Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add aws-k8s-1.20 variant with Kubernetes 1.20 support #1437

Merged
merged 3 commits into from
Apr 23, 2021

Conversation

etungsten
Copy link
Contributor

@etungsten etungsten commented Apr 1, 2021

Issue number:
#1429
#1386

Description of changes:

For reference, the addition of 1.19 was in #1256.

Version of kubelet packaged: v1.20.6

Author: Erikson Tung <etung@amazon.com>
Date:   Wed Mar 31 17:37:47 2021 -0700

    Add aws-k8s-1.20 variant with Kubernetes 1.20
Author: Erikson Tung <etung@amazon.com>
Date:   Thu Apr 1 10:59:47 2021 -0700

    kubernetes-1.20: constrain ip_local_port_range
    
    Constrains ephemeral ports for k8s-1.20 variants

Regenerated the 0001-always-set-relevant-variables-for-cross-compiling.patch patch.

Added license clarification for "github.com/storageos/go-api"

Testing done:

  • Pods run OK

  • Conformance testing with 1.20 control plane and x86_64 aws-k8s-1.20 nodes - all passed

  • Conformance testing with 1.20 control plane and aarch64 aws-k8s-1.20 nodes - all passed

  • Confirm the EBS CSI driver still works.

  • Check kubelet logs and system logs in general, compared it with the aws-k8s-1.19 variant kubelet logs and found no abnormalities.

Confirmed that the ephemeral port range has been constrained:

[ec2-user@ ~]$ sysctl -a | grep net.ipv4.ip_local_port_range
net.ipv4.ip_local_port_range = 32768	60999

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

@jhaynes jhaynes linked an issue Apr 1, 2021 that may be closed by this pull request
@etungsten etungsten added this to the next+1 milestone Apr 1, 2021
@jhaynes jhaynes modified the milestones: next+1, next Apr 5, 2021
@etungsten etungsten removed this from the next milestone Apr 5, 2021
@etungsten etungsten linked an issue Apr 5, 2021 that may be closed by this pull request
packages/Cargo.toml Outdated Show resolved Hide resolved
packages/kubernetes-1.20/kubelet-sysctl.conf Outdated Show resolved Hide resolved
packages/kubernetes-1.20/kubernetes-1.20.spec Outdated Show resolved Hide resolved
- case "${platform}" in
- "linux/arm")
- export CGO_ENABLED=1
- export CC=${KUBE_LINUX_ARM_CC:-arm-linux-gnueabihf-gcc}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm. In previous versions, these were hardcoded, so it made sense to unilaterally override them with the -bottlerocket- versions we need. Is there any reason we'd want to allow the $KUBE_LINUX_ARM_CC-type overrides in our replacement code? I don't have background on these.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bcressey can you take a look at this?

Copy link
Contributor

@bcressey bcressey Apr 21, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Upstream is now a bit closer to what we want, which is to always use our known cross compilers. We're still missing a way to express "always cross-compile, even if we're on linux/amd64". I expect we could come up with a patch to bridge what's left.

For now, your port of the patch looks good.

packages/kubernetes-1.20/clarify.toml Outdated Show resolved Hide resolved
packages/kubernetes-1.20/kubelet-config Outdated Show resolved Hide resolved
packages/kubernetes-1.20/kubelet.service Outdated Show resolved Hide resolved
sources/models/src/aws-k8s-1.20 Outdated Show resolved Hide resolved
@etungsten
Copy link
Contributor Author

Push above rebases onto develop.
Create separate models files for aws-k8s-1.20.

@etungsten
Copy link
Contributor Author

Push above addresses majority of @tjkirch comments.

For #1465, we decided offline that this will be the first variant where we introduce cpuManagerPolicy: static as a hardcoded default.

@etungsten etungsten force-pushed the k8s-1.20 branch 2 times, most recently from 05c123d to 18e75f4 Compare April 19, 2021 21:47
@etungsten
Copy link
Contributor Author

Push above rebases onto develop to get changes from #1408 and #1494

@etungsten
Copy link
Contributor Author

Push above applies changes from #1408 to the aws-k8s-1.20 variant.

@etungsten
Copy link
Contributor Author

Push above adds the missing Cargo.lock changes.

@etungsten
Copy link
Contributor Author

Push above applies changes from #1494 to the aws-k8s-1.20 variant.

@etungsten
Copy link
Contributor Author

Push above adopts #1295 for aws-k8s-1.20

@etungsten
Copy link
Contributor Author

Push above updates the kubernetes-1.20 package to Kubernetes v1.20.6

@etungsten etungsten marked this pull request as ready for review April 20, 2021 02:18
@etungsten etungsten requested a review from arnaldo2792 April 20, 2021 02:19
sources/models/src/aws-k8s-1.20/mod.rs Show resolved Hide resolved
sources/models/README.md Outdated Show resolved Hide resolved
sources/models/src/lib.rs Outdated Show resolved Hide resolved
@etungsten
Copy link
Contributor Author

Push above addresses @tjkirch 's comments.

  • Splits out kernel lockdown default setting into its own separate shared default toml file.
  • Symlinks aws-k8s-1.20's 50-aws-k8s.toml to aws-k8s-1.19's 50-aws-k8s.toml
  • Fixes documentation

I ran sonobuoy conformance testing for kubelet v1.20.6 and everything still passed. The testing description in the PR is up to date.

@etungsten etungsten requested review from tjkirch and webern April 22, 2021 00:42
@etungsten
Copy link
Contributor Author

etungsten commented Apr 22, 2021

Push above adds a commit that adds systemd.unified_cgroup_hierarchy=1 to aws-k8s-1.20's kernel parameters.

I've built and image and verified that it works:

bash-5.0# dmesg
[    0.000000] Linux version 5.4.105 (builder@buildkitsandbox) (gcc version 9.3.0 (Buildroot 2020.02.2)) #1 SMP Tue Apr 20 00:03:24 UTC 2021
[    0.000000] Command line: BOOT_IMAGE=(hd0,gpt2)/vmlinuz systemd.unified_cgroup_hierarchy=1 ....

The host is running with a unified cgroup hierarchy (cgroupv2)

bash-5.0# mount -l 
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,seclabel)

kubelet is running fine, the node joins the cluser fine, can run pods.

Copy link
Contributor

@arnaldo2792 arnaldo2792 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👢

@etungsten
Copy link
Contributor Author

Push above integrates changes from #1513

@etungsten etungsten requested a review from tjkirch April 23, 2021 17:00
Constrains ephemeral ports for k8s-1.20 variants
Adds `systemd.unified_cgroup_hierarchy=1` to the kernel parameters for
the aws-k8s-1.20 variant.
@etungsten
Copy link
Contributor Author

Push above rebases onto current develop to be on top of the changes from #1513.

Tested things they still work.

@etungsten etungsten merged commit acf04d9 into bottlerocket-os:develop Apr 23, 2021
@etungsten etungsten deleted the k8s-1.20 branch April 23, 2021 17:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Kubernetes 1.20 support Setting for local_port_range overlaps with very common listen ports
6 participants