PR #107663 changed the startup logic to always call `SetupContainerd`
which will generate a new containerd `/etc/containerd/config.toml` file.
This is not always desired since some jobs install containerd from
source and the containerd startup scripts
(https://github.com/containerd/containerd/blob/main/contrib/gce/configure.sh)
are responsible for generating the `/etc/containerd/config.toml` file.
By always calling `SetupContainerd`, the containerd configuration by
containerd's `configure.sh` will be overridden which breaks certain test
jobs, see https://github.com/kubernetes/kubernetes/issues/107830.
To fix this issue, only call `SetupContainerd` if
`/etc/profile.d/containerd_env.sh` does not exist. When containerd
`configure.sh` script will run, `/etc/profile.d/containerd_env.sh` will
be written, and as a result the k8s setup scripts should avoid
overriding the containerd configuration.
Signed-off-by: David Porter <david@porter.me>
We currently have UDS as the configuration with GRPC.
Some users are setting up egress to remote konnectivity servers.
Cannot use UDS for this configuration.
Should have a config setup which validates the mTLS configuration.
Fixed lint errors from shell check.
Fix volumes to not include pki for ANP in grpc mode.
Fix non-working link provided on MOTD to download GKE source release.
Now point to correct location, confirmed same file as provided in "/home/kubernetes/kubernetes-src.tar.gz"
During cluster configuration, the hostname is getting resolved to IP,
as etcd requires IP address as listening address.
Due to connectivity flakes or delayed network inititalization, sometimes
the IP fails to be resolved to a name with following error:
```
[Errno -2] Name or service not known
```
that leads to attempt to run etcd with empty flag.
The PR adds a proper retry (up to 5 minutes) in case the connectivity
problems happens.
I considered alternatives like: `getent hosts foo`, but unfortunetelly thay
can return IPv6 that etcd is not ready for (yet).
if setfacl is called before chmod g+r at anypoint during the lifetime of
the cluster then the default group does not have read permissions on the
file. so we explicitly grant the default group read permissions. See
https://gist.github.com/mmdriley/85ca34f711acbec4b1b94902add488e5 for a
repro.
- Push retry-forever wrapping to curl invocations.
- Collect curl retry flags into a single variable.
- Remove 'sudo: false' in master.yaml, is unnecessary and breaks older
cloud-init versions.
- Change log-error status reason to be more accurate.
- Fix the some 'python' invocations to 'python3'.
