bump docker version 25.x.x & compatible code change

2025-08-17 14:27:01 +00:00 · 2025-05-09 13:54:31 +05:30 · 2025-05-09 13:54:31 +05:30 · 75f3569eb9
commit 75f3569eb9
parent 5756a3837a
7 changed files with 177 additions and 1062 deletions
--- a/dind/dind.go
+++ b/dind/dind.go
@ -123,8 +123,12 @@ func RmoveDindContainer(ctx context.Context, dindAddress string) error {
 	}

 	timeout := 2 * time.Minute
-	if err := cli.ContainerStop(ctx, containerName, &timeout); err != nil {
-		return fmt.Errorf("Failed to stop dind container [%s] on host [%s]: %v", containerName, cli.DaemonHost(), err)
+	timeoutSeconds := int(timeout.Seconds())
+
+	if err := cli.ContainerStop(ctx, containerName, container.StopOptions{
+		Timeout: &timeoutSeconds,
+	}); err != nil {
+		return fmt.Errorf("failed to stop dind container [%s] on host [%s]: %v", containerName, cli.DaemonHost(), err)
 	}

 	logrus.Infof("waiting 1 minute before removing container [%s] on host [%s]", containerName, cli.DaemonHost())
@ -137,7 +141,7 @@ func RmoveDindContainer(ctx context.Context, dindAddress string) error {
 			logrus.Debugf("[remove/%s] Container doesn't exist on host [%s]", containerName, cli.DaemonHost())
 			return nil
 		}
-		return fmt.Errorf("Failed to remove dind container [%s] on host [%s]: %v", containerName, cli.DaemonHost(), err)
+		return fmt.Errorf("failed to remove dind container [%s] on host [%s]: %v", containerName, cli.DaemonHost(), err)
 	}
 	logrus.Infof("[%s] Successfully Removed dind container [%s] on host [%s]", DINDPlane, containerName, cli.DaemonHost())
 	return nil
--- a/docker/docker.go
+++ b/docker/docker.go
@ -18,6 +18,7 @@ import (
 	ref "github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/pkg/stdcopy"
 	"github.com/rancher/rke/log"
@ -46,10 +47,12 @@ type dockerConfig struct {
 	CredHelpers map[string]string     `json:"credHelpers,omitempty"`
 }

-type authConfig types.AuthConfig
+type authConfig registry.AuthConfig

 func DoRunContainer(ctx context.Context, dClient *client.Client, imageCfg *container.Config, hostCfg *container.HostConfig,
 	containerName string, hostname string, plane string, prsMap map[string]v3.PrivateRegistry) error {
+	cli, err := client.NewClientWithOpts(client.WithVersion("25.0.8"))
+
 	if dClient == nil {
 		return fmt.Errorf("[%s] Failed to run container: docker client is nil for container [%s] on host [%s]",
 			plane, containerName, hostname)
@ -63,6 +66,7 @@ func DoRunContainer(ctx context.Context, dClient *client.Client, imageCfg *conta
 			return fmt.Errorf("Failed to pull image [%s] on host [%s]: %v", imageCfg.Image, hostname, err)
 		}
 		_, err := CreateContainer(ctx, dClient, hostname, containerName, imageCfg, hostCfg)
+		cli.ContainerCreate(ctx, imageCfg, hostCfg, nil, nil, containerName)
 		if err != nil {
 			return fmt.Errorf("Failed to create [%s] container on host [%s]: %v", containerName, hostname, err)
 		}
@ -381,11 +385,16 @@ func RestartContainer(ctx context.Context, dClient *client.Client, hostname, con
 		return fmt.Errorf("Failed to restart container: docker client is nil for container [%s] on host [%s]", containerName, hostname)
 	}
 	var err error
-	restartTimeout := RestartTimeout * time.Second
-	// Retry up to RetryCount times to see if image exists
+
+	// convert duration to int seconds
+	timeoutSeconds := int(RestartTimeout)
+	stopOpts := container.StopOptions{
+		Timeout: &timeoutSeconds,
+	}
+
 	for i := 1; i <= RetryCount; i++ {
 		logrus.Infof("Restarting container [%s] on host [%s], try #%d", containerName, hostname, i)
-		err = dClient.ContainerRestart(ctx, containerName, &restartTimeout)
+		err = dClient.ContainerRestart(ctx, containerName, stopOpts)
 		if err != nil {
 			logrus.Warningf("Can't restart Docker container [%s] for host [%s]: %v", containerName, hostname, err)
 			continue
@ -400,11 +409,15 @@ func StopContainer(ctx context.Context, dClient *client.Client, hostname string,
 	}
 	var err error
 	// define the stop timeout
-	stopTimeoutDuration := StopTimeout * time.Second
+	timeoutSeconds := int(StopTimeout)
+	stopOpts := container.StopOptions{
+		Timeout: &timeoutSeconds,
+	}
+
 	// Retry up to RetryCount times to see if image exists
 	for i := 1; i <= RetryCount; i++ {
-		logrus.Infof("Stopping container [%s] on host [%s] with stopTimeoutDuration [%s], try #%d", containerName, hostname, stopTimeoutDuration, i)
-		err = dClient.ContainerStop(ctx, containerName, &stopTimeoutDuration)
+		logrus.Infof("Stopping container [%s] on host [%s] with stopTimeoutDuration [%s], try #%d", containerName, hostname, timeoutSeconds, i)
+		err = dClient.ContainerStop(ctx, containerName, stopOpts)
 		if err != nil {
 			logrus.Warningf("Can't stop Docker container [%s] for host [%s]: %v", containerName, hostname, err)
 			continue
@ -453,11 +466,11 @@ func StartContainer(ctx context.Context, dClient *client.Client, hostname string
 	return err
 }

-func CreateContainer(ctx context.Context, dClient *client.Client, hostname string, containerName string, imageCfg *container.Config, hostCfg *container.HostConfig) (container.ContainerCreateCreatedBody, error) {
+func CreateContainer(ctx context.Context, dClient *client.Client, hostname string, containerName string, imageCfg *container.Config, hostCfg *container.HostConfig) (container.CreateResponse, error) {
 	if dClient == nil {
-		return container.ContainerCreateCreatedBody{}, fmt.Errorf("Failed to create container: docker client is nil for container [%s] on host [%s]", containerName, hostname)
+		return container.CreateResponse{}, fmt.Errorf("Failed to create container: docker client is nil for container [%s] on host [%s]", containerName, hostname)
 	}
-	var created container.ContainerCreateCreatedBody
+	var created container.CreateResponse
 	var err error
 	// Retry up to RetryCount times to see if image exists
 	for i := 1; i <= RetryCount; i++ {
@ -468,7 +481,7 @@ func CreateContainer(ctx context.Context, dClient *client.Client, hostname strin
 		}
 		return created, nil
 	}
-	return container.ContainerCreateCreatedBody{}, fmt.Errorf("Failed to create Docker container [%s] on host [%s]: %v", containerName, hostname, err)
+	return container.CreateResponse{}, fmt.Errorf("Failed to create Docker container [%s] on host [%s]: %v", containerName, hostname, err)
 }

 func InspectContainer(ctx context.Context, dClient *client.Client, hostname string, containerName string) (types.ContainerJSON, error) {
@ -696,7 +709,7 @@ func tryRegistryAuth(pr v3.PrivateRegistry) types.RequestPrivilegeFunc {
 }

 func getRegistryAuth(pr v3.PrivateRegistry) (string, error) {
-	var authConfig types.AuthConfig
+	var authConfig registry.AuthConfig
 	var err error
 	if len(pr.User) == 0 && len(pr.Password) == 0 && pr.ECRCredentialPlugin != nil {
 		authConfig, err = util.ECRCredentialPlugin(pr.ECRCredentialPlugin, pr.URL)
@ -704,7 +717,7 @@ func getRegistryAuth(pr v3.PrivateRegistry) (string, error) {
 			return "", err
 		}
 	} else {
-		authConfig = types.AuthConfig{
+		authConfig = registry.AuthConfig{
 			Username: pr.User,
 			Password: pr.Password,
 		}
--- a/go.mod
+++ b/go.mod
@ -5,6 +5,7 @@ go 1.23.0
 toolchain go1.23.6

 replace (
+	github.com/docker/docker => github.com/docker/docker v25.0.8+incompatible
 	github.com/knative/pkg => github.com/rancher/pkg v0.0.0-20190514055449-b30ab9de040e
 	// Replace some k8s modules with specific versions to get rid of the "unknown revision v0.0.0" error caused by the k8s.io/kubernetes module
 	// Upstream Issue: https://github.com/kubernetes/kubernetes/issues/79384
@ -30,24 +31,24 @@ require (
 	github.com/aws/aws-sdk-go v1.38.65
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/coreos/go-semver v0.3.1
-	github.com/docker/distribution v2.8.2+incompatible
-	github.com/docker/docker v20.10.25+incompatible
+	github.com/docker/distribution v2.8.3+incompatible
+	github.com/docker/docker v27.3.1+incompatible
 	github.com/docker/go-connections v0.4.0
 	github.com/ghodss/yaml v1.0.0
 	github.com/go-bindata/go-bindata v3.1.2+incompatible
-	github.com/go-ini/ini v1.37.0
+	github.com/go-ini/ini v1.67.0
 	github.com/mattn/go-colorable v0.1.8
 	github.com/mcuadros/go-version v0.0.0-20180611085657-6d5863ca60fa
 	github.com/pkg/errors v0.9.1
 	github.com/rancher/norman v0.5.2
 	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.10.0
-	github.com/urfave/cli v1.22.14
+	github.com/urfave/cli v1.22.15
 	go.etcd.io/etcd/client/v2 v2.305.16
 	go.etcd.io/etcd/client/v3 v3.5.16
-	golang.org/x/crypto v0.33.0
-	golang.org/x/sync v0.11.0
-	google.golang.org/grpc v1.65.0
+	golang.org/x/crypto v0.36.0
+	golang.org/x/sync v0.13.0
+	google.golang.org/grpc v1.71.0
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.32.1
 	k8s.io/apimachinery v0.32.1
@ -62,40 +63,42 @@ require (
 )

 require (
+	github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.1.1 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/Microsoft/hcsshim v0.9.10 // indirect
+	github.com/Microsoft/hcsshim v0.13.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
-	github.com/containerd/cgroups v1.1.0 // indirect
-	github.com/containerd/containerd v1.6.27 // indirect
+	github.com/containerd/containerd v1.7.27 // indirect
+	github.com/containerd/log v0.1.0 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/distribution/reference v0.6.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.0.1 // indirect
 	github.com/google/gnostic-models v0.6.9 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/gopherjs/gopherjs v0.0.0-20191106031601-ce3c9ade29de // indirect
 	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/huandu/xstrings v1.3.1 // indirect
@ -104,26 +107,27 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.9 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mitchellh/copystructure v1.0.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/reflectwalk v1.0.0 // indirect
+	github.com/moby/patternmatcher v0.6.0 // indirect
 	github.com/moby/spdystream v0.5.0 // indirect
-	github.com/moby/sys/mount v0.2.0 // indirect
-	github.com/moby/sys/mountinfo v0.7.2 // indirect
+	github.com/moby/sys/sequential v0.6.0 // indirect
 	github.com/moby/sys/user v0.3.0 // indirect
+	github.com/moby/sys/userns v0.1.0 // indirect
 	github.com/moby/term v0.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
-	github.com/opencontainers/runc v1.2.1 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_golang v1.20.5 // indirect
@ -134,34 +138,37 @@ require (
 	github.com/rancher/wrangler/v3 v3.2.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/shopspring/decimal v1.2.0 // indirect
-	github.com/smartystreets/assertions v1.0.1 // indirect
 	github.com/spf13/cast v1.3.1 // indirect
 	github.com/spf13/cobra v1.8.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
-	go.etcd.io/etcd/api/v3 v3.5.16 // indirect
-	go.etcd.io/etcd/client/pkg/v3 v3.5.16 // indirect
-	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/otel v1.28.0 // indirect
-	go.opentelemetry.io/otel/trace v1.28.0 // indirect
+	go.etcd.io/etcd/api/v3 v3.5.21 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.5.21 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
+	go.opentelemetry.io/otel v1.35.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 // indirect
+	go.opentelemetry.io/otel/metric v1.35.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.35.0 // indirect
+	go.opentelemetry.io/otel/trace v1.35.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/mod v0.23.0 // indirect
-	golang.org/x/net v0.35.0 // indirect
-	golang.org/x/oauth2 v0.23.0 // indirect
-	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/term v0.29.0 // indirect
-	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/net v0.38.0 // indirect
+	golang.org/x/oauth2 v0.25.0 // indirect
+	golang.org/x/sys v0.32.0 // indirect
+	golang.org/x/term v0.30.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
 	golang.org/x/time v0.7.0 // indirect
 	golang.org/x/tools v0.30.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 // indirect
-	google.golang.org/protobuf v1.35.2 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	gotest.tools/v3 v3.5.2 // indirect
 	k8s.io/cli-runtime v0.32.1 // indirect
 	k8s.io/component-base v0.32.1 // indirect
 	k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9 // indirect
--- a/go.sum
+++ b/go.sum
--- a/services/etcd.go
+++ b/services/etcd.go
@ -454,9 +454,14 @@ func RunEtcdSnapshotSave(ctx context.Context, etcdHost *hosts.Host, prsMap map[s
 	if es.BackupConfig != nil {
 		imageCfg = configS3BackupImgCmd(ctx, imageCfg, es.BackupConfig)
 	}
+	restartPolicyMode := container.RestartPolicyMode(restartPolicy)
+	if restartPolicyMode == "" {
+		restartPolicyMode = container.RestartPolicyAlways
+	}
+
 	hostCfg := &container.HostConfig{
 		NetworkMode:   container.NetworkMode("host"),
-		RestartPolicy: container.RestartPolicy{Name: restartPolicy},
+		RestartPolicy: container.RestartPolicy{Name: restartPolicyMode},
 	}

 	binds := []string{
--- a/services/services.go
+++ b/services/services.go
@ -125,7 +125,12 @@ func GetProcessConfig(process v3.Process, host *hosts.Host, k8sVersion string) (
 		PortBindings: portBindings,
 	}
 	if len(process.RestartPolicy) > 0 {
-		hostCfg.RestartPolicy = container.RestartPolicy{Name: process.RestartPolicy}
+		restartPolicyMode := container.RestartPolicyMode(process.RestartPolicy)
+		if restartPolicyMode == "" {
+			restartPolicyMode = container.RestartPolicyAlways
+		}
+
+		hostCfg.RestartPolicy = container.RestartPolicy{Name: restartPolicyMode}
 	}
 	// The MCS label only needs to be applied when container is not running privileged, and running privileged negates need for applying the label
 	// If Docker is configured with selinux-enabled:true, we need to specify MCS label to allow files from service-sidekick to be shared between containers
--- a/util/ecr.go
+++ b/util/ecr.go
@ -12,7 +12,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/ecr"
-	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/registry"
 	v3 "github.com/rancher/rke/types"
 )

@ -21,7 +21,7 @@ const proxyEndpointScheme = "https://"
 var ecrPattern = regexp.MustCompile(`(^[a-zA-Z0-9][a-zA-Z0-9-_]*)\.dkr\.ecr(\-fips)?\.([a-zA-Z0-9][a-zA-Z0-9-_]*)\.amazonaws\.com(\.cn)?`)

 // ECRCredentialPlugin is a wrapper to generate ECR token using the AWS Credentials
-func ECRCredentialPlugin(plugin *v3.ECRCredentialPlugin, pr string) (authConfig types.AuthConfig, err error) {
+func ECRCredentialPlugin(plugin *v3.ECRCredentialPlugin, pr string) (authConfig registry.AuthConfig, err error) {
 	if plugin == nil {
 		err = fmt.Errorf("ECRCredentialPlugin: ECRCredentialPlugin called with nil plugin data")
 		return authConfig, err
@ -78,7 +78,7 @@ func ECRCredentialPlugin(plugin *v3.ECRCredentialPlugin, pr string) (authConfig
 	return authConfig, err
 }

-func extractToken(token string) (authConfig types.AuthConfig, err error) {
+func extractToken(token string) (authConfig registry.AuthConfig, err error) {
 	decodedToken, err := base64.StdEncoding.DecodeString(token)
 	if err != nil {
 		return authConfig, fmt.Errorf("Invalid token: %v", err)
@ -89,7 +89,7 @@ func extractToken(token string) (authConfig types.AuthConfig, err error) {
 		return authConfig, fmt.Errorf("Invalid token: expected two parts, got %d", len(parts))
 	}

-	authConfig = types.AuthConfig{
+	authConfig = registry.AuthConfig{
 		Username: parts[0],
 		Password: parts[1],
 	}