feat: cache versioned kubelet kubectl package binaries#8287
Open
awesomenix wants to merge 1 commit intomainfrom
Open
feat: cache versioned kubelet kubectl package binaries#8287awesomenix wants to merge 1 commit intomainfrom
awesomenix wants to merge 1 commit intomainfrom
Conversation
awesomenix
requested review from
AbelHu,
Devinwong,
SriHarsha001,
calvin197,
cameronmeissner,
djsly,
ganeshkumarashok,
junjiezhang1997,
lilypan26,
mxj220,
pdamianov-dev,
phealy,
r2k1,
sulixu,
surajssd,
timmy-wright and
zachary-bailey
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
This PR optimizes Linux node provisioning by reusing kubelet/kubectl binaries already cached on the VHD (materialized as versioned files under /opt/bin) instead of reinstalling via the package manager during CSE.
Changes:
- VHD build: extract kubelet/kubectl binaries from cached
.deb/.rpmartifacts into/opt/bin/<tool>-<k8sVersion>. - CSE: add shared helpers to detect/move cached versioned kube binaries; update Ubuntu and Mariner package-based kubelet/kubectl install paths to prefer cache unless
SHOULD_ENFORCE_KUBE_PMC_INSTALL=true. - Tests: extend VHD content validation and add/extend ShellSpec coverage for the cache-first behavior.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
vhdbuilder/packer/install-dependencies.sh |
Adds VHD-build extraction of kubelet/kubectl binaries from cached package artifacts into versioned /opt/bin paths. |
vhdbuilder/packer/test/linux-vhd-content-test.sh |
Extends VHD content tests to validate versioned package-backed kubelet/kubectl binaries exist and match expected versions. |
parts/linux/cloud-init/artifacts/cse_install.sh |
Adds shared helpers to detect and move cached versioned kubelet/kubectl binaries; reuses them in the URL-based install flow. |
parts/linux/cloud-init/artifacts/ubuntu/cse_install_ubuntu.sh |
Updates Ubuntu package-based kubelet/kubectl install path to prefer cached versioned binaries. |
parts/linux/cloud-init/artifacts/mariner/cse_install_mariner.sh |
Updates Mariner/AzureLinux package-based kubelet/kubectl install path to prefer cached versioned binaries. |
spec/parts/linux/cloud-init/artifacts/cse_install_ubuntu_spec.sh |
Adds ShellSpec coverage for Ubuntu cache-first kubelet/kubectl install behavior. |
spec/parts/linux/cloud-init/artifacts/cse_install_mariner_spec.sh |
Adds ShellSpec coverage for Mariner cache-first kubelet/kubectl install behavior. |
spec/parts/linux/cloud-init/artifacts/cse_install_ubuntu_spec.sh
Outdated
Show resolved
Hide resolved
spec/parts/linux/cloud-init/artifacts/cse_install_mariner_spec.sh
Outdated
Show resolved
Hide resolved
parts/linux/cloud-init/artifacts/mariner/cse_install_mariner.sh
Outdated
Show resolved
Hide resolved
awesomenix
force-pushed
the
nishp/fastkubeletfrompkg
branch
from
98894d6 to
9614c74
Compare
awesomenix
changed the title
awesomenix
force-pushed
the
nishp/fastkubeletfrompkg
branch
from
9614c74 to
edbcee6
Compare
awesomenix
force-pushed
the
nishp/fastkubeletfrompkg
branch
from
edbcee6 to
b1dd3e8
Compare
awesomenix
force-pushed
the
nishp/fastkubeletfrompkg
branch
from
b1dd3e8 to
1936c2b
Compare
Comment on lines
+52
to
+56
| echo "Unpacking usr/bin/${packageName} from ${downloadDir}/${packageName}-${desiredVersion}*" | ||
| mkdir -p "$(dirname "${targetPath}")" | ||
| # This assumes that the binary will either be in /usr/bin or /usr/local/bin, but not both. | ||
| rpm2cpio "${rpmFile}" | cpio -i --to-stdout "./usr/bin/${rpmBinaryName}" "./usr/local/bin/${rpmBinaryName}" | install -m0755 /dev/stdin "${targetBinDir}/${targetBinaryName}" | ||
| rm -rf ${downloadDir} | ||
| rpm2cpio "${rpmFile}" | cpio -i --to-stdout "./usr/bin/${packageName}" "./usr/local/bin/${packageName}" | install -m0755 /dev/stdin "${targetPath}" | ||
| rm -rf "${downloadDir}" |
There was a problem hiding this comment.
This rpm2cpio | cpio -i --to-stdout call requests both ./usr/bin/<name> and ./usr/local/bin/<name> at once. If the RPM contains only one of these, cpio can fail (and if both exist it may concatenate both files to stdout), leading to an empty/corrupted binary being installed. Please extract exactly one resolved path (e.g., inspect the RPM file list first, or try /usr/bin/... and fall back to /usr/local/bin/... only if needed).
|
|
||
| local sourceBinary="${extractDir}/usr/bin/${packageName}" | ||
| if [ ! -f "${sourceBinary}" ]; then | ||
| echo "Failed to locate usr/bin/${packageName} in ${debFile}" |
There was a problem hiding this comment.
Minor: the error message says usr/bin/${packageName} but the intended path is /usr/bin/${packageName} (leading slash missing). Fixing this makes failures clearer when a .deb doesn’t contain the expected binary path.
Suggested change
| echo "Failed to locate usr/bin/${packageName} in ${debFile}" | |
| echo "Failed to locate /usr/bin/${packageName} in ${debFile}" |
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
awesomenix
force-pushed
the
nishp/fastkubeletfrompkg
branch
from
1936c2b to
b905626
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this does
This change avoids unnecessary kubelet/kubectl package installation work during CSE when the corresponding binaries are already
available on the VHD.
Today, Ubuntu and Mariner/Azure Linux cache the kubelet/kubectl PMC packages on the VHD, but CSE still installs them via the package
manager/runtime package flow. That has a few downsides:
dpkg -itriggers packagepostinstbehavior forkubelet.serviceThis PR changes the flow so VHD build materializes versioned kubelet/kubectl binaries from the cached package artifacts into:
/opt/bin/kubelet-<k8sVersion>/opt/bin/kubectl-<k8sVersion>Then, during CSE, if the requested version is already present in
/opt/bin, we reuse the existing cache-first path and do the finalrename into place instead of reinstalling from the package.
Changes
VHD build
vhdbuilder/packer/install-dependencies.shso cachedkubelet/kubectlpackage artifacts also produce versioned binariesunder
/opt/bin/usr/bin/<tool>from cached.deb/usr/bin/<tool>from cached.rpmCSE
/opt/binSHOULD_ENFORCE_KUBE_PMC_INSTALL=trueTests
/opt/binWhy
This keeps kubelet/kubectl aligned with the existing
kubernetes-binariesflow:Expected benefits:
postinstside effects when the VHD already has the requested binaryNotes
SHOULD_ENFORCE_KUBE_PMC_INSTALL=truestill forces the package path for validation / test scenarios