This is a manual backport of PRs 110496 and 117241 to release-1.24 branch.
Fixes the following issues:
* Fix "dbus: connection closed by user" error after dbus daemon restart
* CVE-2023-27561 CVE-2023-25809 CVE-2023-28642: Bump fix runc v1.1.4 -> v1.1.5
* Fixed cgroup removal error when using runc binary >= 1.1.6
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Kubernetes-commit: bce91ce265ffd74bd426c4f39c63b6971a1c16a6
odinuge: sorted out some function signature changes during
cherry-picking that caused conflicts.
(cherry picked from commit e76dff38cf74c3c8ad9ed4d3bc6e3641d9b64565)
Signed-off-by: Odin Ugedal <odin@uged.al>
Kubernetes-commit: b9400f7b434e1c2cfcc0eb3653d0f8918dc458f4
Since the behavior is now changed, and the old behavior leaked objects,
this adds a new comment about how Replace works.
Signed-off-by: Odin Ugedal <ougedal@palantir.com>
Signed-off-by: Odin Ugedal <odin@uged.al>
Kubernetes-commit: 7c5ea7a37082e273c3a377217184b038688e1b46
This is useful to both reduce the code complexity, and to ensure clients
get the "newest" version of an object known when its deleted. This is
all best-effort, but for clients it makes more sense giving them the
newest object they observed rather than an old one.
This is especially useful when an object is recreated. eg.
Object A with key K is in the KnownObjects store;
- DELETE delta for A is queued with key K
- CREATE delta for B is queued with key K
- Replace without any object with key K in it.
In this situation its better to create a DELETE delta with
DeletedFinalStateUnknown with B (with this patch), than it is to give
the client an DeletedFinalStateUnknown with A (without this patch).
Signed-off-by: Odin Ugedal <ougedal@palantir.com>
Signed-off-by: Odin Ugedal <odin@uged.al>
Kubernetes-commit: 65034822ee9c4ff6f563108f2b8ba19bad60d809
This fixes an issue where a relist could result in a DELETED delta
with an object wrapped in a DeletedFinalStateUnknown object; and then on
the next relist, it would wrap that object inside another
DeletedFinalStateUnknown, leaving the user with a "double" layer
of DeletedFinalStateUnknown's.
Signed-off-by: Odin Ugedal <ougedal@palantir.com>
Signed-off-by: Odin Ugedal <odin@uged.al>
Kubernetes-commit: 2d7fdc38e72eafec4072952ebae13f887d77843f
This fixes a race condition when a "short lived" object
is created and the create event is still present on the queue
when a relist replaces the state. Previously that would lead in the
object being leaked.
The way this could happen is roughly;
1. new Object is added O, agent gets CREATED event for it
2. watch is terminated, and the agent runs a new list, L
3. CREATE event for O is still on the queue to be processed.
4. informer replaces the old data in store with L, and O is not in L
- Since O is not in the store, and not in the list L, no DELETED event
is queued
5. CREATE event for O is still on the queue to be processed.
6. CREATE event for O is processed
7. O is <leaked>; its present in the cache but not in k8s.
With this patch, on step 4. above it would create a DELETED event
ensuring that the object will be removed.
Signed-off-by: Odin Ugedal <ougedal@palantir.com>
Signed-off-by: Odin Ugedal <odin@uged.al>
Kubernetes-commit: 4f9eb9e3615973091ab9f916962f48c982cf6568
Bumping version to include changes that
better handle TLS errors. Bump nescessary
to prepare for when the version of Go is
bumped to 1.20
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Kubernetes-commit: a9fff191b16daa7c067f20d6f472d145d8bb6623
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh
Replay of a9593d634c6a053848413e600dadbf974627515f
Kubernetes-commit: 15d9d196476d64482189f00f1cf1a2061aea5b35
Bump konnectivity network proxy to v0.0.33.
Includes a couple bug fixes for better handling of dial failures.
[Agent &
Server](https://github.com/kubernetes-sigs/apiserver-network-proxy/commits/v0.0.33)
include numerous other fixes.
Pin goleak to 1.2
Kubernetes-commit: 6b25b52aa097dd2ed3c519e20aeab9bcf1c14024
This change updates the transport.Config .Dial and .TLS.GetCert fields
to use a struct wrapper. This indirection via a pointer allows the
functions to be compared and thus makes them valid to use as map keys.
This change is then leveraged by the existing global exec auth and TLS
config caches to return the same authenticator and TLS config even when
distinct but identical rest configs were used to create distinct
clientsets.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: e3bffcd28922b24e54cc89c4356c2dc16e778e67
The functionality provided by the finalURLTemplate is still used by
certain external projects to track the request latency for requests
performed to kube-apiserver.
Using a template of the URL, instead of the URL itself, prevents the
explosion of label cardinality in exposed metrics since it aggregates
the URLs in a way that common URLs requests are reported as being the
same.
This reverts commit bebf5a608f68523fc430a44f6db26b16022dc862.
Signed-off-by: André Martins <aanm90@gmail.com>
Kubernetes-commit: 1be2a067795b082446ed3caf1ff307d767f53069
Automated cherry pick of #111235: fix a possible panic because of taking the address of nil
Kubernetes-commit: 72775b6edbd0d360207b30ce0e9de36bc887af42
* Introduce networking/v1alpha1 api, ClusterCIDRConfig type
Introduce networking/v1alpha1 api group.
Add `ClusterCIDRConfig` type to networking/v1alpha1 api group, this type
will enable the NodeIPAM controller to support multiple ClusterCIDRs.
* Change ClusterCIDRConfig.NodeSelector type in api
* Fix review comments for API
* Update ClusterCIDRConfig API Spec
Introduce PerNodeHostBits field, remove PerNodeMaskSize
Kubernetes-commit: b9792a9daef4d978c5c30b6d10cbcdfa77a9b6ac
