From a11811d6fb58a50be6418ff93d1147e786e8e205 Mon Sep 17 00:00:00 2001
From: Patrick Baxter <pb@coreos.com>
Date: Wed, 24 Aug 2016 22:11:11 +0000
Subject: [PATCH 1/4] cluster/images/hyperkube: add ceph-common

---
 cluster/images/hyperkube/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cluster/images/hyperkube/Dockerfile b/cluster/images/hyperkube/Dockerfile
index d5abe8a4fb63e..86ae6a82c3635 100644
--- a/cluster/images/hyperkube/Dockerfile
+++ b/cluster/images/hyperkube/Dockerfile
@@ -32,6 +32,7 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get update -y \
     nfs-common \
     glusterfs-client \
     cifs-utils \
+    ceph-common \
     && DEBIAN_FRONTEND=noninteractive apt-get upgrade -y \
     && DEBIAN_FRONTEND=noninteractive apt-get autoremove -y \
     && DEBIAN_FRONTEND=noninteractive apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # CACHEBUST

From e5b802535fe444f06f4e41b4413b2dd92accc165 Mon Sep 17 00:00:00 2001
From: Tom Denham <tom@tomdee.co.uk>
Date: Tue, 7 Jun 2016 10:04:56 -0700
Subject: [PATCH 2/4] Add Calico to hyperkube image

---
 cluster/images/hyperkube/Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cluster/images/hyperkube/Makefile b/cluster/images/hyperkube/Makefile
index 1273c08019173..4928663da9bc6 100644
--- a/cluster/images/hyperkube/Makefile
+++ b/cluster/images/hyperkube/Makefile
@@ -111,6 +111,8 @@ else
 endif
 	# Download CNI
 	curl -sSL --retry 5 https://storage.googleapis.com/kubernetes-release/network-plugins/cni-${ARCH}-${CNI_RELEASE}.tar.gz | tar -xz -C ${TEMP_DIR}/cni-bin
+	curl -sSL --retry 5 -o  ${TEMP_DIR}/cni-bin/bin/calico https://github.com/projectcalico/calico-cni/releases/download/v1.8.0/calico
+	chmod +x ${TEMP_DIR}/cni-bin/bin/calico
 
 	docker build --pull -t ${REGISTRY}/hyperkube-${ARCH}:${VERSION} ${TEMP_DIR}
 	rm -rf "${TEMP_DIR}"

From 8bc3fff55c563646946b89dd4fb4ebc5f3691142 Mon Sep 17 00:00:00 2001
From: Diego Pontoriero <diego.pontoriero@coreos.com>
Date: Thu, 18 May 2017 12:37:42 -0700
Subject: [PATCH 3/4] Add CAP_NET_BIND_SERVICE to hyperkube.

Add CAP_NET_BIND_SERVICE to hyperkube so it can bind privileged ports as
non-root.
---
 cluster/images/hyperkube/Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cluster/images/hyperkube/Dockerfile b/cluster/images/hyperkube/Dockerfile
index 86ae6a82c3635..c64697f74e99a 100644
--- a/cluster/images/hyperkube/Dockerfile
+++ b/cluster/images/hyperkube/Dockerfile
@@ -91,3 +91,6 @@ RUN ln -s /hyperkube /apiserver \
 
 # Copy the hyperkube binary
 COPY hyperkube /hyperkube
+
+# Add CAP_NET_BIND_SERVICE to hyperkube so it can bind privileged ports as non-root.
+RUN setcap cap_net_bind_service=+ep /hyperkube

From 775818f57256b1fb0d8868dcdee824ab82372592 Mon Sep 17 00:00:00 2001
From: Lucas Serven <lserven@gmail.com>
Date: Fri, 27 Oct 2017 12:13:14 +0200
Subject: [PATCH 4/4] cluster/images/hyperkube: bump calico-cni to v1.11.0

---
 cluster/images/hyperkube/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cluster/images/hyperkube/Makefile b/cluster/images/hyperkube/Makefile
index 4928663da9bc6..257aeb400820a 100644
--- a/cluster/images/hyperkube/Makefile
+++ b/cluster/images/hyperkube/Makefile
@@ -111,7 +111,7 @@ else
 endif
 	# Download CNI
 	curl -sSL --retry 5 https://storage.googleapis.com/kubernetes-release/network-plugins/cni-${ARCH}-${CNI_RELEASE}.tar.gz | tar -xz -C ${TEMP_DIR}/cni-bin
-	curl -sSL --retry 5 -o  ${TEMP_DIR}/cni-bin/bin/calico https://github.com/projectcalico/calico-cni/releases/download/v1.8.0/calico
+	curl -sSL --retry 5 -o  ${TEMP_DIR}/cni-bin/bin/calico https://github.com/projectcalico/calico-cni/releases/download/v1.11.0/calico
 	chmod +x ${TEMP_DIR}/cni-bin/bin/calico
 
 	docker build --pull -t ${REGISTRY}/hyperkube-${ARCH}:${VERSION} ${TEMP_DIR}