Skip to content

start running the access tokens and huge services test #17671

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
+901 −381
Open

start running the access tokens and huge services test #17671

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c9afa00
start running the access tokens and huge services test
upodroid Oct 24, 2025
4add0d9
change base image to distroless where uid is 0
upodroid Oct 24, 2025
11f922b
temporary ssh patch
upodroid Oct 24, 2025
c311481
fix clusterloader2 arg
upodroid Oct 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions .ko.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
defaultBaseImage: gcr.io/distroless/static-debian12
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 to introducing this file so we can more easily configure some of these ko options, for example I realized we aren't passing the Version properly to ko

defaultLdflags:
- -s -w
- -X k8s.io/kops.Version={{.Env.VERSION}}
- -X k8s.io/kops.GitVersion={{.Env.GITSHA}}
- -s -w
- -X k8s.io/kops.Version={{.Env.VERSION}}
- -X k8s.io/kops.GitVersion={{.Env.GITSHA}}
1 change: 1 addition & 0 deletions nodeup/pkg/model/logrotate.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ func (b *LogrotateBuilder) Build(c *fi.NodeupModelBuilderContext) error {
}

b.addLogRotate(c, "docker", "/var/log/docker.log", logRotateOptions{})
b.addLogRotate(c, "kops-controller", "/var/log/kops-controller.log", logRotateOptions{})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think kops-controller is "just a pod" and doesn't write logs here. But it is relatively important, so I think we could make the case for doing so...

b.addLogRotate(c, "kube-addons", "/var/log/kube-addons.log", logRotateOptions{})
b.addLogRotate(c, "kube-apiserver", "/var/log/kube-apiserver.log", logRotateOptions{})
b.addLogRotate(c, "kube-controller-manager", "/var/log/kube-controller-manager.log", logRotateOptions{})
Expand Down
8 changes: 8 additions & 0 deletions pkg/model/gcemodel/external_access.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,14 @@ func (b *ExternalAccessModelBuilder) Build(c *fi.CloudupModelBuilderContext) err
if err != nil {
return err
}
b.AddFirewallRulesTasks(c, "ssh-external-to-master", &gcetasks.FirewallRule{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this hits the "main code path" of kOps. Can we SSH through the bastion? Or if not, can we somehow make this not change the configuration for "everyone else" - e.g. with a feature flag or by adding something in the cluster or instancegroup? (The feature flag is normally easiest)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This specific change won't be in this PR, just need the patch to get the scale tests passing.

It is being worked in a different PR

Lifecycle: b.Lifecycle,
TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleControlPlane), b.GCETagForRole("Master")},
Allowed: []string{"tcp:22"},
SourceRanges: b.Cluster.Spec.SSHAccess,
Network: network,
})

b.AddFirewallRulesTasks(c, "ssh-external-to-bastion", &gcetasks.FirewallRule{
Lifecycle: b.Lifecycle,
TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleBastion)},
Expand Down
11 changes: 11 additions & 0 deletions tests/e2e/kubetest2-kops/deployer/common.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ import (
"k8s.io/kops/tests/e2e/pkg/target"
"k8s.io/kops/tests/e2e/pkg/util"
"sigs.k8s.io/kubetest2/pkg/boskos"
"sigs.k8s.io/kubetest2/pkg/exec"
)

func (d *deployer) init() error {
Expand Down Expand Up @@ -112,6 +113,16 @@ func (d *deployer) initialize() error {
d.GCPProject = resource.Name
klog.V(1).Infof("Got project %s from boskos", d.GCPProject)

if os.Getenv("SCALE_SCENARIO") == "performance" {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not required after kubernetes/perf-tests#3653

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do think this is a good idea though.... kubetest2 assumes that we will build everything into kubetest2, and I think there's a lot of power in more modular tests for performance and specific scenarios. In #17636 I am trying out exporting the variable so that the test can source it: 7d339a6

// Performance scale tests require gcloud config set project to be ran
cmd := exec.Command("gcloud", "config", "set", "project", d.GCPProject)
klog.V(1).Infof("Running command: %q", cmd)
exec.InheritOutput(cmd)
if err := cmd.Run(); err != nil {
return err
}
}

if d.SSHPrivateKeyPath == "" {
d.SSHPrivateKeyPath = os.Getenv("GCE_SSH_PRIVATE_KEY_FILE")
}
Expand Down
14 changes: 3 additions & 11 deletions tests/e2e/kubetest2-kops/deployer/up.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -168,15 +168,7 @@ func (d *deployer) createCluster(zones []string, adminAccess string, yes bool) e
"--kubernetes-version", d.KubernetesVersion,
"--ssh-public-key", d.SSHPublicKeyPath,
"--set", "cluster.spec.nodePortAccess=0.0.0.0/0",
}

version, err := kops.GetVersion(d.KopsBinaryPath)
if err != nil {
return err
}
if version > "1.29" {
// Requires https://github.com/kubernetes/kops/pull/16128
args = append(args, "--set", `spec.containerd.configAdditions=plugins."io.containerd.grpc.v1.cri".containerd.runtimes.test-handler.runtime_type=io.containerd.runc.v2`)
"--set", `spec.containerd.configAdditions=plugins."io.containerd.grpc.v1.cri".containerd.runtimes.test-handler.runtime_type=io.containerd.runc.v2`,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a cleanup for handling of old kube versions that we no longer test? (I.e. could be split into its own PR, though that would be a very short PR!)

}

if yes {
Expand Down Expand Up @@ -265,12 +257,12 @@ func (d *deployer) createCluster(zones []string, adminAccess string, yes bool) e
cmd.SetEnv(d.env()...)

exec.InheritOutput(cmd)
err = cmd.Run()
err := cmd.Run()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

I like if err := cmd.Run(); err != nil { because then you don't influence the next single-error return. But this is an improvement so 👍

if err != nil {
return err
}

if d.setInstanceGroupOverrides(); err != nil {
if err = d.setInstanceGroupOverrides(); err != nil {
return err
}

Expand Down
106 changes: 67 additions & 39 deletions tests/e2e/scenarios/scalability/run-test.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,12 @@ if [[ -z "${K8S_VERSION:-}" ]]; then
K8S_VERSION=https://storage.googleapis.com/k8s-release-dev/ci/latest.txt
fi

# Default Scale Scenario to performance
if [[ -z "${SCALE_SCENARIO:-}" ]]; then
SCALE_SCENARIO="performance"
export SCALE_SCENARIO
fi

# Default cloud provider to aws
if [[ -z "${CLOUD_PROVIDER:-}" ]]; then
CLOUD_PROVIDER="aws"
Expand Down Expand Up @@ -58,7 +64,7 @@ if [[ "${CLOUD_PROVIDER}" == "aws" ]]; then
create_args+=("--node-size=t3a.medium,t3.medium,t3a.large,c5a.large,t3.large,c5.large,m5a.large,m6a.large,m5.large,c7a.large,r5a.large,r6a.large,m7a.large")
create_args+=("--node-volume-size=20")
create_args+=("--zones=us-east-2a,us-east-2b,us-east-2c")
create_args+=("--image=${INSTANCE_IMAGE:-ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}")
create_args+=("--image=${INSTANCE_IMAGE:-ssm:/aws/service/canonical/ubuntu/server/24.04/stable/current/amd64/hvm/ebs-gp3/ami-id}")
# TODO: track failures of tests (HostPort & OIDC) when using `--dns=none`
create_args+=("--dns=none")
fi
Expand All @@ -69,23 +75,26 @@ if [[ "${CLOUD_PROVIDER}" == "gce" ]]; then
create_args+=("--master-volume-size=1000")
create_args+=("--gce-service-account=default")
create_args+=("--topology=private")
create_args+=("--bastion")
create_args+=("--image=${INSTANCE_IMAGE:-ubuntu-os-cloud/ubuntu-2404-noble-amd64-v20251001}")
create_args+=("--etcd-storage-type=hyperdisk-balanced")
create_args+=("--set spec.networking.podCIDR=10.64.0.0/11")
create_args+=("--set spec.networking.subnets[0].cidr=10.96.0.0/15")
create_args+=("--set spec.networking.serviceClusterIPRange=10.98.0.0/15")
create_args+=("--set spec.networking.podCIDR=10.64.0.0/10")
create_args+=("--set spec.networking.subnets[0].cidr=10.128.0.0/15")
create_args+=("--set spec.networking.serviceClusterIPRange=10.130.0.0/15")
create_args+=("--set spec.networking.nonMasqueradeCIDR=10.64.0.0/10")
fi
create_args+=("--networking=${CNI_PLUGIN:-calico}")
if [[ "${CNI_PLUGIN}" == "amazonvpc" ]]; then
create_args+=("--set spec.networking.amazonVPC.env=ENABLE_PREFIX_DELEGATION=true")
fi
create_args+=("--set spec.etcdClusters[0].manager.listenMetricsURLs=http://localhost:2382")
create_args+=("--set spec.etcdClusters[0].manager.env=ETCD_QUOTA_BACKEND_BYTES=8589934592")
create_args+=("--set spec.etcdClusters[1].manager.env=ETCD_QUOTA_BACKEND_BYTES=8589934592")
create_args+=("--set spec.etcdClusters[*].manager.env=ETCD_QUOTA_BACKEND_BYTES=8589934592")
create_args+=("--set spec.etcdClusters[*].manager.env=ETCD_ENABLE_PPROF=true")
create_args+=("--set spec.cloudControllerManager.concurrentNodeSyncs=10")
create_args+=("--set spec.kubelet.maxPods=96")
create_args+=("--set spec.kubeScheduler.authorizationAlwaysAllowPaths=/healthz")
create_args+=("--set spec.kubeScheduler.authorizationAlwaysAllowPaths=/livez")
create_args+=("--set spec.kubeScheduler.authorizationAlwaysAllowPaths=/readyz")
create_args+=("--set spec.kubeScheduler.authorizationAlwaysAllowPaths=/metrics")
create_args+=("--set spec.kubeScheduler.kubeAPIQPS=500")
create_args+=("--set spec.kubeScheduler.kubeAPIBurst=500")
Expand All @@ -99,7 +108,7 @@ create_args+=("--set spec.kubeControllerManager.enableProfiling=true")
create_args+=("--set spec.kubeControllerManager.enableContentionProfiling=true")
# inflight requests are bit higher than what currently upstream uses for GCE scale tests
create_args+=("--set spec.kubeAPIServer.maxRequestsInflight=800")
create_args+=("--set spec.kubeAPIServer.maxMutatingRequestsInflight=400")
create_args+=("--set spec.kubeAPIServer.maxMutatingRequestsInflight=0")
create_args+=("--set spec.kubeAPIServer.enableProfiling=true")
create_args+=("--set spec.kubeAPIServer.enableContentionProfiling=true")
create_args+=("--set spec.kubeAPIServer.logLevel=2")
Expand All @@ -118,18 +127,10 @@ create_args+=("--master-size=${CONTROL_PLANE_SIZE:-c5.2xlarge}")
if [[ "${CLOUD_PROVIDER}" == "aws" ]]; then
# Enable creating a single nodes instance group
KOPS_FEATURE_FLAGS="AWSSingleNodesInstanceGroup,${KOPS_FEATURE_FLAGS:-}"
create_args+=("--set spec.etcdClusters[0].etcdMembers[0].volumeIOPS=6000")
create_args+=("--set spec.etcdClusters[0].etcdMembers[1].volumeIOPS=6000")
create_args+=("--set spec.etcdClusters[0].etcdMembers[2].volumeIOPS=6000")
create_args+=("--set spec.etcdClusters[0].etcdMembers[0].volumeThroughput=1000")
create_args+=("--set spec.etcdClusters[0].etcdMembers[1].volumeThroughput=1000")
create_args+=("--set spec.etcdClusters[0].etcdMembers[2].volumeThroughput=1000")
create_args+=("--set spec.etcdClusters[0].etcdMembers[0].volumeSize=120")
create_args+=("--set spec.etcdClusters[0].etcdMembers[1].volumeSize=120")
create_args+=("--set spec.etcdClusters[0].etcdMembers[2].volumeSize=120")
create_args+=("--set spec.etcdClusters[0].etcdMembers[0].volumeType=io1")
create_args+=("--set spec.etcdClusters[0].etcdMembers[1].volumeType=io1")
create_args+=("--set spec.etcdClusters[0].etcdMembers[2].volumeType=io1")
create_args+=("--set spec.etcdClusters[*].etcdMembers[*].volumeIOPS=6000")
create_args+=("--set spec.etcdClusters[*].etcdMembers[*].volumeThroughput=1000")
create_args+=("--set spec.etcdClusters[*].etcdMembers[*].volumeSize=120")
create_args+=("--set spec.etcdClusters[*].etcdMembers[*].volumeType=io1")

fi
echo "KOPS_FEATURE_FLAGS=${KOPS_FEATURE_FLAGS}"
Expand All @@ -140,9 +141,14 @@ KUBETEST2_ARGS+=("-v=2")
KUBETEST2_ARGS+=("--max-nodes-to-dump=${MAX_NODES_TO_DUMP:-5}")
KUBETEST2_ARGS+=("--cloud-provider=${CLOUD_PROVIDER}")
KUBETEST2_ARGS+=("--cluster-name=${CLUSTER_NAME:-}")
KUBETEST2_ARGS+=("--kops-version-marker=${KOPS_VERSION_MARKER:-https://storage.googleapis.com/k8s-staging-kops/kops/releases/markers/master/latest-ci.txt}")
KUBETEST2_ARGS+=("--admin-access=${ADMIN_ACCESS:-}")
KUBETEST2_ARGS+=("--env=KOPS_FEATURE_FLAGS=${KOPS_FEATURE_FLAGS}")
if [[ "${JOB_TYPE}" == "presubmit" && "${REPO_OWNER}/${REPO_NAME}" == "kubernetes/kops" ]]; then
KUBETEST2_ARGS+=("--build")
KUBETEST2_ARGS+=("--kops-binary-path=${GOPATH}/src/k8s.io/kops/.build/dist/linux/$(go env GOARCH)/kops")
else
KUBETEST2_ARGS+=("--kops-version-marker=${KOPS_VERSION_MARKER:-https://storage.googleapis.com/k8s-staging-kops/kops/releases/markers/master/latest-ci.txt}")
fi

if [[ "${CLOUD_PROVIDER}" == "gce" ]]; then
if [[ -n "${GCP_PROJECT:-}" ]]; then
Expand All @@ -151,10 +157,11 @@ if [[ "${CLOUD_PROVIDER}" == "gce" ]]; then
KUBETEST2_ARGS+=("--boskos-resource-type=${BOSKOS_RESOURCE_TYPE:-scalability-project}")
fi
KUBETEST2_ARGS+=("--control-plane-instance-group-overrides=spec.rootVolume.type=hyperdisk-balanced")
KUBETEST2_ARGS+=("--control-plane-instance-group-overrides=spec.associatePublicIP=true")
fi

# More time for bigger clusters
KUBETEST2_ARGS+=("--validation-wait=55m")
KUBETEST2_ARGS+=("--validation-wait=75m")
KUBETEST2_ARGS+=("--validation-count=3")
KUBETEST2_ARGS+=("--validation-interval=60s")

Expand All @@ -172,7 +179,7 @@ fi
export PROMETHEUS_KUBE_PROXY_SELECTOR_KEY="k8s-app"
export PROMETHEUS_SCRAPE_APISERVER_ONLY="true"
export CL2_PROMETHEUS_TOLERATE_MASTER="true"
if [[ "${CLOUD_PROVIDER}" == "aws" ]]; then
if [[ "${CLOUD_PROVIDER}" == "aws" && "${SCALE_SCENARIO}" == "performance" ]]; then
# CL2 uses KUBE_SSH_KEY_PATH path to ssh to instances for scraping metrics
export KUBE_SSH_KEY_PATH="/tmp/kops/${CLUSTER_NAME}/id_ed25519"
cat > "${GOPATH}"/src/k8s.io/perf-tests/clusterloader2/testing/load/overrides.yaml <<EOL
Expand All @@ -188,20 +195,41 @@ else
EOL
fi

kubetest2 kops "${KUBETEST2_ARGS[@]}" \
--up \
--kubernetes-version="${K8S_VERSION}" \
--create-args="${create_args[*]}" \
--test=clusterloader2 \
-- \
--provider="${CLOUD_PROVIDER}" \
--repo-root="${GOPATH}"/src/k8s.io/perf-tests \
--test-configs="${GOPATH}"/src/k8s.io/perf-tests/clusterloader2/testing/load/config.yaml \
--test-overrides="${GOPATH}"/src/k8s.io/perf-tests/clusterloader2/testing/load/overrides.yaml \
--extra-args="--experimental-prometheus-snapshot-to-report-dir=true" \
--kube-config="${HOME}/.kube/config"
# --test-overrides="${GOPATH}"/src/k8s.io/perf-tests/clusterloader2/testing/experiments/enable_restart_count_check.yaml \
# --test-overrides="${GOPATH}"/src/k8s.io/perf-tests/clusterloader2/testing/experiments/ignore_known_gce_container_restarts.yaml \
# --test-overrides="${GOPATH}"/src/k8s.io/perf-tests/clusterloader2/testing/overrides/5000_nodes.yaml \
# --test-overrides="${GOPATH}"/src/k8s.io/perf-tests/clusterloader2/testing/huge-service/config.yaml \
# --test-overrides="${GOPATH}"/src/k8s.io/perf-tests/clusterloader2/testing/access-tokens/config.yaml \
CLUSTERLOADER2_ARGS=()
if [[ -n "${KOPS_CL2_TEST_CONFIG}" ]]; then
CLUSTERLOADER2_ARGS+=("--test-configs=${GOPATH}/src/k8s.io/perf-tests/clusterloader2/${KOPS_CL2_TEST_CONFIG}")
else
CLUSTERLOADER2_ARGS+=("--test-configs=${GOPATH}/src/k8s.io/perf-tests/clusterloader2/testing/load/config.yaml")
CLUSTERLOADER2_ARGS+=("--test-configs=${GOPATH}/src/k8s.io/perf-tests/clusterloader2/testing/huge-service/config.yaml")
CLUSTERLOADER2_ARGS+=("--test-configs=${GOPATH}/src/k8s.io/perf-tests/clusterloader2/testing/access-tokens/config.yaml")
CLUSTERLOADER2_ARGS+=("--test-overrides=${GOPATH}/src/k8s.io/perf-tests/clusterloader2/testing/load/overrides.yaml")
CLUSTERLOADER2_ARGS+=("--test-overrides=${GOPATH}/src/k8s.io/perf-tests/clusterloader2/testing/experiments/enable_restart_count_check.yaml")
CLUSTERLOADER2_ARGS+=("--test-overrides=${GOPATH}/src/k8s.io/perf-tests/clusterloader2/testing/experiments/ignore_known_gce_container_restarts.yaml")
CLUSTERLOADER2_ARGS+=("--test-overrides=${GOPATH}/src/k8s.io/perf-tests/clusterloader2/testing/overrides/5000_nodes.yaml")
CLUSTERLOADER2_ARGS+=("--extra-args=--experimental-prometheus-snapshot-to-report-dir=true")
fi

if [[ "${SCALE_SCENARIO:performance}" == "correctness" ]]; then
kubetest2 kops "${KUBETEST2_ARGS[@]}" \
--up \
--kubernetes-version="${K8S_VERSION}" \
--create-args="${create_args[*]}" \
--test=kops \
-- \
--test-package-url=https://storage.googleapis.com/k8s-release-dev \
--test-package-dir=ci \
--test-package-marker=latest.txt \
--skip-regex="\[Driver:.gcepd\]|\[Serial\]|\[Disruptive\]|\[Flaky\]|\[Feature:([^L].*|L[^o].*|Lo[^a].*|Loa[^d].*)\]\[KubeUp\]" \
--parallel=25
else
kubetest2 kops "${KUBETEST2_ARGS[@]}" \
--up \
--kubernetes-version="${K8S_VERSION}" \
--create-args="${create_args[*]}" \
--test=clusterloader2 \
-- \
--provider="${CLOUD_PROVIDER}" \
--repo-root="${GOPATH}"/src/k8s.io/perf-tests \
--kube-config="${HOME}/.kube/config" \
"${CLUSTERLOADER2_ARGS[@]}"
fi
2 changes: 1 addition & 1 deletion ...ditionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-bootstrap_content
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ spec:
addons:
- id: k8s-1.16
manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml
manifestHash: 21c4c6429b8492f0499a751b7c319b5e9e702679df53bdf3fa285e19da46d89a
manifestHash: 43d31fd384b16586e0642892283c665294c02539b4a7f5dbe97ee46518f6d8a3
name: kops-controller.addons.k8s.io
needsRollingUpdate: control-plane
selector:
Expand Down
12 changes: 9 additions & 3 deletions ...bject_additionalobjects.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@ spec:
- args:
- --v=2
- --conf=/etc/kubernetes/kops-controller/config/config.yaml
- --log_file=/var/log/kops-controller.log
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

found this

kubernetes/klog#60

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A blast from the past :-)

- --logtostderr=false
- --alsologtostderr
command: null
env:
- name: KUBERNETES_SERVICE_HOST
Expand All @@ -68,14 +71,13 @@ spec:
requests:
cpu: 50m
memory: 50Mi
securityContext:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there's a case that kops-controller is important so should have a log in /var/log, but the components that are there today are the ones that we can't get with kubectl logs (when they fail). Is there e.g. a perf issue with getting kops-controller logs from kubectl logs (or some other reason)? Because now we will have to deal with the scanners flagging this one as running as root...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There isn't a performance issue and assuming the control plane is bootstrapped, we can see the logs from kops toolbox dump.

Happy to remove it if it's too tricky

runAsNonRoot: true
runAsUser: 10011
volumeMounts:
- mountPath: /etc/kubernetes/kops-controller/config/
name: kops-controller-config
- mountPath: /etc/kubernetes/kops-controller/pki/
name: kops-controller-pki
- mountPath: /var/log/kops-controller.log
name: logfile
dnsPolicy: Default
hostNetwork: true
nodeSelector: null
Expand All @@ -98,6 +100,10 @@ spec:
path: /etc/kubernetes/kops-controller/
type: Directory
name: kops-controller-pki
- hostPath:
path: /var/log/kops-controller.log
type: FileOrCreate
name: logfile
updateStrategy:
type: OnDelete

Expand Down
2 changes: 1 addition & 1 deletion ...te_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ spec:
addons:
- id: k8s-1.16
manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml
manifestHash: 7db9baec4bb7a296a0cf825e4b83b92c942f26b6a05e9e3a09d86b344e45f523
manifestHash: 56c09a6456fc4268a697ecd16f076ab7a77950a329dd154555b73499510c45a1
name: kops-controller.addons.k8s.io
needsRollingUpdate: control-plane
selector:
Expand Down
12 changes: 9 additions & 3 deletions ...a/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@ spec:
- args:
- --v=2
- --conf=/etc/kubernetes/kops-controller/config/config.yaml
- --log_file=/var/log/kops-controller.log
- --logtostderr=false
- --alsologtostderr
command: null
env:
- name: KUBERNETES_SERVICE_HOST
Expand All @@ -68,14 +71,13 @@ spec:
requests:
cpu: 50m
memory: 50Mi
securityContext:
runAsNonRoot: true
runAsUser: 10011
volumeMounts:
- mountPath: /etc/kubernetes/kops-controller/config/
name: kops-controller-config
- mountPath: /etc/kubernetes/kops-controller/pki/
name: kops-controller-pki
- mountPath: /var/log/kops-controller.log
name: logfile
dnsPolicy: Default
hostNetwork: true
nodeSelector: null
Expand All @@ -98,6 +100,10 @@ spec:
path: /etc/kubernetes/kops-controller/
type: Directory
name: kops-controller-pki
- hostPath:
path: /var/log/kops-controller.log
type: FileOrCreate
name: logfile
updateStrategy:
type: OnDelete

Expand Down
2 changes: 1 addition & 1 deletion ...cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ spec:
addons:
- id: k8s-1.16
manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml
manifestHash: 33c5913c89e15b5dba30a850b5ca09082d1b55f6f0af7df56f82f6f892fe310d
manifestHash: fcdeae5d484bdc7712a168b970ac354158e23849b385887315c537bc26c46ff5
name: kops-controller.addons.k8s.io
needsRollingUpdate: control-plane
selector:
Expand Down
Loading
Loading