Since this invalid Semantic Version messages redirecting to stdout
will be captured by line 790 at hack/lib/golang.sh:
`goldflags="${GOLDFLAGS=-s -w -buildid=} $(kube::version::ldflags)"`
This happens when only no valid tag exists in repo
Currently target CC can only be set if the host platform
is linux/amd64 . If target is already set in the environment
it is always safe to use it and enable cgo.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
The amount of memory required to build binaries in parallel is right now
set to 40GiB. We now make this variable to be able to build artifacts in
parallel even with a lower amount of memory.
This enables SIG Release to speed-up the build time drastically in
Google Cloud Build (GCB).
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* switched one spot to use kube::logging
* make kube::util::find-binary return an error when it doesn't find
anything so that hack scripts fail fast instead of with '' binary not
found errors.
* this required deleting some genfeddoc stuff. the binary no longer
exists in k/k repo since we removed federation/, and I don't see it
in https://github.com/kubernetes-sigs/kubefed/ either. I'm assuming
that it's gone for good now.
If a bearer token is present in a request, the exec credential plugin should accept that as the chosen method of authentication. Judging by an [earlier comment in exec.go](c18bc7e9f7/staging/src/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go (L217)), this was already intended. This would however not work since UpdateTransportConfig would set the GetCert callback which would then get called by the transport, triggering the exec plugin action even with a token present in the request. See linked issue for further details.
See #87369 for further details.
Signed-off-by: Anders Eknert <anders.eknert@bisnode.com>
While the umask was previously set for builds (and in fact `docker run`
sets it to 0022 by default), the release pipeline `cp`'s files (with
`-a`) which respect the user's umask, and is outside of the build path.
This sets the umask in a common function called by all build tools,
which Stephen agreed was the simplest and most complete fix. The
`verify-prereqs` function is already poorly named for what it does, and
this only makes it epsilon worse.
Some binaries now run as non-root (kube-scheduler). When umask is 0027,
for example, the container image we build has the binary 0750, which is
not executable by the non-root UID.
We have been having issues with making builds reproducible, especially
with the `.note.go.buildid` ELF section. One tip from a golang issue was
to set `-ldflags=-buildid=` which seems to work well. You can confirm
that the buildid is set to empty by inspecting the binaries with the go
command example `go tool buildid _output/local/go/bin/kubectl`
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
- On unstable arch like ARM, etcd needs the "ETCD_UNSUPPORTED_ARCH" to be set
`# etcd --version
etcd on unsupported platform without ETCD_UNSUPPORTED_ARCH=arm64 set`
- `tail -n +1 | head -n 1` is unnecessary, `head -n 1` is enough.
The image used by the Image Promoter (gcr.io/k8s-testimages/gcb-docker-gcloud:v20190906-745fed4)
is based on busybox, and thus, the sed binary is actually busybox. image-util.sh calls
kube::util::ensure-gnu-sed several times, which ensures that a GNU sed binary exists
(it checks by greping GNU in its --help output). Obviously, it won't match the busybox sed
binary. But the sed usage in image-util.sh is fairly simple, and the busybox sed is sufficient.
This was previously fixed in: #87188, but it was reverted by #87653 as it was failing
on Mac (sed does not exist). This commit fixes that issue as well.
In 24d105995d, a fix was made in bazel
based builds to ensure that we add `selinux` tag when we build all
binaries especially the `kubelet`. We need to do the same for in our
hack scripts so things like `make release` will work properly as well.
Some scripts use `GOFLAGS=-tags=providerless` for example, So we should
support the tags to be specified in GOFLAGS as well. We parse out the
tags from there and ensure selinux is added to the list of tags we used
for building the binaries. Note that we add our own `-tags` with the
full set of tags and since we specify our parameter at the end, ours
full list takes precendence
Prior to the Image Centralization part 4 (https://github.com/kubernetes/kubernetes/pull/81170),
a PR merged that enables the Image Promoter to run on the k/k test images.
The Image Promoter currently only builds the Conformance-related images, but the
Image Centralization part 4 centralized some of those images into agnhost, so they
need to be removed from the conformance_images list.
Additionally, https://github.com/kubernetes/kubernetes/pull/81226 proposes mounttest-user
image to be removed, and RunAsUser to be used in tests instead.
The image used by the Image Promoter (gcr.io/k8s-testimages/gcb-docker-gcloud:v20190906-745fed4)
is based on busybox, and thus, the sed binary is actually busybox. image-util.sh calls
kube::util::ensure-gnu-sed several times, which ensures that a GNU sed binary exists
(it checks by greping GNU in its --help output). Obviously, it won't match the busybox sed
binary. But the sed usage in image-util.sh is fairly simple, and the busybox sed is sufficient.
Bumps image versions for: jessie-dnsutils, nonewprivs, resource-consumer, sample-apiserver. These
images are included in the conformance_images that are being built by the Image Promoter, so
we're bumping them just to make sure we're not breaking anything and cause all the CIs to fall.
We're going to bump the image versions used in tests in a subsequent PR. The image version was not
bumped for: agnhost, kitten, nautilus, as they were already bumped by the Image Centralization part 4
PR.
"etcd -version" command output an additional line on ARM platform:
"running etcd on unsupported architecture "arm64" since
ETCD_UNSUPPORTED_ARCH is set"
Currently etcd version filtering code can not get correct version
number.
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
When discovering the kube version we only consider tags that match the
glob 'v*'. By doing so users can create/use their custom tags as long as
they don't look like a version (starting with a 'v').
We already do a similar thing when building the pause container, see how
the `REV` is set in git.k8s.io/kubernetes/build/pause/Makefile.
When using hack/local-up-cluster.sh deploy local cluster, it
failed with following message "kube-proxy terminated unexpectedly"
and "Failed to retrieve node info: nodes "127.0.0.1" not found" in
kube-proxy.log.
The root reason for this error is miss boot order of kubernetes
services in local-up-cluster.sh, kube-proxy and kubectl daemon.
When starting kube-proxy, it would check node information. And
these information are collected by kubelet daemon. However, in
the shell script, kube-proxy service start before kubelet daemon.
This patch changed the boot order of kubelet daemon and kube-proxy
and check if node stats ready for kube-proxy start.
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
Removed hack/lib/test.sh from /hack/shellcheck_failures
Removed and }s to satisfy shellcheck SC2004
Added double quotes to satisfy shellcheck SC2086
Converted array reference to access all elements to satisfy shellcheck SC2128
Updates to satisfy shellcheck SC2143
Updates to satisfy shellcheck SC2178 & SC2124
Updates to satisfy shellcheck SC2128
Updates to satisfy shellcheck SC2207
Remove double quotes to allow expansion. Fixed piping to grep -q
Removed quotes to allow for expansion on flags
Adds a go app which runs the e2e tests with ginkgo.
- Supports all the existing env vars of the bash script
- Improved flow control to avoid and better report issues
regarding the process PID
- Adds flags for modifying where to find the test binary and
ginkgo binary so that you can run it locally
- Adds 3 flags for specifying extra args before the double-dash,
extra args after the double-dash, and the seperator to use between
values in those env vars. This allows setting arbitrary, complex
values for use on the command such as flags which include spaces
or other characters.
when compile kubectl on platform other than
linux/amd64, we need to check the KUBE_SERVER_PLATFORMS
array emptiness before assign it.
the example command is:
make WHAT=cmd/kubectl KUBE_BUILD_PLATFORMS="darwin/amd64 windows/amd64"
Prior to this change, including windows/amd64 in KUBE_BUILD_PLATFORMS
would, for example, attempt to build the server binaries/tars/images for
Windows, which is not supported. This can break downstream build steps.
Recent change to hack/lib/golang.sh broke the build on MacOS this way:
$ make clean && make generated_files
+++ [0325 13:38:22] Verifying Prerequisites....
+++ [0325 13:38:23] Removing _output directory
k8s.io/kubernetes/vendor/github.com/spf13/pflag
k8s.io/kubernetes/hack/make-rules/helpers/go2make
+++ [0325 13:38:40] Building go targets for darwin/amd64:
./vendor/k8s.io/code-generator/cmd/deepcopy-gen
can't load package: package k8s.io/kubernetes: no Go files in k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes
!!! [0325 13:38:40] Call tree:
!!! [0325 13:38:40] 1: k8s.io/kubernetes/hack/lib/golang.sh:629 kube::golang::build_some_binaries(...)
!!! [0325 13:38:40] 2: k8s.io/kubernetes/hack/lib/golang.sh:764 kube::golang::build_binaries_for_platform(...)
!!! [0325 13:38:40] 3: hack/make-rules/build.sh:27 kube::golang::build_binaries(...)
make[1]: *** [_output/bin/deepcopy-gen] Error 1
make: *** [generated_files] Error 2
It was caused by 'binaries' array not being declared with 'local -a'.
It looks like MacOS' old bash version makes an array to contain first
empty element if declared this way.
The fix has been tested on MacOS High Sierra and Linux openSUSE 42.3 (x86_64)
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
Test script:
#!/bin/bash
rev1="foo"
rev2="\"bar\""
rev3="'bar'"
newrev1="${rev1//[\'\"]}"
newrev2="${rev2//[\'\"]}"
newrev3="${rev3//[\'\"]}"
oldrev1=$(echo "${rev1}" | sed "s/['\"]//g")
oldrev2=$(echo "${rev2}" | sed "s/['\"]//g")
oldrev3=$(echo "${rev3}" | sed "s/['\"]//g")
echo "$newrev1 vs. $oldrev1"
echo "$newrev2 vs. $oldrev2"
echo "$newrev3 vs. $oldrev3"
expected output:
foo vs. foo
bar vs. bar
bar vs. bar
Also fix array item comparison. Test script for the comparison change:
#!/bin/bash
staging_apis=(extensions/v1beta1 extensions/v1 extensions/v1alpha)
group_versions=(v1 extensions/v1beta1 extensions/v1 extensions.k8s.io/v1)
for group_version in ${group_versions[@]}; do
# original code
if [[ " ${staging_apis[@]} " =~ " ${group_version/.*k8s.io/} " ]]; then
echo "orig: vendor/k8s.io/api/${group_version/.*k8s.io/}"
fi
# new code
for api in ${staging_apis[@]}; do
if [[ "${api}" = "${group_version/.*k8s.io/}" ]]; then
echo "new: vendor/k8s.io/api/${group_version/.*k8s.io/}"
fi
done
done
Expected output:
orig: vendor/k8s.io/api/extensions/v1beta1
new: vendor/k8s.io/api/extensions/v1beta1
orig: vendor/k8s.io/api/extensions/v1
new: vendor/k8s.io/api/extensions/v1
orig: vendor/k8s.io/api/extensions/v1
new: vendor/k8s.io/api/extensions/v1
"Decorate" the variables with a no-op function to prevent shellcheck
from complaining that they are not being used. This method provides
visibility to which variables are supposed to be used in a sourcing
script compared to just disabling the warning.
Use "command -v" instead of "which". Also remove the redirections,
since "command -v" does not return an error message if the command isn't
found. Also use "read -r" instead of "read" and quote variables
properly. Do some error handling if "pushd" or "popd" fail. Read values
properly into arrays.
However, one shellcheck error is ignored in trap mechanism. The logic
in trap_add function requires the trap command to be expanded when run.
Just storing the variable into trap doesn't work. Add a shellcheck
disable directive to ignore the error.
An alternative to ignoring could be tricking shellcheck with:
trap ''"${new_cmd}" "${trap_add_name}"
Both verify-golint.sh and verify-shellcheck.sh have the same logic
which checks failure_file in alphabetical order.
In addition, we'd like to add another script which requires the
same logic. So this add a common function for cleanup.
The placeholder documentation introduces a couple of problems:
- it complicates the contributor-experience (forces the CI to run
N times before the contributor finds out that they need to call an .sh
script and include certain files from docs/)
- it forces CLI related pull requests for tools like kubeadm and kubectl
to require top level approval from docs/OWNERS as such PRs still need
to touch the .generated_docs file
Stop tracking the placeholder documentation by applying the
following actions:
- remove the utility set-placeholder-gen-docs()
- make verify-generated-docs.sh only generate in a temporary folder
and not match .generated_docs
- mark generate-docs.sh as an alias for update-generated-docs.sh
- remove all current placeholder files in docs folders admin, man,
user-guide, yaml
- ignore the above folders and .generated_docs in a .gitignore file
Otherwise, calling make followed by bazel might fail, requiring one to
run make clean first.
Additionally, add comments explaining why we must do this.
In go 1.11, go commands will use `GOFLAGS` as default flags, see
https://golang.org/doc/go1.11#go_command.
There is no need to pass GOFLAGS to $goflags, and if we do, go commands
will fail with "duplicate flags" error, e.g.
```
$ make test-integration WHAT=./test/integration/scheduler GOFLAGS="-v"
...
go test: v flag may be set only once
run "go help test" or "go help testflag" for more information
...
```
Pick up some code from https://github.com/heptio/kube-conformance
Fix up build scripts for the new conformance image
Fix Header template and Copyright to make verify job go green
update README and add execute permissions for script
Change-Id: Ib6509acd816cc2fb3a516bfb8e0ff9e32bff8f79
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Add ability to build with runtime coverage instrumentation
**What this PR does / why we need it**:
This PR adds the ability to instrument a subset of kubernetes binaries to report code coverage information. The specific use-case is to help determine coverage of our end-to-end Conformance tests, as well as provide data that can be used to help determine where to focus. This PR focuses on making it possible to build with instrumentation; collecting and using the generated coverage data will be done in later PRs. For more details as to the intent, see the [design doc](https://docs.google.com/document/d/1FKMBFxz7vtA-6ZgUkA47F8m6yR00fwqLcXMVJqsHt0g/edit?usp=sharing) (google doc; requires kubernetes-dev membership).
Specifically, this PR adds a new `KUBE_BUILD_WITH_COVERAGE` make variable, which when set will cause `kube-apiserver`, `kube-controller-manager`, `kube-scheduler`, `kube-proxy` and `kubelet` to be built with coverage instrumentation. These coverage-instrumented binaries will flush coverage information to disk every five seconds, defaulting to a temporary directory unless the `KUBE_COVERAGE_FILE` environment variable is set at launch, in which case it will write to that file instead.
The mechanism used to achieve coverage instrumentation is to build the targeted binaries as "unit tests" with coverage enabled, and then rigging the unit tests to just execute the binary's usual entry point. This is implemented only for the bash build system.
/sig testing
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67571, 67284, 66835, 68096, 68152). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
add make targets for building server images
**What this PR does / why we need it**: Adds `make release-images` and `make quick-release-images`, which allow building the docker-wrapped images without building a full release. Without these you can either use `make {quick}-release` and build test tarballs etc, or hack around in the build system yourself. Using this can be considerably faster if you just want to build the binaries and images, and not the release tarballs etc.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig release
Automatic merge from submit-queue (batch tested with PRs 65247, 63633, 67425). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
test: allow etcd to run on other ports.
running `make test-integration` with the `ETCD_PORT` option set should
work. Numerous integration test expect the correct URL to be populated
in the `KUBE_INTEGRATION_ETCD_URL` environment variable.
**What this PR does / why we need it**:
This makes the ETCD_PORT option work correctly.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
I expect nobody is using the ETCD_PORT option, but I noticed that it is broken.
**Release note**:
```release-note
NONE
```
/sig testing
Automatic merge from submit-queue (batch tested with PRs 65561, 67109, 67450, 67456, 67402). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Better error message if etcd not installed
**What this PR does / why we need it**:
Add an error message to install etcd if command check fails instead of just saying to add etcd to PATH.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
First version of this was only standalone, now the code is being
vendored by anyone who wants to use it. So the standalone binary and
container are no longer useful.
Change-Id: Ib9369de66b4ecb3451f73ba2a252526d6615b96f
Automatic merge from submit-queue (batch tested with PRs 66284, 66690). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Exit gce kube-up.sh early if openssl is LibreSSL
**What this PR does / why we need it**:
macOS has an openssl binary, but it's actually LibreSSL, which doesn't play well with the easyrsa script that cluster/gce/util.sh uses to generate certs
Instead of waiting until we generate certs to discover easyrsa doesn't work, consider openssl a prereq for gce, and include a check for the version string starting with OpenSSL
Also, mirror kube-up.sh's "... calling" output in kube-down.sh
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/community#1954
```release-note
NONE
```
We are not saving the etcd logs and just redirecting the output
to /dev/null. In this change, we set ETCD_LOGFILE to the same
directory where we log other kube relates processes.
Change-Id: I719a941665b749b864f2efdcdfc7ddc7b2a61776
macOS has an openssl binary, but it's actually LibreSSL, which
doesn't play well with the easyrsa script that cluster/gce/util.sh
uses to generate certs
Instead of waiting until we generate certs to discover easyrsa doesn't
work, consider openssl a prereq for gce, and include a check for the
version string starting with OpenSSL
Also, mirror kube-up.sh's "... calling" output in kube-down.sh
