x/build: Kubernetes builders on GKE don't support privileged pods #12815
Labels
Milestone
Comments
|
CL https://golang.org/cl/15283 mentions this issue. |
|
I think we talked about non-privileged builders in the past,
why not take the chance to make those Kubernetes-based
builder running on non-privileged builds?
The existing VM builder covers the privileged case well.
|
|
@minux, the buildlet lacks some permissions (starting with unable to listen to port 80) when not run as root. I don't want to debug that at the same time. We'll get a mix of root and not root at some point. I believe a bug is already open for that. |
bradfitz
added a commit
that referenced
this issue
Oct 2, 2015
Update #12815 Change-Id: I3bf6de74bc8ab07000fe9a4308299839ef20632f Reviewed-on: https://go-review.googlesource.com/15283 Reviewed-by: Evan Brown <evanbrown@google.com> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
Closing as we no longer use GKE for builders. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Kubernetes builders on GKE (Google Container Engine) don't support privileged pods.
This means our builds run as user not-really-but-kinda root. They can do lots of things root normally can, but they can't run some of the Linux exec tests.
If we don't run as root, the buildlet has a bunch of misc problems, so it's easier for us to run as root for now and skip some tests.
This bug exists to explain the situation and track CLs which skip tests on Kubernetes (environment: IN_KUBERNETES == "1")
When GKE fixes things so users can run privileged pods we can remove the skips.
We won't be losing any test coverage overall, though, because we'll keep some Linux builders still running as VMs as root. Only the trybots will use Kubernetes with that test skipped for now.
/cc @evandbrown
The text was updated successfully, but these errors were encountered: