On systems with SELinux enabled, non-privileged containers can't access
data of privileged containers. Since the CSI driver socket is exposed
by a privileged container, all sidecars must be privileged too.
"Shielded" nodes have a virtual TPM attached which is used for
generating the client certificate, instead of using a bootstrap
kubeconfig. Determining which to use happens during node startup based
on the instance metadata.
Right now, hack/jenkins/dockerized.sh is solely utilized by scheduler perf jenkins job.
There's an effort to extend the scheduler performance suite. In order to run
individual subsuites separately, we need a way to select a subset of benchmark tests
to be run. Golang exposes -bench option which allows to specify a prefix
of benchmark tests to be run.
For Windows, CPU Requests ( Shares, Count and Maximum ) are mutually exclusive, however
Kubernetes sends them all anyway in the pod spec.
When using dockershim this is not an issue, as Docker checks for this specific situation
here: 1bd184a4c2/daemon/daemon_windows.go (L87-L106)
However, when using CRI-Containerd this pods fail to spawn with an error from hcsshim.
This PR intends to filter these values before they are sent to the CRI and not rely on the
runtime for it.
Related to: https://github.com/kubernetes/kubernetes/issues/84804
Fix bug found by shellcheck in logexporter log fetching
where last wait was not working properly.
Fix DumpClusterLogs hanging in 5k nodes clusters:
https://github.com/kubernetes/kubernetes/issues/85753
Change-Id: Id02bf9048b19e790940c7eac6d45d7fa7a3dfb2b
This removes setting KUBE_GCE_PRIVATE_CLUSTER=false flag when creating
kubemark master.
In result, util.sh detect-master function detects both private and
public master IPs. The comment about cloud NAT does not apply after
https://github.com/kubernetes/kubernetes/pull/81073/files got merged
(see comments in the PR discussion).
This is first PR to change kubemark clusters to use private master IPs:
https://github.com/kubernetes/perf-tests/issues/874.
Note that kubemark kubeconfig will still contain public master IP. This
will be addresses in the follow-up PRs.
Testing:
* set up kubemark cluster
* verified that both private and public kubemark master IPs are logged
* ran tests on kubemark cluster using cluster loader
clean remaining static check errors in legacy-cloud-providers/azure
logging unhandled error in azure_backoff.go
delete unused var and func in azure_vmss_cache.go
run gofmt
Currently if the controlplane fails to init, we print out a message
with some example commands that only show docker CLI.
This tries to improve that by printing the example commands for
docker, cri-o and containerd by checking the socket looking for
the default docker socket.
