Page MenuHomePhabricator

Update pause container in our internal registry
Closed, ResolvedPublic

Description

Our current cluster seems to use the ancient pause:2.0 container. We also have the pause:3.0 container loaded into our registry, but the update to pause:3.1 seems good: https://github.com/kubernetes/kubernetes/blob/master/build/pause/CHANGELOG.md

We should sort out loading that in and then configuring our kubeadm deploy process to use the internal registry for this core-to-everything-kubernetes container. If we don't we will not be able to run much of anything on this once the admission webhook is deployed.

Details

Event Timeline

Bstorm created this task.Jul 24 2019, 3:20 PM

Change 525339 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[operations/puppet@production] toolforge: set kubeadm to use internal registry for pause container

https://gerrit.wikimedia.org/r/525339

Mentioned in SAL (#wikimedia-cloud) [2019-07-24T20:48:19Z] <bstorm_> rebuilt toolsbeta-test cluster with the internal version of the pause container T228887 T215531

Change 525339 merged by Bstorm:
[operations/puppet@production] toolforge: set kubeadm to use internal registry for pause container

https://gerrit.wikimedia.org/r/525339

Change 525434 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[operations/puppet@production] toolforge: add internal pause container to all the other kubelets

https://gerrit.wikimedia.org/r/525434

Change 525434 merged by Bstorm:
[operations/puppet@production] toolforge: add internal pause container to all the other kubelets

https://gerrit.wikimedia.org/r/525434

Change 525436 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[operations/puppet@production] toolforge: fix typo kubelet file content

https://gerrit.wikimedia.org/r/525436

Change 525436 merged by Bstorm:
[operations/puppet@production] toolforge: fix typo kubelet file content

https://gerrit.wikimedia.org/r/525436

Bstorm closed this task as Resolved.Jul 24 2019, 10:07 PM

It's ugly (adding extra, duplicate args to kubelet), but it's the only way to consistently make this work with all kubeadm joins AND keep the configs sane for kubeadm upgrades in the future. This is done.