* [meta-virtualization][PATCH] kubernetes: Backport CVE fixes
@ 2020-04-29 17:49 sakib.sajal
2020-04-29 19:28 ` Bruce Ashfield
0 siblings, 1 reply; 4+ messages in thread
From: sakib.sajal @ 2020-04-29 17:49 UTC (permalink / raw)
To: meta-virtualization
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="y", Size: 95755 bytes --]
CVE: CVE-2020-8551
- 0db7074e1ad237af1a513bdf51160bf4b4cdc9f1
- 9802bfcec0580169cffce2a3d468689a407fa7dc
- c394d821fdafd719619eb63fcd1065a95ec02ef9
CVE: CVE-2020-8552
- cc3190968b1f14ddf4067abef849fc41bd6068dc
CVE: CVE-2019-11254
- a290fe55cb2f4593eb4ec5bf410cd77b9d925464
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
...-to-fix-kubelet-metrics-memory-issue.patch | 313 +++++++
...dd-new-endpoint-for-resource-metrics.patch | 440 ++++++++++
.../0001-Deal-with-auto-generated-files.patch | 60 ++
...bel-from-apiserver-request-count-met.patch | 171 ++++
...01-update-gopkg.in-yaml.v2-to-v2.2.8.patch | 825 ++++++++++++++++++
.../kubernetes/kubernetes_git.bb | 5 +
6 files changed, 1814 insertions(+)
create mode 100644 recipes-containers/kubernetes/kubernetes/0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch
create mode 100644 recipes-containers/kubernetes/kubernetes/0001-Add-new-endpoint-for-resource-metrics.patch
create mode 100644 recipes-containers/kubernetes/kubernetes/0001-Deal-with-auto-generated-files.patch
create mode 100644 recipes-containers/kubernetes/kubernetes/0001-remove-client-label-from-apiserver-request-count-met.patch
create mode 100644 recipes-containers/kubernetes/kubernetes/0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch
diff --git a/recipes-containers/kubernetes/kubernetes/0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch b/recipes-containers/kubernetes/kubernetes/0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch
new file mode 100644
index 0000000..5369f04
--- /dev/null
+++ b/recipes-containers/kubernetes/kubernetes/0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch
@@ -0,0 +1,313 @@
+From 0bf092ccc5fccb06b13afe5da86286a856d96770 Mon Sep 17 00:00:00 2001
+From: Walter Fender <wfender@google.com>
+Date: Thu, 6 Feb 2020 19:10:18 -0800
+Subject: [PATCH] Add code to fix kubelet/metrics memory issue.
+
+Bucketing url paths based on concept/handling.
+Bucketing code placed by handling code to encourage usage.
+Added unit tests.
+Fix format.
+
+Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/87913/commits/9802bfcec0580169cffce2a3d468689a407fa7dc]
+CVE: CVE-2020-8551
+
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ pkg/kubelet/server/server.go | 57 ++++++++++++++++++++++++++++---
+ pkg/kubelet/server/server_test.go | 54 ++++++++++++++++++++++++++++-
+ 2 files changed, 106 insertions(+), 5 deletions(-)
+
+diff --git a/src/import/pkg/kubelet/server/server.go b/src/import/pkg/kubelet/server/server.go
+index 0f953c92502..05c1dc9c701 100644
+--- a/src/import/pkg/kubelet/server/server.go
++++ b/src/import/pkg/kubelet/server/server.go
+@@ -89,6 +89,7 @@ type Server struct {
+ auth AuthInterface
+ host HostInterface
+ restfulCont containerInterface
++ metricsBuckets map[string]bool
+ resourceAnalyzer stats.ResourceAnalyzer
+ redirectContainerStreaming bool
+ }
+@@ -225,6 +226,7 @@ func NewServer(
+ resourceAnalyzer: resourceAnalyzer,
+ auth: auth,
+ restfulCont: &filteringContainer{Container: restful.NewContainer()},
++ metricsBuckets: make(map[string]bool),
+ redirectContainerStreaming: redirectContainerStreaming,
+ }
+ if auth != nil {
+@@ -280,14 +282,32 @@ func (s *Server) InstallAuthFilter() {
+ })
+ }
+
++// addMetricsBucketMatcher adds a regexp matcher and the relevant bucket to use when
++// it matches. Please be aware this is not thread safe and should not be used dynamically
++func (s *Server) addMetricsBucketMatcher(bucket string) {
++ s.metricsBuckets[bucket] = true
++}
++
++// getMetricBucket find the appropriate metrics reporting bucket for the given path
++func (s *Server) getMetricBucket(path string) string {
++ root := getURLRootPath(path)
++ if s.metricsBuckets[root] == true {
++ return root
++ }
++ return "Invalid path"
++}
++
+ // InstallDefaultHandlers registers the default set of supported HTTP request
+ // patterns with the restful Container.
+ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
++ s.addMetricsBucketMatcher("healthz")
+ healthz.InstallHandler(s.restfulCont,
+ healthz.PingHealthz,
+ healthz.LogHealthz,
+ healthz.NamedCheck("syncloop", s.syncLoopHealthCheck),
+ )
++
++ s.addMetricsBucketMatcher("pods")
+ ws := new(restful.WebService)
+ ws.
+ Path("/pods").
+@@ -297,7 +317,14 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
+ Operation("getPods"))
+ s.restfulCont.Add(ws)
+
++ s.addMetricsBucketMatcher("stats")
+ s.restfulCont.Add(stats.CreateHandlers(statsPath, s.host, s.resourceAnalyzer, enableCAdvisorJSONEndpoints))
++
++ s.addMetricsBucketMatcher("metrics")
++ s.addMetricsBucketMatcher("metrics/cadvisor")
++ s.addMetricsBucketMatcher("metrics/probes")
++ s.addMetricsBucketMatcher("metrics/resource/v1alpha1")
++ s.addMetricsBucketMatcher("metrics/resource")
+ //lint:ignore SA1019 https://github.com/kubernetes/enhancements/issues/1206
+ s.restfulCont.Handle(metricsPath, legacyregistry.Handler())
+
+@@ -320,12 +347,15 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
+ compbasemetrics.HandlerFor(r, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
+ )
+
++ // deprecated endpoint which will be removed in release 1.20.0+.
++ s.addMetricsBucketMatcher("metrics/resource/v1alpha1")
+ v1alpha1ResourceRegistry := compbasemetrics.NewKubeRegistry()
+ v1alpha1ResourceRegistry.CustomMustRegister(stats.NewPrometheusResourceMetricCollector(s.resourceAnalyzer, v1alpha1.Config()))
+ s.restfulCont.Handle(path.Join(resourceMetricsPath, v1alpha1.Version),
+ compbasemetrics.HandlerFor(v1alpha1ResourceRegistry, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
+ )
+
++ s.addMetricsBucketMatcher("metrics/resource")
+ resourceRegistry := compbasemetrics.NewKubeRegistry()
+ resourceRegistry.CustomMustRegister(collectors.NewResourceMetricsCollector(s.resourceAnalyzer))
+ s.restfulCont.Handle(resourceMetricsPath,
+@@ -334,6 +364,7 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
+
+ // prober metrics are exposed under a different endpoint
+
++ s.addMetricsBucketMatcher("metrics/probes")
+ p := compbasemetrics.NewKubeRegistry()
+ compbasemetrics.RegisterProcessStartTime(p.RawRegister)
+ p.MustRegister(prober.ProberResults)
+@@ -341,6 +372,7 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
+ compbasemetrics.HandlerFor(p, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
+ )
+
++ s.addMetricsBucketMatcher("spec")
+ if enableCAdvisorJSONEndpoints {
+ ws := new(restful.WebService)
+ ws.
+@@ -360,6 +392,7 @@ const pprofBasePath = "/debug/pprof/"
+ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
+ klog.Infof("Adding debug handlers to kubelet server.")
+
++ s.addMetricsBucketMatcher("run")
+ ws := new(restful.WebService)
+ ws.
+ Path("/run")
+@@ -371,6 +404,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
+ Operation("getRun"))
+ s.restfulCont.Add(ws)
+
++ s.addMetricsBucketMatcher("exec")
+ ws = new(restful.WebService)
+ ws.
+ Path("/exec")
+@@ -388,6 +422,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
+ Operation("getExec"))
+ s.restfulCont.Add(ws)
+
++ s.addMetricsBucketMatcher("attach")
+ ws = new(restful.WebService)
+ ws.
+ Path("/attach")
+@@ -405,6 +440,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
+ Operation("getAttach"))
+ s.restfulCont.Add(ws)
+
++ s.addMetricsBucketMatcher("portForward")
+ ws = new(restful.WebService)
+ ws.
+ Path("/portForward")
+@@ -422,6 +458,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
+ Operation("getPortForward"))
+ s.restfulCont.Add(ws)
+
++ s.addMetricsBucketMatcher("logs")
+ ws = new(restful.WebService)
+ ws.
+ Path(logsPath)
+@@ -434,6 +471,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
+ Param(ws.PathParameter("logpath", "path to the log").DataType("string")))
+ s.restfulCont.Add(ws)
+
++ s.addMetricsBucketMatcher("containerLogs")
+ ws = new(restful.WebService)
+ ws.
+ Path("/containerLogs")
+@@ -442,8 +480,10 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
+ Operation("getContainerLogs"))
+ s.restfulCont.Add(ws)
+
++ s.addMetricsBucketMatcher("configz")
+ configz.InstallHandler(s.restfulCont)
+
++ s.addMetricsBucketMatcher("debug")
+ handlePprofEndpoint := func(req *restful.Request, resp *restful.Response) {
+ name := strings.TrimPrefix(req.Request.URL.Path, pprofBasePath)
+ switch name {
+@@ -459,7 +499,6 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
+ pprof.Index(resp, req.Request)
+ }
+ }
+-
+ // Setup pprof handlers.
+ ws = new(restful.WebService).Path(pprofBasePath)
+ ws.Route(ws.GET("/{subpath:*}").To(func(req *restful.Request, resp *restful.Response) {
+@@ -472,6 +511,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
+ s.restfulCont.Handle("/debug/flags/v", routes.StringFlagPutHandler(logs.GlogSetter))
+
+ // The /runningpods endpoint is used for testing only.
++ s.addMetricsBucketMatcher("runningpods")
+ ws = new(restful.WebService)
+ ws.
+ Path("/runningpods/").
+@@ -481,6 +521,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
+ Operation("getRunningPods"))
+ s.restfulCont.Add(ws)
+
++ s.addMetricsBucketMatcher("cri")
+ if criHandler != nil {
+ s.restfulCont.Handle("/cri/", criHandler)
+ }
+@@ -492,6 +533,14 @@ func (s *Server) InstallDebuggingDisabledHandlers() {
+ http.Error(w, "Debug endpoints are disabled.", http.StatusMethodNotAllowed)
+ })
+
++ s.addMetricsBucketMatcher("run")
++ s.addMetricsBucketMatcher("exec")
++ s.addMetricsBucketMatcher("attach")
++ s.addMetricsBucketMatcher("portForward")
++ s.addMetricsBucketMatcher("containerLogs")
++ s.addMetricsBucketMatcher("runningpods")
++ s.addMetricsBucketMatcher("pprof")
++ s.addMetricsBucketMatcher("logs")
+ paths := []string{
+ "/run/", "/exec/", "/attach/", "/portForward/", "/containerLogs/",
+ "/runningpods/", pprofBasePath, logsPath}
+@@ -808,10 +857,10 @@ func (s *Server) getPortForward(request *restful.Request, response *restful.Resp
+ proxyStream(response.ResponseWriter, request.Request, url)
+ }
+
+-// trimURLPath trims a URL path.
++// getURLRootPath trims a URL path.
+ // For paths in the format of "/metrics/xxx", "metrics/xxx" is returned;
+ // For all other paths, the first part of the path is returned.
+-func trimURLPath(path string) string {
++func getURLRootPath(path string) string {
+ parts := strings.SplitN(strings.TrimPrefix(path, "/"), "/", 3)
+ if len(parts) == 0 {
+ return path
+@@ -859,7 +908,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+ serverType = "readwrite"
+ }
+
+- method, path := req.Method, trimURLPath(req.URL.Path)
++ method, path := req.Method, s.getMetricBucket(req.URL.Path)
+
+ longRunning := strconv.FormatBool(isLongRunningRequest(path))
+
+diff --git a/src/import/pkg/kubelet/server/server_test.go b/src/import/pkg/kubelet/server/server_test.go
+index eba788b50ea..5e6a1cc0588 100644
+--- a/src/import/pkg/kubelet/server/server_test.go
++++ b/src/import/pkg/kubelet/server/server_test.go
+@@ -1460,6 +1460,58 @@ func TestCRIHandler(t *testing.T) {
+ assert.Equal(t, query, fw.criHandler.RequestReceived.URL.RawQuery)
+ }
+
++func TestMetricBuckets(t *testing.T) {
++ tests := map[string]struct {
++ url string
++ bucket string
++ }{
++ "healthz endpoint": {url: "/healthz", bucket: "healthz"},
++ "attach": {url: "/attach/podNamespace/podID/containerName", bucket: "attach"},
++ "attach with uid": {url: "/attach/podNamespace/podID/uid/containerName", bucket: "attach"},
++ "configz": {url: "/configz", bucket: "configz"},
++ "containerLogs": {url: "/containerLogs/podNamespace/podID/containerName", bucket: "containerLogs"},
++ "cri": {url: "/cri/", bucket: "cri"},
++ "cri with sub": {url: "/cri/foo", bucket: "cri"},
++ "debug v flags": {url: "/debug/flags/v", bucket: "debug"},
++ "pprof with sub": {url: "/debug/pprof/subpath", bucket: "debug"},
++ "exec": {url: "/exec/podNamespace/podID/containerName", bucket: "exec"},
++ "exec with uid": {url: "/exec/podNamespace/podID/uid/containerName", bucket: "exec"},
++ "healthz": {url: "/healthz/", bucket: "healthz"},
++ "healthz log sub": {url: "/healthz/log", bucket: "healthz"},
++ "healthz ping": {url: "/healthz/ping", bucket: "healthz"},
++ "healthz sync loop": {url: "/healthz/syncloop", bucket: "healthz"},
++ "logs": {url: "/logs/", bucket: "logs"},
++ "logs with path": {url: "/logs/logpath", bucket: "logs"},
++ "metrics": {url: "/metrics", bucket: "metrics"},
++ "metrics cadvisor sub": {url: "/metrics/cadvisor", bucket: "metrics/cadvisor"},
++ "metrics probes sub": {url: "/metrics/probes", bucket: "metrics/probes"},
++ "metrics resource v1alpha1": {url: "/metrics/resource/v1alpha1", bucket: "metrics/resource"},
++ "metrics resource sub": {url: "/metrics/resource", bucket: "metrics/resource"},
++ "pods": {url: "/pods/", bucket: "pods"},
++ "portForward": {url: "/portForward/podNamespace/podID", bucket: "portForward"},
++ "portForward with uid": {url: "/portForward/podNamespace/podID/uid", bucket: "portForward"},
++ "run": {url: "/run/podNamespace/podID/containerName", bucket: "run"},
++ "run with uid": {url: "/run/podNamespace/podID/uid/containerName", bucket: "run"},
++ "runningpods": {url: "/runningpods/", bucket: "runningpods"},
++ "spec": {url: "/spec/", bucket: "spec"},
++ "stats": {url: "/stats/", bucket: "stats"},
++ "stats container sub": {url: "/stats/container", bucket: "stats"},
++ "stats summary sub": {url: "/stats/summary", bucket: "stats"},
++ "stats containerName with uid": {url: "/stats/namespace/podName/uid/containerName", bucket: "stats"},
++ "stats containerName": {url: "/stats/podName/containerName", bucket: "stats"},
++ "invalid path": {url: "/junk", bucket: "Invalid path"},
++ "invalid path starting with good": {url: "/healthzjunk", bucket: "Invalid path"},
++ }
++ fw := newServerTest()
++ defer fw.testHTTPServer.Close()
++
++ for _, test := range tests {
++ path := test.url
++ bucket := test.bucket
++ require.Equal(t, fw.serverUnderTest.getMetricBucket(path), bucket)
++ }
++}
++
+ func TestDebuggingDisabledHandlers(t *testing.T) {
+ fw := newServerTestWithDebug(false, false, nil)
+ defer fw.testHTTPServer.Close()
+@@ -1533,6 +1585,6 @@ func TestTrimURLPath(t *testing.T) {
+ }
+
+ for _, test := range tests {
+- assert.Equal(t, test.expected, trimURLPath(test.path), fmt.Sprintf("path is: %s", test.path))
++ assert.Equal(t, test.expected, getURLRootPath(test.path), fmt.Sprintf("path is: %s", test.path))
+ }
+ }
+--
+2.17.1
+
diff --git a/recipes-containers/kubernetes/kubernetes/0001-Add-new-endpoint-for-resource-metrics.patch b/recipes-containers/kubernetes/kubernetes/0001-Add-new-endpoint-for-resource-metrics.patch
new file mode 100644
index 0000000..82e5fc6
--- /dev/null
+++ b/recipes-containers/kubernetes/kubernetes/0001-Add-new-endpoint-for-resource-metrics.patch
@@ -0,0 +1,440 @@
+From 0db7074e1ad237af1a513bdf51160bf4b4cdc9f1 Mon Sep 17 00:00:00 2001
+From: RainbowMango <renhongcai@huawei.com>
+Date: Sun, 15 Dec 2019 17:06:13 +0800
+Subject: [PATCH] Add new endpoint for resource metrics.
+
+This commit is required for context to fix CVE-2020-8551.
+
+Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/86282/commits/0db7074e1ad237af1a513bdf51160bf4b4cdc9f1]
+CVE: CVE-2020-8551
+
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ .../metrics/collectors/resource_metrics.go | 153 ++++++++++++++
+ .../collectors/resource_metrics_test.go | 189 ++++++++++++++++++
+ pkg/kubelet/server/auth_test.go | 1 +
+ pkg/kubelet/server/server.go | 23 ++-
+ 4 files changed, 358 insertions(+), 8 deletions(-)
+ create mode 100644 pkg/kubelet/metrics/collectors/resource_metrics.go
+ create mode 100644 pkg/kubelet/metrics/collectors/resource_metrics_test.go
+
+diff --git a/src/import/pkg/kubelet/metrics/collectors/resource_metrics.go b/src/import/pkg/kubelet/metrics/collectors/resource_metrics.go
+new file mode 100644
+index 00000000000..a3667127903
+--- /dev/null
++++ b/src/import/pkg/kubelet/metrics/collectors/resource_metrics.go
+@@ -0,0 +1,153 @@
++/*
++Copyright 2019 The Kubernetes Authors.
++
++Licensed under the Apache License, Version 2.0 (the "License");
++you may not use this file except in compliance with the License.
++You may obtain a copy of the License at
++
++ http://www.apache.org/licenses/LICENSE-2.0
++
++Unless required by applicable law or agreed to in writing, software
++distributed under the License is distributed on an "AS IS" BASIS,
++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++See the License for the specific language governing permissions and
++limitations under the License.
++*/
++
++package collectors
++
++import (
++ "time"
++
++ "k8s.io/component-base/metrics"
++ "k8s.io/klog"
++ summary "k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1"
++ "k8s.io/kubernetes/pkg/kubelet/server/stats"
++)
++
++var (
++ nodeCPUUsageDesc = metrics.NewDesc("node_cpu_usage_seconds",
++ "Cumulative cpu time consumed by the node in core-seconds",
++ nil,
++ nil,
++ metrics.ALPHA,
++ "")
++
++ nodeMemoryUsageDesc = metrics.NewDesc("node_memory_working_set_bytes",
++ "Current working set of the node in bytes",
++ nil,
++ nil,
++ metrics.ALPHA,
++ "")
++
++ containerCPUUsageDesc = metrics.NewDesc("container_cpu_usage_seconds",
++ "Cumulative cpu time consumed by the container in core-seconds",
++ []string{"container", "pod", "namespace"},
++ nil,
++ metrics.ALPHA,
++ "")
++
++ containerMemoryUsageDesc = metrics.NewDesc("container_memory_working_set_bytes",
++ "Current working set of the container in bytes",
++ []string{"container", "pod", "namespace"},
++ nil,
++ metrics.ALPHA,
++ "")
++
++ resouceScrapeResultDesc = metrics.NewDesc("scrape_error",
++ "1 if there was an error while getting container metrics, 0 otherwise",
++ nil,
++ nil,
++ metrics.ALPHA,
++ "")
++)
++
++// NewResourceMetricsCollector returns a metrics.StableCollector which exports resource metrics
++func NewResourceMetricsCollector(provider stats.SummaryProvider) metrics.StableCollector {
++ return &resourceMetricsCollector{
++ provider: provider,
++ }
++}
++
++type resourceMetricsCollector struct {
++ metrics.BaseStableCollector
++
++ provider stats.SummaryProvider
++}
++
++// Check if resourceMetricsCollector implements necessary interface
++var _ metrics.StableCollector = &resourceMetricsCollector{}
++
++// DescribeWithStability implements metrics.StableCollector
++func (rc *resourceMetricsCollector) DescribeWithStability(ch chan<- *metrics.Desc) {
++ ch <- nodeCPUUsageDesc
++ ch <- nodeMemoryUsageDesc
++ ch <- containerCPUUsageDesc
++ ch <- containerMemoryUsageDesc
++ ch <- resouceScrapeResultDesc
++}
++
++// CollectWithStability implements metrics.StableCollector
++// Since new containers are frequently created and removed, using the Gauge would
++// leak metric collectors for containers or pods that no longer exist. Instead, implement
++// custom collector in a way that only collects metrics for active containers.
++func (rc *resourceMetricsCollector) CollectWithStability(ch chan<- metrics.Metric) {
++ var errorCount float64
++ defer func() {
++ ch <- metrics.NewLazyConstMetric(resouceScrapeResultDesc, metrics.GaugeValue, errorCount)
++ }()
++ statsSummary, err := rc.provider.GetCPUAndMemoryStats()
++ if err != nil {
++ errorCount = 1
++ klog.Warningf("Error getting summary for resourceMetric prometheus endpoint: %v", err)
++ return
++ }
++
++ rc.collectNodeCPUMetrics(ch, statsSummary.Node)
++ rc.collectNodeMemoryMetrics(ch, statsSummary.Node)
++
++ for _, pod := range statsSummary.Pods {
++ for _, container := range pod.Containers {
++ rc.collectContainerCPUMetrics(ch, pod, container)
++ rc.collectContainerMemoryMetrics(ch, pod, container)
++ }
++ }
++}
++
++func (rc *resourceMetricsCollector) collectNodeCPUMetrics(ch chan<- metrics.Metric, s summary.NodeStats) {
++ if s.CPU == nil {
++ return
++ }
++
++ ch <- metrics.NewLazyMetricWithTimestamp(s.CPU.Time.Time,
++ metrics.NewLazyConstMetric(nodeCPUUsageDesc, metrics.GaugeValue, float64(*s.CPU.UsageCoreNanoSeconds)/float64(time.Second)))
++}
++
++func (rc *resourceMetricsCollector) collectNodeMemoryMetrics(ch chan<- metrics.Metric, s summary.NodeStats) {
++ if s.Memory == nil {
++ return
++ }
++
++ ch <- metrics.NewLazyMetricWithTimestamp(s.Memory.Time.Time,
++ metrics.NewLazyConstMetric(nodeMemoryUsageDesc, metrics.GaugeValue, float64(*s.Memory.WorkingSetBytes)))
++}
++
++func (rc *resourceMetricsCollector) collectContainerCPUMetrics(ch chan<- metrics.Metric, pod summary.PodStats, s summary.ContainerStats) {
++ if s.CPU == nil {
++ return
++ }
++
++ ch <- metrics.NewLazyMetricWithTimestamp(s.CPU.Time.Time,
++ metrics.NewLazyConstMetric(containerCPUUsageDesc, metrics.GaugeValue,
++ float64(*s.CPU.UsageCoreNanoSeconds)/float64(time.Second), s.Name, pod.PodRef.Name, pod.PodRef.Namespace))
++}
++
++func (rc *resourceMetricsCollector) collectContainerMemoryMetrics(ch chan<- metrics.Metric, pod summary.PodStats, s summary.ContainerStats) {
++ if s.Memory == nil {
++ return
++ }
++
++ ch <- metrics.NewLazyMetricWithTimestamp(s.Memory.Time.Time,
++ metrics.NewLazyConstMetric(containerMemoryUsageDesc, metrics.GaugeValue,
++ float64(*s.Memory.WorkingSetBytes), s.Name, pod.PodRef.Name, pod.PodRef.Namespace))
++}
+diff --git a/src/import/pkg/kubelet/metrics/collectors/resource_metrics_test.go b/src/import/pkg/kubelet/metrics/collectors/resource_metrics_test.go
+new file mode 100644
+index 00000000000..b92aabbd675
+--- /dev/null
++++ b/src/import/pkg/kubelet/metrics/collectors/resource_metrics_test.go
+@@ -0,0 +1,189 @@
++/*
++Copyright 2019 The Kubernetes Authors.
++
++Licensed under the Apache License, Version 2.0 (the "License");
++you may not use this file except in compliance with the License.
++You may obtain a copy of the License at
++
++ http://www.apache.org/licenses/LICENSE-2.0
++
++Unless required by applicable law or agreed to in writing, software
++distributed under the License is distributed on an "AS IS" BASIS,
++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++See the License for the specific language governing permissions and
++limitations under the License.
++*/
++
++package collectors
++
++import (
++ "fmt"
++ "strings"
++ "testing"
++ "time"
++
++ "github.com/stretchr/testify/mock"
++
++ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
++ "k8s.io/component-base/metrics/testutil"
++ statsapi "k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1"
++)
++
++type mockSummaryProvider struct {
++ mock.Mock
++}
++
++func (m *mockSummaryProvider) Get(updateStats bool) (*statsapi.Summary, error) {
++ args := m.Called(updateStats)
++ return args.Get(0).(*statsapi.Summary), args.Error(1)
++}
++
++func (m *mockSummaryProvider) GetCPUAndMemoryStats() (*statsapi.Summary, error) {
++ args := m.Called()
++ return args.Get(0).(*statsapi.Summary), args.Error(1)
++}
++
++func TestCollectResourceMetrics(t *testing.T) {
++ testTime := metav1.NewTime(time.Unix(2, 0)) // a static timestamp: 2000
++ interestedMetrics := []string{
++ "scrape_error",
++ "node_cpu_usage_seconds",
++ "node_memory_working_set_bytes",
++ "container_cpu_usage_seconds",
++ "container_memory_working_set_bytes",
++ }
++
++ tests := []struct {
++ name string
++ summary *statsapi.Summary
++ summaryErr error
++ expectedMetrics string
++ }{
++ {
++ name: "error getting summary",
++ summary: nil,
++ summaryErr: fmt.Errorf("failed to get summary"),
++ expectedMetrics: `
++ # HELP scrape_error [ALPHA] 1 if there was an error while getting container metrics, 0 otherwise
++ # TYPE scrape_error gauge
++ scrape_error 1
++ `,
++ },
++ {
++ name: "arbitrary node metrics",
++ summary: &statsapi.Summary{
++ Node: statsapi.NodeStats{
++ CPU: &statsapi.CPUStats{
++ Time: testTime,
++ UsageCoreNanoSeconds: uint64Ptr(10000000000),
++ },
++ Memory: &statsapi.MemoryStats{
++ Time: testTime,
++ WorkingSetBytes: uint64Ptr(1000),
++ },
++ },
++ },
++ summaryErr: nil,
++ expectedMetrics: `
++ # HELP node_cpu_usage_seconds [ALPHA] Cumulative cpu time consumed by the node in core-seconds
++ # TYPE node_cpu_usage_seconds gauge
++ node_cpu_usage_seconds 10 2000
++ # HELP node_memory_working_set_bytes [ALPHA] Current working set of the node in bytes
++ # TYPE node_memory_working_set_bytes gauge
++ node_memory_working_set_bytes 1000 2000
++ # HELP scrape_error [ALPHA] 1 if there was an error while getting container metrics, 0 otherwise
++ # TYPE scrape_error gauge
++ scrape_error 0
++ `,
++ },
++ {
++ name: "arbitrary container metrics for different container, pods and namespaces",
++ summary: &statsapi.Summary{
++ Pods: []statsapi.PodStats{
++ {
++ PodRef: statsapi.PodReference{
++ Name: "pod_a",
++ Namespace: "namespace_a",
++ },
++ Containers: []statsapi.ContainerStats{
++ {
++ Name: "container_a",
++ CPU: &statsapi.CPUStats{
++ Time: testTime,
++ UsageCoreNanoSeconds: uint64Ptr(10000000000),
++ },
++ Memory: &statsapi.MemoryStats{
++ Time: testTime,
++ WorkingSetBytes: uint64Ptr(1000),
++ },
++ },
++ {
++ Name: "container_b",
++ CPU: &statsapi.CPUStats{
++ Time: testTime,
++ UsageCoreNanoSeconds: uint64Ptr(10000000000),
++ },
++ Memory: &statsapi.MemoryStats{
++ Time: testTime,
++ WorkingSetBytes: uint64Ptr(1000),
++ },
++ },
++ },
++ },
++ {
++ PodRef: statsapi.PodReference{
++ Name: "pod_b",
++ Namespace: "namespace_b",
++ },
++ Containers: []statsapi.ContainerStats{
++ {
++ Name: "container_a",
++ CPU: &statsapi.CPUStats{
++ Time: testTime,
++ UsageCoreNanoSeconds: uint64Ptr(10000000000),
++ },
++ Memory: &statsapi.MemoryStats{
++ Time: testTime,
++ WorkingSetBytes: uint64Ptr(1000),
++ },
++ },
++ },
++ },
++ },
++ },
++ summaryErr: nil,
++ expectedMetrics: `
++ # HELP scrape_error [ALPHA] 1 if there was an error while getting container metrics, 0 otherwise
++ # TYPE scrape_error gauge
++ scrape_error 0
++ # HELP container_cpu_usage_seconds [ALPHA] Cumulative cpu time consumed by the container in core-seconds
++ # TYPE container_cpu_usage_seconds gauge
++ container_cpu_usage_seconds{container="container_a",namespace="namespace_a",pod="pod_a"} 10 2000
++ container_cpu_usage_seconds{container="container_a",namespace="namespace_b",pod="pod_b"} 10 2000
++ container_cpu_usage_seconds{container="container_b",namespace="namespace_a",pod="pod_a"} 10 2000
++ # HELP container_memory_working_set_bytes [ALPHA] Current working set of the container in bytes
++ # TYPE container_memory_working_set_bytes gauge
++ container_memory_working_set_bytes{container="container_a",namespace="namespace_a",pod="pod_a"} 1000 2000
++ container_memory_working_set_bytes{container="container_a",namespace="namespace_b",pod="pod_b"} 1000 2000
++ container_memory_working_set_bytes{container="container_b",namespace="namespace_a",pod="pod_a"} 1000 2000
++ `,
++ },
++ }
++
++ for _, test := range tests {
++ tc := test
++ t.Run(tc.name, func(t *testing.T) {
++ provider := &mockSummaryProvider{}
++ provider.On("GetCPUAndMemoryStats").Return(tc.summary, tc.summaryErr)
++ collector := NewResourceMetricsCollector(provider)
++
++ if err := testutil.CustomCollectAndCompare(collector, strings.NewReader(tc.expectedMetrics), interestedMetrics...); err != nil {
++ t.Fatal(err)
++ }
++ })
++ }
++}
++
++func uint64Ptr(u uint64) *uint64 {
++ return &u
++}
+diff --git a/src/import/pkg/kubelet/server/auth_test.go b/src/import/pkg/kubelet/server/auth_test.go
+index d598bc3892b..638f3ba2bf0 100644
+--- a/src/import/pkg/kubelet/server/auth_test.go
++++ b/src/import/pkg/kubelet/server/auth_test.go
+@@ -128,6 +128,7 @@ func AuthzTestCases() []AuthzTestCase {
+ "/metrics/cadvisor": "metrics",
+ "/metrics/probes": "metrics",
+ "/metrics/resource/v1alpha1": "metrics",
++ "/metrics/resource": "metrics",
+ "/pods/": "proxy",
+ "/portForward/{podNamespace}/{podID}": "proxy",
+ "/portForward/{podNamespace}/{podID}/{uid}": "proxy",
+diff --git a/src/import/pkg/kubelet/server/server.go b/src/import/pkg/kubelet/server/server.go
+index 87f3bd28a25..74eeaf10171 100644
+--- a/src/import/pkg/kubelet/server/server.go
++++ b/src/import/pkg/kubelet/server/server.go
+@@ -38,6 +38,7 @@ import (
+ "github.com/google/cadvisor/metrics"
+ "google.golang.org/grpc"
+ "k8s.io/klog"
++ "k8s.io/kubernetes/pkg/kubelet/metrics/collectors"
+
+ "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+@@ -74,13 +75,13 @@ import (
+ )
+
+ const (
+- metricsPath = "/metrics"
+- cadvisorMetricsPath = "/metrics/cadvisor"
+- resourceMetricsPathPrefix = "/metrics/resource"
+- proberMetricsPath = "/metrics/probes"
+- specPath = "/spec/"
+- statsPath = "/stats/"
+- logsPath = "/logs/"
++ metricsPath = "/metrics"
++ cadvisorMetricsPath = "/metrics/cadvisor"
++ resourceMetricsPath = "/metrics/resource"
++ proberMetricsPath = "/metrics/probes"
++ specPath = "/spec/"
++ statsPath = "/stats/"
++ logsPath = "/logs/"
+ )
+
+ // Server is a http.Handler which exposes kubelet functionality over HTTP.
+@@ -321,10 +322,16 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
+
+ v1alpha1ResourceRegistry := compbasemetrics.NewKubeRegistry()
+ v1alpha1ResourceRegistry.CustomMustRegister(stats.NewPrometheusResourceMetricCollector(s.resourceAnalyzer, v1alpha1.Config()))
+- s.restfulCont.Handle(path.Join(resourceMetricsPathPrefix, v1alpha1.Version),
++ s.restfulCont.Handle(path.Join(resourceMetricsPath, v1alpha1.Version),
+ compbasemetrics.HandlerFor(v1alpha1ResourceRegistry, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
+ )
+
++ resourceRegistry := compbasemetrics.NewKubeRegistry()
++ resourceRegistry.CustomMustRegister(collectors.NewResourceMetricsCollector(s.resourceAnalyzer))
++ s.restfulCont.Handle(resourceMetricsPath,
++ compbasemetrics.HandlerFor(resourceRegistry, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
++ )
++
+ // prober metrics are exposed under a different endpoint
+
+ p := compbasemetrics.NewKubeRegistry()
+--
+2.20.1
+
diff --git a/recipes-containers/kubernetes/kubernetes/0001-Deal-with-auto-generated-files.patch b/recipes-containers/kubernetes/kubernetes/0001-Deal-with-auto-generated-files.patch
new file mode 100644
index 0000000..f7a5c7c
--- /dev/null
+++ b/recipes-containers/kubernetes/kubernetes/0001-Deal-with-auto-generated-files.patch
@@ -0,0 +1,60 @@
+From c394d821fdafd719619eb63fcd1065a95ec02ef9 Mon Sep 17 00:00:00 2001
+From: RainbowMango <renhongcai@huawei.com>
+Date: Sun, 15 Dec 2019 18:37:38 +0800
+Subject: [PATCH] Deal with auto-generated files: - Update bazel by
+ hack/update-bazel.sh
+
+This commit is needed for context to fix CVE-2020-8551
+
+Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/86282/commits/c394d821fdafd719619eb63fcd1065a95ec02ef9]
+CVE: CVE-2020-8551
+
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ pkg/kubelet/metrics/collectors/BUILD | 3 +++
+ pkg/kubelet/server/BUILD | 1 +
+ 2 files changed, 4 insertions(+)
+
+diff --git a/src/import/pkg/kubelet/metrics/collectors/BUILD b/src/import/pkg/kubelet/metrics/collectors/BUILD
+index 00bc335320f..25398793eab 100644
+--- a/src/import/pkg/kubelet/metrics/collectors/BUILD
++++ b/src/import/pkg/kubelet/metrics/collectors/BUILD
+@@ -4,6 +4,7 @@ go_library(
+ name = "go_default_library",
+ srcs = [
+ "log_metrics.go",
++ "resource_metrics.go",
+ "volume_stats.go",
+ ],
+ importpath = "k8s.io/kubernetes/pkg/kubelet/metrics/collectors",
+@@ -22,6 +23,7 @@ go_test(
+ name = "go_default_test",
+ srcs = [
+ "log_metrics_test.go",
++ "resource_metrics_test.go",
+ "volume_stats_test.go",
+ ],
+ embed = [":go_default_library"],
+@@ -30,6 +32,7 @@ go_test(
+ "//pkg/kubelet/server/stats/testing:go_default_library",
+ "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+ "//staging/src/k8s.io/component-base/metrics/testutil:go_default_library",
++ "//vendor/github.com/stretchr/testify/mock:go_default_library",
+ ],
+ )
+
+diff --git a/src/import/pkg/kubelet/server/BUILD b/src/import/pkg/kubelet/server/BUILD
+index d83619fcbe5..a18f1b5e83b 100644
+--- a/src/import/pkg/kubelet/server/BUILD
++++ b/src/import/pkg/kubelet/server/BUILD
+@@ -22,6 +22,7 @@ go_library(
+ "//pkg/kubelet/apis/podresources/v1alpha1:go_default_library",
+ "//pkg/kubelet/apis/resourcemetrics/v1alpha1:go_default_library",
+ "//pkg/kubelet/container:go_default_library",
++ "//pkg/kubelet/metrics/collectors:go_default_library",
+ "//pkg/kubelet/prober:go_default_library",
+ "//pkg/kubelet/server/metrics:go_default_library",
+ "//pkg/kubelet/server/portforward:go_default_library",
+--
+2.20.1
+
diff --git a/recipes-containers/kubernetes/kubernetes/0001-remove-client-label-from-apiserver-request-count-met.patch b/recipes-containers/kubernetes/kubernetes/0001-remove-client-label-from-apiserver-request-count-met.patch
new file mode 100644
index 0000000..d4bf783
--- /dev/null
+++ b/recipes-containers/kubernetes/kubernetes/0001-remove-client-label-from-apiserver-request-count-met.patch
@@ -0,0 +1,171 @@
+From a657089732c0bd5d4515fb9208182c31c6c05790 Mon Sep 17 00:00:00 2001
+From: Han Kang <hankang@google.com>
+Date: Wed, 29 Jan 2020 12:25:55 -0800
+Subject: [PATCH] remove client label from apiserver request count metric since
+ it is unbounded
+
+Change-Id: I3a9eacebc9d9dc9ed6347260d9378cdcb5743431
+
+Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/87669/commits/cc3190968b1f14ddf4067abef849fc41bd6068dc]
+CVE: CVE-2020-8552
+
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ .../apiserver/pkg/endpoints/metrics/BUILD | 8 ---
+ .../pkg/endpoints/metrics/metrics.go | 23 ++------
+ .../pkg/endpoints/metrics/metrics_test.go | 54 -------------------
+ 3 files changed, 4 insertions(+), 81 deletions(-)
+ delete mode 100644 staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics_test.go
+
+diff --git a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD
+index 8d13a34eadc..8abb3d1a611 100644
+--- a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD
++++ b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD
+@@ -3,13 +3,6 @@ package(default_visibility = ["//visibility:public"])
+ load(
+ "@io_bazel_rules_go//go:def.bzl",
+ "go_library",
+- "go_test",
+-)
+-
+-go_test(
+- name = "go_default_test",
+- srcs = ["metrics_test.go"],
+- embed = [":go_default_library"],
+ )
+
+ go_library(
+@@ -20,7 +13,6 @@ go_library(
+ deps = [
+ "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/validation:go_default_library",
+ "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
+- "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
+ "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
+ "//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
+ "//staging/src/k8s.io/apiserver/pkg/features:go_default_library",
+diff --git a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go
+index 36ff861da7a..81a9a2c5e6f 100644
+--- a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go
++++ b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go
+@@ -31,7 +31,6 @@ import (
+
+ "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
+ "k8s.io/apimachinery/pkg/types"
+- utilnet "k8s.io/apimachinery/pkg/util/net"
+ utilsets "k8s.io/apimachinery/pkg/util/sets"
+ "k8s.io/apiserver/pkg/endpoints/request"
+ "k8s.io/apiserver/pkg/features"
+@@ -65,14 +64,14 @@ var (
+ requestCounter = compbasemetrics.NewCounterVec(
+ &compbasemetrics.CounterOpts{
+ Name: "apiserver_request_total",
+- Help: "Counter of apiserver requests broken out for each verb, dry run value, group, version, resource, scope, component, client, and HTTP response contentType and code.",
++ Help: "Counter of apiserver requests broken out for each verb, dry run value, group, version, resource, scope, component, and HTTP response contentType and code.",
+ StabilityLevel: compbasemetrics.ALPHA,
+ },
+ // The label_name contentType doesn't follow the label_name convention defined here:
+ // https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/instrumentation.md
+ // But changing it would break backwards compatibility. Future label_names
+ // should be all lowercase and separated by underscores.
+- []string{"verb", "dry_run", "group", "version", "resource", "subresource", "scope", "component", "client", "contentType", "code"},
++ []string{"verb", "dry_run", "group", "version", "resource", "subresource", "scope", "component", "contentType", "code"},
+ )
+ deprecatedRequestCounter = compbasemetrics.NewCounterVec(
+ &compbasemetrics.CounterOpts{
+@@ -301,11 +300,10 @@ func RecordLongRunning(req *http.Request, requestInfo *request.RequestInfo, comp
+ func MonitorRequest(req *http.Request, verb, group, version, resource, subresource, scope, component, contentType string, httpCode, respSize int, elapsed time.Duration) {
+ reportedVerb := cleanVerb(verb, req)
+ dryRun := cleanDryRun(req.URL)
+- client := cleanUserAgent(utilnet.GetHTTPClient(req))
+ elapsedMicroseconds := float64(elapsed / time.Microsecond)
+ elapsedSeconds := elapsed.Seconds()
+- requestCounter.WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component, client, contentType, codeToString(httpCode)).Inc()
+- deprecatedRequestCounter.WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component, client, contentType, codeToString(httpCode)).Inc()
++ requestCounter.WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component, contentType, codeToString(httpCode)).Inc()
++ deprecatedRequestCounter.WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component, contentType, codeToString(httpCode)).Inc()
+ requestLatencies.WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component).Observe(elapsedSeconds)
+ deprecatedRequestLatencies.WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component).Observe(elapsedMicroseconds)
+ deprecatedRequestLatenciesSummary.WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component).Observe(elapsedMicroseconds)
+@@ -425,19 +423,6 @@ func cleanDryRun(u *url.URL) string {
+ return strings.Join(utilsets.NewString(dryRun...).List(), ",")
+ }
+
+-func cleanUserAgent(ua string) string {
+- // We collapse all "web browser"-type user agents into one "browser" to reduce metric cardinality.
+- if strings.HasPrefix(ua, "Mozilla/") {
+- return "Browser"
+- }
+- // If an old "kubectl.exe" has passed us its full path, we discard the path portion.
+- if kubectlExeRegexp.MatchString(ua) {
+- // avoid an allocation
+- ua = kubectlExeRegexp.ReplaceAllString(ua, "$1")
+- }
+- return ua
+-}
+-
+ // ResponseWriterDelegator interface wraps http.ResponseWriter to additionally record content-length, status-code, etc.
+ type ResponseWriterDelegator struct {
+ http.ResponseWriter
+diff --git a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics_test.go b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics_test.go
+deleted file mode 100644
+index 4c0a8aa5d27..00000000000
+--- a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics_test.go
++++ /dev/null
+@@ -1,54 +0,0 @@
+-/*
+-Copyright 2015 The Kubernetes Authors.
+-
+-Licensed under the Apache License, Version 2.0 (the "License");
+-you may not use this file except in compliance with the License.
+-You may obtain a copy of the License at
+-
+- http://www.apache.org/licenses/LICENSE-2.0
+-
+-Unless required by applicable law or agreed to in writing, software
+-distributed under the License is distributed on an "AS IS" BASIS,
+-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-See the License for the specific language governing permissions and
+-limitations under the License.
+-*/
+-
+-package metrics
+-
+-import "testing"
+-
+-func TestCleanUserAgent(t *testing.T) {
+- panicBuf := []byte{198, 73, 129, 133, 90, 216, 104, 29, 13, 134, 209, 233, 30, 0, 22}
+-
+- for _, tc := range []struct {
+- In string
+- Out string
+- }{
+- {
+- In: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36",
+- Out: "Browser",
+- },
+- {
+- In: "kubectl/v1.2.4",
+- Out: "kubectl/v1.2.4",
+- },
+- {
+- In: `C:\Users\Kubernetes\kubectl.exe/v1.5.4`,
+- Out: "kubectl.exe/v1.5.4",
+- },
+- {
+- In: `C:\Program Files\kubectl.exe/v1.5.4`,
+- Out: "kubectl.exe/v1.5.4",
+- },
+- {
+- // This malicious input courtesy of enisoc.
+- In: string(panicBuf) + "kubectl.exe",
+- Out: "kubectl.exe",
+- },
+- } {
+- if cleanUserAgent(tc.In) != tc.Out {
+- t.Errorf("Failed to clean User-Agent: %s", tc.In)
+- }
+- }
+-}
+--
+2.17.1
+
diff --git a/recipes-containers/kubernetes/kubernetes/0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch b/recipes-containers/kubernetes/kubernetes/0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch
new file mode 100644
index 0000000..2688797
--- /dev/null
+++ b/recipes-containers/kubernetes/kubernetes/0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch
@@ -0,0 +1,825 @@
+From a290fe55cb2f4593eb4ec5bf410cd77b9d925464 Mon Sep 17 00:00:00 2001
+From: CJ Cullen <cjcullen@google.com>
+Date: Wed, 22 Jan 2020 11:32:39 -0800
+Subject: [PATCH] update gopkg.in/yaml.v2 to v2.2.8
+
+Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/87637/commits/a290fe55cb2f4593eb4ec5bf410cd77b9d925464]
+CVE: CVE-2019-11254
+
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ go.mod | 4 +-
+ go.sum | 4 +-
+ staging/src/k8s.io/api/go.sum | 4 +-
+ .../src/k8s.io/apiextensions-apiserver/go.mod | 2 +-
+ .../src/k8s.io/apiextensions-apiserver/go.sum | 2 +
+ staging/src/k8s.io/apimachinery/go.mod | 2 +-
+ staging/src/k8s.io/apimachinery/go.sum | 4 +-
+ staging/src/k8s.io/apiserver/go.mod | 2 +-
+ staging/src/k8s.io/apiserver/go.sum | 4 +-
+ staging/src/k8s.io/cli-runtime/go.sum | 4 +-
+ staging/src/k8s.io/client-go/go.sum | 4 +-
+ staging/src/k8s.io/cloud-provider/go.sum | 4 +-
+ staging/src/k8s.io/cluster-bootstrap/go.sum | 4 +-
+ staging/src/k8s.io/code-generator/go.mod | 2 +-
+ staging/src/k8s.io/code-generator/go.sum | 4 +-
+ staging/src/k8s.io/component-base/go.sum | 4 +-
+ staging/src/k8s.io/cri-api/go.mod | 2 +-
+ staging/src/k8s.io/cri-api/go.sum | 4 +-
+ staging/src/k8s.io/csi-translation-lib/go.sum | 4 +-
+ staging/src/k8s.io/kube-aggregator/go.sum | 4 +-
+ .../src/k8s.io/kube-controller-manager/go.sum | 4 +-
+ staging/src/k8s.io/kube-proxy/go.sum | 4 +-
+ staging/src/k8s.io/kube-scheduler/go.sum | 4 +-
+ staging/src/k8s.io/kubectl/go.mod | 2 +-
+ staging/src/k8s.io/kubectl/go.sum | 4 +-
+ staging/src/k8s.io/kubelet/go.sum | 4 +-
+ .../src/k8s.io/legacy-cloud-providers/go.sum | 4 +-
+ staging/src/k8s.io/metrics/go.sum | 4 +-
+ staging/src/k8s.io/node-api/go.sum | 4 +-
+ staging/src/k8s.io/sample-apiserver/go.sum | 4 +-
+ staging/src/k8s.io/sample-cli-plugin/go.sum | 4 +-
+ staging/src/k8s.io/sample-controller/go.sum | 4 +-
+ vendor/gopkg.in/yaml.v2/.travis.yml | 18 +--
+ vendor/gopkg.in/yaml.v2/decode.go | 14 ++-
+ vendor/gopkg.in/yaml.v2/scannerc.go | 107 +++++++++---------
+ vendor/gopkg.in/yaml.v2/yaml.go | 2 +-
+ vendor/gopkg.in/yaml.v2/yamlh.go | 1 +
+ vendor/modules.txt | 2 +-
+ 38 files changed, 133 insertions(+), 125 deletions(-)
+
+diff --git a/src/import/go.mod b/src/import/go.mod
+index 7d515c2ffb0..28de082aa0d 100644
+--- a/src/import/go.mod
++++ b/src/import/go.mod
+@@ -131,7 +131,7 @@ require (
+ google.golang.org/grpc v1.23.1
+ gopkg.in/gcfg.v1 v1.2.0
+ gopkg.in/square/go-jose.v2 v2.2.2
+- gopkg.in/yaml.v2 v2.2.4
++ gopkg.in/yaml.v2 v2.2.8
+ gotest.tools v2.2.0+incompatible
+ gotest.tools/gotestsum v0.3.5
+ honnef.co/go/tools v0.0.1-2019.2.2
+@@ -518,7 +518,7 @@ replace (
+ gopkg.in/square/go-jose.v2 => gopkg.in/square/go-jose.v2 v2.2.2
+ gopkg.in/tomb.v1 => gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
+ gopkg.in/warnings.v0 => gopkg.in/warnings.v0 v0.1.1
+- gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.2.4
++ gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.2.8
+ gotest.tools => gotest.tools v2.2.0+incompatible
+ gotest.tools/gotestsum => gotest.tools/gotestsum v0.3.5
+ grpc.go4.org => grpc.go4.org v0.0.0-20170609214715-11d0a25b4919
+diff --git a/src/import/go.sum b/src/import/go.sum
+index 72d79cb27b2..43aaee0e578 100644
+--- a/src/import/go.sum
++++ b/src/import/go.sum
+@@ -574,8 +574,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkep
+ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+ gopkg.in/warnings.v0 v0.1.1 h1:XM28wIgFzaBmeZ5dNHIpWLQpt/9DGKxk+rCg/22nnYE=
+ gopkg.in/warnings.v0 v0.1.1/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
+ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
+ gotest.tools/gotestsum v0.3.5 h1:VePOWRsuWFYpfp/G8mbmOZKxO5T3501SEGQRUdvq7h0=
+diff --git a/src/import/staging/src/k8s.io/api/go.sum b/src/importsrc/import/staging/src/k8s.io/api/go.sum
+index 08ad9edc62a..73199a7c13e 100644
+--- a/src/import/staging/src/k8s.io/api/go.sum
++++ b/src/import/staging/src/k8s.io/api/go.sum
+@@ -95,8 +95,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
+ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+ k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
+ k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
+diff --git a/src/import/staging/src/k8s.io/apiextensions-apiserver/go.mod b/src/importsrc/import/staging/src/k8s.io/apiextensions-apiserver/go.mod
+index 97014a76a68..499daf4ffa7 100644
+--- a/src/import/staging/src/k8s.io/apiextensions-apiserver/go.mod
++++ b/src/import/staging/src/k8s.io/apiextensions-apiserver/go.mod
+@@ -20,7 +20,7 @@ require (
+ github.com/stretchr/testify v1.4.0
+ go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738
+ google.golang.org/grpc v1.23.1
+- gopkg.in/yaml.v2 v2.2.4
++ gopkg.in/yaml.v2 v2.2.8
+ k8s.io/api v0.0.0
+ k8s.io/apimachinery v0.0.0
+ k8s.io/apiserver v0.0.0
+diff --git a/src/import/staging/src/k8s.io/apiextensions-apiserver/go.sum b/src/importstaging/src/k8s.io/apiextensions-apiserver/go.sum
+index 6f8bd4918ce..ef6973e4220 100644
+--- a/src/import/staging/src/k8s.io/apiextensions-apiserver/go.sum
++++ b/src/import/staging/src/k8s.io/apiextensions-apiserver/go.sum
+@@ -449,6 +449,8 @@ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+diff --git a/src/import/staging/src/k8s.io/apimachinery/go.mod b/src/importstaging/src/k8s.io/apimachinery/go.mod
+index 85bd7edfc84..569aa8941c4 100644
+--- a/src/import/staging/src/k8s.io/apimachinery/go.mod
++++ b/src/import/staging/src/k8s.io/apimachinery/go.mod
+@@ -30,7 +30,7 @@ require (
+ golang.org/x/text v0.3.2 // indirect
+ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
+ gopkg.in/inf.v0 v0.9.1
+- gopkg.in/yaml.v2 v2.2.4
++ gopkg.in/yaml.v2 v2.2.8
+ k8s.io/klog v1.0.0
+ k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a
+ sigs.k8s.io/yaml v1.1.0
+diff --git a/src/import/staging/src/k8s.io/apimachinery/go.sum b/src/importstaging/src/k8s.io/apimachinery/go.sum
+index 52ad8335f42..0741a85da3f 100644
+--- a/src/import/staging/src/k8s.io/apimachinery/go.sum
++++ b/src/import/staging/src/k8s.io/apimachinery/go.sum
+@@ -111,8 +111,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
+ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+ k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
+ k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
+diff --git a/src/import/staging/src/k8s.io/apiserver/go.mod b/src/importstaging/src/k8s.io/apiserver/go.mod
+index 01b925bab48..6586e6680cb 100644
+--- a/src/import/staging/src/k8s.io/apiserver/go.mod
++++ b/src/import/staging/src/k8s.io/apiserver/go.mod
+@@ -42,7 +42,7 @@ require (
+ google.golang.org/grpc v1.23.1
+ gopkg.in/natefinch/lumberjack.v2 v2.0.0
+ gopkg.in/square/go-jose.v2 v2.2.2
+- gopkg.in/yaml.v2 v2.2.4
++ gopkg.in/yaml.v2 v2.2.8
+ gotest.tools v2.2.0+incompatible // indirect
+ k8s.io/api v0.0.0
+ k8s.io/apimachinery v0.0.0
+diff --git a/src/import/staging/src/k8s.io/apiserver/go.sum b/src/importstaging/src/k8s.io/apiserver/go.sum
+index a9014243b34..0b216e592e4 100644
+--- a/src/import/staging/src/k8s.io/apiserver/go.sum
++++ b/src/import/staging/src/k8s.io/apiserver/go.sum
+@@ -345,8 +345,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
+ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+diff --git a/src/import/staging/src/k8s.io/cli-runtime/go.sum b/src/importstaging/src/k8s.io/cli-runtime/go.sum
+index a5eef73070b..c6c2d0d9231 100644
+--- a/src/import/staging/src/k8s.io/cli-runtime/go.sum
++++ b/src/import/staging/src/k8s.io/cli-runtime/go.sum
+@@ -234,8 +234,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+diff --git a/src/import/staging/src/k8s.io/client-go/go.sum b/src/importstaging/src/k8s.io/client-go/go.sum
+index d0df7473b3e..f8f205a69d7 100644
+--- a/src/import/staging/src/k8s.io/client-go/go.sum
++++ b/src/import/staging/src/k8s.io/client-go/go.sum
+@@ -189,8 +189,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+diff --git a/src/import/staging/src/k8s.io/cloud-provider/go.sum b/src/importstaging/src/k8s.io/cloud-provider/go.sum
+index 8ccf452dc8d..74228199881 100644
+--- a/src/import/staging/src/k8s.io/cloud-provider/go.sum
++++ b/src/import/staging/src/k8s.io/cloud-provider/go.sum
+@@ -171,8 +171,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+diff --git a/src/import/staging/src/k8s.io/cluster-bootstrap/go.sum b/src/importstaging/src/k8s.io/cluster-bootstrap/go.sum
+index 8d81d0563ea..4c58905c7d8 100644
+--- a/src/import/staging/src/k8s.io/cluster-bootstrap/go.sum
++++ b/src/import/staging/src/k8s.io/cluster-bootstrap/go.sum
+@@ -99,8 +99,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
+ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+ k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
+ k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
+diff --git a/src/import/staging/src/k8s.io/code-generator/go.mod b/src/importstaging/src/k8s.io/code-generator/go.mod
+index 69a9e1cd9f2..2436804e8f0 100644
+--- a/src/import/staging/src/k8s.io/code-generator/go.mod
++++ b/src/import/staging/src/k8s.io/code-generator/go.mod
+@@ -18,7 +18,7 @@ require (
+ golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72 // indirect
+ gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485
+ gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e // indirect
+- gopkg.in/yaml.v2 v2.2.4 // indirect
++ gopkg.in/yaml.v2 v2.2.8 // indirect
+ k8s.io/gengo v0.0.0-20190822140433-26a664648505
+ k8s.io/klog v1.0.0
+ k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a
+diff --git a/src/import/staging/src/k8s.io/code-generator/go.sum b/src/importstaging/src/k8s.io/code-generator/go.sum
+index 7bab2c9efd3..afc21aae562 100644
+--- a/src/import/staging/src/k8s.io/code-generator/go.sum
++++ b/src/import/staging/src/k8s.io/code-generator/go.sum
+@@ -114,8 +114,8 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+ k8s.io/gengo v0.0.0-20190822140433-26a664648505 h1:ZY6yclUKVbZ+SdWnkfY+Je5vrMpKOxmGeKRbsXVmqYM=
+diff --git a/src/import/staging/src/k8s.io/component-base/go.sum b/src/importstaging/src/k8s.io/component-base/go.sum
+index b6af501ac2e..6c54e8b74e0 100644
+--- a/src/import/staging/src/k8s.io/component-base/go.sum
++++ b/src/import/staging/src/k8s.io/component-base/go.sum
+@@ -210,8 +210,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+diff --git a/src/import/staging/src/k8s.io/cri-api/go.mod b/src/importstaging/src/k8s.io/cri-api/go.mod
+index de2050e54af..4f8315dcfcc 100644
+--- a/src/import/staging/src/k8s.io/cri-api/go.mod
++++ b/src/import/staging/src/k8s.io/cri-api/go.mod
+@@ -16,7 +16,7 @@ require (
+ google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873 // indirect
+ google.golang.org/grpc v1.23.1
+ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
+- gopkg.in/yaml.v2 v2.2.4 // indirect
++ gopkg.in/yaml.v2 v2.2.8 // indirect
+ )
+
+ replace (
+diff --git a/src/import/staging/src/k8s.io/cri-api/go.sum b/src/importstaging/src/k8s.io/cri-api/go.sum
+index 880169cf1dc..5340741af79 100644
+--- a/src/import/staging/src/k8s.io/cri-api/go.sum
++++ b/src/import/staging/src/k8s.io/cri-api/go.sum
+@@ -59,7 +59,7 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
+ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
+ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+diff --git a/src/import/staging/src/k8s.io/csi-translation-lib/go.sum b/src/importstaging/src/k8s.io/csi-translation-lib/go.sum
+index 2cb7a51b2a4..f918afd9078 100644
+--- a/src/import/staging/src/k8s.io/csi-translation-lib/go.sum
++++ b/src/import/staging/src/k8s.io/csi-translation-lib/go.sum
+@@ -154,8 +154,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+diff --git a/src/import/staging/src/k8s.io/kube-aggregator/go.sum b/src/importstaging/src/k8s.io/kube-aggregator/go.sum
+index bfcd7b4aa8a..d29c2136442 100644
+--- a/src/import/staging/src/k8s.io/kube-aggregator/go.sum
++++ b/src/import/staging/src/k8s.io/kube-aggregator/go.sum
+@@ -378,8 +378,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+diff --git a/src/import/staging/src/k8s.io/kube-controller-manager/go.sum b/src/importstaging/src/k8s.io/kube-controller-manager/go.sum
+index 5303a3606b3..b238ae9cbbb 100644
+--- a/src/import/staging/src/k8s.io/kube-controller-manager/go.sum
++++ b/src/import/staging/src/k8s.io/kube-controller-manager/go.sum
+@@ -184,8 +184,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+diff --git a/src/import/staging/src/k8s.io/kube-proxy/go.sum b/src/importstaging/src/k8s.io/kube-proxy/go.sum
+index 5303a3606b3..b238ae9cbbb 100644
+--- a/src/import/staging/src/k8s.io/kube-proxy/go.sum
++++ b/src/import/staging/src/k8s.io/kube-proxy/go.sum
+@@ -184,8 +184,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+diff --git a/src/import/staging/src/k8s.io/kube-scheduler/go.sum b/src/importstaging/src/k8s.io/kube-scheduler/go.sum
+index 5303a3606b3..b238ae9cbbb 100644
+--- a/src/import/staging/src/k8s.io/kube-scheduler/go.sum
++++ b/src/import/staging/src/k8s.io/kube-scheduler/go.sum
+@@ -184,8 +184,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+diff --git a/src/import/staging/src/k8s.io/kubectl/go.mod b/src/importstaging/src/k8s.io/kubectl/go.mod
+index e0111ac16bf..c646296ebb1 100644
+--- a/src/import/staging/src/k8s.io/kubectl/go.mod
++++ b/src/import/staging/src/k8s.io/kubectl/go.mod
+@@ -34,7 +34,7 @@ require (
+ github.com/stretchr/testify v1.4.0
+ github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1 // indirect
+ golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456
+- gopkg.in/yaml.v2 v2.2.4
++ gopkg.in/yaml.v2 v2.2.8
+ gotest.tools v2.2.0+incompatible // indirect
+ k8s.io/api v0.0.0
+ k8s.io/apimachinery v0.0.0
+diff --git a/src/import/staging/src/k8s.io/kubectl/go.sum b/src/importstaging/src/k8s.io/kubectl/go.sum
+index 95ba529852c..1db9943f53c 100644
+--- a/src/import/staging/src/k8s.io/kubectl/go.sum
++++ b/src/import/staging/src/k8s.io/kubectl/go.sum
+@@ -317,8 +317,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
+ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+diff --git a/src/import/staging/src/k8s.io/kubelet/go.sum b/src/importstaging/src/k8s.io/kubelet/go.sum
+index f42a61078c9..57a0c633583 100644
+--- a/src/import/staging/src/k8s.io/kubelet/go.sum
++++ b/src/import/staging/src/k8s.io/kubelet/go.sum
+@@ -119,8 +119,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
+ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+diff --git a/src/import/staging/src/k8s.io/legacy-cloud-providers/go.sum b/src/importstaging/src/k8s.io/legacy-cloud-providers/go.sum
+index 99f76dac0cc..9e990dff888 100644
+--- a/src/import/staging/src/k8s.io/legacy-cloud-providers/go.sum
++++ b/src/import/staging/src/k8s.io/legacy-cloud-providers/go.sum
+@@ -340,8 +340,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+diff --git a/src/import/staging/src/k8s.io/metrics/go.sum b/src/importstaging/src/k8s.io/metrics/go.sum
+index 99df273ff9e..d9b2c94fdbe 100644
+--- a/src/import/staging/src/k8s.io/metrics/go.sum
++++ b/src/import/staging/src/k8s.io/metrics/go.sum
+@@ -211,8 +211,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk=
+diff --git a/src/import/staging/src/k8s.io/node-api/go.sum b/src/importstaging/src/k8s.io/node-api/go.sum
+index 77f0a21fa7d..1cb50186d99 100644
+--- a/src/import/staging/src/k8s.io/node-api/go.sum
++++ b/src/import/staging/src/k8s.io/node-api/go.sum
+@@ -215,8 +215,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk=
+diff --git a/src/import/staging/src/k8s.io/sample-apiserver/go.sum b/src/importstaging/src/k8s.io/sample-apiserver/go.sum
+index 3ea72ac63e9..236ee4b1e88 100644
+--- a/src/import/staging/src/k8s.io/sample-apiserver/go.sum
++++ b/src/import/staging/src/k8s.io/sample-apiserver/go.sum
+@@ -375,8 +375,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+diff --git a/src/import/staging/src/k8s.io/sample-cli-plugin/go.sum b/src/importstaging/src/k8s.io/sample-cli-plugin/go.sum
+index a5eef73070b..c6c2d0d9231 100644
+--- a/src/import/staging/src/k8s.io/sample-cli-plugin/go.sum
++++ b/src/import/staging/src/k8s.io/sample-cli-plugin/go.sum
+@@ -234,8 +234,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+diff --git a/src/import/staging/src/k8s.io/sample-controller/go.sum b/src/importstaging/src/k8s.io/sample-controller/go.sum
+index 55fa85acf16..3b18f34b5a6 100644
+--- a/src/import/staging/src/k8s.io/sample-controller/go.sum
++++ b/src/import/staging/src/k8s.io/sample-controller/go.sum
+@@ -216,8 +216,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
+-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk=
+diff --git a/src/import/vendor/gopkg.in/yaml.v2/.travis.yml b/src/importvendor/gopkg.in/yaml.v2/.travis.yml
+index 9f556934d8b..055480b9ef8 100644
+--- a/src/import/vendor/gopkg.in/yaml.v2/.travis.yml
++++ b/src/import/vendor/gopkg.in/yaml.v2/.travis.yml
+@@ -1,12 +1,16 @@
+ language: go
+
+ go:
+- - 1.4
+- - 1.5
+- - 1.6
+- - 1.7
+- - 1.8
+- - 1.9
+- - tip
++ - "1.4.x"
++ - "1.5.x"
++ - "1.6.x"
++ - "1.7.x"
++ - "1.8.x"
++ - "1.9.x"
++ - "1.10.x"
++ - "1.11.x"
++ - "1.12.x"
++ - "1.13.x"
++ - "tip"
+
+ go_import_path: gopkg.in/yaml.v2
+diff --git a/src/import/vendor/gopkg.in/yaml.v2/decode.go b/src/importvendor/gopkg.in/yaml.v2/decode.go
+index 53108765555..129bc2a97d3 100644
+--- a/src/import/vendor/gopkg.in/yaml.v2/decode.go
++++ b/src/import/vendor/gopkg.in/yaml.v2/decode.go
+@@ -319,10 +319,14 @@ func (d *decoder) prepare(n *node, out reflect.Value) (newout reflect.Value, unm
+ }
+
+ const (
+- // 400,000 decode operations is ~500kb of dense object declarations, or ~5kb of dense object declarations with 10000% alias expansion
++ // 400,000 decode operations is ~500kb of dense object declarations, or
++ // ~5kb of dense object declarations with 10000% alias expansion
+ alias_ratio_range_low = 400000
+- // 4,000,000 decode operations is ~5MB of dense object declarations, or ~4.5MB of dense object declarations with 10% alias expansion
++
++ // 4,000,000 decode operations is ~5MB of dense object declarations, or
++ // ~4.5MB of dense object declarations with 10% alias expansion
+ alias_ratio_range_high = 4000000
++
+ // alias_ratio_range is the range over which we scale allowed alias ratios
+ alias_ratio_range = float64(alias_ratio_range_high - alias_ratio_range_low)
+ )
+@@ -784,8 +788,7 @@ func (d *decoder) merge(n *node, out reflect.Value) {
+ case mappingNode:
+ d.unmarshal(n, out)
+ case aliasNode:
+- an, ok := d.doc.anchors[n.value]
+- if ok && an.kind != mappingNode {
++ if n.alias != nil && n.alias.kind != mappingNode {
+ failWantMap()
+ }
+ d.unmarshal(n, out)
+@@ -794,8 +797,7 @@ func (d *decoder) merge(n *node, out reflect.Value) {
+ for i := len(n.children) - 1; i >= 0; i-- {
+ ni := n.children[i]
+ if ni.kind == aliasNode {
+- an, ok := d.doc.anchors[ni.value]
+- if ok && an.kind != mappingNode {
++ if ni.alias != nil && ni.alias.kind != mappingNode {
+ failWantMap()
+ }
+ } else if ni.kind != mappingNode {
+diff --git a/src/import/vendor/gopkg.in/yaml.v2/scannerc.go b/src/importvendor/gopkg.in/yaml.v2/scannerc.go
+index 570b8ecd10f..0b9bb6030a0 100644
+--- a/src/import/vendor/gopkg.in/yaml.v2/scannerc.go
++++ b/src/import/vendor/gopkg.in/yaml.v2/scannerc.go
+@@ -626,31 +626,18 @@ func trace(args ...interface{}) func() {
+ func yaml_parser_fetch_more_tokens(parser *yaml_parser_t) bool {
+ // While we need more tokens to fetch, do it.
+ for {
+- // Check if we really need to fetch more tokens.
+- need_more_tokens := false
+-
+- if parser.tokens_head == len(parser.tokens) {
+- // Queue is empty.
+- need_more_tokens = true
+- } else {
+- // Check if any potential simple key may occupy the head position.
+- if !yaml_parser_stale_simple_keys(parser) {
++ if parser.tokens_head != len(parser.tokens) {
++ // If queue is non-empty, check if any potential simple key may
++ // occupy the head position.
++ head_tok_idx, ok := parser.simple_keys_by_tok[parser.tokens_parsed]
++ if !ok {
++ break
++ } else if valid, ok := yaml_simple_key_is_valid(parser, &parser.simple_keys[head_tok_idx]); !ok {
+ return false
+- }
+-
+- for i := range parser.simple_keys {
+- simple_key := &parser.simple_keys[i]
+- if simple_key.possible && simple_key.token_number == parser.tokens_parsed {
+- need_more_tokens = true
+- break
+- }
++ } else if !valid {
++ break
+ }
+ }
+-
+- // We are finished.
+- if !need_more_tokens {
+- break
+- }
+ // Fetch the next token.
+ if !yaml_parser_fetch_next_token(parser) {
+ return false
+@@ -678,11 +665,6 @@ func yaml_parser_fetch_next_token(parser *yaml_parser_t) bool {
+ return false
+ }
+
+- // Remove obsolete potential simple keys.
+- if !yaml_parser_stale_simple_keys(parser) {
+- return false
+- }
+-
+ // Check the indentation level against the current column.
+ if !yaml_parser_unroll_indent(parser, parser.mark.column) {
+ return false
+@@ -837,29 +819,30 @@ func yaml_parser_fetch_next_token(parser *yaml_parser_t) bool {
+ "found character that cannot start any token")
+ }
+
+-// Check the list of potential simple keys and remove the positions that
+-// cannot contain simple keys anymore.
+-func yaml_parser_stale_simple_keys(parser *yaml_parser_t) bool {
+- // Check for a potential simple key for each flow level.
+- for i := range parser.simple_keys {
+- simple_key := &parser.simple_keys[i]
+-
+- // The specification requires that a simple key
+- //
+- // - is limited to a single line,
+- // - is shorter than 1024 characters.
+- if simple_key.possible && (simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index) {
+-
+- // Check if the potential simple key to be removed is required.
+- if simple_key.required {
+- return yaml_parser_set_scanner_error(parser,
+- "while scanning a simple key", simple_key.mark,
+- "could not find expected ':'")
+- }
+- simple_key.possible = false
++func yaml_simple_key_is_valid(parser *yaml_parser_t, simple_key *yaml_simple_key_t) (valid, ok bool) {
++ if !simple_key.possible {
++ return false, true
++ }
++
++ // The 1.2 specification says:
++ //
++ // "If the ? indicator is omitted, parsing needs to see past the
++ // implicit key to recognize it as such. To limit the amount of
++ // lookahead required, the “:” indicator must appear at most 1024
++ // Unicode characters beyond the start of the key. In addition, the key
++ // is restricted to a single line."
++ //
++ if simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index {
++ // Check if the potential simple key to be removed is required.
++ if simple_key.required {
++ return false, yaml_parser_set_scanner_error(parser,
++ "while scanning a simple key", simple_key.mark,
++ "could not find expected ':'")
+ }
++ simple_key.possible = false
++ return false, true
+ }
+- return true
++ return true, true
+ }
+
+ // Check if a simple key may start at the current position and add it if
+@@ -879,13 +862,14 @@ func yaml_parser_save_simple_key(parser *yaml_parser_t) bool {
+ possible: true,
+ required: required,
+ token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
++ mark: parser.mark,
+ }
+- simple_key.mark = parser.mark
+
+ if !yaml_parser_remove_simple_key(parser) {
+ return false
+ }
+ parser.simple_keys[len(parser.simple_keys)-1] = simple_key
++ parser.simple_keys_by_tok[simple_key.token_number] = len(parser.simple_keys) - 1
+ }
+ return true
+ }
+@@ -900,9 +884,10 @@ func yaml_parser_remove_simple_key(parser *yaml_parser_t) bool {
+ "while scanning a simple key", parser.simple_keys[i].mark,
+ "could not find expected ':'")
+ }
++ // Remove the key from the stack.
++ parser.simple_keys[i].possible = false
++ delete(parser.simple_keys_by_tok, parser.simple_keys[i].token_number)
+ }
+- // Remove the key from the stack.
+- parser.simple_keys[i].possible = false
+ return true
+ }
+
+@@ -912,7 +897,12 @@ const max_flow_level = 10000
+ // Increase the flow level and resize the simple key list if needed.
+ func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool {
+ // Reset the simple key on the next level.
+- parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{})
++ parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{
++ possible: false,
++ required: false,
++ token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
++ mark: parser.mark,
++ })
+
+ // Increase the flow level.
+ parser.flow_level++
+@@ -928,7 +918,9 @@ func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool {
+ func yaml_parser_decrease_flow_level(parser *yaml_parser_t) bool {
+ if parser.flow_level > 0 {
+ parser.flow_level--
+- parser.simple_keys = parser.simple_keys[:len(parser.simple_keys)-1]
++ last := len(parser.simple_keys) - 1
++ delete(parser.simple_keys_by_tok, parser.simple_keys[last].token_number)
++ parser.simple_keys = parser.simple_keys[:last]
+ }
+ return true
+ }
+@@ -1005,6 +997,8 @@ func yaml_parser_fetch_stream_start(parser *yaml_parser_t) bool {
+ // Initialize the simple key stack.
+ parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{})
+
++ parser.simple_keys_by_tok = make(map[int]int)
++
+ // A simple key is allowed at the beginning of the stream.
+ parser.simple_key_allowed = true
+
+@@ -1286,7 +1280,11 @@ func yaml_parser_fetch_value(parser *yaml_parser_t) bool {
+ simple_key := &parser.simple_keys[len(parser.simple_keys)-1]
+
+ // Have we found a simple key?
+- if simple_key.possible {
++ if valid, ok := yaml_simple_key_is_valid(parser, simple_key); !ok {
++ return false
++
++ } else if valid {
++
+ // Create the KEY token and insert it into the queue.
+ token := yaml_token_t{
+ typ: yaml_KEY_TOKEN,
+@@ -1304,6 +1302,7 @@ func yaml_parser_fetch_value(parser *yaml_parser_t) bool {
+
+ // Remove the simple key.
+ simple_key.possible = false
++ delete(parser.simple_keys_by_tok, simple_key.token_number)
+
+ // A simple key cannot follow another simple key.
+ parser.simple_key_allowed = false
+diff --git a/src/import/vendor/gopkg.in/yaml.v2/yaml.go b/src/importvendor/gopkg.in/yaml.v2/yaml.go
+index de85aa4cdb7..89650e293ac 100644
+--- a/src/import/vendor/gopkg.in/yaml.v2/yaml.go
++++ b/src/import/vendor/gopkg.in/yaml.v2/yaml.go
+@@ -89,7 +89,7 @@ func UnmarshalStrict(in []byte, out interface{}) (err error) {
+ return unmarshal(in, out, true)
+ }
+
+-// A Decorder reads and decodes YAML values from an input stream.
++// A Decoder reads and decodes YAML values from an input stream.
+ type Decoder struct {
+ strict bool
+ parser *parser
+diff --git a/src/import/vendor/gopkg.in/yaml.v2/yamlh.go b/src/importvendor/gopkg.in/yaml.v2/yamlh.go
+index e25cee563be..f6a9c8e34b1 100644
+--- a/src/import/vendor/gopkg.in/yaml.v2/yamlh.go
++++ b/src/import/vendor/gopkg.in/yaml.v2/yamlh.go
+@@ -579,6 +579,7 @@ type yaml_parser_t struct {
+
+ simple_key_allowed bool // May a simple key occur at the current position?
+ simple_keys []yaml_simple_key_t // The stack of simple keys.
++ simple_keys_by_tok map[int]int // possible simple_key indexes indexed by token_number
+
+ // Parser stuff
+
+diff --git a/src/import/vendor/modules.txt b/src/importvendor/modules.txt
+index a51796d1ed5..a45f1cd3e3b 100644
+--- a/src/import/vendor/modules.txt
++++ b/src/import/vendor/modules.txt
+@@ -1059,7 +1059,7 @@ gopkg.in/square/go-jose.v2/jwt
+ gopkg.in/tomb.v1
+ # gopkg.in/warnings.v0 v0.1.1 => gopkg.in/warnings.v0 v0.1.1
+ gopkg.in/warnings.v0
+-# gopkg.in/yaml.v2 v2.2.4 => gopkg.in/yaml.v2 v2.2.4
++# gopkg.in/yaml.v2 v2.2.8 => gopkg.in/yaml.v2 v2.2.8
+ gopkg.in/yaml.v2
+ # gotest.tools v2.2.0+incompatible => gotest.tools v2.2.0+incompatible
+ gotest.tools
+--
+2.20.1
+
diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
index 76107af..4698874 100644
--- a/recipes-containers/kubernetes/kubernetes_git.bb
+++ b/recipes-containers/kubernetes/kubernetes_git.bb
@@ -11,6 +11,11 @@ SRCREV_kubernetes = "f45fc1861acab22eb6a4697e3fb831e85ef5ff9c"
SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.17;name=kubernetes \
file://0001-hack-lib-golang.sh-use-CC-from-environment.patch \
file://0001-cross-don-t-build-tests-by-default.patch \
+ file://0001-Add-new-endpoint-for-resource-metrics.patch \
+ file://0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch \
+ file://0001-remove-client-label-from-apiserver-request-count-met.patch \
+ file://0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch \
+ file://0001-Deal-with-auto-generated-files.patch \
"
DEPENDS += "rsync-native \
--
2.24.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [meta-virtualization][PATCH] kubernetes: Backport CVE fixes
2020-04-29 17:49 [meta-virtualization][PATCH] kubernetes: Backport CVE fixes sakib.sajal
@ 2020-04-29 19:28 ` Bruce Ashfield
2020-05-07 14:53 ` sakib.sajal
0 siblings, 1 reply; 4+ messages in thread
From: Bruce Ashfield @ 2020-04-29 19:28 UTC (permalink / raw)
To: meta-virtualization
I'm nearly complete on an kubernetes refresh, so I won't merge this
patch to master, and I'm inclined to do the uprev even in dunfell.
If this patch is destined for dunfell, that should indicated clearly
in the patch subject.
Cheers,
Bruce
On Wed, Apr 29, 2020 at 1:49 PM <sakib.sajal@windriver.com> wrote:
>
> CVE: CVE-2020-8551
> - 0db7074e1ad237af1a513bdf51160bf4b4cdc9f1
> - 9802bfcec0580169cffce2a3d468689a407fa7dc
> - c394d821fdafd719619eb63fcd1065a95ec02ef9
>
> CVE: CVE-2020-8552
> - cc3190968b1f14ddf4067abef849fc41bd6068dc
>
> CVE: CVE-2019-11254
> - a290fe55cb2f4593eb4ec5bf410cd77b9d925464
>
> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> ---
> ...-to-fix-kubelet-metrics-memory-issue.patch | 313 +++++++
> ...dd-new-endpoint-for-resource-metrics.patch | 440 ++++++++++
> .../0001-Deal-with-auto-generated-files.patch | 60 ++
> ...bel-from-apiserver-request-count-met.patch | 171 ++++
> ...01-update-gopkg.in-yaml.v2-to-v2.2.8.patch | 825 ++++++++++++++++++
> .../kubernetes/kubernetes_git.bb | 5 +
> 6 files changed, 1814 insertions(+)
> create mode 100644 recipes-containers/kubernetes/kubernetes/0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch
> create mode 100644 recipes-containers/kubernetes/kubernetes/0001-Add-new-endpoint-for-resource-metrics.patch
> create mode 100644 recipes-containers/kubernetes/kubernetes/0001-Deal-with-auto-generated-files.patch
> create mode 100644 recipes-containers/kubernetes/kubernetes/0001-remove-client-label-from-apiserver-request-count-met.patch
> create mode 100644 recipes-containers/kubernetes/kubernetes/0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch
>
> diff --git a/recipes-containers/kubernetes/kubernetes/0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch b/recipes-containers/kubernetes/kubernetes/0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch
> new file mode 100644
> index 0000000..5369f04
> --- /dev/null
> +++ b/recipes-containers/kubernetes/kubernetes/0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch
> @@ -0,0 +1,313 @@
> +From 0bf092ccc5fccb06b13afe5da86286a856d96770 Mon Sep 17 00:00:00 2001
> +From: Walter Fender <wfender@google.com>
> +Date: Thu, 6 Feb 2020 19:10:18 -0800
> +Subject: [PATCH] Add code to fix kubelet/metrics memory issue.
> +
> +Bucketing url paths based on concept/handling.
> +Bucketing code placed by handling code to encourage usage.
> +Added unit tests.
> +Fix format.
> +
> +Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/87913/commits/9802bfcec0580169cffce2a3d468689a407fa7dc]
> +CVE: CVE-2020-8551
> +
> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> +---
> + pkg/kubelet/server/server.go | 57 ++++++++++++++++++++++++++++---
> + pkg/kubelet/server/server_test.go | 54 ++++++++++++++++++++++++++++-
> + 2 files changed, 106 insertions(+), 5 deletions(-)
> +
> +diff --git a/src/import/pkg/kubelet/server/server.go b/src/import/pkg/kubelet/server/server.go
> +index 0f953c92502..05c1dc9c701 100644
> +--- a/src/import/pkg/kubelet/server/server.go
> ++++ b/src/import/pkg/kubelet/server/server.go
> +@@ -89,6 +89,7 @@ type Server struct {
> + auth AuthInterface
> + host HostInterface
> + restfulCont containerInterface
> ++ metricsBuckets map[string]bool
> + resourceAnalyzer stats.ResourceAnalyzer
> + redirectContainerStreaming bool
> + }
> +@@ -225,6 +226,7 @@ func NewServer(
> + resourceAnalyzer: resourceAnalyzer,
> + auth: auth,
> + restfulCont: &filteringContainer{Container: restful.NewContainer()},
> ++ metricsBuckets: make(map[string]bool),
> + redirectContainerStreaming: redirectContainerStreaming,
> + }
> + if auth != nil {
> +@@ -280,14 +282,32 @@ func (s *Server) InstallAuthFilter() {
> + })
> + }
> +
> ++// addMetricsBucketMatcher adds a regexp matcher and the relevant bucket to use when
> ++// it matches. Please be aware this is not thread safe and should not be used dynamically
> ++func (s *Server) addMetricsBucketMatcher(bucket string) {
> ++ s.metricsBuckets[bucket] = true
> ++}
> ++
> ++// getMetricBucket find the appropriate metrics reporting bucket for the given path
> ++func (s *Server) getMetricBucket(path string) string {
> ++ root := getURLRootPath(path)
> ++ if s.metricsBuckets[root] == true {
> ++ return root
> ++ }
> ++ return "Invalid path"
> ++}
> ++
> + // InstallDefaultHandlers registers the default set of supported HTTP request
> + // patterns with the restful Container.
> + func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
> ++ s.addMetricsBucketMatcher("healthz")
> + healthz.InstallHandler(s.restfulCont,
> + healthz.PingHealthz,
> + healthz.LogHealthz,
> + healthz.NamedCheck("syncloop", s.syncLoopHealthCheck),
> + )
> ++
> ++ s.addMetricsBucketMatcher("pods")
> + ws := new(restful.WebService)
> + ws.
> + Path("/pods").
> +@@ -297,7 +317,14 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
> + Operation("getPods"))
> + s.restfulCont.Add(ws)
> +
> ++ s.addMetricsBucketMatcher("stats")
> + s.restfulCont.Add(stats.CreateHandlers(statsPath, s.host, s.resourceAnalyzer, enableCAdvisorJSONEndpoints))
> ++
> ++ s.addMetricsBucketMatcher("metrics")
> ++ s.addMetricsBucketMatcher("metrics/cadvisor")
> ++ s.addMetricsBucketMatcher("metrics/probes")
> ++ s.addMetricsBucketMatcher("metrics/resource/v1alpha1")
> ++ s.addMetricsBucketMatcher("metrics/resource")
> + //lint:ignore SA1019 https://github.com/kubernetes/enhancements/issues/1206
> + s.restfulCont.Handle(metricsPath, legacyregistry.Handler())
> +
> +@@ -320,12 +347,15 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
> + compbasemetrics.HandlerFor(r, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
> + )
> +
> ++ // deprecated endpoint which will be removed in release 1.20.0+.
> ++ s.addMetricsBucketMatcher("metrics/resource/v1alpha1")
> + v1alpha1ResourceRegistry := compbasemetrics.NewKubeRegistry()
> + v1alpha1ResourceRegistry.CustomMustRegister(stats.NewPrometheusResourceMetricCollector(s.resourceAnalyzer, v1alpha1.Config()))
> + s.restfulCont.Handle(path.Join(resourceMetricsPath, v1alpha1.Version),
> + compbasemetrics.HandlerFor(v1alpha1ResourceRegistry, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
> + )
> +
> ++ s.addMetricsBucketMatcher("metrics/resource")
> + resourceRegistry := compbasemetrics.NewKubeRegistry()
> + resourceRegistry.CustomMustRegister(collectors.NewResourceMetricsCollector(s.resourceAnalyzer))
> + s.restfulCont.Handle(resourceMetricsPath,
> +@@ -334,6 +364,7 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
> +
> + // prober metrics are exposed under a different endpoint
> +
> ++ s.addMetricsBucketMatcher("metrics/probes")
> + p := compbasemetrics.NewKubeRegistry()
> + compbasemetrics.RegisterProcessStartTime(p.RawRegister)
> + p.MustRegister(prober.ProberResults)
> +@@ -341,6 +372,7 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
> + compbasemetrics.HandlerFor(p, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
> + )
> +
> ++ s.addMetricsBucketMatcher("spec")
> + if enableCAdvisorJSONEndpoints {
> + ws := new(restful.WebService)
> + ws.
> +@@ -360,6 +392,7 @@ const pprofBasePath = "/debug/pprof/"
> + func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + klog.Infof("Adding debug handlers to kubelet server.")
> +
> ++ s.addMetricsBucketMatcher("run")
> + ws := new(restful.WebService)
> + ws.
> + Path("/run")
> +@@ -371,6 +404,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + Operation("getRun"))
> + s.restfulCont.Add(ws)
> +
> ++ s.addMetricsBucketMatcher("exec")
> + ws = new(restful.WebService)
> + ws.
> + Path("/exec")
> +@@ -388,6 +422,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + Operation("getExec"))
> + s.restfulCont.Add(ws)
> +
> ++ s.addMetricsBucketMatcher("attach")
> + ws = new(restful.WebService)
> + ws.
> + Path("/attach")
> +@@ -405,6 +440,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + Operation("getAttach"))
> + s.restfulCont.Add(ws)
> +
> ++ s.addMetricsBucketMatcher("portForward")
> + ws = new(restful.WebService)
> + ws.
> + Path("/portForward")
> +@@ -422,6 +458,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + Operation("getPortForward"))
> + s.restfulCont.Add(ws)
> +
> ++ s.addMetricsBucketMatcher("logs")
> + ws = new(restful.WebService)
> + ws.
> + Path(logsPath)
> +@@ -434,6 +471,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + Param(ws.PathParameter("logpath", "path to the log").DataType("string")))
> + s.restfulCont.Add(ws)
> +
> ++ s.addMetricsBucketMatcher("containerLogs")
> + ws = new(restful.WebService)
> + ws.
> + Path("/containerLogs")
> +@@ -442,8 +480,10 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + Operation("getContainerLogs"))
> + s.restfulCont.Add(ws)
> +
> ++ s.addMetricsBucketMatcher("configz")
> + configz.InstallHandler(s.restfulCont)
> +
> ++ s.addMetricsBucketMatcher("debug")
> + handlePprofEndpoint := func(req *restful.Request, resp *restful.Response) {
> + name := strings.TrimPrefix(req.Request.URL.Path, pprofBasePath)
> + switch name {
> +@@ -459,7 +499,6 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + pprof.Index(resp, req.Request)
> + }
> + }
> +-
> + // Setup pprof handlers.
> + ws = new(restful.WebService).Path(pprofBasePath)
> + ws.Route(ws.GET("/{subpath:*}").To(func(req *restful.Request, resp *restful.Response) {
> +@@ -472,6 +511,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + s.restfulCont.Handle("/debug/flags/v", routes.StringFlagPutHandler(logs.GlogSetter))
> +
> + // The /runningpods endpoint is used for testing only.
> ++ s.addMetricsBucketMatcher("runningpods")
> + ws = new(restful.WebService)
> + ws.
> + Path("/runningpods/").
> +@@ -481,6 +521,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + Operation("getRunningPods"))
> + s.restfulCont.Add(ws)
> +
> ++ s.addMetricsBucketMatcher("cri")
> + if criHandler != nil {
> + s.restfulCont.Handle("/cri/", criHandler)
> + }
> +@@ -492,6 +533,14 @@ func (s *Server) InstallDebuggingDisabledHandlers() {
> + http.Error(w, "Debug endpoints are disabled.", http.StatusMethodNotAllowed)
> + })
> +
> ++ s.addMetricsBucketMatcher("run")
> ++ s.addMetricsBucketMatcher("exec")
> ++ s.addMetricsBucketMatcher("attach")
> ++ s.addMetricsBucketMatcher("portForward")
> ++ s.addMetricsBucketMatcher("containerLogs")
> ++ s.addMetricsBucketMatcher("runningpods")
> ++ s.addMetricsBucketMatcher("pprof")
> ++ s.addMetricsBucketMatcher("logs")
> + paths := []string{
> + "/run/", "/exec/", "/attach/", "/portForward/", "/containerLogs/",
> + "/runningpods/", pprofBasePath, logsPath}
> +@@ -808,10 +857,10 @@ func (s *Server) getPortForward(request *restful.Request, response *restful.Resp
> + proxyStream(response.ResponseWriter, request.Request, url)
> + }
> +
> +-// trimURLPath trims a URL path.
> ++// getURLRootPath trims a URL path.
> + // For paths in the format of "/metrics/xxx", "metrics/xxx" is returned;
> + // For all other paths, the first part of the path is returned.
> +-func trimURLPath(path string) string {
> ++func getURLRootPath(path string) string {
> + parts := strings.SplitN(strings.TrimPrefix(path, "/"), "/", 3)
> + if len(parts) == 0 {
> + return path
> +@@ -859,7 +908,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, req *http.Request) {
> + serverType = "readwrite"
> + }
> +
> +- method, path := req.Method, trimURLPath(req.URL.Path)
> ++ method, path := req.Method, s.getMetricBucket(req.URL.Path)
> +
> + longRunning := strconv.FormatBool(isLongRunningRequest(path))
> +
> +diff --git a/src/import/pkg/kubelet/server/server_test.go b/src/import/pkg/kubelet/server/server_test.go
> +index eba788b50ea..5e6a1cc0588 100644
> +--- a/src/import/pkg/kubelet/server/server_test.go
> ++++ b/src/import/pkg/kubelet/server/server_test.go
> +@@ -1460,6 +1460,58 @@ func TestCRIHandler(t *testing.T) {
> + assert.Equal(t, query, fw.criHandler.RequestReceived.URL.RawQuery)
> + }
> +
> ++func TestMetricBuckets(t *testing.T) {
> ++ tests := map[string]struct {
> ++ url string
> ++ bucket string
> ++ }{
> ++ "healthz endpoint": {url: "/healthz", bucket: "healthz"},
> ++ "attach": {url: "/attach/podNamespace/podID/containerName", bucket: "attach"},
> ++ "attach with uid": {url: "/attach/podNamespace/podID/uid/containerName", bucket: "attach"},
> ++ "configz": {url: "/configz", bucket: "configz"},
> ++ "containerLogs": {url: "/containerLogs/podNamespace/podID/containerName", bucket: "containerLogs"},
> ++ "cri": {url: "/cri/", bucket: "cri"},
> ++ "cri with sub": {url: "/cri/foo", bucket: "cri"},
> ++ "debug v flags": {url: "/debug/flags/v", bucket: "debug"},
> ++ "pprof with sub": {url: "/debug/pprof/subpath", bucket: "debug"},
> ++ "exec": {url: "/exec/podNamespace/podID/containerName", bucket: "exec"},
> ++ "exec with uid": {url: "/exec/podNamespace/podID/uid/containerName", bucket: "exec"},
> ++ "healthz": {url: "/healthz/", bucket: "healthz"},
> ++ "healthz log sub": {url: "/healthz/log", bucket: "healthz"},
> ++ "healthz ping": {url: "/healthz/ping", bucket: "healthz"},
> ++ "healthz sync loop": {url: "/healthz/syncloop", bucket: "healthz"},
> ++ "logs": {url: "/logs/", bucket: "logs"},
> ++ "logs with path": {url: "/logs/logpath", bucket: "logs"},
> ++ "metrics": {url: "/metrics", bucket: "metrics"},
> ++ "metrics cadvisor sub": {url: "/metrics/cadvisor", bucket: "metrics/cadvisor"},
> ++ "metrics probes sub": {url: "/metrics/probes", bucket: "metrics/probes"},
> ++ "metrics resource v1alpha1": {url: "/metrics/resource/v1alpha1", bucket: "metrics/resource"},
> ++ "metrics resource sub": {url: "/metrics/resource", bucket: "metrics/resource"},
> ++ "pods": {url: "/pods/", bucket: "pods"},
> ++ "portForward": {url: "/portForward/podNamespace/podID", bucket: "portForward"},
> ++ "portForward with uid": {url: "/portForward/podNamespace/podID/uid", bucket: "portForward"},
> ++ "run": {url: "/run/podNamespace/podID/containerName", bucket: "run"},
> ++ "run with uid": {url: "/run/podNamespace/podID/uid/containerName", bucket: "run"},
> ++ "runningpods": {url: "/runningpods/", bucket: "runningpods"},
> ++ "spec": {url: "/spec/", bucket: "spec"},
> ++ "stats": {url: "/stats/", bucket: "stats"},
> ++ "stats container sub": {url: "/stats/container", bucket: "stats"},
> ++ "stats summary sub": {url: "/stats/summary", bucket: "stats"},
> ++ "stats containerName with uid": {url: "/stats/namespace/podName/uid/containerName", bucket: "stats"},
> ++ "stats containerName": {url: "/stats/podName/containerName", bucket: "stats"},
> ++ "invalid path": {url: "/junk", bucket: "Invalid path"},
> ++ "invalid path starting with good": {url: "/healthzjunk", bucket: "Invalid path"},
> ++ }
> ++ fw := newServerTest()
> ++ defer fw.testHTTPServer.Close()
> ++
> ++ for _, test := range tests {
> ++ path := test.url
> ++ bucket := test.bucket
> ++ require.Equal(t, fw.serverUnderTest.getMetricBucket(path), bucket)
> ++ }
> ++}
> ++
> + func TestDebuggingDisabledHandlers(t *testing.T) {
> + fw := newServerTestWithDebug(false, false, nil)
> + defer fw.testHTTPServer.Close()
> +@@ -1533,6 +1585,6 @@ func TestTrimURLPath(t *testing.T) {
> + }
> +
> + for _, test := range tests {
> +- assert.Equal(t, test.expected, trimURLPath(test.path), fmt.Sprintf("path is: %s", test.path))
> ++ assert.Equal(t, test.expected, getURLRootPath(test.path), fmt.Sprintf("path is: %s", test.path))
> + }
> + }
> +--
> +2.17.1
> +
> diff --git a/recipes-containers/kubernetes/kubernetes/0001-Add-new-endpoint-for-resource-metrics.patch b/recipes-containers/kubernetes/kubernetes/0001-Add-new-endpoint-for-resource-metrics.patch
> new file mode 100644
> index 0000000..82e5fc6
> --- /dev/null
> +++ b/recipes-containers/kubernetes/kubernetes/0001-Add-new-endpoint-for-resource-metrics.patch
> @@ -0,0 +1,440 @@
> +From 0db7074e1ad237af1a513bdf51160bf4b4cdc9f1 Mon Sep 17 00:00:00 2001
> +From: RainbowMango <renhongcai@huawei.com>
> +Date: Sun, 15 Dec 2019 17:06:13 +0800
> +Subject: [PATCH] Add new endpoint for resource metrics.
> +
> +This commit is required for context to fix CVE-2020-8551.
> +
> +Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/86282/commits/0db7074e1ad237af1a513bdf51160bf4b4cdc9f1]
> +CVE: CVE-2020-8551
> +
> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> +---
> + .../metrics/collectors/resource_metrics.go | 153 ++++++++++++++
> + .../collectors/resource_metrics_test.go | 189 ++++++++++++++++++
> + pkg/kubelet/server/auth_test.go | 1 +
> + pkg/kubelet/server/server.go | 23 ++-
> + 4 files changed, 358 insertions(+), 8 deletions(-)
> + create mode 100644 pkg/kubelet/metrics/collectors/resource_metrics.go
> + create mode 100644 pkg/kubelet/metrics/collectors/resource_metrics_test.go
> +
> +diff --git a/src/import/pkg/kubelet/metrics/collectors/resource_metrics.go b/src/import/pkg/kubelet/metrics/collectors/resource_metrics.go
> +new file mode 100644
> +index 00000000000..a3667127903
> +--- /dev/null
> ++++ b/src/import/pkg/kubelet/metrics/collectors/resource_metrics.go
> +@@ -0,0 +1,153 @@
> ++/*
> ++Copyright 2019 The Kubernetes Authors.
> ++
> ++Licensed under the Apache License, Version 2.0 (the "License");
> ++you may not use this file except in compliance with the License.
> ++You may obtain a copy of the License at
> ++
> ++ http://www.apache.org/licenses/LICENSE-2.0
> ++
> ++Unless required by applicable law or agreed to in writing, software
> ++distributed under the License is distributed on an "AS IS" BASIS,
> ++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> ++See the License for the specific language governing permissions and
> ++limitations under the License.
> ++*/
> ++
> ++package collectors
> ++
> ++import (
> ++ "time"
> ++
> ++ "k8s.io/component-base/metrics"
> ++ "k8s.io/klog"
> ++ summary "k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1"
> ++ "k8s.io/kubernetes/pkg/kubelet/server/stats"
> ++)
> ++
> ++var (
> ++ nodeCPUUsageDesc = metrics.NewDesc("node_cpu_usage_seconds",
> ++ "Cumulative cpu time consumed by the node in core-seconds",
> ++ nil,
> ++ nil,
> ++ metrics.ALPHA,
> ++ "")
> ++
> ++ nodeMemoryUsageDesc = metrics.NewDesc("node_memory_working_set_bytes",
> ++ "Current working set of the node in bytes",
> ++ nil,
> ++ nil,
> ++ metrics.ALPHA,
> ++ "")
> ++
> ++ containerCPUUsageDesc = metrics.NewDesc("container_cpu_usage_seconds",
> ++ "Cumulative cpu time consumed by the container in core-seconds",
> ++ []string{"container", "pod", "namespace"},
> ++ nil,
> ++ metrics.ALPHA,
> ++ "")
> ++
> ++ containerMemoryUsageDesc = metrics.NewDesc("container_memory_working_set_bytes",
> ++ "Current working set of the container in bytes",
> ++ []string{"container", "pod", "namespace"},
> ++ nil,
> ++ metrics.ALPHA,
> ++ "")
> ++
> ++ resouceScrapeResultDesc = metrics.NewDesc("scrape_error",
> ++ "1 if there was an error while getting container metrics, 0 otherwise",
> ++ nil,
> ++ nil,
> ++ metrics.ALPHA,
> ++ "")
> ++)
> ++
> ++// NewResourceMetricsCollector returns a metrics.StableCollector which exports resource metrics
> ++func NewResourceMetricsCollector(provider stats.SummaryProvider) metrics.StableCollector {
> ++ return &resourceMetricsCollector{
> ++ provider: provider,
> ++ }
> ++}
> ++
> ++type resourceMetricsCollector struct {
> ++ metrics.BaseStableCollector
> ++
> ++ provider stats.SummaryProvider
> ++}
> ++
> ++// Check if resourceMetricsCollector implements necessary interface
> ++var _ metrics.StableCollector = &resourceMetricsCollector{}
> ++
> ++// DescribeWithStability implements metrics.StableCollector
> ++func (rc *resourceMetricsCollector) DescribeWithStability(ch chan<- *metrics.Desc) {
> ++ ch <- nodeCPUUsageDesc
> ++ ch <- nodeMemoryUsageDesc
> ++ ch <- containerCPUUsageDesc
> ++ ch <- containerMemoryUsageDesc
> ++ ch <- resouceScrapeResultDesc
> ++}
> ++
> ++// CollectWithStability implements metrics.StableCollector
> ++// Since new containers are frequently created and removed, using the Gauge would
> ++// leak metric collectors for containers or pods that no longer exist. Instead, implement
> ++// custom collector in a way that only collects metrics for active containers.
> ++func (rc *resourceMetricsCollector) CollectWithStability(ch chan<- metrics.Metric) {
> ++ var errorCount float64
> ++ defer func() {
> ++ ch <- metrics.NewLazyConstMetric(resouceScrapeResultDesc, metrics.GaugeValue, errorCount)
> ++ }()
> ++ statsSummary, err := rc.provider.GetCPUAndMemoryStats()
> ++ if err != nil {
> ++ errorCount = 1
> ++ klog.Warningf("Error getting summary for resourceMetric prometheus endpoint: %v", err)
> ++ return
> ++ }
> ++
> ++ rc.collectNodeCPUMetrics(ch, statsSummary.Node)
> ++ rc.collectNodeMemoryMetrics(ch, statsSummary.Node)
> ++
> ++ for _, pod := range statsSummary.Pods {
> ++ for _, container := range pod.Containers {
> ++ rc.collectContainerCPUMetrics(ch, pod, container)
> ++ rc.collectContainerMemoryMetrics(ch, pod, container)
> ++ }
> ++ }
> ++}
> ++
> ++func (rc *resourceMetricsCollector) collectNodeCPUMetrics(ch chan<- metrics.Metric, s summary.NodeStats) {
> ++ if s.CPU == nil {
> ++ return
> ++ }
> ++
> ++ ch <- metrics.NewLazyMetricWithTimestamp(s.CPU.Time.Time,
> ++ metrics.NewLazyConstMetric(nodeCPUUsageDesc, metrics.GaugeValue, float64(*s.CPU.UsageCoreNanoSeconds)/float64(time.Second)))
> ++}
> ++
> ++func (rc *resourceMetricsCollector) collectNodeMemoryMetrics(ch chan<- metrics.Metric, s summary.NodeStats) {
> ++ if s.Memory == nil {
> ++ return
> ++ }
> ++
> ++ ch <- metrics.NewLazyMetricWithTimestamp(s.Memory.Time.Time,
> ++ metrics.NewLazyConstMetric(nodeMemoryUsageDesc, metrics.GaugeValue, float64(*s.Memory.WorkingSetBytes)))
> ++}
> ++
> ++func (rc *resourceMetricsCollector) collectContainerCPUMetrics(ch chan<- metrics.Metric, pod summary.PodStats, s summary.ContainerStats) {
> ++ if s.CPU == nil {
> ++ return
> ++ }
> ++
> ++ ch <- metrics.NewLazyMetricWithTimestamp(s.CPU.Time.Time,
> ++ metrics.NewLazyConstMetric(containerCPUUsageDesc, metrics.GaugeValue,
> ++ float64(*s.CPU.UsageCoreNanoSeconds)/float64(time.Second), s.Name, pod.PodRef.Name, pod.PodRef.Namespace))
> ++}
> ++
> ++func (rc *resourceMetricsCollector) collectContainerMemoryMetrics(ch chan<- metrics.Metric, pod summary.PodStats, s summary.ContainerStats) {
> ++ if s.Memory == nil {
> ++ return
> ++ }
> ++
> ++ ch <- metrics.NewLazyMetricWithTimestamp(s.Memory.Time.Time,
> ++ metrics.NewLazyConstMetric(containerMemoryUsageDesc, metrics.GaugeValue,
> ++ float64(*s.Memory.WorkingSetBytes), s.Name, pod.PodRef.Name, pod.PodRef.Namespace))
> ++}
> +diff --git a/src/import/pkg/kubelet/metrics/collectors/resource_metrics_test.go b/src/import/pkg/kubelet/metrics/collectors/resource_metrics_test.go
> +new file mode 100644
> +index 00000000000..b92aabbd675
> +--- /dev/null
> ++++ b/src/import/pkg/kubelet/metrics/collectors/resource_metrics_test.go
> +@@ -0,0 +1,189 @@
> ++/*
> ++Copyright 2019 The Kubernetes Authors.
> ++
> ++Licensed under the Apache License, Version 2.0 (the "License");
> ++you may not use this file except in compliance with the License.
> ++You may obtain a copy of the License at
> ++
> ++ http://www.apache.org/licenses/LICENSE-2.0
> ++
> ++Unless required by applicable law or agreed to in writing, software
> ++distributed under the License is distributed on an "AS IS" BASIS,
> ++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> ++See the License for the specific language governing permissions and
> ++limitations under the License.
> ++*/
> ++
> ++package collectors
> ++
> ++import (
> ++ "fmt"
> ++ "strings"
> ++ "testing"
> ++ "time"
> ++
> ++ "github.com/stretchr/testify/mock"
> ++
> ++ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
> ++ "k8s.io/component-base/metrics/testutil"
> ++ statsapi "k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1"
> ++)
> ++
> ++type mockSummaryProvider struct {
> ++ mock.Mock
> ++}
> ++
> ++func (m *mockSummaryProvider) Get(updateStats bool) (*statsapi.Summary, error) {
> ++ args := m.Called(updateStats)
> ++ return args.Get(0).(*statsapi.Summary), args.Error(1)
> ++}
> ++
> ++func (m *mockSummaryProvider) GetCPUAndMemoryStats() (*statsapi.Summary, error) {
> ++ args := m.Called()
> ++ return args.Get(0).(*statsapi.Summary), args.Error(1)
> ++}
> ++
> ++func TestCollectResourceMetrics(t *testing.T) {
> ++ testTime := metav1.NewTime(time.Unix(2, 0)) // a static timestamp: 2000
> ++ interestedMetrics := []string{
> ++ "scrape_error",
> ++ "node_cpu_usage_seconds",
> ++ "node_memory_working_set_bytes",
> ++ "container_cpu_usage_seconds",
> ++ "container_memory_working_set_bytes",
> ++ }
> ++
> ++ tests := []struct {
> ++ name string
> ++ summary *statsapi.Summary
> ++ summaryErr error
> ++ expectedMetrics string
> ++ }{
> ++ {
> ++ name: "error getting summary",
> ++ summary: nil,
> ++ summaryErr: fmt.Errorf("failed to get summary"),
> ++ expectedMetrics: `
> ++ # HELP scrape_error [ALPHA] 1 if there was an error while getting container metrics, 0 otherwise
> ++ # TYPE scrape_error gauge
> ++ scrape_error 1
> ++ `,
> ++ },
> ++ {
> ++ name: "arbitrary node metrics",
> ++ summary: &statsapi.Summary{
> ++ Node: statsapi.NodeStats{
> ++ CPU: &statsapi.CPUStats{
> ++ Time: testTime,
> ++ UsageCoreNanoSeconds: uint64Ptr(10000000000),
> ++ },
> ++ Memory: &statsapi.MemoryStats{
> ++ Time: testTime,
> ++ WorkingSetBytes: uint64Ptr(1000),
> ++ },
> ++ },
> ++ },
> ++ summaryErr: nil,
> ++ expectedMetrics: `
> ++ # HELP node_cpu_usage_seconds [ALPHA] Cumulative cpu time consumed by the node in core-seconds
> ++ # TYPE node_cpu_usage_seconds gauge
> ++ node_cpu_usage_seconds 10 2000
> ++ # HELP node_memory_working_set_bytes [ALPHA] Current working set of the node in bytes
> ++ # TYPE node_memory_working_set_bytes gauge
> ++ node_memory_working_set_bytes 1000 2000
> ++ # HELP scrape_error [ALPHA] 1 if there was an error while getting container metrics, 0 otherwise
> ++ # TYPE scrape_error gauge
> ++ scrape_error 0
> ++ `,
> ++ },
> ++ {
> ++ name: "arbitrary container metrics for different container, pods and namespaces",
> ++ summary: &statsapi.Summary{
> ++ Pods: []statsapi.PodStats{
> ++ {
> ++ PodRef: statsapi.PodReference{
> ++ Name: "pod_a",
> ++ Namespace: "namespace_a",
> ++ },
> ++ Containers: []statsapi.ContainerStats{
> ++ {
> ++ Name: "container_a",
> ++ CPU: &statsapi.CPUStats{
> ++ Time: testTime,
> ++ UsageCoreNanoSeconds: uint64Ptr(10000000000),
> ++ },
> ++ Memory: &statsapi.MemoryStats{
> ++ Time: testTime,
> ++ WorkingSetBytes: uint64Ptr(1000),
> ++ },
> ++ },
> ++ {
> ++ Name: "container_b",
> ++ CPU: &statsapi.CPUStats{
> ++ Time: testTime,
> ++ UsageCoreNanoSeconds: uint64Ptr(10000000000),
> ++ },
> ++ Memory: &statsapi.MemoryStats{
> ++ Time: testTime,
> ++ WorkingSetBytes: uint64Ptr(1000),
> ++ },
> ++ },
> ++ },
> ++ },
> ++ {
> ++ PodRef: statsapi.PodReference{
> ++ Name: "pod_b",
> ++ Namespace: "namespace_b",
> ++ },
> ++ Containers: []statsapi.ContainerStats{
> ++ {
> ++ Name: "container_a",
> ++ CPU: &statsapi.CPUStats{
> ++ Time: testTime,
> ++ UsageCoreNanoSeconds: uint64Ptr(10000000000),
> ++ },
> ++ Memory: &statsapi.MemoryStats{
> ++ Time: testTime,
> ++ WorkingSetBytes: uint64Ptr(1000),
> ++ },
> ++ },
> ++ },
> ++ },
> ++ },
> ++ },
> ++ summaryErr: nil,
> ++ expectedMetrics: `
> ++ # HELP scrape_error [ALPHA] 1 if there was an error while getting container metrics, 0 otherwise
> ++ # TYPE scrape_error gauge
> ++ scrape_error 0
> ++ # HELP container_cpu_usage_seconds [ALPHA] Cumulative cpu time consumed by the container in core-seconds
> ++ # TYPE container_cpu_usage_seconds gauge
> ++ container_cpu_usage_seconds{container="container_a",namespace="namespace_a",pod="pod_a"} 10 2000
> ++ container_cpu_usage_seconds{container="container_a",namespace="namespace_b",pod="pod_b"} 10 2000
> ++ container_cpu_usage_seconds{container="container_b",namespace="namespace_a",pod="pod_a"} 10 2000
> ++ # HELP container_memory_working_set_bytes [ALPHA] Current working set of the container in bytes
> ++ # TYPE container_memory_working_set_bytes gauge
> ++ container_memory_working_set_bytes{container="container_a",namespace="namespace_a",pod="pod_a"} 1000 2000
> ++ container_memory_working_set_bytes{container="container_a",namespace="namespace_b",pod="pod_b"} 1000 2000
> ++ container_memory_working_set_bytes{container="container_b",namespace="namespace_a",pod="pod_a"} 1000 2000
> ++ `,
> ++ },
> ++ }
> ++
> ++ for _, test := range tests {
> ++ tc := test
> ++ t.Run(tc.name, func(t *testing.T) {
> ++ provider := &mockSummaryProvider{}
> ++ provider.On("GetCPUAndMemoryStats").Return(tc.summary, tc.summaryErr)
> ++ collector := NewResourceMetricsCollector(provider)
> ++
> ++ if err := testutil.CustomCollectAndCompare(collector, strings.NewReader(tc.expectedMetrics), interestedMetrics...); err != nil {
> ++ t.Fatal(err)
> ++ }
> ++ })
> ++ }
> ++}
> ++
> ++func uint64Ptr(u uint64) *uint64 {
> ++ return &u
> ++}
> +diff --git a/src/import/pkg/kubelet/server/auth_test.go b/src/import/pkg/kubelet/server/auth_test.go
> +index d598bc3892b..638f3ba2bf0 100644
> +--- a/src/import/pkg/kubelet/server/auth_test.go
> ++++ b/src/import/pkg/kubelet/server/auth_test.go
> +@@ -128,6 +128,7 @@ func AuthzTestCases() []AuthzTestCase {
> + "/metrics/cadvisor": "metrics",
> + "/metrics/probes": "metrics",
> + "/metrics/resource/v1alpha1": "metrics",
> ++ "/metrics/resource": "metrics",
> + "/pods/": "proxy",
> + "/portForward/{podNamespace}/{podID}": "proxy",
> + "/portForward/{podNamespace}/{podID}/{uid}": "proxy",
> +diff --git a/src/import/pkg/kubelet/server/server.go b/src/import/pkg/kubelet/server/server.go
> +index 87f3bd28a25..74eeaf10171 100644
> +--- a/src/import/pkg/kubelet/server/server.go
> ++++ b/src/import/pkg/kubelet/server/server.go
> +@@ -38,6 +38,7 @@ import (
> + "github.com/google/cadvisor/metrics"
> + "google.golang.org/grpc"
> + "k8s.io/klog"
> ++ "k8s.io/kubernetes/pkg/kubelet/metrics/collectors"
> +
> + "k8s.io/api/core/v1"
> + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
> +@@ -74,13 +75,13 @@ import (
> + )
> +
> + const (
> +- metricsPath = "/metrics"
> +- cadvisorMetricsPath = "/metrics/cadvisor"
> +- resourceMetricsPathPrefix = "/metrics/resource"
> +- proberMetricsPath = "/metrics/probes"
> +- specPath = "/spec/"
> +- statsPath = "/stats/"
> +- logsPath = "/logs/"
> ++ metricsPath = "/metrics"
> ++ cadvisorMetricsPath = "/metrics/cadvisor"
> ++ resourceMetricsPath = "/metrics/resource"
> ++ proberMetricsPath = "/metrics/probes"
> ++ specPath = "/spec/"
> ++ statsPath = "/stats/"
> ++ logsPath = "/logs/"
> + )
> +
> + // Server is a http.Handler which exposes kubelet functionality over HTTP.
> +@@ -321,10 +322,16 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
> +
> + v1alpha1ResourceRegistry := compbasemetrics.NewKubeRegistry()
> + v1alpha1ResourceRegistry.CustomMustRegister(stats.NewPrometheusResourceMetricCollector(s.resourceAnalyzer, v1alpha1.Config()))
> +- s.restfulCont.Handle(path.Join(resourceMetricsPathPrefix, v1alpha1.Version),
> ++ s.restfulCont.Handle(path.Join(resourceMetricsPath, v1alpha1.Version),
> + compbasemetrics.HandlerFor(v1alpha1ResourceRegistry, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
> + )
> +
> ++ resourceRegistry := compbasemetrics.NewKubeRegistry()
> ++ resourceRegistry.CustomMustRegister(collectors.NewResourceMetricsCollector(s.resourceAnalyzer))
> ++ s.restfulCont.Handle(resourceMetricsPath,
> ++ compbasemetrics.HandlerFor(resourceRegistry, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
> ++ )
> ++
> + // prober metrics are exposed under a different endpoint
> +
> + p := compbasemetrics.NewKubeRegistry()
> +--
> +2.20.1
> +
> diff --git a/recipes-containers/kubernetes/kubernetes/0001-Deal-with-auto-generated-files.patch b/recipes-containers/kubernetes/kubernetes/0001-Deal-with-auto-generated-files.patch
> new file mode 100644
> index 0000000..f7a5c7c
> --- /dev/null
> +++ b/recipes-containers/kubernetes/kubernetes/0001-Deal-with-auto-generated-files.patch
> @@ -0,0 +1,60 @@
> +From c394d821fdafd719619eb63fcd1065a95ec02ef9 Mon Sep 17 00:00:00 2001
> +From: RainbowMango <renhongcai@huawei.com>
> +Date: Sun, 15 Dec 2019 18:37:38 +0800
> +Subject: [PATCH] Deal with auto-generated files: - Update bazel by
> + hack/update-bazel.sh
> +
> +This commit is needed for context to fix CVE-2020-8551
> +
> +Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/86282/commits/c394d821fdafd719619eb63fcd1065a95ec02ef9]
> +CVE: CVE-2020-8551
> +
> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> +---
> + pkg/kubelet/metrics/collectors/BUILD | 3 +++
> + pkg/kubelet/server/BUILD | 1 +
> + 2 files changed, 4 insertions(+)
> +
> +diff --git a/src/import/pkg/kubelet/metrics/collectors/BUILD b/src/import/pkg/kubelet/metrics/collectors/BUILD
> +index 00bc335320f..25398793eab 100644
> +--- a/src/import/pkg/kubelet/metrics/collectors/BUILD
> ++++ b/src/import/pkg/kubelet/metrics/collectors/BUILD
> +@@ -4,6 +4,7 @@ go_library(
> + name = "go_default_library",
> + srcs = [
> + "log_metrics.go",
> ++ "resource_metrics.go",
> + "volume_stats.go",
> + ],
> + importpath = "k8s.io/kubernetes/pkg/kubelet/metrics/collectors",
> +@@ -22,6 +23,7 @@ go_test(
> + name = "go_default_test",
> + srcs = [
> + "log_metrics_test.go",
> ++ "resource_metrics_test.go",
> + "volume_stats_test.go",
> + ],
> + embed = [":go_default_library"],
> +@@ -30,6 +32,7 @@ go_test(
> + "//pkg/kubelet/server/stats/testing:go_default_library",
> + "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
> + "//staging/src/k8s.io/component-base/metrics/testutil:go_default_library",
> ++ "//vendor/github.com/stretchr/testify/mock:go_default_library",
> + ],
> + )
> +
> +diff --git a/src/import/pkg/kubelet/server/BUILD b/src/import/pkg/kubelet/server/BUILD
> +index d83619fcbe5..a18f1b5e83b 100644
> +--- a/src/import/pkg/kubelet/server/BUILD
> ++++ b/src/import/pkg/kubelet/server/BUILD
> +@@ -22,6 +22,7 @@ go_library(
> + "//pkg/kubelet/apis/podresources/v1alpha1:go_default_library",
> + "//pkg/kubelet/apis/resourcemetrics/v1alpha1:go_default_library",
> + "//pkg/kubelet/container:go_default_library",
> ++ "//pkg/kubelet/metrics/collectors:go_default_library",
> + "//pkg/kubelet/prober:go_default_library",
> + "//pkg/kubelet/server/metrics:go_default_library",
> + "//pkg/kubelet/server/portforward:go_default_library",
> +--
> +2.20.1
> +
> diff --git a/recipes-containers/kubernetes/kubernetes/0001-remove-client-label-from-apiserver-request-count-met.patch b/recipes-containers/kubernetes/kubernetes/0001-remove-client-label-from-apiserver-request-count-met.patch
> new file mode 100644
> index 0000000..d4bf783
> --- /dev/null
> +++ b/recipes-containers/kubernetes/kubernetes/0001-remove-client-label-from-apiserver-request-count-met.patch
> @@ -0,0 +1,171 @@
> +From a657089732c0bd5d4515fb9208182c31c6c05790 Mon Sep 17 00:00:00 2001
> +From: Han Kang <hankang@google.com>
> +Date: Wed, 29 Jan 2020 12:25:55 -0800
> +Subject: [PATCH] remove client label from apiserver request count metric since
> + it is unbounded
> +
> +Change-Id: I3a9eacebc9d9dc9ed6347260d9378cdcb5743431
> +
> +Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/87669/commits/cc3190968b1f14ddf4067abef849fc41bd6068dc]
> +CVE: CVE-2020-8552
> +
> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> +---
> + .../apiserver/pkg/endpoints/metrics/BUILD | 8 ---
> + .../pkg/endpoints/metrics/metrics.go | 23 ++------
> + .../pkg/endpoints/metrics/metrics_test.go | 54 -------------------
> + 3 files changed, 4 insertions(+), 81 deletions(-)
> + delete mode 100644 staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics_test.go
> +
> +diff --git a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD
> +index 8d13a34eadc..8abb3d1a611 100644
> +--- a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD
> ++++ b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD
> +@@ -3,13 +3,6 @@ package(default_visibility = ["//visibility:public"])
> + load(
> + "@io_bazel_rules_go//go:def.bzl",
> + "go_library",
> +- "go_test",
> +-)
> +-
> +-go_test(
> +- name = "go_default_test",
> +- srcs = ["metrics_test.go"],
> +- embed = [":go_default_library"],
> + )
> +
> + go_library(
> +@@ -20,7 +13,6 @@ go_library(
> + deps = [
> + "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/validation:go_default_library",
> + "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
> +- "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
> + "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
> + "//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
> + "//staging/src/k8s.io/apiserver/pkg/features:go_default_library",
> +diff --git a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go
> +index 36ff861da7a..81a9a2c5e6f 100644
> +--- a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go
> ++++ b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go
> +@@ -31,7 +31,6 @@ import (
> +
> + "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
> + "k8s.io/apimachinery/pkg/types"
> +- utilnet "k8s.io/apimachinery/pkg/util/net"
> + utilsets "k8s.io/apimachinery/pkg/util/sets"
> + "k8s.io/apiserver/pkg/endpoints/request"
> + "k8s.io/apiserver/pkg/features"
> +@@ -65,14 +64,14 @@ var (
> + requestCounter = compbasemetrics.NewCounterVec(
> + &compbasemetrics.CounterOpts{
> + Name: "apiserver_request_total",
> +- Help: "Counter of apiserver requests broken out for each verb, dry run value, group, version, resource, scope, component, client, and HTTP response contentType and code.",
> ++ Help: "Counter of apiserver requests broken out for each verb, dry run value, group, version, resource, scope, component, and HTTP response contentType and code.",
> + StabilityLevel: compbasemetrics.ALPHA,
> + },
> + // The label_name contentType doesn't follow the label_name convention defined here:
> + // https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/instrumentation.md
> + // But changing it would break backwards compatibility. Future label_names
> + // should be all lowercase and separated by underscores.
> +- []string{"verb", "dry_run", "group", "version", "resource", "subresource", "scope", "component", "client", "contentType", "code"},
> ++ []string{"verb", "dry_run", "group", "version", "resource", "subresource", "scope", "component", "contentType", "code"},
> + )
> + deprecatedRequestCounter = compbasemetrics.NewCounterVec(
> + &compbasemetrics.CounterOpts{
> +@@ -301,11 +300,10 @@ func RecordLongRunning(req *http.Request, requestInfo *request.RequestInfo, comp
> + func MonitorRequest(req *http.Request, verb, group, version, resource, subresource, scope, component, contentType string, httpCode, respSize int, elapsed time.Duration) {
> + reportedVerb := cleanVerb(verb, req)
> + dryRun := cleanDryRun(req.URL)
> +- client := cleanUserAgent(utilnet.GetHTTPClient(req))
> + elapsedMicroseconds := float64(elapsed / time.Microsecond)
> + elapsedSeconds := elapsed.Seconds()
> +- requestCounter.WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component, client, contentType, codeToString(httpCode)).Inc()
> +- deprecatedRequestCounter.WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component, client, contentType, codeToString(httpCode)).Inc()
> ++ requestCounter.WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component, contentType, codeToString(httpCode)).Inc()
> ++ deprecatedRequestCounter.WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component, contentType, codeToString(httpCode)).Inc()
> + requestLatencies.WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component).Observe(elapsedSeconds)
> + deprecatedRequestLatencies.WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component).Observe(elapsedMicroseconds)
> + deprecatedRequestLatenciesSummary.WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component).Observe(elapsedMicroseconds)
> +@@ -425,19 +423,6 @@ func cleanDryRun(u *url.URL) string {
> + return strings.Join(utilsets.NewString(dryRun...).List(), ",")
> + }
> +
> +-func cleanUserAgent(ua string) string {
> +- // We collapse all "web browser"-type user agents into one "browser" to reduce metric cardinality.
> +- if strings.HasPrefix(ua, "Mozilla/") {
> +- return "Browser"
> +- }
> +- // If an old "kubectl.exe" has passed us its full path, we discard the path portion.
> +- if kubectlExeRegexp.MatchString(ua) {
> +- // avoid an allocation
> +- ua = kubectlExeRegexp.ReplaceAllString(ua, "$1")
> +- }
> +- return ua
> +-}
> +-
> + // ResponseWriterDelegator interface wraps http.ResponseWriter to additionally record content-length, status-code, etc.
> + type ResponseWriterDelegator struct {
> + http.ResponseWriter
> +diff --git a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics_test.go b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics_test.go
> +deleted file mode 100644
> +index 4c0a8aa5d27..00000000000
> +--- a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics_test.go
> ++++ /dev/null
> +@@ -1,54 +0,0 @@
> +-/*
> +-Copyright 2015 The Kubernetes Authors.
> +-
> +-Licensed under the Apache License, Version 2.0 (the "License");
> +-you may not use this file except in compliance with the License.
> +-You may obtain a copy of the License at
> +-
> +- http://www.apache.org/licenses/LICENSE-2.0
> +-
> +-Unless required by applicable law or agreed to in writing, software
> +-distributed under the License is distributed on an "AS IS" BASIS,
> +-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +-See the License for the specific language governing permissions and
> +-limitations under the License.
> +-*/
> +-
> +-package metrics
> +-
> +-import "testing"
> +-
> +-func TestCleanUserAgent(t *testing.T) {
> +- panicBuf := []byte{198, 73, 129, 133, 90, 216, 104, 29, 13, 134, 209, 233, 30, 0, 22}
> +-
> +- for _, tc := range []struct {
> +- In string
> +- Out string
> +- }{
> +- {
> +- In: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36",
> +- Out: "Browser",
> +- },
> +- {
> +- In: "kubectl/v1.2.4",
> +- Out: "kubectl/v1.2.4",
> +- },
> +- {
> +- In: `C:\Users\Kubernetes\kubectl.exe/v1.5.4`,
> +- Out: "kubectl.exe/v1.5.4",
> +- },
> +- {
> +- In: `C:\Program Files\kubectl.exe/v1.5.4`,
> +- Out: "kubectl.exe/v1.5.4",
> +- },
> +- {
> +- // This malicious input courtesy of enisoc.
> +- In: string(panicBuf) + "kubectl.exe",
> +- Out: "kubectl.exe",
> +- },
> +- } {
> +- if cleanUserAgent(tc.In) != tc.Out {
> +- t.Errorf("Failed to clean User-Agent: %s", tc.In)
> +- }
> +- }
> +-}
> +--
> +2.17.1
> +
> diff --git a/recipes-containers/kubernetes/kubernetes/0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch b/recipes-containers/kubernetes/kubernetes/0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch
> new file mode 100644
> index 0000000..2688797
> --- /dev/null
> +++ b/recipes-containers/kubernetes/kubernetes/0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch
> @@ -0,0 +1,825 @@
> +From a290fe55cb2f4593eb4ec5bf410cd77b9d925464 Mon Sep 17 00:00:00 2001
> +From: CJ Cullen <cjcullen@google.com>
> +Date: Wed, 22 Jan 2020 11:32:39 -0800
> +Subject: [PATCH] update gopkg.in/yaml.v2 to v2.2.8
> +
> +Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/87637/commits/a290fe55cb2f4593eb4ec5bf410cd77b9d925464]
> +CVE: CVE-2019-11254
> +
> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> +---
> + go.mod | 4 +-
> + go.sum | 4 +-
> + staging/src/k8s.io/api/go.sum | 4 +-
> + .../src/k8s.io/apiextensions-apiserver/go.mod | 2 +-
> + .../src/k8s.io/apiextensions-apiserver/go.sum | 2 +
> + staging/src/k8s.io/apimachinery/go.mod | 2 +-
> + staging/src/k8s.io/apimachinery/go.sum | 4 +-
> + staging/src/k8s.io/apiserver/go.mod | 2 +-
> + staging/src/k8s.io/apiserver/go.sum | 4 +-
> + staging/src/k8s.io/cli-runtime/go.sum | 4 +-
> + staging/src/k8s.io/client-go/go.sum | 4 +-
> + staging/src/k8s.io/cloud-provider/go.sum | 4 +-
> + staging/src/k8s.io/cluster-bootstrap/go.sum | 4 +-
> + staging/src/k8s.io/code-generator/go.mod | 2 +-
> + staging/src/k8s.io/code-generator/go.sum | 4 +-
> + staging/src/k8s.io/component-base/go.sum | 4 +-
> + staging/src/k8s.io/cri-api/go.mod | 2 +-
> + staging/src/k8s.io/cri-api/go.sum | 4 +-
> + staging/src/k8s.io/csi-translation-lib/go.sum | 4 +-
> + staging/src/k8s.io/kube-aggregator/go.sum | 4 +-
> + .../src/k8s.io/kube-controller-manager/go.sum | 4 +-
> + staging/src/k8s.io/kube-proxy/go.sum | 4 +-
> + staging/src/k8s.io/kube-scheduler/go.sum | 4 +-
> + staging/src/k8s.io/kubectl/go.mod | 2 +-
> + staging/src/k8s.io/kubectl/go.sum | 4 +-
> + staging/src/k8s.io/kubelet/go.sum | 4 +-
> + .../src/k8s.io/legacy-cloud-providers/go.sum | 4 +-
> + staging/src/k8s.io/metrics/go.sum | 4 +-
> + staging/src/k8s.io/node-api/go.sum | 4 +-
> + staging/src/k8s.io/sample-apiserver/go.sum | 4 +-
> + staging/src/k8s.io/sample-cli-plugin/go.sum | 4 +-
> + staging/src/k8s.io/sample-controller/go.sum | 4 +-
> + vendor/gopkg.in/yaml.v2/.travis.yml | 18 +--
> + vendor/gopkg.in/yaml.v2/decode.go | 14 ++-
> + vendor/gopkg.in/yaml.v2/scannerc.go | 107 +++++++++---------
> + vendor/gopkg.in/yaml.v2/yaml.go | 2 +-
> + vendor/gopkg.in/yaml.v2/yamlh.go | 1 +
> + vendor/modules.txt | 2 +-
> + 38 files changed, 133 insertions(+), 125 deletions(-)
> +
> +diff --git a/src/import/go.mod b/src/import/go.mod
> +index 7d515c2ffb0..28de082aa0d 100644
> +--- a/src/import/go.mod
> ++++ b/src/import/go.mod
> +@@ -131,7 +131,7 @@ require (
> + google.golang.org/grpc v1.23.1
> + gopkg.in/gcfg.v1 v1.2.0
> + gopkg.in/square/go-jose.v2 v2.2.2
> +- gopkg.in/yaml.v2 v2.2.4
> ++ gopkg.in/yaml.v2 v2.2.8
> + gotest.tools v2.2.0+incompatible
> + gotest.tools/gotestsum v0.3.5
> + honnef.co/go/tools v0.0.1-2019.2.2
> +@@ -518,7 +518,7 @@ replace (
> + gopkg.in/square/go-jose.v2 => gopkg.in/square/go-jose.v2 v2.2.2
> + gopkg.in/tomb.v1 => gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
> + gopkg.in/warnings.v0 => gopkg.in/warnings.v0 v0.1.1
> +- gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.2.4
> ++ gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.2.8
> + gotest.tools => gotest.tools v2.2.0+incompatible
> + gotest.tools/gotestsum => gotest.tools/gotestsum v0.3.5
> + grpc.go4.org => grpc.go4.org v0.0.0-20170609214715-11d0a25b4919
> +diff --git a/src/import/go.sum b/src/import/go.sum
> +index 72d79cb27b2..43aaee0e578 100644
> +--- a/src/import/go.sum
> ++++ b/src/import/go.sum
> +@@ -574,8 +574,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkep
> + gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
> + gopkg.in/warnings.v0 v0.1.1 h1:XM28wIgFzaBmeZ5dNHIpWLQpt/9DGKxk+rCg/22nnYE=
> + gopkg.in/warnings.v0 v0.1.1/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
> + gotest.tools/gotestsum v0.3.5 h1:VePOWRsuWFYpfp/G8mbmOZKxO5T3501SEGQRUdvq7h0=
> +diff --git a/src/import/staging/src/k8s.io/api/go.sum b/src/importsrc/import/staging/src/k8s.io/api/go.sum
> +index 08ad9edc62a..73199a7c13e 100644
> +--- a/src/import/staging/src/k8s.io/api/go.sum
> ++++ b/src/import/staging/src/k8s.io/api/go.sum
> +@@ -95,8 +95,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
> + gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> + k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
> + k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
> +diff --git a/src/import/staging/src/k8s.io/apiextensions-apiserver/go.mod b/src/importsrc/import/staging/src/k8s.io/apiextensions-apiserver/go.mod
> +index 97014a76a68..499daf4ffa7 100644
> +--- a/src/import/staging/src/k8s.io/apiextensions-apiserver/go.mod
> ++++ b/src/import/staging/src/k8s.io/apiextensions-apiserver/go.mod
> +@@ -20,7 +20,7 @@ require (
> + github.com/stretchr/testify v1.4.0
> + go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738
> + google.golang.org/grpc v1.23.1
> +- gopkg.in/yaml.v2 v2.2.4
> ++ gopkg.in/yaml.v2 v2.2.8
> + k8s.io/api v0.0.0
> + k8s.io/apimachinery v0.0.0
> + k8s.io/apiserver v0.0.0
> +diff --git a/src/import/staging/src/k8s.io/apiextensions-apiserver/go.sum b/src/importstaging/src/k8s.io/apiextensions-apiserver/go.sum
> +index 6f8bd4918ce..ef6973e4220 100644
> +--- a/src/import/staging/src/k8s.io/apiextensions-apiserver/go.sum
> ++++ b/src/import/staging/src/k8s.io/apiextensions-apiserver/go.sum
> +@@ -449,6 +449,8 @@ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> + gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> +diff --git a/src/import/staging/src/k8s.io/apimachinery/go.mod b/src/importstaging/src/k8s.io/apimachinery/go.mod
> +index 85bd7edfc84..569aa8941c4 100644
> +--- a/src/import/staging/src/k8s.io/apimachinery/go.mod
> ++++ b/src/import/staging/src/k8s.io/apimachinery/go.mod
> +@@ -30,7 +30,7 @@ require (
> + golang.org/x/text v0.3.2 // indirect
> + gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
> + gopkg.in/inf.v0 v0.9.1
> +- gopkg.in/yaml.v2 v2.2.4
> ++ gopkg.in/yaml.v2 v2.2.8
> + k8s.io/klog v1.0.0
> + k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a
> + sigs.k8s.io/yaml v1.1.0
> +diff --git a/src/import/staging/src/k8s.io/apimachinery/go.sum b/src/importstaging/src/k8s.io/apimachinery/go.sum
> +index 52ad8335f42..0741a85da3f 100644
> +--- a/src/import/staging/src/k8s.io/apimachinery/go.sum
> ++++ b/src/import/staging/src/k8s.io/apimachinery/go.sum
> +@@ -111,8 +111,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
> + gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> + k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
> + k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
> +diff --git a/src/import/staging/src/k8s.io/apiserver/go.mod b/src/importstaging/src/k8s.io/apiserver/go.mod
> +index 01b925bab48..6586e6680cb 100644
> +--- a/src/import/staging/src/k8s.io/apiserver/go.mod
> ++++ b/src/import/staging/src/k8s.io/apiserver/go.mod
> +@@ -42,7 +42,7 @@ require (
> + google.golang.org/grpc v1.23.1
> + gopkg.in/natefinch/lumberjack.v2 v2.0.0
> + gopkg.in/square/go-jose.v2 v2.2.2
> +- gopkg.in/yaml.v2 v2.2.4
> ++ gopkg.in/yaml.v2 v2.2.8
> + gotest.tools v2.2.0+incompatible // indirect
> + k8s.io/api v0.0.0
> + k8s.io/apimachinery v0.0.0
> +diff --git a/src/import/staging/src/k8s.io/apiserver/go.sum b/src/importstaging/src/k8s.io/apiserver/go.sum
> +index a9014243b34..0b216e592e4 100644
> +--- a/src/import/staging/src/k8s.io/apiserver/go.sum
> ++++ b/src/import/staging/src/k8s.io/apiserver/go.sum
> +@@ -345,8 +345,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> +diff --git a/src/import/staging/src/k8s.io/cli-runtime/go.sum b/src/importstaging/src/k8s.io/cli-runtime/go.sum
> +index a5eef73070b..c6c2d0d9231 100644
> +--- a/src/import/staging/src/k8s.io/cli-runtime/go.sum
> ++++ b/src/import/staging/src/k8s.io/cli-runtime/go.sum
> +@@ -234,8 +234,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/client-go/go.sum b/src/importstaging/src/k8s.io/client-go/go.sum
> +index d0df7473b3e..f8f205a69d7 100644
> +--- a/src/import/staging/src/k8s.io/client-go/go.sum
> ++++ b/src/import/staging/src/k8s.io/client-go/go.sum
> +@@ -189,8 +189,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/cloud-provider/go.sum b/src/importstaging/src/k8s.io/cloud-provider/go.sum
> +index 8ccf452dc8d..74228199881 100644
> +--- a/src/import/staging/src/k8s.io/cloud-provider/go.sum
> ++++ b/src/import/staging/src/k8s.io/cloud-provider/go.sum
> +@@ -171,8 +171,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/cluster-bootstrap/go.sum b/src/importstaging/src/k8s.io/cluster-bootstrap/go.sum
> +index 8d81d0563ea..4c58905c7d8 100644
> +--- a/src/import/staging/src/k8s.io/cluster-bootstrap/go.sum
> ++++ b/src/import/staging/src/k8s.io/cluster-bootstrap/go.sum
> +@@ -99,8 +99,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
> + gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> + k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
> + k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
> +diff --git a/src/import/staging/src/k8s.io/code-generator/go.mod b/src/importstaging/src/k8s.io/code-generator/go.mod
> +index 69a9e1cd9f2..2436804e8f0 100644
> +--- a/src/import/staging/src/k8s.io/code-generator/go.mod
> ++++ b/src/import/staging/src/k8s.io/code-generator/go.mod
> +@@ -18,7 +18,7 @@ require (
> + golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72 // indirect
> + gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485
> + gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e // indirect
> +- gopkg.in/yaml.v2 v2.2.4 // indirect
> ++ gopkg.in/yaml.v2 v2.2.8 // indirect
> + k8s.io/gengo v0.0.0-20190822140433-26a664648505
> + k8s.io/klog v1.0.0
> + k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a
> +diff --git a/src/import/staging/src/k8s.io/code-generator/go.sum b/src/importstaging/src/k8s.io/code-generator/go.sum
> +index 7bab2c9efd3..afc21aae562 100644
> +--- a/src/import/staging/src/k8s.io/code-generator/go.sum
> ++++ b/src/import/staging/src/k8s.io/code-generator/go.sum
> +@@ -114,8 +114,8 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> + k8s.io/gengo v0.0.0-20190822140433-26a664648505 h1:ZY6yclUKVbZ+SdWnkfY+Je5vrMpKOxmGeKRbsXVmqYM=
> +diff --git a/src/import/staging/src/k8s.io/component-base/go.sum b/src/importstaging/src/k8s.io/component-base/go.sum
> +index b6af501ac2e..6c54e8b74e0 100644
> +--- a/src/import/staging/src/k8s.io/component-base/go.sum
> ++++ b/src/import/staging/src/k8s.io/component-base/go.sum
> +@@ -210,8 +210,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/cri-api/go.mod b/src/importstaging/src/k8s.io/cri-api/go.mod
> +index de2050e54af..4f8315dcfcc 100644
> +--- a/src/import/staging/src/k8s.io/cri-api/go.mod
> ++++ b/src/import/staging/src/k8s.io/cri-api/go.mod
> +@@ -16,7 +16,7 @@ require (
> + google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873 // indirect
> + google.golang.org/grpc v1.23.1
> + gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
> +- gopkg.in/yaml.v2 v2.2.4 // indirect
> ++ gopkg.in/yaml.v2 v2.2.8 // indirect
> + )
> +
> + replace (
> +diff --git a/src/import/staging/src/k8s.io/cri-api/go.sum b/src/importstaging/src/k8s.io/cri-api/go.sum
> +index 880169cf1dc..5340741af79 100644
> +--- a/src/import/staging/src/k8s.io/cri-api/go.sum
> ++++ b/src/import/staging/src/k8s.io/cri-api/go.sum
> +@@ -59,7 +59,7 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
> + gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
> + gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> +diff --git a/src/import/staging/src/k8s.io/csi-translation-lib/go.sum b/src/importstaging/src/k8s.io/csi-translation-lib/go.sum
> +index 2cb7a51b2a4..f918afd9078 100644
> +--- a/src/import/staging/src/k8s.io/csi-translation-lib/go.sum
> ++++ b/src/import/staging/src/k8s.io/csi-translation-lib/go.sum
> +@@ -154,8 +154,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/kube-aggregator/go.sum b/src/importstaging/src/k8s.io/kube-aggregator/go.sum
> +index bfcd7b4aa8a..d29c2136442 100644
> +--- a/src/import/staging/src/k8s.io/kube-aggregator/go.sum
> ++++ b/src/import/staging/src/k8s.io/kube-aggregator/go.sum
> +@@ -378,8 +378,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> +diff --git a/src/import/staging/src/k8s.io/kube-controller-manager/go.sum b/src/importstaging/src/k8s.io/kube-controller-manager/go.sum
> +index 5303a3606b3..b238ae9cbbb 100644
> +--- a/src/import/staging/src/k8s.io/kube-controller-manager/go.sum
> ++++ b/src/import/staging/src/k8s.io/kube-controller-manager/go.sum
> +@@ -184,8 +184,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/kube-proxy/go.sum b/src/importstaging/src/k8s.io/kube-proxy/go.sum
> +index 5303a3606b3..b238ae9cbbb 100644
> +--- a/src/import/staging/src/k8s.io/kube-proxy/go.sum
> ++++ b/src/import/staging/src/k8s.io/kube-proxy/go.sum
> +@@ -184,8 +184,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/kube-scheduler/go.sum b/src/importstaging/src/k8s.io/kube-scheduler/go.sum
> +index 5303a3606b3..b238ae9cbbb 100644
> +--- a/src/import/staging/src/k8s.io/kube-scheduler/go.sum
> ++++ b/src/import/staging/src/k8s.io/kube-scheduler/go.sum
> +@@ -184,8 +184,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/kubectl/go.mod b/src/importstaging/src/k8s.io/kubectl/go.mod
> +index e0111ac16bf..c646296ebb1 100644
> +--- a/src/import/staging/src/k8s.io/kubectl/go.mod
> ++++ b/src/import/staging/src/k8s.io/kubectl/go.mod
> +@@ -34,7 +34,7 @@ require (
> + github.com/stretchr/testify v1.4.0
> + github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1 // indirect
> + golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456
> +- gopkg.in/yaml.v2 v2.2.4
> ++ gopkg.in/yaml.v2 v2.2.8
> + gotest.tools v2.2.0+incompatible // indirect
> + k8s.io/api v0.0.0
> + k8s.io/apimachinery v0.0.0
> +diff --git a/src/import/staging/src/k8s.io/kubectl/go.sum b/src/importstaging/src/k8s.io/kubectl/go.sum
> +index 95ba529852c..1db9943f53c 100644
> +--- a/src/import/staging/src/k8s.io/kubectl/go.sum
> ++++ b/src/import/staging/src/k8s.io/kubectl/go.sum
> +@@ -317,8 +317,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> +diff --git a/src/import/staging/src/k8s.io/kubelet/go.sum b/src/importstaging/src/k8s.io/kubelet/go.sum
> +index f42a61078c9..57a0c633583 100644
> +--- a/src/import/staging/src/k8s.io/kubelet/go.sum
> ++++ b/src/import/staging/src/k8s.io/kubelet/go.sum
> +@@ -119,8 +119,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
> + gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/legacy-cloud-providers/go.sum b/src/importstaging/src/k8s.io/legacy-cloud-providers/go.sum
> +index 99f76dac0cc..9e990dff888 100644
> +--- a/src/import/staging/src/k8s.io/legacy-cloud-providers/go.sum
> ++++ b/src/import/staging/src/k8s.io/legacy-cloud-providers/go.sum
> +@@ -340,8 +340,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> +diff --git a/src/import/staging/src/k8s.io/metrics/go.sum b/src/importstaging/src/k8s.io/metrics/go.sum
> +index 99df273ff9e..d9b2c94fdbe 100644
> +--- a/src/import/staging/src/k8s.io/metrics/go.sum
> ++++ b/src/import/staging/src/k8s.io/metrics/go.sum
> +@@ -211,8 +211,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk=
> +diff --git a/src/import/staging/src/k8s.io/node-api/go.sum b/src/importstaging/src/k8s.io/node-api/go.sum
> +index 77f0a21fa7d..1cb50186d99 100644
> +--- a/src/import/staging/src/k8s.io/node-api/go.sum
> ++++ b/src/import/staging/src/k8s.io/node-api/go.sum
> +@@ -215,8 +215,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk=
> +diff --git a/src/import/staging/src/k8s.io/sample-apiserver/go.sum b/src/importstaging/src/k8s.io/sample-apiserver/go.sum
> +index 3ea72ac63e9..236ee4b1e88 100644
> +--- a/src/import/staging/src/k8s.io/sample-apiserver/go.sum
> ++++ b/src/import/staging/src/k8s.io/sample-apiserver/go.sum
> +@@ -375,8 +375,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> +diff --git a/src/import/staging/src/k8s.io/sample-cli-plugin/go.sum b/src/importstaging/src/k8s.io/sample-cli-plugin/go.sum
> +index a5eef73070b..c6c2d0d9231 100644
> +--- a/src/import/staging/src/k8s.io/sample-cli-plugin/go.sum
> ++++ b/src/import/staging/src/k8s.io/sample-cli-plugin/go.sum
> +@@ -234,8 +234,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/sample-controller/go.sum b/src/importstaging/src/k8s.io/sample-controller/go.sum
> +index 55fa85acf16..3b18f34b5a6 100644
> +--- a/src/import/staging/src/k8s.io/sample-controller/go.sum
> ++++ b/src/import/staging/src/k8s.io/sample-controller/go.sum
> +@@ -216,8 +216,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk=
> +diff --git a/src/import/vendor/gopkg.in/yaml.v2/.travis.yml b/src/importvendor/gopkg.in/yaml.v2/.travis.yml
> +index 9f556934d8b..055480b9ef8 100644
> +--- a/src/import/vendor/gopkg.in/yaml.v2/.travis.yml
> ++++ b/src/import/vendor/gopkg.in/yaml.v2/.travis.yml
> +@@ -1,12 +1,16 @@
> + language: go
> +
> + go:
> +- - 1.4
> +- - 1.5
> +- - 1.6
> +- - 1.7
> +- - 1.8
> +- - 1.9
> +- - tip
> ++ - "1.4.x"
> ++ - "1.5.x"
> ++ - "1.6.x"
> ++ - "1.7.x"
> ++ - "1.8.x"
> ++ - "1.9.x"
> ++ - "1.10.x"
> ++ - "1.11.x"
> ++ - "1.12.x"
> ++ - "1.13.x"
> ++ - "tip"
> +
> + go_import_path: gopkg.in/yaml.v2
> +diff --git a/src/import/vendor/gopkg.in/yaml.v2/decode.go b/src/importvendor/gopkg.in/yaml.v2/decode.go
> +index 53108765555..129bc2a97d3 100644
> +--- a/src/import/vendor/gopkg.in/yaml.v2/decode.go
> ++++ b/src/import/vendor/gopkg.in/yaml.v2/decode.go
> +@@ -319,10 +319,14 @@ func (d *decoder) prepare(n *node, out reflect.Value) (newout reflect.Value, unm
> + }
> +
> + const (
> +- // 400,000 decode operations is ~500kb of dense object declarations, or ~5kb of dense object declarations with 10000% alias expansion
> ++ // 400,000 decode operations is ~500kb of dense object declarations, or
> ++ // ~5kb of dense object declarations with 10000% alias expansion
> + alias_ratio_range_low = 400000
> +- // 4,000,000 decode operations is ~5MB of dense object declarations, or ~4.5MB of dense object declarations with 10% alias expansion
> ++
> ++ // 4,000,000 decode operations is ~5MB of dense object declarations, or
> ++ // ~4.5MB of dense object declarations with 10% alias expansion
> + alias_ratio_range_high = 4000000
> ++
> + // alias_ratio_range is the range over which we scale allowed alias ratios
> + alias_ratio_range = float64(alias_ratio_range_high - alias_ratio_range_low)
> + )
> +@@ -784,8 +788,7 @@ func (d *decoder) merge(n *node, out reflect.Value) {
> + case mappingNode:
> + d.unmarshal(n, out)
> + case aliasNode:
> +- an, ok := d.doc.anchors[n.value]
> +- if ok && an.kind != mappingNode {
> ++ if n.alias != nil && n.alias.kind != mappingNode {
> + failWantMap()
> + }
> + d.unmarshal(n, out)
> +@@ -794,8 +797,7 @@ func (d *decoder) merge(n *node, out reflect.Value) {
> + for i := len(n.children) - 1; i >= 0; i-- {
> + ni := n.children[i]
> + if ni.kind == aliasNode {
> +- an, ok := d.doc.anchors[ni.value]
> +- if ok && an.kind != mappingNode {
> ++ if ni.alias != nil && ni.alias.kind != mappingNode {
> + failWantMap()
> + }
> + } else if ni.kind != mappingNode {
> +diff --git a/src/import/vendor/gopkg.in/yaml.v2/scannerc.go b/src/importvendor/gopkg.in/yaml.v2/scannerc.go
> +index 570b8ecd10f..0b9bb6030a0 100644
> +--- a/src/import/vendor/gopkg.in/yaml.v2/scannerc.go
> ++++ b/src/import/vendor/gopkg.in/yaml.v2/scannerc.go
> +@@ -626,31 +626,18 @@ func trace(args ...interface{}) func() {
> + func yaml_parser_fetch_more_tokens(parser *yaml_parser_t) bool {
> + // While we need more tokens to fetch, do it.
> + for {
> +- // Check if we really need to fetch more tokens.
> +- need_more_tokens := false
> +-
> +- if parser.tokens_head == len(parser.tokens) {
> +- // Queue is empty.
> +- need_more_tokens = true
> +- } else {
> +- // Check if any potential simple key may occupy the head position.
> +- if !yaml_parser_stale_simple_keys(parser) {
> ++ if parser.tokens_head != len(parser.tokens) {
> ++ // If queue is non-empty, check if any potential simple key may
> ++ // occupy the head position.
> ++ head_tok_idx, ok := parser.simple_keys_by_tok[parser.tokens_parsed]
> ++ if !ok {
> ++ break
> ++ } else if valid, ok := yaml_simple_key_is_valid(parser, &parser.simple_keys[head_tok_idx]); !ok {
> + return false
> +- }
> +-
> +- for i := range parser.simple_keys {
> +- simple_key := &parser.simple_keys[i]
> +- if simple_key.possible && simple_key.token_number == parser.tokens_parsed {
> +- need_more_tokens = true
> +- break
> +- }
> ++ } else if !valid {
> ++ break
> + }
> + }
> +-
> +- // We are finished.
> +- if !need_more_tokens {
> +- break
> +- }
> + // Fetch the next token.
> + if !yaml_parser_fetch_next_token(parser) {
> + return false
> +@@ -678,11 +665,6 @@ func yaml_parser_fetch_next_token(parser *yaml_parser_t) bool {
> + return false
> + }
> +
> +- // Remove obsolete potential simple keys.
> +- if !yaml_parser_stale_simple_keys(parser) {
> +- return false
> +- }
> +-
> + // Check the indentation level against the current column.
> + if !yaml_parser_unroll_indent(parser, parser.mark.column) {
> + return false
> +@@ -837,29 +819,30 @@ func yaml_parser_fetch_next_token(parser *yaml_parser_t) bool {
> + "found character that cannot start any token")
> + }
> +
> +-// Check the list of potential simple keys and remove the positions that
> +-// cannot contain simple keys anymore.
> +-func yaml_parser_stale_simple_keys(parser *yaml_parser_t) bool {
> +- // Check for a potential simple key for each flow level.
> +- for i := range parser.simple_keys {
> +- simple_key := &parser.simple_keys[i]
> +-
> +- // The specification requires that a simple key
> +- //
> +- // - is limited to a single line,
> +- // - is shorter than 1024 characters.
> +- if simple_key.possible && (simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index) {
> +-
> +- // Check if the potential simple key to be removed is required.
> +- if simple_key.required {
> +- return yaml_parser_set_scanner_error(parser,
> +- "while scanning a simple key", simple_key.mark,
> +- "could not find expected ':'")
> +- }
> +- simple_key.possible = false
> ++func yaml_simple_key_is_valid(parser *yaml_parser_t, simple_key *yaml_simple_key_t) (valid, ok bool) {
> ++ if !simple_key.possible {
> ++ return false, true
> ++ }
> ++
> ++ // The 1.2 specification says:
> ++ //
> ++ // "If the ? indicator is omitted, parsing needs to see past the
> ++ // implicit key to recognize it as such. To limit the amount of
> ++ // lookahead required, the “:” indicator must appear at most 1024
> ++ // Unicode characters beyond the start of the key. In addition, the key
> ++ // is restricted to a single line."
> ++ //
> ++ if simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index {
> ++ // Check if the potential simple key to be removed is required.
> ++ if simple_key.required {
> ++ return false, yaml_parser_set_scanner_error(parser,
> ++ "while scanning a simple key", simple_key.mark,
> ++ "could not find expected ':'")
> + }
> ++ simple_key.possible = false
> ++ return false, true
> + }
> +- return true
> ++ return true, true
> + }
> +
> + // Check if a simple key may start at the current position and add it if
> +@@ -879,13 +862,14 @@ func yaml_parser_save_simple_key(parser *yaml_parser_t) bool {
> + possible: true,
> + required: required,
> + token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
> ++ mark: parser.mark,
> + }
> +- simple_key.mark = parser.mark
> +
> + if !yaml_parser_remove_simple_key(parser) {
> + return false
> + }
> + parser.simple_keys[len(parser.simple_keys)-1] = simple_key
> ++ parser.simple_keys_by_tok[simple_key.token_number] = len(parser.simple_keys) - 1
> + }
> + return true
> + }
> +@@ -900,9 +884,10 @@ func yaml_parser_remove_simple_key(parser *yaml_parser_t) bool {
> + "while scanning a simple key", parser.simple_keys[i].mark,
> + "could not find expected ':'")
> + }
> ++ // Remove the key from the stack.
> ++ parser.simple_keys[i].possible = false
> ++ delete(parser.simple_keys_by_tok, parser.simple_keys[i].token_number)
> + }
> +- // Remove the key from the stack.
> +- parser.simple_keys[i].possible = false
> + return true
> + }
> +
> +@@ -912,7 +897,12 @@ const max_flow_level = 10000
> + // Increase the flow level and resize the simple key list if needed.
> + func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool {
> + // Reset the simple key on the next level.
> +- parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{})
> ++ parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{
> ++ possible: false,
> ++ required: false,
> ++ token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
> ++ mark: parser.mark,
> ++ })
> +
> + // Increase the flow level.
> + parser.flow_level++
> +@@ -928,7 +918,9 @@ func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool {
> + func yaml_parser_decrease_flow_level(parser *yaml_parser_t) bool {
> + if parser.flow_level > 0 {
> + parser.flow_level--
> +- parser.simple_keys = parser.simple_keys[:len(parser.simple_keys)-1]
> ++ last := len(parser.simple_keys) - 1
> ++ delete(parser.simple_keys_by_tok, parser.simple_keys[last].token_number)
> ++ parser.simple_keys = parser.simple_keys[:last]
> + }
> + return true
> + }
> +@@ -1005,6 +997,8 @@ func yaml_parser_fetch_stream_start(parser *yaml_parser_t) bool {
> + // Initialize the simple key stack.
> + parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{})
> +
> ++ parser.simple_keys_by_tok = make(map[int]int)
> ++
> + // A simple key is allowed at the beginning of the stream.
> + parser.simple_key_allowed = true
> +
> +@@ -1286,7 +1280,11 @@ func yaml_parser_fetch_value(parser *yaml_parser_t) bool {
> + simple_key := &parser.simple_keys[len(parser.simple_keys)-1]
> +
> + // Have we found a simple key?
> +- if simple_key.possible {
> ++ if valid, ok := yaml_simple_key_is_valid(parser, simple_key); !ok {
> ++ return false
> ++
> ++ } else if valid {
> ++
> + // Create the KEY token and insert it into the queue.
> + token := yaml_token_t{
> + typ: yaml_KEY_TOKEN,
> +@@ -1304,6 +1302,7 @@ func yaml_parser_fetch_value(parser *yaml_parser_t) bool {
> +
> + // Remove the simple key.
> + simple_key.possible = false
> ++ delete(parser.simple_keys_by_tok, simple_key.token_number)
> +
> + // A simple key cannot follow another simple key.
> + parser.simple_key_allowed = false
> +diff --git a/src/import/vendor/gopkg.in/yaml.v2/yaml.go b/src/importvendor/gopkg.in/yaml.v2/yaml.go
> +index de85aa4cdb7..89650e293ac 100644
> +--- a/src/import/vendor/gopkg.in/yaml.v2/yaml.go
> ++++ b/src/import/vendor/gopkg.in/yaml.v2/yaml.go
> +@@ -89,7 +89,7 @@ func UnmarshalStrict(in []byte, out interface{}) (err error) {
> + return unmarshal(in, out, true)
> + }
> +
> +-// A Decorder reads and decodes YAML values from an input stream.
> ++// A Decoder reads and decodes YAML values from an input stream.
> + type Decoder struct {
> + strict bool
> + parser *parser
> +diff --git a/src/import/vendor/gopkg.in/yaml.v2/yamlh.go b/src/importvendor/gopkg.in/yaml.v2/yamlh.go
> +index e25cee563be..f6a9c8e34b1 100644
> +--- a/src/import/vendor/gopkg.in/yaml.v2/yamlh.go
> ++++ b/src/import/vendor/gopkg.in/yaml.v2/yamlh.go
> +@@ -579,6 +579,7 @@ type yaml_parser_t struct {
> +
> + simple_key_allowed bool // May a simple key occur at the current position?
> + simple_keys []yaml_simple_key_t // The stack of simple keys.
> ++ simple_keys_by_tok map[int]int // possible simple_key indexes indexed by token_number
> +
> + // Parser stuff
> +
> +diff --git a/src/import/vendor/modules.txt b/src/importvendor/modules.txt
> +index a51796d1ed5..a45f1cd3e3b 100644
> +--- a/src/import/vendor/modules.txt
> ++++ b/src/import/vendor/modules.txt
> +@@ -1059,7 +1059,7 @@ gopkg.in/square/go-jose.v2/jwt
> + gopkg.in/tomb.v1
> + # gopkg.in/warnings.v0 v0.1.1 => gopkg.in/warnings.v0 v0.1.1
> + gopkg.in/warnings.v0
> +-# gopkg.in/yaml.v2 v2.2.4 => gopkg.in/yaml.v2 v2.2.4
> ++# gopkg.in/yaml.v2 v2.2.8 => gopkg.in/yaml.v2 v2.2.8
> + gopkg.in/yaml.v2
> + # gotest.tools v2.2.0+incompatible => gotest.tools v2.2.0+incompatible
> + gotest.tools
> +--
> +2.20.1
> +
> diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
> index 76107af..4698874 100644
> --- a/recipes-containers/kubernetes/kubernetes_git.bb
> +++ b/recipes-containers/kubernetes/kubernetes_git.bb
> @@ -11,6 +11,11 @@ SRCREV_kubernetes = "f45fc1861acab22eb6a4697e3fb831e85ef5ff9c"
> SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.17;name=kubernetes \
> file://0001-hack-lib-golang.sh-use-CC-from-environment.patch \
> file://0001-cross-don-t-build-tests-by-default.patch \
> + file://0001-Add-new-endpoint-for-resource-metrics.patch \
> + file://0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch \
> + file://0001-remove-client-label-from-apiserver-request-count-met.patch \
> + file://0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch \
> + file://0001-Deal-with-auto-generated-files.patch \
> "
>
> DEPENDS += "rsync-native \
> --
> 2.24.1
>
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [meta-virtualization][PATCH] kubernetes: Backport CVE fixes
2020-04-29 19:28 ` Bruce Ashfield
@ 2020-05-07 14:53 ` sakib.sajal
2020-05-08 20:12 ` Bruce Ashfield
0 siblings, 1 reply; 4+ messages in thread
From: sakib.sajal @ 2020-05-07 14:53 UTC (permalink / raw)
To: meta-virtualization
[-- Attachment #1: Type: text/plain, Size: 112119 bytes --]
On 2020-04-29 3:28 p.m., Bruce Ashfield wrote:
> I'm nearly complete on an kubernetes refresh, so I won't merge this
> patch to master, and I'm inclined to do the uprev even in dunfell.
>
> If this patch is destined for dunfell, that should indicated clearly
> in the patch subject.
>
> Cheers,
>
> Bruce
Thank you for taking the time to review the changes.
What version are you refreshing to?
Sakib
>
> On Wed, Apr 29, 2020 at 1:49 PM <sakib.sajal@windriver.com> wrote:
>> CVE: CVE-2020-8551
>> - 0db7074e1ad237af1a513bdf51160bf4b4cdc9f1
>> - 9802bfcec0580169cffce2a3d468689a407fa7dc
>> - c394d821fdafd719619eb63fcd1065a95ec02ef9
>>
>> CVE: CVE-2020-8552
>> - cc3190968b1f14ddf4067abef849fc41bd6068dc
>>
>> CVE: CVE-2019-11254
>> - a290fe55cb2f4593eb4ec5bf410cd77b9d925464
>>
>> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
>> ---
>> ...-to-fix-kubelet-metrics-memory-issue.patch | 313 +++++++
>> ...dd-new-endpoint-for-resource-metrics.patch | 440 ++++++++++
>> .../0001-Deal-with-auto-generated-files.patch | 60 ++
>> ...bel-from-apiserver-request-count-met.patch | 171 ++++
>> ...01-update-gopkg.in-yaml.v2-to-v2.2.8.patch | 825 ++++++++++++++++++
>> .../kubernetes/kubernetes_git.bb | 5 +
>> 6 files changed, 1814 insertions(+)
>> create mode 100644 recipes-containers/kubernetes/kubernetes/0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch
>> create mode 100644 recipes-containers/kubernetes/kubernetes/0001-Add-new-endpoint-for-resource-metrics.patch
>> create mode 100644 recipes-containers/kubernetes/kubernetes/0001-Deal-with-auto-generated-files.patch
>> create mode 100644 recipes-containers/kubernetes/kubernetes/0001-remove-client-label-from-apiserver-request-count-met.patch
>> create mode 100644 recipes-containers/kubernetes/kubernetes/0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch
>>
>> diff --git a/recipes-containers/kubernetes/kubernetes/0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch b/recipes-containers/kubernetes/kubernetes/0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch
>> new file mode 100644
>> index 0000000..5369f04
>> --- /dev/null
>> +++ b/recipes-containers/kubernetes/kubernetes/0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch
>> @@ -0,0 +1,313 @@
>> +From 0bf092ccc5fccb06b13afe5da86286a856d96770 Mon Sep 17 00:00:00 2001
>> +From: Walter Fender <wfender@google.com>
>> +Date: Thu, 6 Feb 2020 19:10:18 -0800
>> +Subject: [PATCH] Add code to fix kubelet/metrics memory issue.
>> +
>> +Bucketing url paths based on concept/handling.
>> +Bucketing code placed by handling code to encourage usage.
>> +Added unit tests.
>> +Fix format.
>> +
>> +Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/87913/commits/9802bfcec0580169cffce2a3d468689a407fa7dc]
>> +CVE: CVE-2020-8551
>> +
>> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
>> +---
>> + pkg/kubelet/server/server.go | 57 ++++++++++++++++++++++++++++---
>> + pkg/kubelet/server/server_test.go | 54 ++++++++++++++++++++++++++++-
>> + 2 files changed, 106 insertions(+), 5 deletions(-)
>> +
>> +diff --git a/src/import/pkg/kubelet/server/server.go b/src/import/pkg/kubelet/server/server.go
>> +index 0f953c92502..05c1dc9c701 100644
>> +--- a/src/import/pkg/kubelet/server/server.go
>> ++++ b/src/import/pkg/kubelet/server/server.go
>> +@@ -89,6 +89,7 @@ type Server struct {
>> + auth AuthInterface
>> + host HostInterface
>> + restfulCont containerInterface
>> ++ metricsBuckets map[string]bool
>> + resourceAnalyzer stats.ResourceAnalyzer
>> + redirectContainerStreaming bool
>> + }
>> +@@ -225,6 +226,7 @@ func NewServer(
>> + resourceAnalyzer: resourceAnalyzer,
>> + auth: auth,
>> + restfulCont: &filteringContainer{Container: restful.NewContainer()},
>> ++ metricsBuckets: make(map[string]bool),
>> + redirectContainerStreaming: redirectContainerStreaming,
>> + }
>> + if auth != nil {
>> +@@ -280,14 +282,32 @@ func (s *Server) InstallAuthFilter() {
>> + })
>> + }
>> +
>> ++// addMetricsBucketMatcher adds a regexp matcher and the relevant bucket to use when
>> ++// it matches. Please be aware this is not thread safe and should not be used dynamically
>> ++func (s *Server) addMetricsBucketMatcher(bucket string) {
>> ++ s.metricsBuckets[bucket] = true
>> ++}
>> ++
>> ++// getMetricBucket find the appropriate metrics reporting bucket for the given path
>> ++func (s *Server) getMetricBucket(path string) string {
>> ++ root := getURLRootPath(path)
>> ++ if s.metricsBuckets[root] == true {
>> ++ return root
>> ++ }
>> ++ return "Invalid path"
>> ++}
>> ++
>> + // InstallDefaultHandlers registers the default set of supported HTTP request
>> + // patterns with the restful Container.
>> + func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
>> ++ s.addMetricsBucketMatcher("healthz")
>> + healthz.InstallHandler(s.restfulCont,
>> + healthz.PingHealthz,
>> + healthz.LogHealthz,
>> + healthz.NamedCheck("syncloop", s.syncLoopHealthCheck),
>> + )
>> ++
>> ++ s.addMetricsBucketMatcher("pods")
>> + ws := new(restful.WebService)
>> + ws.
>> + Path("/pods").
>> +@@ -297,7 +317,14 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
>> + Operation("getPods"))
>> + s.restfulCont.Add(ws)
>> +
>> ++ s.addMetricsBucketMatcher("stats")
>> + s.restfulCont.Add(stats.CreateHandlers(statsPath, s.host, s.resourceAnalyzer, enableCAdvisorJSONEndpoints))
>> ++
>> ++ s.addMetricsBucketMatcher("metrics")
>> ++ s.addMetricsBucketMatcher("metrics/cadvisor")
>> ++ s.addMetricsBucketMatcher("metrics/probes")
>> ++ s.addMetricsBucketMatcher("metrics/resource/v1alpha1")
>> ++ s.addMetricsBucketMatcher("metrics/resource")
>> + //lint:ignore SA1019 https://github.com/kubernetes/enhancements/issues/1206
>> + s.restfulCont.Handle(metricsPath, legacyregistry.Handler())
>> +
>> +@@ -320,12 +347,15 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
>> + compbasemetrics.HandlerFor(r, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
>> + )
>> +
>> ++ // deprecated endpoint which will be removed in release 1.20.0+.
>> ++ s.addMetricsBucketMatcher("metrics/resource/v1alpha1")
>> + v1alpha1ResourceRegistry := compbasemetrics.NewKubeRegistry()
>> + v1alpha1ResourceRegistry.CustomMustRegister(stats.NewPrometheusResourceMetricCollector(s.resourceAnalyzer, v1alpha1.Config()))
>> + s.restfulCont.Handle(path.Join(resourceMetricsPath, v1alpha1.Version),
>> + compbasemetrics.HandlerFor(v1alpha1ResourceRegistry, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
>> + )
>> +
>> ++ s.addMetricsBucketMatcher("metrics/resource")
>> + resourceRegistry := compbasemetrics.NewKubeRegistry()
>> + resourceRegistry.CustomMustRegister(collectors.NewResourceMetricsCollector(s.resourceAnalyzer))
>> + s.restfulCont.Handle(resourceMetricsPath,
>> +@@ -334,6 +364,7 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
>> +
>> + // prober metrics are exposed under a different endpoint
>> +
>> ++ s.addMetricsBucketMatcher("metrics/probes")
>> + p := compbasemetrics.NewKubeRegistry()
>> + compbasemetrics.RegisterProcessStartTime(p.RawRegister)
>> + p.MustRegister(prober.ProberResults)
>> +@@ -341,6 +372,7 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
>> + compbasemetrics.HandlerFor(p, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
>> + )
>> +
>> ++ s.addMetricsBucketMatcher("spec")
>> + if enableCAdvisorJSONEndpoints {
>> + ws := new(restful.WebService)
>> + ws.
>> +@@ -360,6 +392,7 @@ const pprofBasePath = "/debug/pprof/"
>> + func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
>> + klog.Infof("Adding debug handlers to kubelet server.")
>> +
>> ++ s.addMetricsBucketMatcher("run")
>> + ws := new(restful.WebService)
>> + ws.
>> + Path("/run")
>> +@@ -371,6 +404,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
>> + Operation("getRun"))
>> + s.restfulCont.Add(ws)
>> +
>> ++ s.addMetricsBucketMatcher("exec")
>> + ws = new(restful.WebService)
>> + ws.
>> + Path("/exec")
>> +@@ -388,6 +422,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
>> + Operation("getExec"))
>> + s.restfulCont.Add(ws)
>> +
>> ++ s.addMetricsBucketMatcher("attach")
>> + ws = new(restful.WebService)
>> + ws.
>> + Path("/attach")
>> +@@ -405,6 +440,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
>> + Operation("getAttach"))
>> + s.restfulCont.Add(ws)
>> +
>> ++ s.addMetricsBucketMatcher("portForward")
>> + ws = new(restful.WebService)
>> + ws.
>> + Path("/portForward")
>> +@@ -422,6 +458,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
>> + Operation("getPortForward"))
>> + s.restfulCont.Add(ws)
>> +
>> ++ s.addMetricsBucketMatcher("logs")
>> + ws = new(restful.WebService)
>> + ws.
>> + Path(logsPath)
>> +@@ -434,6 +471,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
>> + Param(ws.PathParameter("logpath", "path to the log").DataType("string")))
>> + s.restfulCont.Add(ws)
>> +
>> ++ s.addMetricsBucketMatcher("containerLogs")
>> + ws = new(restful.WebService)
>> + ws.
>> + Path("/containerLogs")
>> +@@ -442,8 +480,10 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
>> + Operation("getContainerLogs"))
>> + s.restfulCont.Add(ws)
>> +
>> ++ s.addMetricsBucketMatcher("configz")
>> + configz.InstallHandler(s.restfulCont)
>> +
>> ++ s.addMetricsBucketMatcher("debug")
>> + handlePprofEndpoint := func(req *restful.Request, resp *restful.Response) {
>> + name := strings.TrimPrefix(req.Request.URL.Path, pprofBasePath)
>> + switch name {
>> +@@ -459,7 +499,6 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
>> + pprof.Index(resp, req.Request)
>> + }
>> + }
>> +-
>> + // Setup pprof handlers.
>> + ws = new(restful.WebService).Path(pprofBasePath)
>> + ws.Route(ws.GET("/{subpath:*}").To(func(req *restful.Request, resp *restful.Response) {
>> +@@ -472,6 +511,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
>> + s.restfulCont.Handle("/debug/flags/v", routes.StringFlagPutHandler(logs.GlogSetter))
>> +
>> + // The /runningpods endpoint is used for testing only.
>> ++ s.addMetricsBucketMatcher("runningpods")
>> + ws = new(restful.WebService)
>> + ws.
>> + Path("/runningpods/").
>> +@@ -481,6 +521,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
>> + Operation("getRunningPods"))
>> + s.restfulCont.Add(ws)
>> +
>> ++ s.addMetricsBucketMatcher("cri")
>> + if criHandler != nil {
>> + s.restfulCont.Handle("/cri/", criHandler)
>> + }
>> +@@ -492,6 +533,14 @@ func (s *Server) InstallDebuggingDisabledHandlers() {
>> + http.Error(w, "Debug endpoints are disabled.", http.StatusMethodNotAllowed)
>> + })
>> +
>> ++ s.addMetricsBucketMatcher("run")
>> ++ s.addMetricsBucketMatcher("exec")
>> ++ s.addMetricsBucketMatcher("attach")
>> ++ s.addMetricsBucketMatcher("portForward")
>> ++ s.addMetricsBucketMatcher("containerLogs")
>> ++ s.addMetricsBucketMatcher("runningpods")
>> ++ s.addMetricsBucketMatcher("pprof")
>> ++ s.addMetricsBucketMatcher("logs")
>> + paths := []string{
>> + "/run/", "/exec/", "/attach/", "/portForward/", "/containerLogs/",
>> + "/runningpods/", pprofBasePath, logsPath}
>> +@@ -808,10 +857,10 @@ func (s *Server) getPortForward(request *restful.Request, response *restful.Resp
>> + proxyStream(response.ResponseWriter, request.Request, url)
>> + }
>> +
>> +-// trimURLPath trims a URL path.
>> ++// getURLRootPath trims a URL path.
>> + // For paths in the format of "/metrics/xxx", "metrics/xxx" is returned;
>> + // For all other paths, the first part of the path is returned.
>> +-func trimURLPath(path string) string {
>> ++func getURLRootPath(path string) string {
>> + parts := strings.SplitN(strings.TrimPrefix(path, "/"), "/", 3)
>> + if len(parts) == 0 {
>> + return path
>> +@@ -859,7 +908,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, req *http.Request) {
>> + serverType = "readwrite"
>> + }
>> +
>> +- method, path := req.Method, trimURLPath(req.URL.Path)
>> ++ method, path := req.Method, s.getMetricBucket(req.URL.Path)
>> +
>> + longRunning := strconv.FormatBool(isLongRunningRequest(path))
>> +
>> +diff --git a/src/import/pkg/kubelet/server/server_test.go b/src/import/pkg/kubelet/server/server_test.go
>> +index eba788b50ea..5e6a1cc0588 100644
>> +--- a/src/import/pkg/kubelet/server/server_test.go
>> ++++ b/src/import/pkg/kubelet/server/server_test.go
>> +@@ -1460,6 +1460,58 @@ func TestCRIHandler(t *testing.T) {
>> + assert.Equal(t, query, fw.criHandler.RequestReceived.URL.RawQuery)
>> + }
>> +
>> ++func TestMetricBuckets(t *testing.T) {
>> ++ tests := map[string]struct {
>> ++ url string
>> ++ bucket string
>> ++ }{
>> ++ "healthz endpoint": {url: "/healthz", bucket: "healthz"},
>> ++ "attach": {url: "/attach/podNamespace/podID/containerName", bucket: "attach"},
>> ++ "attach with uid": {url: "/attach/podNamespace/podID/uid/containerName", bucket: "attach"},
>> ++ "configz": {url: "/configz", bucket: "configz"},
>> ++ "containerLogs": {url: "/containerLogs/podNamespace/podID/containerName", bucket: "containerLogs"},
>> ++ "cri": {url: "/cri/", bucket: "cri"},
>> ++ "cri with sub": {url: "/cri/foo", bucket: "cri"},
>> ++ "debug v flags": {url: "/debug/flags/v", bucket: "debug"},
>> ++ "pprof with sub": {url: "/debug/pprof/subpath", bucket: "debug"},
>> ++ "exec": {url: "/exec/podNamespace/podID/containerName", bucket: "exec"},
>> ++ "exec with uid": {url: "/exec/podNamespace/podID/uid/containerName", bucket: "exec"},
>> ++ "healthz": {url: "/healthz/", bucket: "healthz"},
>> ++ "healthz log sub": {url: "/healthz/log", bucket: "healthz"},
>> ++ "healthz ping": {url: "/healthz/ping", bucket: "healthz"},
>> ++ "healthz sync loop": {url: "/healthz/syncloop", bucket: "healthz"},
>> ++ "logs": {url: "/logs/", bucket: "logs"},
>> ++ "logs with path": {url: "/logs/logpath", bucket: "logs"},
>> ++ "metrics": {url: "/metrics", bucket: "metrics"},
>> ++ "metrics cadvisor sub": {url: "/metrics/cadvisor", bucket: "metrics/cadvisor"},
>> ++ "metrics probes sub": {url: "/metrics/probes", bucket: "metrics/probes"},
>> ++ "metrics resource v1alpha1": {url: "/metrics/resource/v1alpha1", bucket: "metrics/resource"},
>> ++ "metrics resource sub": {url: "/metrics/resource", bucket: "metrics/resource"},
>> ++ "pods": {url: "/pods/", bucket: "pods"},
>> ++ "portForward": {url: "/portForward/podNamespace/podID", bucket: "portForward"},
>> ++ "portForward with uid": {url: "/portForward/podNamespace/podID/uid", bucket: "portForward"},
>> ++ "run": {url: "/run/podNamespace/podID/containerName", bucket: "run"},
>> ++ "run with uid": {url: "/run/podNamespace/podID/uid/containerName", bucket: "run"},
>> ++ "runningpods": {url: "/runningpods/", bucket: "runningpods"},
>> ++ "spec": {url: "/spec/", bucket: "spec"},
>> ++ "stats": {url: "/stats/", bucket: "stats"},
>> ++ "stats container sub": {url: "/stats/container", bucket: "stats"},
>> ++ "stats summary sub": {url: "/stats/summary", bucket: "stats"},
>> ++ "stats containerName with uid": {url: "/stats/namespace/podName/uid/containerName", bucket: "stats"},
>> ++ "stats containerName": {url: "/stats/podName/containerName", bucket: "stats"},
>> ++ "invalid path": {url: "/junk", bucket: "Invalid path"},
>> ++ "invalid path starting with good": {url: "/healthzjunk", bucket: "Invalid path"},
>> ++ }
>> ++ fw := newServerTest()
>> ++ defer fw.testHTTPServer.Close()
>> ++
>> ++ for _, test := range tests {
>> ++ path := test.url
>> ++ bucket := test.bucket
>> ++ require.Equal(t, fw.serverUnderTest.getMetricBucket(path), bucket)
>> ++ }
>> ++}
>> ++
>> + func TestDebuggingDisabledHandlers(t *testing.T) {
>> + fw := newServerTestWithDebug(false, false, nil)
>> + defer fw.testHTTPServer.Close()
>> +@@ -1533,6 +1585,6 @@ func TestTrimURLPath(t *testing.T) {
>> + }
>> +
>> + for _, test := range tests {
>> +- assert.Equal(t, test.expected, trimURLPath(test.path), fmt.Sprintf("path is: %s", test.path))
>> ++ assert.Equal(t, test.expected, getURLRootPath(test.path), fmt.Sprintf("path is: %s", test.path))
>> + }
>> + }
>> +--
>> +2.17.1
>> +
>> diff --git a/recipes-containers/kubernetes/kubernetes/0001-Add-new-endpoint-for-resource-metrics.patch b/recipes-containers/kubernetes/kubernetes/0001-Add-new-endpoint-for-resource-metrics.patch
>> new file mode 100644
>> index 0000000..82e5fc6
>> --- /dev/null
>> +++ b/recipes-containers/kubernetes/kubernetes/0001-Add-new-endpoint-for-resource-metrics.patch
>> @@ -0,0 +1,440 @@
>> +From 0db7074e1ad237af1a513bdf51160bf4b4cdc9f1 Mon Sep 17 00:00:00 2001
>> +From: RainbowMango <renhongcai@huawei.com>
>> +Date: Sun, 15 Dec 2019 17:06:13 +0800
>> +Subject: [PATCH] Add new endpoint for resource metrics.
>> +
>> +This commit is required for context to fix CVE-2020-8551.
>> +
>> +Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/86282/commits/0db7074e1ad237af1a513bdf51160bf4b4cdc9f1]
>> +CVE: CVE-2020-8551
>> +
>> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
>> +---
>> + .../metrics/collectors/resource_metrics.go | 153 ++++++++++++++
>> + .../collectors/resource_metrics_test.go | 189 ++++++++++++++++++
>> + pkg/kubelet/server/auth_test.go | 1 +
>> + pkg/kubelet/server/server.go | 23 ++-
>> + 4 files changed, 358 insertions(+), 8 deletions(-)
>> + create mode 100644 pkg/kubelet/metrics/collectors/resource_metrics.go
>> + create mode 100644 pkg/kubelet/metrics/collectors/resource_metrics_test.go
>> +
>> +diff --git a/src/import/pkg/kubelet/metrics/collectors/resource_metrics.go b/src/import/pkg/kubelet/metrics/collectors/resource_metrics.go
>> +new file mode 100644
>> +index 00000000000..a3667127903
>> +--- /dev/null
>> ++++ b/src/import/pkg/kubelet/metrics/collectors/resource_metrics.go
>> +@@ -0,0 +1,153 @@
>> ++/*
>> ++Copyright 2019 The Kubernetes Authors.
>> ++
>> ++Licensed under the Apache License, Version 2.0 (the "License");
>> ++you may not use this file except in compliance with the License.
>> ++You may obtain a copy of the License at
>> ++
>> ++ http://www.apache.org/licenses/LICENSE-2.0
>> ++
>> ++Unless required by applicable law or agreed to in writing, software
>> ++distributed under the License is distributed on an "AS IS" BASIS,
>> ++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> ++See the License for the specific language governing permissions and
>> ++limitations under the License.
>> ++*/
>> ++
>> ++package collectors
>> ++
>> ++import (
>> ++ "time"
>> ++
>> ++ "k8s.io/component-base/metrics"
>> ++ "k8s.io/klog"
>> ++ summary "k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1"
>> ++ "k8s.io/kubernetes/pkg/kubelet/server/stats"
>> ++)
>> ++
>> ++var (
>> ++ nodeCPUUsageDesc = metrics.NewDesc("node_cpu_usage_seconds",
>> ++ "Cumulative cpu time consumed by the node in core-seconds",
>> ++ nil,
>> ++ nil,
>> ++ metrics.ALPHA,
>> ++ "")
>> ++
>> ++ nodeMemoryUsageDesc = metrics.NewDesc("node_memory_working_set_bytes",
>> ++ "Current working set of the node in bytes",
>> ++ nil,
>> ++ nil,
>> ++ metrics.ALPHA,
>> ++ "")
>> ++
>> ++ containerCPUUsageDesc = metrics.NewDesc("container_cpu_usage_seconds",
>> ++ "Cumulative cpu time consumed by the container in core-seconds",
>> ++ []string{"container", "pod", "namespace"},
>> ++ nil,
>> ++ metrics.ALPHA,
>> ++ "")
>> ++
>> ++ containerMemoryUsageDesc = metrics.NewDesc("container_memory_working_set_bytes",
>> ++ "Current working set of the container in bytes",
>> ++ []string{"container", "pod", "namespace"},
>> ++ nil,
>> ++ metrics.ALPHA,
>> ++ "")
>> ++
>> ++ resouceScrapeResultDesc = metrics.NewDesc("scrape_error",
>> ++ "1 if there was an error while getting container metrics, 0 otherwise",
>> ++ nil,
>> ++ nil,
>> ++ metrics.ALPHA,
>> ++ "")
>> ++)
>> ++
>> ++// NewResourceMetricsCollector returns a metrics.StableCollector which exports resource metrics
>> ++func NewResourceMetricsCollector(provider stats.SummaryProvider) metrics.StableCollector {
>> ++ return &resourceMetricsCollector{
>> ++ provider: provider,
>> ++ }
>> ++}
>> ++
>> ++type resourceMetricsCollector struct {
>> ++ metrics.BaseStableCollector
>> ++
>> ++ provider stats.SummaryProvider
>> ++}
>> ++
>> ++// Check if resourceMetricsCollector implements necessary interface
>> ++var _ metrics.StableCollector = &resourceMetricsCollector{}
>> ++
>> ++// DescribeWithStability implements metrics.StableCollector
>> ++func (rc *resourceMetricsCollector) DescribeWithStability(ch chan<- *metrics.Desc) {
>> ++ ch <- nodeCPUUsageDesc
>> ++ ch <- nodeMemoryUsageDesc
>> ++ ch <- containerCPUUsageDesc
>> ++ ch <- containerMemoryUsageDesc
>> ++ ch <- resouceScrapeResultDesc
>> ++}
>> ++
>> ++// CollectWithStability implements metrics.StableCollector
>> ++// Since new containers are frequently created and removed, using the Gauge would
>> ++// leak metric collectors for containers or pods that no longer exist. Instead, implement
>> ++// custom collector in a way that only collects metrics for active containers.
>> ++func (rc *resourceMetricsCollector) CollectWithStability(ch chan<- metrics.Metric) {
>> ++ var errorCount float64
>> ++ defer func() {
>> ++ ch <- metrics.NewLazyConstMetric(resouceScrapeResultDesc, metrics.GaugeValue, errorCount)
>> ++ }()
>> ++ statsSummary, err := rc.provider.GetCPUAndMemoryStats()
>> ++ if err != nil {
>> ++ errorCount = 1
>> ++ klog.Warningf("Error getting summary for resourceMetric prometheus endpoint: %v", err)
>> ++ return
>> ++ }
>> ++
>> ++ rc.collectNodeCPUMetrics(ch, statsSummary.Node)
>> ++ rc.collectNodeMemoryMetrics(ch, statsSummary.Node)
>> ++
>> ++ for _, pod := range statsSummary.Pods {
>> ++ for _, container := range pod.Containers {
>> ++ rc.collectContainerCPUMetrics(ch, pod, container)
>> ++ rc.collectContainerMemoryMetrics(ch, pod, container)
>> ++ }
>> ++ }
>> ++}
>> ++
>> ++func (rc *resourceMetricsCollector) collectNodeCPUMetrics(ch chan<- metrics.Metric, s summary.NodeStats) {
>> ++ if s.CPU == nil {
>> ++ return
>> ++ }
>> ++
>> ++ ch <- metrics.NewLazyMetricWithTimestamp(s.CPU.Time.Time,
>> ++ metrics.NewLazyConstMetric(nodeCPUUsageDesc, metrics.GaugeValue, float64(*s.CPU.UsageCoreNanoSeconds)/float64(time.Second)))
>> ++}
>> ++
>> ++func (rc *resourceMetricsCollector) collectNodeMemoryMetrics(ch chan<- metrics.Metric, s summary.NodeStats) {
>> ++ if s.Memory == nil {
>> ++ return
>> ++ }
>> ++
>> ++ ch <- metrics.NewLazyMetricWithTimestamp(s.Memory.Time.Time,
>> ++ metrics.NewLazyConstMetric(nodeMemoryUsageDesc, metrics.GaugeValue, float64(*s.Memory.WorkingSetBytes)))
>> ++}
>> ++
>> ++func (rc *resourceMetricsCollector) collectContainerCPUMetrics(ch chan<- metrics.Metric, pod summary.PodStats, s summary.ContainerStats) {
>> ++ if s.CPU == nil {
>> ++ return
>> ++ }
>> ++
>> ++ ch <- metrics.NewLazyMetricWithTimestamp(s.CPU.Time.Time,
>> ++ metrics.NewLazyConstMetric(containerCPUUsageDesc, metrics.GaugeValue,
>> ++ float64(*s.CPU.UsageCoreNanoSeconds)/float64(time.Second), s.Name, pod.PodRef.Name, pod.PodRef.Namespace))
>> ++}
>> ++
>> ++func (rc *resourceMetricsCollector) collectContainerMemoryMetrics(ch chan<- metrics.Metric, pod summary.PodStats, s summary.ContainerStats) {
>> ++ if s.Memory == nil {
>> ++ return
>> ++ }
>> ++
>> ++ ch <- metrics.NewLazyMetricWithTimestamp(s.Memory.Time.Time,
>> ++ metrics.NewLazyConstMetric(containerMemoryUsageDesc, metrics.GaugeValue,
>> ++ float64(*s.Memory.WorkingSetBytes), s.Name, pod.PodRef.Name, pod.PodRef.Namespace))
>> ++}
>> +diff --git a/src/import/pkg/kubelet/metrics/collectors/resource_metrics_test.go b/src/import/pkg/kubelet/metrics/collectors/resource_metrics_test.go
>> +new file mode 100644
>> +index 00000000000..b92aabbd675
>> +--- /dev/null
>> ++++ b/src/import/pkg/kubelet/metrics/collectors/resource_metrics_test.go
>> +@@ -0,0 +1,189 @@
>> ++/*
>> ++Copyright 2019 The Kubernetes Authors.
>> ++
>> ++Licensed under the Apache License, Version 2.0 (the "License");
>> ++you may not use this file except in compliance with the License.
>> ++You may obtain a copy of the License at
>> ++
>> ++ http://www.apache.org/licenses/LICENSE-2.0
>> ++
>> ++Unless required by applicable law or agreed to in writing, software
>> ++distributed under the License is distributed on an "AS IS" BASIS,
>> ++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> ++See the License for the specific language governing permissions and
>> ++limitations under the License.
>> ++*/
>> ++
>> ++package collectors
>> ++
>> ++import (
>> ++ "fmt"
>> ++ "strings"
>> ++ "testing"
>> ++ "time"
>> ++
>> ++ "github.com/stretchr/testify/mock"
>> ++
>> ++ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
>> ++ "k8s.io/component-base/metrics/testutil"
>> ++ statsapi "k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1"
>> ++)
>> ++
>> ++type mockSummaryProvider struct {
>> ++ mock.Mock
>> ++}
>> ++
>> ++func (m *mockSummaryProvider) Get(updateStats bool) (*statsapi.Summary, error) {
>> ++ args := m.Called(updateStats)
>> ++ return args.Get(0).(*statsapi.Summary), args.Error(1)
>> ++}
>> ++
>> ++func (m *mockSummaryProvider) GetCPUAndMemoryStats() (*statsapi.Summary, error) {
>> ++ args := m.Called()
>> ++ return args.Get(0).(*statsapi.Summary), args.Error(1)
>> ++}
>> ++
>> ++func TestCollectResourceMetrics(t *testing.T) {
>> ++ testTime := metav1.NewTime(time.Unix(2, 0)) // a static timestamp: 2000
>> ++ interestedMetrics := []string{
>> ++ "scrape_error",
>> ++ "node_cpu_usage_seconds",
>> ++ "node_memory_working_set_bytes",
>> ++ "container_cpu_usage_seconds",
>> ++ "container_memory_working_set_bytes",
>> ++ }
>> ++
>> ++ tests := []struct {
>> ++ name string
>> ++ summary *statsapi.Summary
>> ++ summaryErr error
>> ++ expectedMetrics string
>> ++ }{
>> ++ {
>> ++ name: "error getting summary",
>> ++ summary: nil,
>> ++ summaryErr: fmt.Errorf("failed to get summary"),
>> ++ expectedMetrics: `
>> ++ # HELP scrape_error [ALPHA] 1 if there was an error while getting container metrics, 0 otherwise
>> ++ # TYPE scrape_error gauge
>> ++ scrape_error 1
>> ++ `,
>> ++ },
>> ++ {
>> ++ name: "arbitrary node metrics",
>> ++ summary: &statsapi.Summary{
>> ++ Node: statsapi.NodeStats{
>> ++ CPU: &statsapi.CPUStats{
>> ++ Time: testTime,
>> ++ UsageCoreNanoSeconds: uint64Ptr(10000000000),
>> ++ },
>> ++ Memory: &statsapi.MemoryStats{
>> ++ Time: testTime,
>> ++ WorkingSetBytes: uint64Ptr(1000),
>> ++ },
>> ++ },
>> ++ },
>> ++ summaryErr: nil,
>> ++ expectedMetrics: `
>> ++ # HELP node_cpu_usage_seconds [ALPHA] Cumulative cpu time consumed by the node in core-seconds
>> ++ # TYPE node_cpu_usage_seconds gauge
>> ++ node_cpu_usage_seconds 10 2000
>> ++ # HELP node_memory_working_set_bytes [ALPHA] Current working set of the node in bytes
>> ++ # TYPE node_memory_working_set_bytes gauge
>> ++ node_memory_working_set_bytes 1000 2000
>> ++ # HELP scrape_error [ALPHA] 1 if there was an error while getting container metrics, 0 otherwise
>> ++ # TYPE scrape_error gauge
>> ++ scrape_error 0
>> ++ `,
>> ++ },
>> ++ {
>> ++ name: "arbitrary container metrics for different container, pods and namespaces",
>> ++ summary: &statsapi.Summary{
>> ++ Pods: []statsapi.PodStats{
>> ++ {
>> ++ PodRef: statsapi.PodReference{
>> ++ Name: "pod_a",
>> ++ Namespace: "namespace_a",
>> ++ },
>> ++ Containers: []statsapi.ContainerStats{
>> ++ {
>> ++ Name: "container_a",
>> ++ CPU: &statsapi.CPUStats{
>> ++ Time: testTime,
>> ++ UsageCoreNanoSeconds: uint64Ptr(10000000000),
>> ++ },
>> ++ Memory: &statsapi.MemoryStats{
>> ++ Time: testTime,
>> ++ WorkingSetBytes: uint64Ptr(1000),
>> ++ },
>> ++ },
>> ++ {
>> ++ Name: "container_b",
>> ++ CPU: &statsapi.CPUStats{
>> ++ Time: testTime,
>> ++ UsageCoreNanoSeconds: uint64Ptr(10000000000),
>> ++ },
>> ++ Memory: &statsapi.MemoryStats{
>> ++ Time: testTime,
>> ++ WorkingSetBytes: uint64Ptr(1000),
>> ++ },
>> ++ },
>> ++ },
>> ++ },
>> ++ {
>> ++ PodRef: statsapi.PodReference{
>> ++ Name: "pod_b",
>> ++ Namespace: "namespace_b",
>> ++ },
>> ++ Containers: []statsapi.ContainerStats{
>> ++ {
>> ++ Name: "container_a",
>> ++ CPU: &statsapi.CPUStats{
>> ++ Time: testTime,
>> ++ UsageCoreNanoSeconds: uint64Ptr(10000000000),
>> ++ },
>> ++ Memory: &statsapi.MemoryStats{
>> ++ Time: testTime,
>> ++ WorkingSetBytes: uint64Ptr(1000),
>> ++ },
>> ++ },
>> ++ },
>> ++ },
>> ++ },
>> ++ },
>> ++ summaryErr: nil,
>> ++ expectedMetrics: `
>> ++ # HELP scrape_error [ALPHA] 1 if there was an error while getting container metrics, 0 otherwise
>> ++ # TYPE scrape_error gauge
>> ++ scrape_error 0
>> ++ # HELP container_cpu_usage_seconds [ALPHA] Cumulative cpu time consumed by the container in core-seconds
>> ++ # TYPE container_cpu_usage_seconds gauge
>> ++ container_cpu_usage_seconds{container="container_a",namespace="namespace_a",pod="pod_a"} 10 2000
>> ++ container_cpu_usage_seconds{container="container_a",namespace="namespace_b",pod="pod_b"} 10 2000
>> ++ container_cpu_usage_seconds{container="container_b",namespace="namespace_a",pod="pod_a"} 10 2000
>> ++ # HELP container_memory_working_set_bytes [ALPHA] Current working set of the container in bytes
>> ++ # TYPE container_memory_working_set_bytes gauge
>> ++ container_memory_working_set_bytes{container="container_a",namespace="namespace_a",pod="pod_a"} 1000 2000
>> ++ container_memory_working_set_bytes{container="container_a",namespace="namespace_b",pod="pod_b"} 1000 2000
>> ++ container_memory_working_set_bytes{container="container_b",namespace="namespace_a",pod="pod_a"} 1000 2000
>> ++ `,
>> ++ },
>> ++ }
>> ++
>> ++ for _, test := range tests {
>> ++ tc := test
>> ++ t.Run(tc.name, func(t *testing.T) {
>> ++ provider := &mockSummaryProvider{}
>> ++ provider.On("GetCPUAndMemoryStats").Return(tc.summary, tc.summaryErr)
>> ++ collector := NewResourceMetricsCollector(provider)
>> ++
>> ++ if err := testutil.CustomCollectAndCompare(collector, strings.NewReader(tc.expectedMetrics), interestedMetrics...); err != nil {
>> ++ t.Fatal(err)
>> ++ }
>> ++ })
>> ++ }
>> ++}
>> ++
>> ++func uint64Ptr(u uint64) *uint64 {
>> ++ return &u
>> ++}
>> +diff --git a/src/import/pkg/kubelet/server/auth_test.go b/src/import/pkg/kubelet/server/auth_test.go
>> +index d598bc3892b..638f3ba2bf0 100644
>> +--- a/src/import/pkg/kubelet/server/auth_test.go
>> ++++ b/src/import/pkg/kubelet/server/auth_test.go
>> +@@ -128,6 +128,7 @@ func AuthzTestCases() []AuthzTestCase {
>> + "/metrics/cadvisor": "metrics",
>> + "/metrics/probes": "metrics",
>> + "/metrics/resource/v1alpha1": "metrics",
>> ++ "/metrics/resource": "metrics",
>> + "/pods/": "proxy",
>> + "/portForward/{podNamespace}/{podID}": "proxy",
>> + "/portForward/{podNamespace}/{podID}/{uid}": "proxy",
>> +diff --git a/src/import/pkg/kubelet/server/server.go b/src/import/pkg/kubelet/server/server.go
>> +index 87f3bd28a25..74eeaf10171 100644
>> +--- a/src/import/pkg/kubelet/server/server.go
>> ++++ b/src/import/pkg/kubelet/server/server.go
>> +@@ -38,6 +38,7 @@ import (
>> + "github.com/google/cadvisor/metrics"
>> + "google.golang.org/grpc"
>> + "k8s.io/klog"
>> ++ "k8s.io/kubernetes/pkg/kubelet/metrics/collectors"
>> +
>> + "k8s.io/api/core/v1"
>> + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
>> +@@ -74,13 +75,13 @@ import (
>> + )
>> +
>> + const (
>> +- metricsPath = "/metrics"
>> +- cadvisorMetricsPath = "/metrics/cadvisor"
>> +- resourceMetricsPathPrefix = "/metrics/resource"
>> +- proberMetricsPath = "/metrics/probes"
>> +- specPath = "/spec/"
>> +- statsPath = "/stats/"
>> +- logsPath = "/logs/"
>> ++ metricsPath = "/metrics"
>> ++ cadvisorMetricsPath = "/metrics/cadvisor"
>> ++ resourceMetricsPath = "/metrics/resource"
>> ++ proberMetricsPath = "/metrics/probes"
>> ++ specPath = "/spec/"
>> ++ statsPath = "/stats/"
>> ++ logsPath = "/logs/"
>> + )
>> +
>> + // Server is a http.Handler which exposes kubelet functionality over HTTP.
>> +@@ -321,10 +322,16 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
>> +
>> + v1alpha1ResourceRegistry := compbasemetrics.NewKubeRegistry()
>> + v1alpha1ResourceRegistry.CustomMustRegister(stats.NewPrometheusResourceMetricCollector(s.resourceAnalyzer, v1alpha1.Config()))
>> +- s.restfulCont.Handle(path.Join(resourceMetricsPathPrefix, v1alpha1.Version),
>> ++ s.restfulCont.Handle(path.Join(resourceMetricsPath, v1alpha1.Version),
>> + compbasemetrics.HandlerFor(v1alpha1ResourceRegistry, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
>> + )
>> +
>> ++ resourceRegistry := compbasemetrics.NewKubeRegistry()
>> ++ resourceRegistry.CustomMustRegister(collectors.NewResourceMetricsCollector(s.resourceAnalyzer))
>> ++ s.restfulCont.Handle(resourceMetricsPath,
>> ++ compbasemetrics.HandlerFor(resourceRegistry, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
>> ++ )
>> ++
>> + // prober metrics are exposed under a different endpoint
>> +
>> + p := compbasemetrics.NewKubeRegistry()
>> +--
>> +2.20.1
>> +
>> diff --git a/recipes-containers/kubernetes/kubernetes/0001-Deal-with-auto-generated-files.patch b/recipes-containers/kubernetes/kubernetes/0001-Deal-with-auto-generated-files.patch
>> new file mode 100644
>> index 0000000..f7a5c7c
>> --- /dev/null
>> +++ b/recipes-containers/kubernetes/kubernetes/0001-Deal-with-auto-generated-files.patch
>> @@ -0,0 +1,60 @@
>> +From c394d821fdafd719619eb63fcd1065a95ec02ef9 Mon Sep 17 00:00:00 2001
>> +From: RainbowMango <renhongcai@huawei.com>
>> +Date: Sun, 15 Dec 2019 18:37:38 +0800
>> +Subject: [PATCH] Deal with auto-generated files: - Update bazel by
>> + hack/update-bazel.sh
>> +
>> +This commit is needed for context to fix CVE-2020-8551
>> +
>> +Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/86282/commits/c394d821fdafd719619eb63fcd1065a95ec02ef9]
>> +CVE: CVE-2020-8551
>> +
>> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
>> +---
>> + pkg/kubelet/metrics/collectors/BUILD | 3 +++
>> + pkg/kubelet/server/BUILD | 1 +
>> + 2 files changed, 4 insertions(+)
>> +
>> +diff --git a/src/import/pkg/kubelet/metrics/collectors/BUILD b/src/import/pkg/kubelet/metrics/collectors/BUILD
>> +index 00bc335320f..25398793eab 100644
>> +--- a/src/import/pkg/kubelet/metrics/collectors/BUILD
>> ++++ b/src/import/pkg/kubelet/metrics/collectors/BUILD
>> +@@ -4,6 +4,7 @@ go_library(
>> + name = "go_default_library",
>> + srcs = [
>> + "log_metrics.go",
>> ++ "resource_metrics.go",
>> + "volume_stats.go",
>> + ],
>> + importpath = "k8s.io/kubernetes/pkg/kubelet/metrics/collectors",
>> +@@ -22,6 +23,7 @@ go_test(
>> + name = "go_default_test",
>> + srcs = [
>> + "log_metrics_test.go",
>> ++ "resource_metrics_test.go",
>> + "volume_stats_test.go",
>> + ],
>> + embed = [":go_default_library"],
>> +@@ -30,6 +32,7 @@ go_test(
>> + "//pkg/kubelet/server/stats/testing:go_default_library",
>> + "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
>> + "//staging/src/k8s.io/component-base/metrics/testutil:go_default_library",
>> ++ "//vendor/github.com/stretchr/testify/mock:go_default_library",
>> + ],
>> + )
>> +
>> +diff --git a/src/import/pkg/kubelet/server/BUILD b/src/import/pkg/kubelet/server/BUILD
>> +index d83619fcbe5..a18f1b5e83b 100644
>> +--- a/src/import/pkg/kubelet/server/BUILD
>> ++++ b/src/import/pkg/kubelet/server/BUILD
>> +@@ -22,6 +22,7 @@ go_library(
>> + "//pkg/kubelet/apis/podresources/v1alpha1:go_default_library",
>> + "//pkg/kubelet/apis/resourcemetrics/v1alpha1:go_default_library",
>> + "//pkg/kubelet/container:go_default_library",
>> ++ "//pkg/kubelet/metrics/collectors:go_default_library",
>> + "//pkg/kubelet/prober:go_default_library",
>> + "//pkg/kubelet/server/metrics:go_default_library",
>> + "//pkg/kubelet/server/portforward:go_default_library",
>> +--
>> +2.20.1
>> +
>> diff --git a/recipes-containers/kubernetes/kubernetes/0001-remove-client-label-from-apiserver-request-count-met.patch b/recipes-containers/kubernetes/kubernetes/0001-remove-client-label-from-apiserver-request-count-met.patch
>> new file mode 100644
>> index 0000000..d4bf783
>> --- /dev/null
>> +++ b/recipes-containers/kubernetes/kubernetes/0001-remove-client-label-from-apiserver-request-count-met.patch
>> @@ -0,0 +1,171 @@
>> +From a657089732c0bd5d4515fb9208182c31c6c05790 Mon Sep 17 00:00:00 2001
>> +From: Han Kang <hankang@google.com>
>> +Date: Wed, 29 Jan 2020 12:25:55 -0800
>> +Subject: [PATCH] remove client label from apiserver request count metric since
>> + it is unbounded
>> +
>> +Change-Id: I3a9eacebc9d9dc9ed6347260d9378cdcb5743431
>> +
>> +Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/87669/commits/cc3190968b1f14ddf4067abef849fc41bd6068dc]
>> +CVE: CVE-2020-8552
>> +
>> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
>> +---
>> + .../apiserver/pkg/endpoints/metrics/BUILD | 8 ---
>> + .../pkg/endpoints/metrics/metrics.go | 23 ++------
>> + .../pkg/endpoints/metrics/metrics_test.go | 54 -------------------
>> + 3 files changed, 4 insertions(+), 81 deletions(-)
>> + delete mode 100644 staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics_test.go
>> +
>> +diff --git a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD
>> +index 8d13a34eadc..8abb3d1a611 100644
>> +--- a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD
>> ++++ b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD
>> +@@ -3,13 +3,6 @@ package(default_visibility = ["//visibility:public"])
>> + load(
>> + "@io_bazel_rules_go//go:def.bzl",
>> + "go_library",
>> +- "go_test",
>> +-)
>> +-
>> +-go_test(
>> +- name = "go_default_test",
>> +- srcs = ["metrics_test.go"],
>> +- embed = [":go_default_library"],
>> + )
>> +
>> + go_library(
>> +@@ -20,7 +13,6 @@ go_library(
>> + deps = [
>> + "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/validation:go_default_library",
>> + "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
>> +- "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
>> + "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
>> + "//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
>> + "//staging/src/k8s.io/apiserver/pkg/features:go_default_library",
>> +diff --git a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go
>> +index 36ff861da7a..81a9a2c5e6f 100644
>> +--- a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go
>> ++++ b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go
>> +@@ -31,7 +31,6 @@ import (
>> +
>> + "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
>> + "k8s.io/apimachinery/pkg/types"
>> +- utilnet "k8s.io/apimachinery/pkg/util/net"
>> + utilsets "k8s.io/apimachinery/pkg/util/sets"
>> + "k8s.io/apiserver/pkg/endpoints/request"
>> + "k8s.io/apiserver/pkg/features"
>> +@@ -65,14 +64,14 @@ var (
>> + requestCounter = compbasemetrics.NewCounterVec(
>> + &compbasemetrics.CounterOpts{
>> + Name: "apiserver_request_total",
>> +- Help: "Counter of apiserver requests broken out for each verb, dry run value, group, version, resource, scope, component, client, and HTTP response contentType and code.",
>> ++ Help: "Counter of apiserver requests broken out for each verb, dry run value, group, version, resource, scope, component, and HTTP response contentType and code.",
>> + StabilityLevel: compbasemetrics.ALPHA,
>> + },
>> + // The label_name contentType doesn't follow the label_name convention defined here:
>> + // https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/instrumentation.md
>> + // But changing it would break backwards compatibility. Future label_names
>> + // should be all lowercase and separated by underscores.
>> +- []string{"verb", "dry_run", "group", "version", "resource", "subresource", "scope", "component", "client", "contentType", "code"},
>> ++ []string{"verb", "dry_run", "group", "version", "resource", "subresource", "scope", "component", "contentType", "code"},
>> + )
>> + deprecatedRequestCounter = compbasemetrics.NewCounterVec(
>> + &compbasemetrics.CounterOpts{
>> +@@ -301,11 +300,10 @@ func RecordLongRunning(req *http.Request, requestInfo *request.RequestInfo, comp
>> + func MonitorRequest(req *http.Request, verb, group, version, resource, subresource, scope, component, contentType string, httpCode, respSize int, elapsed time.Duration) {
>> + reportedVerb := cleanVerb(verb, req)
>> + dryRun := cleanDryRun(req.URL)
>> +- client := cleanUserAgent(utilnet.GetHTTPClient(req))
>> + elapsedMicroseconds := float64(elapsed / time.Microsecond)
>> + elapsedSeconds := elapsed.Seconds()
>> +- requestCounter.WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component, client, contentType, codeToString(httpCode)).Inc()
>> +- deprecatedRequestCounter.WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component, client, contentType, codeToString(httpCode)).Inc()
>> ++ requestCounter.WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component, contentType, codeToString(httpCode)).Inc()
>> ++ deprecatedRequestCounter.WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component, contentType, codeToString(httpCode)).Inc()
>> + requestLatencies.WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component).Observe(elapsedSeconds)
>> + deprecatedRequestLatencies.WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component).Observe(elapsedMicroseconds)
>> + deprecatedRequestLatenciesSummary.WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component).Observe(elapsedMicroseconds)
>> +@@ -425,19 +423,6 @@ func cleanDryRun(u *url.URL) string {
>> + return strings.Join(utilsets.NewString(dryRun...).List(), ",")
>> + }
>> +
>> +-func cleanUserAgent(ua string) string {
>> +- // We collapse all "web browser"-type user agents into one "browser" to reduce metric cardinality.
>> +- if strings.HasPrefix(ua, "Mozilla/") {
>> +- return "Browser"
>> +- }
>> +- // If an old "kubectl.exe" has passed us its full path, we discard the path portion.
>> +- if kubectlExeRegexp.MatchString(ua) {
>> +- // avoid an allocation
>> +- ua = kubectlExeRegexp.ReplaceAllString(ua, "$1")
>> +- }
>> +- return ua
>> +-}
>> +-
>> + // ResponseWriterDelegator interface wraps http.ResponseWriter to additionally record content-length, status-code, etc.
>> + type ResponseWriterDelegator struct {
>> + http.ResponseWriter
>> +diff --git a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics_test.go b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics_test.go
>> +deleted file mode 100644
>> +index 4c0a8aa5d27..00000000000
>> +--- a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics_test.go
>> ++++ /dev/null
>> +@@ -1,54 +0,0 @@
>> +-/*
>> +-Copyright 2015 The Kubernetes Authors.
>> +-
>> +-Licensed under the Apache License, Version 2.0 (the "License");
>> +-you may not use this file except in compliance with the License.
>> +-You may obtain a copy of the License at
>> +-
>> +- http://www.apache.org/licenses/LICENSE-2.0
>> +-
>> +-Unless required by applicable law or agreed to in writing, software
>> +-distributed under the License is distributed on an "AS IS" BASIS,
>> +-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> +-See the License for the specific language governing permissions and
>> +-limitations under the License.
>> +-*/
>> +-
>> +-package metrics
>> +-
>> +-import "testing"
>> +-
>> +-func TestCleanUserAgent(t *testing.T) {
>> +- panicBuf := []byte{198, 73, 129, 133, 90, 216, 104, 29, 13, 134, 209, 233, 30, 0, 22}
>> +-
>> +- for _, tc := range []struct {
>> +- In string
>> +- Out string
>> +- }{
>> +- {
>> +- In: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36",
>> +- Out: "Browser",
>> +- },
>> +- {
>> +- In: "kubectl/v1.2.4",
>> +- Out: "kubectl/v1.2.4",
>> +- },
>> +- {
>> +- In: `C:\Users\Kubernetes\kubectl.exe/v1.5.4`,
>> +- Out: "kubectl.exe/v1.5.4",
>> +- },
>> +- {
>> +- In: `C:\Program Files\kubectl.exe/v1.5.4`,
>> +- Out: "kubectl.exe/v1.5.4",
>> +- },
>> +- {
>> +- // This malicious input courtesy of enisoc.
>> +- In: string(panicBuf) + "kubectl.exe",
>> +- Out: "kubectl.exe",
>> +- },
>> +- } {
>> +- if cleanUserAgent(tc.In) != tc.Out {
>> +- t.Errorf("Failed to clean User-Agent: %s", tc.In)
>> +- }
>> +- }
>> +-}
>> +--
>> +2.17.1
>> +
>> diff --git a/recipes-containers/kubernetes/kubernetes/0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch b/recipes-containers/kubernetes/kubernetes/0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch
>> new file mode 100644
>> index 0000000..2688797
>> --- /dev/null
>> +++ b/recipes-containers/kubernetes/kubernetes/0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch
>> @@ -0,0 +1,825 @@
>> +From a290fe55cb2f4593eb4ec5bf410cd77b9d925464 Mon Sep 17 00:00:00 2001
>> +From: CJ Cullen <cjcullen@google.com>
>> +Date: Wed, 22 Jan 2020 11:32:39 -0800
>> +Subject: [PATCH] update gopkg.in/yaml.v2 to v2.2.8
>> +
>> +Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/87637/commits/a290fe55cb2f4593eb4ec5bf410cd77b9d925464]
>> +CVE: CVE-2019-11254
>> +
>> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
>> +---
>> + go.mod | 4 +-
>> + go.sum | 4 +-
>> + staging/src/k8s.io/api/go.sum | 4 +-
>> + .../src/k8s.io/apiextensions-apiserver/go.mod | 2 +-
>> + .../src/k8s.io/apiextensions-apiserver/go.sum | 2 +
>> + staging/src/k8s.io/apimachinery/go.mod | 2 +-
>> + staging/src/k8s.io/apimachinery/go.sum | 4 +-
>> + staging/src/k8s.io/apiserver/go.mod | 2 +-
>> + staging/src/k8s.io/apiserver/go.sum | 4 +-
>> + staging/src/k8s.io/cli-runtime/go.sum | 4 +-
>> + staging/src/k8s.io/client-go/go.sum | 4 +-
>> + staging/src/k8s.io/cloud-provider/go.sum | 4 +-
>> + staging/src/k8s.io/cluster-bootstrap/go.sum | 4 +-
>> + staging/src/k8s.io/code-generator/go.mod | 2 +-
>> + staging/src/k8s.io/code-generator/go.sum | 4 +-
>> + staging/src/k8s.io/component-base/go.sum | 4 +-
>> + staging/src/k8s.io/cri-api/go.mod | 2 +-
>> + staging/src/k8s.io/cri-api/go.sum | 4 +-
>> + staging/src/k8s.io/csi-translation-lib/go.sum | 4 +-
>> + staging/src/k8s.io/kube-aggregator/go.sum | 4 +-
>> + .../src/k8s.io/kube-controller-manager/go.sum | 4 +-
>> + staging/src/k8s.io/kube-proxy/go.sum | 4 +-
>> + staging/src/k8s.io/kube-scheduler/go.sum | 4 +-
>> + staging/src/k8s.io/kubectl/go.mod | 2 +-
>> + staging/src/k8s.io/kubectl/go.sum | 4 +-
>> + staging/src/k8s.io/kubelet/go.sum | 4 +-
>> + .../src/k8s.io/legacy-cloud-providers/go.sum | 4 +-
>> + staging/src/k8s.io/metrics/go.sum | 4 +-
>> + staging/src/k8s.io/node-api/go.sum | 4 +-
>> + staging/src/k8s.io/sample-apiserver/go.sum | 4 +-
>> + staging/src/k8s.io/sample-cli-plugin/go.sum | 4 +-
>> + staging/src/k8s.io/sample-controller/go.sum | 4 +-
>> + vendor/gopkg.in/yaml.v2/.travis.yml | 18 +--
>> + vendor/gopkg.in/yaml.v2/decode.go | 14 ++-
>> + vendor/gopkg.in/yaml.v2/scannerc.go | 107 +++++++++---------
>> + vendor/gopkg.in/yaml.v2/yaml.go | 2 +-
>> + vendor/gopkg.in/yaml.v2/yamlh.go | 1 +
>> + vendor/modules.txt | 2 +-
>> + 38 files changed, 133 insertions(+), 125 deletions(-)
>> +
>> +diff --git a/src/import/go.mod b/src/import/go.mod
>> +index 7d515c2ffb0..28de082aa0d 100644
>> +--- a/src/import/go.mod
>> ++++ b/src/import/go.mod
>> +@@ -131,7 +131,7 @@ require (
>> + google.golang.org/grpc v1.23.1
>> + gopkg.in/gcfg.v1 v1.2.0
>> + gopkg.in/square/go-jose.v2 v2.2.2
>> +- gopkg.in/yaml.v2 v2.2.4
>> ++ gopkg.in/yaml.v2 v2.2.8
>> + gotest.tools v2.2.0+incompatible
>> + gotest.tools/gotestsum v0.3.5
>> + honnef.co/go/tools v0.0.1-2019.2.2
>> +@@ -518,7 +518,7 @@ replace (
>> + gopkg.in/square/go-jose.v2 => gopkg.in/square/go-jose.v2 v2.2.2
>> + gopkg.in/tomb.v1 => gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
>> + gopkg.in/warnings.v0 => gopkg.in/warnings.v0 v0.1.1
>> +- gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.2.4
>> ++ gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.2.8
>> + gotest.tools => gotest.tools v2.2.0+incompatible
>> + gotest.tools/gotestsum => gotest.tools/gotestsum v0.3.5
>> + grpc.go4.org => grpc.go4.org v0.0.0-20170609214715-11d0a25b4919
>> +diff --git a/src/import/go.sum b/src/import/go.sum
>> +index 72d79cb27b2..43aaee0e578 100644
>> +--- a/src/import/go.sum
>> ++++ b/src/import/go.sum
>> +@@ -574,8 +574,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkep
>> + gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
>> + gopkg.in/warnings.v0 v0.1.1 h1:XM28wIgFzaBmeZ5dNHIpWLQpt/9DGKxk+rCg/22nnYE=
>> + gopkg.in/warnings.v0 v0.1.1/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
>> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
>> + gotest.tools/gotestsum v0.3.5 h1:VePOWRsuWFYpfp/G8mbmOZKxO5T3501SEGQRUdvq7h0=
>> +diff --git a/src/import/staging/src/k8s.io/api/go.sum b/src/importsrc/import/staging/src/k8s.io/api/go.sum
>> +index 08ad9edc62a..73199a7c13e 100644
>> +--- a/src/import/staging/src/k8s.io/api/go.sum
>> ++++ b/src/import/staging/src/k8s.io/api/go.sum
>> +@@ -95,8 +95,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
>> + gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
>> + k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
>> + k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
>> +diff --git a/src/import/staging/src/k8s.io/apiextensions-apiserver/go.mod b/src/importsrc/import/staging/src/k8s.io/apiextensions-apiserver/go.mod
>> +index 97014a76a68..499daf4ffa7 100644
>> +--- a/src/import/staging/src/k8s.io/apiextensions-apiserver/go.mod
>> ++++ b/src/import/staging/src/k8s.io/apiextensions-apiserver/go.mod
>> +@@ -20,7 +20,7 @@ require (
>> + github.com/stretchr/testify v1.4.0
>> + go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738
>> + google.golang.org/grpc v1.23.1
>> +- gopkg.in/yaml.v2 v2.2.4
>> ++ gopkg.in/yaml.v2 v2.2.8
>> + k8s.io/api v0.0.0
>> + k8s.io/apimachinery v0.0.0
>> + k8s.io/apiserver v0.0.0
>> +diff --git a/src/import/staging/src/k8s.io/apiextensions-apiserver/go.sum b/src/importstaging/src/k8s.io/apiextensions-apiserver/go.sum
>> +index 6f8bd4918ce..ef6973e4220 100644
>> +--- a/src/import/staging/src/k8s.io/apiextensions-apiserver/go.sum
>> ++++ b/src/import/staging/src/k8s.io/apiextensions-apiserver/go.sum
>> +@@ -449,6 +449,8 @@ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> + gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> +diff --git a/src/import/staging/src/k8s.io/apimachinery/go.mod b/src/importstaging/src/k8s.io/apimachinery/go.mod
>> +index 85bd7edfc84..569aa8941c4 100644
>> +--- a/src/import/staging/src/k8s.io/apimachinery/go.mod
>> ++++ b/src/import/staging/src/k8s.io/apimachinery/go.mod
>> +@@ -30,7 +30,7 @@ require (
>> + golang.org/x/text v0.3.2 // indirect
>> + gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
>> + gopkg.in/inf.v0 v0.9.1
>> +- gopkg.in/yaml.v2 v2.2.4
>> ++ gopkg.in/yaml.v2 v2.2.8
>> + k8s.io/klog v1.0.0
>> + k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a
>> + sigs.k8s.io/yaml v1.1.0
>> +diff --git a/src/import/staging/src/k8s.io/apimachinery/go.sum b/src/importstaging/src/k8s.io/apimachinery/go.sum
>> +index 52ad8335f42..0741a85da3f 100644
>> +--- a/src/import/staging/src/k8s.io/apimachinery/go.sum
>> ++++ b/src/import/staging/src/k8s.io/apimachinery/go.sum
>> +@@ -111,8 +111,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
>> + gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
>> + k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
>> + k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
>> +diff --git a/src/import/staging/src/k8s.io/apiserver/go.mod b/src/importstaging/src/k8s.io/apiserver/go.mod
>> +index 01b925bab48..6586e6680cb 100644
>> +--- a/src/import/staging/src/k8s.io/apiserver/go.mod
>> ++++ b/src/import/staging/src/k8s.io/apiserver/go.mod
>> +@@ -42,7 +42,7 @@ require (
>> + google.golang.org/grpc v1.23.1
>> + gopkg.in/natefinch/lumberjack.v2 v2.0.0
>> + gopkg.in/square/go-jose.v2 v2.2.2
>> +- gopkg.in/yaml.v2 v2.2.4
>> ++ gopkg.in/yaml.v2 v2.2.8
>> + gotest.tools v2.2.0+incompatible // indirect
>> + k8s.io/api v0.0.0
>> + k8s.io/apimachinery v0.0.0
>> +diff --git a/src/import/staging/src/k8s.io/apiserver/go.sum b/src/importstaging/src/k8s.io/apiserver/go.sum
>> +index a9014243b34..0b216e592e4 100644
>> +--- a/src/import/staging/src/k8s.io/apiserver/go.sum
>> ++++ b/src/import/staging/src/k8s.io/apiserver/go.sum
>> +@@ -345,8 +345,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
>> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> +diff --git a/src/import/staging/src/k8s.io/cli-runtime/go.sum b/src/importstaging/src/k8s.io/cli-runtime/go.sum
>> +index a5eef73070b..c6c2d0d9231 100644
>> +--- a/src/import/staging/src/k8s.io/cli-runtime/go.sum
>> ++++ b/src/import/staging/src/k8s.io/cli-runtime/go.sum
>> +@@ -234,8 +234,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
>> +diff --git a/src/import/staging/src/k8s.io/client-go/go.sum b/src/importstaging/src/k8s.io/client-go/go.sum
>> +index d0df7473b3e..f8f205a69d7 100644
>> +--- a/src/import/staging/src/k8s.io/client-go/go.sum
>> ++++ b/src/import/staging/src/k8s.io/client-go/go.sum
>> +@@ -189,8 +189,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
>> +diff --git a/src/import/staging/src/k8s.io/cloud-provider/go.sum b/src/importstaging/src/k8s.io/cloud-provider/go.sum
>> +index 8ccf452dc8d..74228199881 100644
>> +--- a/src/import/staging/src/k8s.io/cloud-provider/go.sum
>> ++++ b/src/import/staging/src/k8s.io/cloud-provider/go.sum
>> +@@ -171,8 +171,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
>> +diff --git a/src/import/staging/src/k8s.io/cluster-bootstrap/go.sum b/src/importstaging/src/k8s.io/cluster-bootstrap/go.sum
>> +index 8d81d0563ea..4c58905c7d8 100644
>> +--- a/src/import/staging/src/k8s.io/cluster-bootstrap/go.sum
>> ++++ b/src/import/staging/src/k8s.io/cluster-bootstrap/go.sum
>> +@@ -99,8 +99,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
>> + gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
>> + k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
>> + k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
>> +diff --git a/src/import/staging/src/k8s.io/code-generator/go.mod b/src/importstaging/src/k8s.io/code-generator/go.mod
>> +index 69a9e1cd9f2..2436804e8f0 100644
>> +--- a/src/import/staging/src/k8s.io/code-generator/go.mod
>> ++++ b/src/import/staging/src/k8s.io/code-generator/go.mod
>> +@@ -18,7 +18,7 @@ require (
>> + golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72 // indirect
>> + gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485
>> + gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e // indirect
>> +- gopkg.in/yaml.v2 v2.2.4 // indirect
>> ++ gopkg.in/yaml.v2 v2.2.8 // indirect
>> + k8s.io/gengo v0.0.0-20190822140433-26a664648505
>> + k8s.io/klog v1.0.0
>> + k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a
>> +diff --git a/src/import/staging/src/k8s.io/code-generator/go.sum b/src/importstaging/src/k8s.io/code-generator/go.sum
>> +index 7bab2c9efd3..afc21aae562 100644
>> +--- a/src/import/staging/src/k8s.io/code-generator/go.sum
>> ++++ b/src/import/staging/src/k8s.io/code-generator/go.sum
>> +@@ -114,8 +114,8 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
>> + k8s.io/gengo v0.0.0-20190822140433-26a664648505 h1:ZY6yclUKVbZ+SdWnkfY+Je5vrMpKOxmGeKRbsXVmqYM=
>> +diff --git a/src/import/staging/src/k8s.io/component-base/go.sum b/src/importstaging/src/k8s.io/component-base/go.sum
>> +index b6af501ac2e..6c54e8b74e0 100644
>> +--- a/src/import/staging/src/k8s.io/component-base/go.sum
>> ++++ b/src/import/staging/src/k8s.io/component-base/go.sum
>> +@@ -210,8 +210,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
>> +diff --git a/src/import/staging/src/k8s.io/cri-api/go.mod b/src/importstaging/src/k8s.io/cri-api/go.mod
>> +index de2050e54af..4f8315dcfcc 100644
>> +--- a/src/import/staging/src/k8s.io/cri-api/go.mod
>> ++++ b/src/import/staging/src/k8s.io/cri-api/go.mod
>> +@@ -16,7 +16,7 @@ require (
>> + google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873 // indirect
>> + google.golang.org/grpc v1.23.1
>> + gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
>> +- gopkg.in/yaml.v2 v2.2.4 // indirect
>> ++ gopkg.in/yaml.v2 v2.2.8 // indirect
>> + )
>> +
>> + replace (
>> +diff --git a/src/import/staging/src/k8s.io/cri-api/go.sum b/src/importstaging/src/k8s.io/cri-api/go.sum
>> +index 880169cf1dc..5340741af79 100644
>> +--- a/src/import/staging/src/k8s.io/cri-api/go.sum
>> ++++ b/src/import/staging/src/k8s.io/cri-api/go.sum
>> +@@ -59,7 +59,7 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
>> + gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
>> + gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> +diff --git a/src/import/staging/src/k8s.io/csi-translation-lib/go.sum b/src/importstaging/src/k8s.io/csi-translation-lib/go.sum
>> +index 2cb7a51b2a4..f918afd9078 100644
>> +--- a/src/import/staging/src/k8s.io/csi-translation-lib/go.sum
>> ++++ b/src/import/staging/src/k8s.io/csi-translation-lib/go.sum
>> +@@ -154,8 +154,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
>> +diff --git a/src/import/staging/src/k8s.io/kube-aggregator/go.sum b/src/importstaging/src/k8s.io/kube-aggregator/go.sum
>> +index bfcd7b4aa8a..d29c2136442 100644
>> +--- a/src/import/staging/src/k8s.io/kube-aggregator/go.sum
>> ++++ b/src/import/staging/src/k8s.io/kube-aggregator/go.sum
>> +@@ -378,8 +378,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> +diff --git a/src/import/staging/src/k8s.io/kube-controller-manager/go.sum b/src/importstaging/src/k8s.io/kube-controller-manager/go.sum
>> +index 5303a3606b3..b238ae9cbbb 100644
>> +--- a/src/import/staging/src/k8s.io/kube-controller-manager/go.sum
>> ++++ b/src/import/staging/src/k8s.io/kube-controller-manager/go.sum
>> +@@ -184,8 +184,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
>> +diff --git a/src/import/staging/src/k8s.io/kube-proxy/go.sum b/src/importstaging/src/k8s.io/kube-proxy/go.sum
>> +index 5303a3606b3..b238ae9cbbb 100644
>> +--- a/src/import/staging/src/k8s.io/kube-proxy/go.sum
>> ++++ b/src/import/staging/src/k8s.io/kube-proxy/go.sum
>> +@@ -184,8 +184,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
>> +diff --git a/src/import/staging/src/k8s.io/kube-scheduler/go.sum b/src/importstaging/src/k8s.io/kube-scheduler/go.sum
>> +index 5303a3606b3..b238ae9cbbb 100644
>> +--- a/src/import/staging/src/k8s.io/kube-scheduler/go.sum
>> ++++ b/src/import/staging/src/k8s.io/kube-scheduler/go.sum
>> +@@ -184,8 +184,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
>> +diff --git a/src/import/staging/src/k8s.io/kubectl/go.mod b/src/importstaging/src/k8s.io/kubectl/go.mod
>> +index e0111ac16bf..c646296ebb1 100644
>> +--- a/src/import/staging/src/k8s.io/kubectl/go.mod
>> ++++ b/src/import/staging/src/k8s.io/kubectl/go.mod
>> +@@ -34,7 +34,7 @@ require (
>> + github.com/stretchr/testify v1.4.0
>> + github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1 // indirect
>> + golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456
>> +- gopkg.in/yaml.v2 v2.2.4
>> ++ gopkg.in/yaml.v2 v2.2.8
>> + gotest.tools v2.2.0+incompatible // indirect
>> + k8s.io/api v0.0.0
>> + k8s.io/apimachinery v0.0.0
>> +diff --git a/src/import/staging/src/k8s.io/kubectl/go.sum b/src/importstaging/src/k8s.io/kubectl/go.sum
>> +index 95ba529852c..1db9943f53c 100644
>> +--- a/src/import/staging/src/k8s.io/kubectl/go.sum
>> ++++ b/src/import/staging/src/k8s.io/kubectl/go.sum
>> +@@ -317,8 +317,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
>> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> +diff --git a/src/import/staging/src/k8s.io/kubelet/go.sum b/src/importstaging/src/k8s.io/kubelet/go.sum
>> +index f42a61078c9..57a0c633583 100644
>> +--- a/src/import/staging/src/k8s.io/kubelet/go.sum
>> ++++ b/src/import/staging/src/k8s.io/kubelet/go.sum
>> +@@ -119,8 +119,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
>> + gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
>> +diff --git a/src/import/staging/src/k8s.io/legacy-cloud-providers/go.sum b/src/importstaging/src/k8s.io/legacy-cloud-providers/go.sum
>> +index 99f76dac0cc..9e990dff888 100644
>> +--- a/src/import/staging/src/k8s.io/legacy-cloud-providers/go.sum
>> ++++ b/src/import/staging/src/k8s.io/legacy-cloud-providers/go.sum
>> +@@ -340,8 +340,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> +diff --git a/src/import/staging/src/k8s.io/metrics/go.sum b/src/importstaging/src/k8s.io/metrics/go.sum
>> +index 99df273ff9e..d9b2c94fdbe 100644
>> +--- a/src/import/staging/src/k8s.io/metrics/go.sum
>> ++++ b/src/import/staging/src/k8s.io/metrics/go.sum
>> +@@ -211,8 +211,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk=
>> +diff --git a/src/import/staging/src/k8s.io/node-api/go.sum b/src/importstaging/src/k8s.io/node-api/go.sum
>> +index 77f0a21fa7d..1cb50186d99 100644
>> +--- a/src/import/staging/src/k8s.io/node-api/go.sum
>> ++++ b/src/import/staging/src/k8s.io/node-api/go.sum
>> +@@ -215,8 +215,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk=
>> +diff --git a/src/import/staging/src/k8s.io/sample-apiserver/go.sum b/src/importstaging/src/k8s.io/sample-apiserver/go.sum
>> +index 3ea72ac63e9..236ee4b1e88 100644
>> +--- a/src/import/staging/src/k8s.io/sample-apiserver/go.sum
>> ++++ b/src/import/staging/src/k8s.io/sample-apiserver/go.sum
>> +@@ -375,8 +375,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> +diff --git a/src/import/staging/src/k8s.io/sample-cli-plugin/go.sum b/src/importstaging/src/k8s.io/sample-cli-plugin/go.sum
>> +index a5eef73070b..c6c2d0d9231 100644
>> +--- a/src/import/staging/src/k8s.io/sample-cli-plugin/go.sum
>> ++++ b/src/import/staging/src/k8s.io/sample-cli-plugin/go.sum
>> +@@ -234,8 +234,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
>> +diff --git a/src/import/staging/src/k8s.io/sample-controller/go.sum b/src/importstaging/src/k8s.io/sample-controller/go.sum
>> +index 55fa85acf16..3b18f34b5a6 100644
>> +--- a/src/import/staging/src/k8s.io/sample-controller/go.sum
>> ++++ b/src/import/staging/src/k8s.io/sample-controller/go.sum
>> +@@ -216,8 +216,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
>> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
>> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
>> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
>> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
>> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
>> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk=
>> +diff --git a/src/import/vendor/gopkg.in/yaml.v2/.travis.yml b/src/importvendor/gopkg.in/yaml.v2/.travis.yml
>> +index 9f556934d8b..055480b9ef8 100644
>> +--- a/src/import/vendor/gopkg.in/yaml.v2/.travis.yml
>> ++++ b/src/import/vendor/gopkg.in/yaml.v2/.travis.yml
>> +@@ -1,12 +1,16 @@
>> + language: go
>> +
>> + go:
>> +- - 1.4
>> +- - 1.5
>> +- - 1.6
>> +- - 1.7
>> +- - 1.8
>> +- - 1.9
>> +- - tip
>> ++ - "1.4.x"
>> ++ - "1.5.x"
>> ++ - "1.6.x"
>> ++ - "1.7.x"
>> ++ - "1.8.x"
>> ++ - "1.9.x"
>> ++ - "1.10.x"
>> ++ - "1.11.x"
>> ++ - "1.12.x"
>> ++ - "1.13.x"
>> ++ - "tip"
>> +
>> + go_import_path: gopkg.in/yaml.v2
>> +diff --git a/src/import/vendor/gopkg.in/yaml.v2/decode.go b/src/importvendor/gopkg.in/yaml.v2/decode.go
>> +index 53108765555..129bc2a97d3 100644
>> +--- a/src/import/vendor/gopkg.in/yaml.v2/decode.go
>> ++++ b/src/import/vendor/gopkg.in/yaml.v2/decode.go
>> +@@ -319,10 +319,14 @@ func (d *decoder) prepare(n *node, out reflect.Value) (newout reflect.Value, unm
>> + }
>> +
>> + const (
>> +- // 400,000 decode operations is ~500kb of dense object declarations, or ~5kb of dense object declarations with 10000% alias expansion
>> ++ // 400,000 decode operations is ~500kb of dense object declarations, or
>> ++ // ~5kb of dense object declarations with 10000% alias expansion
>> + alias_ratio_range_low = 400000
>> +- // 4,000,000 decode operations is ~5MB of dense object declarations, or ~4.5MB of dense object declarations with 10% alias expansion
>> ++
>> ++ // 4,000,000 decode operations is ~5MB of dense object declarations, or
>> ++ // ~4.5MB of dense object declarations with 10% alias expansion
>> + alias_ratio_range_high = 4000000
>> ++
>> + // alias_ratio_range is the range over which we scale allowed alias ratios
>> + alias_ratio_range = float64(alias_ratio_range_high - alias_ratio_range_low)
>> + )
>> +@@ -784,8 +788,7 @@ func (d *decoder) merge(n *node, out reflect.Value) {
>> + case mappingNode:
>> + d.unmarshal(n, out)
>> + case aliasNode:
>> +- an, ok := d.doc.anchors[n.value]
>> +- if ok && an.kind != mappingNode {
>> ++ if n.alias != nil && n.alias.kind != mappingNode {
>> + failWantMap()
>> + }
>> + d.unmarshal(n, out)
>> +@@ -794,8 +797,7 @@ func (d *decoder) merge(n *node, out reflect.Value) {
>> + for i := len(n.children) - 1; i >= 0; i-- {
>> + ni := n.children[i]
>> + if ni.kind == aliasNode {
>> +- an, ok := d.doc.anchors[ni.value]
>> +- if ok && an.kind != mappingNode {
>> ++ if ni.alias != nil && ni.alias.kind != mappingNode {
>> + failWantMap()
>> + }
>> + } else if ni.kind != mappingNode {
>> +diff --git a/src/import/vendor/gopkg.in/yaml.v2/scannerc.go b/src/importvendor/gopkg.in/yaml.v2/scannerc.go
>> +index 570b8ecd10f..0b9bb6030a0 100644
>> +--- a/src/import/vendor/gopkg.in/yaml.v2/scannerc.go
>> ++++ b/src/import/vendor/gopkg.in/yaml.v2/scannerc.go
>> +@@ -626,31 +626,18 @@ func trace(args ...interface{}) func() {
>> + func yaml_parser_fetch_more_tokens(parser *yaml_parser_t) bool {
>> + // While we need more tokens to fetch, do it.
>> + for {
>> +- // Check if we really need to fetch more tokens.
>> +- need_more_tokens := false
>> +-
>> +- if parser.tokens_head == len(parser.tokens) {
>> +- // Queue is empty.
>> +- need_more_tokens = true
>> +- } else {
>> +- // Check if any potential simple key may occupy the head position.
>> +- if !yaml_parser_stale_simple_keys(parser) {
>> ++ if parser.tokens_head != len(parser.tokens) {
>> ++ // If queue is non-empty, check if any potential simple key may
>> ++ // occupy the head position.
>> ++ head_tok_idx, ok := parser.simple_keys_by_tok[parser.tokens_parsed]
>> ++ if !ok {
>> ++ break
>> ++ } else if valid, ok := yaml_simple_key_is_valid(parser, &parser.simple_keys[head_tok_idx]); !ok {
>> + return false
>> +- }
>> +-
>> +- for i := range parser.simple_keys {
>> +- simple_key := &parser.simple_keys[i]
>> +- if simple_key.possible && simple_key.token_number == parser.tokens_parsed {
>> +- need_more_tokens = true
>> +- break
>> +- }
>> ++ } else if !valid {
>> ++ break
>> + }
>> + }
>> +-
>> +- // We are finished.
>> +- if !need_more_tokens {
>> +- break
>> +- }
>> + // Fetch the next token.
>> + if !yaml_parser_fetch_next_token(parser) {
>> + return false
>> +@@ -678,11 +665,6 @@ func yaml_parser_fetch_next_token(parser *yaml_parser_t) bool {
>> + return false
>> + }
>> +
>> +- // Remove obsolete potential simple keys.
>> +- if !yaml_parser_stale_simple_keys(parser) {
>> +- return false
>> +- }
>> +-
>> + // Check the indentation level against the current column.
>> + if !yaml_parser_unroll_indent(parser, parser.mark.column) {
>> + return false
>> +@@ -837,29 +819,30 @@ func yaml_parser_fetch_next_token(parser *yaml_parser_t) bool {
>> + "found character that cannot start any token")
>> + }
>> +
>> +-// Check the list of potential simple keys and remove the positions that
>> +-// cannot contain simple keys anymore.
>> +-func yaml_parser_stale_simple_keys(parser *yaml_parser_t) bool {
>> +- // Check for a potential simple key for each flow level.
>> +- for i := range parser.simple_keys {
>> +- simple_key := &parser.simple_keys[i]
>> +-
>> +- // The specification requires that a simple key
>> +- //
>> +- // - is limited to a single line,
>> +- // - is shorter than 1024 characters.
>> +- if simple_key.possible && (simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index) {
>> +-
>> +- // Check if the potential simple key to be removed is required.
>> +- if simple_key.required {
>> +- return yaml_parser_set_scanner_error(parser,
>> +- "while scanning a simple key", simple_key.mark,
>> +- "could not find expected ':'")
>> +- }
>> +- simple_key.possible = false
>> ++func yaml_simple_key_is_valid(parser *yaml_parser_t, simple_key *yaml_simple_key_t) (valid, ok bool) {
>> ++ if !simple_key.possible {
>> ++ return false, true
>> ++ }
>> ++
>> ++ // The 1.2 specification says:
>> ++ //
>> ++ // "If the ? indicator is omitted, parsing needs to see past the
>> ++ // implicit key to recognize it as such. To limit the amount of
>> ++ // lookahead required, the “:” indicator must appear at most 1024
>> ++ // Unicode characters beyond the start of the key. In addition, the key
>> ++ // is restricted to a single line."
>> ++ //
>> ++ if simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index {
>> ++ // Check if the potential simple key to be removed is required.
>> ++ if simple_key.required {
>> ++ return false, yaml_parser_set_scanner_error(parser,
>> ++ "while scanning a simple key", simple_key.mark,
>> ++ "could not find expected ':'")
>> + }
>> ++ simple_key.possible = false
>> ++ return false, true
>> + }
>> +- return true
>> ++ return true, true
>> + }
>> +
>> + // Check if a simple key may start at the current position and add it if
>> +@@ -879,13 +862,14 @@ func yaml_parser_save_simple_key(parser *yaml_parser_t) bool {
>> + possible: true,
>> + required: required,
>> + token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
>> ++ mark: parser.mark,
>> + }
>> +- simple_key.mark = parser.mark
>> +
>> + if !yaml_parser_remove_simple_key(parser) {
>> + return false
>> + }
>> + parser.simple_keys[len(parser.simple_keys)-1] = simple_key
>> ++ parser.simple_keys_by_tok[simple_key.token_number] = len(parser.simple_keys) - 1
>> + }
>> + return true
>> + }
>> +@@ -900,9 +884,10 @@ func yaml_parser_remove_simple_key(parser *yaml_parser_t) bool {
>> + "while scanning a simple key", parser.simple_keys[i].mark,
>> + "could not find expected ':'")
>> + }
>> ++ // Remove the key from the stack.
>> ++ parser.simple_keys[i].possible = false
>> ++ delete(parser.simple_keys_by_tok, parser.simple_keys[i].token_number)
>> + }
>> +- // Remove the key from the stack.
>> +- parser.simple_keys[i].possible = false
>> + return true
>> + }
>> +
>> +@@ -912,7 +897,12 @@ const max_flow_level = 10000
>> + // Increase the flow level and resize the simple key list if needed.
>> + func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool {
>> + // Reset the simple key on the next level.
>> +- parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{})
>> ++ parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{
>> ++ possible: false,
>> ++ required: false,
>> ++ token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
>> ++ mark: parser.mark,
>> ++ })
>> +
>> + // Increase the flow level.
>> + parser.flow_level++
>> +@@ -928,7 +918,9 @@ func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool {
>> + func yaml_parser_decrease_flow_level(parser *yaml_parser_t) bool {
>> + if parser.flow_level > 0 {
>> + parser.flow_level--
>> +- parser.simple_keys = parser.simple_keys[:len(parser.simple_keys)-1]
>> ++ last := len(parser.simple_keys) - 1
>> ++ delete(parser.simple_keys_by_tok, parser.simple_keys[last].token_number)
>> ++ parser.simple_keys = parser.simple_keys[:last]
>> + }
>> + return true
>> + }
>> +@@ -1005,6 +997,8 @@ func yaml_parser_fetch_stream_start(parser *yaml_parser_t) bool {
>> + // Initialize the simple key stack.
>> + parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{})
>> +
>> ++ parser.simple_keys_by_tok = make(map[int]int)
>> ++
>> + // A simple key is allowed at the beginning of the stream.
>> + parser.simple_key_allowed = true
>> +
>> +@@ -1286,7 +1280,11 @@ func yaml_parser_fetch_value(parser *yaml_parser_t) bool {
>> + simple_key := &parser.simple_keys[len(parser.simple_keys)-1]
>> +
>> + // Have we found a simple key?
>> +- if simple_key.possible {
>> ++ if valid, ok := yaml_simple_key_is_valid(parser, simple_key); !ok {
>> ++ return false
>> ++
>> ++ } else if valid {
>> ++
>> + // Create the KEY token and insert it into the queue.
>> + token := yaml_token_t{
>> + typ: yaml_KEY_TOKEN,
>> +@@ -1304,6 +1302,7 @@ func yaml_parser_fetch_value(parser *yaml_parser_t) bool {
>> +
>> + // Remove the simple key.
>> + simple_key.possible = false
>> ++ delete(parser.simple_keys_by_tok, simple_key.token_number)
>> +
>> + // A simple key cannot follow another simple key.
>> + parser.simple_key_allowed = false
>> +diff --git a/src/import/vendor/gopkg.in/yaml.v2/yaml.go b/src/importvendor/gopkg.in/yaml.v2/yaml.go
>> +index de85aa4cdb7..89650e293ac 100644
>> +--- a/src/import/vendor/gopkg.in/yaml.v2/yaml.go
>> ++++ b/src/import/vendor/gopkg.in/yaml.v2/yaml.go
>> +@@ -89,7 +89,7 @@ func UnmarshalStrict(in []byte, out interface{}) (err error) {
>> + return unmarshal(in, out, true)
>> + }
>> +
>> +-// A Decorder reads and decodes YAML values from an input stream.
>> ++// A Decoder reads and decodes YAML values from an input stream.
>> + type Decoder struct {
>> + strict bool
>> + parser *parser
>> +diff --git a/src/import/vendor/gopkg.in/yaml.v2/yamlh.go b/src/importvendor/gopkg.in/yaml.v2/yamlh.go
>> +index e25cee563be..f6a9c8e34b1 100644
>> +--- a/src/import/vendor/gopkg.in/yaml.v2/yamlh.go
>> ++++ b/src/import/vendor/gopkg.in/yaml.v2/yamlh.go
>> +@@ -579,6 +579,7 @@ type yaml_parser_t struct {
>> +
>> + simple_key_allowed bool // May a simple key occur at the current position?
>> + simple_keys []yaml_simple_key_t // The stack of simple keys.
>> ++ simple_keys_by_tok map[int]int // possible simple_key indexes indexed by token_number
>> +
>> + // Parser stuff
>> +
>> +diff --git a/src/import/vendor/modules.txt b/src/importvendor/modules.txt
>> +index a51796d1ed5..a45f1cd3e3b 100644
>> +--- a/src/import/vendor/modules.txt
>> ++++ b/src/import/vendor/modules.txt
>> +@@ -1059,7 +1059,7 @@ gopkg.in/square/go-jose.v2/jwt
>> + gopkg.in/tomb.v1
>> + # gopkg.in/warnings.v0 v0.1.1 => gopkg.in/warnings.v0 v0.1.1
>> + gopkg.in/warnings.v0
>> +-# gopkg.in/yaml.v2 v2.2.4 => gopkg.in/yaml.v2 v2.2.4
>> ++# gopkg.in/yaml.v2 v2.2.8 => gopkg.in/yaml.v2 v2.2.8
>> + gopkg.in/yaml.v2
>> + # gotest.tools v2.2.0+incompatible => gotest.tools v2.2.0+incompatible
>> + gotest.tools
>> +--
>> +2.20.1
>> +
>> diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
>> index 76107af..4698874 100644
>> --- a/recipes-containers/kubernetes/kubernetes_git.bb
>> +++ b/recipes-containers/kubernetes/kubernetes_git.bb
>> @@ -11,6 +11,11 @@ SRCREV_kubernetes = "f45fc1861acab22eb6a4697e3fb831e85ef5ff9c"
>> SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.17;name=kubernetes \
>> file://0001-hack-lib-golang.sh-use-CC-from-environment.patch \
>> file://0001-cross-don-t-build-tests-by-default.patch \
>> + file://0001-Add-new-endpoint-for-resource-metrics.patch \
>> + file://0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch \
>> + file://0001-remove-client-label-from-apiserver-request-count-met.patch \
>> + file://0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch \
>> + file://0001-Deal-with-auto-generated-files.patch \
>> "
>>
>> DEPENDS += "rsync-native \
>> --
>> 2.24.1
>>
>>
>
>
>
>
[-- Attachment #2: Type: text/html, Size: 128261 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [meta-virtualization][PATCH] kubernetes: Backport CVE fixes
2020-05-07 14:53 ` sakib.sajal
@ 2020-05-08 20:12 ` Bruce Ashfield
0 siblings, 0 replies; 4+ messages in thread
From: Bruce Ashfield @ 2020-05-08 20:12 UTC (permalink / raw)
To: meta-virtualization
On Thu, May 7, 2020 at 10:53 AM <sakib.sajal@windriver.com> wrote:
>
>
> On 2020-04-29 3:28 p.m., Bruce Ashfield wrote:
>
> I'm nearly complete on an kubernetes refresh, so I won't merge this
> patch to master, and I'm inclined to do the uprev even in dunfell.
>
> If this patch is destined for dunfell, that should indicated clearly
> in the patch subject.
>
> Cheers,
>
> Bruce
>
>
> Thank you for taking the time to review the changes.
>
> What version are you refreshing to?
release-1.18 latest
Bruce
>
>
> Sakib
>
> On Wed, Apr 29, 2020 at 1:49 PM <sakib.sajal@windriver.com> wrote:
>
> CVE: CVE-2020-8551
> - 0db7074e1ad237af1a513bdf51160bf4b4cdc9f1
> - 9802bfcec0580169cffce2a3d468689a407fa7dc
> - c394d821fdafd719619eb63fcd1065a95ec02ef9
>
> CVE: CVE-2020-8552
> - cc3190968b1f14ddf4067abef849fc41bd6068dc
>
> CVE: CVE-2019-11254
> - a290fe55cb2f4593eb4ec5bf410cd77b9d925464
>
> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> ---
> ...-to-fix-kubelet-metrics-memory-issue.patch | 313 +++++++
> ...dd-new-endpoint-for-resource-metrics.patch | 440 ++++++++++
> .../0001-Deal-with-auto-generated-files.patch | 60 ++
> ...bel-from-apiserver-request-count-met.patch | 171 ++++
> ...01-update-gopkg.in-yaml.v2-to-v2.2.8.patch | 825 ++++++++++++++++++
> .../kubernetes/kubernetes_git.bb | 5 +
> 6 files changed, 1814 insertions(+)
> create mode 100644 recipes-containers/kubernetes/kubernetes/0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch
> create mode 100644 recipes-containers/kubernetes/kubernetes/0001-Add-new-endpoint-for-resource-metrics.patch
> create mode 100644 recipes-containers/kubernetes/kubernetes/0001-Deal-with-auto-generated-files.patch
> create mode 100644 recipes-containers/kubernetes/kubernetes/0001-remove-client-label-from-apiserver-request-count-met.patch
> create mode 100644 recipes-containers/kubernetes/kubernetes/0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch
>
> diff --git a/recipes-containers/kubernetes/kubernetes/0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch b/recipes-containers/kubernetes/kubernetes/0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch
> new file mode 100644
> index 0000000..5369f04
> --- /dev/null
> +++ b/recipes-containers/kubernetes/kubernetes/0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch
> @@ -0,0 +1,313 @@
> +From 0bf092ccc5fccb06b13afe5da86286a856d96770 Mon Sep 17 00:00:00 2001
> +From: Walter Fender <wfender@google.com>
> +Date: Thu, 6 Feb 2020 19:10:18 -0800
> +Subject: [PATCH] Add code to fix kubelet/metrics memory issue.
> +
> +Bucketing url paths based on concept/handling.
> +Bucketing code placed by handling code to encourage usage.
> +Added unit tests.
> +Fix format.
> +
> +Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/87913/commits/9802bfcec0580169cffce2a3d468689a407fa7dc]
> +CVE: CVE-2020-8551
> +
> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> +---
> + pkg/kubelet/server/server.go | 57 ++++++++++++++++++++++++++++---
> + pkg/kubelet/server/server_test.go | 54 ++++++++++++++++++++++++++++-
> + 2 files changed, 106 insertions(+), 5 deletions(-)
> +
> +diff --git a/src/import/pkg/kubelet/server/server.go b/src/import/pkg/kubelet/server/server.go
> +index 0f953c92502..05c1dc9c701 100644
> +--- a/src/import/pkg/kubelet/server/server.go
> ++++ b/src/import/pkg/kubelet/server/server.go
> +@@ -89,6 +89,7 @@ type Server struct {
> + auth AuthInterface
> + host HostInterface
> + restfulCont containerInterface
> ++ metricsBuckets map[string]bool
> + resourceAnalyzer stats.ResourceAnalyzer
> + redirectContainerStreaming bool
> + }
> +@@ -225,6 +226,7 @@ func NewServer(
> + resourceAnalyzer: resourceAnalyzer,
> + auth: auth,
> + restfulCont: &filteringContainer{Container: restful.NewContainer()},
> ++ metricsBuckets: make(map[string]bool),
> + redirectContainerStreaming: redirectContainerStreaming,
> + }
> + if auth != nil {
> +@@ -280,14 +282,32 @@ func (s *Server) InstallAuthFilter() {
> + })
> + }
> +
> ++// addMetricsBucketMatcher adds a regexp matcher and the relevant bucket to use when
> ++// it matches. Please be aware this is not thread safe and should not be used dynamically
> ++func (s *Server) addMetricsBucketMatcher(bucket string) {
> ++ s.metricsBuckets[bucket] = true
> ++}
> ++
> ++// getMetricBucket find the appropriate metrics reporting bucket for the given path
> ++func (s *Server) getMetricBucket(path string) string {
> ++ root := getURLRootPath(path)
> ++ if s.metricsBuckets[root] == true {
> ++ return root
> ++ }
> ++ return "Invalid path"
> ++}
> ++
> + // InstallDefaultHandlers registers the default set of supported HTTP request
> + // patterns with the restful Container.
> + func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
> ++ s.addMetricsBucketMatcher("healthz")
> + healthz.InstallHandler(s.restfulCont,
> + healthz.PingHealthz,
> + healthz.LogHealthz,
> + healthz.NamedCheck("syncloop", s.syncLoopHealthCheck),
> + )
> ++
> ++ s.addMetricsBucketMatcher("pods")
> + ws := new(restful.WebService)
> + ws.
> + Path("/pods").
> +@@ -297,7 +317,14 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
> + Operation("getPods"))
> + s.restfulCont.Add(ws)
> +
> ++ s.addMetricsBucketMatcher("stats")
> + s.restfulCont.Add(stats.CreateHandlers(statsPath, s.host, s.resourceAnalyzer, enableCAdvisorJSONEndpoints))
> ++
> ++ s.addMetricsBucketMatcher("metrics")
> ++ s.addMetricsBucketMatcher("metrics/cadvisor")
> ++ s.addMetricsBucketMatcher("metrics/probes")
> ++ s.addMetricsBucketMatcher("metrics/resource/v1alpha1")
> ++ s.addMetricsBucketMatcher("metrics/resource")
> + //lint:ignore SA1019 https://github.com/kubernetes/enhancements/issues/1206
> + s.restfulCont.Handle(metricsPath, legacyregistry.Handler())
> +
> +@@ -320,12 +347,15 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
> + compbasemetrics.HandlerFor(r, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
> + )
> +
> ++ // deprecated endpoint which will be removed in release 1.20.0+.
> ++ s.addMetricsBucketMatcher("metrics/resource/v1alpha1")
> + v1alpha1ResourceRegistry := compbasemetrics.NewKubeRegistry()
> + v1alpha1ResourceRegistry.CustomMustRegister(stats.NewPrometheusResourceMetricCollector(s.resourceAnalyzer, v1alpha1.Config()))
> + s.restfulCont.Handle(path.Join(resourceMetricsPath, v1alpha1.Version),
> + compbasemetrics.HandlerFor(v1alpha1ResourceRegistry, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
> + )
> +
> ++ s.addMetricsBucketMatcher("metrics/resource")
> + resourceRegistry := compbasemetrics.NewKubeRegistry()
> + resourceRegistry.CustomMustRegister(collectors.NewResourceMetricsCollector(s.resourceAnalyzer))
> + s.restfulCont.Handle(resourceMetricsPath,
> +@@ -334,6 +364,7 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
> +
> + // prober metrics are exposed under a different endpoint
> +
> ++ s.addMetricsBucketMatcher("metrics/probes")
> + p := compbasemetrics.NewKubeRegistry()
> + compbasemetrics.RegisterProcessStartTime(p.RawRegister)
> + p.MustRegister(prober.ProberResults)
> +@@ -341,6 +372,7 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
> + compbasemetrics.HandlerFor(p, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
> + )
> +
> ++ s.addMetricsBucketMatcher("spec")
> + if enableCAdvisorJSONEndpoints {
> + ws := new(restful.WebService)
> + ws.
> +@@ -360,6 +392,7 @@ const pprofBasePath = "/debug/pprof/"
> + func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + klog.Infof("Adding debug handlers to kubelet server.")
> +
> ++ s.addMetricsBucketMatcher("run")
> + ws := new(restful.WebService)
> + ws.
> + Path("/run")
> +@@ -371,6 +404,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + Operation("getRun"))
> + s.restfulCont.Add(ws)
> +
> ++ s.addMetricsBucketMatcher("exec")
> + ws = new(restful.WebService)
> + ws.
> + Path("/exec")
> +@@ -388,6 +422,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + Operation("getExec"))
> + s.restfulCont.Add(ws)
> +
> ++ s.addMetricsBucketMatcher("attach")
> + ws = new(restful.WebService)
> + ws.
> + Path("/attach")
> +@@ -405,6 +440,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + Operation("getAttach"))
> + s.restfulCont.Add(ws)
> +
> ++ s.addMetricsBucketMatcher("portForward")
> + ws = new(restful.WebService)
> + ws.
> + Path("/portForward")
> +@@ -422,6 +458,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + Operation("getPortForward"))
> + s.restfulCont.Add(ws)
> +
> ++ s.addMetricsBucketMatcher("logs")
> + ws = new(restful.WebService)
> + ws.
> + Path(logsPath)
> +@@ -434,6 +471,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + Param(ws.PathParameter("logpath", "path to the log").DataType("string")))
> + s.restfulCont.Add(ws)
> +
> ++ s.addMetricsBucketMatcher("containerLogs")
> + ws = new(restful.WebService)
> + ws.
> + Path("/containerLogs")
> +@@ -442,8 +480,10 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + Operation("getContainerLogs"))
> + s.restfulCont.Add(ws)
> +
> ++ s.addMetricsBucketMatcher("configz")
> + configz.InstallHandler(s.restfulCont)
> +
> ++ s.addMetricsBucketMatcher("debug")
> + handlePprofEndpoint := func(req *restful.Request, resp *restful.Response) {
> + name := strings.TrimPrefix(req.Request.URL.Path, pprofBasePath)
> + switch name {
> +@@ -459,7 +499,6 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + pprof.Index(resp, req.Request)
> + }
> + }
> +-
> + // Setup pprof handlers.
> + ws = new(restful.WebService).Path(pprofBasePath)
> + ws.Route(ws.GET("/{subpath:*}").To(func(req *restful.Request, resp *restful.Response) {
> +@@ -472,6 +511,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + s.restfulCont.Handle("/debug/flags/v", routes.StringFlagPutHandler(logs.GlogSetter))
> +
> + // The /runningpods endpoint is used for testing only.
> ++ s.addMetricsBucketMatcher("runningpods")
> + ws = new(restful.WebService)
> + ws.
> + Path("/runningpods/").
> +@@ -481,6 +521,7 @@ func (s *Server) InstallDebuggingHandlers(criHandler http.Handler) {
> + Operation("getRunningPods"))
> + s.restfulCont.Add(ws)
> +
> ++ s.addMetricsBucketMatcher("cri")
> + if criHandler != nil {
> + s.restfulCont.Handle("/cri/", criHandler)
> + }
> +@@ -492,6 +533,14 @@ func (s *Server) InstallDebuggingDisabledHandlers() {
> + http.Error(w, "Debug endpoints are disabled.", http.StatusMethodNotAllowed)
> + })
> +
> ++ s.addMetricsBucketMatcher("run")
> ++ s.addMetricsBucketMatcher("exec")
> ++ s.addMetricsBucketMatcher("attach")
> ++ s.addMetricsBucketMatcher("portForward")
> ++ s.addMetricsBucketMatcher("containerLogs")
> ++ s.addMetricsBucketMatcher("runningpods")
> ++ s.addMetricsBucketMatcher("pprof")
> ++ s.addMetricsBucketMatcher("logs")
> + paths := []string{
> + "/run/", "/exec/", "/attach/", "/portForward/", "/containerLogs/",
> + "/runningpods/", pprofBasePath, logsPath}
> +@@ -808,10 +857,10 @@ func (s *Server) getPortForward(request *restful.Request, response *restful.Resp
> + proxyStream(response.ResponseWriter, request.Request, url)
> + }
> +
> +-// trimURLPath trims a URL path.
> ++// getURLRootPath trims a URL path.
> + // For paths in the format of "/metrics/xxx", "metrics/xxx" is returned;
> + // For all other paths, the first part of the path is returned.
> +-func trimURLPath(path string) string {
> ++func getURLRootPath(path string) string {
> + parts := strings.SplitN(strings.TrimPrefix(path, "/"), "/", 3)
> + if len(parts) == 0 {
> + return path
> +@@ -859,7 +908,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, req *http.Request) {
> + serverType = "readwrite"
> + }
> +
> +- method, path := req.Method, trimURLPath(req.URL.Path)
> ++ method, path := req.Method, s.getMetricBucket(req.URL.Path)
> +
> + longRunning := strconv.FormatBool(isLongRunningRequest(path))
> +
> +diff --git a/src/import/pkg/kubelet/server/server_test.go b/src/import/pkg/kubelet/server/server_test.go
> +index eba788b50ea..5e6a1cc0588 100644
> +--- a/src/import/pkg/kubelet/server/server_test.go
> ++++ b/src/import/pkg/kubelet/server/server_test.go
> +@@ -1460,6 +1460,58 @@ func TestCRIHandler(t *testing.T) {
> + assert.Equal(t, query, fw.criHandler.RequestReceived.URL.RawQuery)
> + }
> +
> ++func TestMetricBuckets(t *testing.T) {
> ++ tests := map[string]struct {
> ++ url string
> ++ bucket string
> ++ }{
> ++ "healthz endpoint": {url: "/healthz", bucket: "healthz"},
> ++ "attach": {url: "/attach/podNamespace/podID/containerName", bucket: "attach"},
> ++ "attach with uid": {url: "/attach/podNamespace/podID/uid/containerName", bucket: "attach"},
> ++ "configz": {url: "/configz", bucket: "configz"},
> ++ "containerLogs": {url: "/containerLogs/podNamespace/podID/containerName", bucket: "containerLogs"},
> ++ "cri": {url: "/cri/", bucket: "cri"},
> ++ "cri with sub": {url: "/cri/foo", bucket: "cri"},
> ++ "debug v flags": {url: "/debug/flags/v", bucket: "debug"},
> ++ "pprof with sub": {url: "/debug/pprof/subpath", bucket: "debug"},
> ++ "exec": {url: "/exec/podNamespace/podID/containerName", bucket: "exec"},
> ++ "exec with uid": {url: "/exec/podNamespace/podID/uid/containerName", bucket: "exec"},
> ++ "healthz": {url: "/healthz/", bucket: "healthz"},
> ++ "healthz log sub": {url: "/healthz/log", bucket: "healthz"},
> ++ "healthz ping": {url: "/healthz/ping", bucket: "healthz"},
> ++ "healthz sync loop": {url: "/healthz/syncloop", bucket: "healthz"},
> ++ "logs": {url: "/logs/", bucket: "logs"},
> ++ "logs with path": {url: "/logs/logpath", bucket: "logs"},
> ++ "metrics": {url: "/metrics", bucket: "metrics"},
> ++ "metrics cadvisor sub": {url: "/metrics/cadvisor", bucket: "metrics/cadvisor"},
> ++ "metrics probes sub": {url: "/metrics/probes", bucket: "metrics/probes"},
> ++ "metrics resource v1alpha1": {url: "/metrics/resource/v1alpha1", bucket: "metrics/resource"},
> ++ "metrics resource sub": {url: "/metrics/resource", bucket: "metrics/resource"},
> ++ "pods": {url: "/pods/", bucket: "pods"},
> ++ "portForward": {url: "/portForward/podNamespace/podID", bucket: "portForward"},
> ++ "portForward with uid": {url: "/portForward/podNamespace/podID/uid", bucket: "portForward"},
> ++ "run": {url: "/run/podNamespace/podID/containerName", bucket: "run"},
> ++ "run with uid": {url: "/run/podNamespace/podID/uid/containerName", bucket: "run"},
> ++ "runningpods": {url: "/runningpods/", bucket: "runningpods"},
> ++ "spec": {url: "/spec/", bucket: "spec"},
> ++ "stats": {url: "/stats/", bucket: "stats"},
> ++ "stats container sub": {url: "/stats/container", bucket: "stats"},
> ++ "stats summary sub": {url: "/stats/summary", bucket: "stats"},
> ++ "stats containerName with uid": {url: "/stats/namespace/podName/uid/containerName", bucket: "stats"},
> ++ "stats containerName": {url: "/stats/podName/containerName", bucket: "stats"},
> ++ "invalid path": {url: "/junk", bucket: "Invalid path"},
> ++ "invalid path starting with good": {url: "/healthzjunk", bucket: "Invalid path"},
> ++ }
> ++ fw := newServerTest()
> ++ defer fw.testHTTPServer.Close()
> ++
> ++ for _, test := range tests {
> ++ path := test.url
> ++ bucket := test.bucket
> ++ require.Equal(t, fw.serverUnderTest.getMetricBucket(path), bucket)
> ++ }
> ++}
> ++
> + func TestDebuggingDisabledHandlers(t *testing.T) {
> + fw := newServerTestWithDebug(false, false, nil)
> + defer fw.testHTTPServer.Close()
> +@@ -1533,6 +1585,6 @@ func TestTrimURLPath(t *testing.T) {
> + }
> +
> + for _, test := range tests {
> +- assert.Equal(t, test.expected, trimURLPath(test.path), fmt.Sprintf("path is: %s", test.path))
> ++ assert.Equal(t, test.expected, getURLRootPath(test.path), fmt.Sprintf("path is: %s", test.path))
> + }
> + }
> +--
> +2.17.1
> +
> diff --git a/recipes-containers/kubernetes/kubernetes/0001-Add-new-endpoint-for-resource-metrics.patch b/recipes-containers/kubernetes/kubernetes/0001-Add-new-endpoint-for-resource-metrics.patch
> new file mode 100644
> index 0000000..82e5fc6
> --- /dev/null
> +++ b/recipes-containers/kubernetes/kubernetes/0001-Add-new-endpoint-for-resource-metrics.patch
> @@ -0,0 +1,440 @@
> +From 0db7074e1ad237af1a513bdf51160bf4b4cdc9f1 Mon Sep 17 00:00:00 2001
> +From: RainbowMango <renhongcai@huawei.com>
> +Date: Sun, 15 Dec 2019 17:06:13 +0800
> +Subject: [PATCH] Add new endpoint for resource metrics.
> +
> +This commit is required for context to fix CVE-2020-8551.
> +
> +Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/86282/commits/0db7074e1ad237af1a513bdf51160bf4b4cdc9f1]
> +CVE: CVE-2020-8551
> +
> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> +---
> + .../metrics/collectors/resource_metrics.go | 153 ++++++++++++++
> + .../collectors/resource_metrics_test.go | 189 ++++++++++++++++++
> + pkg/kubelet/server/auth_test.go | 1 +
> + pkg/kubelet/server/server.go | 23 ++-
> + 4 files changed, 358 insertions(+), 8 deletions(-)
> + create mode 100644 pkg/kubelet/metrics/collectors/resource_metrics.go
> + create mode 100644 pkg/kubelet/metrics/collectors/resource_metrics_test.go
> +
> +diff --git a/src/import/pkg/kubelet/metrics/collectors/resource_metrics.go b/src/import/pkg/kubelet/metrics/collectors/resource_metrics.go
> +new file mode 100644
> +index 00000000000..a3667127903
> +--- /dev/null
> ++++ b/src/import/pkg/kubelet/metrics/collectors/resource_metrics.go
> +@@ -0,0 +1,153 @@
> ++/*
> ++Copyright 2019 The Kubernetes Authors.
> ++
> ++Licensed under the Apache License, Version 2.0 (the "License");
> ++you may not use this file except in compliance with the License.
> ++You may obtain a copy of the License at
> ++
> ++ http://www.apache.org/licenses/LICENSE-2.0
> ++
> ++Unless required by applicable law or agreed to in writing, software
> ++distributed under the License is distributed on an "AS IS" BASIS,
> ++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> ++See the License for the specific language governing permissions and
> ++limitations under the License.
> ++*/
> ++
> ++package collectors
> ++
> ++import (
> ++ "time"
> ++
> ++ "k8s.io/component-base/metrics"
> ++ "k8s.io/klog"
> ++ summary "k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1"
> ++ "k8s.io/kubernetes/pkg/kubelet/server/stats"
> ++)
> ++
> ++var (
> ++ nodeCPUUsageDesc = metrics.NewDesc("node_cpu_usage_seconds",
> ++ "Cumulative cpu time consumed by the node in core-seconds",
> ++ nil,
> ++ nil,
> ++ metrics.ALPHA,
> ++ "")
> ++
> ++ nodeMemoryUsageDesc = metrics.NewDesc("node_memory_working_set_bytes",
> ++ "Current working set of the node in bytes",
> ++ nil,
> ++ nil,
> ++ metrics.ALPHA,
> ++ "")
> ++
> ++ containerCPUUsageDesc = metrics.NewDesc("container_cpu_usage_seconds",
> ++ "Cumulative cpu time consumed by the container in core-seconds",
> ++ []string{"container", "pod", "namespace"},
> ++ nil,
> ++ metrics.ALPHA,
> ++ "")
> ++
> ++ containerMemoryUsageDesc = metrics.NewDesc("container_memory_working_set_bytes",
> ++ "Current working set of the container in bytes",
> ++ []string{"container", "pod", "namespace"},
> ++ nil,
> ++ metrics.ALPHA,
> ++ "")
> ++
> ++ resouceScrapeResultDesc = metrics.NewDesc("scrape_error",
> ++ "1 if there was an error while getting container metrics, 0 otherwise",
> ++ nil,
> ++ nil,
> ++ metrics.ALPHA,
> ++ "")
> ++)
> ++
> ++// NewResourceMetricsCollector returns a metrics.StableCollector which exports resource metrics
> ++func NewResourceMetricsCollector(provider stats.SummaryProvider) metrics.StableCollector {
> ++ return &resourceMetricsCollector{
> ++ provider: provider,
> ++ }
> ++}
> ++
> ++type resourceMetricsCollector struct {
> ++ metrics.BaseStableCollector
> ++
> ++ provider stats.SummaryProvider
> ++}
> ++
> ++// Check if resourceMetricsCollector implements necessary interface
> ++var _ metrics.StableCollector = &resourceMetricsCollector{}
> ++
> ++// DescribeWithStability implements metrics.StableCollector
> ++func (rc *resourceMetricsCollector) DescribeWithStability(ch chan<- *metrics.Desc) {
> ++ ch <- nodeCPUUsageDesc
> ++ ch <- nodeMemoryUsageDesc
> ++ ch <- containerCPUUsageDesc
> ++ ch <- containerMemoryUsageDesc
> ++ ch <- resouceScrapeResultDesc
> ++}
> ++
> ++// CollectWithStability implements metrics.StableCollector
> ++// Since new containers are frequently created and removed, using the Gauge would
> ++// leak metric collectors for containers or pods that no longer exist. Instead, implement
> ++// custom collector in a way that only collects metrics for active containers.
> ++func (rc *resourceMetricsCollector) CollectWithStability(ch chan<- metrics.Metric) {
> ++ var errorCount float64
> ++ defer func() {
> ++ ch <- metrics.NewLazyConstMetric(resouceScrapeResultDesc, metrics.GaugeValue, errorCount)
> ++ }()
> ++ statsSummary, err := rc.provider.GetCPUAndMemoryStats()
> ++ if err != nil {
> ++ errorCount = 1
> ++ klog.Warningf("Error getting summary for resourceMetric prometheus endpoint: %v", err)
> ++ return
> ++ }
> ++
> ++ rc.collectNodeCPUMetrics(ch, statsSummary.Node)
> ++ rc.collectNodeMemoryMetrics(ch, statsSummary.Node)
> ++
> ++ for _, pod := range statsSummary.Pods {
> ++ for _, container := range pod.Containers {
> ++ rc.collectContainerCPUMetrics(ch, pod, container)
> ++ rc.collectContainerMemoryMetrics(ch, pod, container)
> ++ }
> ++ }
> ++}
> ++
> ++func (rc *resourceMetricsCollector) collectNodeCPUMetrics(ch chan<- metrics.Metric, s summary.NodeStats) {
> ++ if s.CPU == nil {
> ++ return
> ++ }
> ++
> ++ ch <- metrics.NewLazyMetricWithTimestamp(s.CPU.Time.Time,
> ++ metrics.NewLazyConstMetric(nodeCPUUsageDesc, metrics.GaugeValue, float64(*s.CPU.UsageCoreNanoSeconds)/float64(time.Second)))
> ++}
> ++
> ++func (rc *resourceMetricsCollector) collectNodeMemoryMetrics(ch chan<- metrics.Metric, s summary.NodeStats) {
> ++ if s.Memory == nil {
> ++ return
> ++ }
> ++
> ++ ch <- metrics.NewLazyMetricWithTimestamp(s.Memory.Time.Time,
> ++ metrics.NewLazyConstMetric(nodeMemoryUsageDesc, metrics.GaugeValue, float64(*s.Memory.WorkingSetBytes)))
> ++}
> ++
> ++func (rc *resourceMetricsCollector) collectContainerCPUMetrics(ch chan<- metrics.Metric, pod summary.PodStats, s summary.ContainerStats) {
> ++ if s.CPU == nil {
> ++ return
> ++ }
> ++
> ++ ch <- metrics.NewLazyMetricWithTimestamp(s.CPU.Time.Time,
> ++ metrics.NewLazyConstMetric(containerCPUUsageDesc, metrics.GaugeValue,
> ++ float64(*s.CPU.UsageCoreNanoSeconds)/float64(time.Second), s.Name, pod.PodRef.Name, pod.PodRef.Namespace))
> ++}
> ++
> ++func (rc *resourceMetricsCollector) collectContainerMemoryMetrics(ch chan<- metrics.Metric, pod summary.PodStats, s summary.ContainerStats) {
> ++ if s.Memory == nil {
> ++ return
> ++ }
> ++
> ++ ch <- metrics.NewLazyMetricWithTimestamp(s.Memory.Time.Time,
> ++ metrics.NewLazyConstMetric(containerMemoryUsageDesc, metrics.GaugeValue,
> ++ float64(*s.Memory.WorkingSetBytes), s.Name, pod.PodRef.Name, pod.PodRef.Namespace))
> ++}
> +diff --git a/src/import/pkg/kubelet/metrics/collectors/resource_metrics_test.go b/src/import/pkg/kubelet/metrics/collectors/resource_metrics_test.go
> +new file mode 100644
> +index 00000000000..b92aabbd675
> +--- /dev/null
> ++++ b/src/import/pkg/kubelet/metrics/collectors/resource_metrics_test.go
> +@@ -0,0 +1,189 @@
> ++/*
> ++Copyright 2019 The Kubernetes Authors.
> ++
> ++Licensed under the Apache License, Version 2.0 (the "License");
> ++you may not use this file except in compliance with the License.
> ++You may obtain a copy of the License at
> ++
> ++ http://www.apache.org/licenses/LICENSE-2.0
> ++
> ++Unless required by applicable law or agreed to in writing, software
> ++distributed under the License is distributed on an "AS IS" BASIS,
> ++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> ++See the License for the specific language governing permissions and
> ++limitations under the License.
> ++*/
> ++
> ++package collectors
> ++
> ++import (
> ++ "fmt"
> ++ "strings"
> ++ "testing"
> ++ "time"
> ++
> ++ "github.com/stretchr/testify/mock"
> ++
> ++ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
> ++ "k8s.io/component-base/metrics/testutil"
> ++ statsapi "k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1"
> ++)
> ++
> ++type mockSummaryProvider struct {
> ++ mock.Mock
> ++}
> ++
> ++func (m *mockSummaryProvider) Get(updateStats bool) (*statsapi.Summary, error) {
> ++ args := m.Called(updateStats)
> ++ return args.Get(0).(*statsapi.Summary), args.Error(1)
> ++}
> ++
> ++func (m *mockSummaryProvider) GetCPUAndMemoryStats() (*statsapi.Summary, error) {
> ++ args := m.Called()
> ++ return args.Get(0).(*statsapi.Summary), args.Error(1)
> ++}
> ++
> ++func TestCollectResourceMetrics(t *testing.T) {
> ++ testTime := metav1.NewTime(time.Unix(2, 0)) // a static timestamp: 2000
> ++ interestedMetrics := []string{
> ++ "scrape_error",
> ++ "node_cpu_usage_seconds",
> ++ "node_memory_working_set_bytes",
> ++ "container_cpu_usage_seconds",
> ++ "container_memory_working_set_bytes",
> ++ }
> ++
> ++ tests := []struct {
> ++ name string
> ++ summary *statsapi.Summary
> ++ summaryErr error
> ++ expectedMetrics string
> ++ }{
> ++ {
> ++ name: "error getting summary",
> ++ summary: nil,
> ++ summaryErr: fmt.Errorf("failed to get summary"),
> ++ expectedMetrics: `
> ++ # HELP scrape_error [ALPHA] 1 if there was an error while getting container metrics, 0 otherwise
> ++ # TYPE scrape_error gauge
> ++ scrape_error 1
> ++ `,
> ++ },
> ++ {
> ++ name: "arbitrary node metrics",
> ++ summary: &statsapi.Summary{
> ++ Node: statsapi.NodeStats{
> ++ CPU: &statsapi.CPUStats{
> ++ Time: testTime,
> ++ UsageCoreNanoSeconds: uint64Ptr(10000000000),
> ++ },
> ++ Memory: &statsapi.MemoryStats{
> ++ Time: testTime,
> ++ WorkingSetBytes: uint64Ptr(1000),
> ++ },
> ++ },
> ++ },
> ++ summaryErr: nil,
> ++ expectedMetrics: `
> ++ # HELP node_cpu_usage_seconds [ALPHA] Cumulative cpu time consumed by the node in core-seconds
> ++ # TYPE node_cpu_usage_seconds gauge
> ++ node_cpu_usage_seconds 10 2000
> ++ # HELP node_memory_working_set_bytes [ALPHA] Current working set of the node in bytes
> ++ # TYPE node_memory_working_set_bytes gauge
> ++ node_memory_working_set_bytes 1000 2000
> ++ # HELP scrape_error [ALPHA] 1 if there was an error while getting container metrics, 0 otherwise
> ++ # TYPE scrape_error gauge
> ++ scrape_error 0
> ++ `,
> ++ },
> ++ {
> ++ name: "arbitrary container metrics for different container, pods and namespaces",
> ++ summary: &statsapi.Summary{
> ++ Pods: []statsapi.PodStats{
> ++ {
> ++ PodRef: statsapi.PodReference{
> ++ Name: "pod_a",
> ++ Namespace: "namespace_a",
> ++ },
> ++ Containers: []statsapi.ContainerStats{
> ++ {
> ++ Name: "container_a",
> ++ CPU: &statsapi.CPUStats{
> ++ Time: testTime,
> ++ UsageCoreNanoSeconds: uint64Ptr(10000000000),
> ++ },
> ++ Memory: &statsapi.MemoryStats{
> ++ Time: testTime,
> ++ WorkingSetBytes: uint64Ptr(1000),
> ++ },
> ++ },
> ++ {
> ++ Name: "container_b",
> ++ CPU: &statsapi.CPUStats{
> ++ Time: testTime,
> ++ UsageCoreNanoSeconds: uint64Ptr(10000000000),
> ++ },
> ++ Memory: &statsapi.MemoryStats{
> ++ Time: testTime,
> ++ WorkingSetBytes: uint64Ptr(1000),
> ++ },
> ++ },
> ++ },
> ++ },
> ++ {
> ++ PodRef: statsapi.PodReference{
> ++ Name: "pod_b",
> ++ Namespace: "namespace_b",
> ++ },
> ++ Containers: []statsapi.ContainerStats{
> ++ {
> ++ Name: "container_a",
> ++ CPU: &statsapi.CPUStats{
> ++ Time: testTime,
> ++ UsageCoreNanoSeconds: uint64Ptr(10000000000),
> ++ },
> ++ Memory: &statsapi.MemoryStats{
> ++ Time: testTime,
> ++ WorkingSetBytes: uint64Ptr(1000),
> ++ },
> ++ },
> ++ },
> ++ },
> ++ },
> ++ },
> ++ summaryErr: nil,
> ++ expectedMetrics: `
> ++ # HELP scrape_error [ALPHA] 1 if there was an error while getting container metrics, 0 otherwise
> ++ # TYPE scrape_error gauge
> ++ scrape_error 0
> ++ # HELP container_cpu_usage_seconds [ALPHA] Cumulative cpu time consumed by the container in core-seconds
> ++ # TYPE container_cpu_usage_seconds gauge
> ++ container_cpu_usage_seconds{container="container_a",namespace="namespace_a",pod="pod_a"} 10 2000
> ++ container_cpu_usage_seconds{container="container_a",namespace="namespace_b",pod="pod_b"} 10 2000
> ++ container_cpu_usage_seconds{container="container_b",namespace="namespace_a",pod="pod_a"} 10 2000
> ++ # HELP container_memory_working_set_bytes [ALPHA] Current working set of the container in bytes
> ++ # TYPE container_memory_working_set_bytes gauge
> ++ container_memory_working_set_bytes{container="container_a",namespace="namespace_a",pod="pod_a"} 1000 2000
> ++ container_memory_working_set_bytes{container="container_a",namespace="namespace_b",pod="pod_b"} 1000 2000
> ++ container_memory_working_set_bytes{container="container_b",namespace="namespace_a",pod="pod_a"} 1000 2000
> ++ `,
> ++ },
> ++ }
> ++
> ++ for _, test := range tests {
> ++ tc := test
> ++ t.Run(tc.name, func(t *testing.T) {
> ++ provider := &mockSummaryProvider{}
> ++ provider.On("GetCPUAndMemoryStats").Return(tc.summary, tc.summaryErr)
> ++ collector := NewResourceMetricsCollector(provider)
> ++
> ++ if err := testutil.CustomCollectAndCompare(collector, strings.NewReader(tc.expectedMetrics), interestedMetrics...); err != nil {
> ++ t.Fatal(err)
> ++ }
> ++ })
> ++ }
> ++}
> ++
> ++func uint64Ptr(u uint64) *uint64 {
> ++ return &u
> ++}
> +diff --git a/src/import/pkg/kubelet/server/auth_test.go b/src/import/pkg/kubelet/server/auth_test.go
> +index d598bc3892b..638f3ba2bf0 100644
> +--- a/src/import/pkg/kubelet/server/auth_test.go
> ++++ b/src/import/pkg/kubelet/server/auth_test.go
> +@@ -128,6 +128,7 @@ func AuthzTestCases() []AuthzTestCase {
> + "/metrics/cadvisor": "metrics",
> + "/metrics/probes": "metrics",
> + "/metrics/resource/v1alpha1": "metrics",
> ++ "/metrics/resource": "metrics",
> + "/pods/": "proxy",
> + "/portForward/{podNamespace}/{podID}": "proxy",
> + "/portForward/{podNamespace}/{podID}/{uid}": "proxy",
> +diff --git a/src/import/pkg/kubelet/server/server.go b/src/import/pkg/kubelet/server/server.go
> +index 87f3bd28a25..74eeaf10171 100644
> +--- a/src/import/pkg/kubelet/server/server.go
> ++++ b/src/import/pkg/kubelet/server/server.go
> +@@ -38,6 +38,7 @@ import (
> + "github.com/google/cadvisor/metrics"
> + "google.golang.org/grpc"
> + "k8s.io/klog"
> ++ "k8s.io/kubernetes/pkg/kubelet/metrics/collectors"
> +
> + "k8s.io/api/core/v1"
> + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
> +@@ -74,13 +75,13 @@ import (
> + )
> +
> + const (
> +- metricsPath = "/metrics"
> +- cadvisorMetricsPath = "/metrics/cadvisor"
> +- resourceMetricsPathPrefix = "/metrics/resource"
> +- proberMetricsPath = "/metrics/probes"
> +- specPath = "/spec/"
> +- statsPath = "/stats/"
> +- logsPath = "/logs/"
> ++ metricsPath = "/metrics"
> ++ cadvisorMetricsPath = "/metrics/cadvisor"
> ++ resourceMetricsPath = "/metrics/resource"
> ++ proberMetricsPath = "/metrics/probes"
> ++ specPath = "/spec/"
> ++ statsPath = "/stats/"
> ++ logsPath = "/logs/"
> + )
> +
> + // Server is a http.Handler which exposes kubelet functionality over HTTP.
> +@@ -321,10 +322,16 @@ func (s *Server) InstallDefaultHandlers(enableCAdvisorJSONEndpoints bool) {
> +
> + v1alpha1ResourceRegistry := compbasemetrics.NewKubeRegistry()
> + v1alpha1ResourceRegistry.CustomMustRegister(stats.NewPrometheusResourceMetricCollector(s.resourceAnalyzer, v1alpha1.Config()))
> +- s.restfulCont.Handle(path.Join(resourceMetricsPathPrefix, v1alpha1.Version),
> ++ s.restfulCont.Handle(path.Join(resourceMetricsPath, v1alpha1.Version),
> + compbasemetrics.HandlerFor(v1alpha1ResourceRegistry, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
> + )
> +
> ++ resourceRegistry := compbasemetrics.NewKubeRegistry()
> ++ resourceRegistry.CustomMustRegister(collectors.NewResourceMetricsCollector(s.resourceAnalyzer))
> ++ s.restfulCont.Handle(resourceMetricsPath,
> ++ compbasemetrics.HandlerFor(resourceRegistry, compbasemetrics.HandlerOpts{ErrorHandling: compbasemetrics.ContinueOnError}),
> ++ )
> ++
> + // prober metrics are exposed under a different endpoint
> +
> + p := compbasemetrics.NewKubeRegistry()
> +--
> +2.20.1
> +
> diff --git a/recipes-containers/kubernetes/kubernetes/0001-Deal-with-auto-generated-files.patch b/recipes-containers/kubernetes/kubernetes/0001-Deal-with-auto-generated-files.patch
> new file mode 100644
> index 0000000..f7a5c7c
> --- /dev/null
> +++ b/recipes-containers/kubernetes/kubernetes/0001-Deal-with-auto-generated-files.patch
> @@ -0,0 +1,60 @@
> +From c394d821fdafd719619eb63fcd1065a95ec02ef9 Mon Sep 17 00:00:00 2001
> +From: RainbowMango <renhongcai@huawei.com>
> +Date: Sun, 15 Dec 2019 18:37:38 +0800
> +Subject: [PATCH] Deal with auto-generated files: - Update bazel by
> + hack/update-bazel.sh
> +
> +This commit is needed for context to fix CVE-2020-8551
> +
> +Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/86282/commits/c394d821fdafd719619eb63fcd1065a95ec02ef9]
> +CVE: CVE-2020-8551
> +
> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> +---
> + pkg/kubelet/metrics/collectors/BUILD | 3 +++
> + pkg/kubelet/server/BUILD | 1 +
> + 2 files changed, 4 insertions(+)
> +
> +diff --git a/src/import/pkg/kubelet/metrics/collectors/BUILD b/src/import/pkg/kubelet/metrics/collectors/BUILD
> +index 00bc335320f..25398793eab 100644
> +--- a/src/import/pkg/kubelet/metrics/collectors/BUILD
> ++++ b/src/import/pkg/kubelet/metrics/collectors/BUILD
> +@@ -4,6 +4,7 @@ go_library(
> + name = "go_default_library",
> + srcs = [
> + "log_metrics.go",
> ++ "resource_metrics.go",
> + "volume_stats.go",
> + ],
> + importpath = "k8s.io/kubernetes/pkg/kubelet/metrics/collectors",
> +@@ -22,6 +23,7 @@ go_test(
> + name = "go_default_test",
> + srcs = [
> + "log_metrics_test.go",
> ++ "resource_metrics_test.go",
> + "volume_stats_test.go",
> + ],
> + embed = [":go_default_library"],
> +@@ -30,6 +32,7 @@ go_test(
> + "//pkg/kubelet/server/stats/testing:go_default_library",
> + "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
> + "//staging/src/k8s.io/component-base/metrics/testutil:go_default_library",
> ++ "//vendor/github.com/stretchr/testify/mock:go_default_library",
> + ],
> + )
> +
> +diff --git a/src/import/pkg/kubelet/server/BUILD b/src/import/pkg/kubelet/server/BUILD
> +index d83619fcbe5..a18f1b5e83b 100644
> +--- a/src/import/pkg/kubelet/server/BUILD
> ++++ b/src/import/pkg/kubelet/server/BUILD
> +@@ -22,6 +22,7 @@ go_library(
> + "//pkg/kubelet/apis/podresources/v1alpha1:go_default_library",
> + "//pkg/kubelet/apis/resourcemetrics/v1alpha1:go_default_library",
> + "//pkg/kubelet/container:go_default_library",
> ++ "//pkg/kubelet/metrics/collectors:go_default_library",
> + "//pkg/kubelet/prober:go_default_library",
> + "//pkg/kubelet/server/metrics:go_default_library",
> + "//pkg/kubelet/server/portforward:go_default_library",
> +--
> +2.20.1
> +
> diff --git a/recipes-containers/kubernetes/kubernetes/0001-remove-client-label-from-apiserver-request-count-met.patch b/recipes-containers/kubernetes/kubernetes/0001-remove-client-label-from-apiserver-request-count-met.patch
> new file mode 100644
> index 0000000..d4bf783
> --- /dev/null
> +++ b/recipes-containers/kubernetes/kubernetes/0001-remove-client-label-from-apiserver-request-count-met.patch
> @@ -0,0 +1,171 @@
> +From a657089732c0bd5d4515fb9208182c31c6c05790 Mon Sep 17 00:00:00 2001
> +From: Han Kang <hankang@google.com>
> +Date: Wed, 29 Jan 2020 12:25:55 -0800
> +Subject: [PATCH] remove client label from apiserver request count metric since
> + it is unbounded
> +
> +Change-Id: I3a9eacebc9d9dc9ed6347260d9378cdcb5743431
> +
> +Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/87669/commits/cc3190968b1f14ddf4067abef849fc41bd6068dc]
> +CVE: CVE-2020-8552
> +
> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> +---
> + .../apiserver/pkg/endpoints/metrics/BUILD | 8 ---
> + .../pkg/endpoints/metrics/metrics.go | 23 ++------
> + .../pkg/endpoints/metrics/metrics_test.go | 54 -------------------
> + 3 files changed, 4 insertions(+), 81 deletions(-)
> + delete mode 100644 staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics_test.go
> +
> +diff --git a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD
> +index 8d13a34eadc..8abb3d1a611 100644
> +--- a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD
> ++++ b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD
> +@@ -3,13 +3,6 @@ package(default_visibility = ["//visibility:public"])
> + load(
> + "@io_bazel_rules_go//go:def.bzl",
> + "go_library",
> +- "go_test",
> +-)
> +-
> +-go_test(
> +- name = "go_default_test",
> +- srcs = ["metrics_test.go"],
> +- embed = [":go_default_library"],
> + )
> +
> + go_library(
> +@@ -20,7 +13,6 @@ go_library(
> + deps = [
> + "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/validation:go_default_library",
> + "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
> +- "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
> + "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
> + "//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
> + "//staging/src/k8s.io/apiserver/pkg/features:go_default_library",
> +diff --git a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go
> +index 36ff861da7a..81a9a2c5e6f 100644
> +--- a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go
> ++++ b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go
> +@@ -31,7 +31,6 @@ import (
> +
> + "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
> + "k8s.io/apimachinery/pkg/types"
> +- utilnet "k8s.io/apimachinery/pkg/util/net"
> + utilsets "k8s.io/apimachinery/pkg/util/sets"
> + "k8s.io/apiserver/pkg/endpoints/request"
> + "k8s.io/apiserver/pkg/features"
> +@@ -65,14 +64,14 @@ var (
> + requestCounter = compbasemetrics.NewCounterVec(
> + &compbasemetrics.CounterOpts{
> + Name: "apiserver_request_total",
> +- Help: "Counter of apiserver requests broken out for each verb, dry run value, group, version, resource, scope, component, client, and HTTP response contentType and code.",
> ++ Help: "Counter of apiserver requests broken out for each verb, dry run value, group, version, resource, scope, component, and HTTP response contentType and code.",
> + StabilityLevel: compbasemetrics.ALPHA,
> + },
> + // The label_name contentType doesn't follow the label_name convention defined here:
> + // https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/instrumentation.md
> + // But changing it would break backwards compatibility. Future label_names
> + // should be all lowercase and separated by underscores.
> +- []string{"verb", "dry_run", "group", "version", "resource", "subresource", "scope", "component", "client", "contentType", "code"},
> ++ []string{"verb", "dry_run", "group", "version", "resource", "subresource", "scope", "component", "contentType", "code"},
> + )
> + deprecatedRequestCounter = compbasemetrics.NewCounterVec(
> + &compbasemetrics.CounterOpts{
> +@@ -301,11 +300,10 @@ func RecordLongRunning(req *http.Request, requestInfo *request.RequestInfo, comp
> + func MonitorRequest(req *http.Request, verb, group, version, resource, subresource, scope, component, contentType string, httpCode, respSize int, elapsed time.Duration) {
> + reportedVerb := cleanVerb(verb, req)
> + dryRun := cleanDryRun(req.URL)
> +- client := cleanUserAgent(utilnet.GetHTTPClient(req))
> + elapsedMicroseconds := float64(elapsed / time.Microsecond)
> + elapsedSeconds := elapsed.Seconds()
> +- requestCounter.WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component, client, contentType, codeToString(httpCode)).Inc()
> +- deprecatedRequestCounter.WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component, client, contentType, codeToString(httpCode)).Inc()
> ++ requestCounter.WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component, contentType, codeToString(httpCode)).Inc()
> ++ deprecatedRequestCounter.WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component, contentType, codeToString(httpCode)).Inc()
> + requestLatencies.WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component).Observe(elapsedSeconds)
> + deprecatedRequestLatencies.WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component).Observe(elapsedMicroseconds)
> + deprecatedRequestLatenciesSummary.WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component).Observe(elapsedMicroseconds)
> +@@ -425,19 +423,6 @@ func cleanDryRun(u *url.URL) string {
> + return strings.Join(utilsets.NewString(dryRun...).List(), ",")
> + }
> +
> +-func cleanUserAgent(ua string) string {
> +- // We collapse all "web browser"-type user agents into one "browser" to reduce metric cardinality.
> +- if strings.HasPrefix(ua, "Mozilla/") {
> +- return "Browser"
> +- }
> +- // If an old "kubectl.exe" has passed us its full path, we discard the path portion.
> +- if kubectlExeRegexp.MatchString(ua) {
> +- // avoid an allocation
> +- ua = kubectlExeRegexp.ReplaceAllString(ua, "$1")
> +- }
> +- return ua
> +-}
> +-
> + // ResponseWriterDelegator interface wraps http.ResponseWriter to additionally record content-length, status-code, etc.
> + type ResponseWriterDelegator struct {
> + http.ResponseWriter
> +diff --git a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics_test.go b/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics_test.go
> +deleted file mode 100644
> +index 4c0a8aa5d27..00000000000
> +--- a/src/import/staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics_test.go
> ++++ /dev/null
> +@@ -1,54 +0,0 @@
> +-/*
> +-Copyright 2015 The Kubernetes Authors.
> +-
> +-Licensed under the Apache License, Version 2.0 (the "License");
> +-you may not use this file except in compliance with the License.
> +-You may obtain a copy of the License at
> +-
> +- http://www.apache.org/licenses/LICENSE-2.0
> +-
> +-Unless required by applicable law or agreed to in writing, software
> +-distributed under the License is distributed on an "AS IS" BASIS,
> +-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +-See the License for the specific language governing permissions and
> +-limitations under the License.
> +-*/
> +-
> +-package metrics
> +-
> +-import "testing"
> +-
> +-func TestCleanUserAgent(t *testing.T) {
> +- panicBuf := []byte{198, 73, 129, 133, 90, 216, 104, 29, 13, 134, 209, 233, 30, 0, 22}
> +-
> +- for _, tc := range []struct {
> +- In string
> +- Out string
> +- }{
> +- {
> +- In: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36",
> +- Out: "Browser",
> +- },
> +- {
> +- In: "kubectl/v1.2.4",
> +- Out: "kubectl/v1.2.4",
> +- },
> +- {
> +- In: `C:\Users\Kubernetes\kubectl.exe/v1.5.4`,
> +- Out: "kubectl.exe/v1.5.4",
> +- },
> +- {
> +- In: `C:\Program Files\kubectl.exe/v1.5.4`,
> +- Out: "kubectl.exe/v1.5.4",
> +- },
> +- {
> +- // This malicious input courtesy of enisoc.
> +- In: string(panicBuf) + "kubectl.exe",
> +- Out: "kubectl.exe",
> +- },
> +- } {
> +- if cleanUserAgent(tc.In) != tc.Out {
> +- t.Errorf("Failed to clean User-Agent: %s", tc.In)
> +- }
> +- }
> +-}
> +--
> +2.17.1
> +
> diff --git a/recipes-containers/kubernetes/kubernetes/0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch b/recipes-containers/kubernetes/kubernetes/0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch
> new file mode 100644
> index 0000000..2688797
> --- /dev/null
> +++ b/recipes-containers/kubernetes/kubernetes/0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch
> @@ -0,0 +1,825 @@
> +From a290fe55cb2f4593eb4ec5bf410cd77b9d925464 Mon Sep 17 00:00:00 2001
> +From: CJ Cullen <cjcullen@google.com>
> +Date: Wed, 22 Jan 2020 11:32:39 -0800
> +Subject: [PATCH] update gopkg.in/yaml.v2 to v2.2.8
> +
> +Upstream Status: Backport [https://github.com/kubernetes/kubernetes/pull/87637/commits/a290fe55cb2f4593eb4ec5bf410cd77b9d925464]
> +CVE: CVE-2019-11254
> +
> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> +---
> + go.mod | 4 +-
> + go.sum | 4 +-
> + staging/src/k8s.io/api/go.sum | 4 +-
> + .../src/k8s.io/apiextensions-apiserver/go.mod | 2 +-
> + .../src/k8s.io/apiextensions-apiserver/go.sum | 2 +
> + staging/src/k8s.io/apimachinery/go.mod | 2 +-
> + staging/src/k8s.io/apimachinery/go.sum | 4 +-
> + staging/src/k8s.io/apiserver/go.mod | 2 +-
> + staging/src/k8s.io/apiserver/go.sum | 4 +-
> + staging/src/k8s.io/cli-runtime/go.sum | 4 +-
> + staging/src/k8s.io/client-go/go.sum | 4 +-
> + staging/src/k8s.io/cloud-provider/go.sum | 4 +-
> + staging/src/k8s.io/cluster-bootstrap/go.sum | 4 +-
> + staging/src/k8s.io/code-generator/go.mod | 2 +-
> + staging/src/k8s.io/code-generator/go.sum | 4 +-
> + staging/src/k8s.io/component-base/go.sum | 4 +-
> + staging/src/k8s.io/cri-api/go.mod | 2 +-
> + staging/src/k8s.io/cri-api/go.sum | 4 +-
> + staging/src/k8s.io/csi-translation-lib/go.sum | 4 +-
> + staging/src/k8s.io/kube-aggregator/go.sum | 4 +-
> + .../src/k8s.io/kube-controller-manager/go.sum | 4 +-
> + staging/src/k8s.io/kube-proxy/go.sum | 4 +-
> + staging/src/k8s.io/kube-scheduler/go.sum | 4 +-
> + staging/src/k8s.io/kubectl/go.mod | 2 +-
> + staging/src/k8s.io/kubectl/go.sum | 4 +-
> + staging/src/k8s.io/kubelet/go.sum | 4 +-
> + .../src/k8s.io/legacy-cloud-providers/go.sum | 4 +-
> + staging/src/k8s.io/metrics/go.sum | 4 +-
> + staging/src/k8s.io/node-api/go.sum | 4 +-
> + staging/src/k8s.io/sample-apiserver/go.sum | 4 +-
> + staging/src/k8s.io/sample-cli-plugin/go.sum | 4 +-
> + staging/src/k8s.io/sample-controller/go.sum | 4 +-
> + vendor/gopkg.in/yaml.v2/.travis.yml | 18 +--
> + vendor/gopkg.in/yaml.v2/decode.go | 14 ++-
> + vendor/gopkg.in/yaml.v2/scannerc.go | 107 +++++++++---------
> + vendor/gopkg.in/yaml.v2/yaml.go | 2 +-
> + vendor/gopkg.in/yaml.v2/yamlh.go | 1 +
> + vendor/modules.txt | 2 +-
> + 38 files changed, 133 insertions(+), 125 deletions(-)
> +
> +diff --git a/src/import/go.mod b/src/import/go.mod
> +index 7d515c2ffb0..28de082aa0d 100644
> +--- a/src/import/go.mod
> ++++ b/src/import/go.mod
> +@@ -131,7 +131,7 @@ require (
> + google.golang.org/grpc v1.23.1
> + gopkg.in/gcfg.v1 v1.2.0
> + gopkg.in/square/go-jose.v2 v2.2.2
> +- gopkg.in/yaml.v2 v2.2.4
> ++ gopkg.in/yaml.v2 v2.2.8
> + gotest.tools v2.2.0+incompatible
> + gotest.tools/gotestsum v0.3.5
> + honnef.co/go/tools v0.0.1-2019.2.2
> +@@ -518,7 +518,7 @@ replace (
> + gopkg.in/square/go-jose.v2 => gopkg.in/square/go-jose.v2 v2.2.2
> + gopkg.in/tomb.v1 => gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
> + gopkg.in/warnings.v0 => gopkg.in/warnings.v0 v0.1.1
> +- gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.2.4
> ++ gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.2.8
> + gotest.tools => gotest.tools v2.2.0+incompatible
> + gotest.tools/gotestsum => gotest.tools/gotestsum v0.3.5
> + grpc.go4.org => grpc.go4.org v0.0.0-20170609214715-11d0a25b4919
> +diff --git a/src/import/go.sum b/src/import/go.sum
> +index 72d79cb27b2..43aaee0e578 100644
> +--- a/src/import/go.sum
> ++++ b/src/import/go.sum
> +@@ -574,8 +574,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkep
> + gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
> + gopkg.in/warnings.v0 v0.1.1 h1:XM28wIgFzaBmeZ5dNHIpWLQpt/9DGKxk+rCg/22nnYE=
> + gopkg.in/warnings.v0 v0.1.1/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
> + gotest.tools/gotestsum v0.3.5 h1:VePOWRsuWFYpfp/G8mbmOZKxO5T3501SEGQRUdvq7h0=
> +diff --git a/src/import/staging/src/k8s.io/api/go.sum b/src/importsrc/import/staging/src/k8s.io/api/go.sum
> +index 08ad9edc62a..73199a7c13e 100644
> +--- a/src/import/staging/src/k8s.io/api/go.sum
> ++++ b/src/import/staging/src/k8s.io/api/go.sum
> +@@ -95,8 +95,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
> + gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> + k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
> + k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
> +diff --git a/src/import/staging/src/k8s.io/apiextensions-apiserver/go.mod b/src/importsrc/import/staging/src/k8s.io/apiextensions-apiserver/go.mod
> +index 97014a76a68..499daf4ffa7 100644
> +--- a/src/import/staging/src/k8s.io/apiextensions-apiserver/go.mod
> ++++ b/src/import/staging/src/k8s.io/apiextensions-apiserver/go.mod
> +@@ -20,7 +20,7 @@ require (
> + github.com/stretchr/testify v1.4.0
> + go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738
> + google.golang.org/grpc v1.23.1
> +- gopkg.in/yaml.v2 v2.2.4
> ++ gopkg.in/yaml.v2 v2.2.8
> + k8s.io/api v0.0.0
> + k8s.io/apimachinery v0.0.0
> + k8s.io/apiserver v0.0.0
> +diff --git a/src/import/staging/src/k8s.io/apiextensions-apiserver/go.sum b/src/importstaging/src/k8s.io/apiextensions-apiserver/go.sum
> +index 6f8bd4918ce..ef6973e4220 100644
> +--- a/src/import/staging/src/k8s.io/apiextensions-apiserver/go.sum
> ++++ b/src/import/staging/src/k8s.io/apiextensions-apiserver/go.sum
> +@@ -449,6 +449,8 @@ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> + gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> +diff --git a/src/import/staging/src/k8s.io/apimachinery/go.mod b/src/importstaging/src/k8s.io/apimachinery/go.mod
> +index 85bd7edfc84..569aa8941c4 100644
> +--- a/src/import/staging/src/k8s.io/apimachinery/go.mod
> ++++ b/src/import/staging/src/k8s.io/apimachinery/go.mod
> +@@ -30,7 +30,7 @@ require (
> + golang.org/x/text v0.3.2 // indirect
> + gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
> + gopkg.in/inf.v0 v0.9.1
> +- gopkg.in/yaml.v2 v2.2.4
> ++ gopkg.in/yaml.v2 v2.2.8
> + k8s.io/klog v1.0.0
> + k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a
> + sigs.k8s.io/yaml v1.1.0
> +diff --git a/src/import/staging/src/k8s.io/apimachinery/go.sum b/src/importstaging/src/k8s.io/apimachinery/go.sum
> +index 52ad8335f42..0741a85da3f 100644
> +--- a/src/import/staging/src/k8s.io/apimachinery/go.sum
> ++++ b/src/import/staging/src/k8s.io/apimachinery/go.sum
> +@@ -111,8 +111,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
> + gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> + k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
> + k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
> +diff --git a/src/import/staging/src/k8s.io/apiserver/go.mod b/src/importstaging/src/k8s.io/apiserver/go.mod
> +index 01b925bab48..6586e6680cb 100644
> +--- a/src/import/staging/src/k8s.io/apiserver/go.mod
> ++++ b/src/import/staging/src/k8s.io/apiserver/go.mod
> +@@ -42,7 +42,7 @@ require (
> + google.golang.org/grpc v1.23.1
> + gopkg.in/natefinch/lumberjack.v2 v2.0.0
> + gopkg.in/square/go-jose.v2 v2.2.2
> +- gopkg.in/yaml.v2 v2.2.4
> ++ gopkg.in/yaml.v2 v2.2.8
> + gotest.tools v2.2.0+incompatible // indirect
> + k8s.io/api v0.0.0
> + k8s.io/apimachinery v0.0.0
> +diff --git a/src/import/staging/src/k8s.io/apiserver/go.sum b/src/importstaging/src/k8s.io/apiserver/go.sum
> +index a9014243b34..0b216e592e4 100644
> +--- a/src/import/staging/src/k8s.io/apiserver/go.sum
> ++++ b/src/import/staging/src/k8s.io/apiserver/go.sum
> +@@ -345,8 +345,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> +diff --git a/src/import/staging/src/k8s.io/cli-runtime/go.sum b/src/importstaging/src/k8s.io/cli-runtime/go.sum
> +index a5eef73070b..c6c2d0d9231 100644
> +--- a/src/import/staging/src/k8s.io/cli-runtime/go.sum
> ++++ b/src/import/staging/src/k8s.io/cli-runtime/go.sum
> +@@ -234,8 +234,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/client-go/go.sum b/src/importstaging/src/k8s.io/client-go/go.sum
> +index d0df7473b3e..f8f205a69d7 100644
> +--- a/src/import/staging/src/k8s.io/client-go/go.sum
> ++++ b/src/import/staging/src/k8s.io/client-go/go.sum
> +@@ -189,8 +189,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/cloud-provider/go.sum b/src/importstaging/src/k8s.io/cloud-provider/go.sum
> +index 8ccf452dc8d..74228199881 100644
> +--- a/src/import/staging/src/k8s.io/cloud-provider/go.sum
> ++++ b/src/import/staging/src/k8s.io/cloud-provider/go.sum
> +@@ -171,8 +171,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/cluster-bootstrap/go.sum b/src/importstaging/src/k8s.io/cluster-bootstrap/go.sum
> +index 8d81d0563ea..4c58905c7d8 100644
> +--- a/src/import/staging/src/k8s.io/cluster-bootstrap/go.sum
> ++++ b/src/import/staging/src/k8s.io/cluster-bootstrap/go.sum
> +@@ -99,8 +99,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
> + gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> + k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
> + k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
> +diff --git a/src/import/staging/src/k8s.io/code-generator/go.mod b/src/importstaging/src/k8s.io/code-generator/go.mod
> +index 69a9e1cd9f2..2436804e8f0 100644
> +--- a/src/import/staging/src/k8s.io/code-generator/go.mod
> ++++ b/src/import/staging/src/k8s.io/code-generator/go.mod
> +@@ -18,7 +18,7 @@ require (
> + golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72 // indirect
> + gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485
> + gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e // indirect
> +- gopkg.in/yaml.v2 v2.2.4 // indirect
> ++ gopkg.in/yaml.v2 v2.2.8 // indirect
> + k8s.io/gengo v0.0.0-20190822140433-26a664648505
> + k8s.io/klog v1.0.0
> + k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a
> +diff --git a/src/import/staging/src/k8s.io/code-generator/go.sum b/src/importstaging/src/k8s.io/code-generator/go.sum
> +index 7bab2c9efd3..afc21aae562 100644
> +--- a/src/import/staging/src/k8s.io/code-generator/go.sum
> ++++ b/src/import/staging/src/k8s.io/code-generator/go.sum
> +@@ -114,8 +114,8 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> + k8s.io/gengo v0.0.0-20190822140433-26a664648505 h1:ZY6yclUKVbZ+SdWnkfY+Je5vrMpKOxmGeKRbsXVmqYM=
> +diff --git a/src/import/staging/src/k8s.io/component-base/go.sum b/src/importstaging/src/k8s.io/component-base/go.sum
> +index b6af501ac2e..6c54e8b74e0 100644
> +--- a/src/import/staging/src/k8s.io/component-base/go.sum
> ++++ b/src/import/staging/src/k8s.io/component-base/go.sum
> +@@ -210,8 +210,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/cri-api/go.mod b/src/importstaging/src/k8s.io/cri-api/go.mod
> +index de2050e54af..4f8315dcfcc 100644
> +--- a/src/import/staging/src/k8s.io/cri-api/go.mod
> ++++ b/src/import/staging/src/k8s.io/cri-api/go.mod
> +@@ -16,7 +16,7 @@ require (
> + google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873 // indirect
> + google.golang.org/grpc v1.23.1
> + gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
> +- gopkg.in/yaml.v2 v2.2.4 // indirect
> ++ gopkg.in/yaml.v2 v2.2.8 // indirect
> + )
> +
> + replace (
> +diff --git a/src/import/staging/src/k8s.io/cri-api/go.sum b/src/importstaging/src/k8s.io/cri-api/go.sum
> +index 880169cf1dc..5340741af79 100644
> +--- a/src/import/staging/src/k8s.io/cri-api/go.sum
> ++++ b/src/import/staging/src/k8s.io/cri-api/go.sum
> +@@ -59,7 +59,7 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
> + gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
> + gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> +diff --git a/src/import/staging/src/k8s.io/csi-translation-lib/go.sum b/src/importstaging/src/k8s.io/csi-translation-lib/go.sum
> +index 2cb7a51b2a4..f918afd9078 100644
> +--- a/src/import/staging/src/k8s.io/csi-translation-lib/go.sum
> ++++ b/src/import/staging/src/k8s.io/csi-translation-lib/go.sum
> +@@ -154,8 +154,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/kube-aggregator/go.sum b/src/importstaging/src/k8s.io/kube-aggregator/go.sum
> +index bfcd7b4aa8a..d29c2136442 100644
> +--- a/src/import/staging/src/k8s.io/kube-aggregator/go.sum
> ++++ b/src/import/staging/src/k8s.io/kube-aggregator/go.sum
> +@@ -378,8 +378,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> +diff --git a/src/import/staging/src/k8s.io/kube-controller-manager/go.sum b/src/importstaging/src/k8s.io/kube-controller-manager/go.sum
> +index 5303a3606b3..b238ae9cbbb 100644
> +--- a/src/import/staging/src/k8s.io/kube-controller-manager/go.sum
> ++++ b/src/import/staging/src/k8s.io/kube-controller-manager/go.sum
> +@@ -184,8 +184,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/kube-proxy/go.sum b/src/importstaging/src/k8s.io/kube-proxy/go.sum
> +index 5303a3606b3..b238ae9cbbb 100644
> +--- a/src/import/staging/src/k8s.io/kube-proxy/go.sum
> ++++ b/src/import/staging/src/k8s.io/kube-proxy/go.sum
> +@@ -184,8 +184,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/kube-scheduler/go.sum b/src/importstaging/src/k8s.io/kube-scheduler/go.sum
> +index 5303a3606b3..b238ae9cbbb 100644
> +--- a/src/import/staging/src/k8s.io/kube-scheduler/go.sum
> ++++ b/src/import/staging/src/k8s.io/kube-scheduler/go.sum
> +@@ -184,8 +184,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/kubectl/go.mod b/src/importstaging/src/k8s.io/kubectl/go.mod
> +index e0111ac16bf..c646296ebb1 100644
> +--- a/src/import/staging/src/k8s.io/kubectl/go.mod
> ++++ b/src/import/staging/src/k8s.io/kubectl/go.mod
> +@@ -34,7 +34,7 @@ require (
> + github.com/stretchr/testify v1.4.0
> + github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1 // indirect
> + golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456
> +- gopkg.in/yaml.v2 v2.2.4
> ++ gopkg.in/yaml.v2 v2.2.8
> + gotest.tools v2.2.0+incompatible // indirect
> + k8s.io/api v0.0.0
> + k8s.io/apimachinery v0.0.0
> +diff --git a/src/import/staging/src/k8s.io/kubectl/go.sum b/src/importstaging/src/k8s.io/kubectl/go.sum
> +index 95ba529852c..1db9943f53c 100644
> +--- a/src/import/staging/src/k8s.io/kubectl/go.sum
> ++++ b/src/import/staging/src/k8s.io/kubectl/go.sum
> +@@ -317,8 +317,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> +diff --git a/src/import/staging/src/k8s.io/kubelet/go.sum b/src/importstaging/src/k8s.io/kubelet/go.sum
> +index f42a61078c9..57a0c633583 100644
> +--- a/src/import/staging/src/k8s.io/kubelet/go.sum
> ++++ b/src/import/staging/src/k8s.io/kubelet/go.sum
> +@@ -119,8 +119,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
> + gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/legacy-cloud-providers/go.sum b/src/importstaging/src/k8s.io/legacy-cloud-providers/go.sum
> +index 99f76dac0cc..9e990dff888 100644
> +--- a/src/import/staging/src/k8s.io/legacy-cloud-providers/go.sum
> ++++ b/src/import/staging/src/k8s.io/legacy-cloud-providers/go.sum
> +@@ -340,8 +340,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> +diff --git a/src/import/staging/src/k8s.io/metrics/go.sum b/src/importstaging/src/k8s.io/metrics/go.sum
> +index 99df273ff9e..d9b2c94fdbe 100644
> +--- a/src/import/staging/src/k8s.io/metrics/go.sum
> ++++ b/src/import/staging/src/k8s.io/metrics/go.sum
> +@@ -211,8 +211,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk=
> +diff --git a/src/import/staging/src/k8s.io/node-api/go.sum b/src/importstaging/src/k8s.io/node-api/go.sum
> +index 77f0a21fa7d..1cb50186d99 100644
> +--- a/src/import/staging/src/k8s.io/node-api/go.sum
> ++++ b/src/import/staging/src/k8s.io/node-api/go.sum
> +@@ -215,8 +215,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk=
> +diff --git a/src/import/staging/src/k8s.io/sample-apiserver/go.sum b/src/importstaging/src/k8s.io/sample-apiserver/go.sum
> +index 3ea72ac63e9..236ee4b1e88 100644
> +--- a/src/import/staging/src/k8s.io/sample-apiserver/go.sum
> ++++ b/src/import/staging/src/k8s.io/sample-apiserver/go.sum
> +@@ -375,8 +375,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> +diff --git a/src/import/staging/src/k8s.io/sample-cli-plugin/go.sum b/src/importstaging/src/k8s.io/sample-cli-plugin/go.sum
> +index a5eef73070b..c6c2d0d9231 100644
> +--- a/src/import/staging/src/k8s.io/sample-cli-plugin/go.sum
> ++++ b/src/import/staging/src/k8s.io/sample-cli-plugin/go.sum
> +@@ -234,8 +234,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
> +diff --git a/src/import/staging/src/k8s.io/sample-controller/go.sum b/src/importstaging/src/k8s.io/sample-controller/go.sum
> +index 55fa85acf16..3b18f34b5a6 100644
> +--- a/src/import/staging/src/k8s.io/sample-controller/go.sum
> ++++ b/src/import/staging/src/k8s.io/sample-controller/go.sum
> +@@ -216,8 +216,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
> + gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
> + gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> +-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
> +-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> ++gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
> ++gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
> + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
> + k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6 h1:4s3/R4+OYYYUKptXPhZKjQ04WJ6EhQQVFdjOFvCazDk=
> +diff --git a/src/import/vendor/gopkg.in/yaml.v2/.travis.yml b/src/importvendor/gopkg.in/yaml.v2/.travis.yml
> +index 9f556934d8b..055480b9ef8 100644
> +--- a/src/import/vendor/gopkg.in/yaml.v2/.travis.yml
> ++++ b/src/import/vendor/gopkg.in/yaml.v2/.travis.yml
> +@@ -1,12 +1,16 @@
> + language: go
> +
> + go:
> +- - 1.4
> +- - 1.5
> +- - 1.6
> +- - 1.7
> +- - 1.8
> +- - 1.9
> +- - tip
> ++ - "1.4.x"
> ++ - "1.5.x"
> ++ - "1.6.x"
> ++ - "1.7.x"
> ++ - "1.8.x"
> ++ - "1.9.x"
> ++ - "1.10.x"
> ++ - "1.11.x"
> ++ - "1.12.x"
> ++ - "1.13.x"
> ++ - "tip"
> +
> + go_import_path: gopkg.in/yaml.v2
> +diff --git a/src/import/vendor/gopkg.in/yaml.v2/decode.go b/src/importvendor/gopkg.in/yaml.v2/decode.go
> +index 53108765555..129bc2a97d3 100644
> +--- a/src/import/vendor/gopkg.in/yaml.v2/decode.go
> ++++ b/src/import/vendor/gopkg.in/yaml.v2/decode.go
> +@@ -319,10 +319,14 @@ func (d *decoder) prepare(n *node, out reflect.Value) (newout reflect.Value, unm
> + }
> +
> + const (
> +- // 400,000 decode operations is ~500kb of dense object declarations, or ~5kb of dense object declarations with 10000% alias expansion
> ++ // 400,000 decode operations is ~500kb of dense object declarations, or
> ++ // ~5kb of dense object declarations with 10000% alias expansion
> + alias_ratio_range_low = 400000
> +- // 4,000,000 decode operations is ~5MB of dense object declarations, or ~4.5MB of dense object declarations with 10% alias expansion
> ++
> ++ // 4,000,000 decode operations is ~5MB of dense object declarations, or
> ++ // ~4.5MB of dense object declarations with 10% alias expansion
> + alias_ratio_range_high = 4000000
> ++
> + // alias_ratio_range is the range over which we scale allowed alias ratios
> + alias_ratio_range = float64(alias_ratio_range_high - alias_ratio_range_low)
> + )
> +@@ -784,8 +788,7 @@ func (d *decoder) merge(n *node, out reflect.Value) {
> + case mappingNode:
> + d.unmarshal(n, out)
> + case aliasNode:
> +- an, ok := d.doc.anchors[n.value]
> +- if ok && an.kind != mappingNode {
> ++ if n.alias != nil && n.alias.kind != mappingNode {
> + failWantMap()
> + }
> + d.unmarshal(n, out)
> +@@ -794,8 +797,7 @@ func (d *decoder) merge(n *node, out reflect.Value) {
> + for i := len(n.children) - 1; i >= 0; i-- {
> + ni := n.children[i]
> + if ni.kind == aliasNode {
> +- an, ok := d.doc.anchors[ni.value]
> +- if ok && an.kind != mappingNode {
> ++ if ni.alias != nil && ni.alias.kind != mappingNode {
> + failWantMap()
> + }
> + } else if ni.kind != mappingNode {
> +diff --git a/src/import/vendor/gopkg.in/yaml.v2/scannerc.go b/src/importvendor/gopkg.in/yaml.v2/scannerc.go
> +index 570b8ecd10f..0b9bb6030a0 100644
> +--- a/src/import/vendor/gopkg.in/yaml.v2/scannerc.go
> ++++ b/src/import/vendor/gopkg.in/yaml.v2/scannerc.go
> +@@ -626,31 +626,18 @@ func trace(args ...interface{}) func() {
> + func yaml_parser_fetch_more_tokens(parser *yaml_parser_t) bool {
> + // While we need more tokens to fetch, do it.
> + for {
> +- // Check if we really need to fetch more tokens.
> +- need_more_tokens := false
> +-
> +- if parser.tokens_head == len(parser.tokens) {
> +- // Queue is empty.
> +- need_more_tokens = true
> +- } else {
> +- // Check if any potential simple key may occupy the head position.
> +- if !yaml_parser_stale_simple_keys(parser) {
> ++ if parser.tokens_head != len(parser.tokens) {
> ++ // If queue is non-empty, check if any potential simple key may
> ++ // occupy the head position.
> ++ head_tok_idx, ok := parser.simple_keys_by_tok[parser.tokens_parsed]
> ++ if !ok {
> ++ break
> ++ } else if valid, ok := yaml_simple_key_is_valid(parser, &parser.simple_keys[head_tok_idx]); !ok {
> + return false
> +- }
> +-
> +- for i := range parser.simple_keys {
> +- simple_key := &parser.simple_keys[i]
> +- if simple_key.possible && simple_key.token_number == parser.tokens_parsed {
> +- need_more_tokens = true
> +- break
> +- }
> ++ } else if !valid {
> ++ break
> + }
> + }
> +-
> +- // We are finished.
> +- if !need_more_tokens {
> +- break
> +- }
> + // Fetch the next token.
> + if !yaml_parser_fetch_next_token(parser) {
> + return false
> +@@ -678,11 +665,6 @@ func yaml_parser_fetch_next_token(parser *yaml_parser_t) bool {
> + return false
> + }
> +
> +- // Remove obsolete potential simple keys.
> +- if !yaml_parser_stale_simple_keys(parser) {
> +- return false
> +- }
> +-
> + // Check the indentation level against the current column.
> + if !yaml_parser_unroll_indent(parser, parser.mark.column) {
> + return false
> +@@ -837,29 +819,30 @@ func yaml_parser_fetch_next_token(parser *yaml_parser_t) bool {
> + "found character that cannot start any token")
> + }
> +
> +-// Check the list of potential simple keys and remove the positions that
> +-// cannot contain simple keys anymore.
> +-func yaml_parser_stale_simple_keys(parser *yaml_parser_t) bool {
> +- // Check for a potential simple key for each flow level.
> +- for i := range parser.simple_keys {
> +- simple_key := &parser.simple_keys[i]
> +-
> +- // The specification requires that a simple key
> +- //
> +- // - is limited to a single line,
> +- // - is shorter than 1024 characters.
> +- if simple_key.possible && (simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index) {
> +-
> +- // Check if the potential simple key to be removed is required.
> +- if simple_key.required {
> +- return yaml_parser_set_scanner_error(parser,
> +- "while scanning a simple key", simple_key.mark,
> +- "could not find expected ':'")
> +- }
> +- simple_key.possible = false
> ++func yaml_simple_key_is_valid(parser *yaml_parser_t, simple_key *yaml_simple_key_t) (valid, ok bool) {
> ++ if !simple_key.possible {
> ++ return false, true
> ++ }
> ++
> ++ // The 1.2 specification says:
> ++ //
> ++ // "If the ? indicator is omitted, parsing needs to see past the
> ++ // implicit key to recognize it as such. To limit the amount of
> ++ // lookahead required, the “:” indicator must appear at most 1024
> ++ // Unicode characters beyond the start of the key. In addition, the key
> ++ // is restricted to a single line."
> ++ //
> ++ if simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index {
> ++ // Check if the potential simple key to be removed is required.
> ++ if simple_key.required {
> ++ return false, yaml_parser_set_scanner_error(parser,
> ++ "while scanning a simple key", simple_key.mark,
> ++ "could not find expected ':'")
> + }
> ++ simple_key.possible = false
> ++ return false, true
> + }
> +- return true
> ++ return true, true
> + }
> +
> + // Check if a simple key may start at the current position and add it if
> +@@ -879,13 +862,14 @@ func yaml_parser_save_simple_key(parser *yaml_parser_t) bool {
> + possible: true,
> + required: required,
> + token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
> ++ mark: parser.mark,
> + }
> +- simple_key.mark = parser.mark
> +
> + if !yaml_parser_remove_simple_key(parser) {
> + return false
> + }
> + parser.simple_keys[len(parser.simple_keys)-1] = simple_key
> ++ parser.simple_keys_by_tok[simple_key.token_number] = len(parser.simple_keys) - 1
> + }
> + return true
> + }
> +@@ -900,9 +884,10 @@ func yaml_parser_remove_simple_key(parser *yaml_parser_t) bool {
> + "while scanning a simple key", parser.simple_keys[i].mark,
> + "could not find expected ':'")
> + }
> ++ // Remove the key from the stack.
> ++ parser.simple_keys[i].possible = false
> ++ delete(parser.simple_keys_by_tok, parser.simple_keys[i].token_number)
> + }
> +- // Remove the key from the stack.
> +- parser.simple_keys[i].possible = false
> + return true
> + }
> +
> +@@ -912,7 +897,12 @@ const max_flow_level = 10000
> + // Increase the flow level and resize the simple key list if needed.
> + func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool {
> + // Reset the simple key on the next level.
> +- parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{})
> ++ parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{
> ++ possible: false,
> ++ required: false,
> ++ token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
> ++ mark: parser.mark,
> ++ })
> +
> + // Increase the flow level.
> + parser.flow_level++
> +@@ -928,7 +918,9 @@ func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool {
> + func yaml_parser_decrease_flow_level(parser *yaml_parser_t) bool {
> + if parser.flow_level > 0 {
> + parser.flow_level--
> +- parser.simple_keys = parser.simple_keys[:len(parser.simple_keys)-1]
> ++ last := len(parser.simple_keys) - 1
> ++ delete(parser.simple_keys_by_tok, parser.simple_keys[last].token_number)
> ++ parser.simple_keys = parser.simple_keys[:last]
> + }
> + return true
> + }
> +@@ -1005,6 +997,8 @@ func yaml_parser_fetch_stream_start(parser *yaml_parser_t) bool {
> + // Initialize the simple key stack.
> + parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{})
> +
> ++ parser.simple_keys_by_tok = make(map[int]int)
> ++
> + // A simple key is allowed at the beginning of the stream.
> + parser.simple_key_allowed = true
> +
> +@@ -1286,7 +1280,11 @@ func yaml_parser_fetch_value(parser *yaml_parser_t) bool {
> + simple_key := &parser.simple_keys[len(parser.simple_keys)-1]
> +
> + // Have we found a simple key?
> +- if simple_key.possible {
> ++ if valid, ok := yaml_simple_key_is_valid(parser, simple_key); !ok {
> ++ return false
> ++
> ++ } else if valid {
> ++
> + // Create the KEY token and insert it into the queue.
> + token := yaml_token_t{
> + typ: yaml_KEY_TOKEN,
> +@@ -1304,6 +1302,7 @@ func yaml_parser_fetch_value(parser *yaml_parser_t) bool {
> +
> + // Remove the simple key.
> + simple_key.possible = false
> ++ delete(parser.simple_keys_by_tok, simple_key.token_number)
> +
> + // A simple key cannot follow another simple key.
> + parser.simple_key_allowed = false
> +diff --git a/src/import/vendor/gopkg.in/yaml.v2/yaml.go b/src/importvendor/gopkg.in/yaml.v2/yaml.go
> +index de85aa4cdb7..89650e293ac 100644
> +--- a/src/import/vendor/gopkg.in/yaml.v2/yaml.go
> ++++ b/src/import/vendor/gopkg.in/yaml.v2/yaml.go
> +@@ -89,7 +89,7 @@ func UnmarshalStrict(in []byte, out interface{}) (err error) {
> + return unmarshal(in, out, true)
> + }
> +
> +-// A Decorder reads and decodes YAML values from an input stream.
> ++// A Decoder reads and decodes YAML values from an input stream.
> + type Decoder struct {
> + strict bool
> + parser *parser
> +diff --git a/src/import/vendor/gopkg.in/yaml.v2/yamlh.go b/src/importvendor/gopkg.in/yaml.v2/yamlh.go
> +index e25cee563be..f6a9c8e34b1 100644
> +--- a/src/import/vendor/gopkg.in/yaml.v2/yamlh.go
> ++++ b/src/import/vendor/gopkg.in/yaml.v2/yamlh.go
> +@@ -579,6 +579,7 @@ type yaml_parser_t struct {
> +
> + simple_key_allowed bool // May a simple key occur at the current position?
> + simple_keys []yaml_simple_key_t // The stack of simple keys.
> ++ simple_keys_by_tok map[int]int // possible simple_key indexes indexed by token_number
> +
> + // Parser stuff
> +
> +diff --git a/src/import/vendor/modules.txt b/src/importvendor/modules.txt
> +index a51796d1ed5..a45f1cd3e3b 100644
> +--- a/src/import/vendor/modules.txt
> ++++ b/src/import/vendor/modules.txt
> +@@ -1059,7 +1059,7 @@ gopkg.in/square/go-jose.v2/jwt
> + gopkg.in/tomb.v1
> + # gopkg.in/warnings.v0 v0.1.1 => gopkg.in/warnings.v0 v0.1.1
> + gopkg.in/warnings.v0
> +-# gopkg.in/yaml.v2 v2.2.4 => gopkg.in/yaml.v2 v2.2.4
> ++# gopkg.in/yaml.v2 v2.2.8 => gopkg.in/yaml.v2 v2.2.8
> + gopkg.in/yaml.v2
> + # gotest.tools v2.2.0+incompatible => gotest.tools v2.2.0+incompatible
> + gotest.tools
> +--
> +2.20.1
> +
> diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
> index 76107af..4698874 100644
> --- a/recipes-containers/kubernetes/kubernetes_git.bb
> +++ b/recipes-containers/kubernetes/kubernetes_git.bb
> @@ -11,6 +11,11 @@ SRCREV_kubernetes = "f45fc1861acab22eb6a4697e3fb831e85ef5ff9c"
> SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.17;name=kubernetes \
> file://0001-hack-lib-golang.sh-use-CC-from-environment.patch \
> file://0001-cross-don-t-build-tests-by-default.patch \
> + file://0001-Add-new-endpoint-for-resource-metrics.patch \
> + file://0001-update-gopkg.in-yaml.v2-to-v2.2.8.patch \
> + file://0001-remove-client-label-from-apiserver-request-count-met.patch \
> + file://0001-Add-code-to-fix-kubelet-metrics-memory-issue.patch \
> + file://0001-Deal-with-auto-generated-files.patch \
> "
>
> DEPENDS += "rsync-native \
> --
> 2.24.1
>
>
>
>
>
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-05-08 20:12 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-29 17:49 [meta-virtualization][PATCH] kubernetes: Backport CVE fixes sakib.sajal
2020-04-29 19:28 ` Bruce Ashfield
2020-05-07 14:53 ` sakib.sajal
2020-05-08 20:12 ` Bruce Ashfield
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.