From 27e0f2c857fd88cfe795ab4c37442057355e67ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Dulko?= Date: Tue, 10 Oct 2017 11:30:16 +0200 Subject: [PATCH] Get rid of code patching in containers When generating CNI container our scripts were applying two patches to the Kuryr codebase. One was making sure k8s_client will correctly split WATCH responses with b"\n" and second was patching cni.main to enable daemonized mode for os_vif's privsep instead of sudo/rootwrap mode. This was critically unmaintainable, as any changes to patched files might make the patches unapplyable and break the container building scripts. This commit resolves the problem by completely removing step of applying patches: * k8s_client patch is applied directly into the codbase as it's a no-op in Python 2.7 and in Python 3.5 should be a correct way of doing things. * cni.main patch gets removed completely, as CNI container is run with sudo privileges, so privsep in rootwrap/sudo mode will work fine (and maybe even better as it gets rid of "broken pipe" errors in kubelet logs). Change-Id: I4171e3807dece12e41e04abefa1d16eb675f7d06 --- cni_builder.Dockerfile | 3 --- cni_main.patch | 12 ------------ k8s_client.patch | 11 ----------- kuryr_kubernetes/k8s_client.py | 2 +- 4 files changed, 1 insertion(+), 27 deletions(-) delete mode 100644 cni_main.patch delete mode 100644 k8s_client.patch diff --git a/cni_builder.Dockerfile b/cni_builder.Dockerfile index bc669c30e..249819ba2 100644 --- a/cni_builder.Dockerfile +++ b/cni_builder.Dockerfile @@ -3,7 +3,6 @@ LABEL authors="Antoni Segura Puimedon, Vikas Choudhary