kubernetes · medyagh · May 13, 2025 · May 8, 2025 · May 9, 2025 · May 9, 2025
diff --git a/Makefile b/Makefile
@@ -24,7 +24,7 @@ KIC_VERSION ?= $(shell grep -E "Version =" pkg/drivers/kic/types.go | cut -d \"
 HUGO_VERSION ?= $(shell grep -E "HUGO_VERSION = \"" netlify.toml | cut -d \" -f2)
 
 # Default to .0 for higher cache hit rates, as build increments typically don't require new ISO versions
-ISO_VERSION ?= v1.35.0
+ISO_VERSION ?= v1.35.0-1746739450-20720
 
 # Dashes are valid in semver, but not Linux packaging. Use ~ to delimit alpha/beta
 DEB_VERSION ?= $(subst -,~,$(RAW_VERSION))
@@ -47,9 +47,9 @@ KVM_GO_VERSION ?= $(GO_VERSION:.0=)
 
 
 INSTALL_SIZE ?= $(shell du out/minikube-windows-amd64.exe | cut -f1)
-BUILDROOT_BRANCH ?= 2023.02.9
+BUILDROOT_BRANCH ?= 2025.02
 # the go version on the line below is for the ISO
-GOLANG_OPTIONS = GO_VERSION=1.21.6 GO_HASH_FILE=$(PWD)/deploy/iso/minikube-iso/go.hash
+GOLANG_OPTIONS = GO_VERSION=1.23.4 GO_HASH_FILE=$(PWD)/deploy/iso/minikube-iso/go.hash
 BUILDROOT_OPTIONS = BR2_EXTERNAL=../../deploy/iso/minikube-iso $(GOLANG_OPTIONS)
 REGISTRY ?= gcr.io/k8s-minikube
 

diff --git a/deploy/iso/minikube-iso/arch/aarch64/package/cri-dockerd-aarch64/cri-dockerd.mk b/deploy/iso/minikube-iso/arch/aarch64/package/cri-dockerd-aarch64/cri-dockerd.mk
@@ -18,7 +18,10 @@ CRI_DOCKERD_AARCH64_ENV = \
 	GO111MODULE=on \
 	GOPATH="$(CRI_DOCKERD_AARCH64_GOPATH)" \
 	PATH=$(CRI_DOCKERD_AARCH64_GOPATH)/bin:$(BR_PATH) \
-	GOARCH=arm64
+	GOARCH=arm64 \
+	GOPROXY="https://proxy.golang.org,direct" \
+	GOSUMDB='sum.golang.org'\
+	GOOS=linux
 
 CRI_DOCKERD_AARCH64_COMPILE_SRC = $(CRI_DOCKERD_AARCH64_GOPATH)/src/github.com/Mirantis/cri-dockerd
 CRI_DOCKERD_AARCH64_BUILDFLAGS = "-ldflags '-X github.com/Mirantis/cri-dockerd/version.Version=$(CRI_DOCKERD_AARCH64_VER) -X github.com/Mirantis/cri-dockerd/version.GitCommit=$(CRI_DOCKERD_AARCH64_REV)'"

diff --git a/deploy/iso/minikube-iso/arch/aarch64/package/docker-buildx-aarch64/docker-buildx.mk b/deploy/iso/minikube-iso/arch/aarch64/package/docker-buildx-aarch64/docker-buildx.mk
@@ -16,7 +16,10 @@ DOCKER_BUILDX_AARCH64_ENV = \
         GOPATH="$(DOCKER_BUILDX_AARCH64_GOPATH)" \
         GOBIN="$(DOCKER_BUILDX_AARCH64_GOPATH)/bin" \
         PATH=$(DOCKER_BUILDX_AARCH64_GOPATH)/bin:$(BR_PATH) \
-        GOARCH=arm64
+        GOARCH=arm64 \
+	GOPROXY="https://proxy.golang.org,direct" \
+	GOSUMDB='sum.golang.org'\
+	GOOS=linux
 
 DOCKER_BUILDX_AARCH64_COMPILE_SRC = $(DOCKER_BUILDX_AARCH64_GOPATH)/src/github.com/docker/buildx
 

diff --git a/deploy/iso/minikube-iso/arch/x86_64/package/cri-dockerd/cri-dockerd.mk b/deploy/iso/minikube-iso/arch/x86_64/package/cri-dockerd/cri-dockerd.mk
@@ -18,7 +18,10 @@ CRI_DOCKERD_ENV = \
 	GO111MODULE=on \
 	GOPATH="$(CRI_DOCKERD_GOPATH)" \
 	PATH=$(CRI_DOCKERD_GOPATH)/bin:$(BR_PATH) \
-	GOARCH=amd64
+	GOARCH=amd64 \
+	GOPROXY="https://proxy.golang.org,direct" \
+	GOSUMDB='sum.golang.org'\
+	GOOS=linux
 
 CRI_DOCKERD_COMPILE_SRC = $(CRI_DOCKERD_GOPATH)/src/github.com/Mirantis/cri-dockerd
 CRI_DOCKERD_BUILDFLAGS = "-ldflags '-X github.com/Mirantis/cri-dockerd/version.Version=$(CRI_DOCKERD_VER) -X github.com/Mirantis/cri-dockerd/version.GitCommit=$(CRI_DOCKERD_REV)'"

diff --git a/deploy/iso/minikube-iso/arch/x86_64/package/docker-buildx/docker-buildx.mk b/deploy/iso/minikube-iso/arch/x86_64/package/docker-buildx/docker-buildx.mk
@@ -16,7 +16,10 @@ DOCKER_BUILDX_ENV = \
         GOPATH="$(DOCKER_BUILDX_GOPATH)" \
         GOBIN="$(DOCKER_BUILDX_GOPATH)/bin" \
         PATH=$(DOCKER_BUILDX_GOPATH)/bin:$(BR_PATH) \
-        GOARCH=amd64
+        GOARCH=amd64 \
+        GOPROXY="https://proxy.golang.org,direct" \
+	GOSUMDB='sum.golang.org'\
+	GOOS=linux
 
 DOCKER_BUILDX_COMPILE_SRC = $(DOCKER_BUILDX_GOPATH)/src/github.com/docker/buildx
 

diff --git a/deploy/iso/minikube-iso/go.hash b/deploy/iso/minikube-iso/go.hash
@@ -35,3 +35,4 @@ sha256  36930162a93df417d90bd22c6e14daff4705baac2b02418edda671cdfa9cd07f  go1.23
 sha256  8d6a77332487557c6afa2421131b50f83db4ae3c579c3bc72e670ee1f6968599  go1.23.3.src.tar.gz
 sha256  ad345ac421e90814293a9699cca19dd5238251c3f687980bbcae28495b263531  go1.23.4.src.tar.gz
 sha256  d14120614acb29d12bcab72bd689f257eb4be9e0b6f88a8fb7e41ac65f8556e5  go1.24.0.src.tar.gz
+sha256 6924efde5de86fe277676e929dc9917d466efa02fb934197bc2eba35d5680971 go1.23.4.linux-amd64.tar.gz
diff --git a/deploy/iso/minikube-iso/package/Config.in b/deploy/iso/minikube-iso/package/Config.in
@@ -1,5 +1,4 @@
 menu "System tools"
-    source "$BR2_EXTERNAL_MINIKUBE_PATH/package/conmon/Config.in"
     source "$BR2_EXTERNAL_MINIKUBE_PATH/package/crio-bin/Config.in"
     source "$BR2_EXTERNAL_MINIKUBE_PATH/package/sysdig/Config.in"
     source "$BR2_EXTERNAL_MINIKUBE_PATH/package/crun-latest/Config.in"

diff --git a/deploy/iso/minikube-iso/package/conmon/Config.in b/deploy/iso/minikube-iso/package/conmon/Config.in
diff --git a/deploy/iso/minikube-iso/package/conmon/conmon.hash b/deploy/iso/minikube-iso/package/conmon/conmon.hash
diff --git a/deploy/iso/minikube-iso/package/conmon/conmon.mk b/deploy/iso/minikube-iso/package/conmon/conmon.mk
diff --git a/deploy/iso/minikube-iso/package/crio-bin/crio.conf b/deploy/iso/minikube-iso/package/crio-bin/crio.conf
@@ -102,7 +102,7 @@ decryption_keys_path = "/etc/crio/keys/"
 
 # Path to the conmon binary, used for monitoring the OCI runtime.
 # Will be searched for using $PATH if empty.
-conmon = "/usr/libexec/crio/conmon"
+conmon = "/usr/bin/conmon"
 
 # Cgroup setting for conmon
 conmon_cgroup = "system.slice"

diff --git a/deploy/iso/minikube-iso/package/falco-module/falco-module.mk b/deploy/iso/minikube-iso/package/falco-module/falco-module.mk
@@ -31,4 +31,5 @@ FALCO_MODULE_INSTALL_STAGING_OPTS = INSTALL_MOD_PATH=$(STAGING_DIR) install_driv
 FALCO_MODULE_INSTALL_TARGET_OPTS = INSTALL_MOD_PATH=$(TARGET_DIR) install_driver
 
 $(eval $(kernel-module))
-$(eval $(cmake-package))
+$(eval $(generic-package))
+
diff --git a/deploy/iso/minikube-iso/package/podman/podman.mk b/deploy/iso/minikube-iso/package/podman/podman.mk
@@ -25,7 +25,10 @@ PODMAN_BIN_ENV = \
 	CGO_ENABLED=1 \
 	GOPATH="$(PODMAN_GOPATH)" \
 	PATH=$(PODMAN_GOPATH)/bin:$(BR_PATH) \
-	GOARCH=$(PODMAN_GOARCH)
+	GOARCH=$(PODMAN_GOARCH) \
+	GOPROXY="https://proxy.golang.org,direct" \
+	GOSUMDB='sum.golang.org'\
+	GOOS=linux
 
 define PODMAN_USERS
 	- -1 podman -1 - - - - -

diff --git a/pkg/minikube/cruntime/cruntime_test.go b/pkg/minikube/cruntime/cruntime_test.go
@@ -572,7 +572,9 @@ func (f *FakeRunner) systemctl(args []string, root bool) (string, error) { // no
 		case "disable":
 		case "mask":
 		case "unmask":
+		case "reset-failed":
 			f.t.Logf("fake systemctl: %s %s: %v", svc, action, state)
+
 		default:
 			return out, fmt.Errorf("unimplemented fake action: %q", action)
 		}

diff --git a/pkg/minikube/cruntime/docker.go b/pkg/minikube/cruntime/docker.go
@@ -167,6 +167,7 @@ func (r *Docker) Enable(disOthers bool, cgroupDriver string, inUserNamespace boo
 		return err
 	}
 
+	_ = r.Init.ResetFailed("docker")
 	if err := r.Init.Restart("docker"); err != nil {
 		return err
 	}
@@ -197,9 +198,15 @@ func (r *Docker) Enable(disOthers bool, cgroupDriver string, inUserNamespace boo
 			return err
 		}
 
-		// try to restart service if stopped, intentionally continue on any error
-		if !r.Init.Active(service) {
+		_ = r.Init.ResetFailed(service)
+		_ = r.Init.Restart(service)
+		// try to restart service if stopped, restart until it works
+		for !r.Init.Active(service) {
+			time.Sleep(5 * time.Second)
+			_ = r.Init.ResetFailed(service)
 			_ = r.Init.Restart(service)
+			time.Sleep(5 * time.Second)
+
 		}
 	}
 
@@ -208,6 +215,7 @@ func (r *Docker) Enable(disOthers bool, cgroupDriver string, inUserNamespace boo
 
 // Restart restarts Docker on a host
 func (r *Docker) Restart() error {
+	_ = r.Init.ResetFailed("docker")
 	return r.Init.Restart("docker")
 }
 

diff --git a/pkg/minikube/download/iso.go b/pkg/minikube/download/iso.go
@@ -41,7 +41,7 @@ const fileScheme = "file"
 // DefaultISOURLs returns a list of ISO URL's to consult by default, in priority order
 func DefaultISOURLs() []string {
 	v := version.GetISOVersion()
-	isoBucket := "minikube/iso"
+	isoBucket := "minikube-builds/iso/20720"
 
 	return []string{
 		fmt.Sprintf("https://storage.googleapis.com/%s/minikube-%s-%s.iso", isoBucket, v, runtime.GOARCH),

diff --git a/pkg/minikube/sysinit/openrc.go b/pkg/minikube/sysinit/openrc.go
@@ -120,6 +120,10 @@ func (s *OpenRC) Disable(_ string) error {
 	return nil
 }
 
+func (s *OpenRC) ResetFailed(_ string) error {
+	return nil
+}
+
 // DisableNow does Disable + Stop
 func (s *OpenRC) DisableNow(svc string) error {
 	// supposed to do disable + stop

diff --git a/pkg/minikube/sysinit/sysinit.go b/pkg/minikube/sysinit/sysinit.go
@@ -65,6 +65,9 @@ type Manager interface {
 	// Reload restarts a service
 	Reload(string) error
 
+	// ResetFailed reset the fail counter of a service
+	ResetFailed(string) error
+
 	// Stop stops a service
 	Stop(string) error
 

diff --git a/pkg/minikube/sysinit/systemd.go b/pkg/minikube/sysinit/systemd.go
@@ -110,10 +110,19 @@ func (s *Systemd) Restart(svc string) error {
 	if err := s.daemonReload(); err != nil {
 		return err
 	}
+
 	_, err := s.r.RunCmd(exec.Command("sudo", "systemctl", "restart", svc))
 	return s.appendJournalctlLogsOnFailure(svc, err)
 }
 
+// run systemctl reset-failed for a service
+// some services declare a realitive small restart-limit in their .service configuration
+// so we reset reset-failed counter to override the limit
 // restart cri-docker 
 // restart cri-docker 
+func (s *Systemd) ResetFailed(svc string) error {
+	_, err := s.r.RunCmd(exec.Command("sudo", "systemctl", "reset-failed", svc))
+	return s.appendJournalctlLogsOnFailure(svc, err)
+}
+
 // Reload reloads a service
 func (s *Systemd) Reload(svc string) error {
 	if err := s.daemonReload(); err != nil {