Bundling together vanilla kubernetes, containerd, vanilla CNI, and a full featured CNI requires some level of quirks due to conflicting dependencies mostly.
We try and use the most up to date version of each dependency while upstreaming patches required for interoperability. Remaining quirks are listed below.
Kubernetes beta Release
Kubernetes 1.23+ up until 1.25 requires a recent version of containerd (1.6+), which pulls otel 1.x, conflicting with both kuberbetes itself (which is funny tbh) and embedded etcd 3.5.
Fortunately etcd 3.5.6 upgraded its dependency, opening the path for kubernetes, though not released yet.
CNI plugins forked by Rancher
containernetworking/plugins does not expose its main functions for plugins, which eventually prevents from using them as reexec targets and bundling them in a single binary.
Rancher forked the project to build a single CNI binary, which we currently reuse to bundle them in the main binary instead.
Forked is located at: github.com/rancher/plugins
Gojose pinned to v2.2.2
TODO (document why this is pinned exactly)