enable test handler for containerd runtime

Author: upodroid

Makefile

@@ -752,7 +752,7 @@ dev-upload: dev-upload-linux-amd64 dev-upload-linux-arm64
 .PHONY: crds
 crds:
 	cd "${KOPS_ROOT}/hack" && go build -o "${KOPS_ROOT}/_output/bin/controller-gen" sigs.k8s.io/controller-tools/cmd/controller-gen
-	"${KOPS_ROOT}/_output/bin/controller-gen" crd paths=k8s.io/kops/pkg/apis/kops/v1alpha2 output:dir=k8s/crds/ crd:crdVersions=v1
+	"${KOPS_ROOT}/_output/bin/controller-gen" crd paths=k8s.io/kops/pkg/apis/kops/v1alpha2 output:dir=k8s/crds/
 
 #------------------------------------------------------
 # kops-controller

k8s/crds/kops.k8s.io_clusters.yaml

@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.5.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: clusters.kops.k8s.io
 spec:
   group: kops.k8s.io
@@ -921,6 +919,10 @@ spec:
                     description: State directory for execution state files (default
                       "/run/containerd").
                     type: string
+                  testHandlerEnabled:
+                    description: TestHandlerEnabled enables a runtime called test-handler,
+                      specific to k/k e2e tests
+                    type: boolean
                   version:
                     description: Version used to pick the containerd package.
                     type: string
@@ -1513,9 +1515,9 @@ spec:
                   masters so that they are not on the pod network. true is the kube-up
                   behaviour, but it is very surprising: it means that daemonsets only
                   work on the master if they have hostNetwork=true. false is now the
-                  default, and it will:  * give the master a normal PodCIDR  * run
-                  kube-proxy on the master  * enable debugging handlers on the master,
-                  so kubectl logs works'
+                  default, and it will: * give the master a normal PodCIDR * run kube-proxy
+                  on the master * enable debugging handlers on the master, so kubectl
+                  logs works'
                 type: boolean
               karpenter:
                 description: Karpenter defines the Karpenter configuration.
@@ -2494,6 +2496,7 @@ spec:
                                         type: object
                                       type: array
                                   type: object
+                                  x-kubernetes-map-type: atomic
                                 weight:
                                   description: Weight associated with matching the
                                     corresponding nodeSelectorTerm, in the range 1-100.
@@ -2599,10 +2602,12 @@ spec:
                                         type: object
                                       type: array
                                   type: object
+                                  x-kubernetes-map-type: atomic
                                 type: array
                             required:
                             - nodeSelectorTerms
                             type: object
+                            x-kubernetes-map-type: atomic
                         type: object
                       podAffinity:
                         description: Describes pod affinity scheduling rules (e.g.
@@ -2683,6 +2688,7 @@ spec:
                                             only "value". The requirements are ANDed.
                                           type: object
                                       type: object
+                                      x-kubernetes-map-type: atomic
                                     namespaceSelector:
                                       description: A label query over the set of namespaces
                                         that the term applies to. The term is applied
@@ -2740,6 +2746,7 @@ spec:
                                             only "value". The requirements are ANDed.
                                           type: object
                                       type: object
+                                      x-kubernetes-map-type: atomic
                                     namespaces:
                                       description: namespaces specifies a static list
                                         of namespace names that the term applies to.
@@ -2844,6 +2851,7 @@ spec:
                                         The requirements are ANDed.
                                       type: object
                                   type: object
+                                  x-kubernetes-map-type: atomic
                                 namespaceSelector:
                                   description: A label query over the set of namespaces
                                     that the term applies to. The term is applied
@@ -2900,6 +2908,7 @@ spec:
                                         The requirements are ANDed.
                                       type: object
                                   type: object
+                                  x-kubernetes-map-type: atomic
                                 namespaces:
                                   description: namespaces specifies a static list
                                     of namespace names that the term applies to. The
@@ -3003,6 +3012,7 @@ spec:
                                             only "value". The requirements are ANDed.
                                           type: object
                                       type: object
+                                      x-kubernetes-map-type: atomic
                                     namespaceSelector:
                                       description: A label query over the set of namespaces
                                         that the term applies to. The term is applied
@@ -3060,6 +3070,7 @@ spec:
                                             only "value". The requirements are ANDed.
                                           type: object
                                       type: object
+                                      x-kubernetes-map-type: atomic
                                     namespaces:
                                       description: namespaces specifies a static list
                                         of namespace names that the term applies to.
@@ -3164,6 +3175,7 @@ spec:
                                         The requirements are ANDed.
                                       type: object
                                   type: object
+                                  x-kubernetes-map-type: atomic
                                 namespaceSelector:
                                   description: A label query over the set of namespaces
                                     that the term applies to. The term is applied
@@ -3220,6 +3232,7 @@ spec:
                                         The requirements are ANDed.
                                       type: object
                                   type: object
+                                  x-kubernetes-map-type: atomic
                                 namespaces:
                                   description: namespaces specifies a static list
                                     of namespace names that the term applies to. The
@@ -3827,9 +3840,9 @@ spec:
                     description: 'How should the kubelet configure the container bridge
                       for hairpin packets. Setting this flag allows endpoints in a
                       Service to loadbalance back to themselves if they should try
-                      to access their own Service. Values:   "promiscuous-bridge":
-                      make the container bridge promiscuous.   "hairpin-veth":       set
-                      the hairpin flag on container veth interfaces.   "none":               do
+                      to access their own Service. Values: "promiscuous-bridge": make
+                      the container bridge promiscuous. "hairpin-veth":       set
+                      the hairpin flag on container veth interfaces. "none":               do
                       nothing. Setting --configure-cbr0 to false implies that to achieve
                       hairpin NAT one must set --hairpin-mode=veth-flag, because bridge
                       assumes the existence of a container bridge named cbr0.'
@@ -4265,9 +4278,9 @@ spec:
                     description: 'How should the kubelet configure the container bridge
                       for hairpin packets. Setting this flag allows endpoints in a
                       Service to loadbalance back to themselves if they should try
-                      to access their own Service. Values:   "promiscuous-bridge":
-                      make the container bridge promiscuous.   "hairpin-veth":       set
-                      the hairpin flag on container veth interfaces.   "none":               do
+                      to access their own Service. Values: "promiscuous-bridge": make
+                      the container bridge promiscuous. "hairpin-veth":       set
+                      the hairpin flag on container veth interfaces. "none":               do
                       nothing. Setting --configure-cbr0 to false implies that to achieve
                       hairpin NAT one must set --hairpin-mode=veth-flag, because bridge
                       assumes the existence of a container bridge named cbr0.'
@@ -5866,9 +5879,9 @@ spec:
                 type: object
               updatePolicy:
                 description: 'UpdatePolicy determines the policy for applying upgrades
-                  automatically. Valid values:   ''automatic'' (default): apply updates
+                  automatically. Valid values: ''automatic'' (default): apply updates
                   automatically (apply OS security upgrades, avoiding rebooting when
-                  possible)   ''external'': do not apply updates automatically; they
+                  possible) ''external'': do not apply updates automatically; they
                   are applied manually or by an external system'
                 type: string
               useHostCertificates:
@@ -5903,9 +5916,3 @@ spec:
         type: object
     served: true
     storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

k8s/crds/kops.k8s.io_instancegroups.yaml

@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.5.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: instancegroups.kops.k8s.io
 spec:
   group: kops.k8s.io
@@ -225,6 +223,10 @@ spec:
                     description: State directory for execution state files (default
                       "/run/containerd").
                     type: string
+                  testHandlerEnabled:
+                    description: TestHandlerEnabled enables a runtime called test-handler,
+                      specific to k/k e2e tests
+                    type: boolean
                   version:
                     description: Version used to pick the containerd package.
                     type: string
@@ -286,8 +288,8 @@ spec:
                 type: array
               gcpProvisioningModel:
                 description: 'GCPProvisioningModel: Specifies the provisioning model
-                  of the GCP instance. Valid values:   ''STANDARD'': (default) standard
-                  provisioning with user controlled run time, no discounts   ''SPOT'':
+                  of the GCP instance. Valid values: ''STANDARD'': (default) standard
+                  provisioning with user controlled run time, no discounts ''SPOT'':
                   heavily discounted, no guaranteed run time.'
                 type: string
               guestAccelerators:
@@ -573,9 +575,9 @@ spec:
                     description: 'How should the kubelet configure the container bridge
                       for hairpin packets. Setting this flag allows endpoints in a
                       Service to loadbalance back to themselves if they should try
-                      to access their own Service. Values:   "promiscuous-bridge":
-                      make the container bridge promiscuous.   "hairpin-veth":       set
-                      the hairpin flag on container veth interfaces.   "none":               do
+                      to access their own Service. Values: "promiscuous-bridge": make
+                      the container bridge promiscuous. "hairpin-veth":       set
+                      the hairpin flag on container veth interfaces. "none":               do
                       nothing. Setting --configure-cbr0 to false implies that to achieve
                       hairpin NAT one must set --hairpin-mode=veth-flag, because bridge
                       assumes the existence of a container bridge named cbr0.'
@@ -1052,9 +1054,9 @@ spec:
               updatePolicy:
                 description: 'UpdatePolicy determines the policy for applying upgrades
                   automatically. If specified, this value overrides a value specified
-                  in the Cluster''s "spec.updatePolicy" field. Valid values:   ''automatic''
+                  in the Cluster''s "spec.updatePolicy" field. Valid values: ''automatic''
                   (default): apply updates automatically (apply OS security upgrades,
-                  avoiding rebooting when possible)   ''external'': do not apply updates
+                  avoiding rebooting when possible) ''external'': do not apply updates
                   automatically; they are applied manually or by an external system'
                 type: string
               volumeMounts:
@@ -1162,9 +1164,3 @@ spec:
     served: true
     storage: true
     subresources: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

k8s/crds/kops.k8s.io_keysets.yaml

@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.5.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: keysets.kops.k8s.io
 spec:
   group: kops.k8s.io
@@ -76,9 +74,3 @@ spec:
         type: object
     served: true
     storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

k8s/crds/kops.k8s.io_sshcredentials.yaml

@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.5.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: sshcredentials.kops.k8s.io
 spec:
   group: kops.k8s.io
@@ -41,9 +39,3 @@ spec:
         type: object
     served: true
     storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

nodeup/pkg/model/containerd.go

@@ -492,6 +492,9 @@ func (b *ContainerdBuilder) buildContainerdConfig() (string, error) {
 	if containerd.SeLinuxEnabled {
 		config.SetPath([]string{"plugins", "io.containerd.grpc.v1.cri", "enable_selinux"}, true)
 	}
+	if containerd.TestHandlerEnabled {
+		config.SetPath([]string{"plugins", "io.containerd.grpc.v1.cri", "containerd", "runtimes", "test-handler", "runtime_type"}, "io.containerd.runc.v2")
+	}
 	if b.NodeupConfig.KubeletConfig.PodInfraContainerImage != "" {
 		config.SetPath([]string{"plugins", "io.containerd.grpc.v1.cri", "sandbox_image"}, b.NodeupConfig.KubeletConfig.PodInfraContainerImage)
 	}

pkg/apis/kops/containerdconfig.go

@@ -51,6 +51,8 @@ type ContainerdConfig struct {
 	SeLinuxEnabled bool `json:"selinuxEnabled,omitempty"`
 	// NRI configures the Node Resource Interface.
 	NRI *NRIConfig `json:"nri,omitempty"`
+	// TestHandlerEnabled enables a runtime called test-handler, specific to k/k e2e tests
+	TestHandlerEnabled bool `json:"testHandlerEnabled,omitempty"`
 }
 
 type NRIConfig struct {

pkg/apis/kops/v1alpha2/containerdconfig.go

@@ -46,6 +46,8 @@ type ContainerdConfig struct {
 	SeLinuxEnabled bool `json:"selinuxEnabled,omitempty"`
 	// NRI configures the Node Resource Interface.
 	NRI *NRIConfig `json:"nri,omitempty"`
+	// TestHandlerEnabled enables a runtime called test-handler, specific to k/k e2e tests
+	TestHandlerEnabled bool `json:"testHandlerEnabled,omitempty"`
 }
 
 type NRIConfig struct {

pkg/apis/kops/v1alpha2/zz_generated.conversion.go

@@ -46,6 +46,8 @@ type ContainerdConfig struct {
 	SeLinuxEnabled bool `json:"selinuxEnabled,omitempty"`
 	// NRI configures the Node Resource Interface.
 	NRI *NRIConfig `json:"nri,omitempty"`
+	// TestHandlerEnabled enables a runtime called test-handler, specific to k/k e2e tests
+	TestHandlerEnabled bool `json:"testHandlerEnabled,omitempty"`
 }
 
 type NRIConfig struct {

pkg/apis/kops/v1alpha3/containerdconfig.go

@@ -118,6 +118,7 @@ func (d *deployer) createCluster(zones []string, adminAccess string, yes bool) e
 		"--kubernetes-version", d.KubernetesVersion,
 		"--ssh-public-key", d.SSHPublicKeyPath,
 		"--set", "cluster.spec.nodePortAccess=0.0.0.0/0",
+		"--set", "spec.containerd.testHandlerEnabled=true",
 	}
 	if yes {
 		args = append(args, "--yes")