| apiVersion: cluster.x-k8s.io/v1beta1 | |
| kind: MachineDeployment | |
| metadata: | |
| name: capi-quickstart-md-0 | |
| namespace: default | |
| annotations: | |
| cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "1" | |
| cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "3" | |
| spec: | |
| clusterName: capi-quickstart |
| GOROOT=/home/sbuerin/gosdks/go1.19 #gosetup | |
| GOPATH=/home/sbuerin/go #gosetup | |
| /home/sbuerin/gosdks/go1.19/bin/go test -c -o /tmp/GoLand/___1Test_clusterctlClient_GetProvidersConfig_in_sigs_k8s_io_cluster_api_cmd_clusterctl_client.test -gcflags all=-N -l sigs.k8s.io/cluster-api/cmd/clusterctl/client #gosetup | |
| /home/sbuerin/gosdks/go1.19/bin/go tool test2json -t /home/sbuerin/.local/share/JetBrains/Toolbox/apps/IDEA-U/ch-0/222.4167.29.plugins/go/lib/dlv/linux/dlv --listen=127.0.0.1:32795 --headless=true --api-version=2 --check-go-version=false --only-same-user=false exec /tmp/GoLand/___1Test_clusterctlClient_GetProvidersConfig_in_sigs_k8s_io_cluster_api_cmd_clusterctl_client.test -- -test.v -test.paniconexit0 -test.run ^\QTest_clusterctlClient_GetProvidersConfig\E$ | |
| API server listening at: 127.0.0.1:32795 | |
| === RUN Test_clusterctlClient_GetProvidersConfig | |
| --- PASS: Test_clusterctlClient_GetProvidersConfig (42.41s) | |
| === RUN Test_clusterctlClient_GetProvidersConfig/Returns_default_providers | |
| INFO: CRD name: "cluste |
(in this case debug conversion-verifier running in a CAPG verify job)
Starting the ProwJob:
TEST_INFRA=${HOME}/code/src/k8s.io/test-infra
export CONFIG_PATH=${TEST_INFRA}/config/prow/config.yaml
export JOB_CONFIG_PATH=${TEST_INFRA}/config/jobs/kubernetes-sigs/cluster-api-provider-gcp/cluster-api-provider-gcp-presubmits-main.yaml
| # clusterctl | |
| clusterctl_download(){ | |
| VERSION=$1 | |
| BIN_FOLDER=${2:-~/bin} | |
| mkdir -p "$BIN_FOLDER" | |
| cd "$BIN_FOLDER" || exit | |
| if [ ! -f "${BIN_FOLDER}"/clusterctl-"${VERSION}" ]; | |
| then |
On systems with UEFI Secure Boot enabled, recent Linux kernels will only load signed modules, so it's about time DKMS grew the capability to sign modules it's building.
These scripts are extended and scriptified variants of https://computerlinguist.org/make-dkms-sign-kernel-modules-for-secure-boot-on-ubuntu-1604.html and https://askubuntu.com/questions/760671/could-not-load-vboxdrv-after-upgrade-to-ubuntu-16-04-and-i-want-to-keep-secur/768310#768310 and add some error checking, a passphrase around your signing key, and support for compressed modules.
dkms-sign-module is a wrapper for the more generic sign-modules which can also be used outside of DKMS.
/root, say /root/module-signing, put the three scripts below in there and make them executable: chmod u+x one-time-setup sign-modules dkms-sign-module
| Optimization Step | Mean | 50 | 90 | 95 | 99 |
|---|---|---|---|---|---|
| Baseline | 7.24s | 4.79s | 24.01s | 29.13s | 31.54s |
| Send only validated resources to MutatingWebhook | 3.22s | 1.04s | 11.29s | 13.32s | 16.19s |
| Don't send old resource to MutatingWebhook | 790ms | 13ms | 3.21s | 3.92s | 4.78s |
| GOGC=1000 | 15ms | 13ms | 26ms | 41ms | 175ms |
| Optimized authorization queries | 9ms | 6ms | 24ms | 42ms | 90ms |
| deny[{"id": id, "resource": {"kind": "namespaces", "namespace": "", "name": "YhPygPfFUx"}, "resolution": resolution}] | |
| with data["kubernetes"]["namespaces"][""]["YhPygPfFUx"] as { | |
| "uid":"f9603bca-33ab-11e9-9711-fa163e2ecb1b", | |
| "kind":{ | |
| "group":"", | |
| "version":"v1", | |
| "kind":"Namespace" | |
| }, | |
| "resource":{ | |
| "group":"", |
| kind: MutatingWebhookConfiguration | |
| apiVersion: admissionregistration.k8s.io/v1beta1 | |
| metadata: | |
| name: opa | |
| webhooks: | |
| - name: opa.k8s.io | |
| rules: | |
| - operations: | |
| - CREATE | |
| - UPDATE |