3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-29 16:08:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

maybe fix with hack

Browse source
This commit is contained in:
Caleb Doxsey 2022-11-23 12:01:00 -07:00
parent 725991b0a9
commit 69b814351a
2 changed files with 53 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

65
integration/clusters/kubernetes/compose.yml
View file

@ -5,24 +5,27 @@ services:
entrypoint: entrypoint:
- sh - sh
- -c - -c
- | - "set -x\n\n# the dev image is only available locally, so load it first\nif [
set -x \"${POMERIUM_TAG:-main}\" = \"dev\" ]; then\n sh -c '\n while true ; do\n
# the dev image is only available locally, so load it first \ ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar
if [ "${POMERIUM_TAG:-main}" = "dev" ]; then && break\n sleep 1\n done\n ' &\nfi\n\n#########################################################################################################################################\n#
sh -c ' DISCLAIMER\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\n#
while true ; do Copied from https://github.com/moby/moby/blob/ed89041433a031cafc0a0f19cfe573c31688d377/hack/dind#L28-L37\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\n#
ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break Permission granted by Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> (https://github.com/k3d-io/k3d/issues/493#issuecomment-827405962)\t#\n#
sleep 1 Moby License Apache 2.0: https://github.com/moby/moby/blob/ed89041433a031cafc0a0f19cfe573c31688d377/LICENSE\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\n#########################################################################################################################################\nif
done [ -f /sys/fs/cgroup/cgroup.controllers ]; then\n echo \"[$(date -Iseconds)]
' & [CgroupV2 Fix] Evacuating Root Cgroup ...\"\n # move the processes from the
fi root group to the /init group,\n # otherwise writing subtree_control fails
k3s "$$@" with EBUSY.\n mkdir -p /sys/fs/cgroup/init\n busybox xargs -rn1 < /sys/fs/cgroup/cgroup.procs
> /sys/fs/cgroup/init/cgroup.procs || :\n # enable controllers\n sed -e 's/
/ +/g' -e 's/^/+/' <\"/sys/fs/cgroup/cgroup.controllers\" >\"/sys/fs/cgroup/cgroup.subtree_control\"\n
\ echo \"[$(date -Iseconds)] [CgroupV2 Fix] Done\"\nfi\n\nk3s \"$$@\"\n"
- k3s - k3s
- agent - agent
environment: environment:
K3S_TOKEN: TOKEN K3S_TOKEN: TOKEN
K3S_URL: https://k3s-server:6443 K3S_URL: https://k3s-server:6443
image: rancher/k3s:${K3S_TAG:-v1.21.14-k3s1} image: rancher/k3s:${K3S_TAG:-v1.22.16-k3s1}
networks: networks:
main: main:
aliases: aliases:
@ -999,7 +1002,7 @@ services:
END_OF_MANIFEST END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json kubectl apply -f /tmp/manifest.json
sleep 30 sleep 30
image: rancher/k3s:${K3S_TAG:-v1.21.14-k3s1} image: rancher/k3s:${K3S_TAG:-v1.22.16-k3s1}
networks: networks:
main: main:
aliases: aliases:
@ -1023,18 +1026,21 @@ services:
entrypoint: entrypoint:
- sh - sh
- -c - -c
- | - "set -x\n\n# the dev image is only available locally, so load it first\nif [
set -x \"${POMERIUM_TAG:-main}\" = \"dev\" ]; then\n sh -c '\n while true ; do\n
# the dev image is only available locally, so load it first \ ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar
if [ "${POMERIUM_TAG:-main}" = "dev" ]; then && break\n sleep 1\n done\n ' &\nfi\n\n#########################################################################################################################################\n#
sh -c ' DISCLAIMER\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\n#
while true ; do Copied from https://github.com/moby/moby/blob/ed89041433a031cafc0a0f19cfe573c31688d377/hack/dind#L28-L37\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\n#
ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break Permission granted by Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> (https://github.com/k3d-io/k3d/issues/493#issuecomment-827405962)\t#\n#
sleep 1 Moby License Apache 2.0: https://github.com/moby/moby/blob/ed89041433a031cafc0a0f19cfe573c31688d377/LICENSE\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\n#########################################################################################################################################\nif
done [ -f /sys/fs/cgroup/cgroup.controllers ]; then\n echo \"[$(date -Iseconds)]
' & [CgroupV2 Fix] Evacuating Root Cgroup ...\"\n # move the processes from the
fi root group to the /init group,\n # otherwise writing subtree_control fails
k3s "$$@" with EBUSY.\n mkdir -p /sys/fs/cgroup/init\n busybox xargs -rn1 < /sys/fs/cgroup/cgroup.procs
> /sys/fs/cgroup/init/cgroup.procs || :\n # enable controllers\n sed -e 's/
/ +/g' -e 's/^/+/' <\"/sys/fs/cgroup/cgroup.controllers\" >\"/sys/fs/cgroup/cgroup.subtree_control\"\n
\ echo \"[$(date -Iseconds)] [CgroupV2 Fix] Done\"\nfi\n\nk3s \"$$@\"\n"
- k3s - k3s
- server - server
- --disable - --disable
@ -1047,12 +1053,7 @@ services:
K3S_KUBECONFIG_MODE: "666" K3S_KUBECONFIG_MODE: "666"
K3S_KUBECONFIG_OUTPUT: /k3s-tmp/kubeconfig.yaml K3S_KUBECONFIG_OUTPUT: /k3s-tmp/kubeconfig.yaml
K3S_TOKEN: TOKEN K3S_TOKEN: TOKEN
healthcheck: image: rancher/k3s:${K3S_TAG:-v1.22.16-k3s1}
test:
- CMD
- kubectl
- cluster-info
image: rancher/k3s:${K3S_TAG:-v1.21.14-k3s1}
networks: networks:
main: main:
aliases: aliases:

21
integration/tpl/backends/k3s.libsonnet
View file

@ -6,6 +6,7 @@ local Command() =
'-c', '-c',
||| |||
set -x set -x
# the dev image is only available locally, so load it first # the dev image is only available locally, so load it first
if [ "${POMERIUM_TAG:-main}" = "dev" ]; then if [ "${POMERIUM_TAG:-main}" = "dev" ]; then
sh -c ' sh -c '
@ -15,6 +16,24 @@ local Command() =
done done
' & ' &
fi fi
#########################################################################################################################################
# DISCLAIMER #
# Copied from https://github.com/moby/moby/blob/ed89041433a031cafc0a0f19cfe573c31688d377/hack/dind#L28-L37 #
# Permission granted by Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> (https://github.com/k3d-io/k3d/issues/493#issuecomment-827405962) #
# Moby License Apache 2.0: https://github.com/moby/moby/blob/ed89041433a031cafc0a0f19cfe573c31688d377/LICENSE #
#########################################################################################################################################
if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
echo "[$(date -Iseconds)] [CgroupV2 Fix] Evacuating Root Cgroup ..."
# move the processes from the root group to the /init group,
# otherwise writing subtree_control fails with EBUSY.
mkdir -p /sys/fs/cgroup/init
busybox xargs -rn1 < /sys/fs/cgroup/cgroup.procs > /sys/fs/cgroup/init/cgroup.procs || :
# enable controllers
sed -e 's/ / +/g' -e 's/^/+/' <"/sys/fs/cgroup/cgroup.controllers" >"/sys/fs/cgroup/cgroup.subtree_control"
echo "[$(date -Iseconds)] [CgroupV2 Fix] Done"
fi
k3s "$$@" k3s "$$@"
|||, |||,
'k3s', 'k3s',
@ -30,7 +49,7 @@ local InstallManifest(manifest) =
'kubectl wait --for=condition=available deployment/' + manifest.metadata.name, 'kubectl wait --for=condition=available deployment/' + manifest.metadata.name,
] else []); ] else []);
local k3s_tag = 'v1.22.16+k3s1'; local k3s_tag = 'v1.22.16-k3s1';
function(idp, manifests) { function(idp, manifests) {
compose: { compose: {