diff --git a/Makefile b/Makefile index 44b7dc405a3c0..258e1e038591c 100644 --- a/Makefile +++ b/Makefile @@ -752,7 +752,7 @@ dev-upload: dev-upload-linux-amd64 dev-upload-linux-arm64 .PHONY: crds crds: cd "${KOPS_ROOT}/hack" && go build -o "${KOPS_ROOT}/_output/bin/controller-gen" sigs.k8s.io/controller-tools/cmd/controller-gen - "${KOPS_ROOT}/_output/bin/controller-gen" crd paths=k8s.io/kops/pkg/apis/kops/v1alpha2 output:dir=k8s/crds/ crd:crdVersions=v1 + "${KOPS_ROOT}/_output/bin/controller-gen" crd paths=k8s.io/kops/pkg/apis/kops/v1alpha2 output:dir=k8s/crds/ #------------------------------------------------------ # kops-controller diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml index 9ff1824b2fc27..d2400a81d6848 100644 --- a/k8s/crds/kops.k8s.io_clusters.yaml +++ b/k8s/crds/kops.k8s.io_clusters.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: clusters.kops.k8s.io spec: group: kops.k8s.io @@ -921,6 +919,10 @@ spec: description: State directory for execution state files (default "/run/containerd"). type: string + testHandlerEnabled: + description: TestHandlerEnabled enables a runtime called test-handler, + specific to k/k e2e tests + type: boolean version: description: Version used to pick the containerd package. type: string @@ -1513,9 +1515,9 @@ spec: masters so that they are not on the pod network. true is the kube-up behaviour, but it is very surprising: it means that daemonsets only work on the master if they have hostNetwork=true. false is now the - default, and it will: * give the master a normal PodCIDR * run - kube-proxy on the master * enable debugging handlers on the master, - so kubectl logs works' + default, and it will: * give the master a normal PodCIDR * run kube-proxy + on the master * enable debugging handlers on the master, so kubectl + logs works' type: boolean karpenter: description: Karpenter defines the Karpenter configuration. @@ -2494,6 +2496,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -2599,10 +2602,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -2683,6 +2688,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -2740,6 +2746,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -2844,6 +2851,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -2900,6 +2908,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -3003,6 +3012,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -3060,6 +3070,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -3164,6 +3175,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -3220,6 +3232,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -3827,9 +3840,9 @@ spec: description: 'How should the kubelet configure the container bridge for hairpin packets. Setting this flag allows endpoints in a Service to loadbalance back to themselves if they should try - to access their own Service. Values: "promiscuous-bridge": - make the container bridge promiscuous. "hairpin-veth": set - the hairpin flag on container veth interfaces. "none": do + to access their own Service. Values: "promiscuous-bridge": make + the container bridge promiscuous. "hairpin-veth": set + the hairpin flag on container veth interfaces. "none": do nothing. Setting --configure-cbr0 to false implies that to achieve hairpin NAT one must set --hairpin-mode=veth-flag, because bridge assumes the existence of a container bridge named cbr0.' @@ -4265,9 +4278,9 @@ spec: description: 'How should the kubelet configure the container bridge for hairpin packets. Setting this flag allows endpoints in a Service to loadbalance back to themselves if they should try - to access their own Service. Values: "promiscuous-bridge": - make the container bridge promiscuous. "hairpin-veth": set - the hairpin flag on container veth interfaces. "none": do + to access their own Service. Values: "promiscuous-bridge": make + the container bridge promiscuous. "hairpin-veth": set + the hairpin flag on container veth interfaces. "none": do nothing. Setting --configure-cbr0 to false implies that to achieve hairpin NAT one must set --hairpin-mode=veth-flag, because bridge assumes the existence of a container bridge named cbr0.' @@ -5866,9 +5879,9 @@ spec: type: object updatePolicy: description: 'UpdatePolicy determines the policy for applying upgrades - automatically. Valid values: ''automatic'' (default): apply updates + automatically. Valid values: ''automatic'' (default): apply updates automatically (apply OS security upgrades, avoiding rebooting when - possible) ''external'': do not apply updates automatically; they + possible) ''external'': do not apply updates automatically; they are applied manually or by an external system' type: string useHostCertificates: @@ -5903,9 +5916,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/k8s/crds/kops.k8s.io_instancegroups.yaml b/k8s/crds/kops.k8s.io_instancegroups.yaml index 71cf265eeffa3..42dfe48c86513 100644 --- a/k8s/crds/kops.k8s.io_instancegroups.yaml +++ b/k8s/crds/kops.k8s.io_instancegroups.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: instancegroups.kops.k8s.io spec: group: kops.k8s.io @@ -225,6 +223,10 @@ spec: description: State directory for execution state files (default "/run/containerd"). type: string + testHandlerEnabled: + description: TestHandlerEnabled enables a runtime called test-handler, + specific to k/k e2e tests + type: boolean version: description: Version used to pick the containerd package. type: string @@ -286,8 +288,8 @@ spec: type: array gcpProvisioningModel: description: 'GCPProvisioningModel: Specifies the provisioning model - of the GCP instance. Valid values: ''STANDARD'': (default) standard - provisioning with user controlled run time, no discounts ''SPOT'': + of the GCP instance. Valid values: ''STANDARD'': (default) standard + provisioning with user controlled run time, no discounts ''SPOT'': heavily discounted, no guaranteed run time.' type: string guestAccelerators: @@ -573,9 +575,9 @@ spec: description: 'How should the kubelet configure the container bridge for hairpin packets. Setting this flag allows endpoints in a Service to loadbalance back to themselves if they should try - to access their own Service. Values: "promiscuous-bridge": - make the container bridge promiscuous. "hairpin-veth": set - the hairpin flag on container veth interfaces. "none": do + to access their own Service. Values: "promiscuous-bridge": make + the container bridge promiscuous. "hairpin-veth": set + the hairpin flag on container veth interfaces. "none": do nothing. Setting --configure-cbr0 to false implies that to achieve hairpin NAT one must set --hairpin-mode=veth-flag, because bridge assumes the existence of a container bridge named cbr0.' @@ -1052,9 +1054,9 @@ spec: updatePolicy: description: 'UpdatePolicy determines the policy for applying upgrades automatically. If specified, this value overrides a value specified - in the Cluster''s "spec.updatePolicy" field. Valid values: ''automatic'' + in the Cluster''s "spec.updatePolicy" field. Valid values: ''automatic'' (default): apply updates automatically (apply OS security upgrades, - avoiding rebooting when possible) ''external'': do not apply updates + avoiding rebooting when possible) ''external'': do not apply updates automatically; they are applied manually or by an external system' type: string volumeMounts: @@ -1162,9 +1164,3 @@ spec: served: true storage: true subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/k8s/crds/kops.k8s.io_keysets.yaml b/k8s/crds/kops.k8s.io_keysets.yaml index c1179927fb9a0..0093b81e3deb6 100644 --- a/k8s/crds/kops.k8s.io_keysets.yaml +++ b/k8s/crds/kops.k8s.io_keysets.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: keysets.kops.k8s.io spec: group: kops.k8s.io @@ -76,9 +74,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/k8s/crds/kops.k8s.io_sshcredentials.yaml b/k8s/crds/kops.k8s.io_sshcredentials.yaml index 99aa00820a11e..ed9036e09501a 100644 --- a/k8s/crds/kops.k8s.io_sshcredentials.yaml +++ b/k8s/crds/kops.k8s.io_sshcredentials.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: sshcredentials.kops.k8s.io spec: group: kops.k8s.io @@ -41,9 +39,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/nodeup/pkg/model/containerd.go b/nodeup/pkg/model/containerd.go index 88f496587ebba..92424d1d6a7bc 100644 --- a/nodeup/pkg/model/containerd.go +++ b/nodeup/pkg/model/containerd.go @@ -492,6 +492,9 @@ func (b *ContainerdBuilder) buildContainerdConfig() (string, error) { if containerd.SeLinuxEnabled { config.SetPath([]string{"plugins", "io.containerd.grpc.v1.cri", "enable_selinux"}, true) } + if containerd.TestHandlerEnabled { + config.SetPath([]string{"plugins", "io.containerd.grpc.v1.cri", "containerd", "runtimes", "test-handler", "runtime_type"}, "io.containerd.runc.v2") + } if b.NodeupConfig.KubeletConfig.PodInfraContainerImage != "" { config.SetPath([]string{"plugins", "io.containerd.grpc.v1.cri", "sandbox_image"}, b.NodeupConfig.KubeletConfig.PodInfraContainerImage) } diff --git a/pkg/apis/kops/containerdconfig.go b/pkg/apis/kops/containerdconfig.go index 3084321d13ecf..e7e9f8f556a50 100644 --- a/pkg/apis/kops/containerdconfig.go +++ b/pkg/apis/kops/containerdconfig.go @@ -51,6 +51,8 @@ type ContainerdConfig struct { SeLinuxEnabled bool `json:"selinuxEnabled,omitempty"` // NRI configures the Node Resource Interface. NRI *NRIConfig `json:"nri,omitempty"` + // TestHandlerEnabled enables a runtime called test-handler, specific to k/k e2e tests + TestHandlerEnabled bool `json:"testHandlerEnabled,omitempty"` } type NRIConfig struct { diff --git a/pkg/apis/kops/v1alpha2/containerdconfig.go b/pkg/apis/kops/v1alpha2/containerdconfig.go index 884c154bfd2f4..6064dbc50de5d 100644 --- a/pkg/apis/kops/v1alpha2/containerdconfig.go +++ b/pkg/apis/kops/v1alpha2/containerdconfig.go @@ -46,6 +46,8 @@ type ContainerdConfig struct { SeLinuxEnabled bool `json:"selinuxEnabled,omitempty"` // NRI configures the Node Resource Interface. NRI *NRIConfig `json:"nri,omitempty"` + // TestHandlerEnabled enables a runtime called test-handler, specific to k/k e2e tests + TestHandlerEnabled bool `json:"testHandlerEnabled,omitempty"` } type NRIConfig struct { diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go index 876799c9fd19a..bec270dace4ea 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go @@ -3198,6 +3198,7 @@ func autoConvert_v1alpha2_ContainerdConfig_To_kops_ContainerdConfig(in *Containe } else { out.NRI = nil } + out.TestHandlerEnabled = in.TestHandlerEnabled return nil } @@ -3252,6 +3253,7 @@ func autoConvert_kops_ContainerdConfig_To_v1alpha2_ContainerdConfig(in *kops.Con } else { out.NRI = nil } + out.TestHandlerEnabled = in.TestHandlerEnabled return nil } diff --git a/pkg/apis/kops/v1alpha3/containerdconfig.go b/pkg/apis/kops/v1alpha3/containerdconfig.go index 32a370e465651..a22450df59eba 100644 --- a/pkg/apis/kops/v1alpha3/containerdconfig.go +++ b/pkg/apis/kops/v1alpha3/containerdconfig.go @@ -46,6 +46,8 @@ type ContainerdConfig struct { SeLinuxEnabled bool `json:"selinuxEnabled,omitempty"` // NRI configures the Node Resource Interface. NRI *NRIConfig `json:"nri,omitempty"` + // TestHandlerEnabled enables a runtime called test-handler, specific to k/k e2e tests + TestHandlerEnabled bool `json:"testHandlerEnabled,omitempty"` } type NRIConfig struct { diff --git a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go index 023e70f9690c4..782dc938ff97c 100644 --- a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go @@ -3443,6 +3443,7 @@ func autoConvert_v1alpha3_ContainerdConfig_To_kops_ContainerdConfig(in *Containe } else { out.NRI = nil } + out.TestHandlerEnabled = in.TestHandlerEnabled return nil } @@ -3497,6 +3498,7 @@ func autoConvert_kops_ContainerdConfig_To_v1alpha3_ContainerdConfig(in *kops.Con } else { out.NRI = nil } + out.TestHandlerEnabled = in.TestHandlerEnabled return nil } diff --git a/tests/e2e/kubetest2-kops/deployer/up.go b/tests/e2e/kubetest2-kops/deployer/up.go index 604060e4d7a04..4903484f2bc70 100644 --- a/tests/e2e/kubetest2-kops/deployer/up.go +++ b/tests/e2e/kubetest2-kops/deployer/up.go @@ -118,6 +118,7 @@ func (d *deployer) createCluster(zones []string, adminAccess string, yes bool) e "--kubernetes-version", d.KubernetesVersion, "--ssh-public-key", d.SSHPublicKeyPath, "--set", "cluster.spec.nodePortAccess=0.0.0.0/0", + "--set", "spec.containerd.testHandlerEnabled=true", } if yes { args = append(args, "--yes")