From d201df8bd83b721c356e43cb872885143ae329ec Mon Sep 17 00:00:00 2001 From: Ben Moss Date: Wed, 20 Mar 2019 20:35:04 -0400 Subject: [PATCH] Bump windows jobs to 2019 (#311) * Switch to non-insider 1809 images. These images work on windows2019 stemcells. Signed-off-by: Leah Hanson * Fix file permissions on C:\var directory and add C:\tmp These changes are for the purpose of making the e2e/conformance tests pass. Add file permissions on C:\var: - The e2e tests expect files mounted in containers to have permissions for the User group. Ours didn't, because our var directory didn't. This applies an ACL that will be inherited by subdirectories and files. Create C:\tmp dir: - https://kubernetes.slack.com/archives/C0SJ4AFB7/p1551806791083000 - Use force flag while creating C:\tmp so that it doesn't error if the dir already exists. Signed-off-by: Leah Hanson * Make kubelet start without kube-proxy Signed-off-by: Leah Hanson * Download servercore image in the background This lets kubelet start faster, since this image is pretty large --- .../templates/bin/kubelet_ctl.ps1.erb | 45 ++++++------------- 1 file changed, 14 insertions(+), 31 deletions(-) diff --git a/jobs/kubelet-windows/templates/bin/kubelet_ctl.ps1.erb b/jobs/kubelet-windows/templates/bin/kubelet_ctl.ps1.erb index c4a301e7e..e8b58bc2f 100644 --- a/jobs/kubelet-windows/templates/bin/kubelet_ctl.ps1.erb +++ b/jobs/kubelet-windows/templates/bin/kubelet_ctl.ps1.erb @@ -70,6 +70,7 @@ function start_kubelet { end end -%> + mkdir -force C:\tmp # workaround for conformance tests /var/vcap/packages/kubernetes-windows/bin/kubelet ` <%- @@ -108,53 +109,35 @@ function check_for_networking { } } -function ensure_kubeproxy_is_running { - curl.exe --fail http://localhost:10256/healthz - if (-not $?) { - throw "kube-proxy is not available" - } -} - -function ensure_docker_is_running { - curl.exe --fail http://localhost:10256/healthz - if (-not $?) { - throw "kube-proxy is not available" - } -} - function load_base_images { # Temporary workaround until we bring our own images docker version if (-not $?) { throw "docker is not available" } - docker pull mcr.microsoft.com/windows/nanoserver:1803 - docker pull mcr.microsoft.com/windows/servercore:1803 - if (!(docker images mcr.microsoft.com/windows/nanoserver:latest -q)) - { - docker tag (docker images mcr.microsoft.com/windows/nanoserver -q) mcr.microsoft.com/windows/nanoserver - } + docker pull mcr.microsoft.com/windows/nanoserver:1809 + docker tag (docker images mcr.microsoft.com/windows/nanoserver:1809 -q) mcr.microsoft.com/windows/nanoserver + docker build -t kubeletwin/pause /var/vcap/jobs/kubelet-windows/config - if (!(docker images mcr.microsoft.com/windows/servercore:latest -q)) - { - docker tag (docker images mcr.microsoft.com/windows/servercore -q) mcr.microsoft.com/windows/servercore + Start-Job -ScriptBlock { + docker pull mcr.microsoft.com/windows/servercore:ltsc2019 + docker tag (docker images mcr.microsoft.com/windows/servercore:ltsc2019 -q) mcr.microsoft.com/windows/servercore } +} - $infraPodImage=docker images kubeletwin/pause -q - if (!$infraPodImage) - { - cd /var/vcap/jobs/kubelet-windows/config - docker build -t kubeletwin/pause . - } +function set_acls { + $ar = New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Users", "ReadAndExecute,CreateFiles,AppendData", "ContainerInherit, ObjectInherit", "None", "Allow") + $acl = Get-Acl C:\var + $acl.SetAccessRule($ar) + Set-Acl C:\var $acl } function main { delete_stale_drained_node check_for_networking - ensure_docker_is_running - ensure_kubeproxy_is_running load_base_images + set_acls start_kubelet }