-
Notifications
You must be signed in to change notification settings - Fork 40.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vendor: update system-validators to v1.3.0 #96378
vendor: update system-validators to v1.3.0 #96378
Conversation
/kind feature |
@@ -48,11 +49,14 @@ var DefaultSysSpec = SysSpec{ | |||
{Name: "PROC_FS"}, | |||
{Name: "NETFILTER_XT_TARGET_REDIRECT", Aliases: []string{"IP_NF_TARGET_REDIRECT"}}, | |||
{Name: "NETFILTER_XT_MATCH_COMMENT"}, | |||
{Name: "FAIR_GROUP_SCHED"}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
WRT the new required fields:
kubernetes/kubeadm#2335
both these PRs introduce new required configuration options (FAIR_GROUP_SCHED and CGROUP_PIDS), which can trip existing setups:
kubernetes/system-validators#19
kubernetes/system-validators#20
how common are these options and do you have any concerns about that?
i'm less concerned about CGROUP_PIDS, for some reason.
It has never been supported (or been working) running with a configuration that fails with the new validation, so I think it should be good to go. The only places they might be disabled, from my experience, are raspberry-pi like devices used for prototyping.
it feels like this validation should be enabled regardless; kernels that lack these options can skip validation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you clarify what the implications of "both these PRs introduce new required configuration options" are? does this mean an existing configuration will no longer work?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@odinuge confirmed that kernels without these options (now required by the library) never worked with the kubelet.
waiting to see if our CI passes with the new validation. |
flakes |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
/triage accepted |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice!
/lgtm
@neolit123 looks like this needs a rebase. please assign to liggitt after that. |
/area code-organization |
e75b7a0
to
bc66f9a
Compare
rebased. |
Includes the following changes to kernel validation: - add required options: CGROUP_PIDS, FAIR_GROUP_SCHED - add optional options: CFS_BANDWIDTH, CGROUP_HUGETLB
bc66f9a
to
77df449
Compare
/retest |
{Name: "CFS_BANDWIDTH", Description: "Required for CPU quota."}, | ||
{Name: "CGROUP_HUGETLB", Description: "Required for hugetlb cgroup."}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what does "Required for ..." mean in an Optional
list?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can be interpreted as required kernel options for optional k8s features. no preference on the wording in the description on my side.
cc @KentaTada
/lgtm /hold is this fixing a blocker/critical bug for 1.20 (it's flagged as a feature)? if not, let's move to the 1.21 milestone |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liggitt, neolit123, odinuge, soltysh The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
a validating feature that didn't merge before code-freeze. /milestone v1.21 |
/hold cancel |
What this PR does / why we need it:
Includes the following changes to kernel validation:
Which issue(s) this PR fixes:
Fixes kubernetes/kubeadm#2335
Special notes for your reviewer:
NONE
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: