Golang fixed the issue with the non-reproducible buildid already in
v1.15.3:
c5f6920212a3e965ce8a
This means we can now use the internal buildid instead of the unset one.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* Removes discovery v1alpha1 API
* Replaces per Endpoint Topology with a read only DeprecatedTopology
in GA API
* Adds per Endpoint Zone field in GA API
A benchmark with go1.16 on amd64 resulted in an overall maximum memory
usage of 15GiB. This means we now lower the `KUBE_PARALLEL_BUILD_MEMORY`
to `20` to still have some room left.
The benchmark has been done with the following `Dockerfile`:
```dockerfile
FROM k8s.gcr.io/build-image/kube-cross:v1.16.0-1
RUN apt-get update && apt-get install -y time
WORKDIR /go/src/k8s.io/kubernetes
RUN git clone https://github.com/kubernetes/kubernetes
ENV KUBE_PARALLEL_BUILD_MEMORY=0
RUN /usr/bin/time -v make -C kubernetes cross-in-a-container
```
The value of interest from the output:
```
Maximum resident set size (kbytes): 1847108
```
The RSS is not the only value we have to consider. During the runtime I
measured the usage of the cached memory, which gets peaks up to 15GiB.
Test machine specs:
- CPU: 2 x Intel Scalable Gold 5120 28-Core Processor @ 2.2GHz
- RAM: 384GB
- Disk: 1 x 3.8TB NVME
- OS: Debian 10 (buster)
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Since this invalid Semantic Version messages redirecting to stdout
will be captured by line 790 at hack/lib/golang.sh:
`goldflags="${GOLDFLAGS=-s -w -buildid=} $(kube::version::ldflags)"`
This happens when only no valid tag exists in repo
Currently target CC can only be set if the host platform
is linux/amd64 . If target is already set in the environment
it is always safe to use it and enable cgo.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
The amount of memory required to build binaries in parallel is right now
set to 40GiB. We now make this variable to be able to build artifacts in
parallel even with a lower amount of memory.
This enables SIG Release to speed-up the build time drastically in
Google Cloud Build (GCB).
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* switched one spot to use kube::logging
* make kube::util::find-binary return an error when it doesn't find
anything so that hack scripts fail fast instead of with '' binary not
found errors.
* this required deleting some genfeddoc stuff. the binary no longer
exists in k/k repo since we removed federation/, and I don't see it
in https://github.com/kubernetes-sigs/kubefed/ either. I'm assuming
that it's gone for good now.
If a bearer token is present in a request, the exec credential plugin should accept that as the chosen method of authentication. Judging by an [earlier comment in exec.go](c18bc7e9f7/staging/src/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go (L217)), this was already intended. This would however not work since UpdateTransportConfig would set the GetCert callback which would then get called by the transport, triggering the exec plugin action even with a token present in the request. See linked issue for further details.
See #87369 for further details.
Signed-off-by: Anders Eknert <anders.eknert@bisnode.com>
While the umask was previously set for builds (and in fact `docker run`
sets it to 0022 by default), the release pipeline `cp`'s files (with
`-a`) which respect the user's umask, and is outside of the build path.
This sets the umask in a common function called by all build tools,
which Stephen agreed was the simplest and most complete fix. The
`verify-prereqs` function is already poorly named for what it does, and
this only makes it epsilon worse.
Some binaries now run as non-root (kube-scheduler). When umask is 0027,
for example, the container image we build has the binary 0750, which is
not executable by the non-root UID.
We have been having issues with making builds reproducible, especially
with the `.note.go.buildid` ELF section. One tip from a golang issue was
to set `-ldflags=-buildid=` which seems to work well. You can confirm
that the buildid is set to empty by inspecting the binaries with the go
command example `go tool buildid _output/local/go/bin/kubectl`
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
- On unstable arch like ARM, etcd needs the "ETCD_UNSUPPORTED_ARCH" to be set
`# etcd --version
etcd on unsupported platform without ETCD_UNSUPPORTED_ARCH=arm64 set`
- `tail -n +1 | head -n 1` is unnecessary, `head -n 1` is enough.
The image used by the Image Promoter (gcr.io/k8s-testimages/gcb-docker-gcloud:v20190906-745fed4)
is based on busybox, and thus, the sed binary is actually busybox. image-util.sh calls
kube::util::ensure-gnu-sed several times, which ensures that a GNU sed binary exists
(it checks by greping GNU in its --help output). Obviously, it won't match the busybox sed
binary. But the sed usage in image-util.sh is fairly simple, and the busybox sed is sufficient.
This was previously fixed in: #87188, but it was reverted by #87653 as it was failing
on Mac (sed does not exist). This commit fixes that issue as well.
In 24d105995d, a fix was made in bazel
based builds to ensure that we add `selinux` tag when we build all
binaries especially the `kubelet`. We need to do the same for in our
hack scripts so things like `make release` will work properly as well.
Some scripts use `GOFLAGS=-tags=providerless` for example, So we should
support the tags to be specified in GOFLAGS as well. We parse out the
tags from there and ensure selinux is added to the list of tags we used
for building the binaries. Note that we add our own `-tags` with the
full set of tags and since we specify our parameter at the end, ours
full list takes precendence
Prior to the Image Centralization part 4 (https://github.com/kubernetes/kubernetes/pull/81170),
a PR merged that enables the Image Promoter to run on the k/k test images.
The Image Promoter currently only builds the Conformance-related images, but the
Image Centralization part 4 centralized some of those images into agnhost, so they
need to be removed from the conformance_images list.
Additionally, https://github.com/kubernetes/kubernetes/pull/81226 proposes mounttest-user
image to be removed, and RunAsUser to be used in tests instead.
The image used by the Image Promoter (gcr.io/k8s-testimages/gcb-docker-gcloud:v20190906-745fed4)
is based on busybox, and thus, the sed binary is actually busybox. image-util.sh calls
kube::util::ensure-gnu-sed several times, which ensures that a GNU sed binary exists
(it checks by greping GNU in its --help output). Obviously, it won't match the busybox sed
binary. But the sed usage in image-util.sh is fairly simple, and the busybox sed is sufficient.
Bumps image versions for: jessie-dnsutils, nonewprivs, resource-consumer, sample-apiserver. These
images are included in the conformance_images that are being built by the Image Promoter, so
we're bumping them just to make sure we're not breaking anything and cause all the CIs to fall.
We're going to bump the image versions used in tests in a subsequent PR. The image version was not
bumped for: agnhost, kitten, nautilus, as they were already bumped by the Image Centralization part 4
PR.
"etcd -version" command output an additional line on ARM platform:
"running etcd on unsupported architecture "arm64" since
ETCD_UNSUPPORTED_ARCH is set"
Currently etcd version filtering code can not get correct version
number.
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
