Since a few releases, Go supports `go build -race` and then produces
binaries which do data race detection when invoked. Some changes are needed to
enable using this in a kind cluster:
- `-race` must be passed when building dynamically linked binaries.
Only those support -race because CGO is required.
To avoid adding yet another env variables, the existing KUBE_RACE
gets used to convey the intent.
- KUBE_RACE must be passed into the dockerized build.
- Logging the base image of a release image makes it easier
to figure out whether the binary has a chance to run.
The base image is important because dynamically linked binaries need a base
image with libc. By default, control plane components are linked statically,
so users need to explicitly override the defaults:
KUBE_RACE=-race KUBE_CGO_OVERRIDES="kube-apiserver kube-controller-manager kube-scheduler" KUBE_GORUNNER_IMAGE=gcr.io/k8s-staging-test-infra/kubekins-e2e:v20250815-171060767f-master kind build node-image ...
KUBE_GORUNNER_IMAGE changes the base image for kube-apiserver,
kube-controller-manager and kube-scheduler. The kubekins image was picked for
this example because a Prow job definition already uses it. Reusing
it in a job avoids the need to maintain another image definition.
Running conformance tests against such a cluster with alpha+beta features
enabled revealed one new data race:
$ kubectl logs -n kube-system kube-controller-manager-kind-control-plane
...
WARNING: DATA RACE
Write at 0x00c00019a730 by goroutine 216:
k8s.io/client-go/tools/leaderelection.(*LeaderElector).setObservedRecord()
k8s.io/client-go/tools/leaderelection/leaderelection.go:529 +0x179
k8s.io/client-go/tools/leaderelection.(*LeaderElector).tryCoordinatedRenew()
k8s.io/client-go/tools/leaderelection/leaderelection.go:367 +0x5ca
...
Adds the KUBE_BUILD_WINDOWS option to make release-images and quick-release-images,
which will allow it to build the a Windows kube-proxy image as well. That image can
then be used with Windows Host Process Containers to start the kube-proxy
service on Windows nodes.
Currently if we disable cloud provider by the following
CLOUD_PROVIDER_FLAG=external
KUBE_FEATURE_GATES=DisableCloudProviders=true,DisableKubeletCloudCredentialProviders=true
we can no longer schedule workloads due to taints and a lack of
node configuration.
This pulls a CCM image from K/cloud-provider-gcp to run tests.
This is a pre-step for taking the above feature gates to beta.
It does not address the last known good dependency issue.
Specifically the CCM image is built on top of client-go and staging.
However this image will be an "old" verison of those libraries.
So it does not test if those libraries work in the CCM.
Fix shellcheck errors.
Add CCM_FEATURE_GATES for testing.
Switching to extended regex from perl regex.
Adding instrumentation to cluster configuration.
Improved regex to not greedily get key-value pairs.
Fixed issue with error on regex no line match.
Switch credentialprovider version to v1alpha1
The `-q` flag is not implemented by `docker buildx`, which results in an
output:
```
WARN[0000] quiet currently not implemented.
```
In the same way, the build output is not logged to `stdout` (but
`stderr`). This means we now dump the whole build process to a file and
if the `docker buildx` command fails, then we output those logs by
printing the contents of that file. This will also reduce the overall
verbosity and aligns to the original `docker build` behavior.
Signed-off-by: Sascha Grunert <mail@saschagrunert.de>
In order to use buildx with docker versions prior to v20.10 experimental
features must be enabled. Setting at build time ensures that they are
in case they have not already been at the environment scope.
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
When we switched to go-runner for building the apiserver,
controller-manager, and scheduler server components, we no longer
reference the individual architectures in the image names, specifically
in the 'FROM' directive of the server image Dockerfiles.
As a result, server images for non-amd64 images copy in the go-runner
amd64 binary instead of the go-runner that matches that architecture.
This commit explicitly sets the '--platform=linux/${arch}' to ensure
we're pulling the correct go-runner arch from the manifest list.
Before:
FROM ${base_image}
After:
FROM --platform=linux/${arch} ${base_image}
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
This moves licenses of vendored code from one monolith file into a tree
of individual files for easier reviews. This fixes both the bash and
bazel paths.
With these changes, /build/lib/release.sh can be removed from
hack/.shellcheck_failures and included in the scripts that are checked
by hack/verify-shellcheck.sh.
Signed-off-by: Joakim Roubert <joakimr@axis.com>
