Skip to content

Instantly share code, notes, and snippets.

View saschagrunert's full-sized avatar

Sascha Grunert saschagrunert

888 followers · 114 following
View GitHub Profile
@saschagrunert
saschagrunert / Dockerfile
Last active March 10, 2020 10:39
FROM debian:10
RUN apt-get update && apt-get install -y wget gnupg
RUN echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/ /' \
> /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
RUN wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_10/Release.key -O- |\
apt-key add -
RUN apt-get update && apt-get install -y podman
RUN sed -i 's/driver = ""/driver = "vfs"/' /etc/containers/storage.conf
@saschagrunert
saschagrunert / previous.md
Created March 10, 2020 10:11

What this PR does / why we need it: My explanation

@saschagrunert
saschagrunert / heading.md
Created March 10, 2020 10:09

Which issue(s) this PR fixes:

Fixes #

@saschagrunert
saschagrunert / pipeline.py
Last active March 6, 2020 11:05
#!/usr/bin/env python3
import json
from kfp.compiler import Compiler
from kfp.dsl import ContainerOp, ExitHandler, pipeline
from kubernetes import client as k8s
@pipeline(name='My pipeline', description='')
@saschagrunert
saschagrunert / sign-tutorial.md
Created March 4, 2020 10:24
How to sign and distribute container images using Podman and GPG

How to sign and distribute container images using Podman and GPG

First of all, we have to create a GPG key pair or select a locally available one:

> gpg --list-keys sgrunert@suse.com
pub   rsa2048 2018-11-26 [SC] [expires: 2020-11-25]
      92836C5387398A449AF794CF8CE029DD1A866E52
uid           [ultimate] Sascha Grunert <sgrunert@suse.com>
@saschagrunert
saschagrunert / demo.md
Created February 7, 2020 08:52

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

  • Renamed FeatureGate RequestManagement to APIPriorityAndFairness. This feature gate is an alpha and has not yet been associated with any actual functionality. change references to feature gate RequestManagement into references to APIPriorityAndFairness (#85260, @MikeSpreitzer) [SIG API Machinery]

  • kubeadm: add a new "kubelet-finalize" phase as part of the "init" workflow and an experimental sub-phase to enable automatic kubelet client certificate rotation on primary control-plane nodes.

Prior to 1.17 and for existing nodes created by "kubeadm init" where kubelet client certificate rotation is desired, you must modify "/etc/kubernetes/kubelet.conf" to point to the PEM symlink for rotation:

@saschagrunert
saschagrunert / v1.18.0-alpha.2.md
Created January 24, 2020 07:48

Changes by Kind

Deprecation

  • Marked scheduler's metrics scheduling_algorithm_predicate_evaluation_seconds and scheduling_algorithm_priority_evaluation_seconds as deprecated. Those are replaced by framework_extension_point_duration_seconds[extenstion_point="Filter"] and framework_extension_point_duration_seconds[extenstion_point="Score"] respectively. (#86584, @xiaoanyunfei) [SIG Scheduling]
  • Marked scheduler's scheduling_duration_seconds Summary metric as deprecated (#86586, @xiaoanyunfei) [SIG Scheduling]
  • Remove cluster-monitoring addon (#85512, @serathius) [SIG Cluster Lifecycle, SIG Instrumentation, SIG Scalability, and SIG Testing]
  • AlwaysCheckAllPredicates is deprecated in scheduler Policy API. ([#86369](https://github.com/k
@saschagrunert
saschagrunert / v1.17.0-by-kind-3.md
Last active January 15, 2020 09:19

Changes by Kind

API Change

  • Deprecate the beta labels for zones ("failure-domain.beta.kubernetes.io/zone") and regions ("failure-domain.beta.kubernetes.io/region") in favor of their GA equivalents: "topology.kubernetes.io/zone" and "topology.kubernetes.io/region".

    The beta labels "failure-domain.beta.kubernetes.io/zone" and "failure-domain.beta.kubernetes.io/region" will be removed in v1.21 (#81431, @andrewsykim) [SIG Apps, SIG Auth, SIG Cloud Provider, SIG Network, SIG Node, SIG Scheduling, SIG Storage, and SIG Testing]

  • A new kubelet command line option, --reserved-cpus, is introduced to explicitly define the the CPU list that will be reserved for system. For example, if --reserved-cpus=0,1,2,3 is specified, then cpu 0,1,2,3 will be reserved for the system. On a system with 24 CPUs, the user may specify isolcpus=4-23 for the kernel option and use CPU 4-23 for the user containers. ([#83592](https:/

@saschagrunert
saschagrunert / v1.17.0-by-kind-2.md
Created January 14, 2020 10:24

Changes by Kind

API Change

  • action required

    1. Currently, if users were to explicitly specify CacheSize of 0 for KMS provider, they would end-up with a provider that caches up to 1000 keys. This PR changes this behavior. Post this PR, when users supply 0 for CacheSize this will result in a validation error.

    2. CacheSize type was changed from int32 to *int32. This allows defaulting logic to differentiate between cases where users explicitly supplied 0 vs. not supplied any value.

  1. KMS Provider's endpoint (path to Unix socket) is now validated when the EncryptionConfiguration files is loaded. This used to be handled by the GRPCService. (#85363, @immutableT) [SIG API Machinery, SIG Auth, and SIG Instrumentation]
@saschagrunert
saschagrunert / CHANGELOG-1.16.md
Created January 9, 2020 10:55