Update go dependencies

vendor/k8s.io/kubernetes/pkg/kubelet/apis/BUILD

@@ -10,8 +10,20 @@ go_library(
     srcs = [
         "well_known_annotations.go",
         "well_known_labels.go",
-    ],
+    ] + select({
+        "@io_bazel_rules_go//go/platform:windows": [
+            "well_known_annotations_windows.go",
+        ],
+        "//conditions:default": [],
+    }),
     importpath = "k8s.io/kubernetes/pkg/kubelet/apis",
+    deps = select({
+        "@io_bazel_rules_go//go/platform:windows": [
+            "//pkg/features:go_default_library",
+            "//vendor/k8s.io/apiserver/pkg/util/feature:go_default_library",
+        ],
+        "//conditions:default": [],
+    }),
 )
 
 filegroup(
@@ -27,6 +39,7 @@ filegroup(
         ":package-srcs",
         "//pkg/kubelet/apis/cri:all-srcs",
         "//pkg/kubelet/apis/deviceplugin/v1alpha:all-srcs",
+        "//pkg/kubelet/apis/deviceplugin/v1beta1:all-srcs",
         "//pkg/kubelet/apis/kubeletconfig:all-srcs",
         "//pkg/kubelet/apis/stats/v1alpha1:all-srcs",
     ],

vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/BUILD

@@ -9,7 +9,7 @@ go_library(
     name = "go_default_library",
     srcs = ["services.go"],
     importpath = "k8s.io/kubernetes/pkg/kubelet/apis/cri",
-    deps = ["//pkg/kubelet/apis/cri/v1alpha1/runtime:go_default_library"],
+    deps = ["//pkg/kubelet/apis/cri/runtime/v1alpha2:go_default_library"],
 )
 
 filegroup(
@@ -23,8 +23,8 @@ filegroup(
     name = "all-srcs",
     srcs = [
         ":package-srcs",
+        "//pkg/kubelet/apis/cri/runtime/v1alpha2:all-srcs",
         "//pkg/kubelet/apis/cri/testing:all-srcs",
-        "//pkg/kubelet/apis/cri/v1alpha1/runtime:all-srcs",
     ],
     tags = ["automanaged"],
 )

vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/runtime/v1alpha2/BUILD

@@ -11,7 +11,7 @@ go_library(
         "api.pb.go",
         "constants.go",
     ],
-    importpath = "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime",
+    importpath = "k8s.io/kubernetes/pkg/kubelet/apis/cri/runtime/v1alpha2",
     deps = [
         "//vendor/github.com/gogo/protobuf/gogoproto:go_default_library",
         "//vendor/github.com/gogo/protobuf/proto:go_default_library",
@@ -37,5 +37,4 @@ filegroup(
 filegroup(
     name = "go_default_library_protos",
     srcs = ["api.proto"],
-    visibility = ["//visibility:public"],
 )

vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/runtime/v1alpha2/api.proto

@@ -1,7 +1,8 @@
 // To regenerate api.pb.go run hack/update-generated-runtime.sh
 syntax = 'proto3';
 
-package runtime;
+package runtime.v1alpha2;
+option go_package = "v1alpha2";
 
 import "github.com/gogo/protobuf/gogoproto/gogo.proto";
 
@@ -63,6 +64,12 @@ service RuntimeService {
     rpc ContainerStatus(ContainerStatusRequest) returns (ContainerStatusResponse) {}
     // UpdateContainerResources updates ContainerConfig of the container.
     rpc UpdateContainerResources(UpdateContainerResourcesRequest) returns (UpdateContainerResourcesResponse) {}
+    // ReopenContainerLog asks runtime to reopen the stdout/stderr log file
+    // for the container. This is often called after the log file has been
+    // rotated. If the container is not running, container runtime can choose
+    // to either create a new log file and return nil, or return an error.
+    // Once it returns error, new container log file MUST NOT be created.
+    rpc ReopenContainerLog(ReopenContainerLogRequest) returns (ReopenContainerLogResponse) {}
 
     // ExecSync runs a command in a container synchronously.
     rpc ExecSync(ExecSyncRequest) returns (ExecSyncResponse) {}
@@ -174,14 +181,39 @@ message Mount {
     MountPropagation propagation = 5;
 }
 
+// A NamespaceMode describes the intended namespace configuration for each
+// of the namespaces (Network, PID, IPC) in NamespaceOption. Runtimes should
+// map these modes as appropriate for the technology underlying the runtime.
+enum NamespaceMode {
+    // A POD namespace is common to all containers in a pod.
+    // For example, a container with a PID namespace of POD expects to view
+    // all of the processes in all of the containers in the pod.
+    POD       = 0;
+    // A CONTAINER namespace is restricted to a single container.
+    // For example, a container with a PID namespace of CONTAINER expects to
+    // view only the processes in that container.
+    CONTAINER = 1;
+    // A NODE namespace is the namespace of the Kubernetes node.
+    // For example, a container with a PID namespace of NODE expects to view
+    // all of the processes on the host running the kubelet.
+    NODE      = 2;
+}
+
 // NamespaceOption provides options for Linux namespaces.
 message NamespaceOption {
-    // If set, use the host's network namespace.
-    bool host_network = 1;
-    // If set, use the host's PID namespace.
-    bool host_pid = 2;
-    // If set, use the host's IPC namespace.
-    bool host_ipc = 3;
+    // Network namespace for this container/sandbox.
+    // Note: There is currently no way to set CONTAINER scoped network in the Kubernetes API.
+    // Namespaces currently set by the kubelet: POD, NODE
+    NamespaceMode network = 1;
+    // PID namespace for this container/sandbox.
+    // Note: The CRI default is POD, but the v1.PodSpec default is CONTAINER.
+    // The kubelet's runtime manager will set this to CONTAINER explicitly for v1 pods.
+    // Namespaces currently set by the kubelet: POD, CONTAINER, NODE
+    NamespaceMode pid = 2;
+    // IPC namespace for this container/sandbox.
+    // Note: There is currently no way to set CONTAINER scoped IPC in the Kubernetes API.
+    // Namespaces currently set by the kubelet: POD, NODE
+    NamespaceMode ipc = 3;
 }
 
 // Int64Value is the wrapper of int64.
@@ -203,6 +235,8 @@ message LinuxSandboxSecurityContext {
     SELinuxOption selinux_options = 2;
     // UID to run sandbox processes as, when applicable.
     Int64Value run_as_user = 3;
+    // GID to run sandbox processes as, when applicable.
+    Int64Value run_as_group = 8;
     // If set, the root filesystem of the sandbox is read-only.
     bool readonly_rootfs = 4;
     // List of groups applied to the first process run in the sandbox, in
@@ -384,7 +418,7 @@ message PodSandboxStatus {
 message PodSandboxStatusResponse {
     // Status of the PodSandbox.
     PodSandboxStatus status = 1;
-    // Info is extra information of the PodSandbox. The key could be abitrary string, and
+    // Info is extra information of the PodSandbox. The key could be arbitrary string, and
     // value should be in json format. The information could include anything useful for
     // debug, e.g. network namespace for linux container based container runtime.
     // It should only be returned non-empty when Verbose is true.
@@ -519,6 +553,9 @@ message LinuxContainerSecurityContext {
     // UID to run the container process as. Only one of run_as_user and
     // run_as_username can be specified at a time.
     Int64Value run_as_user = 5;
+    // GID to run the container process as. Only one of run_as_group and
+    // run_as_groupname can be specified at a time.
+    Int64Value run_as_group = 12;
     // User name to run the container process as. If specified, the user MUST
     // exist in the container image (i.e. in the /etc/passwd inside the image),
     // and be resolved there by the runtime; otherwise, the runtime MUST error.
@@ -556,6 +593,26 @@ message LinuxContainerConfig {
     LinuxContainerSecurityContext security_context = 2;
 }
 
+// WindowsContainerConfig contains platform-specific configuration for
+// Windows-based containers.
+message WindowsContainerConfig {
+    // Resources specification for the container.
+    WindowsContainerResources resources = 1;
+}
+
+// WindowsContainerResources specifies Windows specific configuration for
+// resources.
+message WindowsContainerResources {
+    // CPU shares (relative weight vs. other containers). Default: 0 (not specified).
+    int64 cpu_shares = 1;
+    // Number of CPUs available to the container. Default: 0 (not specified).
+    int64 cpu_count = 2;
+    // Specifies the portion of processor cycles that this container can use as a percentage times 100.
+    int64 cpu_maximum = 3;
+    // Memory limit in bytes. Default: 0 (not specified).
+    int64 memory_limit_in_bytes = 4;
+}
+
 // ContainerMetadata holds all necessary information for building the container
 // name. The container runtime is encouraged to expose the metadata in its user
 // interface for better user experience. E.g., runtime can construct a unique
@@ -643,6 +700,8 @@ message ContainerConfig {
 
     // Configuration specific to Linux containers.
     LinuxContainerConfig linux = 15;
+   // Configuration specific to Windows containers.
+   WindowsContainerConfig windows = 16;
 }
 
 message CreateContainerRequest {
@@ -800,7 +859,7 @@ message ContainerStatus {
 message ContainerStatusResponse {
     // Status of the container.
     ContainerStatus status = 1;
-    // Info is extra information of the Container. The key could be abitrary string, and
+    // Info is extra information of the Container. The key could be arbitrary string, and
     // value should be in json format. The information could include anything useful for
     // debug, e.g. pid for linux container based container runtime.
     // It should only be returned non-empty when Verbose is true.
@@ -941,7 +1000,7 @@ message ImageStatusRequest {
 message ImageStatusResponse {
     // Status of the image.
     Image image = 1;
-    // Info is extra information of the Image. The key could be abitrary string, and
+    // Info is extra information of the Image. The key could be arbitrary string, and
     // value should be in json format. The information could include anything useful
     // for debug, e.g. image config for oci image based container runtime.
     // It should only be returned non-empty when Verbose is true.
@@ -1036,7 +1095,7 @@ message StatusRequest {
 message StatusResponse {
     // Status of the Runtime.
     RuntimeStatus status = 1;
-    // Info is extra information of the Runtime. The key could be abitrary string, and
+    // Info is extra information of the Runtime. The key could be arbitrary string, and
     // value should be in json format. The information could include anything useful for
     // debug, e.g. plugins used by the container runtime.
     // It should only be returned non-empty when Verbose is true.
@@ -1051,18 +1110,18 @@ message UInt64Value {
     uint64 value = 1;
 }
 
-// StorageIdentifier uniquely identify the storage..
-message StorageIdentifier{
-    // UUID of the device.
-    string uuid = 1;
+// FilesystemIdentifier uniquely identify the filesystem.
+message FilesystemIdentifier{
+    // Mountpoint of a filesystem.
+    string mountpoint = 1;
 }
 
 // FilesystemUsage provides the filesystem usage information.
 message FilesystemUsage {
     // Timestamp in nanoseconds at which the information were collected. Must be > 0.
     int64 timestamp = 1;
-    // The underlying storage of the filesystem.
-    StorageIdentifier storage_id = 2;
+    // The unique identifier of the filesystem.
+    FilesystemIdentifier fs_id = 2;
     // UsedBytes represents the bytes used for images on the filesystem.
     // This may differ from the total bytes used on the filesystem and may not
     // equal CapacityBytes - AvailableBytes.
@@ -1153,3 +1212,11 @@ message MemoryUsage {
     // The amount of working set memory in bytes.
     UInt64Value working_set_bytes = 2;
 }
+
+message ReopenContainerLogRequest {
+    // ID of the container for which to reopen the log.
+    string container_id = 1;
+}
+
+message ReopenContainerLogResponse{
+}

vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/runtime/v1alpha2/constants.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package runtime
+package v1alpha2
 
 // This file contains all constants defined in CRI.
 
@@ -38,7 +38,7 @@ const (
 
 // LogTag is the tag of a log line in CRI container log.
 // Currently defined log tags:
-// * First tag: Partial/End - P/E.
+// * First tag: Partial/Full - P/F.
 // The field in the container log format can be extended to include multiple
 // tags by using a delimiter, but changes should be rare. If it becomes clear
 // that better extensibility is desired, a more extensible format (e.g., json)

vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/services.go

@@ -19,7 +19,7 @@ package cri
 import (
 	"time"
 
-	runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime"
+	runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/runtime/v1alpha2"
 )
 
 // RuntimeVersioner contains methods for runtime name, version and API version.
@@ -52,6 +52,10 @@ type ContainerManager interface {
 	Exec(*runtimeapi.ExecRequest) (*runtimeapi.ExecResponse, error)
 	// Attach prepares a streaming endpoint to attach to a running container, and returns the address.
 	Attach(req *runtimeapi.AttachRequest) (*runtimeapi.AttachResponse, error)
+	// ReopenContainerLog asks runtime to reopen the stdout/stderr log file
+	// for the container. If it returns error, new container log file MUST NOT
+	// be created.
+	ReopenContainerLog(ContainerID string) error
 }
 
 // PodSandboxManager contains methods for operating on PodSandboxes. The methods
@@ -74,7 +78,7 @@ type PodSandboxManager interface {
 	PortForward(*runtimeapi.PortForwardRequest) (*runtimeapi.PortForwardResponse, error)
 }
 
-// ContainerStatsManager contains methods for retriving the container
+// ContainerStatsManager contains methods for retrieving the container
 // statistics.
 type ContainerStatsManager interface {
 	// ContainerStats returns stats of the container. If the container does not

vendor/k8s.io/kubernetes/pkg/kubelet/apis/well_known_annotations_windows.go

@@ -0,0 +1,41 @@
+// +build windows
+
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package apis
+
+import (
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
+	"k8s.io/kubernetes/pkg/features"
+)
+
+const (
+	// HypervIsolationAnnotationKey and HypervIsolationValue are used to run windows containers with hyperv isolation.
+	// Refer https://aka.ms/hyperv-container.
+	HypervIsolationAnnotationKey = "experimental.windows.kubernetes.io/isolation-type"
+	HypervIsolationValue         = "hyperv"
+)
+
+// ShouldIsolatedByHyperV returns true if a windows container should be run with hyperv isolation.
+func ShouldIsolatedByHyperV(annotations map[string]string) bool {
+	if !utilfeature.DefaultFeatureGate.Enabled(features.HyperVContainer) {
+		return false
+	}
+
+	v, ok := annotations[HypervIsolationAnnotationKey]
+	return ok && v == HypervIsolationValue
+}