[Re-Apply][Distroless] Convert the GCE manifests for master containers. #76396
Conversation
k8s-ci-robot
added
release-note-none
|
Hi @yuwenma. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
sig/cluster-lifecycle
|
This is a re-apply to PR #75624 which is reverted due to scalability test flakiness. Root cause of the flakiness issue is filed in kubernetes/klog#55 and has been fixed in #76352 kubernetes/klog#56 |
|
/assign @tallclair |
|
/ok-to-test Hold for #76352 to merge first |
k8s-ci-robot
added
do-not-merge/hold
|
/test pull-kubernetes-integration |
|
Aside: Does anyone know why we send process logs to a file from within the container, rather than log to stderr and leave log location/retention up to docker/CRI? |
Maybe for more self-controlled logging and monitoring (comparing to docker log)? I don't know the actual answer. Maybe you can ask in the slack or email group? Just curious, why letting docker/CRI do the logging work is "more natural"? I mean, docker is a tool, and "docker log" is one of the tools' add-on feature. It doesn't exist by natural. |
|
/assign @MaciekPytel |
|
I think it looks good overall. One nit: IIUC right now we klog will still truncate logs after 1.8G (this is default), but we have reduced the logrotate's interval to 5 minutes. While I think that it's quite uncommon to generate 1.8G logs in 5 minutes I think I would feel more safe if we can use --log_file_max_size=0 to explicitly disable truncating file in kube-apiserver. |
k8s-ci-robot
removed
the
lgtm
|
Updated the manifest with log-file-max-size=0 and tested in my toy gcloud cluster. |
k8s-ci-robot
added
the
needs-rebase
* Touched containers: kube-apiserver, kube-scheduler, kube-controller-manager. * Remove the shell dependencies when upstart the containers. * Reformat the command parameters to ["Exec", "Param1", "Param2"]
k8s-ci-robot
removed
the
needs-rebase
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: MaciekPytel, yuwenma The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/remove-do-not-merge |
|
/remove do-not-merge/hold |
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
|
/test pull-kubernetes-e2e-gce |
|
@yuwenma: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Unfortunately, we have to revert it again - we proved that it is significantly regressing our scalability tests. |
kube-controller-manager.
Test: The manifest change is tested on a real GKE cluster (GKE sandbox). Here's the Master VM
What type of PR is this?
/kind cleanup
What this PR does / why we need it:
This PR is a prerequisite for switching the core master containers' base image to distroless/static.(See this kep for the reasons why we want to change to distroless/static).
Basically it removes all the shell dependencies (log redirection, using shell to kick-off a kube binary file) which isn't supported by distroless.
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?: