Sync our repo with upstream #3
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
As a drive-by, enforce the linux/amd64 to be safe.
Workloads in the kube-system namespace would block cluster-autoscaler from evicting workloads unless a PDB was defined (see also [1]). Set an annotation to disregard the constraint for doks-debug which should never block evictions and node draining. [1]: https://github.com/kubernetes/autoscaler/blob/7c86e2813d20db8a943e69e447413ca859b92f97/cluster-autoscaler/FAQ.md#how-to-set-pdbs-to-enable-ca-to-move-kube-system-pods
doks-debug should always terminate immediately.
Upgrade Debian base image to bookworm
Never block cluster-autoscaler
Eliminate termination grace period
These are important for node debugging.
re-add iptables binaries
Simplifies testing in-cluster DNS as the policy enables to query CoreDNS for such requests.
…dnspolicy Use ClusterFirstWithHostNet DNS policy
doks switched to containerd container runtime a while ago (https://docs.digitalocean.com/products/kubernetes/details/changelog/#1.20.2-do.0), so while docker is still installed on the nodes it's not useful for debugging k8s containers anymore
remove docker socket mounts and cli
addn: fix the > as for some reason it was incorrect
Add support for crictl into the base images
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We were some commits behind upstream, this PR syncs the upstream with our own.
This pull request includes several updates to improve compatibility and functionality by transitioning from Docker to containerd, updating the base Docker image, and adding new tools. The most important changes include modifications to the Dockerfiles, workflow files, and Kubernetes manifests.
Transition from Docker to containerd:
Dockerfile: Changed the base image fromdebian:10-slimtodebian:12-slim, added installation steps forcrictl, and updated the default image endpoint configuration. [1] [2]README.md: Updated instructions to reflect the switch from Docker to containerd, including mounting thecontainerdsocket and addingcrictlto the list of tools. [1] [2]k8s/daemonset.yamlandk8s/deployment.yaml: Replaced Docker socket mounts with containerd socket mounts and added annotations for safe eviction and DNS policy. [1] [2] [3] [4]Workflow updates:
.github/workflows/release.yamland.github/workflows/test.yaml: Added the--platform linux/amd64flag to thedocker buildcommands to ensure compatibility with the target platform. [1] [2]Tooling updates:
Dockerfile: Addediptables,wget, and upgradedllvmfrom version 8 to 13. [1] [2]