Apparently successful `[[ -b "${LOOP_DEV}p1" ]]` check is not enough -
the mount can still fail. So instead of doing those checks, try
mounting and reprobing in the loop with some small exponential
backoffs.
Pull in this PR https://github.com/flatcar/bootengine/pull/74 to disable a
systemd-networkd setting causing unexpected routes to appear.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Pull in this PR https://github.com/flatcar/init/pull/109/ to disable a
systemd-networkd setting causing unexpected routes to appear.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Switch to using a managed identity instead of file based credentials for
running kola/ore (not plume). This covers our test subscription, but not our
publishing subscription.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
In the past user had to customize Kubernetes or use a bind mount to make
writing the default /usr/libexec/kubernetes/ path work. With
systemd-sysext on by default the bind mount doesn't work anymore because
it can get lost. A newer workaround is to use a systemd-sysext image
that creates a symlink in /usr/libexec/... to redirect to somewhere
under /var/.
Instead of relying on workarounds, make Kubernetes work by default on
Flatcar by having the symlink be part of the generic image. The target
folder will be created through a tmpfiles rule.
Go 1.18 is already EOL, so no security update at all. Since
upstream docker projects already have Go 1.19, Flatcar should also have
that.
See also
5d6db84223/Dockerfile (L6).
(cherry picked from commit 93a898312d91ebbf0708c1d96f43cd69e2fd6aed)
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Fixes: flatcar/Flatcar#1203
We push a commit with the nightly SDK tag to the main branch if the
SDK was built from the main branch. Which is what happens when we
build the nightly intermediate SDK. The final nightly SDK is not built
from the main branch, but rather from the nightly intermediate SDK
tag. Both of them point to the exactly same commit, but the difference
is in what `git rev-parse --abbrev-ref HEAD` returns for each of
those. When the main branch is checked out, the command will return
"main". When the nightly intermediate SDK tag is checked out, the
command will return "HEAD". So when nightly final SDK is being built,
the command returns a string different than "main" and thus decides
not to push the commit with the final nightly SDK tag to the main
branch. Rework it to assume that if `git rev-parse HEAD` and `git
rev-parse origin/main` return the same commit hash (and it's the
nightly build and all that) then the commit should be pushed.
We use "origin/main" instead of just "main" just in case the main
branch was not checked out before, for some reason (may come up in
testing with different names for the main branch when testing).
