Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / b876fc31f12628562a51c70668b318b9fc50478b
commitb876fc31f12628562a51c70668b318b9fc50478b[log] [tgz]
authorLorenz Brun <lorenz@nexantic.com>Tue Jul 14 13:54:01 2020 +0200
committerLorenz Brun <lorenz@nexantic.com>Tue Jul 14 13:54:01 2020 +0200
treeb7f4001c6ab56712dd26473b216e74222b1903f0
parent78fd97294dbc8bbf5ef1a490b2d7b7ad96fddcae [diff]
Update containerd to 1.4.0-beta.2 and K8s to 1.19.0-rc.0

This unbreaks bbolt (as part of containerd) on 1.14+ (see https://github.com/etcd-io/bbolt/pull/201 and
https://github.com/etcd-io/bbolt/pull/220), pulls in my patch to ignore image-defined volumes
(https://github.com/containerd/cri/pull/1504) and gets us some robustness fixes in containerd CNI/CRI integration
(https://github.com/containerd/cri/pull/1405). This also updates K8s at the same time since they share a lot of
dependencies and only updating one is very annoying. On the K8s side we mostly get the standard stream of fixes
plus some patches that are no longer necessary.

One annoying on the K8s side (but with no impact to the functionality) are these messages in the logs of various
components:
```
W0714 11:51:26.323590       1 warnings.go:67] policy/v1beta1 PodSecurityPolicy is deprecated in v1.22+, unavailable in v1.25+
```
They are caused by KEP-1635, but there's not explanation why this gets logged so aggressively considering the operators
cannot do anything about it. There's no newer version of PodSecurityPolicy and you are pretty much required to use it if
you use RBAC.

Test Plan: Covered by existing tests

Bug: T753

X-Origin-Diff: phab/D597
GitOrigin-RevId: f6c447da1de037c27646f9ec9f45ebd5d6660ab0
12 files changed
tree: b7f4001c6ab56712dd26473b216e74222b1903f0
  1. build/
  2. core/
  3. scripts/
  4. third_party/
  5. .bazelignore
  6. .bazelrc
  7. BUILD
  8. nogo_config.json
  9. README.md
  10. WORKSPACE
README.md

Nexantic monorepo

This is the monorepo storing all of nexantic's internal projects and libraries.

Environment

We assume a Fedora host system provisioned using rW, and IntelliJ as the IDE.

For better reproducibility, all builds are executed in containers.

Usage

Spinning up: scripts/create_container.sh

Spinning down: scripts/destroy_container.sh

Running commands: scripts/run_in_container.sh <...>

Using bazel using a wrapper script: scripts/bin/bazel <...> (add to your local $PATH for convenience)

Run a single node cluster

Launch the node:

bazel run //:launch

Run a kubectl command:

bazel run //core/cmd/dbg -- kubectl describe

IntelliJ

This repository is compatible with the IntelliJ Bazel plugin. All commands run inside the container, and necessary paths are mapped into the container.

We check the entire .ijwb project directory into the repository, which requires everyone to use the latest version of both IntelliJ and the Bazel plugin, but eliminates manual setup steps.

The following steps are necessary:

  • Install Google's official Bazel plugin in IntelliJ.

  • Add the absolute path to your ~/.cache/bazel-nxt folder to your idea64.vmoptions (Help → Edit Custom VM Options) and restart IntelliJ:

    -Dbazel.bep.path=/home/leopold/.cache/bazel-nxt

  • Set "Bazel Binary Location" in Other Settings → Bazel Settings to the absolute path of scripts/bin/bazel. This is a wrapper that will execute Bazel inside the container.

  • Open the .ijwb folder as IntelliJ project.

  • Disable Vgo support for the project.

  • Run a non-incremental sync in IntelliJ

The plugin will automatically resolve paths for generated files.

If you do not use IntelliJ, you need to use the scripts/bazel_copy_generated_for_ide.sh script to copy files locally.