k3s
k3s copied to clipboard
k3s-io
Upstream or remove Kubernetes patches
Is your feature request related to a problem? Please describe. Audit of our k8s patch set and work to reduce that. Enumerates each change, what it does, and why it is needed.
Additional context rancher/k3s#548
Generated from:
cd ~/go/src/github.com/kubernetes/kubernetes
K8S=v1.22.2; git log --name-only --reverse --pretty=format:'* **[`%h`](https://github.com/k3s-io/kubernetes/commit/%H) %s**%n by %an <%ae> on `%as`%n %n%w(,2,2)%b' ${K8S}-k3s1~1...${K8S} | sed -E 's|^[[:alnum:]]+.*| * `&`|'
Changes
-
0bc428a57b8kubelet: new cgroup driver: "none" by Akihiro Suda [email protected] on2019-06-02The "none" driver is used for running "rootless" mode on a host that does not support cgroup v2.
This commit is specific to Usernetes and isn't going to be proposed to the Kubernetes upstream. So, there is no FeatureFlag for gating this driver.
Signed-off-by: Akihiro Suda [email protected]
cmd/kubelet/app/options/options.gocmd/kubelet/app/server.gopkg/kubelet/apis/config/types.gopkg/kubelet/cm/cgroup_manager_linux.go
-
018a084aaa8Drop client-go cloud auth by Darren Shepherd [email protected] on2019-09-05cmd/kubectl/kubectl.gopkg/kubeapiserver/authenticator/config.go
-
094c8c4758cDrop storage plugins by Darren Shepherd [email protected] on2019-09-05cmd/kube-controller-manager/app/plugins.gocmd/kubelet/app/plugins.go
-
96b01267556Drop credential providers by Darren Shepherd [email protected] on2019-09-05cmd/kubelet/app/options/globalflags.go
-
f5b3ff458c7If you can't set hashsize on nf_conntrack don't fail by Darren Shepherd [email protected] on2018-10-05cmd/kube-proxy/app/conntrack.go
-
ac21553e5a5only use the resolved name if port was zero by Darren Shepherd [email protected] on2018-12-31pkg/kubelet/cri/streaming/server.go
-
7b0c45ae378Make kubelet.sock path changable by Darren Shepherd [email protected] on2019-01-09staging/src/k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1/constants.go
-
039ffbb1cbfWait for kube-apiserver for 2 minutes for slow (ARM) systems by Darren Shepherd [email protected] on2019-01-22cmd/kube-controller-manager/app/controllermanager.go
-
91eb20a1943Don't check for cpuset cgroup, not always required? by Darren Shepherd [email protected] on2019-01-22pkg/kubelet/cm/container_manager_linux.go
-
3ec6171e307Set all sources so node+agent in the same process doesn't get restricted by Darren Shepherd [email protected] on2019-02-07cmd/kube-apiserver/app/server.go
-
38b8e7ff661Hide deprecated warnings by Darren Shepherd [email protected] on2019-02-07cmd/kubelet/app/options/options.gostaging/src/k8s.io/apiserver/pkg/server/options/deprecated_insecure_serving.go
-
5e319e3a223Add ability to disable proxy hostname check by Darren Shepherd [email protected] on2019-02-07pkg/proxy/util/utils.go
-
f5172425969Cache loopback cert in the certs dir if set by Darren Shepherd [email protected] on2019-02-07staging/src/k8s.io/apiserver/pkg/server/options/serving_with_loopback.go
-
cdb18d010ccDon't ever select the flannel bridge or cni bridge by Darren Shepherd [email protected] on2019-02-07staging/src/k8s.io/apimachinery/pkg/util/net/interface.go
-
32b7b2050e1Update kubernetes service on start for port changes by Erik Wilson [email protected] on2019-06-21pkg/controlplane/controller.go
-
ec39217a8e5Add WrappedRoundTripper() to tokenSourceTransport by Darren Shepherd [email protected] on2019-02-27staging/src/k8s.io/client-go/transport/token_source.go
-
29d1cbd8bb0Add stopCh to apiserver & context to kublet commands by Darren Shepherd [email protected] on2019-08-26cmd/genkubedocs/gen_kube_docs.gocmd/genman/gen_kube_man.gocmd/kube-apiserver/apiserver.gocmd/kube-apiserver/app/server.gocmd/kubelet/app/server.gocmd/kubelet/kubelet.go
-
5cbb88fd4c8Allow override of kubeconfig dialer by Darren Shepherd [email protected] on2018-10-09cmd/kube-apiserver/app/server.go
-
22f3ec25de3Notify startup to grab a hold of handler and authenticator by Darren Shepherd [email protected] on2019-09-18cmd/kube-apiserver/app/server.go
-
4759b2b71cbIgnore proxy settings for kubelet client by Erik Wilson [email protected] on2019-04-15Proxy settings may interfere with a kubelet client communicating with the API server, so set the proxy to nil.
cmd/kube-apiserver/app/server.gopkg/kubelet/client/kubelet_client.go
-
cb65816a90fAllow override of "kubernetes" endpoint port by Darren Shepherd [email protected] on2018-10-08staging/src/k8s.io/apiserver/pkg/server/config.gostaging/src/k8s.io/apiserver/pkg/server/options/serving.go
-
f8fe3d4256bDon't check etcd if scheme is unix by Darren Shepherd [email protected] on2019-08-28pkg/registry/core/rest/storage_core.go
-
39523fdeb00Fix CSI initialization conflict by Darren Shepherd [email protected] on2019-08-30CSI is used by both the kubelet and kube-controller-manager. Both components will initialize the csiPlugin with different VolumeHost objects. The csiPlugin will then assign a global variable for the node info manager. It is then possible that the kubelet gets the credentials of the kube-controller-manager and that will cause CSI to fail.
pkg/volume/csi/csi_plugin.go
-
df45a2cbc63Fix inconsistent etcd read by Darren Shepherd [email protected] on2019-11-18staging/src/k8s.io/apiserver/pkg/storage/etcd3/store.go
-
921e7df2305Add openapi generator by Darren Shepherd [email protected] on2019-08-27pkg/generated/openapi/gen/main.go
-
cb4f3b09912Add tag.sh script by Darren Shepherd [email protected] on2019-08-27tag.sh
-
c4ebe1924cbAdd Vagrantfile by Erik Wilson [email protected] on2019-09-19Vagrantfile
I ended up here as searched about k3s + rooless stuff so FYI that there is already PR open to upstream rootless patches https://github.com/kubernetes/kubernetes/pull/92863
@erikwilson are there things here that could get into k8s 1.22? Is there a better place to look at how the upstreaming efforts are going on?
@erikwilson are there things here that could get into k8s 1.22? Is there a better place to look at how the upstreaming efforts are going on?
This is probably as good a place to discuss any, prior to moving to a KEP or simple PR.
Hey @dims - thanks for asking about this.
We'll work through this list in the next couple weeks to see what if anything can be moved forward in the 1.22 timeframe. Balanced against other obligations, that is somewhat tight, so we might be looking further out for bigger changes.
Is there anything in particular that you are looking for or just interested in this generally?
232effd3d57 kubelet/cm: ignore sysctl error when running in userns 125fe9d9a5c kube-proxy: allow running in userns c0d770b90bf kubelet: new feature gate: Rootless
Merged in v1.22 (feature gate was renamed to KubeletInUserNamespace)
https://github.com/kubernetes/kubernetes/pull/92863/commits
We'll be dropping a few patches in 1.22, as discussed over at https://github.com/k3s-io/k3s/issues/3596#issuecomment-876173892.
@AkihiroSuda for the CgroupNone patch, do you think we should drop that as well? I believe the effect of that would be to require delegated cgroupv2 under systemd for rootless, which means not being able to run rootless K3s from the command line?
for the CgroupNone patch, do you think we should drop that as well?
Yes, not sure it should be in 1.22 or 1.23, though.
I believe the effect of that would be to require delegated cgroupv2 under systemd for rootless, which means not being able to run rootless K3s from the command line?
systemd-run --user -p Delegate=yes --tty k3s server --rootless can continue to work.
https://github.com/k3s-io/k3s/blob/238dc2086e94a06b2e625bd46473ec24ba67eb86/k3s-rootless.service#L28
I'm hijacking the first comment to start running down the current (as of 1.22.2) list of patches we're carrying. @dims would you be interested in going over these with me at some point to discuss which ones you think we might be able to adapt for inclusion upstream?
why yes of course @brandond . i can't speak for all the sigs for sure and we will need to go through regular process(es) here, but yes happy to chat!
no, this is an ongoing effort. We still require a handful of the above-listed patches to embed Kubernetes in K3s.