Fix range loop when using jsonpath
Without patch:
kubectl get -n openshift-oauth-apiserver po -o jsonpath='{range .items[?(.status.phase=="Running")]}{.metadata.name}{" is Running\n"}'
apiserver-7d9cc97649-79c2x is Running
apiserver-7d9cc97649-lgks6 is Running
apiserver-7d9cc97649-qgkxn is Running
is Running
With patch:
kubectl get -n openshift-oauth-apiserver po -o jsonpath='{range .items[?(.status.phase=="Running")]}{.metadata.name}{" is Running\n"}'
apiserver-7d9cc97649-79c2x is Running
apiserver-7d9cc97649-lgks6 is Running
apiserver-7d9cc97649-qgkxn is Running
Kubernetes-commit: 39cfe232325d66bcdbc935af7aaf7022562e7010
* NewSelfSignedCACert makes Go 1.15+ compatible cert
As of Go 1.15, X.509 certificates without a SAN no longer
fall back to the CommonName of the certificate.
https://golang.org/doc/go1.15#commonname
Updating NewSelfSignedCACert to produce certificates that
work with this change.
* add missing license
Kubernetes-commit: a41a3ed4ae77a7902577bdb50b35fc5f42ed7c60
The message argument is mistakenly used as the format specifier, if it
contains the special '%' characters. This causes many '[%d|%s](MISSING)'
errors in the API server logs.
Signed-off-by: Ivan Sim <isim@redhat.com>
Kubernetes-commit: b1d0d401875b2076e73183f8468ecb95c3fe61aa
Kubelet cert rotation involves two certificate manager instances
(one for client and one for server certs) and the log lines are
identical and confusing. Since certificate manager is a utility
library it is also inappropriate to simply assume klog output is
sufficient.
certificate.Manager now accepts a Name and Logf function on its
config struct to identify the purpose of the manager and to
provide a way to redirect where output should go. If Name is
absent, the name is defaulted from the SignerName, and if that
is not found then the name is set to "client auth" if that is
a provided key usage, or "certificate" otherwise. If Logf is
not provided it defaults to klog.V(2). as today. The name is printed
in "foo: bar" form on every line, but can be converted to structured
logging in the future. The log level is not customizable and it
is up to the caller to decide whether that is an issue.
Some log messages are slightly cleaned up to more clearly indicate
their intent. One log message is removed in a utility function that
was already at v(4) and less likely to be needed.
The default behavior of the certificate manager is as before and
the kubelet now identifies the server and client signerName as
separate entities:
I0414 19:07:33.590419 1539 certificate_manager.go:263] kubernetes.io/kube-apiserver-client-kubelet: Rotating certificates
E0414 19:07:33.594154 1539 certificate_manager.go:464] kubernetes.io/kube-apiserver-client-kubelet: Failed while requesting a signed certificate from the master: cannot create certificate signing request: Post "https://...
Kubernetes-commit: 64c669bd0ac8fda39ba97f48ef887ac1f77fb014
This changes the `/ephemeralcontainers` subresource of `/pods` to use
the `Pod` kind rather than `EphemeralContainers`.
When designing this API initially it seemed preferable to create a new
kind containing only the pod's ephemeral containers, similar to how
binding and scaling work.
It later became clear that this made admission control more difficult
because the controller wouldn't be presented with the entire Pod, so we
updated this to operate on the entire Pod, similar to how `/status`
works.
Kubernetes-commit: d22dc5cb72a627341f4004b5d58d275f3d8773b3
* Fix staticcheck failures for vendor/k8s.io/client-go/transport
* avoid the possibility of a hang
Kubernetes-commit: 02d20442a5a5f5e1d3f1ef8e6fb14945462bc36c
