New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Coreos kube-up now with less cloud init #33965
Coreos kube-up now with less cloud init #33965
Conversation
e3e2f25
to
3653a37
Compare
@@ -0,0 +1,8 @@ | |||
# CoreOS image | |||
|
|||
The [CoreOS operating oystem](https://coreos.com/why/) is a Linux distribution optimized for running containers securely at scale. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/oystem/system
@euank Looks like we don't need |
Jenkins unit/integration failed for commit 082275dc4fdfc9ef19f83335ef29007df10ff304. Full PR test history. The magic incantation to run this job again is |
function setup-kubelet-dir { | ||
echo "Making /var/lib/kubelet executable for kubelet" | ||
mount --bind /var/lib/kubelet /var/lib/kubelet/ | ||
mount -B -o remount,exec,suid,dev /var/lib/kubelet |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove some tailing spaces?
@@ -0,0 +1,173 @@ | |||
#!/bin/bash | |||
|
|||
# Copyright 2015 The Kubernetes Authors. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2016
-o "${tmp_kube_env}" \ | ||
http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env | ||
# Convert the yaml format file into a shell-style file. | ||
sed 's/: /=/' < "${tmp_kube_env}" > "${KUBE_DIR}/kube-env" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@euank Have you verified that this will always work for today's kube env yamls?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It does work as best as I can tell based on sourcing the file and printenv and based on skimming it.
Any specific concerns?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@euank Thank you.
LGTM other than the comments above. Thanks for the work!!! @euank |
As a hint for reviewers, doing a (vim)diff between the |
082275d
to
aca0aa2
Compare
Jenkins GCE e2e failed for commit aca0aa29541b024c0eb436c6cdab6c82957c22c5. Full PR test history. The magic incantation to run this job again is |
Jenkins GKE smoke e2e failed for commit aca0aa29541b024c0eb436c6cdab6c82957c22c5. Full PR test history. The magic incantation to run this job again is |
Jenkins GCI GKE smoke e2e failed for commit aca0aa29541b024c0eb436c6cdab6c82957c22c5. Full PR test history. The magic incantation to run this job again is |
aca0aa2
to
6bb8c49
Compare
Jenkins Kubemark GCE e2e failed for commit 6bb8c4928668118446f048f5a6516ff0dbe08e10. Full PR test history. The magic incantation to run this job again is |
We found a Contributor License Agreement for you (the sender of this pull request) and all commit authors, but as best as we can tell these commits were authored by someone else. If that's the case, please add them to this pull request and have them confirm that they're okay with these commits being contributed to Google. If we're mistaken and you did author these commits, just reply here to confirm. |
05ec52f
to
3536ecc
Compare
Sorry for the long delay on the code review. I only two concerns:
|
@grodrigues3 Is there a PR that adds an OWNERS file for cluster/gce/coreos? Could we break it out and get it in earlier than the rest? |
@bgrant0607 -- juju and vagrant are the only directories under cluster that have an OWNERS file. |
@roberthbailey Per the original comment, number 2. This PR is "an incremental step towards sharing more code between gci/trusty/coreos, again for better maintenance" I want to do that in a followup PR because that change will also be intrusive to GCI and would best be reviewed separately. I don't believe there is yet any shared code between the gci/coreos folders yet (though I want them to in the future as above). The new thing that could break this is the shared saltbase manifests (which all of gci/coreos/trusty share with this) since there's not much testing there, but there wasn't testing before and on at least one occasion the non-shared coreos-dedicated manifests were broken regardless. |
@euank - thanks. That answered by second question. My only remaining question is about the duplication of functions in shell. |
# such as GCI and Ubuntu Trusty. We directly copy manifests from | ||
# cluster/addons and cluster/saltbase/salt. The script of cluster initialization | ||
# will remove the salt configuration and evaluate the variables in the manifests. | ||
function kube::release::package_kube_manifests_tarball() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this redundant with the function of the same name in build/lib/release.sh?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The was a rebase error. After fixing it, it's a 3-line diff in the original function
I'll update the PR after verifying things still work..
Thanks for catching it!
set -o errexit | ||
set -o nounset | ||
set -o pipefail | ||
|
||
function set-broken-motd { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI We've found that setting the motd is really useful for debugging node startup failure.
@roberthbailey I was suggesting that we create a new OWNERS file |
Yup. I asked @euank to send a quick PR to add one. |
3536ecc
to
65e8d77
Compare
@roberthbailey I addressed your comment and rebased it back on master again to pick up any missing gci changes. I validated that it works for me with my kube-up environment of:
I'll send an owners pr pronto as well including myself, @yifan-gu, and @ethernetdan as owners. |
Automatic merge from submit-queue cluster/gce/coreos: add OWNERS See #33965 for context. The code in `cluster/gce/coreos` has mostly been written/maintained by @yifan-gu and myself thusfar, so I added our names to the owner list. @ethernetdan has also volunteered as well (thanks!). **Release note**: ```release-note NONE ``` cc @roberthbailey
@euank looks like it needs another rebase. |
This is for reviewing ease as the following commits introduce changes to make the coreos kube-up deployment share significant code with the gci code.
This update includes significant refactoring. It moves almost all of the logic into bash scripts, modeled after the `gci` cluster scripts. The primary differences between the two are the following: 1. Use of the `/opt/kubernetes` directory over `/home/kubernetes` 2. Support for rkt as a runtime 3. No use of logrotate 4. No use of `/etc/default/` 5. No logic related to noexec mounts or gci-specific firewall-stuff
We don't use this bit of gci currently.
65e8d77
to
5a2d080
Compare
Rebased .. |
/lgtm |
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
Automatic merge from submit-queue |
This update includes significant refactoring. It moves almost all of the
logic into bash scripts, modeled after the
gci
cluster scripts.The reason to do this is:
The primary differences from the gci scripts are the following:
/opt/kubernetes
directory over/home/kubernetes
/etc/default/
It will make sense to move 2 over to gci, as well as perhaps a few other small improvements. That will be a separate PR for ease of review.
Ref #29720, this is a part of that because it removes a copy of them.
Fixes #24165
cc @yifan-gu
Since this logic largely duplicates logic from the gci folder, it would be nice if someone closely familiar with that gave an OK or made sure I didn't fall into any gotchas related to that, so cc @andyzheng0831
This change is