Get rid of code patching in containers
When generating CNI container our scripts were applying two patches to the Kuryr codebase. One was making sure k8s_client will correctly split WATCH responses with b"\n" and second was patching cni.main to enable daemonized mode for os_vif's privsep instead of sudo/rootwrap mode. This was critically unmaintainable, as any changes to patched files might make the patches unapplyable and break the container building scripts. This commit resolves the problem by completely removing step of applying patches: * k8s_client patch is applied directly into the codbase as it's a no-op in Python 2.7 and in Python 3.5 should be a correct way of doing things. * cni.main patch gets removed completely, as CNI container is run with sudo privileges, so privsep in rootwrap/sudo mode will work fine (and maybe even better as it gets rid of "broken pipe" errors in kubelet logs). Change-Id: I4171e3807dece12e41e04abefa1d16eb675f7d06
This commit is contained in:
parent
6153afe812
commit
27e0f2c857
|
@ -3,7 +3,6 @@ LABEL authors="Antoni Segura Puimedon<toni@kuryr.org>, Vikas Choudhary<vichoudh@
|
|||
|
||||
RUN yum install --setopt=tsflags=nodocs --assumeyes \
|
||||
net-tools \
|
||||
patch \
|
||||
gcc \
|
||||
python-devel \
|
||||
wget \
|
||||
|
@ -28,8 +27,6 @@ COPY . /opt/kuryr-kubernetes
|
|||
|
||||
# Installing from dev because of this issue, https://github.com/pyinstaller/pyinstaller/issues/2434
|
||||
RUN cd /opt/kuryr-kubernetes \
|
||||
&& patch -b kuryr_kubernetes/k8s_client.py < k8s_client.patch \
|
||||
&& patch -b kuryr_kubernetes/cni/main.py < cni_main.patch \
|
||||
&& pip3.5 install --no-cache-dir . \
|
||||
&& pip3.5 install git+https://github.com/pyinstaller/pyinstaller.git \
|
||||
&& pip3.5 install pyroute2 \
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
--- /root/tmp/kuryr-kubernetes/kuryr_kubernetes/cni/main.py 2017-06-19 07:15:39.898398766 -0400
|
||||
+++ kuryr_kubernetes/cni/main.py 2017-06-22 04:28:41.421123949 -0400
|
||||
@@ -61,6 +61,9 @@
|
||||
config.init(args)
|
||||
config.setup_logging()
|
||||
os_vif.initialize()
|
||||
+ ovs = os_vif._EXT_MANAGER['ovs'].obj
|
||||
+ ovs_mod = sys.modules[ovs.__module__]
|
||||
+ ovs_mod.linux_net.privsep.vif_plug.start(ovs_mod.linux_net.privsep.priv_context.Method.FORK)
|
||||
clients.setup_kubernetes_client()
|
||||
self._pipeline = h_cni.CNIPipeline()
|
||||
self._watcher = k_watcher.Watcher(self._pipeline)
|
|
@ -1,11 +0,0 @@
|
|||
--- /root/tmp/kuryr-kubernetes/kuryr_kubernetes/k8s_client.py 2017-06-19 07:15:39.901398831 -0400
|
||||
+++ kuryr_kubernetes/k8s_client.py 2017-06-22 06:14:48.177325667 -0400
|
||||
@@ -138,7 +138,7 @@
|
||||
headers=header)) as response:
|
||||
if not response.ok:
|
||||
raise exc.K8sClientException(response.text)
|
||||
- for line in response.iter_lines(delimiter='\n'):
|
||||
+ for line in response.iter_lines(delimiter=b'\n'):
|
||||
line = line.strip()
|
||||
if line:
|
||||
yield jsonutils.loads(line)
|
|
@ -162,7 +162,7 @@ class K8sClient(object):
|
|||
headers=header)) as response:
|
||||
if not response.ok:
|
||||
raise exc.K8sClientException(response.text)
|
||||
for line in response.iter_lines(delimiter='\n'):
|
||||
for line in response.iter_lines(delimiter=b'\n'):
|
||||
line = line.strip()
|
||||
if line:
|
||||
yield jsonutils.loads(line)
|
||||
|
|
Loading…
Reference in New Issue