetes-utils -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends} -Recommends: ${misc:Recommends} -Built-Using: ${misc:Built-Using} -Description: Kubernetes Command Line Tool - The Kubernetes command line tool for interacting with the Kubernetes API. - -Package: kubernetes-1.27.5-master -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends}, - adduser, - lsb-base, - etcd -Recommends: ${misc:Recommends}, kubernetes-1.27.5-client -Built-Using: ${misc:Built-Using} -Description: Kubernetes services for master host - Container Cluster Manager from Google. Kubernetes is an open source system - for managing containerized applications across multiple hosts, providing - basic mechanisms for deployment, maintenance, and scaling of applications. - . - Linux kernel version 3.8 or above is required for proper operation of the - daemon process, and that any lower versions may have subtle and/or glaring - issues. - . - This package provides "kube-apiserver", "kube-controller-manager" and - "kube-scheduler" daemons. - -Package: kubernetes-1.27.5-node -Provides: cadvisor -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends}, - adduser, - conntrack, - conntrackd, - docker.io, - lsb-base, - socat, -Recommends: ${misc:Recommends}, kubernetes-1.27.5-client -Built-Using: ${misc:Built-Using} -Description: Kubernetes services for node host - Container Cluster Manager from Google. Kubernetes is an open source system - for managing containerized applications across multiple hosts, providing - basic mechanisms for deployment, maintenance, and scaling of applications. - . - Linux kernel version 3.8 or above is required for proper operation of the - daemon process, and that any lower versions may have subtle and/or glaring - issues. - -Package: kubernetes-1.27.5-kubeadm -Architecture: amd64 -Depends: ${misc:Depends}, containernetworking-plugins -Recommends: ${misc:Recommends}, kubernetes-1.27.5-client -Built-Using: ${misc:Built-Using} -Description: Kubernetes Cluster Bootstrapping Tool - The Kubernetes command line tool for bootstrapping a Kubernetes cluster. - -Package: kubernetes-1.27.5-misc -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends} -Recommends: ${misc:Recommends} -Built-Using: ${misc:Built-Using} -Description: dummy package - Kubernetes dummy package for misc stuff we don't want to install in production. - -Package: kubernetes-1.27.5-unit-test -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends}, - hostname, - rsync, - etcd (>= 2.0.9), - network-manager, -Recommends: ${misc:Recommends} -Built-Using: ${misc:Built-Using} -Description: Kubernetes unit test - Kubernetes unit-test framework. diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/copyright b/kubernetes/kubernetes-1.27.5/debian/deb_folder/copyright deleted file mode 100644 index c491e21c9..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/copyright +++ /dev/null @@ -1,1820 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: Kubernetes -Source: https://github.com/kubernetes/kubernetes - -Files: - debian/kubeadm.conf - debian/kubelet-cgroup-setup.sh -Copyright: 2023 Wind River Systems, Inc. -License: Apache-2.0 - -Files: * -Copyright: 2014-2020 The Kubernetes Authors -License: Apache-2.0 - -Files: debian/* -Copyright: 2020 Janos Lenart -License: Apache-2.0 - -License: Apache-2.0 - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - . - http://www.apache.org/licenses/LICENSE-2.0 - . - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - . - On Debian systems the full text of the Apache-2.0 license can be found in - /usr/share/common-licenses/Apache-2.0 . - -Files: vendor/bitbucket.org/bertimus9/systemstat/* -Copyright: 2013 Phillip Bond -License: Expat - -Files: vendor/cloud.google.com/go/* -Copyright: 2014 Google LLC -License: Apache-2.0 - -Files: vendor/github.com/armon/circbuf/* -Copyright: 2013 Armon Dadgar -License: Expat - -Files: vendor/github.com/asaskevich/govalidator/* -Copyright: 2014 Alex Saskevich -License: Expat - -Files: vendor/github.com/aws/aws-sdk-go/* -Copyright: 2015 Amazon.com, Inc. or its affiliates. - 2014-2015 Stripe, Inc. -License: Apache-2.0 - -Files: vendor/github.com/Azure/azure-sdk-for-go/* -Copyright: 2014-2017 Microsoft and contributors -License: Apache-2.0 - -Files: vendor/github.com/Azure/go-ansiterm/* -Copyright: 2015 Microsoft Corporation -License: Expat - -Files: vendor/github.com/Azure/go-autorest/* -Copyright: 2015, 2017, 2018 Microsoft Corporation -License: Apache-2.0 - -Files: vendor/github.com/bazelbuild/* -Copyright: 2014, 2016-2019 The Bazel Authors. - 2016-2017 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/beorn7/perks/* -Copyright: 2013 Blake Mizerany -License: Expat - -Files: vendor/github.com/blang/semver/* -Copyright: 2014 Benedikt Lang -License: Expat - -Files: vendor/github.com/BurntSushi/toml/* -Copyright: 2013 TOML authors - 2010 The Go Authors -License: Expat and BSD-3-clause - -Files: vendor/github.com/caddyserver/caddy/* -Copyright: 2015 Light Code Labs, LLC -License: Apache-2.0 - -Files: vendor/github.com/cespare/prettybench/* -Copyright: 2014 Caleb Spare -License: Expat - -Files: vendor/github.com/chai2010/gettext-go/* -Copyright: 2013 ChaiShushan -License: BSD-3-clause - -Files: vendor/github.com/checkpoint-restore/go-criu/* -Copyright: The go-criu contributors -License: Apache-2.0 - -Files: vendor/github.com/client9/misspell/* -Copyright: 2015-2017 Nick Galbreath - 2009, 2011 The Go Authors -License: Expat and BSD-3-clause - -Files: vendor/github.com/clusterhq/flocker-go/* -Copyright: 2014-2016 ClusterHQ -License: Apache-2.0 - -Files: vendor/github.com/containerd/* -Copyright: 2012-2016 Docker, Inc. -License: Apache-2.0 and CC-BY-4.0 - -Files: vendor/github.com/containernetworking/cni/* -Copyright: 2015,2016 CNI authors -License: Apache-2.0 - -Files: vendor/github.com/container-storage-interface/spec/* -Copyright: 2017-2020 container-storage-interface/spec contributors -License: Apache-2.0 - -Files: vendor/github.com/coredns/corefile-migration/* -Copyright: 2019-2020 coredns/corefile-migration contributors -License: Apache-2.0 - -Files: vendor/github.com/coreos/go-oidc/* -Copyright: 2014 CoreOS, Inc - 2004, 2006 The Linux Foundation and its contributors -License: Apache-2.0 - -Files: vendor/github.com/coreos/go-semver/* -Copyright: 2013-2015, 2018 CoreOS, Inc -License: Apache-2.0 - -Files: vendor/github.com/coreos/go-systemd/* -Copyright: 2014 Docker, Inc. - 2015-2018 CoreOS, Inc -License: Apache-2.0 - -Files: vendor/github.com/coreos/pkg/* -Copyright: 2014-2016 CoreOS, Inc -License: Apache-2.0 - -Files: vendor/github.com/cpuguy83/go-md2man/* -Copyright: 2014 Brian Goff -License: Expat - -Files: vendor/github.com/cyphar/filepath-securejoin/* -Copyright: 2014-2015 Docker Inc & Go Authors - 2017 SUSE LLC. -License: BSD-3-clause - -Files: vendor/github.com/davecgh/go-spew/* -Copyright: 2012-2016 Dave Collins -License: ISC - -Files: vendor/github.com/daviddengcn/go-colortext/* -Copyright: 2016, David Deng -License: Expat or BSD-3-clause - -Files: vendor/github.com/dgrijalva/jwt-go/* -Copyright: 2012 Dave Grijalva -License: Expat - -Files: vendor/github.com/docker/distribution/* -Copyright: 2014-2020 docker/distribution contributors - 2013 Damien Le Berrigaud and Nick Wade -License: Apache-2.0 and Expat and CC-BY-4.0 - -Files: vendor/github.com/docker/docker/* -Copyright: 2012-2018 Docker, Inc. - 2019 Keith Rarick -License: Apache-2.0 and Expat - -Files: vendor/github.com/docker/go-connections/* -Copyright: 2015 Docker, Inc. -License: Apache-2.0 - -Files: vendor/github.com/docker/go-units/* -Copyright: 2015 Docker, Inc. - 2004, 2006 The Linux Foundation and its contributors. -License: Apache-2.0 - -Files: vendor/github.com/docker/libnetwork/* -Copyright: 2015-2020 docker/libnetwork contributors -License: Apache-2.0 - -Files: vendor/github.com/docker/spdystream/* -Copyright: 2014-2015 Docker, Inc. - 2011, 2013 The Go Authors -License: Apache-2.0 and BSD-3-clause and CC-BY-SA-4.0 - -Files: vendor/github.com/dustin/go-humanize/* -Copyright: 2005-2008 Dustin Sallings -License: Expat - -Files: vendor/github.com/elazarl/goproxy/* -Copyright: 2012 Elazar Leibovich -License: BSD-3-clause - -Files: vendor/github.com/emicklei/go-restful/* -Copyright: 2012-2015, 2018 Ernest Micklei -License: Expat - -Files: vendor/github.com/euank/go-kmsg-parser/* -Copyright: 2016 Euan Kemp -License: Apache-2.0 - -Files: vendor/github.com/evanphx/json-patch/* -Copyright: 2014, Evan Phoenix -License: BSD-3-clause - -Files: vendor/github.com/exponent-io/jsonpath/* -Copyright: 2015 Exponent Labs LLC -License: Expat - -Files: vendor/github.com/fatih/camelcase/* -Copyright: 2015 Fatih Arslan -License: Expat - -Files: vendor/github.com/fatih/color/* -Copyright: 2013 Fatih Arslan -License: Expat - -Files: vendor/github.com/fsnotify/fsnotify/* -Copyright: 2010-2013, 2015 The Go Authors - 2012 fsnotify Authors -License: BSD-3-clause - -Files: vendor/github.com/ghodss/yaml/* -Copyright: 2014 Sam Ghods - 2012, 2013 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/go-bindata/go-bindata/* -Copyright: The go-bindata contributors -License: CC0-1.0 - -Files: vendor/github.com/godbus/dbus/* -Copyright: 2013, Georg Reinke (), Google -License: BSD-2-clause - -Files: vendor/github.com/gogo/protobuf/* -Copyright: 2013, The GoGo Authors - 2010-2012, 2015-2018 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/golang/groupcache/* -Copyright: 2013 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/golang/mock/* -Copyright: 2010, 2011 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/golang/protobuf/* -Copyright: 2008, 2010-2012, 2015-2018 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/googleapis/gnostic/* -Copyright: 2017 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/google/btree/* -Copyright: 2014 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/google/cadvisor/* -Copyright: 2014-2019 Google Inc. - 2014 The cAdvisor Authors -License: Apache-2.0 - -Files: vendor/github.com/GoogleCloudPlatform/k8s-cloud-provider/* -Copyright: 2018, 2019 Google LLC -License: Apache-2.0 - -Files: vendor/github.com/google/go-cmp/* -Copyright: 2017-2019 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/google/gofuzz/* -Copyright: 2014 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/google/uuid/* -Copyright: 2009, 2014, 2016-2018 Google Inc. -License: BSD-3-clause - -Files: vendor/github.com/go-openapi/analysis/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/errors/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/jsonpointer/* -Copyright: 2013 sigu-399 ( https://github.com/sigu-399 ) -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/jsonreference/* -Copyright: 2013 sigu-399 ( https://github.com/sigu-399 ) -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/loads/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/runtime/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/spec/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/strfmt/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/swag/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/validate/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-ozzo/ozzo-validation/* -Copyright: 2016, 2018 Qiang Xue, Google LLC -License: Expat - -Files: vendor/github.com/gophercloud/gophercloud/* -Copyright: 2012-2013 Rackspace, Inc. -License: Apache-2.0 - -Files: vendor/github.com/gorilla/websocket/* -Copyright: 2013, 2016, 2017 The Gorilla WebSocket Authors -License: BSD-2-clause - -Files: vendor/github.com/go-stack/stack/* -Copyright: 2014 Chris Hines -License: Expat - -Files: vendor/github.com/gregjones/httpcache/* -Copyright: 2012 Greg Jones (greg.jones@gmail.com) -License: Expat - -Files: vendor/github.com/grpc-ecosystem/go-grpc-middleware/* -Copyright: 2016 Michal Witkowski -License: Apache-2.0 - -Files: vendor/github.com/grpc-ecosystem/go-grpc-prometheus/* -Copyright: 2016 Michal Witkowski -License: Apache-2.0 - -Files: vendor/github.com/grpc-ecosystem/grpc-gateway/* -Copyright: 2015, Gengo, Inc. -License: BSD-3-clause - -Files: vendor/github.com/hashicorp/golang-lru/* -Copyright: 2014-2020 hashicorp/golang-lru contributors -License: MPL-2.0 - -Files: vendor/github.com/hashicorp/hcl/* -Copyright: 2014-2020 hashicorp/hcl contributors -License: MPL-2.0 - -Files: vendor/github.com/heketi/heketi/* -Copyright: 2015, 2016, 2018 The heketi Authors - 1989, 1991, 2007 Free Software Foundation, Inc. -License: (Apache-2.0 or LGPL-3.0) and (LGPL-3.0 or GPL-2.0) - -Files: vendor/github.com/hpcloud/tail/* -Copyright: 2015 Hewlett Packard Enterprise Development LP - 2015 HPE Software Inc. - 2013, 2014 ActiveState Software Inc. - 2013 99designs -License: Expat - -Files: vendor/github.com/imdario/mergo/* -Copyright: 2009, 2013, 2014 Dario Castañé - 2009, 2012 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/inconshreveable/mousetrap/* -Copyright: 2014 Alan Shreve -License: Apache-2.0 - -Files: vendor/github.com/JeffAshton/win_pdh/* -Copyright: 2010, 2013 The win_pdh Authors -License: BSD-3-clause - -Files: vendor/github.com/jmespath/go-jmespath/* -Copyright: 2015 James Saryerwinnie -License: Apache-2.0 - -Files: vendor/github.com/jonboulle/clockwork/* -Copyright: 2014-2020 jonboulle/clockwork contributors -License: Apache-2.0 - -Files: vendor/github.com/json-iterator/go/* -Copyright: 2016 json-iterator -License: Expat - -Files: vendor/github.com/karrick/godirwalk/* -Copyright: 2017, Karrick McDermott -License: BSD-2-clause - -Files: vendor/github.com/konsorten/go-windows-terminal-sequences/* -Copyright: 2016, 2017 marvin + konsorten GmbH (open-source@konsorten.de) -License: Expat - -Files: vendor/github.com/libopenstorage/openstorage/* -Copyright: 2015 Openstorage.org -License: Apache-2.0 - -Files: vendor/github.com/liggitt/tabwriter/* -Copyright: 2009 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/lithammer/dedent/* -Copyright: 2018 Peter Lithammer -License: Expat - -Files: vendor/github.com/magiconair/properties/* -Copyright: 2011 The Go Authors - 2013-2018 Frank Schroeder -License: BSD-2-clause - -Files: vendor/github.com/mailru/easyjson/* -Copyright: 2016 Mail.Ru Group -License: Expat - -Files: vendor/github.com/MakeNowJust/heredoc/* -Copyright: 2014-2017 TSUYUSATO Kitsune -License: Expat - -Files: vendor/github.com/mattn/go-colorable/* -Copyright: 2016 Yasuhiro Matsumoto -License: Expat - -Files: vendor/github.com/mattn/go-isatty/* -Copyright: Yasuhiro MATSUMOTO -License: Expat - -Files: vendor/github.com/mattn/go-shellwords/* -Copyright: 2017 Yasuhiro Matsumoto -License: Expat - -Files: vendor/github.com/matttproud/golang_protobuf_extensions/* -Copyright: 2012 Matt T. Proud (matt.proud@gmail.com) -License: Apache-2.0 - -Files: vendor/github.com/Microsoft/go-winio/* -Copyright: 2015 Microsoft -License: Expat - -Files: vendor/github.com/Microsoft/hcsshim/* -Copyright: 2015, 2018 Microsoft Corp. -License: Expat - -Files: vendor/github.com/miekg/dns/* -Copyright: 2011 Miek Gieben - 2009, 2013 The Go Authors - 2014 CloudFlare -License: BSD-3-clause - -Files: vendor/github.com/mindprince/gonvml/* -Copyright: 2017 Google Inc. - 1993-2016 NVIDIA Corporation -License: Apache-2.0 - -Files: vendor/github.com/mistifyio/go-zfs/* -Copyright: 2014 OmniTI Computer Consulting, Inc. -License: Apache-2.0 - -Files: vendor/github.com/mitchellh/go-wordwrap/* -Copyright: 2014 Mitchell Hashimoto -License: Expat - -Files: vendor/github.com/mitchellh/mapstructure/* -Copyright: 2013 Mitchell Hashimoto -License: Expat - -Files: vendor/github.com/modern-go/concurrent/* -Copyright: 2018-2020 modern-go/concurrent contributors -License: Apache-2.0 - -Files: vendor/github.com/modern-go/reflect2/* -Copyright: 2018-2020 modern-go/reflec2 contributors -License: Apache-2.0 - -Files: vendor/github.com/mohae/deepcopy/* -Copyright: 2014-2016 Joel Scoble (github.com/mohae) -License: Expat - -Files: vendor/github.com/morikuni/aec/* -Copyright: 2016 Taihei Morikuni -License: Expat - -Files: vendor/github.com/mrunalp/fileutils/* -Copyright: 2014 Docker Inc. -License: Apache-2.0 - -Files: vendor/github.com/munnerz/goautoneg/* -Copyright: 2011, Open Knowledge Foundation Ltd -License: BSD-3-clause - -Files: vendor/github.com/mvdan/xurls/* -Copyright: 2015, Daniel Martí -License: BSD-3-clause - -Files: vendor/github.com/mxk/go-flowrate/* -Copyright: 2014 The Go-FlowRate Authors -License: BSD-3-clause - -Files: vendor/github.com/NYTimes/gziphandler/* -Copyright: 2015 The New York Times Company -License: Apache-2.0 - -Files: vendor/github.com/onsi/ginkgo/* -Copyright: 2013-2014 Onsi Fakhouri - 2016 Yasuhiro Matsumoto -License: Expat - -Files: vendor/github.com/onsi/gomega/* -Copyright: 2013-2014 Onsi Fakhouri -License: Expat - -Files: vendor/github.com/opencontainers/go-digest/* -Copyright: 2017 Docker, Inc. - 2004, 2006 The Linux Foundation and its contributors -License: Apache-2.0 and CC-BY-SA-4.0 - -Files: vendor/github.com/opencontainers/image-spec/* -Copyright: 2016 The Linux Foundation -License: Apache-2.0 - -Files: vendor/github.com/opencontainers/runc/* -Copyright: 2012-2015 Docker, Inc. - 2016, 2017 SUSE LLC -License: Apache-2.0 - -Files: vendor/github.com/opencontainers/runtime-spec/* -Copyright: 2015 The Linux Foundation -License: Apache-2.0 - -Files: vendor/github.com/opencontainers/selinux/* -Copyright: 2017-2020 opencontainers/selinux contributors -License: Apache-2.0 - -Files: vendor/github.com/pelletier/go-toml/* -Copyright: 2013-2017 Thomas Pelletier, Eric Anderton -License: Expat - -Files: vendor/github.com/peterbourgon/diskv/* -Copyright: 2011-2012 Peter Bourgon -License: Expat - -Files: vendor/github.com/pkg/errors/* -Copyright: 2015, Dave Cheney -License: BSD-2-clause - -Files: vendor/github.com/pmezard/go-difflib/* -Copyright: 2013, Patrick Mezard -License: BSD-3-clause - -Files: vendor/github.com/pquerna/cachecontrol/* -Copyright: 2015 Paul Querna - 2009 The Go Authors -License: Apache-2.0 and BSD-3-clause - -Files: vendor/github.com/prometheus/client_golang/* -Copyright: 2012-2019 The Prometheus Authors - 2010 The Go Authors - 2013-2015 Blake Mizerany, Björn Rabenstein - 2013 Matt T. Proud -License: Apache-2.0 - -Files: vendor/github.com/prometheus/client_model/* -Copyright: 2012-2015 The Prometheus Authors -License: Apache-2.0 - -Files: vendor/github.com/prometheus/common/* -Copyright: 2013-2015 The Prometheus Authors - 2011, Open Knowledge Foundation Ltd. -License: Apache-2.0 - -Files: vendor/github.com/prometheus/procfs/* -Copyright: 2014-2015,2017-2019 The Prometheus Authors - 2017 Roger Luethi -License: Apache-2.0 - -Files: vendor/github.com/PuerkitoBio/purell/* -Copyright: 2012, Martin Angers -License: BSD-3-clause - -Files: vendor/github.com/PuerkitoBio/urlesc/* -Copyright: 2009, 2012 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/quobyte/api/* -Copyright: 2016, Quobyte Inc. -License: BSD-3-clause - -Files: vendor/github.com/robfig/cron/* -Copyright: 2012 Rob Figueiredo -License: Expat - -Files: vendor/github.com/rubiojr/go-vhd/* -Copyright: 2015 Sergio Rubio -License: Expat - -Files: vendor/github.com/russross/blackfriday/* -Copyright: 2011 Russ Ross -License: BSD-2-clause - -Files: vendor/github.com/satori/go.uuid/* -Copyright: 2013-2018 by Maxim Bublis -License: Expat - -Files: vendor/github.com/seccomp/libseccomp-golang/* -Copyright: 2015 Matthew Heon - 2015 Paul Moore -License: BSD-2-clause - -Files: vendor/github.com/sirupsen/logrus/* -Copyright: 2014 Simon Eskildsen -License: Expat - -Files: vendor/github.com/soheilhy/cmux/* -Copyright: 2016 The CMux Authors -License: Apache-2.0 - -Files: vendor/github.com/spf13/afero/* -Copyright: 2009, 2015 The Go Authors - 2014-2016,2018 Steve Francia - 2015 The Hugo Authors - 2013 The tsuru authors - 2016-present Bjørn Erik Pedersen -License: Apache-2.0 - -Files: vendor/github.com/spf13/cast/* -Copyright: 2014 Steve Francia - 2011 The Go Authors -License: Expat - -Files: vendor/github.com/spf13/cobra/* -Copyright: 2013 Steve Francia . - 2015 Red Hat Inc. - 2016 French Ben -License: Apache-2.0 - -Files: vendor/github.com/spf13/jwalterweatherman/* -Copyright: 2014, 2016 Steve Francia -License: Expat - -Files: vendor/github.com/spf13/pflag/* -Copyright: 2012 Alex Ogier - 2009, 2012 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/spf13/viper/* -Copyright: 2014 Steve Francia -License: Expat - -Files: vendor/github.com/storageos/go-api/* -Copyright: 2015-2018 StorageOS - 2013-2017 go-dockerclient Authors -License: Expat and BSD-2-clause - -Files: vendor/github.com/stretchr/objx/* -Copyright: 2014 Stretchr, Inc. - 2017-2018 objx contributors -License: Expat - -Files: vendor/github.com/stretchr/testify/* -Copyright: 2012-2018 Mat Ryer and Tyler Bunnell -License: Expat - -Files: vendor/github.com/syndtr/gocapability/* -Copyright: 2013 Suryandaru Triandana -License: BSD-2-clause - -Files: vendor/github.com/thecodeteam/goscaleio/* -Copyright: 2015-2019 thecodeteam/goscaleio contributors -License: Apache-2.0 - -Files: vendor/github.com/tmc/grpc-websocket-proxy/* -Copyright: 2016 Travis Cline -License: Expat - -Files: vendor/github.com/vishvananda/netlink/* -Copyright: 2014 Vishvananda Ishaya. - 2014 Docker, Inc. -License: Apache-2.0 - -Files: vendor/github.com/vishvananda/netns/* -Copyright: 2014 Vishvananda Ishaya. - 2014 Docker, Inc. -License: Apache-2.0 - -Files: vendor/github.com/vmware/govmomi/* -Copyright: 2014-2018 VMware, Inc. - 2009, 2011, 2012 The Go Authors -License: Apache-2.0 - -Files: vendor/github.com/xiang90/probing/* -Copyright: 2015 Xiang Li -License: Expat - -Files: vendor/go.etcd.io/bbolt/* -Copyright: 2013 Ben Johnson -License: Expat - -Files: vendor/go.etcd.io/etcd/* -Copyright: 2014 CoreOS, Inc - 2015-2019 The etcd Authors - 2015 The Go Authors -License: Apache-2.0 - -Files: vendor/go.mongodb.org/mongo-driver/* -Copyright: MongoDB Inc. 2017-present. -License: Apache-2.0 - -Files: vendor/go.opencensus.io/* -Copyright: 2017-2019 OpenCensus Authors -License: Apache-2.0 - -Files: vendor/go.uber.org/atomic/* -Copyright: 2016 Uber Technologies, Inc. -License: Expat - -Files: vendor/go.uber.org/multierr/* -Copyright: 2017 Uber Technologies, Inc. -License: Expat - -Files: vendor/go.uber.org/zap/* -Copyright: 2016-2017 Uber Technologies, Inc. -License: Expat - -Files: vendor/golang.org/x/crypto/* -Copyright: 2009,2011-2016,2018 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/lint/* -Copyright: 2013,2018 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/net/* -Copyright: 2009-2019 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/oauth2/* -Copyright: 2009,2014-2018 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/sync/* -Copyright: 2009,2016 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/sys/* -Copyright: 2009-2019 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/text/* -Copyright: 2009,2011,2013-2018 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/time/* -Copyright: 2009,2015 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/tools/* -Copyright: 2009,2011-2019 The Go Authors -License: BSD-3-clause - -Files: vendor/gonum.org/v1/gonum/* -Copyright: 2013-2019 The Gonum Authors - 2009, 2010, 2012 The Go Authors - 1984, 1987, 1989, 1992, 2000 Stephen L. Moshier - 2017 Robin Eklind -License: BSD-3-clause - -Files: vendor/google.golang.org/api/* -Copyright: 2011-2013 Google Inc - 2015-2019 Google LLC - 2013 Joshua Tacoma - 2015-2017 The Go Authors -License: BSD-3-clause - -Files: vendor/google.golang.org/appengine/* -Copyright: 2011-2015,2018 Google Inc. -License: Apache-2.0 - -Files: vendor/google.golang.org/genproto/* -Copyright: 2016-2020 google.golang.org/genproto contributors -License: Apache-2.0 - -Files: vendor/google.golang.org/grpc/* -Copyright: 2014-2019 gRPC authors -License: Apache-2.0 - -Files: vendor/gopkg.in/fsnotify.v1/* -Copyright: 2012 The Go Authors - 2012 fsnotify Authors -License: BSD-3-clause - -Files: vendor/gopkg.in/gcfg.v1/* -Copyright: 2012 Péter Surányi - 2009 The Go Authors -License: BSD-3-clause - -Files: vendor/gopkg.in/inf.v0/* -Copyright: 2012 Péter Surányi - 2009 The Go Authors -License: BSD-3-clause - -Files: vendor/gopkg.in/natefinch/lumberjack.v2/* -Copyright: 2014 Nate Finch -License: Expat - -Files: vendor/gopkg.in/square/go-jose.v2/* -Copyright: 2014,2016,2017,2018 Square Inc. - 2016 Zbigniew Mandziejewicz - 2010 The Go Authors -License: Apache-2.0 - -Files: vendor/gopkg.in/tomb.v1/* -Copyright: 2010-2011 - Gustavo Niemeyer -License: BSD-3-clause - -Files: vendor/gopkg.in/warnings.v0/* -Copyright: 2016 Péter Surányi -License: BSD-2-clause - -Files: vendor/gopkg.in/yaml.v2/* -Copyright: 2006 Kirill Simonov -License: Apache-2.0 - -Files: vendor/gotest.tools/* -Copyright: 2018 gotest.tools authors -License: Apache-2.0 - -Files: vendor/honnef.co/go/tools/* -Copyright: 2016, 2018, 2019 Dominik Honnef - 2009, 2013-2015, 2017, 2018 The Go Authors - 2018 Google Inc. - 2013 Kamil Kisiel - 2013 TOML authors -License: Expat - -Files: vendor/vbom.ml/util/* -Copyright: 2015 Frits van Bommel -License: Expat - -License: Expat - Permission is hereby granted, free of charge, to any person obtaining a copy of - this software and associated documentation files (the "Software"), to deal in - the Software without restriction, including without limitation the rights to - use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - the Software, and to permit persons to whom the Software is furnished to do so, - subject to the following conditions: - . - The above copyright notice and this permission notice shall be included in all - copies or substantial portions of the Software. - . - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -License: BSD-3-clause - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - . - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - . - THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -License: BSD-2-clause - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - . - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - . - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - . - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -License: MPL-2.0 - This Source Code Form is subject to the terms of the Mozilla Public - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. - . - On Debian systems the full text of the MPL 2.0 license can be found in - /usr/share/common-licenses/MPL-2.0 . - -License: ISC - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - . - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -License: CC0-1.0 - To the extent possible under law, the author(s) have dedicated all copyright - and related and neighboring rights to this software to the public domain - worldwide. This software is distributed without any warranty. - . - You should have received a copy of the CC0 Public Domain Dedication along with - this software. If not, see . - . - On Debian systems, the full text of the CC0 Public Domain Dedication version - version 1.0 can be found in the file /usr/share/common-licenses/CC0-1.0 . - -License: LGPL-3.0 - This package is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 3 of the License, or (at your option) any later version. - . - This package is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - . - You should have received a copy of the GNU Lesser General Public - License along with this package; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - . - On Debian systems, the complete text of the GNU Lesser General - Public License can be found in /usr/share/common-licenses/LGPL-3 - -License: GPL-2.0 - This package is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - . - This package is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this package; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - . - On Debian systems, the complete text of the GNU General - Public License can be found in /usr/share/common-licenses/GPL-2 . - -License: CC-BY-SA-4.0 - Attribution-ShareAlike 4.0 International - . - ======================================================================= - . - Creative Commons Corporation ("Creative Commons") is not a law firm and - does not provide legal services or legal advice. Distribution of - Creative Commons public licenses does not create a lawyer-client or - other relationship. Creative Commons makes its licenses and related - information available on an "as-is" basis. Creative Commons gives no - warranties regarding its licenses, any material licensed under their - terms and conditions, or any related information. Creative Commons - disclaims all liability for damages resulting from their use to the - fullest extent possible. - . - Using Creative Commons Public Licenses - . - Creative Commons public licenses provide a standard set of terms and - conditions that creators and other rights holders may use to share - original works of authorship and other material subject to copyright - and certain other rights specified in the public license below. The - following considerations are for informational purposes only, are not - exhaustive, and do not form part of our licenses. - . - Considerations for licensors: Our public licenses are - intended for use by those authorized to give the public - permission to use material in ways otherwise restricted by - copyright and certain other rights. Our licenses are - irrevocable. Licensors should read and understand the terms - and conditions of the license they choose before applying it. - Licensors should also secure all rights necessary before - applying our licenses so that the public can reuse the - material as expected. Licensors should clearly mark any - material not subject to the license. This includes other CC- - licensed material, or material used under an exception or - limitation to copyright. More considerations for licensors: - wiki.creativecommons.org/Considerations_for_licensors - . - Considerations for the public: By using one of our public - licenses, a licensor grants the public permission to use the - licensed material under specified terms and conditions. If - the licensor's permission is not necessary for any reason--for - example, because of any applicable exception or limitation to - copyright--then that use is not regulated by the license. Our - licenses grant only permissions under copyright and certain - other rights that a licensor has authority to grant. Use of - the licensed material may still be restricted for other - reasons, including because others have copyright or other - rights in the material. A licensor may make special requests, - such as asking that all changes be marked or described. - Although not required by our licenses, you are encouraged to - respect those requests where reasonable. More_considerations - for the public: - wiki.creativecommons.org/Considerations_for_licensees - . - ======================================================================= - . - Creative Commons Attribution-ShareAlike 4.0 International Public - License - . - By exercising the Licensed Rights (defined below), You accept and agree - to be bound by the terms and conditions of this Creative Commons - Attribution-ShareAlike 4.0 International Public License ("Public - License"). To the extent this Public License may be interpreted as a - contract, You are granted the Licensed Rights in consideration of Your - acceptance of these terms and conditions, and the Licensor grants You - such rights in consideration of benefits the Licensor receives from - making the Licensed Material available under these terms and - conditions. - . - . - Section 1 -- Definitions. - . - a. Adapted Material means material subject to Copyright and Similar - Rights that is derived from or based upon the Licensed Material - and in which the Licensed Material is translated, altered, - arranged, transformed, or otherwise modified in a manner requiring - permission under the Copyright and Similar Rights held by the - Licensor. For purposes of this Public License, where the Licensed - Material is a musical work, performance, or sound recording, - Adapted Material is always produced where the Licensed Material is - synched in timed relation with a moving image. - . - b. Adapter's License means the license You apply to Your Copyright - and Similar Rights in Your contributions to Adapted Material in - accordance with the terms and conditions of this Public License. - . - c. BY-SA Compatible License means a license listed at - creativecommons.org/compatiblelicenses, approved by Creative - Commons as essentially the equivalent of this Public License. - . - d. Copyright and Similar Rights means copyright and/or similar rights - closely related to copyright including, without limitation, - performance, broadcast, sound recording, and Sui Generis Database - Rights, without regard to how the rights are labeled or - categorized. For purposes of this Public License, the rights - specified in Section 2(b)(1)-(2) are not Copyright and Similar - Rights. - . - e. Effective Technological Measures means those measures that, in the - absence of proper authority, may not be circumvented under laws - fulfilling obligations under Article 11 of the WIPO Copyright - Treaty adopted on December 20, 1996, and/or similar international - agreements. - . - f. Exceptions and Limitations means fair use, fair dealing, and/or - any other exception or limitation to Copyright and Similar Rights - that applies to Your use of the Licensed Material. - . - g. License Elements means the license attributes listed in the name - of a Creative Commons Public License. The License Elements of this - Public License are Attribution and ShareAlike. - . - h. Licensed Material means the artistic or literary work, database, - or other material to which the Licensor applied this Public - License. - . - i. Licensed Rights means the rights granted to You subject to the - terms and conditions of this Public License, which are limited to - all Copyright and Similar Rights that apply to Your use of the - Licensed Material and that the Licensor has authority to license. - . - j. Licensor means the individual(s) or entity(ies) granting rights - under this Public License. - . - k. Share means to provide material to the public by any means or - process that requires permission under the Licensed Rights, such - as reproduction, public display, public performance, distribution, - dissemination, communication, or importation, and to make material - available to the public including in ways that members of the - public may access the material from a place and at a time - individually chosen by them. - . - l. Sui Generis Database Rights means rights other than copyright - resulting from Directive 96/9/EC of the European Parliament and of - the Council of 11 March 1996 on the legal protection of databases, - as amended and/or succeeded, as well as other essentially - equivalent rights anywhere in the world. - . - m. You means the individual or entity exercising the Licensed Rights - under this Public License. Your has a corresponding meaning. - . - . - Section 2 -- Scope. - . - a. License grant. - . - 1. Subject to the terms and conditions of this Public License, - the Licensor hereby grants You a worldwide, royalty-free, - non-sublicensable, non-exclusive, irrevocable license to - exercise the Licensed Rights in the Licensed Material to: - . - a. reproduce and Share the Licensed Material, in whole or - in part; and - . - b. produce, reproduce, and Share Adapted Material. - . - 2. Exceptions and Limitations. For the avoidance of doubt, where - Exceptions and Limitations apply to Your use, this Public - License does not apply, and You do not need to comply with - its terms and conditions. - . - 3. Term. The term of this Public License is specified in Section - 6(a). - . - 4. Media and formats; technical modifications allowed. The - Licensor authorizes You to exercise the Licensed Rights in - all media and formats whether now known or hereafter created, - and to make technical modifications necessary to do so. The - Licensor waives and/or agrees not to assert any right or - authority to forbid You from making technical modifications - necessary to exercise the Licensed Rights, including - technical modifications necessary to circumvent Effective - Technological Measures. For purposes of this Public License, - simply making modifications authorized by this Section 2(a) - (4) never produces Adapted Material. - . - 5. Downstream recipients. - . - a. Offer from the Licensor -- Licensed Material. Every - recipient of the Licensed Material automatically - receives an offer from the Licensor to exercise the - Licensed Rights under the terms and conditions of this - Public License. - . - b. Additional offer from the Licensor -- Adapted Material. - Every recipient of Adapted Material from You - automatically receives an offer from the Licensor to - exercise the Licensed Rights in the Adapted Material - under the conditions of the Adapter's License You apply. - . - c. No downstream restrictions. You may not offer or impose - any additional or different terms or conditions on, or - apply any Effective Technological Measures to, the - Licensed Material if doing so restricts exercise of the - Licensed Rights by any recipient of the Licensed - Material. - . - 6. No endorsement. Nothing in this Public License constitutes or - may be construed as permission to assert or imply that You - are, or that Your use of the Licensed Material is, connected - with, or sponsored, endorsed, or granted official status by, - the Licensor or others designated to receive attribution as - provided in Section 3(a)(1)(A)(i). - . - b. Other rights. - . - 1. Moral rights, such as the right of integrity, are not - licensed under this Public License, nor are publicity, - privacy, and/or other similar personality rights; however, to - the extent possible, the Licensor waives and/or agrees not to - assert any such rights held by the Licensor to the limited - extent necessary to allow You to exercise the Licensed - Rights, but not otherwise. - . - 2. Patent and trademark rights are not licensed under this - Public License. - . - 3. To the extent possible, the Licensor waives any right to - collect royalties from You for the exercise of the Licensed - Rights, whether directly or through a collecting society - under any voluntary or waivable statutory or compulsory - licensing scheme. In all other cases the Licensor expressly - reserves any right to collect such royalties. - . - . - Section 3 -- License Conditions. - . - Your exercise of the Licensed Rights is expressly made subject to the - following conditions. - . - a. Attribution. - . - 1. If You Share the Licensed Material (including in modified - form), You must: - . - a. retain the following if it is supplied by the Licensor - with the Licensed Material: - . - i. identification of the creator(s) of the Licensed - Material and any others designated to receive - attribution, in any reasonable manner requested by - the Licensor (including by pseudonym if - designated); - . - ii. a copyright notice; - . - iii. a notice that refers to this Public License; - . - iv. a notice that refers to the disclaimer of - warranties; - . - v. a URI or hyperlink to the Licensed Material to the - extent reasonably practicable; - . - b. indicate if You modified the Licensed Material and - retain an indication of any previous modifications; and - . - c. indicate the Licensed Material is licensed under this - Public License, and include the text of, or the URI or - hyperlink to, this Public License. - . - 2. You may satisfy the conditions in Section 3(a)(1) in any - reasonable manner based on the medium, means, and context in - which You Share the Licensed Material. For example, it may be - reasonable to satisfy the conditions by providing a URI or - hyperlink to a resource that includes the required - information. - . - 3. If requested by the Licensor, You must remove any of the - information required by Section 3(a)(1)(A) to the extent - reasonably practicable. - . - b. ShareAlike. - . - In addition to the conditions in Section 3(a), if You Share - Adapted Material You produce, the following conditions also apply. - . - 1. The Adapter's License You apply must be a Creative Commons - license with the same License Elements, this version or - later, or a BY-SA Compatible License. - . - 2. You must include the text of, or the URI or hyperlink to, the - Adapter's License You apply. You may satisfy this condition - in any reasonable manner based on the medium, means, and - context in which You Share Adapted Material. - . - 3. You may not offer or impose any additional or different terms - or conditions on, or apply any Effective Technological - Measures to, Adapted Material that restrict exercise of the - rights granted under the Adapter's License You apply. - . - . - Section 4 -- Sui Generis Database Rights. - . - Where the Licensed Rights include Sui Generis Database Rights that - apply to Your use of the Licensed Material: - . - a. for the avoidance of doubt, Section 2(a)(1) grants You the right - to extract, reuse, reproduce, and Share all or a substantial - portion of the contents of the database; - . - b. if You include all or a substantial portion of the database - contents in a database in which You have Sui Generis Database - Rights, then the database in which You have Sui Generis Database - Rights (but not its individual contents) is Adapted Material, - . - including for purposes of Section 3(b); and - c. You must comply with the conditions in Section 3(a) if You Share - all or a substantial portion of the contents of the database. - . - For the avoidance of doubt, this Section 4 supplements and does not - replace Your obligations under this Public License where the Licensed - Rights include other Copyright and Similar Rights. - . - . - Section 5 -- Disclaimer of Warranties and Limitation of Liability. - . - a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE - EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS - AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF - ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, - IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, - WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR - PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, - ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT - KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT - ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. - . - b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE - TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, - NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, - INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, - COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR - USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN - ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR - DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR - IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. - . - c. The disclaimer of warranties and limitation of liability provided - above shall be interpreted in a manner that, to the extent - possible, most closely approximates an absolute disclaimer and - waiver of all liability. - . - . - Section 6 -- Term and Termination. - . - a. This Public License applies for the term of the Copyright and - Similar Rights licensed here. However, if You fail to comply with - this Public License, then Your rights under this Public License - terminate automatically. - . - b. Where Your right to use the Licensed Material has terminated under - Section 6(a), it reinstates: - . - 1. automatically as of the date the violation is cured, provided - it is cured within 30 days of Your discovery of the - violation; or - . - 2. upon express reinstatement by the Licensor. - . - For the avoidance of doubt, this Section 6(b) does not affect any - right the Licensor may have to seek remedies for Your violations - of this Public License. - . - c. For the avoidance of doubt, the Licensor may also offer the - Licensed Material under separate terms or conditions or stop - distributing the Licensed Material at any time; however, doing so - will not terminate this Public License. - . - d. Sections 1, 5, 6, 7, and 8 survive termination of this Public - License. - . - . - Section 7 -- Other Terms and Conditions. - . - a. The Licensor shall not be bound by any additional or different - terms or conditions communicated by You unless expressly agreed. - . - b. Any arrangements, understandings, or agreements regarding the - Licensed Material not stated herein are separate from and - independent of the terms and conditions of this Public License. - . - . - Section 8 -- Interpretation. - . - a. For the avoidance of doubt, this Public License does not, and - shall not be interpreted to, reduce, limit, restrict, or impose - conditions on any use of the Licensed Material that could lawfully - be made without permission under this Public License. - . - b. To the extent possible, if any provision of this Public License is - deemed unenforceable, it shall be automatically reformed to the - minimum extent necessary to make it enforceable. If the provision - cannot be reformed, it shall be severed from this Public License - without affecting the enforceability of the remaining terms and - conditions. - . - c. No term or condition of this Public License will be waived and no - failure to comply consented to unless expressly agreed to by the - Licensor. - . - d. Nothing in this Public License constitutes or may be interpreted - as a limitation upon, or waiver of, any privileges and immunities - that apply to the Licensor or You, including from the legal - processes of any jurisdiction or authority. - . - . - ======================================================================= - . - Creative Commons is not a party to its public - licenses. Notwithstanding, Creative Commons may elect to apply one of - its public licenses to material it publishes and in those instances - will be considered the “Licensor.” The text of the Creative Commons - public licenses is dedicated to the public domain under the CC0 Public - Domain Dedication. Except for the limited purpose of indicating that - material is shared under a Creative Commons public license or as - otherwise permitted by the Creative Commons policies published at - creativecommons.org/policies, Creative Commons does not authorize the - use of the trademark "Creative Commons" or any other trademark or logo - of Creative Commons without its prior written consent including, - without limitation, in connection with any unauthorized modifications - to any of its public licenses or any other arrangements, - understandings, or agreements concerning use of licensed material. For - the avoidance of doubt, this paragraph does not form part of the - public licenses. - . - Creative Commons may be contacted at creativecommons.org. - -License: CC-BY-4.0 - Attribution 4.0 International - . - ======================================================================= - . - Creative Commons Corporation ("Creative Commons") is not a law firm and - does not provide legal services or legal advice. Distribution of - Creative Commons public licenses does not create a lawyer-client or - other relationship. Creative Commons makes its licenses and related - information available on an "as-is" basis. Creative Commons gives no - warranties regarding its licenses, any material licensed under their - terms and conditions, or any related information. Creative Commons - disclaims all liability for damages resulting from their use to the - fullest extent possible. - . - Using Creative Commons Public Licenses - . - Creative Commons public licenses provide a standard set of terms and - conditions that creators and other rights holders may use to share - original works of authorship and other material subject to copyright - and certain other rights specified in the public license below. The - following considerations are for informational purposes only, are not - exhaustive, and do not form part of our licenses. - . - Considerations for licensors: Our public licenses are - intended for use by those authorized to give the public - permission to use material in ways otherwise restricted by - copyright and certain other rights. Our licenses are - irrevocable. Licensors should read and understand the terms - and conditions of the license they choose before applying it. - Licensors should also secure all rights necessary before - applying our licenses so that the public can reuse the - material as expected. Licensors should clearly mark any - material not subject to the license. This includes other CC- - licensed material, or material used under an exception or - limitation to copyright. More considerations for licensors: - wiki.creativecommons.org/Considerations_for_licensors - . - Considerations for the public: By using one of our public - licenses, a licensor grants the public permission to use the - licensed material under specified terms and conditions. If - the licensor's permission is not necessary for any reason--for - example, because of any applicable exception or limitation to - copyright--then that use is not regulated by the license. Our - licenses grant only permissions under copyright and certain - other rights that a licensor has authority to grant. Use of - the licensed material may still be restricted for other - reasons, including because others have copyright or other - rights in the material. A licensor may make special requests, - such as asking that all changes be marked or described. - Although not required by our licenses, you are encouraged to - respect those requests where reasonable. More_considerations - for the public: - wiki.creativecommons.org/Considerations_for_licensees - . - ======================================================================= - . - Creative Commons Attribution 4.0 International Public License - . - By exercising the Licensed Rights (defined below), You accept and agree - to be bound by the terms and conditions of this Creative Commons - Attribution 4.0 International Public License ("Public License"). To the - extent this Public License may be interpreted as a contract, You are - granted the Licensed Rights in consideration of Your acceptance of - these terms and conditions, and the Licensor grants You such rights in - consideration of benefits the Licensor receives from making the - Licensed Material available under these terms and conditions. - . - . - Section 1 -- Definitions. - . - a. Adapted Material means material subject to Copyright and Similar - Rights that is derived from or based upon the Licensed Material - and in which the Licensed Material is translated, altered, - arranged, transformed, or otherwise modified in a manner requiring - permission under the Copyright and Similar Rights held by the - Licensor. For purposes of this Public License, where the Licensed - Material is a musical work, performance, or sound recording, - Adapted Material is always produced where the Licensed Material is - synched in timed relation with a moving image. - . - b. Adapter's License means the license You apply to Your Copyright - and Similar Rights in Your contributions to Adapted Material in - accordance with the terms and conditions of this Public License. - . - c. Copyright and Similar Rights means copyright and/or similar rights - closely related to copyright including, without limitation, - performance, broadcast, sound recording, and Sui Generis Database - Rights, without regard to how the rights are labeled or - categorized. For purposes of this Public License, the rights - specified in Section 2(b)(1)-(2) are not Copyright and Similar - Rights. - . - d. Effective Technological Measures means those measures that, in the - absence of proper authority, may not be circumvented under laws - fulfilling obligations under Article 11 of the WIPO Copyright - Treaty adopted on December 20, 1996, and/or similar international - agreements. - . - e. Exceptions and Limitations means fair use, fair dealing, and/or - any other exception or limitation to Copyright and Similar Rights - that applies to Your use of the Licensed Material. - . - f. Licensed Material means the artistic or literary work, database, - or other material to which the Licensor applied this Public - License. - . - g. Licensed Rights means the rights granted to You subject to the - terms and conditions of this Public License, which are limited to - all Copyright and Similar Rights that apply to Your use of the - Licensed Material and that the Licensor has authority to license. - . - h. Licensor means the individual(s) or entity(ies) granting rights - under this Public License. - . - i. Share means to provide material to the public by any means or - process that requires permission under the Licensed Rights, such - as reproduction, public display, public performance, distribution, - dissemination, communication, or importation, and to make material - available to the public including in ways that members of the - public may access the material from a place and at a time - individually chosen by them. - . - j. Sui Generis Database Rights means rights other than copyright - resulting from Directive 96/9/EC of the European Parliament and of - the Council of 11 March 1996 on the legal protection of databases, - as amended and/or succeeded, as well as other essentially - equivalent rights anywhere in the world. - . - k. You means the individual or entity exercising the Licensed Rights - under this Public License. Your has a corresponding meaning. - . - . - Section 2 -- Scope. - . - a. License grant. - . - 1. Subject to the terms and conditions of this Public License, - the Licensor hereby grants You a worldwide, royalty-free, - non-sublicensable, non-exclusive, irrevocable license to - exercise the Licensed Rights in the Licensed Material to: - . - a. reproduce and Share the Licensed Material, in whole or - in part; and - . - b. produce, reproduce, and Share Adapted Material. - . - 2. Exceptions and Limitations. For the avoidance of doubt, where - Exceptions and Limitations apply to Your use, this Public - License does not apply, and You do not need to comply with - its terms and conditions. - . - 3. Term. The term of this Public License is specified in Section - 6(a). - . - 4. Media and formats; technical modifications allowed. The - Licensor authorizes You to exercise the Licensed Rights in - all media and formats whether now known or hereafter created, - and to make technical modifications necessary to do so. The - Licensor waives and/or agrees not to assert any right or - authority to forbid You from making technical modifications - necessary to exercise the Licensed Rights, including - technical modifications necessary to circumvent Effective - Technological Measures. For purposes of this Public License, - simply making modifications authorized by this Section 2(a) - (4) never produces Adapted Material. - . - 5. Downstream recipients. - . - a. Offer from the Licensor -- Licensed Material. Every - recipient of the Licensed Material automatically - receives an offer from the Licensor to exercise the - Licensed Rights under the terms and conditions of this - Public License. - . - b. No downstream restrictions. You may not offer or impose - any additional or different terms or conditions on, or - apply any Effective Technological Measures to, the - Licensed Material if doing so restricts exercise of the - Licensed Rights by any recipient of the Licensed - Material. - . - 6. No endorsement. Nothing in this Public License constitutes or - may be construed as permission to assert or imply that You - are, or that Your use of the Licensed Material is, connected - with, or sponsored, endorsed, or granted official status by, - the Licensor or others designated to receive attribution as - provided in Section 3(a)(1)(A)(i). - . - b. Other rights. - . - 1. Moral rights, such as the right of integrity, are not - licensed under this Public License, nor are publicity, - privacy, and/or other similar personality rights; however, to - the extent possible, the Licensor waives and/or agrees not to - assert any such rights held by the Licensor to the limited - extent necessary to allow You to exercise the Licensed - Rights, but not otherwise. - . - 2. Patent and trademark rights are not licensed under this - Public License. - . - 3. To the extent possible, the Licensor waives any right to - collect royalties from You for the exercise of the Licensed - Rights, whether directly or through a collecting society - under any voluntary or waivable statutory or compulsory - licensing scheme. In all other cases the Licensor expressly - reserves any right to collect such royalties. - . - . - Section 3 -- License Conditions. - . - Your exercise of the Licensed Rights is expressly made subject to the - following conditions. - . - a. Attribution. - . - 1. If You Share the Licensed Material (including in modified - form), You must: - . - a. retain the following if it is supplied by the Licensor - with the Licensed Material: - . - i. identification of the creator(s) of the Licensed - Material and any others designated to receive - attribution, in any reasonable manner requested by - the Licensor (including by pseudonym if - designated); - . - ii. a copyright notice; - . - iii. a notice that refers to this Public License; - . - iv. a notice that refers to the disclaimer of - warranties; - . - v. a URI or hyperlink to the Licensed Material to the - extent reasonably practicable; - . - b. indicate if You modified the Licensed Material and - retain an indication of any previous modifications; and - . - c. indicate the Licensed Material is licensed under this - Public License, and include the text of, or the URI or - hyperlink to, this Public License. - . - 2. You may satisfy the conditions in Section 3(a)(1) in any - reasonable manner based on the medium, means, and context in - which You Share the Licensed Material. For example, it may be - reasonable to satisfy the conditions by providing a URI or - hyperlink to a resource that includes the required - information. - . - 3. If requested by the Licensor, You must remove any of the - information required by Section 3(a)(1)(A) to the extent - reasonably practicable. - . - 4. If You Share Adapted Material You produce, the Adapter's - License You apply must not prevent recipients of the Adapted - Material from complying with this Public License. - . - . - Section 4 -- Sui Generis Database Rights. - . - Where the Licensed Rights include Sui Generis Database Rights that - apply to Your use of the Licensed Material: - . - a. for the avoidance of doubt, Section 2(a)(1) grants You the right - to extract, reuse, reproduce, and Share all or a substantial - portion of the contents of the database; - . - b. if You include all or a substantial portion of the database - contents in a database in which You have Sui Generis Database - Rights, then the database in which You have Sui Generis Database - Rights (but not its individual contents) is Adapted Material; and - . - c. You must comply with the conditions in Section 3(a) if You Share - all or a substantial portion of the contents of the database. - . - For the avoidance of doubt, this Section 4 supplements and does not - replace Your obligations under this Public License where the Licensed - Rights include other Copyright and Similar Rights. - . - . - Section 5 -- Disclaimer of Warranties and Limitation of Liability. - . - a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE - EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS - AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF - ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, - IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, - WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR - PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, - ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT - KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT - ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. - . - b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE - TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, - NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, - INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, - COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR - USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN - ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR - DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR - IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. - . - c. The disclaimer of warranties and limitation of liability provided - above shall be interpreted in a manner that, to the extent - possible, most closely approximates an absolute disclaimer and - waiver of all liability. - . - . - Section 6 -- Term and Termination. - . - a. This Public License applies for the term of the Copyright and - Similar Rights licensed here. However, if You fail to comply with - this Public License, then Your rights under this Public License - terminate automatically. - . - b. Where Your right to use the Licensed Material has terminated under - Section 6(a), it reinstates: - . - 1. automatically as of the date the violation is cured, provided - it is cured within 30 days of Your discovery of the - violation; or - . - 2. upon express reinstatement by the Licensor. - . - For the avoidance of doubt, this Section 6(b) does not affect any - right the Licensor may have to seek remedies for Your violations - of this Public License. - . - c. For the avoidance of doubt, the Licensor may also offer the - Licensed Material under separate terms or conditions or stop - distributing the Licensed Material at any time; however, doing so - will not terminate this Public License. - . - d. Sections 1, 5, 6, 7, and 8 survive termination of this Public - License. - . - . - Section 7 -- Other Terms and Conditions. - . - a. The Licensor shall not be bound by any additional or different - terms or conditions communicated by You unless expressly agreed. - . - b. Any arrangements, understandings, or agreements regarding the - Licensed Material not stated herein are separate from and - independent of the terms and conditions of this Public License. - . - . - Section 8 -- Interpretation. - . - a. For the avoidance of doubt, this Public License does not, and - shall not be interpreted to, reduce, limit, restrict, or impose - conditions on any use of the Licensed Material that could lawfully - be made without permission under this Public License. - . - b. To the extent possible, if any provision of this Public License is - deemed unenforceable, it shall be automatically reformed to the - minimum extent necessary to make it enforceable. If the provision - cannot be reformed, it shall be severed from this Public License - without affecting the enforceability of the remaining terms and - conditions. - . - c. No term or condition of this Public License will be waived and no - failure to comply consented to unless expressly agreed to by the - Licensor. - . - d. Nothing in this Public License constitutes or may be interpreted - as a limitation upon, or waiver of, any privileges and immunities - that apply to the Licensor or You, including from the legal - processes of any jurisdiction or authority. - . - . - ======================================================================= - . - Creative Commons is not a party to its public - licenses. Notwithstanding, Creative Commons may elect to apply one of - its public licenses to material it publishes and in those instances - will be considered the “Licensor.” The text of the Creative Commons - public licenses is dedicated to the public domain under the CC0 Public - Domain Dedication. Except for the limited purpose of indicating that - material is shared under a Creative Commons public license or as - otherwise permitted by the Creative Commons policies published at - creativecommons.org/policies, Creative Commons does not authorize the - use of the trademark "Creative Commons" or any other trademark or logo - of Creative Commons without its prior written consent including, - without limitation, in connection with any unauthorized modifications - to any of its public licenses or any other arrangements, - understandings, or agreements concerning use of licensed material. For - the avoidance of doubt, this paragraph does not form part of the - public licenses. - . - Creative Commons may be contacted at creativecommons.org. - diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubeadm.conf b/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubeadm.conf deleted file mode 100644 index 238704288..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubeadm.conf +++ /dev/null @@ -1,17 +0,0 @@ -# Note: This dropin only works with kubeadm and kubelet v1.11+ -[Service] -Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf" -Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml" -# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically -EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env -# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use -# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file. -EnvironmentFile=-/etc/default/kubelet -ExecStart= -ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS -ExecStartPre=-/usr/local/sbin/sanitize_kubelet_reserved_cpus.sh /etc/default/kubelet -ExecStartPre=-/usr/bin/kubelet-cgroup-setup.sh -ExecStartPost=/bin/bash -c 'echo $MAINPID > /var/run/kubelet.pid;' -ExecStopPost=/bin/rm -f /var/run/kubelet.pid -StartLimitInterval=0 -RestartSec=10 diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-client.install b/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-client.install deleted file mode 100644 index ebe680a47..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-client.install +++ /dev/null @@ -1,2 +0,0 @@ -usr/local/kubernetes/1.27.5/stage2/usr/bin/kubectl -usr/local/kubernetes/1.27.5/stage2/usr/share/bash-completion/completions/kubectl diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-client.lintian-overrides b/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-client.lintian-overrides deleted file mode 100644 index 160b6783b..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-client.lintian-overrides +++ /dev/null @@ -1,9 +0,0 @@ -## Generated man pages: TODO -manpage-has-bad-whatis-entry usr/share/man/* -manpage-has-errors-from-man usr/share/man/man1/* - -## Bash-completion script does not have to be executable: -script-not-executable usr/share/bash-completion/completions/kubectl - -## Override annoying/useless messages -kubernetes-client: spelling-error-in-binary diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-kubeadm.dirs b/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-kubeadm.dirs deleted file mode 100644 index 75c10dac4..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-kubeadm.dirs +++ /dev/null @@ -1 +0,0 @@ -usr/local/kubernetes/1.27.5/stage2/etc/systemd/system/kubelet.service.d/ diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-kubeadm.install b/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-kubeadm.install deleted file mode 100644 index 7a83c6528..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-kubeadm.install +++ /dev/null @@ -1,2 +0,0 @@ -usr/local/kubernetes/1.27.5/stage1/usr/bin/kubeadm -usr/local/kubernetes/1.27.5/stage2/etc/systemd/system/kubelet.service.d/kubeadm.conf diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-master.dirs b/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-master.dirs deleted file mode 100644 index a5764f613..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-master.dirs +++ /dev/null @@ -1,5 +0,0 @@ -etc/kubernetes-1.27.5 -etc/kubernetes-1.27.5/addons -etc/kubernetes-1.27.5/addons/volumesnapshots -etc/kubernetes-1.27.5/addons/volumesnapshots/crd -etc/kubernetes-1.27.5/addons/volumesnapshots/volume-snapshot-controller diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-master.install b/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-master.install deleted file mode 100644 index 6b6deeadf..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-master.install +++ /dev/null @@ -1,8 +0,0 @@ -usr/bin/kube-apiserver -usr/bin/kube-controller-manager -usr/bin/kube-scheduler -etc/kubernetes-1.27.5/addons/volumesnapshots/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml -etc/kubernetes-1.27.5/addons/volumesnapshots/crd/snapshot.storage.k8s.io_volumesnapshotclasses.yaml -etc/kubernetes-1.27.5/addons/volumesnapshots/crd/snapshot.storage.k8s.io_volumesnapshots.yaml -etc/kubernetes-1.27.5/addons/volumesnapshots/volume-snapshot-controller/volume-snapshot-controller-deployment.yaml -etc/kubernetes-1.27.5/addons/volumesnapshots/volume-snapshot-controller/rbac-volume-snapshot-controller.yaml diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-master.lintian-overrides b/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-master.lintian-overrides deleted file mode 100644 index f73c63ffd..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-master.lintian-overrides +++ /dev/null @@ -1,7 +0,0 @@ -## No manual page for hyperkube -kubernetes-master: binary-without-manpage usr/bin/hyperkube - -## Override annoying/useless messages -kubernetes-master: spelling-error-in-binary -kubernetes-master: manpage-has-errors-from-man usr/share/man/man1/* -kubernetes-master: manpage-has-bad-whatis-entry usr/share/man/man1/* diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-misc.docs b/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-misc.docs deleted file mode 100644 index 1dc3a103d..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-misc.docs +++ /dev/null @@ -1,3 +0,0 @@ -src/k8s.io/kubernetes/README.md -src/k8s.io/kubernetes/SUPPORT.md -src/k8s.io/kubernetes/_output/NOTICE diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-misc.install b/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-misc.install deleted file mode 100644 index f5d4f5581..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-misc.install +++ /dev/null @@ -1 +0,0 @@ -usr/bin/kube-proxy diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-misc.manpages b/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-misc.manpages deleted file mode 100644 index e7203adc2..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-misc.manpages +++ /dev/null @@ -1,10 +0,0 @@ -# kubernetes-client -src/k8s.io/kubernetes/_output/man/kubeadm* -src/k8s.io/kubernetes/_output/man/kubectl* -# kubernetes-master -src/k8s.io/kubernetes/_output/man/kube-apiserver* -src/k8s.io/kubernetes/_output/man/kube-scheduler* -src/k8s.io/kubernetes/_output/man/kube-controller-manager* -# kubernetes-node -src/k8s.io/kubernetes/_output/man/kubelet* -src/k8s.io/kubernetes/_output/man/kube-proxy* diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-node.install b/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-node.install deleted file mode 100644 index a01f88d65..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-node.install +++ /dev/null @@ -1 +0,0 @@ -usr/local/kubernetes/1.27.5/stage2/usr/bin/kubelet diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-node.lintian-overrides b/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-node.lintian-overrides deleted file mode 100644 index 99d470def..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-node.lintian-overrides +++ /dev/null @@ -1,4 +0,0 @@ -## Override annoying/useless messages -kubernetes-node: spelling-error-in-binary -kubernetes-node: manpage-has-errors-from-man usr/share/man/man1/* -kubernetes-node: manpage-has-bad-whatis-entry usr/share/man/man1/* diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-unit-test.install b/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-unit-test.install deleted file mode 100644 index 4afdbf051..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/kubernetes-1.27.5-unit-test.install +++ /dev/null @@ -1 +0,0 @@ -var/lib/kubernetes-unit-test/ diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch b/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch deleted file mode 100644 index d13c73d17..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch +++ /dev/null @@ -1,34 +0,0 @@ -From d51af14bfd2653f80d31e5cfdb60335367a4a137 Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Mon, 6 Nov 2023 02:22:16 -0500 -Subject: [PATCH] Affinity of guaranteed pod to non-isolated CPUs - -This corrects kubelet cpumanager static cpuset tracking for isolcpus -for versions 1.26.1 and 1.27.5. This ensures that pods specified with -isolcpus + guaranteed QoS + integer cpu requests, are affined to -exclusive cpuset and tracked as non-isolated cpus. - -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/cpumanager/policy_static.go | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index 98b8d1d882d..125429035a5 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -317,7 +317,10 @@ func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Contai - return nil - } - -- if isolcpus := p.podIsolCPUs(pod, container); isolcpus.Size() > 0 { -+ cpuQuantity := container.Resources.Requests[v1.ResourceCPU] -+ fractionalCpuQuantity := cpuQuantity.MilliValue() % 1000 -+ if isolcpus := p.podIsolCPUs(pod, container); isolcpus.Size() > 0 && -+ v1qos.GetPodQOS(pod) != v1.PodQOSGuaranteed && fractionalCpuQuantity == 0{ - // container has requested isolated CPUs - if set, ok := s.GetCPUSet(string(pod.UID), container.Name); ok { - if set.Equals(isolcpus) { --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch b/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch deleted file mode 100644 index 122e0e67d..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch +++ /dev/null @@ -1,432 +0,0 @@ -From 5b6706de36860aa1d1165a64e0836a81a5936f8a Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Mon, 1 Apr 2024 03:28:34 -0400 -Subject: [PATCH] Identify platform pods based on pod or namespace labels - -Pods with namespace 'kube-system', or labeled with -'app.starlingx.io/component=platform' are identified as 'platform'. -These have isolated cpu affinity cpuset when cpu-manager 'static' -policy is configured. - -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/cpumanager/policy_static.go | 96 ++++++++++-- - .../cm/cpumanager/policy_static_test.go | 148 +++++++++++++++++- - .../cm/cpumanager/topology_hints_test.go | 4 + - 3 files changed, 235 insertions(+), 13 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index 9d67f4bb68a..c6fb56b5544 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -17,14 +17,20 @@ limitations under the License. - package cpumanager - - import ( -+ "context" - "fmt" - "strconv" - -+ k8sclient "k8s.io/client-go/kubernetes" -+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -+ restclient "k8s.io/client-go/rest" - v1 "k8s.io/api/core/v1" -+ "k8s.io/client-go/tools/clientcmd" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/klog/v2" - podutil "k8s.io/kubernetes/pkg/api/v1/pod" - v1qos "k8s.io/kubernetes/pkg/apis/core/v1/helper/qos" -+ "k8s.io/kubernetes/cmd/kubeadm/app/constants" - "k8s.io/kubernetes/pkg/features" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" -@@ -45,6 +51,23 @@ const ( - ErrorSMTAlignment = "SMTAlignmentError" - ) - -+// Declared as variables so that they can easily more -+// overridden during testing -+type getPodNamespace func(string) (*v1.Namespace, error) -+type buildFromConfigFlag func(masterUrl string, kubeconfigPath string) (*restclient.Config, error) -+type isKubeInfraFunc func(pod *v1.Pod) bool -+ -+var varGetNamespaceObject getPodNamespace -+var varBuildConfigFromFlags buildFromConfigFlag -+var varIsKubeInfra isKubeInfraFunc -+ -+func init() { -+ varIsKubeInfra = isKubeInfra -+ varGetNamespaceObject = getPodNamespaceObject -+ varBuildConfigFromFlags = clientcmd.BuildConfigFromFlags -+} -+ -+ - // SMTAlignmentError represents an error due to SMT alignment - type SMTAlignmentError struct { - RequestedCPUs int -@@ -64,11 +87,6 @@ func (e SMTAlignmentError) Type() string { - return ErrorSMTAlignment - } - --// Define namespaces used by platform infrastructure pods --var infraNamespaces = [...]string{ -- "kube-system", "armada", "cert-manager", "platform-deployment-manager", "portieris", "vault", "notification", "flux-helm", "metrics-server", --} -- - // staticPolicy is a CPU manager policy that does not change CPU - // assignments for exclusively pinned guaranteed containers after the main - // container process starts. -@@ -324,7 +342,7 @@ func (p *staticPolicy) updateCPUsToReuse(pod *v1.Pod, container *v1.Container, c - - func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Container) (rerr error) { - // Process infra pods before guaranteed pods -- if isKubeInfra(pod) { -+ if varIsKubeInfra(pod) { - // Container belongs in reserved pool. - // We don't want to fall through to the p.guaranteedCPUs() clause below so return either nil or error. - if _, ok := s.GetCPUSet(string(pod.UID), container.Name); ok { -@@ -522,7 +540,7 @@ func (p *staticPolicy) guaranteedCPUs(pod *v1.Pod, container *v1.Container) int - return 0 - } - // Infrastructure pods use reserved CPUs even if they're in the Guaranteed QoS class -- if isKubeInfra(pod) { -+ if varIsKubeInfra(pod) { - return 0 - } - // Safe downcast to do for all systems with < 2.1 billion CPUs. -@@ -743,14 +761,68 @@ func (p *staticPolicy) generateCPUTopologyHints(availableCPUs cpuset.CPUSet, reu - return hints - } - --// check if a given pod is in a platform infrastructure namespace -+func getPodNamespaceObject(podNamespaceName string) (*v1.Namespace, error) { -+ -+ kubeConfigPath := constants.GetKubeletKubeConfigPath() -+ cfg, err := varBuildConfigFromFlags("", kubeConfigPath) -+ if err != nil { -+ klog.Error("Failed to build client config from ", kubeConfigPath, err.Error()) -+ return nil, err -+ } -+ -+ clientset, err := k8sclient.NewForConfig(cfg) -+ if err != nil { -+ klog.Error("Failed to get clientset for KUBECONFIG ", kubeConfigPath, err.Error()) -+ return nil, err -+ } -+ -+ namespaceObj, err := clientset.CoreV1().Namespaces().Get(context.TODO(), podNamespaceName, metav1.GetOptions{}) -+ if err != nil { -+ klog.Error("Error getting namespace object:", err.Error()) -+ return nil, err -+ } -+ -+ return namespaceObj, nil -+ -+} -+ -+// check if a given pod is labelled as platform pod or -+// is in a namespace labelled as a platform namespace - func isKubeInfra(pod *v1.Pod) bool { -- for _, namespace := range infraNamespaces { -- if namespace == pod.Namespace { -- return true -- } -+ -+ podName := pod.GetName() -+ podNamespaceName := pod.GetNamespace() -+ -+ if podNamespaceName == "kube-system" { -+ klog.Infof("Pod %s has %s namespace. Treating as platform pod.", podName , podNamespaceName) -+ return true -+ } -+ -+ klog.InfoS("Checking pod ", podName , " for label 'app.starlingx.io/component=platform'.") -+ podLabels := pod.GetLabels() -+ val, ok := podLabels["app.starlingx.io/component"] -+ if (ok && val == "platform") { -+ klog.InfoS("Pod ", podName, " has 'app.starlingx.io/component=platform' label. Treating as platform pod.") -+ return true - } -+ -+ klog.V(4).InfoS("Pod ", pod.GetName(), " does not have 'app.starlingx.io/component=platform' label. Checking its namespace information...") -+ -+ namespaceObj, err := varGetNamespaceObject(podNamespaceName) -+ if err != nil { -+ return false -+ } -+ -+ namespaceLabels := namespaceObj.GetLabels() -+ val, ok = namespaceLabels["app.starlingx.io/component"] -+ if ok && val == "platform" { -+ klog.InfoS("For pod: ", podName, ", its Namespace ", podNamespaceName, " has 'app.starlingx.io/component=platform' label. Treating as platform pod.") -+ return true -+ } -+ -+ klog.InfoS("Neither pod ", podName, " nor its namespace ", podNamespaceName, " has 'app.starlingx.io/component=platform' label. Not treating as platform pod.") - return false -+ - } - - // get the isolated CPUs (if any) from the devices associated with a specific container -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index c25ee484a94..0f9b428bc18 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -17,10 +17,13 @@ limitations under the License. - package cpumanager - - import ( -+ "errors" - "fmt" - "reflect" - "testing" - -+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -+ restclient "k8s.io/client-go/rest" - v1 "k8s.io/api/core/v1" - utilfeature "k8s.io/apiserver/pkg/util/feature" - featuregatetesting "k8s.io/component-base/featuregate/testing" -@@ -926,6 +929,7 @@ type staticPolicyTestWithResvList struct { - stAssignments state.ContainerCPUAssignments - stDefaultCPUSet cpuset.CPUSet - pod *v1.Pod -+ isKubeInfraPodfunc isKubeInfraFunc - expErr error - expNewErr error - expCPUAlloc bool -@@ -998,6 +1002,14 @@ func TestStaticPolicyStartWithResvList(t *testing.T) { - } - } - -+func fakeIsKubeInfraTrue(pod *v1.Pod) bool { -+ return true -+} -+ -+func fakeIsKubeInfraFalse(pod *v1.Pod) bool { -+ return false -+} -+ - func TestStaticPolicyAddWithResvList(t *testing.T) { - infraPod := makePod("fakePod", "fakeContainer2", "200m", "200m") - infraPod.Namespace = "kube-system" -@@ -1011,6 +1023,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - stAssignments: state.ContainerCPUAssignments{}, - stDefaultCPUSet: cpuset.New(1, 2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "8000m", "8000m"), -+ isKubeInfraPodfunc: fakeIsKubeInfraFalse, - expErr: fmt.Errorf("not enough cpus available to satisfy request"), - expCPUAlloc: false, - expCSet: cpuset.New(), -@@ -1024,6 +1037,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - stAssignments: state.ContainerCPUAssignments{}, - stDefaultCPUSet: cpuset.New(2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "1000m", "1000m"), -+ isKubeInfraPodfunc: fakeIsKubeInfraFalse, - expErr: nil, - expCPUAlloc: true, - expCSet: cpuset.New(4), // expect sibling of partial core -@@ -1041,6 +1055,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - }, - stDefaultCPUSet: cpuset.New(0, 1, 4, 5), - pod: makePod("fakePod", "fakeContainer3", "2000m", "2000m"), -+ isKubeInfraPodfunc: fakeIsKubeInfraFalse, - expErr: nil, - expCPUAlloc: true, - expCSet: cpuset.New(4, 5), -@@ -1058,6 +1073,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - }, - stDefaultCPUSet: cpuset.New(4, 5), - pod: infraPod, -+ isKubeInfraPodfunc: fakeIsKubeInfraTrue, - expErr: nil, - expCPUAlloc: true, - expCSet: cpuset.New(0, 1), -@@ -1075,6 +1091,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - }, - stDefaultCPUSet: cpuset.New(4, 5), - pod: infraPod, -+ isKubeInfraPodfunc: fakeIsKubeInfraTrue, - expErr: nil, - expCPUAlloc: true, - expCSet: cpuset.New(0), -@@ -1090,7 +1107,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - assignments: testCase.stAssignments, - defaultCPUSet: testCase.stDefaultCPUSet, - } -- -+ varIsKubeInfra = testCase.isKubeInfraPodfunc - container := &testCase.pod.Spec.Containers[0] - err := policy.Allocate(st, testCase.pod, container) - if !reflect.DeepEqual(err, testCase.expErr) { -@@ -1215,3 +1232,132 @@ func newCPUSetPtr(cpus ...int) *cpuset.CPUSet { - ret := cpuset.New(cpus...) - return &ret - } -+ -+func makePodWithLabels(podLabels map[string]string) *v1.Pod { -+ return &v1.Pod{ -+ ObjectMeta: metav1.ObjectMeta{ -+ Name: "test-pod", -+ Namespace: "test-namespace", -+ Labels: podLabels, -+ }, -+ } -+} -+ -+func fakeBuildConfigFromFlags(masterUrl string, kubeconfigPath string) (*restclient.Config, error) { -+ -+ return &restclient.Config{}, nil -+} -+ -+func fakeBuildConfigFromFlagsError(masterUrl string, kubeconfigPath string) (*restclient.Config, error) { -+ -+ errString := fmt.Sprintf("%s file not found", kubeconfigPath) -+ return nil, errors.New(errString) -+ -+} -+ -+func getFakeInfraPodNamespace(_ string) (*v1.Namespace, error) { -+ -+ return &v1.Namespace{ -+ ObjectMeta: metav1.ObjectMeta{ -+ Name: "test-namespace", -+ Labels: map[string]string{ -+ "app.starlingx.io/component": "platform", -+ }, -+ }}, nil -+} -+ -+func getFakeNonInfraPodNamespace(_ string) (*v1.Namespace, error) { -+ -+ return &v1.Namespace{ -+ ObjectMeta: metav1.ObjectMeta{ -+ Name: "test-namespace", -+ Labels: map[string]string{ -+ "fake": "label", -+ }}}, nil -+ -+} -+ -+type kubeInfraPodTestCase struct { -+ description string -+ pod *v1.Pod -+ namespaceFunc getPodNamespace -+ expectedValue bool -+} -+ -+func TestKubeInfraPod(t *testing.T) { -+ testCases := []kubeInfraPodTestCase{ -+ { -+ description: "Pod with platform label and namespace with platform label", -+ pod: makePodWithLabels(map[string]string{ -+ "app.starlingx.io/component": "platform", -+ }), -+ namespaceFunc: getFakeInfraPodNamespace, -+ expectedValue: true, -+ }, -+ { -+ description: "Pod with platform label and namespace without platform label", -+ pod: makePodWithLabels(map[string]string{ -+ "app.starlingx.io/component": "platform", -+ }), -+ namespaceFunc: getFakeNonInfraPodNamespace, -+ expectedValue: true, -+ -+ }, -+ { -+ description: "Pod without platform label and namespace with platform label", -+ pod: makePodWithLabels(map[string]string{ -+ "test": "label", -+ }), -+ namespaceFunc: getFakeInfraPodNamespace, -+ expectedValue: true, -+ }, -+ { -+ description: "Pod without platform label and namespace without platform label", -+ pod: makePodWithLabels(map[string]string{ -+ "test": "namespace", -+ }), -+ namespaceFunc: getFakeNonInfraPodNamespace, -+ expectedValue: false, -+ }, -+ -+ } -+ -+ for _, testCase := range testCases { -+ t.Run(testCase.description, func(t *testing.T) { -+ -+ varGetNamespaceObject = testCase.namespaceFunc -+ varBuildConfigFromFlags = fakeBuildConfigFromFlags -+ gotValue := isKubeInfra(testCase.pod) -+ -+ if gotValue != testCase.expectedValue { -+ t.Errorf("StaticPolicy isKubeInfraPod() error %v. expected value %v actual value %v", -+ testCase.description, testCase.expectedValue, gotValue) -+ } else { -+ fmt.Printf("StaticPolicy isKubeInfraPod() test successful. : %v ", testCase.description) -+ } -+ -+ }) -+ } -+ -+ test := kubeInfraPodTestCase{ -+ description: "Failure reading kubeconfig file", -+ pod: makePodWithLabels(map[string]string{ -+ "test": "namespace", -+ }), -+ namespaceFunc: getFakeNonInfraPodNamespace, -+ expectedValue: false, -+ } -+ -+ varGetNamespaceObject = getPodNamespaceObject -+ varBuildConfigFromFlags = fakeBuildConfigFromFlagsError -+ -+ gotValue := isKubeInfra(test.pod) -+ -+ if gotValue != test.expectedValue { -+ t.Errorf("StaticPolicy isKubeInfraPod() error %v. expected value %v actual value %v", -+ test.description, test.expectedValue, gotValue) -+ } else { -+ fmt.Printf("StaticPolicy isKubeInfraPod() test successful. : %v ", test.description) -+ } -+ -+} -diff --git a/pkg/kubelet/cm/cpumanager/topology_hints_test.go b/pkg/kubelet/cm/cpumanager/topology_hints_test.go -index 3cd5c85740b..e1303c90418 100644 ---- a/pkg/kubelet/cm/cpumanager/topology_hints_test.go -+++ b/pkg/kubelet/cm/cpumanager/topology_hints_test.go -@@ -145,6 +145,7 @@ func TestPodGuaranteedCPUs(t *testing.T) { - expectedCPU: 6, - }, - } -+ varIsKubeInfra = fakeIsKubeInfraFalse - for _, tc := range tcases { - requestedCPU := p.podGuaranteedCPUs(tc.pod) - -@@ -187,6 +188,7 @@ func TestGetTopologyHints(t *testing.T) { - sourcesReady: &sourcesReadyStub{}, - } - -+ varIsKubeInfra = fakeIsKubeInfraFalse - hints := m.GetTopologyHints(&tc.pod, &tc.container)[string(v1.ResourceCPU)] - if len(tc.expectedHints) == 0 && len(hints) == 0 { - continue -@@ -240,6 +242,7 @@ func TestGetPodTopologyHints(t *testing.T) { - sourcesReady: &sourcesReadyStub{}, - } - -+ varIsKubeInfra = fakeIsKubeInfraFalse - podHints := m.GetPodTopologyHints(&tc.pod)[string(v1.ResourceCPU)] - if len(tc.expectedHints) == 0 && len(podHints) == 0 { - continue -@@ -423,6 +426,7 @@ func TestGetPodTopologyHintsWithPolicyOptions(t *testing.T) { - sourcesReady: &sourcesReadyStub{}, - } - -+ varIsKubeInfra = fakeIsKubeInfraFalse - podHints := m.GetPodTopologyHints(&testCase.pod)[string(v1.ResourceCPU)] - sort.SliceStable(podHints, func(i, j int) bool { - return podHints[i].LessThan(podHints[j]) --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch b/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch deleted file mode 100644 index 779d11aaa..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch +++ /dev/null @@ -1,169 +0,0 @@ -From 04dfde7f71f18f2681b746347a98b099187d4817 Mon Sep 17 00:00:00 2001 -From: Chris Friesen -Date: Fri, 3 Sep 2021 18:05:15 -0400 -Subject: [PATCH] kubeadm: create platform pods with zero CPU resources - -This specifies zero CPU resources when creating the manifests -for the static platform pods, as a workaround for the lack of -separate resource tracking for platform resources. - -This specifies zero CPU and Memory resources for the coredns -deployment. manifests.go is the main source file for this, -not sure if the coredns.yaml are used but they are updated to -be consistent. - -This specifies CPU limit of 1 for kube-apiserver pod so that it is -treated as a burstable QoS. This gives a boost of cgroup CPUShares -since the burstable cgroup parent has significantly more CPUShares -than best-effort on typical systems. This improves kube-apiserver -API responsiveness. - -This increases kube-apiserver Readiness probe periodSeconds to 10 -based on WRS/SS joint recommendation for minimum probe settings. -This reduces likelihood of kube-apiserver probe failure and -subsequent pod-restart under servere load. This also reduces CPU -demand. - -Signed-off-by: Daniel Safta -Signed-off-by: Boovan Rajendran -Signed-off-by: Jim Gauld ---- - cluster/addons/dns/coredns/coredns.yaml.base | 4 ++-- - cluster/addons/dns/coredns/coredns.yaml.in | 4 ++-- - cluster/addons/dns/coredns/coredns.yaml.sed | 4 ++-- - cmd/kubeadm/app/phases/addons/dns/manifests.go | 4 ++-- - .../app/phases/controlplane/manifests.go | 8 +++++--- - cmd/kubeadm/app/util/staticpod/utils.go | 17 ++++++++++++++++- - 6 files changed, 29 insertions(+), 12 deletions(-) - -diff --git a/cluster/addons/dns/coredns/coredns.yaml.base b/cluster/addons/dns/coredns/coredns.yaml.base -index 8b6b2ab999c..58bd12ce5f2 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.base -+++ b/cluster/addons/dns/coredns/coredns.yaml.base -@@ -145,8 +145,8 @@ spec: - limits: - memory: __DNS__MEMORY__LIMIT__ - requests: -- cpu: 100m -- memory: 70Mi -+ cpu: 0 -+ memory: 0 - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume -diff --git a/cluster/addons/dns/coredns/coredns.yaml.in b/cluster/addons/dns/coredns/coredns.yaml.in -index f35fe8cfe8d..fcd455c44b7 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.in -+++ b/cluster/addons/dns/coredns/coredns.yaml.in -@@ -145,8 +145,8 @@ spec: - limits: - memory: 'dns_memory_limit' - requests: -- cpu: 100m -- memory: 70Mi -+ cpu: 0 -+ memory: 0 - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume -diff --git a/cluster/addons/dns/coredns/coredns.yaml.sed b/cluster/addons/dns/coredns/coredns.yaml.sed -index 5ee04f2880f..88a83466a82 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.sed -+++ b/cluster/addons/dns/coredns/coredns.yaml.sed -@@ -145,8 +145,8 @@ spec: - limits: - memory: $DNS_MEMORY_LIMIT - requests: -- cpu: 100m -- memory: 70Mi -+ cpu: 0 -+ memory: 0 - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume -diff --git a/cmd/kubeadm/app/phases/addons/dns/manifests.go b/cmd/kubeadm/app/phases/addons/dns/manifests.go -index 0e3c6c98c29..0aa23679caa 100644 ---- a/cmd/kubeadm/app/phases/addons/dns/manifests.go -+++ b/cmd/kubeadm/app/phases/addons/dns/manifests.go -@@ -104,8 +104,8 @@ spec: - limits: - memory: 170Mi - requests: -- cpu: 100m -- memory: 70Mi -+ cpu: 0 -+ memory: 0 - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume -diff --git a/cmd/kubeadm/app/phases/controlplane/manifests.go b/cmd/kubeadm/app/phases/controlplane/manifests.go -index 73f4fa56270..343a9011498 100644 ---- a/cmd/kubeadm/app/phases/controlplane/manifests.go -+++ b/cmd/kubeadm/app/phases/controlplane/manifests.go -@@ -63,7 +63,9 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap - LivenessProbe: staticpodutil.LivenessProbe(staticpodutil.GetAPIServerProbeAddress(endpoint), "/livez", int(endpoint.BindPort), v1.URISchemeHTTPS), - ReadinessProbe: staticpodutil.ReadinessProbe(staticpodutil.GetAPIServerProbeAddress(endpoint), "/readyz", int(endpoint.BindPort), v1.URISchemeHTTPS), - StartupProbe: staticpodutil.StartupProbe(staticpodutil.GetAPIServerProbeAddress(endpoint), "/livez", int(endpoint.BindPort), v1.URISchemeHTTPS, cfg.APIServer.TimeoutForControlPlane), -- Resources: staticpodutil.ComponentResources("250m"), -+ // WRS: Increase kube-apiserver cgroup CPUShares to improve API responsiveness; -+ // achieved by setting CPU Limits to make it burstable QoS. -+ Resources: staticpodutil.ComponentLimitResources("0", "1"), - Env: kubeadmutil.GetProxyEnvVars(), - }, mounts.GetVolumes(kubeadmconstants.KubeAPIServer), - map[string]string{kubeadmconstants.KubeAPIServerAdvertiseAddressEndpointAnnotationKey: endpoint.String()}), -@@ -75,7 +77,7 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap - VolumeMounts: staticpodutil.VolumeMountMapToSlice(mounts.GetVolumeMounts(kubeadmconstants.KubeControllerManager)), - LivenessProbe: staticpodutil.LivenessProbe(staticpodutil.GetControllerManagerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeControllerManagerPort, v1.URISchemeHTTPS), - StartupProbe: staticpodutil.StartupProbe(staticpodutil.GetControllerManagerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeControllerManagerPort, v1.URISchemeHTTPS, cfg.APIServer.TimeoutForControlPlane), -- Resources: staticpodutil.ComponentResources("200m"), -+ Resources: staticpodutil.ComponentResources("0"), - Env: kubeadmutil.GetProxyEnvVars(), - }, mounts.GetVolumes(kubeadmconstants.KubeControllerManager), nil), - kubeadmconstants.KubeScheduler: staticpodutil.ComponentPod(v1.Container{ -@@ -86,7 +88,7 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap - VolumeMounts: staticpodutil.VolumeMountMapToSlice(mounts.GetVolumeMounts(kubeadmconstants.KubeScheduler)), - LivenessProbe: staticpodutil.LivenessProbe(staticpodutil.GetSchedulerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeSchedulerPort, v1.URISchemeHTTPS), - StartupProbe: staticpodutil.StartupProbe(staticpodutil.GetSchedulerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeSchedulerPort, v1.URISchemeHTTPS, cfg.APIServer.TimeoutForControlPlane), -- Resources: staticpodutil.ComponentResources("100m"), -+ Resources: staticpodutil.ComponentResources("0"), - Env: kubeadmutil.GetProxyEnvVars(), - }, mounts.GetVolumes(kubeadmconstants.KubeScheduler), nil), - } -diff --git a/cmd/kubeadm/app/util/staticpod/utils.go b/cmd/kubeadm/app/util/staticpod/utils.go -index 0ed80c97e6b..eeda999daf2 100644 ---- a/cmd/kubeadm/app/util/staticpod/utils.go -+++ b/cmd/kubeadm/app/util/staticpod/utils.go -@@ -98,6 +98,18 @@ func ComponentResources(cpu string) v1.ResourceRequirements { - } - } - -+// ComponentLimitResources returns the v1.ResourceRequirements object needed for allocating a specified amount of the CPU with Limits -+func ComponentLimitResources(cpu string, lcpu string) v1.ResourceRequirements { -+ return v1.ResourceRequirements{ -+ Requests: v1.ResourceList{ -+ v1.ResourceCPU: resource.MustParse(cpu), -+ }, -+ Limits: v1.ResourceList{ -+ v1.ResourceCPU: resource.MustParse(lcpu), -+ }, -+ } -+} -+ - // NewVolume creates a v1.Volume with a hostPath mount to the specified location - func NewVolume(name, path string, pathType *v1.HostPathType) v1.Volume { - return v1.Volume{ -@@ -251,7 +263,10 @@ func LivenessProbe(host, path string, port int, scheme v1.URIScheme) *v1.Probe { - func ReadinessProbe(host, path string, port int, scheme v1.URIScheme) *v1.Probe { - // sets initialDelaySeconds as '0' because we don't want to delay user infrastructure checks - // looking for "ready" status on kubeadm static Pods -- return createHTTPProbe(host, path, port, scheme, 0, 15, 3, 1) -+ // WRS/SS joint recommendation: All pods probes should have following minimum probe -+ // settings unless required by the service (initialDelaySecond 0, periodSeconds 10, -+ // timeoutSeconds 5, successThreshold 1, failureThreshold 3) -+ return createHTTPProbe(host, path, port, scheme, 0, 15, 3, 10) - } - - // StartupProbe creates a Probe object with a HTTPGet handler --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch b/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch deleted file mode 100644 index bc030acda..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 583589c3574ffd6e0376579316b30d2a2dcf82f8 Mon Sep 17 00:00:00 2001 -From: Ferdinando Terada -Date: Mon, 23 Dec 2024 17:53:09 -0300 -Subject: [PATCH] Adjust timeout for coredns readinessProbe - -The timeout value for the readinessProbe of CoreDNS was increased. -This adjustment was necessary to avoid issues during stress testing, -ensuring that the component can properly handle high-load situations -and prevent premature failure in readiness checks. ---- - cluster/addons/dns/coredns/coredns.yaml.base | 1 + - cluster/addons/dns/coredns/coredns.yaml.in | 1 + - cluster/addons/dns/coredns/coredns.yaml.sed | 1 + - cmd/kubeadm/app/phases/addons/dns/manifests.go | 1 + - 4 files changed, 4 insertions(+) - -diff --git a/cluster/addons/dns/coredns/coredns.yaml.base b/cluster/addons/dns/coredns/coredns.yaml.base -index 3a0fd7adb72..c8289f7c136 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.base -+++ b/cluster/addons/dns/coredns/coredns.yaml.base -@@ -170,6 +170,7 @@ spec: - path: /ready - port: 8181 - scheme: HTTP -+ timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: -diff --git a/cluster/addons/dns/coredns/coredns.yaml.in b/cluster/addons/dns/coredns/coredns.yaml.in -index 74b59584bc7..974c8337031 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.in -+++ b/cluster/addons/dns/coredns/coredns.yaml.in -@@ -170,6 +170,7 @@ spec: - path: /ready - port: 8181 - scheme: HTTP -+ timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: -diff --git a/cluster/addons/dns/coredns/coredns.yaml.sed b/cluster/addons/dns/coredns/coredns.yaml.sed -index 61afbecd9da..563a8980e07 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.sed -+++ b/cluster/addons/dns/coredns/coredns.yaml.sed -@@ -170,6 +170,7 @@ spec: - path: /ready - port: 8181 - scheme: HTTP -+ timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: -diff --git a/cmd/kubeadm/app/phases/addons/dns/manifests.go b/cmd/kubeadm/app/phases/addons/dns/manifests.go -index 2a2212d5d37..c0be57357e4 100644 ---- a/cmd/kubeadm/app/phases/addons/dns/manifests.go -+++ b/cmd/kubeadm/app/phases/addons/dns/manifests.go -@@ -135,6 +135,7 @@ spec: - path: /ready - port: 8181 - scheme: HTTP -+ timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: --- -2.34.1 - diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch b/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch deleted file mode 100644 index cd6355992..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 80e2b61d4659c89f3f1684cef847d9b0b0318a0b Mon Sep 17 00:00:00 2001 -From: Ramesh Kumar Sivanandam -Date: Fri, 15 Mar 2024 03:47:21 -0400 -Subject: [PATCH] kubeadm: reduce UpgradeManifestTimeout - -This modifies kubeadm UpgradeManifestTimeout from 5 minutes default -to 3 minutes to reduce the unnecessary delay in retries during -kubeadm-upgrade-apply failures. - -The typical control-plane upgrade of static pods is 75 to 85 seconds, -so 3 minutes gives adequate buffer to complete the operation. - -Signed-off-by: Ramesh Kumar Sivanandam ---- - cmd/kubeadm/app/phases/upgrade/staticpods.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cmd/kubeadm/app/phases/upgrade/staticpods.go b/cmd/kubeadm/app/phases/upgrade/staticpods.go -index b62b3e15476..4accf23e454 100644 ---- a/cmd/kubeadm/app/phases/upgrade/staticpods.go -+++ b/cmd/kubeadm/app/phases/upgrade/staticpods.go -@@ -46,7 +46,7 @@ import ( - - const ( - // UpgradeManifestTimeout is timeout of upgrading the static pod manifest -- UpgradeManifestTimeout = 5 * time.Minute -+ UpgradeManifestTimeout = 3 * time.Minute - ) - - // StaticPodPathManager is responsible for tracking the directories used in the static pod upgrade transition --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch b/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch deleted file mode 100644 index 8eaffe5cd..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 9ffea908e29ee477b75fe03baa881e83e8e7f429 Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Mon, 4 Sep 2023 08:05:29 -0400 -Subject: [PATCH] kubelet CFS quota throttling for non integer cpulimit - -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/internal_container_lifecycle_linux.go | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/pkg/kubelet/cm/internal_container_lifecycle_linux.go b/pkg/kubelet/cm/internal_container_lifecycle_linux.go -index a99d01f8884..e5e25cd56de 100644 ---- a/pkg/kubelet/cm/internal_container_lifecycle_linux.go -+++ b/pkg/kubelet/cm/internal_container_lifecycle_linux.go -@@ -39,7 +39,11 @@ func (i *internalContainerLifecycleImpl) PreCreateContainer(pod *v1.Pod, contain - // Disable cgroup CFS throttle at the container level. - // /sys/fs/cgroup/cpu/k8s-infra/kubepods///cpu.cfs_quota_us - // /sys/fs/cgroup/cpu/k8s-infra/kubepods///cpu.cfs_period_us -- if i.cpuManager.GetCPUPolicy() == "static" && v1qos.GetPodQOS(pod) == v1.PodQOSGuaranteed { -+ // We can only set CpuQuota to -1 if we're allocating the entire CPU. -+ // For fractional CPUs the CpuQuota is needed to enforce the limit. -+ cpuQuantity := container.Resources.Requests[v1.ResourceCPU] -+ fractionalCpuQuantity := cpuQuantity.MilliValue()%1000 -+ if i.cpuManager.GetCPUPolicy() == "static" && v1qos.GetPodQOS(pod) == v1.PodQOSGuaranteed && fractionalCpuQuantity == 0 { - containerConfig.Linux.Resources.CpuPeriod = int64(100000) - containerConfig.Linux.Resources.CpuQuota = int64(-1) - } --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch b/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch deleted file mode 100644 index 0ae716cb6..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch +++ /dev/null @@ -1,256 +0,0 @@ -From a5b09eb84feb744c4e3bc6eb1b8936ecd5f42874 Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Wed, 30 Aug 2023 06:01:30 -0400 -Subject: [PATCH] kubelet cpumanager disable CFS quota throttling - -This disables CFS CPU quota to avoid performance degradation due to -Linux kernel CFS quota implementation. Note that 4.18 kernel attempts -to solve the CFS throttling problem, but there are reports that it is -not completely effective. - -This disables CFS quota throttling for Guaranteed pods for both -parent and container cgroups by writing -1 to cgroup cpu.cfs_quota_us. -Disabling has a dramatic latency improvement for HTTP response times. - -This patch is refactored in 1.22.5 due to new internal_container_lifecycle -framework. We leverage the same mechanism to set Linux resources as: -cpu manager: specify the container CPU set during the creation - -Co-authored-by: Jim Gauld -Signed-off-by: Sachin Gopala Krishna -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/cpumanager/cpu_manager.go | 7 +++ - pkg/kubelet/cm/cpumanager/fake_cpu_manager.go | 10 ++++- - pkg/kubelet/cm/helpers_linux.go | 10 +++++ - pkg/kubelet/cm/helpers_linux_test.go | 43 ++++++++++--------- - .../cm/internal_container_lifecycle_linux.go | 9 ++++ - 5 files changed, 57 insertions(+), 22 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager.go b/pkg/kubelet/cm/cpumanager/cpu_manager.go -index 443eecd2d36..9e2dce60501 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager.go -@@ -73,6 +73,9 @@ type Manager interface { - // State returns a read-only interface to the internal CPU manager state. - State() state.Reader - -+ // GetCPUPolicy returns the assigned CPU manager policy -+ GetCPUPolicy() string -+ - // GetTopologyHints implements the topologymanager.HintProvider Interface - // and is consulted to achieve NUMA aware resource alignment among this - // and other resource controllers. -@@ -315,6 +318,10 @@ func (m *manager) State() state.Reader { - return m.state - } - -+func (m *manager) GetCPUPolicy() string { -+ return m.policy.Name() -+} -+ - func (m *manager) GetTopologyHints(pod *v1.Pod, container *v1.Container) map[string][]topologymanager.TopologyHint { - // The pod is during the admission phase. We need to save the pod to avoid it - // being cleaned before the admission ended -diff --git a/pkg/kubelet/cm/cpumanager/fake_cpu_manager.go b/pkg/kubelet/cm/cpumanager/fake_cpu_manager.go -index 93369705135..2e277da9c84 100644 ---- a/pkg/kubelet/cm/cpumanager/fake_cpu_manager.go -+++ b/pkg/kubelet/cm/cpumanager/fake_cpu_manager.go -@@ -28,7 +28,8 @@ import ( - ) - - type fakeManager struct { -- state state.State -+ policy Policy -+ state state.State - } - - func (m *fakeManager) Start(activePods ActivePodsFunc, sourcesReady config.SourcesReady, podStatusProvider status.PodStatusProvider, containerRuntime runtimeService, initialContainers containermap.ContainerMap) error { -@@ -70,6 +71,10 @@ func (m *fakeManager) State() state.Reader { - return m.state - } - -+func (m *fakeManager) GetCPUPolicy() string { -+ return m.policy.Name() -+} -+ - func (m *fakeManager) GetExclusiveCPUs(podUID, containerName string) cpuset.CPUSet { - klog.InfoS("GetExclusiveCPUs", "podUID", podUID, "containerName", containerName) - return cpuset.CPUSet{} -@@ -88,6 +93,7 @@ func (m *fakeManager) GetCPUAffinity(podUID, containerName string) cpuset.CPUSet - // NewFakeManager creates empty/fake cpu manager - func NewFakeManager() Manager { - return &fakeManager{ -- state: state.NewMemoryState(), -+ policy: &nonePolicy{}, -+ state: state.NewMemoryState(), - } - } -diff --git a/pkg/kubelet/cm/helpers_linux.go b/pkg/kubelet/cm/helpers_linux.go -index 18b0df17bfc..76db06a679f 100644 ---- a/pkg/kubelet/cm/helpers_linux.go -+++ b/pkg/kubelet/cm/helpers_linux.go -@@ -170,6 +170,16 @@ func ResourceConfigForPod(pod *v1.Pod, enforceCPULimits bool, cpuPeriod uint64, - // build the result - result := &ResourceConfig{} - if qosClass == v1.PodQOSGuaranteed { -+ // Disable CFS CPU quota to avoid performance degradation due to -+ // Linux kernel CFS throttle implementation. -+ // NOTE: 4.18 kernel attempts to solve CFS throttling problem, -+ // but there are reports that it is not completely effective. -+ // This will configure cgroup CFS parameters at pod level: -+ // /sys/fs/cgroup/cpu/k8s-infra/kubepods//cpu.cfs_quota_us -+ // /sys/fs/cgroup/cpu/k8s-infra/kubepods//cpu.cfs_period_us -+ cpuQuota = int64(-1) -+ cpuPeriod = uint64(100000) -+ - result.CPUShares = &cpuShares - result.CPUQuota = &cpuQuota - result.CPUPeriod = &cpuPeriod -diff --git a/pkg/kubelet/cm/helpers_linux_test.go b/pkg/kubelet/cm/helpers_linux_test.go -index fba41fd49be..60609394659 100644 ---- a/pkg/kubelet/cm/helpers_linux_test.go -+++ b/pkg/kubelet/cm/helpers_linux_test.go -@@ -64,8 +64,9 @@ func TestResourceConfigForPod(t *testing.T) { - burstablePartialShares := MilliCPUToShares(200) - burstableQuota := MilliCPUToQuota(200, int64(defaultQuotaPeriod)) - guaranteedShares := MilliCPUToShares(100) -- guaranteedQuota := MilliCPUToQuota(100, int64(defaultQuotaPeriod)) -- guaranteedTunedQuota := MilliCPUToQuota(100, int64(tunedQuotaPeriod)) -+ guaranteedQuotaPeriod := uint64(100000) -+ guaranteedQuota := int64(-1) -+ guaranteedTunedQuota := int64(-1) - memoryQuantity = resource.MustParse("100Mi") - cpuNoLimit := int64(-1) - guaranteedMemory := memoryQuantity.Value() -@@ -204,8 +205,8 @@ func TestResourceConfigForPod(t *testing.T) { - }, - }, - enforceCPULimits: true, -- quotaPeriod: defaultQuotaPeriod, -- expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &guaranteedQuota, CPUPeriod: &defaultQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &guaranteedQuota, CPUPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-no-cpu-enforcement": { - pod: &v1.Pod{ -@@ -218,8 +219,8 @@ func TestResourceConfigForPod(t *testing.T) { - }, - }, - enforceCPULimits: false, -- quotaPeriod: defaultQuotaPeriod, -- expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &cpuNoLimit, CPUPeriod: &defaultQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &cpuNoLimit, CPUPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-with-tuned-quota": { - pod: &v1.Pod{ -@@ -232,8 +233,8 @@ func TestResourceConfigForPod(t *testing.T) { - }, - }, - enforceCPULimits: true, -- quotaPeriod: tunedQuotaPeriod, -- expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &guaranteedTunedQuota, CPUPeriod: &tunedQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &guaranteedTunedQuota, CPUPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-no-cpu-enforcement-with-tuned-quota": { - pod: &v1.Pod{ -@@ -246,8 +247,8 @@ func TestResourceConfigForPod(t *testing.T) { - }, - }, - enforceCPULimits: false, -- quotaPeriod: tunedQuotaPeriod, -- expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &cpuNoLimit, CPUPeriod: &tunedQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &cpuNoLimit, CPUPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "burstable-partial-limits-with-init-containers": { - pod: &v1.Pod{ -@@ -309,8 +310,10 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - burstablePartialShares := MilliCPUToShares(200) - burstableQuota := MilliCPUToQuota(200, int64(defaultQuotaPeriod)) - guaranteedShares := MilliCPUToShares(100) -- guaranteedQuota := MilliCPUToQuota(100, int64(defaultQuotaPeriod)) -- guaranteedTunedQuota := MilliCPUToQuota(100, int64(tunedQuotaPeriod)) -+ guaranteedQuotaPeriod := uint64(100000) -+ guaranteedQuota := int64(-1) -+ guaranteedTunedQuota := int64(-1) -+ - memoryQuantity = resource.MustParse("100Mi") - cpuNoLimit := int64(-1) - guaranteedMemory := memoryQuantity.Value() -@@ -449,8 +452,8 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - }, - }, - enforceCPULimits: true, -- quotaPeriod: defaultQuotaPeriod, -- expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &guaranteedQuota, CPUPeriod: &defaultQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &guaranteedQuota, CPUPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-no-cpu-enforcement": { - pod: &v1.Pod{ -@@ -463,8 +466,8 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - }, - }, - enforceCPULimits: false, -- quotaPeriod: defaultQuotaPeriod, -- expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &cpuNoLimit, CPUPeriod: &defaultQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &cpuNoLimit, CPUPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-with-tuned-quota": { - pod: &v1.Pod{ -@@ -477,8 +480,8 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - }, - }, - enforceCPULimits: true, -- quotaPeriod: tunedQuotaPeriod, -- expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &guaranteedTunedQuota, CPUPeriod: &tunedQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &guaranteedTunedQuota, CPUPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-no-cpu-enforcement-with-tuned-quota": { - pod: &v1.Pod{ -@@ -491,8 +494,8 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - }, - }, - enforceCPULimits: false, -- quotaPeriod: tunedQuotaPeriod, -- expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &cpuNoLimit, CPUPeriod: &tunedQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &cpuNoLimit, CPUPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - } - -diff --git a/pkg/kubelet/cm/internal_container_lifecycle_linux.go b/pkg/kubelet/cm/internal_container_lifecycle_linux.go -index cb7c0cfa543..a99d01f8884 100644 ---- a/pkg/kubelet/cm/internal_container_lifecycle_linux.go -+++ b/pkg/kubelet/cm/internal_container_lifecycle_linux.go -@@ -25,6 +25,7 @@ import ( - - "k8s.io/api/core/v1" - runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1" -+ v1qos "k8s.io/kubernetes/pkg/apis/core/v1/helper/qos" - ) - - func (i *internalContainerLifecycleImpl) PreCreateContainer(pod *v1.Pod, container *v1.Container, containerConfig *runtimeapi.ContainerConfig) error { -@@ -35,6 +36,14 @@ func (i *internalContainerLifecycleImpl) PreCreateContainer(pod *v1.Pod, contain - } - } - -+ // Disable cgroup CFS throttle at the container level. -+ // /sys/fs/cgroup/cpu/k8s-infra/kubepods///cpu.cfs_quota_us -+ // /sys/fs/cgroup/cpu/k8s-infra/kubepods///cpu.cfs_period_us -+ if i.cpuManager.GetCPUPolicy() == "static" && v1qos.GetPodQOS(pod) == v1.PodQOSGuaranteed { -+ containerConfig.Linux.Resources.CpuPeriod = int64(100000) -+ containerConfig.Linux.Resources.CpuQuota = int64(-1) -+ } -+ - if i.memoryManager != nil { - numaNodes := i.memoryManager.GetMemoryNUMANodes(pod, container) - if numaNodes.Len() > 0 { --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch b/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch deleted file mode 100644 index 567ad5c29..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch +++ /dev/null @@ -1,167 +0,0 @@ -From bb0a722834dc5cc1caf545652828869a42b50ea2 Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Tue, 5 Sep 2023 06:27:39 -0400 -Subject: [PATCH] kubelet cpumanager infra pods use system reserved CPUs - -This assigns system infrastructure pods to the "reserved" cpuset -to isolate them from the shared pool of CPUs. - -Infrastructure pods include any pods that belong to the kube-system, -armada, cert-manager, vault, platform-deployment-manager, portieris, -notification, flux-helm or metrics-server namespaces. - -The implementation is a bit simplistic, it is assumed that the -"reserved" cpuset is large enough to handle all infrastructure pods -CPU allocations. - -This also prevents infrastucture pods from using Guaranteed resources. - -Co-authored-by: Jim Gauld -Signed-off-by: Gleb Aronsky -Signed-off-by: Thiago Miranda -Signed-off-by: Kaustubh Dhokte -Signed-off-by: Ramesh Kumar Sivanandam -Signed-off-by: Sachin Gopala Krishna -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/cpumanager/policy_static.go | 50 ++++++++++++++++--- - .../cm/cpumanager/policy_static_test.go | 19 ++++++- - 2 files changed, 62 insertions(+), 7 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index d25b2482537..1fdb49b52ad 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -62,6 +62,11 @@ func (e SMTAlignmentError) Type() string { - return ErrorSMTAlignment - } - -+// Define namespaces used by platform infrastructure pods -+var infraNamespaces = [...]string{ -+ "kube-system", "armada", "cert-manager", "platform-deployment-manager", "portieris", "vault", "notification", "flux-helm", "metrics-server", -+} -+ - // staticPolicy is a CPU manager policy that does not change CPU - // assignments for exclusively pinned guaranteed containers after the main - // container process starts. -@@ -140,11 +145,11 @@ func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reserv - klog.InfoS("Static policy created with configuration", "options", opts) - - policy := &staticPolicy{ -- topology: topology, -- affinity: affinity, -+ topology: topology, -+ affinity: affinity, - excludeReserved: excludeReserved, -- cpusToReuse: make(map[string]cpuset.CPUSet), -- options: opts, -+ cpusToReuse: make(map[string]cpuset.CPUSet), -+ options: opts, - } - - allCPUs := topology.CPUDetails.CPUs() -@@ -222,8 +227,8 @@ func (p *staticPolicy) validateState(s state.State) error { - // - user tampered with file - if !p.excludeReserved { - if !p.reservedCPUs.Intersection(tmpDefaultCPUset).Equals(p.reservedCPUs) { -- return fmt.Errorf("not all reserved cpus: \"%s\" are present in defaultCpuSet: \"%s\"", -- p.reservedCPUs.String(), tmpDefaultCPUset.String()) -+ return fmt.Errorf("not all reserved cpus: \"%s\" are present in defaultCpuSet: \"%s\"", -+ p.reservedCPUs.String(), tmpDefaultCPUset.String()) - } - } - // 2. Check if state for static policy is consistent -@@ -302,6 +307,25 @@ func (p *staticPolicy) updateCPUsToReuse(pod *v1.Pod, container *v1.Container, c - } - - func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Container) (rerr error) { -+ // Process infra pods before guaranteed pods -+ if isKubeInfra(pod) { -+ // Container belongs in reserved pool. -+ // We don't want to fall through to the p.guaranteedCPUs() clause below so return either nil or error. -+ if _, ok := s.GetCPUSet(string(pod.UID), container.Name); ok { -+ klog.Infof("[cpumanager] static policy: reserved container already present in state, skipping (namespace: %s, pod UID: %s, pod: %s, container: %s)", pod.Namespace, string(pod.UID), pod.Name, container.Name) -+ return nil -+ } -+ -+ cpuset := p.reservedCPUs -+ if cpuset.IsEmpty() { -+ // If this happens then someone messed up. -+ return fmt.Errorf("[cpumanager] static policy: reserved container unable to allocate cpus (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v, reserved:%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset, p.reservedCPUs) -+ } -+ s.SetCPUSet(string(pod.UID), container.Name, cpuset) -+ klog.Infof("[cpumanager] static policy: reserved: AddContainer (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset) -+ return nil -+ } -+ - numCPUs := p.guaranteedCPUs(pod, container) - if numCPUs == 0 { - // container belongs in the shared pool (nothing to do; use default cpuset) -@@ -453,6 +477,10 @@ func (p *staticPolicy) guaranteedCPUs(pod *v1.Pod, container *v1.Container) int - if cpuQuantity.Value()*1000 != cpuQuantity.MilliValue() { - return 0 - } -+ // Infrastructure pods use reserved CPUs even if they're in the Guaranteed QoS class -+ if isKubeInfra(pod) { -+ return 0 -+ } - // Safe downcast to do for all systems with < 2.1 billion CPUs. - // Per the language spec, `int` is guaranteed to be at least 32 bits wide. - // https://golang.org/ref/spec#Numeric_types -@@ -671,6 +699,16 @@ func (p *staticPolicy) generateCPUTopologyHints(availableCPUs cpuset.CPUSet, reu - return hints - } - -+// check if a given pod is in a platform infrastructure namespace -+func isKubeInfra(pod *v1.Pod) bool { -+ for _, namespace := range infraNamespaces { -+ if namespace == pod.Namespace { -+ return true -+ } -+ } -+ return false -+} -+ - // isHintSocketAligned function return true if numa nodes in hint are socket aligned. - func (p *staticPolicy) isHintSocketAligned(hint topologymanager.TopologyHint, minAffinitySize int) bool { - numaNodesBitMask := hint.NUMANodeAffinity.GetBits() -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index c4675394a93..63f31486d19 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -988,7 +988,8 @@ func TestStaticPolicyStartWithResvList(t *testing.T) { - } - - func TestStaticPolicyAddWithResvList(t *testing.T) { -- -+ infraPod := makePod("fakePod", "fakeContainer2", "200m", "200m") -+ infraPod.Namespace = "kube-system" - testCases := []staticPolicyTestWithResvList{ - { - description: "GuPodSingleCore, SingleSocketHT, ExpectError", -@@ -1030,6 +1031,22 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - expCPUAlloc: true, - expCSet: cpuset.New(4, 5), - }, -+ { -+ description: "InfraPod, SingleSocketHT, ExpectAllocReserved", -+ topo: topoSingleSocketHT, -+ numReservedCPUs: 2, -+ reserved: cpuset.New(0, 1), -+ stAssignments: state.ContainerCPUAssignments{ -+ "fakePod": map[string]cpuset.CPUSet{ -+ "fakeContainer100": cpuset.New(2, 3, 6, 7), -+ }, -+ }, -+ stDefaultCPUSet: cpuset.New(4, 5), -+ pod: infraPod, -+ expErr: nil, -+ expCPUAlloc: true, -+ expCSet: cpuset.New(0, 1), -+ }, - } - - testExcl := true --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch b/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch deleted file mode 100644 index 8a0d87833..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch +++ /dev/null @@ -1,743 +0,0 @@ -From b51d6c0ba6dfd9a34c7f6832d17840820f9985eb Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Fri, 8 Sep 2023 10:46:07 -0400 -Subject: [PATCH] kubelet cpumanager introduce concept of isolated CPUs - -This introduces the concept of "isolated CPUs", which are CPUs that -have been isolated at the kernel level via the "isolcpus" kernel boot -parameter. - -When starting the kubelet process, two separate sets of reserved CPUs -may be specified. With this change CPUs reserved via -'--system-reserved=cpu' will be used for infrastructure pods while the -isolated CPUs should be reserved via '--kube-reserved=cpu' to cause -kubelet to skip over them for "normal" CPU resource tracking. The -kubelet code will double-check that the specified isolated CPUs match -what the kernel exposes in "/sys/devices/system/cpu/isolated". - -A plugin (outside the scope of this commit) will expose the isolated -CPUs to kubelet via the device plugin API. - -If a pod specifies some number of "isolcpus" resources, the device -manager will allocate them. In this code we check whether such -resources have been allocated, and if so we set the container cpuset to -the isolated CPUs. This does mean that it really only makes sense to -specify "isolcpus" resources for best-effort or burstable pods, not for -guaranteed ones since that would throw off the accounting code. In -order to ensure the accounting still works as designed, if "isolcpus" -are specified for guaranteed pods, the affinity will be set to the -non-isolated CPUs. - -This patch was refactored in 1.21.3 due to upstream API change -node: podresources: make GetDevices() consistent -(commit ad68f9588c72d6477b5a290c548a9031063ac659). - -The routine podIsolCPUs() was refactored in 1.21.3 since the API -p.deviceManager.GetDevices() is returning multiple devices with -a device per cpu. The resultant cpuset needs to be the aggregate. - -The routine NewStaticPolicy was refactored in 1.22.5, adding a new argument -in its signature: cpuPolicyOptions map[string]string. This change is implies -shifting the new arguments(deviceManager, excludeReserved) with one position -to the right. - -Co-authored-by: Jim Gauld -Co-authored-by: Chris Friesen -Signed-off-by: Gleb Aronsky -Signed-off-by: Ramesh Kumar Sivanandam -Signed-off-by: Sachin Gopala Krishna -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/container_manager_linux.go | 1 + - pkg/kubelet/cm/cpumanager/cpu_manager.go | 35 ++++++- - pkg/kubelet/cm/cpumanager/cpu_manager_test.go | 23 ++++- - pkg/kubelet/cm/cpumanager/policy_static.go | 83 ++++++++++++++-- - .../cm/cpumanager/policy_static_test.go | 53 ++++++++-- - pkg/kubelet/cm/devicemanager/manager_stub.go | 99 +++++++++++++++++++ - 6 files changed, 273 insertions(+), 21 deletions(-) - create mode 100644 pkg/kubelet/cm/devicemanager/manager_stub.go - -diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go -index 02cb34ddcdc..ae8daf2465f 100644 ---- a/pkg/kubelet/cm/container_manager_linux.go -+++ b/pkg/kubelet/cm/container_manager_linux.go -@@ -325,6 +325,7 @@ func NewContainerManager(mountUtil mount.Interface, cadvisorInterface cadvisor.I - cm.GetNodeAllocatableReservation(), - nodeConfig.KubeletRootDir, - cm.topologyManager, -+ cm.deviceManager, - ) - if err != nil { - klog.ErrorS(err, "Failed to initialize cpu manager") -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager.go b/pkg/kubelet/cm/cpumanager/cpu_manager.go -index e2c89efeb2e..6e9d3938aef 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager.go -@@ -19,7 +19,9 @@ package cpumanager - import ( - "context" - "fmt" -+ "io/ioutil" - "math" -+ "strings" - "sync" - "time" - -@@ -33,6 +35,7 @@ import ( - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" - "k8s.io/kubernetes/pkg/kubelet/cm/cpuset" -+ "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - "k8s.io/kubernetes/pkg/kubelet/config" - kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" -@@ -51,6 +54,25 @@ type policyName string - // cpuManagerStateFileName is the file name where cpu manager stores its state - const cpuManagerStateFileName = "cpu_manager_state" - -+// get the system-level isolated CPUs -+func getIsolcpus() cpuset.CPUSet { -+ dat, err := ioutil.ReadFile("/sys/devices/system/cpu/isolated") -+ if err != nil { -+ klog.Errorf("[cpumanager] unable to read sysfs isolcpus subdir") -+ return cpuset.New() -+ } -+ -+ // The isolated cpus string ends in a newline -+ cpustring := strings.TrimSuffix(string(dat), "\n") -+ cset, err := cpuset.Parse(cpustring) -+ if err != nil { -+ klog.Errorf("[cpumanager] unable to parse sysfs isolcpus string to cpuset") -+ return cpuset.New() -+ } -+ -+ return cset -+} -+ - // Manager interface provides methods for Kubelet to manage pod cpus. - type Manager interface { - // Start is called during Kubelet initialization. -@@ -154,7 +176,8 @@ func (s *sourcesReadyStub) AddSource(source string) {} - func (s *sourcesReadyStub) AllReady() bool { return true } - - // NewManager creates new cpu manager based on provided policy --func NewManager(cpuPolicyName string, cpuPolicyOptions map[string]string, reconcilePeriod time.Duration, machineInfo *cadvisorapi.MachineInfo, specificCPUs cpuset.CPUSet, nodeAllocatableReservation v1.ResourceList, stateFileDirectory string, affinity topologymanager.Store) (Manager, error) { -+func NewManager(cpuPolicyName string, cpuPolicyOptions map[string]string, reconcilePeriod time.Duration, machineInfo *cadvisorapi.MachineInfo, specificCPUs cpuset.CPUSet, nodeAllocatableReservation v1.ResourceList, stateFileDirectory string, affinity topologymanager.Store, deviceManager devicemanager.Manager) (Manager, error) { -+ - var topo *topology.CPUTopology - var policy Policy - var err error -@@ -195,7 +218,15 @@ func NewManager(cpuPolicyName string, cpuPolicyOptions map[string]string, reconc - // NOTE: Set excludeReserved unconditionally to exclude reserved CPUs from default cpuset. - // This variable is primarily to make testing easier. - excludeReserved := true -- policy, err = NewStaticPolicy(topo, numReservedCPUs, specificCPUs, affinity, cpuPolicyOptions, excludeReserved) -+ -+ // isolCPUs is the set of kernel-isolated CPUs. They should be a subset of specificCPUs or -+ // of the CPUs that NewStaticPolicy() will pick if numReservedCPUs is set. It's only in the -+ // argument list here for ease of testing, it's really internal to the policy. -+ isolCPUs := getIsolcpus() -+ policy, err = NewStaticPolicy(topo, numReservedCPUs, specificCPUs, isolCPUs, affinity, cpuPolicyOptions, deviceManager, excludeReserved) -+ if err != nil { -+ return nil, fmt.Errorf("new static policy error: %v", err) -+ } - - if err != nil { - return nil, fmt.Errorf("new static policy error: %w", err) -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -index bb69b0ac084..44a88429a12 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -@@ -37,6 +37,7 @@ import ( - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" - "k8s.io/kubernetes/pkg/kubelet/cm/cpuset" -+ "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - ) - -@@ -215,6 +216,7 @@ func makeMultiContainerPod(initCPUs, appCPUs []struct{ request, limit string }) - } - - func TestCPUManagerAdd(t *testing.T) { -+ testDM, _ := devicemanager.NewManagerStub() - testExcl := false - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ -@@ -230,8 +232,10 @@ func TestCPUManagerAdd(t *testing.T) { - }, - 0, - cpuset.New(), -+ cpuset.New(), - topologymanager.NewFakeManager(), - nil, -+ testDM, - testExcl) - testCases := []struct { - description string -@@ -482,8 +486,9 @@ func TestCPUManagerAddWithInitContainers(t *testing.T) { - } - - testExcl := false -+ testDM, _ := devicemanager.NewManagerStub() - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil, testExcl) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), cpuset.New(), topologymanager.NewFakeManager(), nil, testDM, testExcl) - - mockState := &mockState{ - assignments: testCase.stAssignments, -@@ -638,7 +643,9 @@ func TestCPUManagerGenerate(t *testing.T) { - } - defer os.RemoveAll(sDir) - -- mgr, err := NewManager(testCase.cpuPolicyName, nil, 5*time.Second, machineInfo, cpuset.New(), testCase.nodeAllocatableReservation, sDir, topologymanager.NewFakeManager()) -+ testDM, err := devicemanager.NewManagerStub() -+ mgr, err := NewManager(testCase.cpuPolicyName, nil, 5*time.Second, machineInfo, cpuset.New(), testCase.nodeAllocatableReservation, sDir, topologymanager.NewFakeManager(), testDM) -+ - if testCase.expectedError != nil { - if !strings.Contains(err.Error(), testCase.expectedError.Error()) { - t.Errorf("Unexpected error message. Have: %s wants %s", err.Error(), testCase.expectedError.Error()) -@@ -709,6 +716,7 @@ func TestCPUManagerRemove(t *testing.T) { - - func TestReconcileState(t *testing.T) { - testExcl := false -+ testDM, _ := devicemanager.NewManagerStub() - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 8, -@@ -727,8 +735,10 @@ func TestReconcileState(t *testing.T) { - }, - 0, - cpuset.New(), -+ cpuset.New(), - topologymanager.NewFakeManager(), - nil, -+ testDM, - testExcl) - - testCases := []struct { -@@ -1234,6 +1244,7 @@ func TestReconcileState(t *testing.T) { - // the following tests are with --reserved-cpus configured - func TestCPUManagerAddWithResvList(t *testing.T) { - testExcl := false -+ testDM, _ := devicemanager.NewManagerStub() - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 4, -@@ -1248,8 +1259,10 @@ func TestCPUManagerAddWithResvList(t *testing.T) { - }, - 1, - cpuset.New(0), -+ cpuset.New(), - topologymanager.NewFakeManager(), - nil, -+ testDM, - testExcl) - testCases := []struct { - description string -@@ -1362,7 +1375,8 @@ func TestCPUManagerHandlePolicyOptions(t *testing.T) { - } - defer os.RemoveAll(sDir) - -- _, err = NewManager(testCase.cpuPolicyName, testCase.cpuPolicyOptions, 5*time.Second, machineInfo, cpuset.New(), nodeAllocatableReservation, sDir, topologymanager.NewFakeManager()) -+ testDM, err := devicemanager.NewManagerStub() -+ _, err = NewManager(testCase.cpuPolicyName, testCase.cpuPolicyOptions, 5*time.Second, machineInfo, cpuset.New(), nodeAllocatableReservation, sDir, topologymanager.NewFakeManager(), testDM) - if err == nil { - t.Errorf("Expected error, but NewManager succeeded") - } -@@ -1376,6 +1390,7 @@ func TestCPUManagerHandlePolicyOptions(t *testing.T) { - - func TestCPUManagerGetAllocatableCPUs(t *testing.T) { - testExcl := false -+ testDm, _ := devicemanager.NewManagerStub() - nonePolicy, _ := NewNonePolicy(nil) - staticPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ -@@ -1391,8 +1406,10 @@ func TestCPUManagerGetAllocatableCPUs(t *testing.T) { - }, - 1, - cpuset.New(0), -+ cpuset.New(), - topologymanager.NewFakeManager(), - nil, -+ testDm, - testExcl) - - testCases := []struct { -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index 1fdb49b52ad..49f63dd9efd 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -18,6 +18,7 @@ package cpumanager - - import ( - "fmt" -+ "strconv" - - v1 "k8s.io/api/core/v1" - utilfeature "k8s.io/apiserver/pkg/util/feature" -@@ -28,6 +29,7 @@ import ( - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" - "k8s.io/kubernetes/pkg/kubelet/cm/cpuset" -+ "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager/bitmask" - "k8s.io/kubernetes/pkg/kubelet/metrics" -@@ -110,6 +112,10 @@ type staticPolicy struct { - topology *topology.CPUTopology - // set of CPUs that is not available for exclusive assignment - reservedCPUs cpuset.CPUSet -+ // subset of reserved CPUs with isolcpus attribute -+ isolcpus cpuset.CPUSet -+ // parent containerManager, used to get device list -+ deviceManager devicemanager.Manager - // If true, default CPUSet should exclude reserved CPUs - excludeReserved bool - // Superset of reservedCPUs. It includes not just the reservedCPUs themselves, -@@ -132,7 +138,8 @@ var _ Policy = &staticPolicy{} - // NewStaticPolicy returns a CPU manager policy that does not change CPU - // assignments for exclusively pinned guaranteed containers after the main - // container process starts. --func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reservedCPUs cpuset.CPUSet, affinity topologymanager.Store, cpuPolicyOptions map[string]string, excludeReserved bool) (Policy, error) { -+func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reservedCPUs cpuset.CPUSet, isolCPUs cpuset.CPUSet, affinity topologymanager.Store, cpuPolicyOptions map[string]string, deviceManager devicemanager.Manager, excludeReserved bool) (Policy, error) { -+ - opts, err := NewStaticPolicyOptions(cpuPolicyOptions) - if err != nil { - return nil, err -@@ -147,6 +154,8 @@ func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reserv - policy := &staticPolicy{ - topology: topology, - affinity: affinity, -+ isolcpus: isolCPUs, -+ deviceManager: deviceManager, - excludeReserved: excludeReserved, - cpusToReuse: make(map[string]cpuset.CPUSet), - options: opts, -@@ -183,6 +192,12 @@ func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reserv - policy.reservedCPUs = reserved - policy.reservedPhysicalCPUs = reservedPhysicalCPUs - -+ if !isolCPUs.IsSubsetOf(reserved) { -+ klog.Errorf("[cpumanager] isolCPUs %v is not a subset of reserved %v", isolCPUs, reserved) -+ reserved = reserved.Union(isolCPUs) -+ klog.Warningf("[cpumanager] mismatch isolCPUs %v, force reserved %v", isolCPUs, reserved) -+ } -+ - return policy, nil - } - -@@ -216,8 +231,9 @@ func (p *staticPolicy) validateState(s state.State) error { - } else { - s.SetDefaultCPUSet(allCPUs) - } -- klog.Infof("[cpumanager] static policy: CPUSet: allCPUs:%v, reserved:%v, default:%v\n", -- allCPUs, p.reservedCPUs, s.GetDefaultCPUSet()) -+ klog.Infof("[cpumanager] static policy: CPUSet: allCPUs:%v, reserved:%v, isolcpus:%v, default:%v\n", -+ allCPUs, p.reservedCPUs, p.isolcpus, s.GetDefaultCPUSet()) -+ - return nil - } - -@@ -316,16 +332,39 @@ func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Contai - return nil - } - -- cpuset := p.reservedCPUs -+ cpuset := p.reservedCPUs.Clone().Difference(p.isolcpus) - if cpuset.IsEmpty() { - // If this happens then someone messed up. -- return fmt.Errorf("[cpumanager] static policy: reserved container unable to allocate cpus (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v, reserved:%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset, p.reservedCPUs) -+ return fmt.Errorf("[cpumanager] static policy: reserved container unable to allocate cpus (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v, reserved:%v, isolcpus:%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset, p.reservedCPUs, p.isolcpus) -+ - } - s.SetCPUSet(string(pod.UID), container.Name, cpuset) - klog.Infof("[cpumanager] static policy: reserved: AddContainer (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset) - return nil - } - -+ if isolcpus := p.podIsolCPUs(pod, container); isolcpus.Size() > 0 { -+ // container has requested isolated CPUs -+ if set, ok := s.GetCPUSet(string(pod.UID), container.Name); ok { -+ if set.Equals(isolcpus) { -+ klog.Infof("[cpumanager] isolcpus container already present in state, skipping (namespace: %s, pod UID: %s, pod: %s, container: %s)", -+ pod.Namespace, string(pod.UID), pod.Name, container.Name) -+ return nil -+ } else { -+ klog.Infof("[cpumanager] isolcpus container state has cpus %v, should be %v (namespace: %s, pod UID: %s, pod: %s, container: %s)", -+ isolcpus, set, pod.Namespace, string(pod.UID), pod.Name, container.Name) -+ } -+ } -+ // Note that we do not do anything about init containers here. -+ // It looks like devices are allocated per-pod based on effective requests/limits -+ // and extra devices from initContainers are not freed up when the regular containers start. -+ // TODO: confirm this is still true for 1.20 -+ s.SetCPUSet(string(pod.UID), container.Name, isolcpus) -+ klog.Infof("[cpumanager] isolcpus: AddContainer (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v", -+ pod.Namespace, string(pod.UID), pod.Name, container.Name, isolcpus) -+ return nil -+ } -+ - numCPUs := p.guaranteedCPUs(pod, container) - if numCPUs == 0 { - // container belongs in the shared pool (nothing to do; use default cpuset) -@@ -391,7 +430,9 @@ func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Contai - } - s.SetCPUSet(string(pod.UID), container.Name, cpuset) - p.updateCPUsToReuse(pod, container, cpuset) -- -+ klog.Infof("[cpumanager] guaranteed: AddContainer "+ -+ "(namespace: %s, pod UID: %s, pod: %s, container: %s); numCPUS=%d, cpuset=%v", -+ pod.Namespace, string(pod.UID), pod.Name, container.Name, numCPUs, cpuset) - return nil - } - -@@ -709,6 +750,36 @@ func isKubeInfra(pod *v1.Pod) bool { - return false - } - -+// get the isolated CPUs (if any) from the devices associated with a specific container -+func (p *staticPolicy) podIsolCPUs(pod *v1.Pod, container *v1.Container) cpuset.CPUSet { -+ // NOTE: This is required for TestStaticPolicyAdd() since makePod() does -+ // not create UID. We also need a way to properly stub devicemanager. -+ if len(string(pod.UID)) == 0 { -+ return cpuset.New() -+ } -+ resContDevices := p.deviceManager.GetDevices(string(pod.UID), container.Name) -+ cpuSet := cpuset.New() -+ for resourceName, resourceDevs := range resContDevices { -+ // this resource name needs to match the isolcpus device plugin -+ if resourceName == "windriver.com/isolcpus" { -+ for devID, _ := range resourceDevs { -+ cpuStrList := []string{devID} -+ if len(cpuStrList) > 0 { -+ // loop over the list of strings, convert each one to int, add to cpuset -+ for _, cpuStr := range cpuStrList { -+ cpu, err := strconv.Atoi(cpuStr) -+ if err != nil { -+ panic(err) -+ } -+ cpuSet = cpuSet.Union(cpuset.New(cpu)) -+ } -+ } -+ } -+ } -+ } -+ return cpuSet -+} -+ - // isHintSocketAligned function return true if numa nodes in hint are socket aligned. - func (p *staticPolicy) isHintSocketAligned(hint topologymanager.TopologyHint, minAffinitySize int) bool { - numaNodesBitMask := hint.NUMANodeAffinity.GetBits() -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index 63f31486d19..c25ee484a94 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -28,6 +28,7 @@ import ( - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" - "k8s.io/kubernetes/pkg/kubelet/cm/cpuset" -+ "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager/bitmask" - ) -@@ -70,8 +71,9 @@ func (spt staticPolicyTest) PseudoClone() staticPolicyTest { - } - - func TestStaticPolicyName(t *testing.T) { -+ testDM, _ := devicemanager.NewManagerStub() - testExcl := false -- policy, _ := NewStaticPolicy(topoSingleSocketHT, 1, cpuset.New(), topologymanager.NewFakeManager(), nil, testExcl) -+ policy, _ := NewStaticPolicy(topoSingleSocketHT, 1, cpuset.New(), cpuset.New(), topologymanager.NewFakeManager(), nil, testDM, testExcl) - - policyName := policy.Name() - if policyName != "static" { -@@ -81,6 +83,7 @@ func TestStaticPolicyName(t *testing.T) { - } - - func TestStaticPolicyStart(t *testing.T) { -+ testDM, _ := devicemanager.NewManagerStub() - testCases := []staticPolicyTest{ - { - description: "non-corrupted state", -@@ -156,7 +159,7 @@ func TestStaticPolicyStart(t *testing.T) { - } - for _, testCase := range testCases { - t.Run(testCase.description, func(t *testing.T) { -- p, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil, testCase.excludeReserved) -+ p, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), cpuset.New(), topologymanager.NewFakeManager(), nil, testDM, testCase.excludeReserved) - - policy := p.(*staticPolicy) - st := &mockState{ -@@ -204,7 +207,6 @@ func TestStaticPolicyAdd(t *testing.T) { - largeTopoCPUSet := cpuset.New(largeTopoCPUids...) - largeTopoSock0CPUSet := cpuset.New(largeTopoSock0CPUids...) - largeTopoSock1CPUSet := cpuset.New(largeTopoSock1CPUids...) -- - // these are the cases which must behave the same regardless the policy options. - // So we will permutate the options to ensure this holds true. - -@@ -627,7 +629,9 @@ func runStaticPolicyTestCase(t *testing.T, testCase staticPolicyTest) { - cpus = testCase.reservedCPUs.Clone() - } - testExcl := false -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpus, tm, testCase.options, testExcl) -+ testDM, _ := devicemanager.NewManagerStub() -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpus, cpus, tm, testCase.options, testDM, testExcl) -+ - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -674,6 +678,8 @@ func runStaticPolicyTestCaseWithFeatureGate(t *testing.T, testCase staticPolicyT - } - - func TestStaticPolicyReuseCPUs(t *testing.T) { -+ excludeReserved := false -+ testDM, _ := devicemanager.NewManagerStub() - testCases := []struct { - staticPolicyTest - expCSetAfterAlloc cpuset.CPUSet -@@ -698,7 +704,7 @@ func TestStaticPolicyReuseCPUs(t *testing.T) { - } - - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil, testCase.excludeReserved) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), cpuset.New(), topologymanager.NewFakeManager(), nil, testDM, excludeReserved) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -731,6 +737,7 @@ func TestStaticPolicyReuseCPUs(t *testing.T) { - - func TestStaticPolicyRemove(t *testing.T) { - excludeReserved := false -+ testDM, _ := devicemanager.NewManagerStub() - testCases := []staticPolicyTest{ - { - description: "SingleSocketHT, DeAllocOneContainer", -@@ -789,7 +796,7 @@ func TestStaticPolicyRemove(t *testing.T) { - } - - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil, excludeReserved) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), cpuset.New(), topologymanager.NewFakeManager(), nil, testDM, excludeReserved) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -812,6 +819,7 @@ func TestStaticPolicyRemove(t *testing.T) { - - func TestTopologyAwareAllocateCPUs(t *testing.T) { - excludeReserved := false -+ testDM, _ := devicemanager.NewManagerStub() - testCases := []struct { - description string - topo *topology.CPUTopology -@@ -880,7 +888,8 @@ func TestTopologyAwareAllocateCPUs(t *testing.T) { - }, - } - for _, tc := range testCases { -- p, _ := NewStaticPolicy(tc.topo, 0, cpuset.New(), topologymanager.NewFakeManager(), nil, excludeReserved) -+ p, _ := NewStaticPolicy(tc.topo, 0, cpuset.New(), cpuset.New(), topologymanager.NewFakeManager(), nil, testDM, excludeReserved) -+ - policy := p.(*staticPolicy) - st := &mockState{ - assignments: tc.stAssignments, -@@ -913,6 +922,7 @@ type staticPolicyTestWithResvList struct { - topo *topology.CPUTopology - numReservedCPUs int - reserved cpuset.CPUSet -+ isolcpus cpuset.CPUSet - stAssignments state.ContainerCPUAssignments - stDefaultCPUSet cpuset.CPUSet - pod *v1.Pod -@@ -923,6 +933,8 @@ type staticPolicyTestWithResvList struct { - } - - func TestStaticPolicyStartWithResvList(t *testing.T) { -+ testDM, _ := devicemanager.NewManagerStub() -+ testExcl := false - testCases := []staticPolicyTestWithResvList{ - { - description: "empty cpuset", -@@ -952,10 +964,9 @@ func TestStaticPolicyStartWithResvList(t *testing.T) { - expNewErr: fmt.Errorf("[cpumanager] unable to reserve the required amount of CPUs (size of 0-1 did not equal 1)"), - }, - } -- testExcl := false - for _, testCase := range testCases { - t.Run(testCase.description, func(t *testing.T) { -- p, err := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil, testExcl) -+ p, err := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, cpuset.New(), topologymanager.NewFakeManager(), nil, testDM, testExcl) - - if !reflect.DeepEqual(err, testCase.expNewErr) { - t.Errorf("StaticPolicy Start() error (%v). expected error: %v but got: %v", -@@ -996,6 +1007,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - topo: topoSingleSocketHT, - numReservedCPUs: 1, - reserved: cpuset.New(0), -+ isolcpus: cpuset.New(), - stAssignments: state.ContainerCPUAssignments{}, - stDefaultCPUSet: cpuset.New(1, 2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "8000m", "8000m"), -@@ -1008,6 +1020,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - topo: topoSingleSocketHT, - numReservedCPUs: 2, - reserved: cpuset.New(0, 1), -+ isolcpus: cpuset.New(), - stAssignments: state.ContainerCPUAssignments{}, - stDefaultCPUSet: cpuset.New(2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "1000m", "1000m"), -@@ -1020,6 +1033,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - topo: topoSingleSocketHT, - numReservedCPUs: 2, - reserved: cpuset.New(0, 1), -+ isolcpus: cpuset.New(), - stAssignments: state.ContainerCPUAssignments{ - "fakePod": map[string]cpuset.CPUSet{ - "fakeContainer100": cpuset.New(2, 3, 6, 7), -@@ -1036,6 +1050,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - topo: topoSingleSocketHT, - numReservedCPUs: 2, - reserved: cpuset.New(0, 1), -+ isolcpus: cpuset.New(), - stAssignments: state.ContainerCPUAssignments{ - "fakePod": map[string]cpuset.CPUSet{ - "fakeContainer100": cpuset.New(2, 3, 6, 7), -@@ -1047,11 +1062,29 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - expCPUAlloc: true, - expCSet: cpuset.New(0, 1), - }, -+ { -+ description: "InfraPod, SingleSocketHT, Isolcpus, ExpectAllocReserved", -+ topo: topoSingleSocketHT, -+ numReservedCPUs: 2, -+ reserved: cpuset.New(0, 1), -+ isolcpus: cpuset.New(1), -+ stAssignments: state.ContainerCPUAssignments{ -+ "fakePod": map[string]cpuset.CPUSet{ -+ "fakeContainer100": cpuset.New(2, 3, 6, 7), -+ }, -+ }, -+ stDefaultCPUSet: cpuset.New(4, 5), -+ pod: infraPod, -+ expErr: nil, -+ expCPUAlloc: true, -+ expCSet: cpuset.New(0), -+ }, - } - - testExcl := true -+ testDM, _ := devicemanager.NewManagerStub() - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil, testExcl) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, testCase.isolcpus, topologymanager.NewFakeManager(), nil, testDM, testExcl) - - st := &mockState{ - assignments: testCase.stAssignments, -diff --git a/pkg/kubelet/cm/devicemanager/manager_stub.go b/pkg/kubelet/cm/devicemanager/manager_stub.go -new file mode 100644 -index 00000000000..e6874f88d8a ---- /dev/null -+++ b/pkg/kubelet/cm/devicemanager/manager_stub.go -@@ -0,0 +1,99 @@ -+/* -+Copyright 2017 The Kubernetes Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/ -+ -+package devicemanager -+ -+import ( -+ v1 "k8s.io/api/core/v1" -+ "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" -+ "k8s.io/kubernetes/pkg/kubelet/config" -+ "k8s.io/kubernetes/pkg/kubelet/lifecycle" -+ "k8s.io/kubernetes/pkg/kubelet/pluginmanager/cache" -+ schedulerframework "k8s.io/kubernetes/pkg/scheduler/framework" -+) -+ -+// ManagerStub provides a simple stub implementation for the Device Manager. -+type ManagerStub struct{} -+ -+// NewManagerStub creates a ManagerStub. -+func NewManagerStub() (*ManagerStub, error) { -+ return &ManagerStub{}, nil -+} -+ -+// Start simply returns nil. -+func (h *ManagerStub) Start(activePods ActivePodsFunc, sourcesReady config.SourcesReady) error { -+ return nil -+} -+ -+// Stop simply returns nil. -+func (h *ManagerStub) Stop() error { -+ return nil -+} -+ -+// Allocate simply returns nil. -+func (h *ManagerStub) Allocate(pod *v1.Pod, container *v1.Container) error { -+ return nil -+} -+ -+// UpdatePluginResources simply returns nil. -+func (h *ManagerStub) UpdatePluginResources(node *schedulerframework.NodeInfo, attrs *lifecycle.PodAdmitAttributes) error { -+ return nil -+} -+ -+// GetDeviceRunContainerOptions simply returns nil. -+func (h *ManagerStub) GetDeviceRunContainerOptions(pod *v1.Pod, container *v1.Container) (*DeviceRunContainerOptions, error) { -+ return nil, nil -+} -+ -+// GetCapacity simply returns nil capacity and empty removed resource list. -+func (h *ManagerStub) GetCapacity() (v1.ResourceList, v1.ResourceList, []string) { -+ return nil, nil, []string{} -+} -+ -+// GetWatcherHandler returns plugin watcher interface -+func (h *ManagerStub) GetWatcherHandler() cache.PluginHandler { -+ return nil -+} -+ -+// GetTopologyHints returns an empty TopologyHint map -+func (h *ManagerStub) GetTopologyHints(pod *v1.Pod, container *v1.Container) map[string][]topologymanager.TopologyHint { -+ return map[string][]topologymanager.TopologyHint{} -+} -+ -+// GetPodTopologyHints returns an empty TopologyHint map -+func (h *ManagerStub) GetPodTopologyHints(pod *v1.Pod) map[string][]topologymanager.TopologyHint { -+ return map[string][]topologymanager.TopologyHint{} -+} -+ -+// GetDevices returns nil -+func (h *ManagerStub) GetDevices(_, _ string) ResourceDeviceInstances { -+ return nil -+} -+ -+// GetAllocatableDevices returns nothing -+func (h *ManagerStub) GetAllocatableDevices() ResourceDeviceInstances { -+ return nil -+} -+ -+// ShouldResetExtendedResourceCapacity returns false -+func (h *ManagerStub) ShouldResetExtendedResourceCapacity() bool { -+ return false -+} -+ -+// UpdateAllocatedDevices returns nothing -+func (h *ManagerStub) UpdateAllocatedDevices() { -+ return -+} --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch b/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch deleted file mode 100644 index ccd12a941..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch +++ /dev/null @@ -1,357 +0,0 @@ -From 1d1addb2c0a6bac1513a83431998f17aec76cd20 Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Fri, 1 Sep 2023 07:15:25 -0400 -Subject: [PATCH] kubelet cpumanager keep normal containers off reserved CPUs - -When starting the kubelet process, two separate sets of reserved CPUs -may be specified. With this change CPUs reserved via -'--system-reserved=cpu' -or '--kube-reserved=cpu' will be ignored by kubernetes itself. A small -tweak to the default CPU affinity ensures that "normal" Kubernetes -pods won't run on the reserved CPUs. - -Co-authored-by: Jim Gauld -Signed-off-by: Sachin Gopala Krishna -Signed-off-by: Ramesh Kumar Sivanandam -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/cpumanager/cpu_manager.go | 6 ++- - pkg/kubelet/cm/cpumanager/cpu_manager_test.go | 19 +++++++--- - pkg/kubelet/cm/cpumanager/policy_static.go | 30 ++++++++++++--- - .../cm/cpumanager/policy_static_test.go | 38 ++++++++++++++----- - 4 files changed, 71 insertions(+), 22 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager.go b/pkg/kubelet/cm/cpumanager/cpu_manager.go -index 9e2dce60501..e2c89efeb2e 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager.go -@@ -192,7 +192,11 @@ func NewManager(cpuPolicyName string, cpuPolicyOptions map[string]string, reconc - // exclusively allocated. - reservedCPUsFloat := float64(reservedCPUs.MilliValue()) / 1000 - numReservedCPUs := int(math.Ceil(reservedCPUsFloat)) -- policy, err = NewStaticPolicy(topo, numReservedCPUs, specificCPUs, affinity, cpuPolicyOptions) -+ // NOTE: Set excludeReserved unconditionally to exclude reserved CPUs from default cpuset. -+ // This variable is primarily to make testing easier. -+ excludeReserved := true -+ policy, err = NewStaticPolicy(topo, numReservedCPUs, specificCPUs, affinity, cpuPolicyOptions, excludeReserved) -+ - if err != nil { - return nil, fmt.Errorf("new static policy error: %w", err) - } -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -index 250f1eb014a..bb69b0ac084 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -@@ -215,6 +215,7 @@ func makeMultiContainerPod(initCPUs, appCPUs []struct{ request, limit string }) - } - - func TestCPUManagerAdd(t *testing.T) { -+ testExcl := false - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 4, -@@ -230,7 +231,8 @@ func TestCPUManagerAdd(t *testing.T) { - 0, - cpuset.New(), - topologymanager.NewFakeManager(), -- nil) -+ nil, -+ testExcl) - testCases := []struct { - description string - updateErr error -@@ -479,8 +481,9 @@ func TestCPUManagerAddWithInitContainers(t *testing.T) { - }, - } - -+ testExcl := false - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil, testExcl) - - mockState := &mockState{ - assignments: testCase.stAssignments, -@@ -705,6 +708,7 @@ func TestCPUManagerRemove(t *testing.T) { - } - - func TestReconcileState(t *testing.T) { -+ testExcl := false - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 8, -@@ -724,7 +728,8 @@ func TestReconcileState(t *testing.T) { - 0, - cpuset.New(), - topologymanager.NewFakeManager(), -- nil) -+ nil, -+ testExcl) - - testCases := []struct { - description string -@@ -1228,6 +1233,7 @@ func TestReconcileState(t *testing.T) { - // above test cases are without kubelet --reserved-cpus cmd option - // the following tests are with --reserved-cpus configured - func TestCPUManagerAddWithResvList(t *testing.T) { -+ testExcl := false - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 4, -@@ -1243,7 +1249,8 @@ func TestCPUManagerAddWithResvList(t *testing.T) { - 1, - cpuset.New(0), - topologymanager.NewFakeManager(), -- nil) -+ nil, -+ testExcl) - testCases := []struct { - description string - updateErr error -@@ -1368,6 +1375,7 @@ func TestCPUManagerHandlePolicyOptions(t *testing.T) { - } - - func TestCPUManagerGetAllocatableCPUs(t *testing.T) { -+ testExcl := false - nonePolicy, _ := NewNonePolicy(nil) - staticPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ -@@ -1384,7 +1392,8 @@ func TestCPUManagerGetAllocatableCPUs(t *testing.T) { - 1, - cpuset.New(0), - topologymanager.NewFakeManager(), -- nil) -+ nil, -+ testExcl) - - testCases := []struct { - description string -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index 7a82de03da8..d25b2482537 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -105,6 +105,8 @@ type staticPolicy struct { - topology *topology.CPUTopology - // set of CPUs that is not available for exclusive assignment - reservedCPUs cpuset.CPUSet -+ // If true, default CPUSet should exclude reserved CPUs -+ excludeReserved bool - // Superset of reservedCPUs. It includes not just the reservedCPUs themselves, - // but also any siblings of those reservedCPUs on the same physical die. - // NOTE: If the reserved set includes full physical CPUs from the beginning -@@ -125,7 +127,7 @@ var _ Policy = &staticPolicy{} - // NewStaticPolicy returns a CPU manager policy that does not change CPU - // assignments for exclusively pinned guaranteed containers after the main - // container process starts. --func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reservedCPUs cpuset.CPUSet, affinity topologymanager.Store, cpuPolicyOptions map[string]string) (Policy, error) { -+func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reservedCPUs cpuset.CPUSet, affinity topologymanager.Store, cpuPolicyOptions map[string]string, excludeReserved bool) (Policy, error) { - opts, err := NewStaticPolicyOptions(cpuPolicyOptions) - if err != nil { - return nil, err -@@ -140,6 +142,7 @@ func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reserv - policy := &staticPolicy{ - topology: topology, - affinity: affinity, -+ excludeReserved: excludeReserved, - cpusToReuse: make(map[string]cpuset.CPUSet), - options: opts, - } -@@ -201,7 +204,15 @@ func (p *staticPolicy) validateState(s state.State) error { - } - // state is empty initialize - allCPUs := p.topology.CPUDetails.CPUs() -- s.SetDefaultCPUSet(allCPUs) -+ if p.excludeReserved { -+ // Exclude reserved CPUs from the default CPUSet to keep containers off them -+ // unless explicitly affined. -+ s.SetDefaultCPUSet(allCPUs.Difference(p.reservedCPUs)) -+ } else { -+ s.SetDefaultCPUSet(allCPUs) -+ } -+ klog.Infof("[cpumanager] static policy: CPUSet: allCPUs:%v, reserved:%v, default:%v\n", -+ allCPUs, p.reservedCPUs, s.GetDefaultCPUSet()) - return nil - } - -@@ -209,11 +220,12 @@ func (p *staticPolicy) validateState(s state.State) error { - // 1. Check if the reserved cpuset is not part of default cpuset because: - // - kube/system reserved have changed (increased) - may lead to some containers not being able to start - // - user tampered with file -- if !p.reservedCPUs.Intersection(tmpDefaultCPUset).Equals(p.reservedCPUs) { -- return fmt.Errorf("not all reserved cpus: \"%s\" are present in defaultCpuSet: \"%s\"", -- p.reservedCPUs.String(), tmpDefaultCPUset.String()) -+ if !p.excludeReserved { -+ if !p.reservedCPUs.Intersection(tmpDefaultCPUset).Equals(p.reservedCPUs) { -+ return fmt.Errorf("not all reserved cpus: \"%s\" are present in defaultCpuSet: \"%s\"", -+ p.reservedCPUs.String(), tmpDefaultCPUset.String()) -+ } - } -- - // 2. Check if state for static policy is consistent - for pod := range tmpAssignments { - for container, cset := range tmpAssignments[pod] { -@@ -240,6 +252,9 @@ func (p *staticPolicy) validateState(s state.State) error { - } - } - totalKnownCPUs = totalKnownCPUs.Union(tmpCPUSets...) -+ if p.excludeReserved { -+ totalKnownCPUs = totalKnownCPUs.Union(p.reservedCPUs) -+ } - if !totalKnownCPUs.Equals(p.topology.CPUDetails.CPUs()) { - return fmt.Errorf("current set of available CPUs \"%s\" doesn't match with CPUs in state \"%s\"", - p.topology.CPUDetails.CPUs().String(), totalKnownCPUs.String()) -@@ -374,6 +389,9 @@ func (p *staticPolicy) RemoveContainer(s state.State, podUID string, containerNa - cpusInUse := getAssignedCPUsOfSiblings(s, podUID, containerName) - if toRelease, ok := s.GetCPUSet(podUID, containerName); ok { - s.Delete(podUID, containerName) -+ if p.excludeReserved { -+ toRelease = toRelease.Difference(p.reservedCPUs) -+ } - // Mutate the shared pool, adding released cpus. - toRelease = toRelease.Difference(cpusInUse) - s.SetDefaultCPUSet(s.GetDefaultCPUSet().Union(toRelease)) -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index 2c88dee0ba5..c4675394a93 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -36,6 +36,7 @@ type staticPolicyTest struct { - description string - topo *topology.CPUTopology - numReservedCPUs int -+ excludeReserved bool - reservedCPUs *cpuset.CPUSet - podUID string - options map[string]string -@@ -69,7 +70,8 @@ func (spt staticPolicyTest) PseudoClone() staticPolicyTest { - } - - func TestStaticPolicyName(t *testing.T) { -- policy, _ := NewStaticPolicy(topoSingleSocketHT, 1, cpuset.New(), topologymanager.NewFakeManager(), nil) -+ testExcl := false -+ policy, _ := NewStaticPolicy(topoSingleSocketHT, 1, cpuset.New(), topologymanager.NewFakeManager(), nil, testExcl) - - policyName := policy.Name() - if policyName != "static" { -@@ -99,6 +101,15 @@ func TestStaticPolicyStart(t *testing.T) { - stDefaultCPUSet: cpuset.New(), - expCSet: cpuset.New(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11), - }, -+ { -+ description: "empty cpuset exclude reserved", -+ topo: topoDualSocketHT, -+ numReservedCPUs: 2, -+ excludeReserved: true, -+ stAssignments: state.ContainerCPUAssignments{}, -+ stDefaultCPUSet: cpuset.New(), -+ expCSet: cpuset.New(1, 2, 3, 4, 5, 7, 8, 9, 10, 11), -+ }, - { - description: "reserved cores 0 & 6 are not present in available cpuset", - topo: topoDualSocketHT, -@@ -145,7 +156,8 @@ func TestStaticPolicyStart(t *testing.T) { - } - for _, testCase := range testCases { - t.Run(testCase.description, func(t *testing.T) { -- p, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil) -+ p, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil, testCase.excludeReserved) -+ - policy := p.(*staticPolicy) - st := &mockState{ - assignments: testCase.stAssignments, -@@ -614,7 +626,8 @@ func runStaticPolicyTestCase(t *testing.T, testCase staticPolicyTest) { - if testCase.reservedCPUs != nil { - cpus = testCase.reservedCPUs.Clone() - } -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpus, tm, testCase.options) -+ testExcl := false -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpus, tm, testCase.options, testExcl) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -685,7 +698,7 @@ func TestStaticPolicyReuseCPUs(t *testing.T) { - } - - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil, testCase.excludeReserved) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -717,6 +730,7 @@ func TestStaticPolicyReuseCPUs(t *testing.T) { - } - - func TestStaticPolicyRemove(t *testing.T) { -+ excludeReserved := false - testCases := []staticPolicyTest{ - { - description: "SingleSocketHT, DeAllocOneContainer", -@@ -775,7 +789,7 @@ func TestStaticPolicyRemove(t *testing.T) { - } - - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil, excludeReserved) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -797,6 +811,7 @@ func TestStaticPolicyRemove(t *testing.T) { - } - - func TestTopologyAwareAllocateCPUs(t *testing.T) { -+ excludeReserved := false - testCases := []struct { - description string - topo *topology.CPUTopology -@@ -865,7 +880,7 @@ func TestTopologyAwareAllocateCPUs(t *testing.T) { - }, - } - for _, tc := range testCases { -- p, _ := NewStaticPolicy(tc.topo, 0, cpuset.New(), topologymanager.NewFakeManager(), nil) -+ p, _ := NewStaticPolicy(tc.topo, 0, cpuset.New(), topologymanager.NewFakeManager(), nil, excludeReserved) - policy := p.(*staticPolicy) - st := &mockState{ - assignments: tc.stAssignments, -@@ -937,9 +952,11 @@ func TestStaticPolicyStartWithResvList(t *testing.T) { - expNewErr: fmt.Errorf("[cpumanager] unable to reserve the required amount of CPUs (size of 0-1 did not equal 1)"), - }, - } -+ testExcl := false - for _, testCase := range testCases { - t.Run(testCase.description, func(t *testing.T) { -- p, err := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil) -+ p, err := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil, testExcl) -+ - if !reflect.DeepEqual(err, testCase.expNewErr) { - t.Errorf("StaticPolicy Start() error (%v). expected error: %v but got: %v", - testCase.description, testCase.expNewErr, err) -@@ -979,7 +996,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - numReservedCPUs: 1, - reserved: cpuset.New(0), - stAssignments: state.ContainerCPUAssignments{}, -- stDefaultCPUSet: cpuset.New(0, 1, 2, 3, 4, 5, 6, 7), -+ stDefaultCPUSet: cpuset.New(1, 2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "8000m", "8000m"), - expErr: fmt.Errorf("not enough cpus available to satisfy request"), - expCPUAlloc: false, -@@ -991,7 +1008,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - numReservedCPUs: 2, - reserved: cpuset.New(0, 1), - stAssignments: state.ContainerCPUAssignments{}, -- stDefaultCPUSet: cpuset.New(0, 1, 2, 3, 4, 5, 6, 7), -+ stDefaultCPUSet: cpuset.New(2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "1000m", "1000m"), - expErr: nil, - expCPUAlloc: true, -@@ -1015,8 +1032,9 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - }, - } - -+ testExcl := true - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil, testExcl) - - st := &mockState{ - assignments: testCase.stAssignments, --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch b/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch deleted file mode 100644 index 335a41b77..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch +++ /dev/null @@ -1,50 +0,0 @@ -From d4aa04d78e4a2692e93c1fa638dd624720a8504a Mon Sep 17 00:00:00 2001 -From: Jim Gauld -Date: Fri, 11 Feb 2022 11:06:35 -0500 -Subject: [PATCH 04/10] kubelet: sort isolcpus allocation when SMT enabled - -The existing device manager code returns CPUs as devices in unsorted -order. This numerically sorts isolcpus allocations when SMT/HT is -enabled on the host. This logs SMT pairs, singletons, and algorithm -order details to make the algorithm understandable. - -Signed-off-by: Jim Gauld ---- - pkg/kubelet/cm/devicemanager/manager.go | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/pkg/kubelet/cm/devicemanager/manager.go b/pkg/kubelet/cm/devicemanager/manager.go -index 191861d9e4a..4c897f0e032 100644 ---- a/pkg/kubelet/cm/devicemanager/manager.go -+++ b/pkg/kubelet/cm/devicemanager/manager.go -@@ -545,7 +545,16 @@ func order_devices_by_sibling(devices sets.String, needed int) ([]string, error) - return cpu_lst[0] - } - } -+ //Make post-analysis of selection algorithm obvious by numerical sorting -+ //the available isolated cpu_id. -+ cpu_ids := make([]int, 0, int(devices.Len())) - for cpu_id := range devices { -+ cpu_id_, _ := strconv.Atoi(cpu_id) -+ cpu_ids = append(cpu_ids, cpu_id_) -+ } -+ sort.Ints(cpu_ids) -+ for _, _cpu_id := range cpu_ids { -+ cpu_id := strconv.Itoa(_cpu_id) - // If we've already found cpu_id as a sibling, skip it. - if _, ok := _iterated_cpu[cpu_id]; ok { - continue -@@ -587,7 +596,9 @@ func order_devices_by_sibling(devices sets.String, needed int) ([]string, error) - } - } - } -- //klog.Infof("needed=%d ordered_cpu_list=%v", needed, dev_lst) -+ //This algorithm will get some attention. Show minimal details. -+ klog.Infof("order_devices_by_sibling: needed=%d, smtpairs=%v, singletons=%v, order=%v", -+ needed, sibling_lst, single_lst, dev_lst) - return dev_lst, nil - } - func smt_enabled() bool { --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch b/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch deleted file mode 100644 index 49f7f6fb7..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch +++ /dev/null @@ -1,152 +0,0 @@ -From f6c4493bb4a0683b27c91ed53d3a25c9ef7a65cb Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Mon, 4 Sep 2023 02:55:18 -0400 -Subject: [PATCH] kubernetes: make isolcpus allocation SMT-aware - -Enhance isolcpus support in Kubernetes to allocate isolated SMT -siblings to the same container when SMT/HT is enabled on the host. - -As it stands, the device manager code in Kubernetes is not SMT-aware -(since normally it doesn't deal with CPUs). However, StarlingX -exposes isolated CPUs as devices and if possible we want to allocate -all SMT siblings from a CPU core to the same container in order to -minimize cross- container interference due to resource contention -within the CPU core. - -The solution is basically to take the list of isolated CPUs and -re-order it so that the SMT siblings are next to each other. That -way the existing resource selection code will allocate the siblings -together. As an optimization, if it is known that an odd number -of isolated CPUs are desired, a singleton SMT sibling will be -inserted into the list to avoid breaking up sibling pairs. - -Signed-off-by: Tao Wang -Signed-off-by: Ramesh Kumar Sivanandam -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/devicemanager/manager.go | 84 ++++++++++++++++++++++++- - 1 file changed, 83 insertions(+), 1 deletion(-) - -diff --git a/pkg/kubelet/cm/devicemanager/manager.go b/pkg/kubelet/cm/devicemanager/manager.go -index 7499de4460f..b2d529de88f 100644 ---- a/pkg/kubelet/cm/devicemanager/manager.go -+++ b/pkg/kubelet/cm/devicemanager/manager.go -@@ -19,10 +19,13 @@ package devicemanager - import ( - "context" - "fmt" -+ "io/ioutil" - "os" - "path/filepath" - "runtime" - "sort" -+ "strconv" -+ "strings" - "sync" - "time" - -@@ -36,6 +39,7 @@ import ( - pluginapi "k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1" - "k8s.io/kubernetes/pkg/kubelet/checkpointmanager" - "k8s.io/kubernetes/pkg/kubelet/checkpointmanager/errors" -+ "k8s.io/kubernetes/pkg/kubelet/cm/cpuset" - "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/checkpoint" - plugin "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/plugin/v1beta1" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" -@@ -526,6 +530,75 @@ func (m *ManagerImpl) UpdateAllocatedDevices() { - m.allocatedDevices = m.podDevices.devices() - } - -+//Given a list of isolated CPUs in 'devices', and the number of desired CPUs in 'needed', -+//return an ordered list of isolated CPUs such that the first 'needed' CPUs in the list -+//contain as many hyperthread sibling pairs as possible. -+func order_devices_by_sibling(devices sets.String, needed int) ([]string, error) { -+ var dev_lst []string -+ var single_lst []string -+ sibling_lst := make([]string, 0, int(devices.Len())) -+ _iterated_cpu := make(map[string]string) -+ get_sibling := func(cpu string, cpu_lst []string) string { -+ if cpu_lst[0] == cpu { -+ return cpu_lst[1] -+ } else { -+ return cpu_lst[0] -+ } -+ } -+ for cpu_id := range devices { -+ // If we've already found cpu_id as a sibling, skip it. -+ if _, ok := _iterated_cpu[cpu_id]; ok { -+ continue -+ } -+ devPath := fmt.Sprintf("/sys/devices/system/cpu/cpu%s/topology/thread_siblings_list", cpu_id) -+ dat, err := ioutil.ReadFile(devPath) -+ if err != nil { -+ return dev_lst, fmt.Errorf("Can't read cpu[%s] thread_siblings_list", cpu_id) -+ } -+ cpustring := strings.TrimSuffix(string(dat), "\n") -+ cpu_pair_set, err := cpuset.Parse(cpustring) -+ if err != nil { -+ return dev_lst, fmt.Errorf("Unable to parse thread_siblings_list[%s] string to cpuset", cpustring) -+ } -+ var cpu_pair_lst []string -+ for _, v := range cpu_pair_set.List() { -+ cpu_pair_lst = append(cpu_pair_lst, strconv.Itoa(v)) -+ } -+ sibling_cpu_id := get_sibling(cpu_id, cpu_pair_lst) -+ if _, ok := devices[sibling_cpu_id]; ok { -+ sibling_lst = append(sibling_lst, cpu_id, sibling_cpu_id) -+ _iterated_cpu[sibling_cpu_id] = "" -+ } else { -+ single_lst = append(single_lst, cpu_id) -+ } -+ _iterated_cpu[cpu_id] = "" -+ } -+ if needed%2 == 0 { -+ dev_lst = append(sibling_lst, single_lst...) -+ } else { -+ if len(single_lst) > 1 { -+ _tmp_list := append(sibling_lst, single_lst[1:]...) -+ dev_lst = append(single_lst[0:1], _tmp_list...) -+ } else { -+ if len(single_lst) == 0 { -+ dev_lst = sibling_lst -+ } else { -+ dev_lst = append(single_lst, sibling_lst...) -+ } -+ } -+ } -+ //klog.Infof("needed=%d ordered_cpu_list=%v", needed, dev_lst) -+ return dev_lst, nil -+} -+func smt_enabled() bool { -+ dat, _ := ioutil.ReadFile("/sys/devices/system/cpu/smt/active") -+ state := strings.TrimSuffix(string(dat), "\n") -+ if state == "0" { -+ return false -+ } -+ return true -+} -+ - // Returns list of device Ids we need to allocate with Allocate rpc call. - // Returns empty list in case we don't need to issue the Allocate rpc call. - func (m *ManagerImpl) devicesToAllocate(podUID, contName, resource string, required int, reusableDevices sets.String) (sets.String, error) { -@@ -575,7 +648,16 @@ func (m *ManagerImpl) devicesToAllocate(podUID, contName, resource string, requi - // Create a closure to help with device allocation - // Returns 'true' once no more devices need to be allocated. - allocateRemainingFrom := func(devices sets.String) bool { -- for device := range devices.Difference(allocated) { -+ availableDevices := devices.Difference(allocated).List() -+ // If we're dealing with isolcpus and SMT is enabled, reorder to group SMT siblings together. -+ if resource == "windriver.com/isolcpus" && len(devices) > 0 && smt_enabled() { -+ var err error -+ availableDevices, err = order_devices_by_sibling(devices.Difference(allocated), needed) -+ if err != nil { -+ klog.Errorf("error in order_devices_by_sibling: %v", err) -+ } -+ } -+ for _, device := range availableDevices { - m.allocatedDevices[resource].Insert(device) - allocated.Insert(device) - needed-- --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/series b/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/series deleted file mode 100644 index b4282f426..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/patches/series +++ /dev/null @@ -1,12 +0,0 @@ -kubeadm-create-platform-pods-with-zero-CPU-resources.patch -kubernetes-make-isolcpus-allocation-SMT-aware.patch -kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch -kubelet-cpumanager-disable-CFS-quota-throttling.patch -kubelet-cpumanager-keep-normal-containers-off-reserv.patch -kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch -kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch -Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch -kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch -kubeadm-reduce-UpgradeManifestTimeout.patch -Identify-platform-pods-based-on-pod-or-namespace-labels.patch -kubeadm-readiness-probe-timeout-core-dns.patch diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/rules b/kubernetes/kubernetes-1.27.5/debian/deb_folder/rules deleted file mode 100644 index e28422aff..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/rules +++ /dev/null @@ -1,118 +0,0 @@ -#!/usr/bin/make -f - -# -# Copyright (c) 2023 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -# This debian/rules file is based on: -# https://packages.debian.org/source/bookworm/kubernetes -# http://deb.debian.org/debian/pool/main/k/kubernetes/kubernetes_1.20.5+really1.20.2-1.1.debian.tar.xz - -# Customizations support kubernetes upgrades: -# - specific directory locations with kubernetes version, upgrades stage, -# and version specific golang compiler -# - build output not required on the production host is moved to -# kubernetes-misc package - -kube_version := 1.27.5 -kube_git_version := v${kube_version} -name := kubernetes-${kube_version} -go_version := 1.20.7 -_stage1 := /usr/local/kubernetes/${kube_version}/stage1 -_stage2 := /usr/local/kubernetes/${kube_version}/stage2 -_bindir := /usr/bin -kube_dir := src/k8s.io/kubernetes -output_dir := ${kube_dir}/_output -output_bindir := ${output_dir}/bin -output_mandir := ${output_dir}/man -DEBIAN_DESTDIR := $(CURDIR)/debian/tmp -export DH_VERBOSE = 1 -export PATH := /usr/lib/go-1.20/bin:$(PATH) -export KUBE_GIT_TREE_STATE="clean" -export KUBE_GIT_COMMIT=${kube_version} -export KUBE_GIT_VERSION=${kube_git_version} -export KUBE_EXTRA_GOPATH=$(pwd)/Godeps/_workspace -export PBR_VERSION=${kube_git_version} - -bins = kube-proxy kube-apiserver kube-controller-manager kubelet kubeadm kube-scheduler kubectl - -%: - dh $@ --with=bash-completion --builddirectory=src --without=build-stamp - -override_dh_auto_build: - # we support multiple go compilers; indicate the version we are using - go version - which go - - mkdir -pv ${kube_dir} - # keep the .go-version and ignore unwanted files - mv -v $$(ls -a -I ".." -I "." -I ".git*" -I ".generated_files" | grep -v "^src$$" | grep -v "^debian$$") ${kube_dir}/. - cd ${kube_dir} && make WHAT="$(addprefix cmd/,$(bins) genman)" - - # manpages - mkdir -p ${output_mandir} - echo $(bins) | xargs --max-args=1 ${output_bindir}/genman ${output_mandir} - - # NOTICE files - find ${kube_dir}/vendor -name '*NOTICE*' -print0 | xargs -0 head -n1000 > ${output_dir}/NOTICE - -override_dh_install: - # kube_version stage1 - install -m 755 -d ${DEBIAN_DESTDIR}${_stage1}${_bindir} - install -p -m 755 -t ${DEBIAN_DESTDIR}${_stage1}${_bindir} ${output_bindir}/kubeadm - - # kube_version stage2 - install -m 755 -d ${DEBIAN_DESTDIR}${_stage2}${_bindir} - install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d - install -p -m 0644 -t ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d debian/kubeadm.conf - install -p -m 750 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet - install -p -m 755 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl - # bash completions - install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/ - ${DEBIAN_DESTDIR}${_stage2}${_bindir}/kubectl completion bash > ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/kubectl - - # remaining are not kube_version staged, i.e., kubernetes-master, kubernetes-misc - install -m 755 -d ${DEBIAN_DESTDIR}${_bindir} - install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver - install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager - install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler - install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy - - # specific cluster addons for optional use - install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons - - # Addon: volumesnapshots - install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots - install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/crd - install -m 0644 -t ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/crd ${kube_dir}/cluster/addons/volumesnapshots/crd/* - install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/volume-snapshot-controller - install -m 0644 -t ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/volume-snapshot-controller ${kube_dir}/cluster/addons/volumesnapshots/volume-snapshot-controller/* - - # unit-test - # - everything from the root directory is needed - # - unit-tests needs source code - # - integration tests needs docs and other files - # - test-cmd.sh atm needs cluster, examples and other - install -d -m 0755 ${DEBIAN_DESTDIR}/var/lib/kubernetes-unit-test/ - cp -a src ${DEBIAN_DESTDIR}/var/lib/kubernetes-unit-test/ - # remove generated output, i.e., binaries, go cache, man pages, violations report - rm -rf ${DEBIAN_DESTDIR}/var/lib/kubernetes-unit-test/${output_dir} - - dh_install - -override_dh_auto_test: - ${kube_dir}/hack/test-cmd.sh - ${kube_dir}/hack/benchmark-go.sh - ${kube_dir}/hack/test-go.sh - ${kube_dir}/hack/test-integration.sh --use_go_build - -override_dh_fixperms: - dh_fixperms -Xkube-apiserver -Xkubeadm -Xkubeadm.conf \ - -Xkubelet-cgroup-setup.sh -Xkube-apiserver \ - -Xkube-controller-manager -Xkube-scheduler \ - -Xkube-proxy -Xkubelet -Xkubectl - -override_dh_usrlocal: - diff --git a/kubernetes/kubernetes-1.27.5/debian/deb_folder/source/format b/kubernetes/kubernetes-1.27.5/debian/deb_folder/source/format deleted file mode 100644 index 163aaf8d8..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/deb_folder/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (quilt) diff --git a/kubernetes/kubernetes-1.27.5/debian/meta_data.yaml b/kubernetes/kubernetes-1.27.5/debian/meta_data.yaml deleted file mode 100644 index 7bb54c383..000000000 --- a/kubernetes/kubernetes-1.27.5/debian/meta_data.yaml +++ /dev/null @@ -1,10 +0,0 @@ -debver: 1.27.5 -dl_path: - name: kubernetes-1.27.5.tar.gz - url: https://github.com/kubernetes/kubernetes/archive/refs/tags/v1.27.5.tar.gz - sha256sum: 4998252ee2e4143c94203614bc5e4cc87b09555cd6ae212b7d6b43fc7f1e0702 -revision: - dist: ${STX_DIST} - GITREVCOUNT: - BASE_SRCREV: 41f9e1c1ec58fdced5513a99b0685ccf10e93cb1 - SRC_DIR: ${MY_REPO}/stx/integ/kubernetes/kubernetes-1.27.5 diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/changelog b/kubernetes/kubernetes-1.28.4/debian/deb_folder/changelog deleted file mode 100644 index 901139857..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/changelog +++ /dev/null @@ -1,226 +0,0 @@ -kubernetes-1.28.4 (1.28.4-1) unstable; urgency=medium - - * Updated to support building 1.28.4 - - -- Rakshith M R rakshith.mr@windriver.com Mon, 30 Nov 2023 13:30:00 +0000 - -kubernetes-1.27.5 (1.27.5-1) unstable; urgency=medium - - * Updated to support building 1.27.5 - - -- Ramesh Kumar Sivanandam rameshkumar.sivanandam@windriver.com Mon, 28 Aug 2023 13:30:00 +0000 - -kubernetes (1.19.4-2) unstable; urgency=medium - - * Updated README.Debian - - -- Janos Lenart Sat, 21 Nov 2020 14:06:21 +0000 - -kubernetes (1.19.4-1) unstable; urgency=medium - - * New upstream release: 1.19.4 - - -- Janos Lenart Tue, 17 Nov 2020 09:30:59 +0000 - -kubernetes (1.19.3-1) unstable; urgency=medium - - * New upstream release: 1.19.3 - * Building with golang-1.15 - * Fixes CVE-2020-8564, CVE-2020-8566 - - -- Janos Lenart Wed, 21 Oct 2020 10:38:41 +0100 - -kubernetes (1.18.6-1) unstable; urgency=medium - - * New upstream release: 1.18.6 - * (An earlier version, 1.17.4-1 fixes CVE-2019-9946) - - -- Janos Lenart Thu, 16 Jul 2020 10:08:46 +0100 - -kubernetes (1.18.5-1) unstable; urgency=medium - - * New upstream release: 1.18.5 - * Fixes CVE-2020-8557, CVE-2020-8558, CVE-2020-8559 - - -- Janos Lenart Wed, 15 Jul 2020 17:19:40 +0100 - -kubernetes (1.18.3-1) unstable; urgency=medium - - * New upstream release: 1.18.3 - * Improved build reproducibility - - -- Janos Lenart Tue, 02 Jun 2020 11:18:12 +0000 - -kubernetes (1.18.2-3) unstable; urgency=medium - - * Bumped Standards-Version - * Improved build reproducibility - - -- Janos Lenart Fri, 15 May 2020 13:17:53 +0000 - -kubernetes (1.18.2-2) unstable; urgency=medium - - * Added i386 back - - -- Janos Lenart Sun, 03 May 2020 21:13:17 +0000 - -kubernetes (1.18.2-1) unstable; urgency=medium - - * New upstream release: 1.18.2 - - -- Janos Lenart Sun, 03 May 2020 19:25:37 +0000 - -kubernetes (1.18.0-1) unstable; urgency=medium - - * New upstream release: 1.18.0 - - -- Janos Lenart Sat, 28 Mar 2020 12:58:42 +0000 - -kubernetes (1.17.4-1) unstable; urgency=high - - * New maintainer (Closes: #886739) - * New upstream release: 1.17.4 (Closes: #887741) - * New Debian packaging from scratch. See README.Debian - * kubernetes-node - - Moved docker from Depends into Recommends as kubelet can also work with - rkt, cri-o, etc. (Closes: #872690) - - Not shipping systemd units for kubelet and kube-proxy for now - * kubernetes-master - - Moved etcd from Depends into Recommends as apiserver can also connect to - a remote etcd/cluster. - - Not shipping systemd units for kube-apiserver, kube-schedules and - kube-controller-manager for now - - -- Janos Lenart Sun, 15 Mar 2020 21:46:45 +0000 - -kubernetes (1.7.16+dfsg-1) unstable; urgency=medium - - [ Michael Stapelberg ] - * Switch to XS-Go-Import-Path - - [ Dmitry Smirnov ] - * Resurrected "mergo.patch" that has been mistakenly removed - (Closes: #878254). - * Re-enabled safeguard test for the above problem. - * New upstream release: - + CVE-2017-1002101 (Closes: #892801) - + CVE-2017-1002102 (Closes: #894051) - * Updated Vcs URLs for Salsa. - * Standards-Version: 4.1.4 - * Build-Depends: - - golang-go - + golang-any - + golang-github-appc-cni-dev - + golang-github-armon-circbuf-dev - + golang-github-azure-azure-sdk-for-go-dev - + golang-github-dgrijalva-jwt-go-v3-dev - + golang-github-docker-distribution-dev - + golang-github-docker-docker-dev - + golang-github-emicklei-go-restful-swagger12-dev - + golang-github-gogo-protobuf-dev - + golang-github-gorilla-websocket-dev - + golang-github-grpc-ecosystem-go-grpc-prometheus-dev - + golang-github-karlseguin-ccache-dev - - golang-github-opencontainers-runc-dev - + golang-github-opencontainers-docker-runc-dev - + golang-github-pmezard-go-difflib-dev - + golang-golang-x-time-dev - + golang-golang-x-tools-dev - + golang-google-grpc-dev - + golang-gopkg-warnings.v0-dev - + golang-goprotobuf-dev - - -- Dmitry Smirnov Sun, 06 May 2018 16:20:21 +1000 - -kubernetes (1.7.7+dfsg-3) unstable; urgency=medium - - * kubernetes-master should depend on etcd (Closes: #855218). - - -- Andrew Shadura Sun, 22 Oct 2017 19:40:46 +0100 - -kubernetes (1.7.7+dfsg-2) unstable; urgency=medium - - * Use CURDIR, not PWD, unbreaks the build at buildds. - - -- Andrew Shadura Fri, 06 Oct 2017 19:25:45 +0200 - -kubernetes (1.7.7+dfsg-1) unstable; urgency=medium - - [ Tim Potter ] - * Open work for new release - * Remove unused Files-Excluded entries from d/copyright - * Remove Skydns B-D as no longer used - * Don't build on ppc64 or ppc64le architectures - - [ Andrew Shadura ] - * New upstream release. - * Refresh patches. - * Update build dependencies. - * Symlink vendor packages to the build directory. - - -- Andrew Shadura Fri, 06 Oct 2017 18:54:06 +0200 - -kubernetes (1.5.5+dfsg-2) unstable; urgency=medium - - * Team upload. - * Don't build on ppc64le due to Go linker problems. See GitHub issue - https://github.com/golang/go/issues/15823. - * Don't build on ppc64 as it's not supported by upstream at the - moment. (Closes: #860505) - - -- Tim Potter Sat, 03 Jun 2017 08:00:51 +1000 - -kubernetes (1.5.5+dfsg-1) unstable; urgency=low - - [ Dmitry Smirnov ] - * Switch to bundled "rkt". - * rules: remove "-p" option from build and test overrides. - * control: drop obsolete "golang-clockwork-dev" alternative. - * New patch to disable test failing on [armel]. - * Upload to unstable. - - [ Tim Potter ] - * New upstream version. [March 2017] - * Big updates to d/rules and d/copyright to update to upstream - changes made since the 1.2.x release. - * Refresh patches to bring up to date with upstream changes since - 1.2.x. - * control: add lsb-base as dependency for sysvinit scripts. - * Suppress spelling-error-in-binary Lintian messages. - - -- Tim Potter Thu, 13 Apr 2017 16:45:57 +1000 - -kubernetes (1.2.5+dfsg-1) experimental; urgency=medium - - * New upstream release [June 2016]. - * Switch to private "github.com/golang/glog" due to log noise. - * Disabled failing tests; no longer ignore failures in tests. - * Build/test using 2 cores only. - * New patch to update appc/cni name space (fixes FTBFS). - * Removed obsolete "spf13-cobra.patch". - - -- Dmitry Smirnov Sun, 03 Jul 2016 04:12:28 +1000 - -kubernetes (1.2.4+dfsg-2) experimental; urgency=medium - - * Added new patch to fix incompatibility with "imdario/mergo" v0.2.2 - (Closes: #825753). - Thanks, Florian Ernst. - * Enable tests but ignore failures for now. - - -- Dmitry Smirnov Fri, 17 Jun 2016 01:41:38 +1000 - -kubernetes (1.2.4+dfsg-1) experimental; urgency=medium - - * New upstream release [May 2016]. - * New patch to print output of "uname -m" on unsupported architectures. - * New "docker.patch" to fix potential FTBFS. - + Build-Depends += "golang-github-docker-distribution-dev". - - -- Dmitry Smirnov Wed, 15 Jun 2016 21:03:01 +1000 - -kubernetes (1.2.3+dfsg-1) experimental; urgency=low - - * Initial release (Closes: #795652). - - -- Dmitry Smirnov Mon, 25 Apr 2016 22:40:12 +1000 diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/control b/kubernetes/kubernetes-1.28.4/debian/deb_folder/control deleted file mode 100644 index 16f0838fb..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/control +++ /dev/null @@ -1,93 +0,0 @@ -Source: kubernetes-1.28.4 -Section: admin -Priority: optional -Maintainer: StarlingX Developers -Build-Depends: debhelper-compat (= 13), - build-essential, - bash-completion, - jq, - rsync, - go-bindata, - go-md2man, - golang-1.20 -Standards-Version: 4.4.1 -Homepage: http://kubernetes.io/ -XS-Build-Size: 15GB - -Package: kubernetes-1.28.4-client -Provides: kubernetes-utils -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends} -Recommends: ${misc:Recommends} -Built-Using: ${misc:Built-Using} -Description: Kubernetes Command Line Tool - The Kubernetes command line tool for interacting with the Kubernetes API. - -Package: kubernetes-1.28.4-master -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends}, - adduser, - lsb-base, - etcd -Recommends: ${misc:Recommends}, kubernetes-1.28.4-client -Built-Using: ${misc:Built-Using} -Description: Kubernetes services for master host - Container Cluster Manager from Google. Kubernetes is an open source system - for managing containerized applications across multiple hosts, providing - basic mechanisms for deployment, maintenance, and scaling of applications. - . - Linux kernel version 3.8 or above is required for proper operation of the - daemon process, and that any lower versions may have subtle and/or glaring - issues. - . - This package provides "kube-apiserver", "kube-controller-manager" and - "kube-scheduler" daemons. - -Package: kubernetes-1.28.4-node -Provides: cadvisor -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends}, - adduser, - conntrack, - conntrackd, - docker.io, - lsb-base, - socat, -Recommends: ${misc:Recommends}, kubernetes-1.28.4-client -Built-Using: ${misc:Built-Using} -Description: Kubernetes services for node host - Container Cluster Manager from Google. Kubernetes is an open source system - for managing containerized applications across multiple hosts, providing - basic mechanisms for deployment, maintenance, and scaling of applications. - . - Linux kernel version 3.8 or above is required for proper operation of the - daemon process, and that any lower versions may have subtle and/or glaring - issues. - -Package: kubernetes-1.28.4-kubeadm -Architecture: amd64 -Depends: ${misc:Depends}, containernetworking-plugins -Recommends: ${misc:Recommends}, kubernetes-1.28.4-client -Built-Using: ${misc:Built-Using} -Description: Kubernetes Cluster Bootstrapping Tool - The Kubernetes command line tool for bootstrapping a Kubernetes cluster. - -Package: kubernetes-1.28.4-misc -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends} -Recommends: ${misc:Recommends} -Built-Using: ${misc:Built-Using} -Description: dummy package - Kubernetes dummy package for misc stuff we don't want to install in production. - -Package: kubernetes-1.28.4-unit-test -Architecture: amd64 -Depends: ${misc:Depends}, ${shlibs:Depends}, - hostname, - rsync, - etcd (>= 2.0.9), - network-manager, -Recommends: ${misc:Recommends} -Built-Using: ${misc:Built-Using} -Description: Kubernetes unit test - Kubernetes unit-test framework. diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/copyright b/kubernetes/kubernetes-1.28.4/debian/deb_folder/copyright deleted file mode 100644 index c491e21c9..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/copyright +++ /dev/null @@ -1,1820 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: Kubernetes -Source: https://github.com/kubernetes/kubernetes - -Files: - debian/kubeadm.conf - debian/kubelet-cgroup-setup.sh -Copyright: 2023 Wind River Systems, Inc. -License: Apache-2.0 - -Files: * -Copyright: 2014-2020 The Kubernetes Authors -License: Apache-2.0 - -Files: debian/* -Copyright: 2020 Janos Lenart -License: Apache-2.0 - -License: Apache-2.0 - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - . - http://www.apache.org/licenses/LICENSE-2.0 - . - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - . - On Debian systems the full text of the Apache-2.0 license can be found in - /usr/share/common-licenses/Apache-2.0 . - -Files: vendor/bitbucket.org/bertimus9/systemstat/* -Copyright: 2013 Phillip Bond -License: Expat - -Files: vendor/cloud.google.com/go/* -Copyright: 2014 Google LLC -License: Apache-2.0 - -Files: vendor/github.com/armon/circbuf/* -Copyright: 2013 Armon Dadgar -License: Expat - -Files: vendor/github.com/asaskevich/govalidator/* -Copyright: 2014 Alex Saskevich -License: Expat - -Files: vendor/github.com/aws/aws-sdk-go/* -Copyright: 2015 Amazon.com, Inc. or its affiliates. - 2014-2015 Stripe, Inc. -License: Apache-2.0 - -Files: vendor/github.com/Azure/azure-sdk-for-go/* -Copyright: 2014-2017 Microsoft and contributors -License: Apache-2.0 - -Files: vendor/github.com/Azure/go-ansiterm/* -Copyright: 2015 Microsoft Corporation -License: Expat - -Files: vendor/github.com/Azure/go-autorest/* -Copyright: 2015, 2017, 2018 Microsoft Corporation -License: Apache-2.0 - -Files: vendor/github.com/bazelbuild/* -Copyright: 2014, 2016-2019 The Bazel Authors. - 2016-2017 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/beorn7/perks/* -Copyright: 2013 Blake Mizerany -License: Expat - -Files: vendor/github.com/blang/semver/* -Copyright: 2014 Benedikt Lang -License: Expat - -Files: vendor/github.com/BurntSushi/toml/* -Copyright: 2013 TOML authors - 2010 The Go Authors -License: Expat and BSD-3-clause - -Files: vendor/github.com/caddyserver/caddy/* -Copyright: 2015 Light Code Labs, LLC -License: Apache-2.0 - -Files: vendor/github.com/cespare/prettybench/* -Copyright: 2014 Caleb Spare -License: Expat - -Files: vendor/github.com/chai2010/gettext-go/* -Copyright: 2013 ChaiShushan -License: BSD-3-clause - -Files: vendor/github.com/checkpoint-restore/go-criu/* -Copyright: The go-criu contributors -License: Apache-2.0 - -Files: vendor/github.com/client9/misspell/* -Copyright: 2015-2017 Nick Galbreath - 2009, 2011 The Go Authors -License: Expat and BSD-3-clause - -Files: vendor/github.com/clusterhq/flocker-go/* -Copyright: 2014-2016 ClusterHQ -License: Apache-2.0 - -Files: vendor/github.com/containerd/* -Copyright: 2012-2016 Docker, Inc. -License: Apache-2.0 and CC-BY-4.0 - -Files: vendor/github.com/containernetworking/cni/* -Copyright: 2015,2016 CNI authors -License: Apache-2.0 - -Files: vendor/github.com/container-storage-interface/spec/* -Copyright: 2017-2020 container-storage-interface/spec contributors -License: Apache-2.0 - -Files: vendor/github.com/coredns/corefile-migration/* -Copyright: 2019-2020 coredns/corefile-migration contributors -License: Apache-2.0 - -Files: vendor/github.com/coreos/go-oidc/* -Copyright: 2014 CoreOS, Inc - 2004, 2006 The Linux Foundation and its contributors -License: Apache-2.0 - -Files: vendor/github.com/coreos/go-semver/* -Copyright: 2013-2015, 2018 CoreOS, Inc -License: Apache-2.0 - -Files: vendor/github.com/coreos/go-systemd/* -Copyright: 2014 Docker, Inc. - 2015-2018 CoreOS, Inc -License: Apache-2.0 - -Files: vendor/github.com/coreos/pkg/* -Copyright: 2014-2016 CoreOS, Inc -License: Apache-2.0 - -Files: vendor/github.com/cpuguy83/go-md2man/* -Copyright: 2014 Brian Goff -License: Expat - -Files: vendor/github.com/cyphar/filepath-securejoin/* -Copyright: 2014-2015 Docker Inc & Go Authors - 2017 SUSE LLC. -License: BSD-3-clause - -Files: vendor/github.com/davecgh/go-spew/* -Copyright: 2012-2016 Dave Collins -License: ISC - -Files: vendor/github.com/daviddengcn/go-colortext/* -Copyright: 2016, David Deng -License: Expat or BSD-3-clause - -Files: vendor/github.com/dgrijalva/jwt-go/* -Copyright: 2012 Dave Grijalva -License: Expat - -Files: vendor/github.com/docker/distribution/* -Copyright: 2014-2020 docker/distribution contributors - 2013 Damien Le Berrigaud and Nick Wade -License: Apache-2.0 and Expat and CC-BY-4.0 - -Files: vendor/github.com/docker/docker/* -Copyright: 2012-2018 Docker, Inc. - 2019 Keith Rarick -License: Apache-2.0 and Expat - -Files: vendor/github.com/docker/go-connections/* -Copyright: 2015 Docker, Inc. -License: Apache-2.0 - -Files: vendor/github.com/docker/go-units/* -Copyright: 2015 Docker, Inc. - 2004, 2006 The Linux Foundation and its contributors. -License: Apache-2.0 - -Files: vendor/github.com/docker/libnetwork/* -Copyright: 2015-2020 docker/libnetwork contributors -License: Apache-2.0 - -Files: vendor/github.com/docker/spdystream/* -Copyright: 2014-2015 Docker, Inc. - 2011, 2013 The Go Authors -License: Apache-2.0 and BSD-3-clause and CC-BY-SA-4.0 - -Files: vendor/github.com/dustin/go-humanize/* -Copyright: 2005-2008 Dustin Sallings -License: Expat - -Files: vendor/github.com/elazarl/goproxy/* -Copyright: 2012 Elazar Leibovich -License: BSD-3-clause - -Files: vendor/github.com/emicklei/go-restful/* -Copyright: 2012-2015, 2018 Ernest Micklei -License: Expat - -Files: vendor/github.com/euank/go-kmsg-parser/* -Copyright: 2016 Euan Kemp -License: Apache-2.0 - -Files: vendor/github.com/evanphx/json-patch/* -Copyright: 2014, Evan Phoenix -License: BSD-3-clause - -Files: vendor/github.com/exponent-io/jsonpath/* -Copyright: 2015 Exponent Labs LLC -License: Expat - -Files: vendor/github.com/fatih/camelcase/* -Copyright: 2015 Fatih Arslan -License: Expat - -Files: vendor/github.com/fatih/color/* -Copyright: 2013 Fatih Arslan -License: Expat - -Files: vendor/github.com/fsnotify/fsnotify/* -Copyright: 2010-2013, 2015 The Go Authors - 2012 fsnotify Authors -License: BSD-3-clause - -Files: vendor/github.com/ghodss/yaml/* -Copyright: 2014 Sam Ghods - 2012, 2013 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/go-bindata/go-bindata/* -Copyright: The go-bindata contributors -License: CC0-1.0 - -Files: vendor/github.com/godbus/dbus/* -Copyright: 2013, Georg Reinke (), Google -License: BSD-2-clause - -Files: vendor/github.com/gogo/protobuf/* -Copyright: 2013, The GoGo Authors - 2010-2012, 2015-2018 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/golang/groupcache/* -Copyright: 2013 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/golang/mock/* -Copyright: 2010, 2011 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/golang/protobuf/* -Copyright: 2008, 2010-2012, 2015-2018 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/googleapis/gnostic/* -Copyright: 2017 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/google/btree/* -Copyright: 2014 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/google/cadvisor/* -Copyright: 2014-2019 Google Inc. - 2014 The cAdvisor Authors -License: Apache-2.0 - -Files: vendor/github.com/GoogleCloudPlatform/k8s-cloud-provider/* -Copyright: 2018, 2019 Google LLC -License: Apache-2.0 - -Files: vendor/github.com/google/go-cmp/* -Copyright: 2017-2019 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/google/gofuzz/* -Copyright: 2014 Google Inc. -License: Apache-2.0 - -Files: vendor/github.com/google/uuid/* -Copyright: 2009, 2014, 2016-2018 Google Inc. -License: BSD-3-clause - -Files: vendor/github.com/go-openapi/analysis/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/errors/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/jsonpointer/* -Copyright: 2013 sigu-399 ( https://github.com/sigu-399 ) -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/jsonreference/* -Copyright: 2013 sigu-399 ( https://github.com/sigu-399 ) -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/loads/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/runtime/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/spec/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/strfmt/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/swag/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-openapi/validate/* -Copyright: 2015 go-swagger maintainers -License: Apache-2.0 - -Files: vendor/github.com/go-ozzo/ozzo-validation/* -Copyright: 2016, 2018 Qiang Xue, Google LLC -License: Expat - -Files: vendor/github.com/gophercloud/gophercloud/* -Copyright: 2012-2013 Rackspace, Inc. -License: Apache-2.0 - -Files: vendor/github.com/gorilla/websocket/* -Copyright: 2013, 2016, 2017 The Gorilla WebSocket Authors -License: BSD-2-clause - -Files: vendor/github.com/go-stack/stack/* -Copyright: 2014 Chris Hines -License: Expat - -Files: vendor/github.com/gregjones/httpcache/* -Copyright: 2012 Greg Jones (greg.jones@gmail.com) -License: Expat - -Files: vendor/github.com/grpc-ecosystem/go-grpc-middleware/* -Copyright: 2016 Michal Witkowski -License: Apache-2.0 - -Files: vendor/github.com/grpc-ecosystem/go-grpc-prometheus/* -Copyright: 2016 Michal Witkowski -License: Apache-2.0 - -Files: vendor/github.com/grpc-ecosystem/grpc-gateway/* -Copyright: 2015, Gengo, Inc. -License: BSD-3-clause - -Files: vendor/github.com/hashicorp/golang-lru/* -Copyright: 2014-2020 hashicorp/golang-lru contributors -License: MPL-2.0 - -Files: vendor/github.com/hashicorp/hcl/* -Copyright: 2014-2020 hashicorp/hcl contributors -License: MPL-2.0 - -Files: vendor/github.com/heketi/heketi/* -Copyright: 2015, 2016, 2018 The heketi Authors - 1989, 1991, 2007 Free Software Foundation, Inc. -License: (Apache-2.0 or LGPL-3.0) and (LGPL-3.0 or GPL-2.0) - -Files: vendor/github.com/hpcloud/tail/* -Copyright: 2015 Hewlett Packard Enterprise Development LP - 2015 HPE Software Inc. - 2013, 2014 ActiveState Software Inc. - 2013 99designs -License: Expat - -Files: vendor/github.com/imdario/mergo/* -Copyright: 2009, 2013, 2014 Dario Castañé - 2009, 2012 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/inconshreveable/mousetrap/* -Copyright: 2014 Alan Shreve -License: Apache-2.0 - -Files: vendor/github.com/JeffAshton/win_pdh/* -Copyright: 2010, 2013 The win_pdh Authors -License: BSD-3-clause - -Files: vendor/github.com/jmespath/go-jmespath/* -Copyright: 2015 James Saryerwinnie -License: Apache-2.0 - -Files: vendor/github.com/jonboulle/clockwork/* -Copyright: 2014-2020 jonboulle/clockwork contributors -License: Apache-2.0 - -Files: vendor/github.com/json-iterator/go/* -Copyright: 2016 json-iterator -License: Expat - -Files: vendor/github.com/karrick/godirwalk/* -Copyright: 2017, Karrick McDermott -License: BSD-2-clause - -Files: vendor/github.com/konsorten/go-windows-terminal-sequences/* -Copyright: 2016, 2017 marvin + konsorten GmbH (open-source@konsorten.de) -License: Expat - -Files: vendor/github.com/libopenstorage/openstorage/* -Copyright: 2015 Openstorage.org -License: Apache-2.0 - -Files: vendor/github.com/liggitt/tabwriter/* -Copyright: 2009 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/lithammer/dedent/* -Copyright: 2018 Peter Lithammer -License: Expat - -Files: vendor/github.com/magiconair/properties/* -Copyright: 2011 The Go Authors - 2013-2018 Frank Schroeder -License: BSD-2-clause - -Files: vendor/github.com/mailru/easyjson/* -Copyright: 2016 Mail.Ru Group -License: Expat - -Files: vendor/github.com/MakeNowJust/heredoc/* -Copyright: 2014-2017 TSUYUSATO Kitsune -License: Expat - -Files: vendor/github.com/mattn/go-colorable/* -Copyright: 2016 Yasuhiro Matsumoto -License: Expat - -Files: vendor/github.com/mattn/go-isatty/* -Copyright: Yasuhiro MATSUMOTO -License: Expat - -Files: vendor/github.com/mattn/go-shellwords/* -Copyright: 2017 Yasuhiro Matsumoto -License: Expat - -Files: vendor/github.com/matttproud/golang_protobuf_extensions/* -Copyright: 2012 Matt T. Proud (matt.proud@gmail.com) -License: Apache-2.0 - -Files: vendor/github.com/Microsoft/go-winio/* -Copyright: 2015 Microsoft -License: Expat - -Files: vendor/github.com/Microsoft/hcsshim/* -Copyright: 2015, 2018 Microsoft Corp. -License: Expat - -Files: vendor/github.com/miekg/dns/* -Copyright: 2011 Miek Gieben - 2009, 2013 The Go Authors - 2014 CloudFlare -License: BSD-3-clause - -Files: vendor/github.com/mindprince/gonvml/* -Copyright: 2017 Google Inc. - 1993-2016 NVIDIA Corporation -License: Apache-2.0 - -Files: vendor/github.com/mistifyio/go-zfs/* -Copyright: 2014 OmniTI Computer Consulting, Inc. -License: Apache-2.0 - -Files: vendor/github.com/mitchellh/go-wordwrap/* -Copyright: 2014 Mitchell Hashimoto -License: Expat - -Files: vendor/github.com/mitchellh/mapstructure/* -Copyright: 2013 Mitchell Hashimoto -License: Expat - -Files: vendor/github.com/modern-go/concurrent/* -Copyright: 2018-2020 modern-go/concurrent contributors -License: Apache-2.0 - -Files: vendor/github.com/modern-go/reflect2/* -Copyright: 2018-2020 modern-go/reflec2 contributors -License: Apache-2.0 - -Files: vendor/github.com/mohae/deepcopy/* -Copyright: 2014-2016 Joel Scoble (github.com/mohae) -License: Expat - -Files: vendor/github.com/morikuni/aec/* -Copyright: 2016 Taihei Morikuni -License: Expat - -Files: vendor/github.com/mrunalp/fileutils/* -Copyright: 2014 Docker Inc. -License: Apache-2.0 - -Files: vendor/github.com/munnerz/goautoneg/* -Copyright: 2011, Open Knowledge Foundation Ltd -License: BSD-3-clause - -Files: vendor/github.com/mvdan/xurls/* -Copyright: 2015, Daniel Martí -License: BSD-3-clause - -Files: vendor/github.com/mxk/go-flowrate/* -Copyright: 2014 The Go-FlowRate Authors -License: BSD-3-clause - -Files: vendor/github.com/NYTimes/gziphandler/* -Copyright: 2015 The New York Times Company -License: Apache-2.0 - -Files: vendor/github.com/onsi/ginkgo/* -Copyright: 2013-2014 Onsi Fakhouri - 2016 Yasuhiro Matsumoto -License: Expat - -Files: vendor/github.com/onsi/gomega/* -Copyright: 2013-2014 Onsi Fakhouri -License: Expat - -Files: vendor/github.com/opencontainers/go-digest/* -Copyright: 2017 Docker, Inc. - 2004, 2006 The Linux Foundation and its contributors -License: Apache-2.0 and CC-BY-SA-4.0 - -Files: vendor/github.com/opencontainers/image-spec/* -Copyright: 2016 The Linux Foundation -License: Apache-2.0 - -Files: vendor/github.com/opencontainers/runc/* -Copyright: 2012-2015 Docker, Inc. - 2016, 2017 SUSE LLC -License: Apache-2.0 - -Files: vendor/github.com/opencontainers/runtime-spec/* -Copyright: 2015 The Linux Foundation -License: Apache-2.0 - -Files: vendor/github.com/opencontainers/selinux/* -Copyright: 2017-2020 opencontainers/selinux contributors -License: Apache-2.0 - -Files: vendor/github.com/pelletier/go-toml/* -Copyright: 2013-2017 Thomas Pelletier, Eric Anderton -License: Expat - -Files: vendor/github.com/peterbourgon/diskv/* -Copyright: 2011-2012 Peter Bourgon -License: Expat - -Files: vendor/github.com/pkg/errors/* -Copyright: 2015, Dave Cheney -License: BSD-2-clause - -Files: vendor/github.com/pmezard/go-difflib/* -Copyright: 2013, Patrick Mezard -License: BSD-3-clause - -Files: vendor/github.com/pquerna/cachecontrol/* -Copyright: 2015 Paul Querna - 2009 The Go Authors -License: Apache-2.0 and BSD-3-clause - -Files: vendor/github.com/prometheus/client_golang/* -Copyright: 2012-2019 The Prometheus Authors - 2010 The Go Authors - 2013-2015 Blake Mizerany, Björn Rabenstein - 2013 Matt T. Proud -License: Apache-2.0 - -Files: vendor/github.com/prometheus/client_model/* -Copyright: 2012-2015 The Prometheus Authors -License: Apache-2.0 - -Files: vendor/github.com/prometheus/common/* -Copyright: 2013-2015 The Prometheus Authors - 2011, Open Knowledge Foundation Ltd. -License: Apache-2.0 - -Files: vendor/github.com/prometheus/procfs/* -Copyright: 2014-2015,2017-2019 The Prometheus Authors - 2017 Roger Luethi -License: Apache-2.0 - -Files: vendor/github.com/PuerkitoBio/purell/* -Copyright: 2012, Martin Angers -License: BSD-3-clause - -Files: vendor/github.com/PuerkitoBio/urlesc/* -Copyright: 2009, 2012 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/quobyte/api/* -Copyright: 2016, Quobyte Inc. -License: BSD-3-clause - -Files: vendor/github.com/robfig/cron/* -Copyright: 2012 Rob Figueiredo -License: Expat - -Files: vendor/github.com/rubiojr/go-vhd/* -Copyright: 2015 Sergio Rubio -License: Expat - -Files: vendor/github.com/russross/blackfriday/* -Copyright: 2011 Russ Ross -License: BSD-2-clause - -Files: vendor/github.com/satori/go.uuid/* -Copyright: 2013-2018 by Maxim Bublis -License: Expat - -Files: vendor/github.com/seccomp/libseccomp-golang/* -Copyright: 2015 Matthew Heon - 2015 Paul Moore -License: BSD-2-clause - -Files: vendor/github.com/sirupsen/logrus/* -Copyright: 2014 Simon Eskildsen -License: Expat - -Files: vendor/github.com/soheilhy/cmux/* -Copyright: 2016 The CMux Authors -License: Apache-2.0 - -Files: vendor/github.com/spf13/afero/* -Copyright: 2009, 2015 The Go Authors - 2014-2016,2018 Steve Francia - 2015 The Hugo Authors - 2013 The tsuru authors - 2016-present Bjørn Erik Pedersen -License: Apache-2.0 - -Files: vendor/github.com/spf13/cast/* -Copyright: 2014 Steve Francia - 2011 The Go Authors -License: Expat - -Files: vendor/github.com/spf13/cobra/* -Copyright: 2013 Steve Francia . - 2015 Red Hat Inc. - 2016 French Ben -License: Apache-2.0 - -Files: vendor/github.com/spf13/jwalterweatherman/* -Copyright: 2014, 2016 Steve Francia -License: Expat - -Files: vendor/github.com/spf13/pflag/* -Copyright: 2012 Alex Ogier - 2009, 2012 The Go Authors -License: BSD-3-clause - -Files: vendor/github.com/spf13/viper/* -Copyright: 2014 Steve Francia -License: Expat - -Files: vendor/github.com/storageos/go-api/* -Copyright: 2015-2018 StorageOS - 2013-2017 go-dockerclient Authors -License: Expat and BSD-2-clause - -Files: vendor/github.com/stretchr/objx/* -Copyright: 2014 Stretchr, Inc. - 2017-2018 objx contributors -License: Expat - -Files: vendor/github.com/stretchr/testify/* -Copyright: 2012-2018 Mat Ryer and Tyler Bunnell -License: Expat - -Files: vendor/github.com/syndtr/gocapability/* -Copyright: 2013 Suryandaru Triandana -License: BSD-2-clause - -Files: vendor/github.com/thecodeteam/goscaleio/* -Copyright: 2015-2019 thecodeteam/goscaleio contributors -License: Apache-2.0 - -Files: vendor/github.com/tmc/grpc-websocket-proxy/* -Copyright: 2016 Travis Cline -License: Expat - -Files: vendor/github.com/vishvananda/netlink/* -Copyright: 2014 Vishvananda Ishaya. - 2014 Docker, Inc. -License: Apache-2.0 - -Files: vendor/github.com/vishvananda/netns/* -Copyright: 2014 Vishvananda Ishaya. - 2014 Docker, Inc. -License: Apache-2.0 - -Files: vendor/github.com/vmware/govmomi/* -Copyright: 2014-2018 VMware, Inc. - 2009, 2011, 2012 The Go Authors -License: Apache-2.0 - -Files: vendor/github.com/xiang90/probing/* -Copyright: 2015 Xiang Li -License: Expat - -Files: vendor/go.etcd.io/bbolt/* -Copyright: 2013 Ben Johnson -License: Expat - -Files: vendor/go.etcd.io/etcd/* -Copyright: 2014 CoreOS, Inc - 2015-2019 The etcd Authors - 2015 The Go Authors -License: Apache-2.0 - -Files: vendor/go.mongodb.org/mongo-driver/* -Copyright: MongoDB Inc. 2017-present. -License: Apache-2.0 - -Files: vendor/go.opencensus.io/* -Copyright: 2017-2019 OpenCensus Authors -License: Apache-2.0 - -Files: vendor/go.uber.org/atomic/* -Copyright: 2016 Uber Technologies, Inc. -License: Expat - -Files: vendor/go.uber.org/multierr/* -Copyright: 2017 Uber Technologies, Inc. -License: Expat - -Files: vendor/go.uber.org/zap/* -Copyright: 2016-2017 Uber Technologies, Inc. -License: Expat - -Files: vendor/golang.org/x/crypto/* -Copyright: 2009,2011-2016,2018 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/lint/* -Copyright: 2013,2018 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/net/* -Copyright: 2009-2019 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/oauth2/* -Copyright: 2009,2014-2018 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/sync/* -Copyright: 2009,2016 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/sys/* -Copyright: 2009-2019 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/text/* -Copyright: 2009,2011,2013-2018 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/time/* -Copyright: 2009,2015 The Go Authors -License: BSD-3-clause - -Files: vendor/golang.org/x/tools/* -Copyright: 2009,2011-2019 The Go Authors -License: BSD-3-clause - -Files: vendor/gonum.org/v1/gonum/* -Copyright: 2013-2019 The Gonum Authors - 2009, 2010, 2012 The Go Authors - 1984, 1987, 1989, 1992, 2000 Stephen L. Moshier - 2017 Robin Eklind -License: BSD-3-clause - -Files: vendor/google.golang.org/api/* -Copyright: 2011-2013 Google Inc - 2015-2019 Google LLC - 2013 Joshua Tacoma - 2015-2017 The Go Authors -License: BSD-3-clause - -Files: vendor/google.golang.org/appengine/* -Copyright: 2011-2015,2018 Google Inc. -License: Apache-2.0 - -Files: vendor/google.golang.org/genproto/* -Copyright: 2016-2020 google.golang.org/genproto contributors -License: Apache-2.0 - -Files: vendor/google.golang.org/grpc/* -Copyright: 2014-2019 gRPC authors -License: Apache-2.0 - -Files: vendor/gopkg.in/fsnotify.v1/* -Copyright: 2012 The Go Authors - 2012 fsnotify Authors -License: BSD-3-clause - -Files: vendor/gopkg.in/gcfg.v1/* -Copyright: 2012 Péter Surányi - 2009 The Go Authors -License: BSD-3-clause - -Files: vendor/gopkg.in/inf.v0/* -Copyright: 2012 Péter Surányi - 2009 The Go Authors -License: BSD-3-clause - -Files: vendor/gopkg.in/natefinch/lumberjack.v2/* -Copyright: 2014 Nate Finch -License: Expat - -Files: vendor/gopkg.in/square/go-jose.v2/* -Copyright: 2014,2016,2017,2018 Square Inc. - 2016 Zbigniew Mandziejewicz - 2010 The Go Authors -License: Apache-2.0 - -Files: vendor/gopkg.in/tomb.v1/* -Copyright: 2010-2011 - Gustavo Niemeyer -License: BSD-3-clause - -Files: vendor/gopkg.in/warnings.v0/* -Copyright: 2016 Péter Surányi -License: BSD-2-clause - -Files: vendor/gopkg.in/yaml.v2/* -Copyright: 2006 Kirill Simonov -License: Apache-2.0 - -Files: vendor/gotest.tools/* -Copyright: 2018 gotest.tools authors -License: Apache-2.0 - -Files: vendor/honnef.co/go/tools/* -Copyright: 2016, 2018, 2019 Dominik Honnef - 2009, 2013-2015, 2017, 2018 The Go Authors - 2018 Google Inc. - 2013 Kamil Kisiel - 2013 TOML authors -License: Expat - -Files: vendor/vbom.ml/util/* -Copyright: 2015 Frits van Bommel -License: Expat - -License: Expat - Permission is hereby granted, free of charge, to any person obtaining a copy of - this software and associated documentation files (the "Software"), to deal in - the Software without restriction, including without limitation the rights to - use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - the Software, and to permit persons to whom the Software is furnished to do so, - subject to the following conditions: - . - The above copyright notice and this permission notice shall be included in all - copies or substantial portions of the Software. - . - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -License: BSD-3-clause - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - . - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - . - THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -License: BSD-2-clause - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - . - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - . - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - . - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -License: MPL-2.0 - This Source Code Form is subject to the terms of the Mozilla Public - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. - . - On Debian systems the full text of the MPL 2.0 license can be found in - /usr/share/common-licenses/MPL-2.0 . - -License: ISC - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - . - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -License: CC0-1.0 - To the extent possible under law, the author(s) have dedicated all copyright - and related and neighboring rights to this software to the public domain - worldwide. This software is distributed without any warranty. - . - You should have received a copy of the CC0 Public Domain Dedication along with - this software. If not, see . - . - On Debian systems, the full text of the CC0 Public Domain Dedication version - version 1.0 can be found in the file /usr/share/common-licenses/CC0-1.0 . - -License: LGPL-3.0 - This package is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 3 of the License, or (at your option) any later version. - . - This package is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - . - You should have received a copy of the GNU Lesser General Public - License along with this package; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - . - On Debian systems, the complete text of the GNU Lesser General - Public License can be found in /usr/share/common-licenses/LGPL-3 - -License: GPL-2.0 - This package is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - . - This package is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this package; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - . - On Debian systems, the complete text of the GNU General - Public License can be found in /usr/share/common-licenses/GPL-2 . - -License: CC-BY-SA-4.0 - Attribution-ShareAlike 4.0 International - . - ======================================================================= - . - Creative Commons Corporation ("Creative Commons") is not a law firm and - does not provide legal services or legal advice. Distribution of - Creative Commons public licenses does not create a lawyer-client or - other relationship. Creative Commons makes its licenses and related - information available on an "as-is" basis. Creative Commons gives no - warranties regarding its licenses, any material licensed under their - terms and conditions, or any related information. Creative Commons - disclaims all liability for damages resulting from their use to the - fullest extent possible. - . - Using Creative Commons Public Licenses - . - Creative Commons public licenses provide a standard set of terms and - conditions that creators and other rights holders may use to share - original works of authorship and other material subject to copyright - and certain other rights specified in the public license below. The - following considerations are for informational purposes only, are not - exhaustive, and do not form part of our licenses. - . - Considerations for licensors: Our public licenses are - intended for use by those authorized to give the public - permission to use material in ways otherwise restricted by - copyright and certain other rights. Our licenses are - irrevocable. Licensors should read and understand the terms - and conditions of the license they choose before applying it. - Licensors should also secure all rights necessary before - applying our licenses so that the public can reuse the - material as expected. Licensors should clearly mark any - material not subject to the license. This includes other CC- - licensed material, or material used under an exception or - limitation to copyright. More considerations for licensors: - wiki.creativecommons.org/Considerations_for_licensors - . - Considerations for the public: By using one of our public - licenses, a licensor grants the public permission to use the - licensed material under specified terms and conditions. If - the licensor's permission is not necessary for any reason--for - example, because of any applicable exception or limitation to - copyright--then that use is not regulated by the license. Our - licenses grant only permissions under copyright and certain - other rights that a licensor has authority to grant. Use of - the licensed material may still be restricted for other - reasons, including because others have copyright or other - rights in the material. A licensor may make special requests, - such as asking that all changes be marked or described. - Although not required by our licenses, you are encouraged to - respect those requests where reasonable. More_considerations - for the public: - wiki.creativecommons.org/Considerations_for_licensees - . - ======================================================================= - . - Creative Commons Attribution-ShareAlike 4.0 International Public - License - . - By exercising the Licensed Rights (defined below), You accept and agree - to be bound by the terms and conditions of this Creative Commons - Attribution-ShareAlike 4.0 International Public License ("Public - License"). To the extent this Public License may be interpreted as a - contract, You are granted the Licensed Rights in consideration of Your - acceptance of these terms and conditions, and the Licensor grants You - such rights in consideration of benefits the Licensor receives from - making the Licensed Material available under these terms and - conditions. - . - . - Section 1 -- Definitions. - . - a. Adapted Material means material subject to Copyright and Similar - Rights that is derived from or based upon the Licensed Material - and in which the Licensed Material is translated, altered, - arranged, transformed, or otherwise modified in a manner requiring - permission under the Copyright and Similar Rights held by the - Licensor. For purposes of this Public License, where the Licensed - Material is a musical work, performance, or sound recording, - Adapted Material is always produced where the Licensed Material is - synched in timed relation with a moving image. - . - b. Adapter's License means the license You apply to Your Copyright - and Similar Rights in Your contributions to Adapted Material in - accordance with the terms and conditions of this Public License. - . - c. BY-SA Compatible License means a license listed at - creativecommons.org/compatiblelicenses, approved by Creative - Commons as essentially the equivalent of this Public License. - . - d. Copyright and Similar Rights means copyright and/or similar rights - closely related to copyright including, without limitation, - performance, broadcast, sound recording, and Sui Generis Database - Rights, without regard to how the rights are labeled or - categorized. For purposes of this Public License, the rights - specified in Section 2(b)(1)-(2) are not Copyright and Similar - Rights. - . - e. Effective Technological Measures means those measures that, in the - absence of proper authority, may not be circumvented under laws - fulfilling obligations under Article 11 of the WIPO Copyright - Treaty adopted on December 20, 1996, and/or similar international - agreements. - . - f. Exceptions and Limitations means fair use, fair dealing, and/or - any other exception or limitation to Copyright and Similar Rights - that applies to Your use of the Licensed Material. - . - g. License Elements means the license attributes listed in the name - of a Creative Commons Public License. The License Elements of this - Public License are Attribution and ShareAlike. - . - h. Licensed Material means the artistic or literary work, database, - or other material to which the Licensor applied this Public - License. - . - i. Licensed Rights means the rights granted to You subject to the - terms and conditions of this Public License, which are limited to - all Copyright and Similar Rights that apply to Your use of the - Licensed Material and that the Licensor has authority to license. - . - j. Licensor means the individual(s) or entity(ies) granting rights - under this Public License. - . - k. Share means to provide material to the public by any means or - process that requires permission under the Licensed Rights, such - as reproduction, public display, public performance, distribution, - dissemination, communication, or importation, and to make material - available to the public including in ways that members of the - public may access the material from a place and at a time - individually chosen by them. - . - l. Sui Generis Database Rights means rights other than copyright - resulting from Directive 96/9/EC of the European Parliament and of - the Council of 11 March 1996 on the legal protection of databases, - as amended and/or succeeded, as well as other essentially - equivalent rights anywhere in the world. - . - m. You means the individual or entity exercising the Licensed Rights - under this Public License. Your has a corresponding meaning. - . - . - Section 2 -- Scope. - . - a. License grant. - . - 1. Subject to the terms and conditions of this Public License, - the Licensor hereby grants You a worldwide, royalty-free, - non-sublicensable, non-exclusive, irrevocable license to - exercise the Licensed Rights in the Licensed Material to: - . - a. reproduce and Share the Licensed Material, in whole or - in part; and - . - b. produce, reproduce, and Share Adapted Material. - . - 2. Exceptions and Limitations. For the avoidance of doubt, where - Exceptions and Limitations apply to Your use, this Public - License does not apply, and You do not need to comply with - its terms and conditions. - . - 3. Term. The term of this Public License is specified in Section - 6(a). - . - 4. Media and formats; technical modifications allowed. The - Licensor authorizes You to exercise the Licensed Rights in - all media and formats whether now known or hereafter created, - and to make technical modifications necessary to do so. The - Licensor waives and/or agrees not to assert any right or - authority to forbid You from making technical modifications - necessary to exercise the Licensed Rights, including - technical modifications necessary to circumvent Effective - Technological Measures. For purposes of this Public License, - simply making modifications authorized by this Section 2(a) - (4) never produces Adapted Material. - . - 5. Downstream recipients. - . - a. Offer from the Licensor -- Licensed Material. Every - recipient of the Licensed Material automatically - receives an offer from the Licensor to exercise the - Licensed Rights under the terms and conditions of this - Public License. - . - b. Additional offer from the Licensor -- Adapted Material. - Every recipient of Adapted Material from You - automatically receives an offer from the Licensor to - exercise the Licensed Rights in the Adapted Material - under the conditions of the Adapter's License You apply. - . - c. No downstream restrictions. You may not offer or impose - any additional or different terms or conditions on, or - apply any Effective Technological Measures to, the - Licensed Material if doing so restricts exercise of the - Licensed Rights by any recipient of the Licensed - Material. - . - 6. No endorsement. Nothing in this Public License constitutes or - may be construed as permission to assert or imply that You - are, or that Your use of the Licensed Material is, connected - with, or sponsored, endorsed, or granted official status by, - the Licensor or others designated to receive attribution as - provided in Section 3(a)(1)(A)(i). - . - b. Other rights. - . - 1. Moral rights, such as the right of integrity, are not - licensed under this Public License, nor are publicity, - privacy, and/or other similar personality rights; however, to - the extent possible, the Licensor waives and/or agrees not to - assert any such rights held by the Licensor to the limited - extent necessary to allow You to exercise the Licensed - Rights, but not otherwise. - . - 2. Patent and trademark rights are not licensed under this - Public License. - . - 3. To the extent possible, the Licensor waives any right to - collect royalties from You for the exercise of the Licensed - Rights, whether directly or through a collecting society - under any voluntary or waivable statutory or compulsory - licensing scheme. In all other cases the Licensor expressly - reserves any right to collect such royalties. - . - . - Section 3 -- License Conditions. - . - Your exercise of the Licensed Rights is expressly made subject to the - following conditions. - . - a. Attribution. - . - 1. If You Share the Licensed Material (including in modified - form), You must: - . - a. retain the following if it is supplied by the Licensor - with the Licensed Material: - . - i. identification of the creator(s) of the Licensed - Material and any others designated to receive - attribution, in any reasonable manner requested by - the Licensor (including by pseudonym if - designated); - . - ii. a copyright notice; - . - iii. a notice that refers to this Public License; - . - iv. a notice that refers to the disclaimer of - warranties; - . - v. a URI or hyperlink to the Licensed Material to the - extent reasonably practicable; - . - b. indicate if You modified the Licensed Material and - retain an indication of any previous modifications; and - . - c. indicate the Licensed Material is licensed under this - Public License, and include the text of, or the URI or - hyperlink to, this Public License. - . - 2. You may satisfy the conditions in Section 3(a)(1) in any - reasonable manner based on the medium, means, and context in - which You Share the Licensed Material. For example, it may be - reasonable to satisfy the conditions by providing a URI or - hyperlink to a resource that includes the required - information. - . - 3. If requested by the Licensor, You must remove any of the - information required by Section 3(a)(1)(A) to the extent - reasonably practicable. - . - b. ShareAlike. - . - In addition to the conditions in Section 3(a), if You Share - Adapted Material You produce, the following conditions also apply. - . - 1. The Adapter's License You apply must be a Creative Commons - license with the same License Elements, this version or - later, or a BY-SA Compatible License. - . - 2. You must include the text of, or the URI or hyperlink to, the - Adapter's License You apply. You may satisfy this condition - in any reasonable manner based on the medium, means, and - context in which You Share Adapted Material. - . - 3. You may not offer or impose any additional or different terms - or conditions on, or apply any Effective Technological - Measures to, Adapted Material that restrict exercise of the - rights granted under the Adapter's License You apply. - . - . - Section 4 -- Sui Generis Database Rights. - . - Where the Licensed Rights include Sui Generis Database Rights that - apply to Your use of the Licensed Material: - . - a. for the avoidance of doubt, Section 2(a)(1) grants You the right - to extract, reuse, reproduce, and Share all or a substantial - portion of the contents of the database; - . - b. if You include all or a substantial portion of the database - contents in a database in which You have Sui Generis Database - Rights, then the database in which You have Sui Generis Database - Rights (but not its individual contents) is Adapted Material, - . - including for purposes of Section 3(b); and - c. You must comply with the conditions in Section 3(a) if You Share - all or a substantial portion of the contents of the database. - . - For the avoidance of doubt, this Section 4 supplements and does not - replace Your obligations under this Public License where the Licensed - Rights include other Copyright and Similar Rights. - . - . - Section 5 -- Disclaimer of Warranties and Limitation of Liability. - . - a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE - EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS - AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF - ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, - IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, - WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR - PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, - ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT - KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT - ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. - . - b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE - TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, - NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, - INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, - COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR - USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN - ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR - DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR - IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. - . - c. The disclaimer of warranties and limitation of liability provided - above shall be interpreted in a manner that, to the extent - possible, most closely approximates an absolute disclaimer and - waiver of all liability. - . - . - Section 6 -- Term and Termination. - . - a. This Public License applies for the term of the Copyright and - Similar Rights licensed here. However, if You fail to comply with - this Public License, then Your rights under this Public License - terminate automatically. - . - b. Where Your right to use the Licensed Material has terminated under - Section 6(a), it reinstates: - . - 1. automatically as of the date the violation is cured, provided - it is cured within 30 days of Your discovery of the - violation; or - . - 2. upon express reinstatement by the Licensor. - . - For the avoidance of doubt, this Section 6(b) does not affect any - right the Licensor may have to seek remedies for Your violations - of this Public License. - . - c. For the avoidance of doubt, the Licensor may also offer the - Licensed Material under separate terms or conditions or stop - distributing the Licensed Material at any time; however, doing so - will not terminate this Public License. - . - d. Sections 1, 5, 6, 7, and 8 survive termination of this Public - License. - . - . - Section 7 -- Other Terms and Conditions. - . - a. The Licensor shall not be bound by any additional or different - terms or conditions communicated by You unless expressly agreed. - . - b. Any arrangements, understandings, or agreements regarding the - Licensed Material not stated herein are separate from and - independent of the terms and conditions of this Public License. - . - . - Section 8 -- Interpretation. - . - a. For the avoidance of doubt, this Public License does not, and - shall not be interpreted to, reduce, limit, restrict, or impose - conditions on any use of the Licensed Material that could lawfully - be made without permission under this Public License. - . - b. To the extent possible, if any provision of this Public License is - deemed unenforceable, it shall be automatically reformed to the - minimum extent necessary to make it enforceable. If the provision - cannot be reformed, it shall be severed from this Public License - without affecting the enforceability of the remaining terms and - conditions. - . - c. No term or condition of this Public License will be waived and no - failure to comply consented to unless expressly agreed to by the - Licensor. - . - d. Nothing in this Public License constitutes or may be interpreted - as a limitation upon, or waiver of, any privileges and immunities - that apply to the Licensor or You, including from the legal - processes of any jurisdiction or authority. - . - . - ======================================================================= - . - Creative Commons is not a party to its public - licenses. Notwithstanding, Creative Commons may elect to apply one of - its public licenses to material it publishes and in those instances - will be considered the “Licensor.” The text of the Creative Commons - public licenses is dedicated to the public domain under the CC0 Public - Domain Dedication. Except for the limited purpose of indicating that - material is shared under a Creative Commons public license or as - otherwise permitted by the Creative Commons policies published at - creativecommons.org/policies, Creative Commons does not authorize the - use of the trademark "Creative Commons" or any other trademark or logo - of Creative Commons without its prior written consent including, - without limitation, in connection with any unauthorized modifications - to any of its public licenses or any other arrangements, - understandings, or agreements concerning use of licensed material. For - the avoidance of doubt, this paragraph does not form part of the - public licenses. - . - Creative Commons may be contacted at creativecommons.org. - -License: CC-BY-4.0 - Attribution 4.0 International - . - ======================================================================= - . - Creative Commons Corporation ("Creative Commons") is not a law firm and - does not provide legal services or legal advice. Distribution of - Creative Commons public licenses does not create a lawyer-client or - other relationship. Creative Commons makes its licenses and related - information available on an "as-is" basis. Creative Commons gives no - warranties regarding its licenses, any material licensed under their - terms and conditions, or any related information. Creative Commons - disclaims all liability for damages resulting from their use to the - fullest extent possible. - . - Using Creative Commons Public Licenses - . - Creative Commons public licenses provide a standard set of terms and - conditions that creators and other rights holders may use to share - original works of authorship and other material subject to copyright - and certain other rights specified in the public license below. The - following considerations are for informational purposes only, are not - exhaustive, and do not form part of our licenses. - . - Considerations for licensors: Our public licenses are - intended for use by those authorized to give the public - permission to use material in ways otherwise restricted by - copyright and certain other rights. Our licenses are - irrevocable. Licensors should read and understand the terms - and conditions of the license they choose before applying it. - Licensors should also secure all rights necessary before - applying our licenses so that the public can reuse the - material as expected. Licensors should clearly mark any - material not subject to the license. This includes other CC- - licensed material, or material used under an exception or - limitation to copyright. More considerations for licensors: - wiki.creativecommons.org/Considerations_for_licensors - . - Considerations for the public: By using one of our public - licenses, a licensor grants the public permission to use the - licensed material under specified terms and conditions. If - the licensor's permission is not necessary for any reason--for - example, because of any applicable exception or limitation to - copyright--then that use is not regulated by the license. Our - licenses grant only permissions under copyright and certain - other rights that a licensor has authority to grant. Use of - the licensed material may still be restricted for other - reasons, including because others have copyright or other - rights in the material. A licensor may make special requests, - such as asking that all changes be marked or described. - Although not required by our licenses, you are encouraged to - respect those requests where reasonable. More_considerations - for the public: - wiki.creativecommons.org/Considerations_for_licensees - . - ======================================================================= - . - Creative Commons Attribution 4.0 International Public License - . - By exercising the Licensed Rights (defined below), You accept and agree - to be bound by the terms and conditions of this Creative Commons - Attribution 4.0 International Public License ("Public License"). To the - extent this Public License may be interpreted as a contract, You are - granted the Licensed Rights in consideration of Your acceptance of - these terms and conditions, and the Licensor grants You such rights in - consideration of benefits the Licensor receives from making the - Licensed Material available under these terms and conditions. - . - . - Section 1 -- Definitions. - . - a. Adapted Material means material subject to Copyright and Similar - Rights that is derived from or based upon the Licensed Material - and in which the Licensed Material is translated, altered, - arranged, transformed, or otherwise modified in a manner requiring - permission under the Copyright and Similar Rights held by the - Licensor. For purposes of this Public License, where the Licensed - Material is a musical work, performance, or sound recording, - Adapted Material is always produced where the Licensed Material is - synched in timed relation with a moving image. - . - b. Adapter's License means the license You apply to Your Copyright - and Similar Rights in Your contributions to Adapted Material in - accordance with the terms and conditions of this Public License. - . - c. Copyright and Similar Rights means copyright and/or similar rights - closely related to copyright including, without limitation, - performance, broadcast, sound recording, and Sui Generis Database - Rights, without regard to how the rights are labeled or - categorized. For purposes of this Public License, the rights - specified in Section 2(b)(1)-(2) are not Copyright and Similar - Rights. - . - d. Effective Technological Measures means those measures that, in the - absence of proper authority, may not be circumvented under laws - fulfilling obligations under Article 11 of the WIPO Copyright - Treaty adopted on December 20, 1996, and/or similar international - agreements. - . - e. Exceptions and Limitations means fair use, fair dealing, and/or - any other exception or limitation to Copyright and Similar Rights - that applies to Your use of the Licensed Material. - . - f. Licensed Material means the artistic or literary work, database, - or other material to which the Licensor applied this Public - License. - . - g. Licensed Rights means the rights granted to You subject to the - terms and conditions of this Public License, which are limited to - all Copyright and Similar Rights that apply to Your use of the - Licensed Material and that the Licensor has authority to license. - . - h. Licensor means the individual(s) or entity(ies) granting rights - under this Public License. - . - i. Share means to provide material to the public by any means or - process that requires permission under the Licensed Rights, such - as reproduction, public display, public performance, distribution, - dissemination, communication, or importation, and to make material - available to the public including in ways that members of the - public may access the material from a place and at a time - individually chosen by them. - . - j. Sui Generis Database Rights means rights other than copyright - resulting from Directive 96/9/EC of the European Parliament and of - the Council of 11 March 1996 on the legal protection of databases, - as amended and/or succeeded, as well as other essentially - equivalent rights anywhere in the world. - . - k. You means the individual or entity exercising the Licensed Rights - under this Public License. Your has a corresponding meaning. - . - . - Section 2 -- Scope. - . - a. License grant. - . - 1. Subject to the terms and conditions of this Public License, - the Licensor hereby grants You a worldwide, royalty-free, - non-sublicensable, non-exclusive, irrevocable license to - exercise the Licensed Rights in the Licensed Material to: - . - a. reproduce and Share the Licensed Material, in whole or - in part; and - . - b. produce, reproduce, and Share Adapted Material. - . - 2. Exceptions and Limitations. For the avoidance of doubt, where - Exceptions and Limitations apply to Your use, this Public - License does not apply, and You do not need to comply with - its terms and conditions. - . - 3. Term. The term of this Public License is specified in Section - 6(a). - . - 4. Media and formats; technical modifications allowed. The - Licensor authorizes You to exercise the Licensed Rights in - all media and formats whether now known or hereafter created, - and to make technical modifications necessary to do so. The - Licensor waives and/or agrees not to assert any right or - authority to forbid You from making technical modifications - necessary to exercise the Licensed Rights, including - technical modifications necessary to circumvent Effective - Technological Measures. For purposes of this Public License, - simply making modifications authorized by this Section 2(a) - (4) never produces Adapted Material. - . - 5. Downstream recipients. - . - a. Offer from the Licensor -- Licensed Material. Every - recipient of the Licensed Material automatically - receives an offer from the Licensor to exercise the - Licensed Rights under the terms and conditions of this - Public License. - . - b. No downstream restrictions. You may not offer or impose - any additional or different terms or conditions on, or - apply any Effective Technological Measures to, the - Licensed Material if doing so restricts exercise of the - Licensed Rights by any recipient of the Licensed - Material. - . - 6. No endorsement. Nothing in this Public License constitutes or - may be construed as permission to assert or imply that You - are, or that Your use of the Licensed Material is, connected - with, or sponsored, endorsed, or granted official status by, - the Licensor or others designated to receive attribution as - provided in Section 3(a)(1)(A)(i). - . - b. Other rights. - . - 1. Moral rights, such as the right of integrity, are not - licensed under this Public License, nor are publicity, - privacy, and/or other similar personality rights; however, to - the extent possible, the Licensor waives and/or agrees not to - assert any such rights held by the Licensor to the limited - extent necessary to allow You to exercise the Licensed - Rights, but not otherwise. - . - 2. Patent and trademark rights are not licensed under this - Public License. - . - 3. To the extent possible, the Licensor waives any right to - collect royalties from You for the exercise of the Licensed - Rights, whether directly or through a collecting society - under any voluntary or waivable statutory or compulsory - licensing scheme. In all other cases the Licensor expressly - reserves any right to collect such royalties. - . - . - Section 3 -- License Conditions. - . - Your exercise of the Licensed Rights is expressly made subject to the - following conditions. - . - a. Attribution. - . - 1. If You Share the Licensed Material (including in modified - form), You must: - . - a. retain the following if it is supplied by the Licensor - with the Licensed Material: - . - i. identification of the creator(s) of the Licensed - Material and any others designated to receive - attribution, in any reasonable manner requested by - the Licensor (including by pseudonym if - designated); - . - ii. a copyright notice; - . - iii. a notice that refers to this Public License; - . - iv. a notice that refers to the disclaimer of - warranties; - . - v. a URI or hyperlink to the Licensed Material to the - extent reasonably practicable; - . - b. indicate if You modified the Licensed Material and - retain an indication of any previous modifications; and - . - c. indicate the Licensed Material is licensed under this - Public License, and include the text of, or the URI or - hyperlink to, this Public License. - . - 2. You may satisfy the conditions in Section 3(a)(1) in any - reasonable manner based on the medium, means, and context in - which You Share the Licensed Material. For example, it may be - reasonable to satisfy the conditions by providing a URI or - hyperlink to a resource that includes the required - information. - . - 3. If requested by the Licensor, You must remove any of the - information required by Section 3(a)(1)(A) to the extent - reasonably practicable. - . - 4. If You Share Adapted Material You produce, the Adapter's - License You apply must not prevent recipients of the Adapted - Material from complying with this Public License. - . - . - Section 4 -- Sui Generis Database Rights. - . - Where the Licensed Rights include Sui Generis Database Rights that - apply to Your use of the Licensed Material: - . - a. for the avoidance of doubt, Section 2(a)(1) grants You the right - to extract, reuse, reproduce, and Share all or a substantial - portion of the contents of the database; - . - b. if You include all or a substantial portion of the database - contents in a database in which You have Sui Generis Database - Rights, then the database in which You have Sui Generis Database - Rights (but not its individual contents) is Adapted Material; and - . - c. You must comply with the conditions in Section 3(a) if You Share - all or a substantial portion of the contents of the database. - . - For the avoidance of doubt, this Section 4 supplements and does not - replace Your obligations under this Public License where the Licensed - Rights include other Copyright and Similar Rights. - . - . - Section 5 -- Disclaimer of Warranties and Limitation of Liability. - . - a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE - EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS - AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF - ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, - IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, - WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR - PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, - ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT - KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT - ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. - . - b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE - TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, - NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, - INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, - COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR - USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN - ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR - DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR - IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. - . - c. The disclaimer of warranties and limitation of liability provided - above shall be interpreted in a manner that, to the extent - possible, most closely approximates an absolute disclaimer and - waiver of all liability. - . - . - Section 6 -- Term and Termination. - . - a. This Public License applies for the term of the Copyright and - Similar Rights licensed here. However, if You fail to comply with - this Public License, then Your rights under this Public License - terminate automatically. - . - b. Where Your right to use the Licensed Material has terminated under - Section 6(a), it reinstates: - . - 1. automatically as of the date the violation is cured, provided - it is cured within 30 days of Your discovery of the - violation; or - . - 2. upon express reinstatement by the Licensor. - . - For the avoidance of doubt, this Section 6(b) does not affect any - right the Licensor may have to seek remedies for Your violations - of this Public License. - . - c. For the avoidance of doubt, the Licensor may also offer the - Licensed Material under separate terms or conditions or stop - distributing the Licensed Material at any time; however, doing so - will not terminate this Public License. - . - d. Sections 1, 5, 6, 7, and 8 survive termination of this Public - License. - . - . - Section 7 -- Other Terms and Conditions. - . - a. The Licensor shall not be bound by any additional or different - terms or conditions communicated by You unless expressly agreed. - . - b. Any arrangements, understandings, or agreements regarding the - Licensed Material not stated herein are separate from and - independent of the terms and conditions of this Public License. - . - . - Section 8 -- Interpretation. - . - a. For the avoidance of doubt, this Public License does not, and - shall not be interpreted to, reduce, limit, restrict, or impose - conditions on any use of the Licensed Material that could lawfully - be made without permission under this Public License. - . - b. To the extent possible, if any provision of this Public License is - deemed unenforceable, it shall be automatically reformed to the - minimum extent necessary to make it enforceable. If the provision - cannot be reformed, it shall be severed from this Public License - without affecting the enforceability of the remaining terms and - conditions. - . - c. No term or condition of this Public License will be waived and no - failure to comply consented to unless expressly agreed to by the - Licensor. - . - d. Nothing in this Public License constitutes or may be interpreted - as a limitation upon, or waiver of, any privileges and immunities - that apply to the Licensor or You, including from the legal - processes of any jurisdiction or authority. - . - . - ======================================================================= - . - Creative Commons is not a party to its public - licenses. Notwithstanding, Creative Commons may elect to apply one of - its public licenses to material it publishes and in those instances - will be considered the “Licensor.” The text of the Creative Commons - public licenses is dedicated to the public domain under the CC0 Public - Domain Dedication. Except for the limited purpose of indicating that - material is shared under a Creative Commons public license or as - otherwise permitted by the Creative Commons policies published at - creativecommons.org/policies, Creative Commons does not authorize the - use of the trademark "Creative Commons" or any other trademark or logo - of Creative Commons without its prior written consent including, - without limitation, in connection with any unauthorized modifications - to any of its public licenses or any other arrangements, - understandings, or agreements concerning use of licensed material. For - the avoidance of doubt, this paragraph does not form part of the - public licenses. - . - Creative Commons may be contacted at creativecommons.org. - diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubeadm.conf b/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubeadm.conf deleted file mode 100644 index 238704288..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubeadm.conf +++ /dev/null @@ -1,17 +0,0 @@ -# Note: This dropin only works with kubeadm and kubelet v1.11+ -[Service] -Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf" -Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml" -# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically -EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env -# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use -# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file. -EnvironmentFile=-/etc/default/kubelet -ExecStart= -ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS -ExecStartPre=-/usr/local/sbin/sanitize_kubelet_reserved_cpus.sh /etc/default/kubelet -ExecStartPre=-/usr/bin/kubelet-cgroup-setup.sh -ExecStartPost=/bin/bash -c 'echo $MAINPID > /var/run/kubelet.pid;' -ExecStopPost=/bin/rm -f /var/run/kubelet.pid -StartLimitInterval=0 -RestartSec=10 diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-client.install b/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-client.install deleted file mode 100644 index 4c092e752..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-client.install +++ /dev/null @@ -1,2 +0,0 @@ -usr/local/kubernetes/1.28.4/stage2/usr/bin/kubectl -usr/local/kubernetes/1.28.4/stage2/usr/share/bash-completion/completions/kubectl diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-client.lintian-overrides b/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-client.lintian-overrides deleted file mode 100644 index 160b6783b..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-client.lintian-overrides +++ /dev/null @@ -1,9 +0,0 @@ -## Generated man pages: TODO -manpage-has-bad-whatis-entry usr/share/man/* -manpage-has-errors-from-man usr/share/man/man1/* - -## Bash-completion script does not have to be executable: -script-not-executable usr/share/bash-completion/completions/kubectl - -## Override annoying/useless messages -kubernetes-client: spelling-error-in-binary diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-kubeadm.dirs b/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-kubeadm.dirs deleted file mode 100644 index 8ec51ffc2..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-kubeadm.dirs +++ /dev/null @@ -1 +0,0 @@ -usr/local/kubernetes/1.28.4/stage2/etc/systemd/system/kubelet.service.d/ diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-kubeadm.install b/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-kubeadm.install deleted file mode 100644 index 17ea55775..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-kubeadm.install +++ /dev/null @@ -1,2 +0,0 @@ -usr/local/kubernetes/1.28.4/stage1/usr/bin/kubeadm -usr/local/kubernetes/1.28.4/stage2/etc/systemd/system/kubelet.service.d/kubeadm.conf diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-master.dirs b/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-master.dirs deleted file mode 100644 index 3f10e4558..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-master.dirs +++ /dev/null @@ -1,5 +0,0 @@ -etc/kubernetes-1.28.4 -etc/kubernetes-1.28.4/addons -etc/kubernetes-1.28.4/addons/volumesnapshots -etc/kubernetes-1.28.4/addons/volumesnapshots/crd -etc/kubernetes-1.28.4/addons/volumesnapshots/volume-snapshot-controller diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-master.install b/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-master.install deleted file mode 100644 index d68ed8f29..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-master.install +++ /dev/null @@ -1,8 +0,0 @@ -usr/bin/kube-apiserver -usr/bin/kube-controller-manager -usr/bin/kube-scheduler -etc/kubernetes-1.28.4/addons/volumesnapshots/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml -etc/kubernetes-1.28.4/addons/volumesnapshots/crd/snapshot.storage.k8s.io_volumesnapshotclasses.yaml -etc/kubernetes-1.28.4/addons/volumesnapshots/crd/snapshot.storage.k8s.io_volumesnapshots.yaml -etc/kubernetes-1.28.4/addons/volumesnapshots/volume-snapshot-controller/volume-snapshot-controller-deployment.yaml -etc/kubernetes-1.28.4/addons/volumesnapshots/volume-snapshot-controller/rbac-volume-snapshot-controller.yaml diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-master.lintian-overrides b/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-master.lintian-overrides deleted file mode 100644 index f73c63ffd..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-master.lintian-overrides +++ /dev/null @@ -1,7 +0,0 @@ -## No manual page for hyperkube -kubernetes-master: binary-without-manpage usr/bin/hyperkube - -## Override annoying/useless messages -kubernetes-master: spelling-error-in-binary -kubernetes-master: manpage-has-errors-from-man usr/share/man/man1/* -kubernetes-master: manpage-has-bad-whatis-entry usr/share/man/man1/* diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-misc.docs b/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-misc.docs deleted file mode 100644 index 1dc3a103d..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-misc.docs +++ /dev/null @@ -1,3 +0,0 @@ -src/k8s.io/kubernetes/README.md -src/k8s.io/kubernetes/SUPPORT.md -src/k8s.io/kubernetes/_output/NOTICE diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-misc.install b/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-misc.install deleted file mode 100644 index f5d4f5581..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-misc.install +++ /dev/null @@ -1 +0,0 @@ -usr/bin/kube-proxy diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-misc.manpages b/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-misc.manpages deleted file mode 100644 index e7203adc2..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-misc.manpages +++ /dev/null @@ -1,10 +0,0 @@ -# kubernetes-client -src/k8s.io/kubernetes/_output/man/kubeadm* -src/k8s.io/kubernetes/_output/man/kubectl* -# kubernetes-master -src/k8s.io/kubernetes/_output/man/kube-apiserver* -src/k8s.io/kubernetes/_output/man/kube-scheduler* -src/k8s.io/kubernetes/_output/man/kube-controller-manager* -# kubernetes-node -src/k8s.io/kubernetes/_output/man/kubelet* -src/k8s.io/kubernetes/_output/man/kube-proxy* diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-node.install b/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-node.install deleted file mode 100644 index b0ec96106..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-node.install +++ /dev/null @@ -1 +0,0 @@ -usr/local/kubernetes/1.28.4/stage2/usr/bin/kubelet diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-node.lintian-overrides b/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-node.lintian-overrides deleted file mode 100644 index 99d470def..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-node.lintian-overrides +++ /dev/null @@ -1,4 +0,0 @@ -## Override annoying/useless messages -kubernetes-node: spelling-error-in-binary -kubernetes-node: manpage-has-errors-from-man usr/share/man/man1/* -kubernetes-node: manpage-has-bad-whatis-entry usr/share/man/man1/* diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-unit-test.install b/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-unit-test.install deleted file mode 100644 index 4afdbf051..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/kubernetes-1.28.4-unit-test.install +++ /dev/null @@ -1 +0,0 @@ -var/lib/kubernetes-unit-test/ diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch b/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch deleted file mode 100644 index 6d3f026fe..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 904157cdf02bf9dd0d90af4372ceadd16717e806 Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Mon, 6 Nov 2023 02:22:16 -0500 -Subject: [PATCH] Affinity of guaranteed pod to non-isolated CPUs - -This corrects kubelet cpumanager static cpuset tracking for isolcpus -for versions 1.26.1 and 1.27.5. This ensures that pods specified with -isolcpus + guaranteed QoS + integer cpu requests, are affined to -exclusive cpuset and tracked as non-isolated cpus. - -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/cpumanager/policy_static.go | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index e9a2defd848..c76a6edbc20 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -343,7 +343,10 @@ func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Contai - return nil - } - -- if isolcpus := p.podIsolCPUs(pod, container); isolcpus.Size() > 0 { -+ cpuQuantity := container.Resources.Requests[v1.ResourceCPU] -+ fractionalCpuQuantity := cpuQuantity.MilliValue() % 1000 -+ if isolcpus := p.podIsolCPUs(pod, container); isolcpus.Size() > 0 && -+ v1qos.GetPodQOS(pod) != v1.PodQOSGuaranteed && fractionalCpuQuantity == 0{ - // container has requested isolated CPUs - if set, ok := s.GetCPUSet(string(pod.UID), container.Name); ok { - if set.Equals(isolcpus) { --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch b/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch deleted file mode 100644 index 23c0925f4..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/Identify-platform-pods-based-on-pod-or-namespace-labels.patch +++ /dev/null @@ -1,432 +0,0 @@ -From 74eabf7a9f51f4061db6ed0d963c94131286db98 Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Mon, 1 Apr 2024 03:28:34 -0400 -Subject: [PATCH] Identify platform pods based on pod or namespace labels - -Pods with namespace 'kube-system', or labeled with -'app.starlingx.io/component=platform' are identified as 'platform'. -These have isolated cpu affinity cpuset when cpu-manager 'static' -policy is configured. - -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/cpumanager/policy_static.go | 96 ++++++++++-- - .../cm/cpumanager/policy_static_test.go | 148 +++++++++++++++++- - .../cm/cpumanager/topology_hints_test.go | 4 + - 3 files changed, 235 insertions(+), 13 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index c76a6edbc20..e2187ab6f6a 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -17,14 +17,20 @@ limitations under the License. - package cpumanager - - import ( -+ "context" - "fmt" - "strconv" - -+ k8sclient "k8s.io/client-go/kubernetes" -+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -+ restclient "k8s.io/client-go/rest" - v1 "k8s.io/api/core/v1" -+ "k8s.io/client-go/tools/clientcmd" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/klog/v2" - podutil "k8s.io/kubernetes/pkg/api/v1/pod" - v1qos "k8s.io/kubernetes/pkg/apis/core/v1/helper/qos" -+ "k8s.io/kubernetes/cmd/kubeadm/app/constants" - "k8s.io/kubernetes/pkg/features" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" -@@ -45,6 +51,23 @@ const ( - ErrorSMTAlignment = "SMTAlignmentError" - ) - -+// Declared as variables so that they can easily more -+// overridden during testing -+type getPodNamespace func(string) (*v1.Namespace, error) -+type buildFromConfigFlag func(masterUrl string, kubeconfigPath string) (*restclient.Config, error) -+type isKubeInfraFunc func(pod *v1.Pod) bool -+ -+var varGetNamespaceObject getPodNamespace -+var varBuildConfigFromFlags buildFromConfigFlag -+var varIsKubeInfra isKubeInfraFunc -+ -+func init() { -+ varIsKubeInfra = isKubeInfra -+ varGetNamespaceObject = getPodNamespaceObject -+ varBuildConfigFromFlags = clientcmd.BuildConfigFromFlags -+} -+ -+ - // SMTAlignmentError represents an error due to SMT alignment - type SMTAlignmentError struct { - RequestedCPUs int -@@ -64,11 +87,6 @@ func (e SMTAlignmentError) Type() string { - return ErrorSMTAlignment - } - --// Define namespaces used by platform infrastructure pods --var infraNamespaces = [...]string{ -- "kube-system", "armada", "cert-manager", "platform-deployment-manager", "portieris", "vault", "notification", "flux-helm", "metrics-server", --} -- - // staticPolicy is a CPU manager policy that does not change CPU - // assignments for exclusively pinned guaranteed containers after the main - // container process starts. -@@ -324,7 +342,7 @@ func (p *staticPolicy) updateCPUsToReuse(pod *v1.Pod, container *v1.Container, c - - func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Container) (rerr error) { - // Process infra pods before guaranteed pods -- if isKubeInfra(pod) { -+ if varIsKubeInfra(pod) { - // Container belongs in reserved pool. - // We don't want to fall through to the p.guaranteedCPUs() clause below so return either nil or error. - if _, ok := s.GetCPUSet(string(pod.UID), container.Name); ok { -@@ -522,7 +540,7 @@ func (p *staticPolicy) guaranteedCPUs(pod *v1.Pod, container *v1.Container) int - return 0 - } - // Infrastructure pods use reserved CPUs even if they're in the Guaranteed QoS class -- if isKubeInfra(pod) { -+ if varIsKubeInfra(pod) { - return 0 - } - // Safe downcast to do for all systems with < 2.1 billion CPUs. -@@ -743,14 +761,68 @@ func (p *staticPolicy) generateCPUTopologyHints(availableCPUs cpuset.CPUSet, reu - return hints - } - --// check if a given pod is in a platform infrastructure namespace -+func getPodNamespaceObject(podNamespaceName string) (*v1.Namespace, error) { -+ -+ kubeConfigPath := constants.GetKubeletKubeConfigPath() -+ cfg, err := varBuildConfigFromFlags("", kubeConfigPath) -+ if err != nil { -+ klog.Error("Failed to build client config from ", kubeConfigPath, err.Error()) -+ return nil, err -+ } -+ -+ clientset, err := k8sclient.NewForConfig(cfg) -+ if err != nil { -+ klog.Error("Failed to get clientset for KUBECONFIG ", kubeConfigPath, err.Error()) -+ return nil, err -+ } -+ -+ namespaceObj, err := clientset.CoreV1().Namespaces().Get(context.TODO(), podNamespaceName, metav1.GetOptions{}) -+ if err != nil { -+ klog.Error("Error getting namespace object:", err.Error()) -+ return nil, err -+ } -+ -+ return namespaceObj, nil -+ -+} -+ -+// check if a given pod is labelled as platform pod or -+// is in a namespace labelled as a platform namespace - func isKubeInfra(pod *v1.Pod) bool { -- for _, namespace := range infraNamespaces { -- if namespace == pod.Namespace { -- return true -- } -+ -+ podName := pod.GetName() -+ podNamespaceName := pod.GetNamespace() -+ -+ if podNamespaceName == "kube-system" { -+ klog.Infof("Pod %s has %s namespace. Treating as platform pod.", podName , podNamespaceName) -+ return true -+ } -+ -+ klog.InfoS("Checking pod ", podName , " for label 'app.starlingx.io/component=platform'.") -+ podLabels := pod.GetLabels() -+ val, ok := podLabels["app.starlingx.io/component"] -+ if (ok && val == "platform") { -+ klog.InfoS("Pod ", podName, " has 'app.starlingx.io/component=platform' label. Treating as platform pod.") -+ return true - } -+ -+ klog.V(4).InfoS("Pod ", pod.GetName(), " does not have 'app.starlingx.io/component=platform' label. Checking its namespace information...") -+ -+ namespaceObj, err := varGetNamespaceObject(podNamespaceName) -+ if err != nil { -+ return false -+ } -+ -+ namespaceLabels := namespaceObj.GetLabels() -+ val, ok = namespaceLabels["app.starlingx.io/component"] -+ if ok && val == "platform" { -+ klog.InfoS("For pod: ", podName, ", its Namespace ", podNamespaceName, " has 'app.starlingx.io/component=platform' label. Treating as platform pod.") -+ return true -+ } -+ -+ klog.InfoS("Neither pod ", podName, " nor its namespace ", podNamespaceName, " has 'app.starlingx.io/component=platform' label. Not treating as platform pod.") - return false -+ - } - - // get the isolated CPUs (if any) from the devices associated with a specific container -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index cb363bb29ab..d75a4e85e51 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -17,10 +17,13 @@ limitations under the License. - package cpumanager - - import ( -+ "errors" - "fmt" - "reflect" - "testing" - -+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -+ restclient "k8s.io/client-go/rest" - v1 "k8s.io/api/core/v1" - utilfeature "k8s.io/apiserver/pkg/util/feature" - featuregatetesting "k8s.io/component-base/featuregate/testing" -@@ -926,6 +929,7 @@ type staticPolicyTestWithResvList struct { - stAssignments state.ContainerCPUAssignments - stDefaultCPUSet cpuset.CPUSet - pod *v1.Pod -+ isKubeInfraPodfunc isKubeInfraFunc - expErr error - expNewErr error - expCPUAlloc bool -@@ -998,6 +1002,14 @@ func TestStaticPolicyStartWithResvList(t *testing.T) { - } - } - -+func fakeIsKubeInfraTrue(pod *v1.Pod) bool { -+ return true -+} -+ -+func fakeIsKubeInfraFalse(pod *v1.Pod) bool { -+ return false -+} -+ - func TestStaticPolicyAddWithResvList(t *testing.T) { - infraPod := makePod("fakePod", "fakeContainer2", "200m", "200m") - infraPod.Namespace = "kube-system" -@@ -1011,6 +1023,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - stAssignments: state.ContainerCPUAssignments{}, - stDefaultCPUSet: cpuset.New(1, 2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "8000m", "8000m"), -+ isKubeInfraPodfunc: fakeIsKubeInfraFalse, - expErr: fmt.Errorf("not enough cpus available to satisfy request"), - expCPUAlloc: false, - expCSet: cpuset.New(), -@@ -1024,6 +1037,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - stAssignments: state.ContainerCPUAssignments{}, - stDefaultCPUSet: cpuset.New(2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "1000m", "1000m"), -+ isKubeInfraPodfunc: fakeIsKubeInfraFalse, - expErr: nil, - expCPUAlloc: true, - expCSet: cpuset.New(4), // expect sibling of partial core -@@ -1041,6 +1055,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - }, - stDefaultCPUSet: cpuset.New(0, 1, 4, 5), - pod: makePod("fakePod", "fakeContainer3", "2000m", "2000m"), -+ isKubeInfraPodfunc: fakeIsKubeInfraFalse, - expErr: nil, - expCPUAlloc: true, - expCSet: cpuset.New(4, 5), -@@ -1058,6 +1073,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - }, - stDefaultCPUSet: cpuset.New(4, 5), - pod: infraPod, -+ isKubeInfraPodfunc: fakeIsKubeInfraTrue, - expErr: nil, - expCPUAlloc: true, - expCSet: cpuset.New(0, 1), -@@ -1075,6 +1091,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - }, - stDefaultCPUSet: cpuset.New(4, 5), - pod: infraPod, -+ isKubeInfraPodfunc: fakeIsKubeInfraTrue, - expErr: nil, - expCPUAlloc: true, - expCSet: cpuset.New(0), -@@ -1090,7 +1107,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - assignments: testCase.stAssignments, - defaultCPUSet: testCase.stDefaultCPUSet, - } -- -+ varIsKubeInfra = testCase.isKubeInfraPodfunc - container := &testCase.pod.Spec.Containers[0] - err := policy.Allocate(st, testCase.pod, container) - if !reflect.DeepEqual(err, testCase.expErr) { -@@ -1215,3 +1232,132 @@ func newCPUSetPtr(cpus ...int) *cpuset.CPUSet { - ret := cpuset.New(cpus...) - return &ret - } -+ -+func makePodWithLabels(podLabels map[string]string) *v1.Pod { -+ return &v1.Pod{ -+ ObjectMeta: metav1.ObjectMeta{ -+ Name: "test-pod", -+ Namespace: "test-namespace", -+ Labels: podLabels, -+ }, -+ } -+} -+ -+func fakeBuildConfigFromFlags(masterUrl string, kubeconfigPath string) (*restclient.Config, error) { -+ -+ return &restclient.Config{}, nil -+} -+ -+func fakeBuildConfigFromFlagsError(masterUrl string, kubeconfigPath string) (*restclient.Config, error) { -+ -+ errString := fmt.Sprintf("%s file not found", kubeconfigPath) -+ return nil, errors.New(errString) -+ -+} -+ -+func getFakeInfraPodNamespace(_ string) (*v1.Namespace, error) { -+ -+ return &v1.Namespace{ -+ ObjectMeta: metav1.ObjectMeta{ -+ Name: "test-namespace", -+ Labels: map[string]string{ -+ "app.starlingx.io/component": "platform", -+ }, -+ }}, nil -+} -+ -+func getFakeNonInfraPodNamespace(_ string) (*v1.Namespace, error) { -+ -+ return &v1.Namespace{ -+ ObjectMeta: metav1.ObjectMeta{ -+ Name: "test-namespace", -+ Labels: map[string]string{ -+ "fake": "label", -+ }}}, nil -+ -+} -+ -+type kubeInfraPodTestCase struct { -+ description string -+ pod *v1.Pod -+ namespaceFunc getPodNamespace -+ expectedValue bool -+} -+ -+func TestKubeInfraPod(t *testing.T) { -+ testCases := []kubeInfraPodTestCase{ -+ { -+ description: "Pod with platform label and namespace with platform label", -+ pod: makePodWithLabels(map[string]string{ -+ "app.starlingx.io/component": "platform", -+ }), -+ namespaceFunc: getFakeInfraPodNamespace, -+ expectedValue: true, -+ }, -+ { -+ description: "Pod with platform label and namespace without platform label", -+ pod: makePodWithLabels(map[string]string{ -+ "app.starlingx.io/component": "platform", -+ }), -+ namespaceFunc: getFakeNonInfraPodNamespace, -+ expectedValue: true, -+ -+ }, -+ { -+ description: "Pod without platform label and namespace with platform label", -+ pod: makePodWithLabels(map[string]string{ -+ "test": "label", -+ }), -+ namespaceFunc: getFakeInfraPodNamespace, -+ expectedValue: true, -+ }, -+ { -+ description: "Pod without platform label and namespace without platform label", -+ pod: makePodWithLabels(map[string]string{ -+ "test": "namespace", -+ }), -+ namespaceFunc: getFakeNonInfraPodNamespace, -+ expectedValue: false, -+ }, -+ -+ } -+ -+ for _, testCase := range testCases { -+ t.Run(testCase.description, func(t *testing.T) { -+ -+ varGetNamespaceObject = testCase.namespaceFunc -+ varBuildConfigFromFlags = fakeBuildConfigFromFlags -+ gotValue := isKubeInfra(testCase.pod) -+ -+ if gotValue != testCase.expectedValue { -+ t.Errorf("StaticPolicy isKubeInfraPod() error %v. expected value %v actual value %v", -+ testCase.description, testCase.expectedValue, gotValue) -+ } else { -+ fmt.Printf("StaticPolicy isKubeInfraPod() test successful. : %v ", testCase.description) -+ } -+ -+ }) -+ } -+ -+ test := kubeInfraPodTestCase{ -+ description: "Failure reading kubeconfig file", -+ pod: makePodWithLabels(map[string]string{ -+ "test": "namespace", -+ }), -+ namespaceFunc: getFakeNonInfraPodNamespace, -+ expectedValue: false, -+ } -+ -+ varGetNamespaceObject = getPodNamespaceObject -+ varBuildConfigFromFlags = fakeBuildConfigFromFlagsError -+ -+ gotValue := isKubeInfra(test.pod) -+ -+ if gotValue != test.expectedValue { -+ t.Errorf("StaticPolicy isKubeInfraPod() error %v. expected value %v actual value %v", -+ test.description, test.expectedValue, gotValue) -+ } else { -+ fmt.Printf("StaticPolicy isKubeInfraPod() test successful. : %v ", test.description) -+ } -+ -+} -diff --git a/pkg/kubelet/cm/cpumanager/topology_hints_test.go b/pkg/kubelet/cm/cpumanager/topology_hints_test.go -index 13455e53bd2..ad9840e3884 100644 ---- a/pkg/kubelet/cm/cpumanager/topology_hints_test.go -+++ b/pkg/kubelet/cm/cpumanager/topology_hints_test.go -@@ -145,6 +145,7 @@ func TestPodGuaranteedCPUs(t *testing.T) { - expectedCPU: 6, - }, - } -+ varIsKubeInfra = fakeIsKubeInfraFalse - for _, tc := range tcases { - requestedCPU := p.podGuaranteedCPUs(tc.pod) - -@@ -187,6 +188,7 @@ func TestGetTopologyHints(t *testing.T) { - sourcesReady: &sourcesReadyStub{}, - } - -+ varIsKubeInfra = fakeIsKubeInfraFalse - hints := m.GetTopologyHints(&tc.pod, &tc.container)[string(v1.ResourceCPU)] - if len(tc.expectedHints) == 0 && len(hints) == 0 { - continue -@@ -240,6 +242,7 @@ func TestGetPodTopologyHints(t *testing.T) { - sourcesReady: &sourcesReadyStub{}, - } - -+ varIsKubeInfra = fakeIsKubeInfraFalse - podHints := m.GetPodTopologyHints(&tc.pod)[string(v1.ResourceCPU)] - if len(tc.expectedHints) == 0 && len(podHints) == 0 { - continue -@@ -423,6 +426,7 @@ func TestGetPodTopologyHintsWithPolicyOptions(t *testing.T) { - sourcesReady: &sourcesReadyStub{}, - } - -+ varIsKubeInfra = fakeIsKubeInfraFalse - podHints := m.GetPodTopologyHints(&testCase.pod)[string(v1.ResourceCPU)] - sort.SliceStable(podHints, func(i, j int) bool { - return podHints[i].LessThan(podHints[j]) --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch b/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch deleted file mode 100644 index 66a48a4a5..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubeadm-create-platform-pods-with-zero-CPU-resources.patch +++ /dev/null @@ -1,170 +0,0 @@ -From 8f247610176a7984dbae718bdacdabdb8bbf6f4d Mon Sep 17 00:00:00 2001 -From: Saba Touheed Mujawar -Date: Tue, 28 Nov 2023 09:16:45 -0500 -Subject: [PATCH] kubeadm: create platform pods with zero CPU resources - -This specifies zero CPU resources when creating the manifests -for the static platform pods, as a workaround for the lack of -separate resource tracking for platform resources. - -This specifies zero CPU and Memory resources for the coredns -deployment. manifests.go is the main source file for this, -not sure if the coredns.yaml are used but they are updated to -be consistent. - -This specifies CPU limit of 1 for kube-apiserver pod so that it is -treated as a burstable QoS. This gives a boost of cgroup CPUShares -since the burstable cgroup parent has significantly more CPUShares -than best-effort on typical systems. This improves kube-apiserver -API responsiveness. - -This increases kube-apiserver Readiness probe periodSeconds to 10 -based on WRS/SS joint recommendation for minimum probe settings. -This reduces likelihood of kube-apiserver probe failure and -subsequent pod-restart under servere load. This also reduces CPU -demand. - -Signed-off-by: Daniel Safta -Signed-off-by: Saba Touheed Mujawar -Signed-off-by: Boovan Rajendran -Signed-off-by: Jim Gauld ---- - cluster/addons/dns/coredns/coredns.yaml.base | 4 ++-- - cluster/addons/dns/coredns/coredns.yaml.in | 4 ++-- - cluster/addons/dns/coredns/coredns.yaml.sed | 4 ++-- - cmd/kubeadm/app/phases/addons/dns/manifests.go | 4 ++-- - .../app/phases/controlplane/manifests.go | 8 +++++--- - cmd/kubeadm/app/util/staticpod/utils.go | 17 ++++++++++++++++- - 6 files changed, 29 insertions(+), 12 deletions(-) - -diff --git a/cluster/addons/dns/coredns/coredns.yaml.base b/cluster/addons/dns/coredns/coredns.yaml.base -index 69c0f456591..ae65353534e 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.base -+++ b/cluster/addons/dns/coredns/coredns.yaml.base -@@ -139,8 +139,8 @@ spec: - limits: - memory: __DNS__MEMORY__LIMIT__ - requests: -- cpu: 100m -- memory: 70Mi -+ cpu: 0 -+ memory: 0 - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume -diff --git a/cluster/addons/dns/coredns/coredns.yaml.in b/cluster/addons/dns/coredns/coredns.yaml.in -index 98edc4e1a54..4289e3828b3 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.in -+++ b/cluster/addons/dns/coredns/coredns.yaml.in -@@ -139,8 +139,8 @@ spec: - limits: - memory: 'dns_memory_limit' - requests: -- cpu: 100m -- memory: 70Mi -+ cpu: 0 -+ memory: 0 - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume -diff --git a/cluster/addons/dns/coredns/coredns.yaml.sed b/cluster/addons/dns/coredns/coredns.yaml.sed -index 021b35d0ba4..ce7ae4e2730 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.sed -+++ b/cluster/addons/dns/coredns/coredns.yaml.sed -@@ -139,8 +139,8 @@ spec: - limits: - memory: $DNS_MEMORY_LIMIT - requests: -- cpu: 100m -- memory: 70Mi -+ cpu: 0 -+ memory: 0 - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume -diff --git a/cmd/kubeadm/app/phases/addons/dns/manifests.go b/cmd/kubeadm/app/phases/addons/dns/manifests.go -index 931897b16e2..5c2b3c0daac 100644 ---- a/cmd/kubeadm/app/phases/addons/dns/manifests.go -+++ b/cmd/kubeadm/app/phases/addons/dns/manifests.go -@@ -104,8 +104,8 @@ spec: - limits: - memory: 170Mi - requests: -- cpu: 100m -- memory: 70Mi -+ cpu: 0 -+ memory: 0 - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume -diff --git a/cmd/kubeadm/app/phases/controlplane/manifests.go b/cmd/kubeadm/app/phases/controlplane/manifests.go -index baa8ab6a965..0e3a6b326af 100644 ---- a/cmd/kubeadm/app/phases/controlplane/manifests.go -+++ b/cmd/kubeadm/app/phases/controlplane/manifests.go -@@ -66,7 +66,9 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap - LivenessProbe: staticpodutil.LivenessProbe(staticpodutil.GetAPIServerProbeAddress(endpoint), "/livez", int(endpoint.BindPort), v1.URISchemeHTTPS), - ReadinessProbe: staticpodutil.ReadinessProbe(staticpodutil.GetAPIServerProbeAddress(endpoint), "/readyz", int(endpoint.BindPort), v1.URISchemeHTTPS), - StartupProbe: staticpodutil.StartupProbe(staticpodutil.GetAPIServerProbeAddress(endpoint), "/livez", int(endpoint.BindPort), v1.URISchemeHTTPS, cfg.APIServer.TimeoutForControlPlane), -- Resources: staticpodutil.ComponentResources("250m"), -+ // WRS: Increase kube-apiserver cgroup CPUShares to improve API responsiveness; -+ // achieved by setting CPU Limits to make it burstable QoS. -+ Resources: staticpodutil.ComponentLimitResources("0", "1"), - Env: kubeadmutil.MergeKubeadmEnvVars(proxyEnvs, cfg.APIServer.ExtraEnvs), - }, mounts.GetVolumes(kubeadmconstants.KubeAPIServer), - map[string]string{kubeadmconstants.KubeAPIServerAdvertiseAddressEndpointAnnotationKey: endpoint.String()}), -@@ -78,7 +80,7 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap - VolumeMounts: staticpodutil.VolumeMountMapToSlice(mounts.GetVolumeMounts(kubeadmconstants.KubeControllerManager)), - LivenessProbe: staticpodutil.LivenessProbe(staticpodutil.GetControllerManagerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeControllerManagerPort, v1.URISchemeHTTPS), - StartupProbe: staticpodutil.StartupProbe(staticpodutil.GetControllerManagerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeControllerManagerPort, v1.URISchemeHTTPS, cfg.APIServer.TimeoutForControlPlane), -- Resources: staticpodutil.ComponentResources("200m"), -+ Resources: staticpodutil.ComponentResources("0"), - Env: kubeadmutil.MergeKubeadmEnvVars(proxyEnvs, cfg.ControllerManager.ExtraEnvs), - }, mounts.GetVolumes(kubeadmconstants.KubeControllerManager), nil), - kubeadmconstants.KubeScheduler: staticpodutil.ComponentPod(v1.Container{ -@@ -89,7 +91,7 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap - VolumeMounts: staticpodutil.VolumeMountMapToSlice(mounts.GetVolumeMounts(kubeadmconstants.KubeScheduler)), - LivenessProbe: staticpodutil.LivenessProbe(staticpodutil.GetSchedulerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeSchedulerPort, v1.URISchemeHTTPS), - StartupProbe: staticpodutil.StartupProbe(staticpodutil.GetSchedulerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeSchedulerPort, v1.URISchemeHTTPS, cfg.APIServer.TimeoutForControlPlane), -- Resources: staticpodutil.ComponentResources("100m"), -+ Resources: staticpodutil.ComponentResources("0"), - Env: kubeadmutil.MergeKubeadmEnvVars(proxyEnvs, cfg.Scheduler.ExtraEnvs), - }, mounts.GetVolumes(kubeadmconstants.KubeScheduler), nil), - } -diff --git a/cmd/kubeadm/app/util/staticpod/utils.go b/cmd/kubeadm/app/util/staticpod/utils.go -index 4f74e7e84ed..73b300b4c0f 100644 ---- a/cmd/kubeadm/app/util/staticpod/utils.go -+++ b/cmd/kubeadm/app/util/staticpod/utils.go -@@ -98,6 +98,18 @@ func ComponentResources(cpu string) v1.ResourceRequirements { - } - } - -+// ComponentLimitResources returns the v1.ResourceRequirements object needed for allocating a specified amount of the CPU with Limits -+func ComponentLimitResources(cpu string, lcpu string) v1.ResourceRequirements { -+ return v1.ResourceRequirements{ -+ Requests: v1.ResourceList{ -+ v1.ResourceCPU: resource.MustParse(cpu), -+ }, -+ Limits: v1.ResourceList{ -+ v1.ResourceCPU: resource.MustParse(lcpu), -+ }, -+ } -+} -+ - // NewVolume creates a v1.Volume with a hostPath mount to the specified location - func NewVolume(name, path string, pathType *v1.HostPathType) v1.Volume { - return v1.Volume{ -@@ -251,7 +263,10 @@ func LivenessProbe(host, path string, port int, scheme v1.URIScheme) *v1.Probe { - func ReadinessProbe(host, path string, port int, scheme v1.URIScheme) *v1.Probe { - // sets initialDelaySeconds as '0' because we don't want to delay user infrastructure checks - // looking for "ready" status on kubeadm static Pods -- return createHTTPProbe(host, path, port, scheme, 0, 15, 3, 1) -+ // WRS/SS joint recommendation: All pods probes should have following minimum probe -+ // settings unless required by the service (initialDelaySecond 0, periodSeconds 10, -+ // timeoutSeconds 5, successThreshold 1, failureThreshold 3) -+ return createHTTPProbe(host, path, port, scheme, 0, 15, 3, 10) - } - - // StartupProbe creates a Probe object with a HTTPGet handler --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch b/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch deleted file mode 100644 index bc030acda..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubeadm-readiness-probe-timeout-core-dns.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 583589c3574ffd6e0376579316b30d2a2dcf82f8 Mon Sep 17 00:00:00 2001 -From: Ferdinando Terada -Date: Mon, 23 Dec 2024 17:53:09 -0300 -Subject: [PATCH] Adjust timeout for coredns readinessProbe - -The timeout value for the readinessProbe of CoreDNS was increased. -This adjustment was necessary to avoid issues during stress testing, -ensuring that the component can properly handle high-load situations -and prevent premature failure in readiness checks. ---- - cluster/addons/dns/coredns/coredns.yaml.base | 1 + - cluster/addons/dns/coredns/coredns.yaml.in | 1 + - cluster/addons/dns/coredns/coredns.yaml.sed | 1 + - cmd/kubeadm/app/phases/addons/dns/manifests.go | 1 + - 4 files changed, 4 insertions(+) - -diff --git a/cluster/addons/dns/coredns/coredns.yaml.base b/cluster/addons/dns/coredns/coredns.yaml.base -index 3a0fd7adb72..c8289f7c136 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.base -+++ b/cluster/addons/dns/coredns/coredns.yaml.base -@@ -170,6 +170,7 @@ spec: - path: /ready - port: 8181 - scheme: HTTP -+ timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: -diff --git a/cluster/addons/dns/coredns/coredns.yaml.in b/cluster/addons/dns/coredns/coredns.yaml.in -index 74b59584bc7..974c8337031 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.in -+++ b/cluster/addons/dns/coredns/coredns.yaml.in -@@ -170,6 +170,7 @@ spec: - path: /ready - port: 8181 - scheme: HTTP -+ timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: -diff --git a/cluster/addons/dns/coredns/coredns.yaml.sed b/cluster/addons/dns/coredns/coredns.yaml.sed -index 61afbecd9da..563a8980e07 100644 ---- a/cluster/addons/dns/coredns/coredns.yaml.sed -+++ b/cluster/addons/dns/coredns/coredns.yaml.sed -@@ -170,6 +170,7 @@ spec: - path: /ready - port: 8181 - scheme: HTTP -+ timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: -diff --git a/cmd/kubeadm/app/phases/addons/dns/manifests.go b/cmd/kubeadm/app/phases/addons/dns/manifests.go -index 2a2212d5d37..c0be57357e4 100644 ---- a/cmd/kubeadm/app/phases/addons/dns/manifests.go -+++ b/cmd/kubeadm/app/phases/addons/dns/manifests.go -@@ -135,6 +135,7 @@ spec: - path: /ready - port: 8181 - scheme: HTTP -+ timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: --- -2.34.1 - diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch b/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch deleted file mode 100644 index e5f9af6a9..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubeadm-reduce-UpgradeManifestTimeout.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 341756eb57cea280d96e74f56d02033402cee133 Mon Sep 17 00:00:00 2001 -From: Ramesh Kumar Sivanandam -Date: Fri, 15 Mar 2024 03:49:15 -0400 -Subject: [PATCH] kubeadm: reduce UpgradeManifestTimeout - -This modifies kubeadm UpgradeManifestTimeout from 5 minutes default -to 3 minutes to reduce the unnecessary delay in retries during -kubeadm-upgrade-apply failures. - -The typical control-plane upgrade of static pods is 75 to 85 seconds, -so 3 minutes gives adequate buffer to complete the operation. - -Signed-off-by: Ramesh Kumar Sivanandam ---- - cmd/kubeadm/app/phases/upgrade/staticpods.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cmd/kubeadm/app/phases/upgrade/staticpods.go b/cmd/kubeadm/app/phases/upgrade/staticpods.go -index 540c1549fff..b40bc76f0fc 100644 ---- a/cmd/kubeadm/app/phases/upgrade/staticpods.go -+++ b/cmd/kubeadm/app/phases/upgrade/staticpods.go -@@ -46,7 +46,7 @@ import ( - - const ( - // UpgradeManifestTimeout is timeout of upgrading the static pod manifest -- UpgradeManifestTimeout = 5 * time.Minute -+ UpgradeManifestTimeout = 3 * time.Minute - ) - - // StaticPodPathManager is responsible for tracking the directories used in the static pod upgrade transition --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch b/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch deleted file mode 100644 index fe3d60754..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch +++ /dev/null @@ -1,30 +0,0 @@ -From e2055fb98c3773562b45909f0dcbc32216f08f11 Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Mon, 4 Sep 2023 08:05:29 -0400 -Subject: [PATCH] kubelet CFS quota throttling for non integer cpulimit - -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/internal_container_lifecycle_linux.go | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/pkg/kubelet/cm/internal_container_lifecycle_linux.go b/pkg/kubelet/cm/internal_container_lifecycle_linux.go -index a99d01f8884..e5e25cd56de 100644 ---- a/pkg/kubelet/cm/internal_container_lifecycle_linux.go -+++ b/pkg/kubelet/cm/internal_container_lifecycle_linux.go -@@ -39,7 +39,11 @@ func (i *internalContainerLifecycleImpl) PreCreateContainer(pod *v1.Pod, contain - // Disable cgroup CFS throttle at the container level. - // /sys/fs/cgroup/cpu/k8s-infra/kubepods///cpu.cfs_quota_us - // /sys/fs/cgroup/cpu/k8s-infra/kubepods///cpu.cfs_period_us -- if i.cpuManager.GetCPUPolicy() == "static" && v1qos.GetPodQOS(pod) == v1.PodQOSGuaranteed { -+ // We can only set CpuQuota to -1 if we're allocating the entire CPU. -+ // For fractional CPUs the CpuQuota is needed to enforce the limit. -+ cpuQuantity := container.Resources.Requests[v1.ResourceCPU] -+ fractionalCpuQuantity := cpuQuantity.MilliValue()%1000 -+ if i.cpuManager.GetCPUPolicy() == "static" && v1qos.GetPodQOS(pod) == v1.PodQOSGuaranteed && fractionalCpuQuantity == 0 { - containerConfig.Linux.Resources.CpuPeriod = int64(100000) - containerConfig.Linux.Resources.CpuQuota = int64(-1) - } --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch b/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch deleted file mode 100644 index 28c81d5ef..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-cpumanager-disable-CFS-quota-throttling.patch +++ /dev/null @@ -1,256 +0,0 @@ -From 752e3e88d162aada55282aea7544e458e610c947 Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Wed, 30 Aug 2023 06:01:30 -0400 -Subject: [PATCH] kubelet cpumanager disable CFS quota throttling - -This disables CFS CPU quota to avoid performance degradation due to -Linux kernel CFS quota implementation. Note that 4.18 kernel attempts -to solve the CFS throttling problem, but there are reports that it is -not completely effective. - -This disables CFS quota throttling for Guaranteed pods for both -parent and container cgroups by writing -1 to cgroup cpu.cfs_quota_us. -Disabling has a dramatic latency improvement for HTTP response times. - -This patch is refactored in 1.22.5 due to new internal_container_lifecycle -framework. We leverage the same mechanism to set Linux resources as: -cpu manager: specify the container CPU set during the creation - -Co-authored-by: Jim Gauld -Signed-off-by: Sachin Gopala Krishna -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/cpumanager/cpu_manager.go | 7 +++ - pkg/kubelet/cm/cpumanager/fake_cpu_manager.go | 10 ++++- - pkg/kubelet/cm/helpers_linux.go | 10 +++++ - pkg/kubelet/cm/helpers_linux_test.go | 43 ++++++++++--------- - .../cm/internal_container_lifecycle_linux.go | 9 ++++ - 5 files changed, 57 insertions(+), 22 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager.go b/pkg/kubelet/cm/cpumanager/cpu_manager.go -index 8b5049d7d74..1d8901f4b36 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager.go -@@ -73,6 +73,9 @@ type Manager interface { - // State returns a read-only interface to the internal CPU manager state. - State() state.Reader - -+ // GetCPUPolicy returns the assigned CPU manager policy -+ GetCPUPolicy() string -+ - // GetTopologyHints implements the topologymanager.HintProvider Interface - // and is consulted to achieve NUMA aware resource alignment among this - // and other resource controllers. -@@ -315,6 +318,10 @@ func (m *manager) State() state.Reader { - return m.state - } - -+func (m *manager) GetCPUPolicy() string { -+ return m.policy.Name() -+} -+ - func (m *manager) GetTopologyHints(pod *v1.Pod, container *v1.Container) map[string][]topologymanager.TopologyHint { - // The pod is during the admission phase. We need to save the pod to avoid it - // being cleaned before the admission ended -diff --git a/pkg/kubelet/cm/cpumanager/fake_cpu_manager.go b/pkg/kubelet/cm/cpumanager/fake_cpu_manager.go -index 4a03f3dd23f..b36fb0da3b4 100644 ---- a/pkg/kubelet/cm/cpumanager/fake_cpu_manager.go -+++ b/pkg/kubelet/cm/cpumanager/fake_cpu_manager.go -@@ -28,7 +28,8 @@ import ( - ) - - type fakeManager struct { -- state state.State -+ policy Policy -+ state state.State - } - - func (m *fakeManager) Start(activePods ActivePodsFunc, sourcesReady config.SourcesReady, podStatusProvider status.PodStatusProvider, containerRuntime runtimeService, initialContainers containermap.ContainerMap) error { -@@ -70,6 +71,10 @@ func (m *fakeManager) State() state.Reader { - return m.state - } - -+func (m *fakeManager) GetCPUPolicy() string { -+ return m.policy.Name() -+} -+ - func (m *fakeManager) GetExclusiveCPUs(podUID, containerName string) cpuset.CPUSet { - klog.InfoS("GetExclusiveCPUs", "podUID", podUID, "containerName", containerName) - return cpuset.CPUSet{} -@@ -88,6 +93,7 @@ func (m *fakeManager) GetCPUAffinity(podUID, containerName string) cpuset.CPUSet - // NewFakeManager creates empty/fake cpu manager - func NewFakeManager() Manager { - return &fakeManager{ -- state: state.NewMemoryState(), -+ policy: &nonePolicy{}, -+ state: state.NewMemoryState(), - } - } -diff --git a/pkg/kubelet/cm/helpers_linux.go b/pkg/kubelet/cm/helpers_linux.go -index 8a144e7a73c..008b955ee98 100644 ---- a/pkg/kubelet/cm/helpers_linux.go -+++ b/pkg/kubelet/cm/helpers_linux.go -@@ -170,6 +170,16 @@ func ResourceConfigForPod(pod *v1.Pod, enforceCPULimits bool, cpuPeriod uint64, - // build the result - result := &ResourceConfig{} - if qosClass == v1.PodQOSGuaranteed { -+ // Disable CFS CPU quota to avoid performance degradation due to -+ // Linux kernel CFS throttle implementation. -+ // NOTE: 4.18 kernel attempts to solve CFS throttling problem, -+ // but there are reports that it is not completely effective. -+ // This will configure cgroup CFS parameters at pod level: -+ // /sys/fs/cgroup/cpu/k8s-infra/kubepods//cpu.cfs_quota_us -+ // /sys/fs/cgroup/cpu/k8s-infra/kubepods//cpu.cfs_period_us -+ cpuQuota = int64(-1) -+ cpuPeriod = uint64(100000) -+ - result.CPUShares = &cpuShares - result.CPUQuota = &cpuQuota - result.CPUPeriod = &cpuPeriod -diff --git a/pkg/kubelet/cm/helpers_linux_test.go b/pkg/kubelet/cm/helpers_linux_test.go -index fba41fd49be..60609394659 100644 ---- a/pkg/kubelet/cm/helpers_linux_test.go -+++ b/pkg/kubelet/cm/helpers_linux_test.go -@@ -64,8 +64,9 @@ func TestResourceConfigForPod(t *testing.T) { - burstablePartialShares := MilliCPUToShares(200) - burstableQuota := MilliCPUToQuota(200, int64(defaultQuotaPeriod)) - guaranteedShares := MilliCPUToShares(100) -- guaranteedQuota := MilliCPUToQuota(100, int64(defaultQuotaPeriod)) -- guaranteedTunedQuota := MilliCPUToQuota(100, int64(tunedQuotaPeriod)) -+ guaranteedQuotaPeriod := uint64(100000) -+ guaranteedQuota := int64(-1) -+ guaranteedTunedQuota := int64(-1) - memoryQuantity = resource.MustParse("100Mi") - cpuNoLimit := int64(-1) - guaranteedMemory := memoryQuantity.Value() -@@ -204,8 +205,8 @@ func TestResourceConfigForPod(t *testing.T) { - }, - }, - enforceCPULimits: true, -- quotaPeriod: defaultQuotaPeriod, -- expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &guaranteedQuota, CPUPeriod: &defaultQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &guaranteedQuota, CPUPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-no-cpu-enforcement": { - pod: &v1.Pod{ -@@ -218,8 +219,8 @@ func TestResourceConfigForPod(t *testing.T) { - }, - }, - enforceCPULimits: false, -- quotaPeriod: defaultQuotaPeriod, -- expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &cpuNoLimit, CPUPeriod: &defaultQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &cpuNoLimit, CPUPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-with-tuned-quota": { - pod: &v1.Pod{ -@@ -232,8 +233,8 @@ func TestResourceConfigForPod(t *testing.T) { - }, - }, - enforceCPULimits: true, -- quotaPeriod: tunedQuotaPeriod, -- expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &guaranteedTunedQuota, CPUPeriod: &tunedQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &guaranteedTunedQuota, CPUPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-no-cpu-enforcement-with-tuned-quota": { - pod: &v1.Pod{ -@@ -246,8 +247,8 @@ func TestResourceConfigForPod(t *testing.T) { - }, - }, - enforceCPULimits: false, -- quotaPeriod: tunedQuotaPeriod, -- expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &cpuNoLimit, CPUPeriod: &tunedQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &cpuNoLimit, CPUPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "burstable-partial-limits-with-init-containers": { - pod: &v1.Pod{ -@@ -309,8 +310,10 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - burstablePartialShares := MilliCPUToShares(200) - burstableQuota := MilliCPUToQuota(200, int64(defaultQuotaPeriod)) - guaranteedShares := MilliCPUToShares(100) -- guaranteedQuota := MilliCPUToQuota(100, int64(defaultQuotaPeriod)) -- guaranteedTunedQuota := MilliCPUToQuota(100, int64(tunedQuotaPeriod)) -+ guaranteedQuotaPeriod := uint64(100000) -+ guaranteedQuota := int64(-1) -+ guaranteedTunedQuota := int64(-1) -+ - memoryQuantity = resource.MustParse("100Mi") - cpuNoLimit := int64(-1) - guaranteedMemory := memoryQuantity.Value() -@@ -449,8 +452,8 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - }, - }, - enforceCPULimits: true, -- quotaPeriod: defaultQuotaPeriod, -- expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &guaranteedQuota, CPUPeriod: &defaultQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &guaranteedQuota, CPUPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-no-cpu-enforcement": { - pod: &v1.Pod{ -@@ -463,8 +466,8 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - }, - }, - enforceCPULimits: false, -- quotaPeriod: defaultQuotaPeriod, -- expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &cpuNoLimit, CPUPeriod: &defaultQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &cpuNoLimit, CPUPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-with-tuned-quota": { - pod: &v1.Pod{ -@@ -477,8 +480,8 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - }, - }, - enforceCPULimits: true, -- quotaPeriod: tunedQuotaPeriod, -- expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &guaranteedTunedQuota, CPUPeriod: &tunedQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &guaranteedTunedQuota, CPUPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - "guaranteed-no-cpu-enforcement-with-tuned-quota": { - pod: &v1.Pod{ -@@ -491,8 +494,8 @@ func TestResourceConfigForPodWithCustomCPUCFSQuotaPeriod(t *testing.T) { - }, - }, - enforceCPULimits: false, -- quotaPeriod: tunedQuotaPeriod, -- expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &cpuNoLimit, CPUPeriod: &tunedQuotaPeriod, Memory: &guaranteedMemory}, -+ quotaPeriod: guaranteedQuotaPeriod, -+ expected: &ResourceConfig{CPUShares: &guaranteedShares, CPUQuota: &cpuNoLimit, CPUPeriod: &guaranteedQuotaPeriod, Memory: &guaranteedMemory}, - }, - } - -diff --git a/pkg/kubelet/cm/internal_container_lifecycle_linux.go b/pkg/kubelet/cm/internal_container_lifecycle_linux.go -index cb7c0cfa543..a99d01f8884 100644 ---- a/pkg/kubelet/cm/internal_container_lifecycle_linux.go -+++ b/pkg/kubelet/cm/internal_container_lifecycle_linux.go -@@ -25,6 +25,7 @@ import ( - - "k8s.io/api/core/v1" - runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1" -+ v1qos "k8s.io/kubernetes/pkg/apis/core/v1/helper/qos" - ) - - func (i *internalContainerLifecycleImpl) PreCreateContainer(pod *v1.Pod, container *v1.Container, containerConfig *runtimeapi.ContainerConfig) error { -@@ -35,6 +36,14 @@ func (i *internalContainerLifecycleImpl) PreCreateContainer(pod *v1.Pod, contain - } - } - -+ // Disable cgroup CFS throttle at the container level. -+ // /sys/fs/cgroup/cpu/k8s-infra/kubepods///cpu.cfs_quota_us -+ // /sys/fs/cgroup/cpu/k8s-infra/kubepods///cpu.cfs_period_us -+ if i.cpuManager.GetCPUPolicy() == "static" && v1qos.GetPodQOS(pod) == v1.PodQOSGuaranteed { -+ containerConfig.Linux.Resources.CpuPeriod = int64(100000) -+ containerConfig.Linux.Resources.CpuQuota = int64(-1) -+ } -+ - if i.memoryManager != nil { - numaNodes := i.memoryManager.GetMemoryNUMANodes(pod, container) - if numaNodes.Len() > 0 { --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch b/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch deleted file mode 100644 index 760364e5b..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch +++ /dev/null @@ -1,167 +0,0 @@ -From 000e637a3298cf488f3d9dc144ab835ce7e93068 Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Tue, 5 Sep 2023 06:27:39 -0400 -Subject: [PATCH] kubelet cpumanager infra pods use system reserved CPUs - -This assigns system infrastructure pods to the "reserved" cpuset -to isolate them from the shared pool of CPUs. - -Infrastructure pods include any pods that belong to the kube-system, -armada, cert-manager, vault, platform-deployment-manager, portieris, -notification, flux-helm or metrics-server namespaces. - -The implementation is a bit simplistic, it is assumed that the -"reserved" cpuset is large enough to handle all infrastructure pods -CPU allocations. - -This also prevents infrastucture pods from using Guaranteed resources. - -Co-authored-by: Jim Gauld -Signed-off-by: Gleb Aronsky -Signed-off-by: Thiago Miranda -Signed-off-by: Kaustubh Dhokte -Signed-off-by: Ramesh Kumar Sivanandam -Signed-off-by: Sachin Gopala Krishna -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/cpumanager/policy_static.go | 50 ++++++++++++++++--- - .../cm/cpumanager/policy_static_test.go | 19 ++++++- - 2 files changed, 62 insertions(+), 7 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index 895c707600d..9b7545c2207 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -62,6 +62,11 @@ func (e SMTAlignmentError) Type() string { - return ErrorSMTAlignment - } - -+// Define namespaces used by platform infrastructure pods -+var infraNamespaces = [...]string{ -+ "kube-system", "armada", "cert-manager", "platform-deployment-manager", "portieris", "vault", "notification", "flux-helm", "metrics-server", -+} -+ - // staticPolicy is a CPU manager policy that does not change CPU - // assignments for exclusively pinned guaranteed containers after the main - // container process starts. -@@ -140,11 +145,11 @@ func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reserv - klog.InfoS("Static policy created with configuration", "options", opts) - - policy := &staticPolicy{ -- topology: topology, -- affinity: affinity, -+ topology: topology, -+ affinity: affinity, - excludeReserved: excludeReserved, -- cpusToReuse: make(map[string]cpuset.CPUSet), -- options: opts, -+ cpusToReuse: make(map[string]cpuset.CPUSet), -+ options: opts, - } - - allCPUs := topology.CPUDetails.CPUs() -@@ -222,8 +227,8 @@ func (p *staticPolicy) validateState(s state.State) error { - // - user tampered with file - if !p.excludeReserved { - if !p.reservedCPUs.Intersection(tmpDefaultCPUset).Equals(p.reservedCPUs) { -- return fmt.Errorf("not all reserved cpus: \"%s\" are present in defaultCpuSet: \"%s\"", -- p.reservedCPUs.String(), tmpDefaultCPUset.String()) -+ return fmt.Errorf("not all reserved cpus: \"%s\" are present in defaultCpuSet: \"%s\"", -+ p.reservedCPUs.String(), tmpDefaultCPUset.String()) - } - } - // 2. Check if state for static policy is consistent -@@ -302,6 +307,25 @@ func (p *staticPolicy) updateCPUsToReuse(pod *v1.Pod, container *v1.Container, c - } - - func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Container) (rerr error) { -+ // Process infra pods before guaranteed pods -+ if isKubeInfra(pod) { -+ // Container belongs in reserved pool. -+ // We don't want to fall through to the p.guaranteedCPUs() clause below so return either nil or error. -+ if _, ok := s.GetCPUSet(string(pod.UID), container.Name); ok { -+ klog.Infof("[cpumanager] static policy: reserved container already present in state, skipping (namespace: %s, pod UID: %s, pod: %s, container: %s)", pod.Namespace, string(pod.UID), pod.Name, container.Name) -+ return nil -+ } -+ -+ cpuset := p.reservedCPUs -+ if cpuset.IsEmpty() { -+ // If this happens then someone messed up. -+ return fmt.Errorf("[cpumanager] static policy: reserved container unable to allocate cpus (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v, reserved:%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset, p.reservedCPUs) -+ } -+ s.SetCPUSet(string(pod.UID), container.Name, cpuset) -+ klog.Infof("[cpumanager] static policy: reserved: AddContainer (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset) -+ return nil -+ } -+ - numCPUs := p.guaranteedCPUs(pod, container) - if numCPUs == 0 { - // container belongs in the shared pool (nothing to do; use default cpuset) -@@ -453,6 +477,10 @@ func (p *staticPolicy) guaranteedCPUs(pod *v1.Pod, container *v1.Container) int - if cpuQuantity.Value()*1000 != cpuQuantity.MilliValue() { - return 0 - } -+ // Infrastructure pods use reserved CPUs even if they're in the Guaranteed QoS class -+ if isKubeInfra(pod) { -+ return 0 -+ } - // Safe downcast to do for all systems with < 2.1 billion CPUs. - // Per the language spec, `int` is guaranteed to be at least 32 bits wide. - // https://golang.org/ref/spec#Numeric_types -@@ -671,6 +699,16 @@ func (p *staticPolicy) generateCPUTopologyHints(availableCPUs cpuset.CPUSet, reu - return hints - } - -+// check if a given pod is in a platform infrastructure namespace -+func isKubeInfra(pod *v1.Pod) bool { -+ for _, namespace := range infraNamespaces { -+ if namespace == pod.Namespace { -+ return true -+ } -+ } -+ return false -+} -+ - // isHintSocketAligned function return true if numa nodes in hint are socket aligned. - func (p *staticPolicy) isHintSocketAligned(hint topologymanager.TopologyHint, minAffinitySize int) bool { - numaNodesBitMask := hint.NUMANodeAffinity.GetBits() -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index deb2f4c7982..b864c6c57c6 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -988,7 +988,8 @@ func TestStaticPolicyStartWithResvList(t *testing.T) { - } - - func TestStaticPolicyAddWithResvList(t *testing.T) { -- -+ infraPod := makePod("fakePod", "fakeContainer2", "200m", "200m") -+ infraPod.Namespace = "kube-system" - testCases := []staticPolicyTestWithResvList{ - { - description: "GuPodSingleCore, SingleSocketHT, ExpectError", -@@ -1030,6 +1031,22 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - expCPUAlloc: true, - expCSet: cpuset.New(4, 5), - }, -+ { -+ description: "InfraPod, SingleSocketHT, ExpectAllocReserved", -+ topo: topoSingleSocketHT, -+ numReservedCPUs: 2, -+ reserved: cpuset.New(0, 1), -+ stAssignments: state.ContainerCPUAssignments{ -+ "fakePod": map[string]cpuset.CPUSet{ -+ "fakeContainer100": cpuset.New(2, 3, 6, 7), -+ }, -+ }, -+ stDefaultCPUSet: cpuset.New(4, 5), -+ pod: infraPod, -+ expErr: nil, -+ expCPUAlloc: true, -+ expCSet: cpuset.New(0, 1), -+ }, - } - - testExcl := true --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch b/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch deleted file mode 100644 index 675d624dd..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch +++ /dev/null @@ -1,755 +0,0 @@ -From 856dfbe0960418618262998ebce65d0ae070c1bb Mon Sep 17 00:00:00 2001 -From: Saba Touheed Mujawar -Date: Fri, 1 Dec 2023 07:42:14 -0500 -Subject: [PATCH] kubelet cpumanager introduce concept of isolated CPUs - -This introduces the concept of "isolated CPUs", which are CPUs that -have been isolated at the kernel level via the "isolcpus" kernel boot -parameter. - -When starting the kubelet process, two separate sets of reserved CPUs -may be specified. With this change CPUs reserved via -'--system-reserved=cpu' will be used for infrastructure pods while the -isolated CPUs should be reserved via '--kube-reserved=cpu' to cause -kubelet to skip over them for "normal" CPU resource tracking. The -kubelet code will double-check that the specified isolated CPUs match -what the kernel exposes in "/sys/devices/system/cpu/isolated". - -A plugin (outside the scope of this commit) will expose the isolated -CPUs to kubelet via the device plugin API. - -If a pod specifies some number of "isolcpus" resources, the device -manager will allocate them. In this code we check whether such -resources have been allocated, and if so we set the container cpuset to -the isolated CPUs. This does mean that it really only makes sense to -specify "isolcpus" resources for best-effort or burstable pods, not for -guaranteed ones since that would throw off the accounting code. In -order to ensure the accounting still works as designed, if "isolcpus" -are specified for guaranteed pods, the affinity will be set to the -non-isolated CPUs. - -This patch was refactored in 1.21.3 due to upstream API change -node: podresources: make GetDevices() consistent -(commit ad68f9588c72d6477b5a290c548a9031063ac659). - -The routine podIsolCPUs() was refactored in 1.21.3 since the API -p.deviceManager.GetDevices() is returning multiple devices with -a device per cpu. The resultant cpuset needs to be the aggregate. - -The routine NewStaticPolicy was refactored in 1.22.5, adding a new argument -in its signature: cpuPolicyOptions map[string]string. This change is implies -shifting the new arguments(deviceManager, excludeReserved) with one position -to the right. - -Co-authored-by: Jim Gauld -Co-authored-by: Chris Friesen -Signed-off-by: Gleb Aronsky -Signed-off-by: Ramesh Kumar Sivanandam -Signed-off-by: Sachin Gopala Krishna -Signed-off-by: Boovan Rajendran -Signed-off-by: Saba Touheed Mujawar ---- - pkg/kubelet/cm/container_manager_linux.go | 1 + - pkg/kubelet/cm/cpumanager/cpu_manager.go | 35 +++++- - pkg/kubelet/cm/cpumanager/cpu_manager_test.go | 23 +++- - pkg/kubelet/cm/cpumanager/policy_static.go | 83 ++++++++++++- - .../cm/cpumanager/policy_static_test.go | 53 +++++++-- - pkg/kubelet/cm/devicemanager/manager_stub.go | 110 ++++++++++++++++++ - 6 files changed, 284 insertions(+), 21 deletions(-) - create mode 100644 pkg/kubelet/cm/devicemanager/manager_stub.go - -diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go -index 18001ed61f6..927310f0d92 100644 ---- a/pkg/kubelet/cm/container_manager_linux.go -+++ b/pkg/kubelet/cm/container_manager_linux.go -@@ -324,6 +324,7 @@ func NewContainerManager(mountUtil mount.Interface, cadvisorInterface cadvisor.I - cm.GetNodeAllocatableReservation(), - nodeConfig.KubeletRootDir, - cm.topologyManager, -+ cm.deviceManager, - ) - if err != nil { - klog.ErrorS(err, "Failed to initialize cpu manager") -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager.go b/pkg/kubelet/cm/cpumanager/cpu_manager.go -index 29458efb05c..396d9358a04 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager.go -@@ -19,7 +19,9 @@ package cpumanager - import ( - "context" - "fmt" -+ "os" - "math" -+ "strings" - "sync" - "time" - -@@ -32,6 +34,7 @@ import ( - "k8s.io/kubernetes/pkg/kubelet/cm/containermap" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" -+ "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - "k8s.io/kubernetes/pkg/kubelet/config" - kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" -@@ -51,6 +54,25 @@ type policyName string - // cpuManagerStateFileName is the file name where cpu manager stores its state - const cpuManagerStateFileName = "cpu_manager_state" - -+// get the system-level isolated CPUs -+func getIsolcpus() cpuset.CPUSet { -+ dat, err := os.ReadFile("/sys/devices/system/cpu/isolated") -+ if err != nil { -+ klog.Errorf("[cpumanager] unable to read sysfs isolcpus subdir") -+ return cpuset.New() -+ } -+ -+ // The isolated cpus string ends in a newline -+ cpustring := strings.TrimSuffix(string(dat), "\n") -+ cset, err := cpuset.Parse(cpustring) -+ if err != nil { -+ klog.Errorf("[cpumanager] unable to parse sysfs isolcpus string to cpuset") -+ return cpuset.New() -+ } -+ -+ return cset -+} -+ - // Manager interface provides methods for Kubelet to manage pod cpus. - type Manager interface { - // Start is called during Kubelet initialization. -@@ -154,7 +176,8 @@ func (s *sourcesReadyStub) AddSource(source string) {} - func (s *sourcesReadyStub) AllReady() bool { return true } - - // NewManager creates new cpu manager based on provided policy --func NewManager(cpuPolicyName string, cpuPolicyOptions map[string]string, reconcilePeriod time.Duration, machineInfo *cadvisorapi.MachineInfo, specificCPUs cpuset.CPUSet, nodeAllocatableReservation v1.ResourceList, stateFileDirectory string, affinity topologymanager.Store) (Manager, error) { -+func NewManager(cpuPolicyName string, cpuPolicyOptions map[string]string, reconcilePeriod time.Duration, machineInfo *cadvisorapi.MachineInfo, specificCPUs cpuset.CPUSet, nodeAllocatableReservation v1.ResourceList, stateFileDirectory string, affinity topologymanager.Store, deviceManager devicemanager.Manager) (Manager, error) { -+ - var topo *topology.CPUTopology - var policy Policy - var err error -@@ -195,7 +218,15 @@ func NewManager(cpuPolicyName string, cpuPolicyOptions map[string]string, reconc - // NOTE: Set excludeReserved unconditionally to exclude reserved CPUs from default cpuset. - // This variable is primarily to make testing easier. - excludeReserved := true -- policy, err = NewStaticPolicy(topo, numReservedCPUs, specificCPUs, affinity, cpuPolicyOptions, excludeReserved) -+ -+ // isolCPUs is the set of kernel-isolated CPUs. They should be a subset of specificCPUs or -+ // of the CPUs that NewStaticPolicy() will pick if numReservedCPUs is set. It's only in the -+ // argument list here for ease of testing, it's really internal to the policy. -+ isolCPUs := getIsolcpus() -+ policy, err = NewStaticPolicy(topo, numReservedCPUs, specificCPUs, isolCPUs, affinity, cpuPolicyOptions, deviceManager, excludeReserved) -+ if err != nil { -+ return nil, fmt.Errorf("new static policy error: %v", err) -+ } - - if err != nil { - return nil, fmt.Errorf("new static policy error: %w", err) -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -index daecd35f67b..2298cc037fe 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -@@ -36,6 +36,7 @@ import ( - "k8s.io/kubernetes/pkg/kubelet/cm/containermap" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" -+ "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - "k8s.io/utils/cpuset" - ) -@@ -215,6 +216,7 @@ func makeMultiContainerPod(initCPUs, appCPUs []struct{ request, limit string }) - } - - func TestCPUManagerAdd(t *testing.T) { -+ testDM, _ := devicemanager.NewManagerStub() - testExcl := false - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ -@@ -230,8 +232,10 @@ func TestCPUManagerAdd(t *testing.T) { - }, - 0, - cpuset.New(), -+ cpuset.New(), - topologymanager.NewFakeManager(), - nil, -+ testDM, - testExcl) - testCases := []struct { - description string -@@ -482,8 +486,9 @@ func TestCPUManagerAddWithInitContainers(t *testing.T) { - } - - testExcl := false -+ testDM, _ := devicemanager.NewManagerStub() - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil, testExcl) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), cpuset.New(), topologymanager.NewFakeManager(), nil, testDM, testExcl) - - mockState := &mockState{ - assignments: testCase.stAssignments, -@@ -638,7 +643,9 @@ func TestCPUManagerGenerate(t *testing.T) { - } - defer os.RemoveAll(sDir) - -- mgr, err := NewManager(testCase.cpuPolicyName, nil, 5*time.Second, machineInfo, cpuset.New(), testCase.nodeAllocatableReservation, sDir, topologymanager.NewFakeManager()) -+ testDM, err := devicemanager.NewManagerStub() -+ mgr, err := NewManager(testCase.cpuPolicyName, nil, 5*time.Second, machineInfo, cpuset.New(), testCase.nodeAllocatableReservation, sDir, topologymanager.NewFakeManager(), testDM) -+ - if testCase.expectedError != nil { - if !strings.Contains(err.Error(), testCase.expectedError.Error()) { - t.Errorf("Unexpected error message. Have: %s wants %s", err.Error(), testCase.expectedError.Error()) -@@ -709,6 +716,7 @@ func TestCPUManagerRemove(t *testing.T) { - - func TestReconcileState(t *testing.T) { - testExcl := false -+ testDM, _ := devicemanager.NewManagerStub() - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 8, -@@ -727,8 +735,10 @@ func TestReconcileState(t *testing.T) { - }, - 0, - cpuset.New(), -+ cpuset.New(), - topologymanager.NewFakeManager(), - nil, -+ testDM, - testExcl) - - testCases := []struct { -@@ -1234,6 +1244,7 @@ func TestReconcileState(t *testing.T) { - // the following tests are with --reserved-cpus configured - func TestCPUManagerAddWithResvList(t *testing.T) { - testExcl := false -+ testDM, _ := devicemanager.NewManagerStub() - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 4, -@@ -1248,8 +1259,10 @@ func TestCPUManagerAddWithResvList(t *testing.T) { - }, - 1, - cpuset.New(0), -+ cpuset.New(), - topologymanager.NewFakeManager(), - nil, -+ testDM, - testExcl) - testCases := []struct { - description string -@@ -1362,7 +1375,8 @@ func TestCPUManagerHandlePolicyOptions(t *testing.T) { - } - defer os.RemoveAll(sDir) - -- _, err = NewManager(testCase.cpuPolicyName, testCase.cpuPolicyOptions, 5*time.Second, machineInfo, cpuset.New(), nodeAllocatableReservation, sDir, topologymanager.NewFakeManager()) -+ testDM, err := devicemanager.NewManagerStub() -+ _, err = NewManager(testCase.cpuPolicyName, testCase.cpuPolicyOptions, 5*time.Second, machineInfo, cpuset.New(), nodeAllocatableReservation, sDir, topologymanager.NewFakeManager(), testDM) - if err == nil { - t.Errorf("Expected error, but NewManager succeeded") - } -@@ -1376,6 +1390,7 @@ func TestCPUManagerHandlePolicyOptions(t *testing.T) { - - func TestCPUManagerGetAllocatableCPUs(t *testing.T) { - testExcl := false -+ testDm, _ := devicemanager.NewManagerStub() - nonePolicy, _ := NewNonePolicy(nil) - staticPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ -@@ -1391,8 +1406,10 @@ func TestCPUManagerGetAllocatableCPUs(t *testing.T) { - }, - 1, - cpuset.New(0), -+ cpuset.New(), - topologymanager.NewFakeManager(), - nil, -+ testDm, - testExcl) - - testCases := []struct { -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index 9b7545c2207..e9a2defd848 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -18,6 +18,7 @@ package cpumanager - - import ( - "fmt" -+ "strconv" - - v1 "k8s.io/api/core/v1" - utilfeature "k8s.io/apiserver/pkg/util/feature" -@@ -27,6 +28,7 @@ import ( - "k8s.io/kubernetes/pkg/features" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" -+ "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager/bitmask" - "k8s.io/kubernetes/pkg/kubelet/metrics" -@@ -110,6 +112,10 @@ type staticPolicy struct { - topology *topology.CPUTopology - // set of CPUs that is not available for exclusive assignment - reservedCPUs cpuset.CPUSet -+ // subset of reserved CPUs with isolcpus attribute -+ isolcpus cpuset.CPUSet -+ // parent containerManager, used to get device list -+ deviceManager devicemanager.Manager - // If true, default CPUSet should exclude reserved CPUs - excludeReserved bool - // Superset of reservedCPUs. It includes not just the reservedCPUs themselves, -@@ -132,7 +138,8 @@ var _ Policy = &staticPolicy{} - // NewStaticPolicy returns a CPU manager policy that does not change CPU - // assignments for exclusively pinned guaranteed containers after the main - // container process starts. --func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reservedCPUs cpuset.CPUSet, affinity topologymanager.Store, cpuPolicyOptions map[string]string, excludeReserved bool) (Policy, error) { -+func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reservedCPUs cpuset.CPUSet, isolCPUs cpuset.CPUSet, affinity topologymanager.Store, cpuPolicyOptions map[string]string, deviceManager devicemanager.Manager, excludeReserved bool) (Policy, error) { -+ - opts, err := NewStaticPolicyOptions(cpuPolicyOptions) - if err != nil { - return nil, err -@@ -147,6 +154,8 @@ func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reserv - policy := &staticPolicy{ - topology: topology, - affinity: affinity, -+ isolcpus: isolCPUs, -+ deviceManager: deviceManager, - excludeReserved: excludeReserved, - cpusToReuse: make(map[string]cpuset.CPUSet), - options: opts, -@@ -183,6 +192,12 @@ func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reserv - policy.reservedCPUs = reserved - policy.reservedPhysicalCPUs = reservedPhysicalCPUs - -+ if !isolCPUs.IsSubsetOf(reserved) { -+ klog.Errorf("[cpumanager] isolCPUs %v is not a subset of reserved %v", isolCPUs, reserved) -+ reserved = reserved.Union(isolCPUs) -+ klog.Warningf("[cpumanager] mismatch isolCPUs %v, force reserved %v", isolCPUs, reserved) -+ } -+ - return policy, nil - } - -@@ -216,8 +231,9 @@ func (p *staticPolicy) validateState(s state.State) error { - } else { - s.SetDefaultCPUSet(allCPUs) - } -- klog.Infof("[cpumanager] static policy: CPUSet: allCPUs:%v, reserved:%v, default:%v\n", -- allCPUs, p.reservedCPUs, s.GetDefaultCPUSet()) -+ klog.Infof("[cpumanager] static policy: CPUSet: allCPUs:%v, reserved:%v, isolcpus:%v, default:%v\n", -+ allCPUs, p.reservedCPUs, p.isolcpus, s.GetDefaultCPUSet()) -+ - return nil - } - -@@ -316,16 +332,39 @@ func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Contai - return nil - } - -- cpuset := p.reservedCPUs -+ cpuset := p.reservedCPUs.Clone().Difference(p.isolcpus) - if cpuset.IsEmpty() { - // If this happens then someone messed up. -- return fmt.Errorf("[cpumanager] static policy: reserved container unable to allocate cpus (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v, reserved:%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset, p.reservedCPUs) -+ return fmt.Errorf("[cpumanager] static policy: reserved container unable to allocate cpus (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v, reserved:%v, isolcpus:%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset, p.reservedCPUs, p.isolcpus) -+ - } - s.SetCPUSet(string(pod.UID), container.Name, cpuset) - klog.Infof("[cpumanager] static policy: reserved: AddContainer (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v", pod.Namespace, string(pod.UID), pod.Name, container.Name, cpuset) - return nil - } - -+ if isolcpus := p.podIsolCPUs(pod, container); isolcpus.Size() > 0 { -+ // container has requested isolated CPUs -+ if set, ok := s.GetCPUSet(string(pod.UID), container.Name); ok { -+ if set.Equals(isolcpus) { -+ klog.Infof("[cpumanager] isolcpus container already present in state, skipping (namespace: %s, pod UID: %s, pod: %s, container: %s)", -+ pod.Namespace, string(pod.UID), pod.Name, container.Name) -+ return nil -+ } else { -+ klog.Infof("[cpumanager] isolcpus container state has cpus %v, should be %v (namespace: %s, pod UID: %s, pod: %s, container: %s)", -+ isolcpus, set, pod.Namespace, string(pod.UID), pod.Name, container.Name) -+ } -+ } -+ // Note that we do not do anything about init containers here. -+ // It looks like devices are allocated per-pod based on effective requests/limits -+ // and extra devices from initContainers are not freed up when the regular containers start. -+ // TODO: confirm this is still true for 1.20 -+ s.SetCPUSet(string(pod.UID), container.Name, isolcpus) -+ klog.Infof("[cpumanager] isolcpus: AddContainer (namespace: %s, pod UID: %s, pod: %s, container: %s); cpuset=%v", -+ pod.Namespace, string(pod.UID), pod.Name, container.Name, isolcpus) -+ return nil -+ } -+ - numCPUs := p.guaranteedCPUs(pod, container) - if numCPUs == 0 { - // container belongs in the shared pool (nothing to do; use default cpuset) -@@ -391,7 +430,9 @@ func (p *staticPolicy) Allocate(s state.State, pod *v1.Pod, container *v1.Contai - } - s.SetCPUSet(string(pod.UID), container.Name, cpuset) - p.updateCPUsToReuse(pod, container, cpuset) -- -+ klog.Infof("[cpumanager] guaranteed: AddContainer "+ -+ "(namespace: %s, pod UID: %s, pod: %s, container: %s); numCPUS=%d, cpuset=%v", -+ pod.Namespace, string(pod.UID), pod.Name, container.Name, numCPUs, cpuset) - return nil - } - -@@ -709,6 +750,36 @@ func isKubeInfra(pod *v1.Pod) bool { - return false - } - -+// get the isolated CPUs (if any) from the devices associated with a specific container -+func (p *staticPolicy) podIsolCPUs(pod *v1.Pod, container *v1.Container) cpuset.CPUSet { -+ // NOTE: This is required for TestStaticPolicyAdd() since makePod() does -+ // not create UID. We also need a way to properly stub devicemanager. -+ if len(string(pod.UID)) == 0 { -+ return cpuset.New() -+ } -+ resContDevices := p.deviceManager.GetDevices(string(pod.UID), container.Name) -+ cpuSet := cpuset.New() -+ for resourceName, resourceDevs := range resContDevices { -+ // this resource name needs to match the isolcpus device plugin -+ if resourceName == "windriver.com/isolcpus" { -+ for devID, _ := range resourceDevs { -+ cpuStrList := []string{devID} -+ if len(cpuStrList) > 0 { -+ // loop over the list of strings, convert each one to int, add to cpuset -+ for _, cpuStr := range cpuStrList { -+ cpu, err := strconv.Atoi(cpuStr) -+ if err != nil { -+ panic(err) -+ } -+ cpuSet = cpuSet.Union(cpuset.New(cpu)) -+ } -+ } -+ } -+ } -+ } -+ return cpuSet -+} -+ - // isHintSocketAligned function return true if numa nodes in hint are socket aligned. - func (p *staticPolicy) isHintSocketAligned(hint topologymanager.TopologyHint, minAffinitySize int) bool { - numaNodesBitMask := hint.NUMANodeAffinity.GetBits() -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index b864c6c57c6..cb363bb29ab 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -27,6 +27,7 @@ import ( - pkgfeatures "k8s.io/kubernetes/pkg/features" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/state" - "k8s.io/kubernetes/pkg/kubelet/cm/cpumanager/topology" -+ "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" - "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager/bitmask" - "k8s.io/utils/cpuset" -@@ -70,8 +71,9 @@ func (spt staticPolicyTest) PseudoClone() staticPolicyTest { - } - - func TestStaticPolicyName(t *testing.T) { -+ testDM, _ := devicemanager.NewManagerStub() - testExcl := false -- policy, _ := NewStaticPolicy(topoSingleSocketHT, 1, cpuset.New(), topologymanager.NewFakeManager(), nil, testExcl) -+ policy, _ := NewStaticPolicy(topoSingleSocketHT, 1, cpuset.New(), cpuset.New(), topologymanager.NewFakeManager(), nil, testDM, testExcl) - - policyName := policy.Name() - if policyName != "static" { -@@ -81,6 +83,7 @@ func TestStaticPolicyName(t *testing.T) { - } - - func TestStaticPolicyStart(t *testing.T) { -+ testDM, _ := devicemanager.NewManagerStub() - testCases := []staticPolicyTest{ - { - description: "non-corrupted state", -@@ -156,7 +159,7 @@ func TestStaticPolicyStart(t *testing.T) { - } - for _, testCase := range testCases { - t.Run(testCase.description, func(t *testing.T) { -- p, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil, testCase.excludeReserved) -+ p, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), cpuset.New(), topologymanager.NewFakeManager(), nil, testDM, testCase.excludeReserved) - - policy := p.(*staticPolicy) - st := &mockState{ -@@ -204,7 +207,6 @@ func TestStaticPolicyAdd(t *testing.T) { - largeTopoCPUSet := cpuset.New(largeTopoCPUids...) - largeTopoSock0CPUSet := cpuset.New(largeTopoSock0CPUids...) - largeTopoSock1CPUSet := cpuset.New(largeTopoSock1CPUids...) -- - // these are the cases which must behave the same regardless the policy options. - // So we will permutate the options to ensure this holds true. - -@@ -627,7 +629,9 @@ func runStaticPolicyTestCase(t *testing.T, testCase staticPolicyTest) { - cpus = testCase.reservedCPUs.Clone() - } - testExcl := false -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpus, tm, testCase.options, testExcl) -+ testDM, _ := devicemanager.NewManagerStub() -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpus, cpus, tm, testCase.options, testDM, testExcl) -+ - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -674,6 +678,8 @@ func runStaticPolicyTestCaseWithFeatureGate(t *testing.T, testCase staticPolicyT - } - - func TestStaticPolicyReuseCPUs(t *testing.T) { -+ excludeReserved := false -+ testDM, _ := devicemanager.NewManagerStub() - testCases := []struct { - staticPolicyTest - expCSetAfterAlloc cpuset.CPUSet -@@ -698,7 +704,7 @@ func TestStaticPolicyReuseCPUs(t *testing.T) { - } - - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil, testCase.excludeReserved) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), cpuset.New(), topologymanager.NewFakeManager(), nil, testDM, excludeReserved) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -731,6 +737,7 @@ func TestStaticPolicyReuseCPUs(t *testing.T) { - - func TestStaticPolicyRemove(t *testing.T) { - excludeReserved := false -+ testDM, _ := devicemanager.NewManagerStub() - testCases := []staticPolicyTest{ - { - description: "SingleSocketHT, DeAllocOneContainer", -@@ -789,7 +796,7 @@ func TestStaticPolicyRemove(t *testing.T) { - } - - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil, excludeReserved) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), cpuset.New(), topologymanager.NewFakeManager(), nil, testDM, excludeReserved) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -812,6 +819,7 @@ func TestStaticPolicyRemove(t *testing.T) { - - func TestTopologyAwareAllocateCPUs(t *testing.T) { - excludeReserved := false -+ testDM, _ := devicemanager.NewManagerStub() - testCases := []struct { - description string - topo *topology.CPUTopology -@@ -880,7 +888,8 @@ func TestTopologyAwareAllocateCPUs(t *testing.T) { - }, - } - for _, tc := range testCases { -- p, _ := NewStaticPolicy(tc.topo, 0, cpuset.New(), topologymanager.NewFakeManager(), nil, excludeReserved) -+ p, _ := NewStaticPolicy(tc.topo, 0, cpuset.New(), cpuset.New(), topologymanager.NewFakeManager(), nil, testDM, excludeReserved) -+ - policy := p.(*staticPolicy) - st := &mockState{ - assignments: tc.stAssignments, -@@ -913,6 +922,7 @@ type staticPolicyTestWithResvList struct { - topo *topology.CPUTopology - numReservedCPUs int - reserved cpuset.CPUSet -+ isolcpus cpuset.CPUSet - stAssignments state.ContainerCPUAssignments - stDefaultCPUSet cpuset.CPUSet - pod *v1.Pod -@@ -923,6 +933,8 @@ type staticPolicyTestWithResvList struct { - } - - func TestStaticPolicyStartWithResvList(t *testing.T) { -+ testDM, _ := devicemanager.NewManagerStub() -+ testExcl := false - testCases := []staticPolicyTestWithResvList{ - { - description: "empty cpuset", -@@ -952,10 +964,9 @@ func TestStaticPolicyStartWithResvList(t *testing.T) { - expNewErr: fmt.Errorf("[cpumanager] unable to reserve the required amount of CPUs (size of 0-1 did not equal 1)"), - }, - } -- testExcl := false - for _, testCase := range testCases { - t.Run(testCase.description, func(t *testing.T) { -- p, err := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil, testExcl) -+ p, err := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, cpuset.New(), topologymanager.NewFakeManager(), nil, testDM, testExcl) - - if !reflect.DeepEqual(err, testCase.expNewErr) { - t.Errorf("StaticPolicy Start() error (%v). expected error: %v but got: %v", -@@ -996,6 +1007,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - topo: topoSingleSocketHT, - numReservedCPUs: 1, - reserved: cpuset.New(0), -+ isolcpus: cpuset.New(), - stAssignments: state.ContainerCPUAssignments{}, - stDefaultCPUSet: cpuset.New(1, 2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "8000m", "8000m"), -@@ -1008,6 +1020,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - topo: topoSingleSocketHT, - numReservedCPUs: 2, - reserved: cpuset.New(0, 1), -+ isolcpus: cpuset.New(), - stAssignments: state.ContainerCPUAssignments{}, - stDefaultCPUSet: cpuset.New(2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "1000m", "1000m"), -@@ -1020,6 +1033,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - topo: topoSingleSocketHT, - numReservedCPUs: 2, - reserved: cpuset.New(0, 1), -+ isolcpus: cpuset.New(), - stAssignments: state.ContainerCPUAssignments{ - "fakePod": map[string]cpuset.CPUSet{ - "fakeContainer100": cpuset.New(2, 3, 6, 7), -@@ -1036,6 +1050,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - topo: topoSingleSocketHT, - numReservedCPUs: 2, - reserved: cpuset.New(0, 1), -+ isolcpus: cpuset.New(), - stAssignments: state.ContainerCPUAssignments{ - "fakePod": map[string]cpuset.CPUSet{ - "fakeContainer100": cpuset.New(2, 3, 6, 7), -@@ -1047,11 +1062,29 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - expCPUAlloc: true, - expCSet: cpuset.New(0, 1), - }, -+ { -+ description: "InfraPod, SingleSocketHT, Isolcpus, ExpectAllocReserved", -+ topo: topoSingleSocketHT, -+ numReservedCPUs: 2, -+ reserved: cpuset.New(0, 1), -+ isolcpus: cpuset.New(1), -+ stAssignments: state.ContainerCPUAssignments{ -+ "fakePod": map[string]cpuset.CPUSet{ -+ "fakeContainer100": cpuset.New(2, 3, 6, 7), -+ }, -+ }, -+ stDefaultCPUSet: cpuset.New(4, 5), -+ pod: infraPod, -+ expErr: nil, -+ expCPUAlloc: true, -+ expCSet: cpuset.New(0), -+ }, - } - - testExcl := true -+ testDM, _ := devicemanager.NewManagerStub() - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil, testExcl) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, testCase.isolcpus, topologymanager.NewFakeManager(), nil, testDM, testExcl) - - st := &mockState{ - assignments: testCase.stAssignments, -diff --git a/pkg/kubelet/cm/devicemanager/manager_stub.go b/pkg/kubelet/cm/devicemanager/manager_stub.go -new file mode 100644 -index 00000000000..98abcde2519 ---- /dev/null -+++ b/pkg/kubelet/cm/devicemanager/manager_stub.go -@@ -0,0 +1,110 @@ -+/* -+Copyright 2017 The Kubernetes Authors. -+ -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/ -+ -+package devicemanager -+ -+import ( -+ v1 "k8s.io/api/core/v1" -+ "k8s.io/kubernetes/pkg/kubelet/cm/topologymanager" -+ "k8s.io/kubernetes/pkg/kubelet/config" -+ "k8s.io/kubernetes/pkg/kubelet/lifecycle" -+ "k8s.io/kubernetes/pkg/kubelet/pluginmanager/cache" -+ schedulerframework "k8s.io/kubernetes/pkg/scheduler/framework" -+ "k8s.io/apimachinery/pkg/util/sets" -+ "k8s.io/kubernetes/pkg/kubelet/cm/containermap" -+) -+ -+// ManagerStub provides a simple stub implementation for the Device Manager. -+type ManagerStub struct{ -+ // containerMap provides a mapping from (pod, container) -> containerID -+ // for all containers in a pod. Used to detect pods running across a restart -+ containerMap containermap.ContainerMap -+ -+ // containerRunningSet identifies which container among those present in `containerMap` -+ // was reported running by the container runtime when `containerMap` was computed. -+ // Used to detect pods running across a restart -+ containerRunningSet sets.String -+} -+ -+// NewManagerStub creates a ManagerStub. -+func NewManagerStub() (*ManagerStub, error) { -+ return &ManagerStub{}, nil -+} -+ -+// Start simply returns nil. -+func (h *ManagerStub) Start(activePods ActivePodsFunc, sourcesReady config.SourcesReady, initialContainers containermap.ContainerMap, initialContainerRunningSet sets.String) error { -+ return nil -+} -+ -+// Stop simply returns nil. -+func (h *ManagerStub) Stop() error { -+ return nil -+} -+ -+// Allocate simply returns nil. -+func (h *ManagerStub) Allocate(pod *v1.Pod, container *v1.Container) error { -+ return nil -+} -+ -+// UpdatePluginResources simply returns nil. -+func (h *ManagerStub) UpdatePluginResources(node *schedulerframework.NodeInfo, attrs *lifecycle.PodAdmitAttributes) error { -+ return nil -+} -+ -+// GetDeviceRunContainerOptions simply returns nil. -+func (h *ManagerStub) GetDeviceRunContainerOptions(pod *v1.Pod, container *v1.Container) (*DeviceRunContainerOptions, error) { -+ return nil, nil -+} -+ -+// GetCapacity simply returns nil capacity and empty removed resource list. -+func (h *ManagerStub) GetCapacity() (v1.ResourceList, v1.ResourceList, []string) { -+ return nil, nil, []string{} -+} -+ -+// GetWatcherHandler returns plugin watcher interface -+func (h *ManagerStub) GetWatcherHandler() cache.PluginHandler { -+ return nil -+} -+ -+// GetTopologyHints returns an empty TopologyHint map -+func (h *ManagerStub) GetTopologyHints(pod *v1.Pod, container *v1.Container) map[string][]topologymanager.TopologyHint { -+ return map[string][]topologymanager.TopologyHint{} -+} -+ -+// GetPodTopologyHints returns an empty TopologyHint map -+func (h *ManagerStub) GetPodTopologyHints(pod *v1.Pod) map[string][]topologymanager.TopologyHint { -+ return map[string][]topologymanager.TopologyHint{} -+} -+ -+// GetDevices returns nil -+func (h *ManagerStub) GetDevices(_, _ string) ResourceDeviceInstances { -+ return nil -+} -+ -+// GetAllocatableDevices returns nothing -+func (h *ManagerStub) GetAllocatableDevices() ResourceDeviceInstances { -+ return nil -+} -+ -+// ShouldResetExtendedResourceCapacity returns false -+func (h *ManagerStub) ShouldResetExtendedResourceCapacity() bool { -+ return false -+} -+ -+// UpdateAllocatedDevices returns nothing -+func (h *ManagerStub) UpdateAllocatedDevices() { -+ return -+} --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch b/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch deleted file mode 100644 index 8f9c30130..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-cpumanager-keep-normal-containers-off-reserv.patch +++ /dev/null @@ -1,357 +0,0 @@ -From 60bd00132deb5fe20a8a5adc8dce990cd02757bc Mon Sep 17 00:00:00 2001 -From: Boovan Rajendran -Date: Fri, 1 Sep 2023 07:15:25 -0400 -Subject: [PATCH] kubelet cpumanager keep normal containers off reserved CPUs - -When starting the kubelet process, two separate sets of reserved CPUs -may be specified. With this change CPUs reserved via -'--system-reserved=cpu' -or '--kube-reserved=cpu' will be ignored by kubernetes itself. A small -tweak to the default CPU affinity ensures that "normal" Kubernetes -pods won't run on the reserved CPUs. - -Co-authored-by: Jim Gauld -Signed-off-by: Sachin Gopala Krishna -Signed-off-by: Ramesh Kumar Sivanandam -Signed-off-by: Boovan Rajendran ---- - pkg/kubelet/cm/cpumanager/cpu_manager.go | 6 ++- - pkg/kubelet/cm/cpumanager/cpu_manager_test.go | 19 +++++++--- - pkg/kubelet/cm/cpumanager/policy_static.go | 30 ++++++++++++--- - .../cm/cpumanager/policy_static_test.go | 38 ++++++++++++++----- - 4 files changed, 71 insertions(+), 22 deletions(-) - -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager.go b/pkg/kubelet/cm/cpumanager/cpu_manager.go -index 1d8901f4b36..29458efb05c 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager.go -@@ -192,7 +192,11 @@ func NewManager(cpuPolicyName string, cpuPolicyOptions map[string]string, reconc - // exclusively allocated. - reservedCPUsFloat := float64(reservedCPUs.MilliValue()) / 1000 - numReservedCPUs := int(math.Ceil(reservedCPUsFloat)) -- policy, err = NewStaticPolicy(topo, numReservedCPUs, specificCPUs, affinity, cpuPolicyOptions) -+ // NOTE: Set excludeReserved unconditionally to exclude reserved CPUs from default cpuset. -+ // This variable is primarily to make testing easier. -+ excludeReserved := true -+ policy, err = NewStaticPolicy(topo, numReservedCPUs, specificCPUs, affinity, cpuPolicyOptions, excludeReserved) -+ - if err != nil { - return nil, fmt.Errorf("new static policy error: %w", err) - } -diff --git a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -index 65bb88bf0f0..daecd35f67b 100644 ---- a/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -+++ b/pkg/kubelet/cm/cpumanager/cpu_manager_test.go -@@ -215,6 +215,7 @@ func makeMultiContainerPod(initCPUs, appCPUs []struct{ request, limit string }) - } - - func TestCPUManagerAdd(t *testing.T) { -+ testExcl := false - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 4, -@@ -230,7 +231,8 @@ func TestCPUManagerAdd(t *testing.T) { - 0, - cpuset.New(), - topologymanager.NewFakeManager(), -- nil) -+ nil, -+ testExcl) - testCases := []struct { - description string - updateErr error -@@ -479,8 +481,9 @@ func TestCPUManagerAddWithInitContainers(t *testing.T) { - }, - } - -+ testExcl := false - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil, testExcl) - - mockState := &mockState{ - assignments: testCase.stAssignments, -@@ -705,6 +708,7 @@ func TestCPUManagerRemove(t *testing.T) { - } - - func TestReconcileState(t *testing.T) { -+ testExcl := false - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 8, -@@ -724,7 +728,8 @@ func TestReconcileState(t *testing.T) { - 0, - cpuset.New(), - topologymanager.NewFakeManager(), -- nil) -+ nil, -+ testExcl) - - testCases := []struct { - description string -@@ -1228,6 +1233,7 @@ func TestReconcileState(t *testing.T) { - // above test cases are without kubelet --reserved-cpus cmd option - // the following tests are with --reserved-cpus configured - func TestCPUManagerAddWithResvList(t *testing.T) { -+ testExcl := false - testPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ - NumCPUs: 4, -@@ -1243,7 +1249,8 @@ func TestCPUManagerAddWithResvList(t *testing.T) { - 1, - cpuset.New(0), - topologymanager.NewFakeManager(), -- nil) -+ nil, -+ testExcl) - testCases := []struct { - description string - updateErr error -@@ -1368,6 +1375,7 @@ func TestCPUManagerHandlePolicyOptions(t *testing.T) { - } - - func TestCPUManagerGetAllocatableCPUs(t *testing.T) { -+ testExcl := false - nonePolicy, _ := NewNonePolicy(nil) - staticPolicy, _ := NewStaticPolicy( - &topology.CPUTopology{ -@@ -1384,7 +1392,8 @@ func TestCPUManagerGetAllocatableCPUs(t *testing.T) { - 1, - cpuset.New(0), - topologymanager.NewFakeManager(), -- nil) -+ nil, -+ testExcl) - - testCases := []struct { - description string -diff --git a/pkg/kubelet/cm/cpumanager/policy_static.go b/pkg/kubelet/cm/cpumanager/policy_static.go -index 0f72e64dbc8..895c707600d 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static.go -@@ -105,6 +105,8 @@ type staticPolicy struct { - topology *topology.CPUTopology - // set of CPUs that is not available for exclusive assignment - reservedCPUs cpuset.CPUSet -+ // If true, default CPUSet should exclude reserved CPUs -+ excludeReserved bool - // Superset of reservedCPUs. It includes not just the reservedCPUs themselves, - // but also any siblings of those reservedCPUs on the same physical die. - // NOTE: If the reserved set includes full physical CPUs from the beginning -@@ -125,7 +127,7 @@ var _ Policy = &staticPolicy{} - // NewStaticPolicy returns a CPU manager policy that does not change CPU - // assignments for exclusively pinned guaranteed containers after the main - // container process starts. --func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reservedCPUs cpuset.CPUSet, affinity topologymanager.Store, cpuPolicyOptions map[string]string) (Policy, error) { -+func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reservedCPUs cpuset.CPUSet, affinity topologymanager.Store, cpuPolicyOptions map[string]string, excludeReserved bool) (Policy, error) { - opts, err := NewStaticPolicyOptions(cpuPolicyOptions) - if err != nil { - return nil, err -@@ -140,6 +142,7 @@ func NewStaticPolicy(topology *topology.CPUTopology, numReservedCPUs int, reserv - policy := &staticPolicy{ - topology: topology, - affinity: affinity, -+ excludeReserved: excludeReserved, - cpusToReuse: make(map[string]cpuset.CPUSet), - options: opts, - } -@@ -201,7 +204,15 @@ func (p *staticPolicy) validateState(s state.State) error { - } - // state is empty initialize - allCPUs := p.topology.CPUDetails.CPUs() -- s.SetDefaultCPUSet(allCPUs) -+ if p.excludeReserved { -+ // Exclude reserved CPUs from the default CPUSet to keep containers off them -+ // unless explicitly affined. -+ s.SetDefaultCPUSet(allCPUs.Difference(p.reservedCPUs)) -+ } else { -+ s.SetDefaultCPUSet(allCPUs) -+ } -+ klog.Infof("[cpumanager] static policy: CPUSet: allCPUs:%v, reserved:%v, default:%v\n", -+ allCPUs, p.reservedCPUs, s.GetDefaultCPUSet()) - return nil - } - -@@ -209,11 +220,12 @@ func (p *staticPolicy) validateState(s state.State) error { - // 1. Check if the reserved cpuset is not part of default cpuset because: - // - kube/system reserved have changed (increased) - may lead to some containers not being able to start - // - user tampered with file -- if !p.reservedCPUs.Intersection(tmpDefaultCPUset).Equals(p.reservedCPUs) { -- return fmt.Errorf("not all reserved cpus: \"%s\" are present in defaultCpuSet: \"%s\"", -- p.reservedCPUs.String(), tmpDefaultCPUset.String()) -+ if !p.excludeReserved { -+ if !p.reservedCPUs.Intersection(tmpDefaultCPUset).Equals(p.reservedCPUs) { -+ return fmt.Errorf("not all reserved cpus: \"%s\" are present in defaultCpuSet: \"%s\"", -+ p.reservedCPUs.String(), tmpDefaultCPUset.String()) -+ } - } -- - // 2. Check if state for static policy is consistent - for pod := range tmpAssignments { - for container, cset := range tmpAssignments[pod] { -@@ -240,6 +252,9 @@ func (p *staticPolicy) validateState(s state.State) error { - } - } - totalKnownCPUs = totalKnownCPUs.Union(tmpCPUSets...) -+ if p.excludeReserved { -+ totalKnownCPUs = totalKnownCPUs.Union(p.reservedCPUs) -+ } - if !totalKnownCPUs.Equals(p.topology.CPUDetails.CPUs()) { - return fmt.Errorf("current set of available CPUs \"%s\" doesn't match with CPUs in state \"%s\"", - p.topology.CPUDetails.CPUs().String(), totalKnownCPUs.String()) -@@ -374,6 +389,9 @@ func (p *staticPolicy) RemoveContainer(s state.State, podUID string, containerNa - cpusInUse := getAssignedCPUsOfSiblings(s, podUID, containerName) - if toRelease, ok := s.GetCPUSet(podUID, containerName); ok { - s.Delete(podUID, containerName) -+ if p.excludeReserved { -+ toRelease = toRelease.Difference(p.reservedCPUs) -+ } - // Mutate the shared pool, adding released cpus. - toRelease = toRelease.Difference(cpusInUse) - s.SetDefaultCPUSet(s.GetDefaultCPUSet().Union(toRelease)) -diff --git a/pkg/kubelet/cm/cpumanager/policy_static_test.go b/pkg/kubelet/cm/cpumanager/policy_static_test.go -index 0dcf78d49dc..deb2f4c7982 100644 ---- a/pkg/kubelet/cm/cpumanager/policy_static_test.go -+++ b/pkg/kubelet/cm/cpumanager/policy_static_test.go -@@ -36,6 +36,7 @@ type staticPolicyTest struct { - description string - topo *topology.CPUTopology - numReservedCPUs int -+ excludeReserved bool - reservedCPUs *cpuset.CPUSet - podUID string - options map[string]string -@@ -69,7 +70,8 @@ func (spt staticPolicyTest) PseudoClone() staticPolicyTest { - } - - func TestStaticPolicyName(t *testing.T) { -- policy, _ := NewStaticPolicy(topoSingleSocketHT, 1, cpuset.New(), topologymanager.NewFakeManager(), nil) -+ testExcl := false -+ policy, _ := NewStaticPolicy(topoSingleSocketHT, 1, cpuset.New(), topologymanager.NewFakeManager(), nil, testExcl) - - policyName := policy.Name() - if policyName != "static" { -@@ -99,6 +101,15 @@ func TestStaticPolicyStart(t *testing.T) { - stDefaultCPUSet: cpuset.New(), - expCSet: cpuset.New(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11), - }, -+ { -+ description: "empty cpuset exclude reserved", -+ topo: topoDualSocketHT, -+ numReservedCPUs: 2, -+ excludeReserved: true, -+ stAssignments: state.ContainerCPUAssignments{}, -+ stDefaultCPUSet: cpuset.New(), -+ expCSet: cpuset.New(1, 2, 3, 4, 5, 7, 8, 9, 10, 11), -+ }, - { - description: "reserved cores 0 & 6 are not present in available cpuset", - topo: topoDualSocketHT, -@@ -145,7 +156,8 @@ func TestStaticPolicyStart(t *testing.T) { - } - for _, testCase := range testCases { - t.Run(testCase.description, func(t *testing.T) { -- p, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil) -+ p, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil, testCase.excludeReserved) -+ - policy := p.(*staticPolicy) - st := &mockState{ - assignments: testCase.stAssignments, -@@ -614,7 +626,8 @@ func runStaticPolicyTestCase(t *testing.T, testCase staticPolicyTest) { - if testCase.reservedCPUs != nil { - cpus = testCase.reservedCPUs.Clone() - } -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpus, tm, testCase.options) -+ testExcl := false -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpus, tm, testCase.options, testExcl) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -685,7 +698,7 @@ func TestStaticPolicyReuseCPUs(t *testing.T) { - } - - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil, testCase.excludeReserved) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -717,6 +730,7 @@ func TestStaticPolicyReuseCPUs(t *testing.T) { - } - - func TestStaticPolicyRemove(t *testing.T) { -+ excludeReserved := false - testCases := []staticPolicyTest{ - { - description: "SingleSocketHT, DeAllocOneContainer", -@@ -775,7 +789,7 @@ func TestStaticPolicyRemove(t *testing.T) { - } - - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, cpuset.New(), topologymanager.NewFakeManager(), nil, excludeReserved) - - st := &mockState{ - assignments: testCase.stAssignments, -@@ -797,6 +811,7 @@ func TestStaticPolicyRemove(t *testing.T) { - } - - func TestTopologyAwareAllocateCPUs(t *testing.T) { -+ excludeReserved := false - testCases := []struct { - description string - topo *topology.CPUTopology -@@ -865,7 +880,7 @@ func TestTopologyAwareAllocateCPUs(t *testing.T) { - }, - } - for _, tc := range testCases { -- p, _ := NewStaticPolicy(tc.topo, 0, cpuset.New(), topologymanager.NewFakeManager(), nil) -+ p, _ := NewStaticPolicy(tc.topo, 0, cpuset.New(), topologymanager.NewFakeManager(), nil, excludeReserved) - policy := p.(*staticPolicy) - st := &mockState{ - assignments: tc.stAssignments, -@@ -937,9 +952,11 @@ func TestStaticPolicyStartWithResvList(t *testing.T) { - expNewErr: fmt.Errorf("[cpumanager] unable to reserve the required amount of CPUs (size of 0-1 did not equal 1)"), - }, - } -+ testExcl := false - for _, testCase := range testCases { - t.Run(testCase.description, func(t *testing.T) { -- p, err := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil) -+ p, err := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil, testExcl) -+ - if !reflect.DeepEqual(err, testCase.expNewErr) { - t.Errorf("StaticPolicy Start() error (%v). expected error: %v but got: %v", - testCase.description, testCase.expNewErr, err) -@@ -979,7 +996,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - numReservedCPUs: 1, - reserved: cpuset.New(0), - stAssignments: state.ContainerCPUAssignments{}, -- stDefaultCPUSet: cpuset.New(0, 1, 2, 3, 4, 5, 6, 7), -+ stDefaultCPUSet: cpuset.New(1, 2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "8000m", "8000m"), - expErr: fmt.Errorf("not enough cpus available to satisfy request"), - expCPUAlloc: false, -@@ -991,7 +1008,7 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - numReservedCPUs: 2, - reserved: cpuset.New(0, 1), - stAssignments: state.ContainerCPUAssignments{}, -- stDefaultCPUSet: cpuset.New(0, 1, 2, 3, 4, 5, 6, 7), -+ stDefaultCPUSet: cpuset.New(2, 3, 4, 5, 6, 7), - pod: makePod("fakePod", "fakeContainer2", "1000m", "1000m"), - expErr: nil, - expCPUAlloc: true, -@@ -1015,8 +1032,9 @@ func TestStaticPolicyAddWithResvList(t *testing.T) { - }, - } - -+ testExcl := true - for _, testCase := range testCases { -- policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil) -+ policy, _ := NewStaticPolicy(testCase.topo, testCase.numReservedCPUs, testCase.reserved, topologymanager.NewFakeManager(), nil, testExcl) - - st := &mockState{ - assignments: testCase.stAssignments, --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch b/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch deleted file mode 100644 index 9515f9101..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch +++ /dev/null @@ -1,50 +0,0 @@ -From a145d85ad716f7dc654727a3d0b2f998686bd273 Mon Sep 17 00:00:00 2001 -From: Jim Gauld -Date: Fri, 11 Feb 2022 11:06:35 -0500 -Subject: [PATCH] kubelet: sort isolcpus allocation when SMT enabled - -The existing device manager code returns CPUs as devices in unsorted -order. This numerically sorts isolcpus allocations when SMT/HT is -enabled on the host. This logs SMT pairs, singletons, and algorithm -order details to make the algorithm understandable. - -Signed-off-by: Jim Gauld ---- - pkg/kubelet/cm/devicemanager/manager.go | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/pkg/kubelet/cm/devicemanager/manager.go b/pkg/kubelet/cm/devicemanager/manager.go -index 5d0c16ee51e..2447aa88114 100644 ---- a/pkg/kubelet/cm/devicemanager/manager.go -+++ b/pkg/kubelet/cm/devicemanager/manager.go -@@ -561,7 +561,16 @@ func order_devices_by_sibling(devices sets.String, needed int) ([]string, error) - return cpu_lst[0] - } - } -+ //Make post-analysis of selection algorithm obvious by numerical sorting -+ //the available isolated cpu_id. -+ cpu_ids := make([]int, 0, int(devices.Len())) - for cpu_id := range devices { -+ cpu_id_, _ := strconv.Atoi(cpu_id) -+ cpu_ids = append(cpu_ids, cpu_id_) -+ } -+ sort.Ints(cpu_ids) -+ for _, _cpu_id := range cpu_ids { -+ cpu_id := strconv.Itoa(_cpu_id) - // If we've already found cpu_id as a sibling, skip it. - if _, ok := _iterated_cpu[cpu_id]; ok { - continue -@@ -603,7 +612,9 @@ func order_devices_by_sibling(devices sets.String, needed int) ([]string, error) - } - } - } -- //klog.Infof("needed=%d ordered_cpu_list=%v", needed, dev_lst) -+ //This algorithm will get some attention. Show minimal details. -+ klog.Infof("order_devices_by_sibling: needed=%d, smtpairs=%v, singletons=%v, order=%v", -+ needed, sibling_lst, single_lst, dev_lst) - return dev_lst, nil - } - func smt_enabled() bool { --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch b/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch deleted file mode 100644 index ba8aa4cdc..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/kubernetes-make-isolcpus-allocation-SMT-aware.patch +++ /dev/null @@ -1,148 +0,0 @@ -From 2ae8d69bc49fcbf6fe95209fef0e256b10ad7a0f Mon Sep 17 00:00:00 2001 -From: Saba Touheed Mujawar -Date: Fri, 1 Dec 2023 05:27:16 -0500 -Subject: [PATCH] kubernetes: make isolcpus allocation SMT-aware - -Enhance isolcpus support in Kubernetes to allocate isolated SMT -siblings to the same container when SMT/HT is enabled on the host. - -As it stands, the device manager code in Kubernetes is not SMT-aware -(since normally it doesn't deal with CPUs). However, StarlingX -exposes isolated CPUs as devices and if possible we want to allocate -all SMT siblings from a CPU core to the same container in order to -minimize cross- container interference due to resource contention -within the CPU core. - -The solution is basically to take the list of isolated CPUs and -re-order it so that the SMT siblings are next to each other. That -way the existing resource selection code will allocate the siblings -together. As an optimization, if it is known that an odd number -of isolated CPUs are desired, a singleton SMT sibling will be -inserted into the list to avoid breaking up sibling pairs. - -Signed-off-by: Tao Wang -Signed-off-by: Ramesh Kumar Sivanandam -Signed-off-by: Boovan Rajendran -Signed-off-by: Saba Touheed Mujawar ---- - pkg/kubelet/cm/devicemanager/manager.go | 83 ++++++++++++++++++++++++- - 1 file changed, 82 insertions(+), 1 deletion(-) - -diff --git a/pkg/kubelet/cm/devicemanager/manager.go b/pkg/kubelet/cm/devicemanager/manager.go -index d780ee801bd..a9966290ab5 100644 ---- a/pkg/kubelet/cm/devicemanager/manager.go -+++ b/pkg/kubelet/cm/devicemanager/manager.go -@@ -23,6 +23,8 @@ import ( - "path/filepath" - "runtime" - "sort" -+ "strconv" -+ "strings" - "sync" - "time" - -@@ -36,6 +38,7 @@ import ( - pluginapi "k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1" - "k8s.io/kubernetes/pkg/kubelet/checkpointmanager" - "k8s.io/kubernetes/pkg/kubelet/checkpointmanager/errors" -+ "k8s.io/utils/cpuset" - "k8s.io/kubernetes/pkg/kubelet/cm/containermap" - "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/checkpoint" - plugin "k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/plugin/v1beta1" -@@ -542,6 +545,75 @@ func (m *ManagerImpl) UpdateAllocatedDevices() { - m.allocatedDevices = m.podDevices.devices() - } - -+//Given a list of isolated CPUs in 'devices', and the number of desired CPUs in 'needed', -+//return an ordered list of isolated CPUs such that the first 'needed' CPUs in the list -+//contain as many hyperthread sibling pairs as possible. -+func order_devices_by_sibling(devices sets.String, needed int) ([]string, error) { -+ var dev_lst []string -+ var single_lst []string -+ sibling_lst := make([]string, 0, int(devices.Len())) -+ _iterated_cpu := make(map[string]string) -+ get_sibling := func(cpu string, cpu_lst []string) string { -+ if cpu_lst[0] == cpu { -+ return cpu_lst[1] -+ } else { -+ return cpu_lst[0] -+ } -+ } -+ for cpu_id := range devices { -+ // If we've already found cpu_id as a sibling, skip it. -+ if _, ok := _iterated_cpu[cpu_id]; ok { -+ continue -+ } -+ devPath := fmt.Sprintf("/sys/devices/system/cpu/cpu%s/topology/thread_siblings_list", cpu_id) -+ dat, err := os.ReadFile(devPath) -+ if err != nil { -+ return dev_lst, fmt.Errorf("Can't read cpu[%s] thread_siblings_list", cpu_id) -+ } -+ cpustring := strings.TrimSuffix(string(dat), "\n") -+ cpu_pair_set, err := cpuset.Parse(cpustring) -+ if err != nil { -+ return dev_lst, fmt.Errorf("Unable to parse thread_siblings_list[%s] string to cpuset", cpustring) -+ } -+ var cpu_pair_lst []string -+ for _, v := range cpu_pair_set.List() { -+ cpu_pair_lst = append(cpu_pair_lst, strconv.Itoa(v)) -+ } -+ sibling_cpu_id := get_sibling(cpu_id, cpu_pair_lst) -+ if _, ok := devices[sibling_cpu_id]; ok { -+ sibling_lst = append(sibling_lst, cpu_id, sibling_cpu_id) -+ _iterated_cpu[sibling_cpu_id] = "" -+ } else { -+ single_lst = append(single_lst, cpu_id) -+ } -+ _iterated_cpu[cpu_id] = "" -+ } -+ if needed%2 == 0 { -+ dev_lst = append(sibling_lst, single_lst...) -+ } else { -+ if len(single_lst) > 1 { -+ _tmp_list := append(sibling_lst, single_lst[1:]...) -+ dev_lst = append(single_lst[0:1], _tmp_list...) -+ } else { -+ if len(single_lst) == 0 { -+ dev_lst = sibling_lst -+ } else { -+ dev_lst = append(single_lst, sibling_lst...) -+ } -+ } -+ } -+ //klog.Infof("needed=%d ordered_cpu_list=%v", needed, dev_lst) -+ return dev_lst, nil -+} -+func smt_enabled() bool { -+ dat, _ := os.ReadFile("/sys/devices/system/cpu/smt/active") -+ state := strings.TrimSuffix(string(dat), "\n") -+ if state == "0" { -+ return false -+ } -+ return true -+} -+ - // Returns list of device Ids we need to allocate with Allocate rpc call. - // Returns empty list in case we don't need to issue the Allocate rpc call. - func (m *ManagerImpl) devicesToAllocate(podUID, contName, resource string, required int, reusableDevices sets.String) (sets.String, error) { -@@ -615,7 +687,16 @@ func (m *ManagerImpl) devicesToAllocate(podUID, contName, resource string, requi - // Create a closure to help with device allocation - // Returns 'true' once no more devices need to be allocated. - allocateRemainingFrom := func(devices sets.String) bool { -- for device := range devices.Difference(allocated) { -+ availableDevices := devices.Difference(allocated).List() -+ // If we're dealing with isolcpus and SMT is enabled, reorder to group SMT siblings together. -+ if resource == "windriver.com/isolcpus" && len(devices) > 0 && smt_enabled() { -+ var err error -+ availableDevices, err = order_devices_by_sibling(devices.Difference(allocated), needed) -+ if err != nil { -+ klog.Errorf("error in order_devices_by_sibling: %v", err) -+ } -+ } -+ for _, device := range availableDevices { - m.allocatedDevices[resource].Insert(device) - allocated.Insert(device) - needed-- --- -2.25.1 - diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/series b/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/series deleted file mode 100644 index b4282f426..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/patches/series +++ /dev/null @@ -1,12 +0,0 @@ -kubeadm-create-platform-pods-with-zero-CPU-resources.patch -kubernetes-make-isolcpus-allocation-SMT-aware.patch -kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch -kubelet-cpumanager-disable-CFS-quota-throttling.patch -kubelet-cpumanager-keep-normal-containers-off-reserv.patch -kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch -kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch -Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch -kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch -kubeadm-reduce-UpgradeManifestTimeout.patch -Identify-platform-pods-based-on-pod-or-namespace-labels.patch -kubeadm-readiness-probe-timeout-core-dns.patch diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/rules b/kubernetes/kubernetes-1.28.4/debian/deb_folder/rules deleted file mode 100644 index 0608974da..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/rules +++ /dev/null @@ -1,118 +0,0 @@ -#!/usr/bin/make -f - -# -# Copyright (c) 2023 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -# This debian/rules file is based on: -# https://packages.debian.org/source/bookworm/kubernetes -# http://deb.debian.org/debian/pool/main/k/kubernetes/kubernetes_1.20.5+really1.20.2-1.1.debian.tar.xz - -# Customizations support kubernetes upgrades: -# - specific directory locations with kubernetes version, upgrades stage, -# and version specific golang compiler -# - build output not required on the production host is moved to -# kubernetes-misc package - -kube_version := 1.28.4 -kube_git_version := v${kube_version} -name := kubernetes-${kube_version} -go_version := 1.20.11 -_stage1 := /usr/local/kubernetes/${kube_version}/stage1 -_stage2 := /usr/local/kubernetes/${kube_version}/stage2 -_bindir := /usr/bin -kube_dir := src/k8s.io/kubernetes -output_dir := ${kube_dir}/_output -output_bindir := ${output_dir}/bin -output_mandir := ${output_dir}/man -DEBIAN_DESTDIR := $(CURDIR)/debian/tmp -export DH_VERBOSE = 1 -export PATH := /usr/lib/go-1.20/bin:$(PATH) -export KUBE_GIT_TREE_STATE="clean" -export KUBE_GIT_COMMIT=${kube_version} -export KUBE_GIT_VERSION=${kube_git_version} -export KUBE_EXTRA_GOPATH=$(pwd)/Godeps/_workspace -export PBR_VERSION=${kube_git_version} - -bins = kube-proxy kube-apiserver kube-controller-manager kubelet kubeadm kube-scheduler kubectl - -%: - dh $@ --with=bash-completion --builddirectory=src --without=build-stamp - -override_dh_auto_build: - # we support multiple go compilers; indicate the version we are using - go version - which go - - mkdir -pv ${kube_dir} - # keep the .go-version and ignore unwanted files - mv -v $$(ls -a -I ".." -I "." -I ".git*" -I ".generated_files" | grep -v "^src$$" | grep -v "^debian$$") ${kube_dir}/. - cd ${kube_dir} && make WHAT="$(addprefix cmd/,$(bins) genman)" - - # manpages - mkdir -p ${output_mandir} - echo $(bins) | xargs --max-args=1 ${output_bindir}/genman ${output_mandir} - - # NOTICE files - find ${kube_dir}/vendor -name '*NOTICE*' -print0 | xargs -0 head -n1000 > ${output_dir}/NOTICE - -override_dh_install: - # kube_version stage1 - install -m 755 -d ${DEBIAN_DESTDIR}${_stage1}${_bindir} - install -p -m 755 -t ${DEBIAN_DESTDIR}${_stage1}${_bindir} ${output_bindir}/kubeadm - - # kube_version stage2 - install -m 755 -d ${DEBIAN_DESTDIR}${_stage2}${_bindir} - install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d - install -p -m 0644 -t ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d debian/kubeadm.conf - install -p -m 750 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet - install -p -m 755 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl - # bash completions - install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/ - ${DEBIAN_DESTDIR}${_stage2}${_bindir}/kubectl completion bash > ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/kubectl - - # remaining are not kube_version staged, i.e., kubernetes-master, kubernetes-misc - install -m 755 -d ${DEBIAN_DESTDIR}${_bindir} - install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver - install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager - install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler - install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy - - # specific cluster addons for optional use - install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons - - # Addon: volumesnapshots - install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots - install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/crd - install -m 0644 -t ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/crd ${kube_dir}/cluster/addons/volumesnapshots/crd/* - install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/volume-snapshot-controller - install -m 0644 -t ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/volume-snapshot-controller ${kube_dir}/cluster/addons/volumesnapshots/volume-snapshot-controller/* - - # unit-test - # - everything from the root directory is needed - # - unit-tests needs source code - # - integration tests needs docs and other files - # - test-cmd.sh atm needs cluster, examples and other - install -d -m 0755 ${DEBIAN_DESTDIR}/var/lib/kubernetes-unit-test/ - cp -a src ${DEBIAN_DESTDIR}/var/lib/kubernetes-unit-test/ - # remove generated output, i.e., binaries, go cache, man pages, violations report - rm -rf ${DEBIAN_DESTDIR}/var/lib/kubernetes-unit-test/${output_dir} - - dh_install - -override_dh_auto_test: - ${kube_dir}/hack/test-cmd.sh - ${kube_dir}/hack/benchmark-go.sh - ${kube_dir}/hack/test-go.sh - ${kube_dir}/hack/test-integration.sh --use_go_build - -override_dh_fixperms: - dh_fixperms -Xkube-apiserver -Xkubeadm -Xkubeadm.conf \ - -Xkubelet-cgroup-setup.sh -Xkube-apiserver \ - -Xkube-controller-manager -Xkube-scheduler \ - -Xkube-proxy -Xkubelet -Xkubectl - -override_dh_usrlocal: - diff --git a/kubernetes/kubernetes-1.28.4/debian/deb_folder/source/format b/kubernetes/kubernetes-1.28.4/debian/deb_folder/source/format deleted file mode 100644 index 163aaf8d8..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/deb_folder/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (quilt) diff --git a/kubernetes/kubernetes-1.28.4/debian/meta_data.yaml b/kubernetes/kubernetes-1.28.4/debian/meta_data.yaml deleted file mode 100644 index b54bdc127..000000000 --- a/kubernetes/kubernetes-1.28.4/debian/meta_data.yaml +++ /dev/null @@ -1,10 +0,0 @@ -debver: 1.28.4 -dl_path: - name: kubernetes-1.28.4.tar.gz - url: https://github.com/kubernetes/kubernetes/archive/refs/tags/v1.28.4.tar.gz - sha256sum: 6543c6a7fc60828ef4816ebf5425efbf5fdf9e9785d0193b98e3fb833e1145f0 -revision: - dist: ${STX_DIST} - GITREVCOUNT: - BASE_SRCREV: 7560ecff32cc5054c5b7be0587fb3de69f0e8c34 - SRC_DIR: ${MY_REPO}/stx/integ/kubernetes/kubernetes-1.28.4