Currently if we disable cloud provider by the following
CLOUD_PROVIDER_FLAG=external
KUBE_FEATURE_GATES=DisableCloudProviders=true,DisableKubeletCloudCredentialProviders=true
we can no longer schedule workloads due to taints and a lack of
node configuration.
This pulls a CCM image from K/cloud-provider-gcp to run tests.
This is a pre-step for taking the above feature gates to beta.
It does not address the last known good dependency issue.
Specifically the CCM image is built on top of client-go and staging.
However this image will be an "old" verison of those libraries.
So it does not test if those libraries work in the CCM.
Fix shellcheck errors.
Add CCM_FEATURE_GATES for testing.
Switching to extended regex from perl regex.
Adding instrumentation to cluster configuration.
Improved regex to not greedily get key-value pairs.
Fixed issue with error on regex no line match.
Switch credentialprovider version to v1alpha1
* Detect if image is using cgroupv2
* Configure both kubelet and containerd to use systemd cgroup driver
when running under cgroupv2
Systemd cgroup driver is recommended to be used when running on
cgroupv2. It is also the default in moby
https://github.com/moby/moby/pull/40846
Signed-off-by: David Porter <david@porter.me>
PR #107663 changed the startup logic to always call `SetupContainerd`
which will generate a new containerd `/etc/containerd/config.toml` file.
This is not always desired since some jobs install containerd from
source and the containerd startup scripts
(https://github.com/containerd/containerd/blob/main/contrib/gce/configure.sh)
are responsible for generating the `/etc/containerd/config.toml` file.
By always calling `SetupContainerd`, the containerd configuration by
containerd's `configure.sh` will be overridden which breaks certain test
jobs, see https://github.com/kubernetes/kubernetes/issues/107830.
To fix this issue, only call `SetupContainerd` if
`/etc/profile.d/containerd_env.sh` does not exist. When containerd
`configure.sh` script will run, `/etc/profile.d/containerd_env.sh` will
be written, and as a result the k8s setup scripts should avoid
overriding the containerd configuration.
Signed-off-by: David Porter <david@porter.me>
We currently have UDS as the configuration with GRPC.
Some users are setting up egress to remote konnectivity servers.
Cannot use UDS for this configuration.
Should have a config setup which validates the mTLS configuration.
Fixed lint errors from shell check.
Fix volumes to not include pki for ANP in grpc mode.
Fix non-working link provided on MOTD to download GKE source release.
Now point to correct location, confirmed same file as provided in "/home/kubernetes/kubernetes-src.tar.gz"
During cluster configuration, the hostname is getting resolved to IP,
as etcd requires IP address as listening address.
Due to connectivity flakes or delayed network inititalization, sometimes
the IP fails to be resolved to a name with following error:
```
[Errno -2] Name or service not known
```
that leads to attempt to run etcd with empty flag.
The PR adds a proper retry (up to 5 minutes) in case the connectivity
problems happens.
I considered alternatives like: `getent hosts foo`, but unfortunetelly thay
can return IPv6 that etcd is not ready for (yet).
if setfacl is called before chmod g+r at anypoint during the lifetime of
the cluster then the default group does not have read permissions on the
file. so we explicitly grant the default group read permissions. See
https://gist.github.com/mmdriley/85ca34f711acbec4b1b94902add488e5 for a
repro.
