DONT-MERGE: Kicbase/ISO: Update dependency versions - old-

[minikube-bot]

Changelog:

Update BuildKit from v0.16.0 to v0.18.1

Release notes

Update CNI Plugins from v1.6.0 to v1.6.1

Release notes

Update Go from 1.23.2 to 1.23.3

Update nerdctl from 1.7.7 to 2.0.1

Release notes

Update runc from v1.1.15 to v1.2.2

Release notes

[minikube-bot]

ok-to-build-image

[minikube-bot]

ok-to-build-iso

[k8s-ci-robot]

Hi @minikube-bot. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: minikube-bot
Once this PR has been reviewed and has the lgtm label, please assign prezha for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[minikube-bot]

Hi @minikube-bot, we have updated your PR with the reference to newly built kicbase image. Pull the changes locally if you want to test with them or update your PR further.

[minikube-bot]

Hi @minikube-bot, we have updated your PR with the reference to newly built ISO. Pull the changes locally if you want to test with them or update your PR further.

[spowelljr]

/ok-to-test

[minikube-pr-bot]

kvm2 driver with docker runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 20044) |
+----------------+----------+---------------------+
| minikube start | 49.3s    | 48.7s               |
| enable ingress | 17.0s    | 16.0s               |
+----------------+----------+---------------------+

Times for minikube start: 48.6s 48.6s 50.7s 49.4s 49.0s
Times for minikube (PR 20044) start: 49.1s 47.0s 48.9s 48.9s 49.6s

Times for minikube ingress: 20.0s 18.5s 14.5s 16.0s 16.0s
Times for minikube (PR 20044) ingress: 15.0s 15.0s 16.0s 15.0s 19.0s

docker driver with docker runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 20044) |
+----------------+----------+---------------------+
| minikube start | 21.1s    | 22.2s               |
| enable ingress | 13.1s    | 12.8s               |
+----------------+----------+---------------------+

Times for minikube start: 20.5s 21.0s 21.4s 21.5s 21.0s
Times for minikube (PR 20044) start: 20.2s 20.8s 23.3s 23.3s 23.6s

Times for minikube ingress: 13.3s 12.8s 13.3s 13.3s 12.8s
Times for minikube (PR 20044) ingress: 12.3s 12.8s 12.8s 13.3s 12.8s

docker driver with containerd runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 20044) |
+----------------+----------+---------------------+
| minikube start | 21.4s    | 19.8s               |
| enable ingress | 39.2s    | 37.5s               |
+----------------+----------+---------------------+

Times for minikube start: 19.5s 20.0s 22.0s 22.5s 23.1s
Times for minikube (PR 20044) start: 20.3s 19.7s 20.3s 19.9s 18.7s

Times for minikube (PR 20044) ingress: 30.3s 38.7s 39.3s 38.8s 40.3s
Times for minikube ingress: 38.8s 38.8s 39.3s 39.8s 39.3s

[minikube-pr-bot]

Here are the number of top 10 failed tests in each environments with lowest flake rate.

Environment	Test Name	Flake Rate
Docker_Linux_containerd (1 failed)	TestDockerEnvContainerd(gopogh)	0.00% (chart)
Docker_Linux_containerd_arm64 (1 failed)	TestDockerEnvContainerd(gopogh)	0.00% (chart)

Besides the following environments also have failed tests:

• Hyperkit_macOS: 19 failed (gopogh)

• Docker_Cloud_Shell: 3 failed (gopogh)

• KVM_Linux_crio: 16 failed (gopogh)

• Docker_Linux_crio_arm64: 2 failed (gopogh)

• QEMU_macOS: 99 failed (gopogh)

• Docker_Linux_crio: 13 failed (gopogh)

To see the flake rates of all tests by environment, click here.

[spowelljr]

I'm assuming the above test failure are related to nerdctl updating to 2.0

https://github.com/containerd/nerdctl/releases/tag/v2.0.0

[medyagh]

I'm assuming the above test failure are related to nerdctl updating to 2.0

https://github.com/containerd/nerdctl/releases/tag/v2.0.0

did it update to nerdctl 2 ?

[prezha]

sure @medyagh, i had a look:

looks like bumping nerdctl to v2 was (part of) the problem - so:

• not bumping it could solve the problem, or alternatively
• fixing how nerdctld handles the new image size format that could alleviate the failures we noticed (but there could be others)

details:

as seen in TestDockerEnvContainerd in Docker_Linux_containerd (and similarly in Docker_Linux_containerd_arm64):

docker_test.go:250: (dbg) Non-zero exit: /bin/bash -c "SSH_AUTH_SOCK="/tmp/ssh-W3fiG2yxpFH1/agent.60129" SSH_AGENT_PID="60130" DOCKER_HOST=ssh://[email protected]:32773 docker image ls": exit status 1 (533.228747ms)
** stderr **
error during connect: Get "http://docker.example.com/v1.43/images/json": EOF
** /stderr **

indicating that this api call that docker made (image ls) failed, in which case docker returns that silly generic error

for docker-env cmd with containerd container-runtime, we use nerdctld as docker daemon:

minikube/cmd/minikube/cmd/docker-env.go

Lines 315 to 338 in 3b895bd

	// for the sake of docker-env command, start nerdctl and nerdctld
	if cr == constants.Containerd {
	out.WarningT("Using the docker-env command with the containerd runtime is a highly experimental feature, please provide feedback or contribute to make it better")
	startNerdctld()
	// docker-env on containerd depends on nerdctld (https://github.com/afbjorklund/nerdctld) as "docker" daeomn
	// and nerdctld daemon must be used with ssh connection (it is set in kicbase image's Dockerfile)
	// so directly set --ssh-host --ssh-add to true, even user didn't specify them
	sshAdd = true
	sshHost = true
	// start the ssh-agent
	if err := sshagent.Start(cname); err != nil {
	exit.Message(reason.SSHAgentStart, err.Error())
	}
	// cluster config must be reloaded
	// otherwise we won't be able to get SSH_AUTH_SOCK and SSH_AGENT_PID from cluster config.
	co = mustload.Running(cname)
	// set the ssh-agent envs for current process
	os.Setenv("SSH_AUTH_SOCK", co.Config.SSHAuthSock)
	os.Setenv("SSH_AGENT_PID", strconv.Itoa(co.Config.SSHAgentPID))
	}

replicating the issue

minikube -p pr-20044-1733346028 start --base-image="gcr.io/k8s-minikube/kicbase-builds:v0.0.45-1733346445-20044@sha256:6a5b82a733726dfa5de56dfdd15984eb66288e2b42a8ec92cad6aae09c402153" --driver=docker --container-runtime=containerd

minikube -p pr-20044-1733346028 docker-env --ssh-host --ssh-add

❗  Using the docker-env command with the containerd runtime is a highly experimental feature, please provide feedback or contribute to make it better
export DOCKER_HOST="ssh://[email protected]:32782"
export MINIKUBE_ACTIVE_DOCKERD="pr-20044-1733346028"
export SSH_AUTH_SOCK="/tmp/ssh-XXXXXXeTrTgH/agent.1553856"
export SSH_AGENT_PID="1553857"

# To point your shell to minikube's docker-daemon, run:
# eval $(minikube -p pr-20044-1733346028 docker-env --ssh-host)
Identity added: /home/prezha/.minikube/machines/pr-20044-1733346028/id_rsa (/home/prezha/.minikube/machines/pr-20044-1733346028/id_rsa)
Host added: /home/prezha/.ssh/known_hosts ([127.0.0.1]:32782)

bash -c 'SSH_AUTH_SOCK="/tmp/ssh-XXXXXXeTrTgH/agent.1553856" SSH_AGENT_PID="1553857" DOCKER_HOST="ssh://[email protected]:32782" docker version'

Client:
 Version:           26.1.5-ce
 API version:       1.43 (downgraded from 1.45)
 Go version:        go1.21.13
 Git commit:        411e817ddf71
 Built:             Wed Nov 27 12:10:42 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: 🤓
 nerdctl:
  Version:          2.0.1
 buildctl:
  Version:          0.18.1
  GitCommit:        eb68885955169461d72dc2b7e6d084100fcaba86
 containerd:
  Version:          1.7.24
  GitCommit:        88bf19b2105c8b17560993bee28a01ddc2f97182
 runc:
  Version:          1.2.2
  GitCommit:        7cb3632
 Engine:
  Version:          2.0.1
  API version:      1.43 (minimum version 1.24)
  Go version:       go1.23.3
  Git commit:       47f31ff2c1615c1accb85c1ce4e7882ad739102f
  Built:            
  OS/Arch:          linux/amd64
  Experimental:     true

bash -c 'SSH_AUTH_SOCK="/tmp/ssh-XXXXXXeTrTgH/agent.1553856" SSH_AGENT_PID="1553857" DOCKER_HOST="ssh://[email protected]:32782" DOCKER_BUILDKIT=0 docker build -t local/minikube-dockerenv-containerd-test:latest testdata/docker-env'

DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
            BuildKit is currently disabled; enable it by removing the DOCKER_BUILDKIT=0
            environment-variable.

Sending build context to Docker daemon  2.048kB
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 76B done
#1 DONE 0.1s
#2 [internal] load metadata for docker.io/library/alpine:latest
#2 DONE 1.3s
#3 [internal] load .dockerignore
#3 transferring context: 2B done
#3 DONE 0.1s
#4 [1/1] FROM docker.io/library/alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
#4 resolve docker.io/library/alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 0.1s done
#4 DONE 0.2s
#5 exporting to image
#5 exporting layers done
#5 exporting manifest sha256:e561bf850a55b17018592c8931e07d58cbf5ac45ea3b143b7dc2c9122bee3450 0.0s done
#5 exporting config sha256:cd64715dc711fced3b6123ee9500fc3b0e119d30f80d84d56d7dcc2133a18e2e 0.0s done
#5 naming to docker.io/local/minikube-dockerenv-containerd-test:latest
#5 naming to docker.io/local/minikube-dockerenv-containerd-test:latest 0.0s done
#5 DONE 0.5s
#4 [1/1] FROM docker.io/library/alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
#4 sha256:38a8310d387e375e0ec6fabe047a9149e8eb214073db9f461fee6251fd936a75 3.64MB / 3.64MB 0.3s done
#4 DONE 0.5s

bash -c 'SSH_AUTH_SOCK="/tmp/ssh-XXXXXXeTrTgH/agent.1553856" SSH_AGENT_PID="1553857" DOCKER_HOST="ssh://[email protected]:32782" docker image ls'

error during connect: Get "http://docker.example.com/v1.43/images/json": EOF

looking at the nerdctld service status:
minikube -p pr-20044-1733346028 ssh -- sudo systemctl status nerdctld

× nerdctld.service - nerdctld
     Loaded: loaded (/etc/systemd/system/nerdctld.service; disabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Sat 2024-12-07 17:24:46 UTC; 8min ago
TriggeredBy: ● nerdctld.socket
    Process: 116914 ExecStart=nerdctld --addr fd:// (code=exited, status=1/FAILURE)
   Main PID: 116914 (code=exited, status=1/FAILURE)
        CPU: 62ms

Dec 07 17:24:46 pr-20044-1733346028 systemd[1]: Starting nerdctld...
Dec 07 17:24:46 pr-20044-1733346028 systemd[1]: Started nerdctld.
Dec 07 17:24:46 pr-20044-1733346028 nerdctld[116914]: [GIN] 2024/12/07 - 17:24:46 | 200 |       2.186µs |                 | HEAD     "/_ping"
Dec 07 17:24:46 pr-20044-1733346028 nerdctld[116914]: 2024/12/07 17:24:46 strconv.ParseFloat: parsing "0B": invalid syntax
Dec 07 17:24:46 pr-20044-1733346028 systemd[1]: nerdctld.service: Main process exited, code=exited, status=1/FAILURE
Dec 07 17:24:46 pr-20044-1733346028 systemd[1]: nerdctld.service: Failed with result 'exit-code'.
ssh: Process exited with status 3

and similarly in nerdctld logs:
minikube -p pr-20044-1733346028 ssh -- sudo journalctl -xeu nerdctld

...
Dec 07 17:24:46 pr-20044-1733346028 nerdctld[116914]: 2024/12/07 17:24:46 strconv.ParseFloat: parsing "0B": invalid syntax
Dec 07 17:24:46 pr-20044-1733346028 systemd[1]: nerdctld.service: Main process exited, code=exited, status=1/FAILURE
Dec 07 17:24:46 pr-20044-1733346028 systemd[1]: nerdctld.service: Failed with result 'exit-code'.
...

so, the 0B is not something that strconv.ParseFloat can parse, and it's not expected/handled by byteSize() (and similarly by cacheSize())

if we additionally take a look what ls can return - we'll see a mix like MB and kB:

minikube -p pr-20044-1733346028 ssh -- sudo crictl image ls

IMAGE                                     TAG                  IMAGE ID            SIZE
docker.io/kindest/kindnetd                v20241007-36f62932   3a5bc24055c9e       38.6MB
docker.io/kindest/kindnetd                v20241108-5c6d2daf   50415e5d05f05       38.6MB
gcr.io/k8s-minikube/storage-provisioner   v5                   6e38f40d628db       9.06MB
registry.k8s.io/coredns/coredns           v1.11.3              c69fa2e9cbf5f       18.6MB
registry.k8s.io/etcd                      3.5.15-0             2e96e5913fc06       56.9MB
registry.k8s.io/kube-apiserver            v1.31.2              9499c9960544e       28MB
registry.k8s.io/kube-controller-manager   v1.31.2              0486b6c53a1b5       26.1MB
registry.k8s.io/kube-proxy                v1.31.2              505d571f5fd56       30.2MB
registry.k8s.io/kube-scheduler            v1.31.2              847c7bc1a5418       20.1MB
registry.k8s.io/pause                     3.10                 873ed75102791       320kB

i made a pr proposing a fix for handling these cases in nerdctld, @afbjorklund please see if it make sense to you

after

bash -c 'SSH_AUTH_SOCK="/tmp/ssh-XXXXXXeTrTgH/agent.1553856" SSH_AGENT_PID="1553857" DOCKER_HOST="ssh://[email protected]:32782" docker image ls --format=json'

{"Containers":"0","CreatedAt":"2024-12-07 17:22:20 +0000 GMT","CreatedSince":"5 hours ago","Digest":"\u003cnone\u003e","ID":"e561bf850a55","Repository":"local/minikube-dockerenv-containerd-test","SharedSize":"0B","Size":"0B","Tag":"latest","UniqueSize":"0B","VirtualSize":"0B"}
{"Containers":"0","CreatedAt":"2024-12-07 14:40:33 +0000 GMT","CreatedSince":"8 hours ago","Digest":"\u003cnone\u003e","ID":"e35e1050b69d","Repository":"kindest/kindnetd","SharedSize":"0B","Size":"97.5MB","Tag":"v20241108-5c6d2daf","UniqueSize":"97.51MB","VirtualSize":"97.51MB"}
{"Containers":"0","CreatedAt":"2024-10-23 18:37:34 +0100 BST","CreatedSince":"6 weeks ago","Digest":"\u003cnone\u003e","ID":"a454aa48d8e1","Repository":"kindest/kindnetd","SharedSize":"0B","Size":"98MB","Tag":"v20241007-36f62932","UniqueSize":"98.02MB","VirtualSize":"98.02MB"}
{"Containers":"0","CreatedAt":"2024-10-23 18:37:30 +0100 BST","CreatedSince":"6 weeks ago","Digest":"\u003cnone\u003e","ID":"18eb69d1418e","Repository":"gcr.io/k8s-minikube/storage-provisioner","SharedSize":"0B","Size":"31.5MB","Tag":"v5","UniqueSize":"31.47MB","VirtualSize":"31.47MB"}
{"Containers":"0","CreatedAt":"2024-10-23 18:37:28 +0100 BST","CreatedSince":"6 weeks ago","Digest":"\u003cnone\u003e","ID":"9caabbf6238b","Repository":"registry.k8s.io/coredns/coredns","SharedSize":"0B","Size":"66.5MB","Tag":"v1.11.3","UniqueSize":"66.5MB","VirtualSize":"66.5MB"}
{"Containers":"0","CreatedAt":"2024-10-23 18:37:26 +0100 BST","CreatedSince":"6 weeks ago","Digest":"\u003cnone\u003e","ID":"a6dc63e6e8cf","Repository":"registry.k8s.io/etcd","SharedSize":"0B","Size":"151MB","Tag":"3.5.15-0","UniqueSize":"151.3MB","VirtualSize":"151.3MB"}
{"Containers":"0","CreatedAt":"2024-10-23 18:37:20 +0100 BST","CreatedSince":"6 weeks ago","Digest":"\u003cnone\u003e","ID":"ee6521f290b2","Repository":"registry.k8s.io/pause","SharedSize":"0B","Size":"741kB","Tag":"3.10","UniqueSize":"741.4kB","VirtualSize":"741.4kB"}
{"Containers":"0","CreatedAt":"2024-10-23 18:37:19 +0100 BST","CreatedSince":"6 weeks ago","Digest":"\u003cnone\u003e","ID":"62128d752eb4","Repository":"registry.k8s.io/kube-proxy","SharedSize":"0B","Size":"95.3MB","Tag":"v1.31.2","UniqueSize":"95.33MB","VirtualSize":"95.33MB"}
{"Containers":"0","CreatedAt":"2024-10-23 18:37:16 +0100 BST","CreatedSince":"6 weeks ago","Digest":"\u003cnone\u003e","ID":"0f78992e985d","Repository":"registry.k8s.io/kube-scheduler","SharedSize":"0B","Size":"70.7MB","Tag":"v1.31.2","UniqueSize":"70.7MB","VirtualSize":"70.7MB"}
{"Containers":"0","CreatedAt":"2024-10-23 18:37:14 +0100 BST","CreatedSince":"6 weeks ago","Digest":"\u003cnone\u003e","ID":"a33795e8b0ff","Repository":"registry.k8s.io/kube-controller-manager","SharedSize":"0B","Size":"91.7MB","Tag":"v1.31.2","UniqueSize":"91.71MB","VirtualSize":"91.71MB"}
{"Containers":"0","CreatedAt":"2024-10-23 18:37:13 +0100 BST","CreatedSince":"6 weeks ago","Digest":"\u003cnone\u003e","ID":"9d12daaedff9","Repository":"registry.k8s.io/kube-apiserver","SharedSize":"0B","Size":"97.5MB","Tag":"v1.31.2","UniqueSize":"97.51MB","VirtualSize":"97.51MB"}

---

bottom line: regardless if we fix this specific issue or not, there could be others, so perhaps we would not want to partially upgrade some components towards transitioning to containerd v2 release, but do it intentionally in a separate effort instead (ie, i think we should not bump nerdctl as part of this pr)

[k8s-ci-robot]

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.