diff --git a/cmd/kube-apiserver/app/options/options_test.go b/cmd/kube-apiserver/app/options/options_test.go index 97a2cdf7fe7..8a94921714f 100644 --- a/cmd/kube-apiserver/app/options/options_test.go +++ b/cmd/kube-apiserver/app/options/options_test.go @@ -147,10 +147,10 @@ func TestAddFlags(t *testing.T) { StorageConfig: storagebackend.Config{ Type: "etcd3", Transport: storagebackend.TransportConfig{ - ServerList: nil, - KeyFile: "/var/run/kubernetes/etcd.key", - CAFile: "/var/run/kubernetes/etcdca.crt", - CertFile: "/var/run/kubernetes/etcdce.crt", + ServerList: nil, + KeyFile: "/var/run/kubernetes/etcd.key", + TrustedCAFile: "/var/run/kubernetes/etcdca.crt", + CertFile: "/var/run/kubernetes/etcdce.crt", }, Paging: true, Prefix: "/registry", diff --git a/cmd/kubeadm/app/phases/upgrade/staticpods_test.go b/cmd/kubeadm/app/phases/upgrade/staticpods_test.go index 6955dcb6a8f..ff5f437a27a 100644 --- a/cmd/kubeadm/app/phases/upgrade/staticpods_test.go +++ b/cmd/kubeadm/app/phases/upgrade/staticpods_test.go @@ -28,8 +28,8 @@ import ( "testing" "time" - "go.etcd.io/etcd/pkg/transport" "github.com/pkg/errors" + "go.etcd.io/etcd/pkg/transport" "k8s.io/client-go/tools/clientcmd" certutil "k8s.io/client-go/util/cert" diff --git a/cmd/kubeadm/app/util/etcd/etcd.go b/cmd/kubeadm/app/util/etcd/etcd.go index 974b453bf4e..96c3e623fb8 100644 --- a/cmd/kubeadm/app/util/etcd/etcd.go +++ b/cmd/kubeadm/app/util/etcd/etcd.go @@ -26,9 +26,9 @@ import ( "strings" "time" + "github.com/pkg/errors" "go.etcd.io/etcd/clientv3" "go.etcd.io/etcd/pkg/transport" - "github.com/pkg/errors" "google.golang.org/grpc" "k8s.io/apimachinery/pkg/util/wait" clientset "k8s.io/client-go/kubernetes" diff --git a/staging/src/k8s.io/apiextensions-apiserver/test/integration/objectmeta_test.go b/staging/src/k8s.io/apiextensions-apiserver/test/integration/objectmeta_test.go index 348534b384b..6a75f60b1f1 100644 --- a/staging/src/k8s.io/apiextensions-apiserver/test/integration/objectmeta_test.go +++ b/staging/src/k8s.io/apiextensions-apiserver/test/integration/objectmeta_test.go @@ -140,9 +140,9 @@ func TestInvalidObjectMetaInStorage(t *testing.T) { t.Fatal(err) } tlsInfo := transport.TLSInfo{ - CertFile: restOptions.StorageConfig.Transport.CertFile, - KeyFile: restOptions.StorageConfig.Transport.KeyFile, - CAFile: restOptions.StorageConfig.Transport.CAFile, + CertFile: restOptions.StorageConfig.Transport.CertFile, + KeyFile: restOptions.StorageConfig.Transport.KeyFile, + TrustedCAFile: restOptions.StorageConfig.Transport.TrustedCAFile, } tlsConfig, err := tlsInfo.ClientConfig() if err != nil { diff --git a/staging/src/k8s.io/apiextensions-apiserver/test/integration/pruning_test.go b/staging/src/k8s.io/apiextensions-apiserver/test/integration/pruning_test.go index fd6ad92a2a4..f11aeb55d69 100644 --- a/staging/src/k8s.io/apiextensions-apiserver/test/integration/pruning_test.go +++ b/staging/src/k8s.io/apiextensions-apiserver/test/integration/pruning_test.go @@ -324,9 +324,9 @@ func TestPruningFromStorage(t *testing.T) { t.Fatal(err) } tlsInfo := transport.TLSInfo{ - CertFile: restOptions.StorageConfig.Transport.CertFile, - KeyFile: restOptions.StorageConfig.Transport.KeyFile, - CAFile: restOptions.StorageConfig.Transport.CAFile, + CertFile: restOptions.StorageConfig.Transport.CertFile, + KeyFile: restOptions.StorageConfig.Transport.KeyFile, + TrustedCAFile: restOptions.StorageConfig.Transport.TrustedCAFile, } tlsConfig, err := tlsInfo.ClientConfig() if err != nil { diff --git a/staging/src/k8s.io/apiextensions-apiserver/test/integration/storage/objectreader.go b/staging/src/k8s.io/apiextensions-apiserver/test/integration/storage/objectreader.go index 6024e493b25..ca316066182 100644 --- a/staging/src/k8s.io/apiextensions-apiserver/test/integration/storage/objectreader.go +++ b/staging/src/k8s.io/apiextensions-apiserver/test/integration/storage/objectreader.go @@ -102,9 +102,9 @@ func (s *EtcdObjectReader) SetStoredCustomResource(ns, name string, obj *unstruc // GetEtcdClients returns an initialized clientv3.Client and clientv3.KV. func GetEtcdClients(config storagebackend.TransportConfig) (*clientv3.Client, clientv3.KV, error) { tlsInfo := transport.TLSInfo{ - CertFile: config.CertFile, - KeyFile: config.KeyFile, - CAFile: config.CAFile, + CertFile: config.CertFile, + KeyFile: config.KeyFile, + TrustedCAFile: config.TrustedCAFile, } tlsConfig, err := tlsInfo.ClientConfig() diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/etcd.go b/staging/src/k8s.io/apiserver/pkg/server/options/etcd.go index d530d809875..4cf68fb8fd6 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/etcd.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/etcd.go @@ -161,7 +161,7 @@ func (s *EtcdOptions) AddFlags(fs *pflag.FlagSet) { fs.StringVar(&s.StorageConfig.Transport.CertFile, "etcd-certfile", s.StorageConfig.Transport.CertFile, "SSL certification file used to secure etcd communication.") - fs.StringVar(&s.StorageConfig.Transport.CAFile, "etcd-cafile", s.StorageConfig.Transport.CAFile, + fs.StringVar(&s.StorageConfig.Transport.TrustedCAFile, "etcd-cafile", s.StorageConfig.Transport.TrustedCAFile, "SSL Certificate Authority file used to secure etcd communication.") fs.StringVar(&s.EncryptionProviderConfigFilepath, "experimental-encryption-provider-config", s.EncryptionProviderConfigFilepath, diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/etcd_test.go b/staging/src/k8s.io/apiserver/pkg/server/options/etcd_test.go index 53490de330a..423059d4af6 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/etcd_test.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/etcd_test.go @@ -40,10 +40,10 @@ func TestEtcdOptionsValidate(t *testing.T) { Type: "etcd3", Prefix: "/registry", Transport: storagebackend.TransportConfig{ - ServerList: nil, - KeyFile: "/var/run/kubernetes/etcd.key", - CAFile: "/var/run/kubernetes/etcdca.crt", - CertFile: "/var/run/kubernetes/etcdce.crt", + ServerList: nil, + KeyFile: "/var/run/kubernetes/etcd.key", + TrustedCAFile: "/var/run/kubernetes/etcdca.crt", + CertFile: "/var/run/kubernetes/etcdce.crt", }, CompactionInterval: storagebackend.DefaultCompactInterval, CountMetricPollPeriod: time.Minute, @@ -64,10 +64,10 @@ func TestEtcdOptionsValidate(t *testing.T) { Type: "etcd4", Prefix: "/registry", Transport: storagebackend.TransportConfig{ - ServerList: []string{"http://127.0.0.1"}, - KeyFile: "/var/run/kubernetes/etcd.key", - CAFile: "/var/run/kubernetes/etcdca.crt", - CertFile: "/var/run/kubernetes/etcdce.crt", + ServerList: []string{"http://127.0.0.1"}, + KeyFile: "/var/run/kubernetes/etcd.key", + TrustedCAFile: "/var/run/kubernetes/etcdca.crt", + CertFile: "/var/run/kubernetes/etcdce.crt", }, CompactionInterval: storagebackend.DefaultCompactInterval, CountMetricPollPeriod: time.Minute, @@ -87,10 +87,10 @@ func TestEtcdOptionsValidate(t *testing.T) { StorageConfig: storagebackend.Config{ Type: "etcd3", Transport: storagebackend.TransportConfig{ - ServerList: []string{"http://127.0.0.1"}, - KeyFile: "/var/run/kubernetes/etcd.key", - CAFile: "/var/run/kubernetes/etcdca.crt", - CertFile: "/var/run/kubernetes/etcdce.crt", + ServerList: []string{"http://127.0.0.1"}, + KeyFile: "/var/run/kubernetes/etcd.key", + TrustedCAFile: "/var/run/kubernetes/etcdca.crt", + CertFile: "/var/run/kubernetes/etcdce.crt", }, Prefix: "/registry", CompactionInterval: storagebackend.DefaultCompactInterval, @@ -112,10 +112,10 @@ func TestEtcdOptionsValidate(t *testing.T) { Type: "etcd3", Prefix: "/registry", Transport: storagebackend.TransportConfig{ - ServerList: []string{"http://127.0.0.1"}, - KeyFile: "/var/run/kubernetes/etcd.key", - CAFile: "/var/run/kubernetes/etcdca.crt", - CertFile: "/var/run/kubernetes/etcdce.crt", + ServerList: []string{"http://127.0.0.1"}, + KeyFile: "/var/run/kubernetes/etcd.key", + TrustedCAFile: "/var/run/kubernetes/etcdca.crt", + CertFile: "/var/run/kubernetes/etcdce.crt", }, CompactionInterval: storagebackend.DefaultCompactInterval, CountMetricPollPeriod: time.Minute, diff --git a/staging/src/k8s.io/apiserver/pkg/server/storage/storage_factory.go b/staging/src/k8s.io/apiserver/pkg/server/storage/storage_factory.go index 267de1370b3..f3a54043a72 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/storage/storage_factory.go +++ b/staging/src/k8s.io/apiserver/pkg/server/storage/storage_factory.go @@ -307,8 +307,8 @@ func (s *DefaultStorageFactory) Backends() []Backend { tlsConfig.Certificates = []tls.Certificate{cert} } } - if len(s.StorageConfig.Transport.CAFile) > 0 { - if caCert, err := ioutil.ReadFile(s.StorageConfig.Transport.CAFile); err != nil { + if len(s.StorageConfig.Transport.TrustedCAFile) > 0 { + if caCert, err := ioutil.ReadFile(s.StorageConfig.Transport.TrustedCAFile); err != nil { klog.Errorf("failed to read ca file while getting backends: %s", err) } else { caPool := x509.NewCertPool() diff --git a/staging/src/k8s.io/apiserver/pkg/storage/etcd3/event_test.go b/staging/src/k8s.io/apiserver/pkg/storage/etcd3/event_test.go index 18b41242c8e..d54a97c2b71 100644 --- a/staging/src/k8s.io/apiserver/pkg/storage/etcd3/event_test.go +++ b/staging/src/k8s.io/apiserver/pkg/storage/etcd3/event_test.go @@ -17,10 +17,10 @@ limitations under the License. package etcd3 import ( - "go.etcd.io/etcd/clientv3" - "go.etcd.io/etcd/mvcc/mvccpb" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "go.etcd.io/etcd/clientv3" + "go.etcd.io/etcd/mvcc/mvccpb" "testing" ) diff --git a/staging/src/k8s.io/apiserver/pkg/storage/etcd3/store_test.go b/staging/src/k8s.io/apiserver/pkg/storage/etcd3/store_test.go index 4c17dc258d9..e3f625b50e3 100644 --- a/staging/src/k8s.io/apiserver/pkg/storage/etcd3/store_test.go +++ b/staging/src/k8s.io/apiserver/pkg/storage/etcd3/store_test.go @@ -29,9 +29,9 @@ import ( "sync" "testing" + "github.com/coreos/pkg/capnslog" "go.etcd.io/etcd/clientv3" "go.etcd.io/etcd/integration" - "github.com/coreos/pkg/capnslog" apitesting "k8s.io/apimachinery/pkg/api/apitesting" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/staging/src/k8s.io/apiserver/pkg/storage/etcd3/testing/BUILD b/staging/src/k8s.io/apiserver/pkg/storage/etcd3/testing/BUILD index 8e33612b69d..a1b6cd9abc1 100644 --- a/staging/src/k8s.io/apiserver/pkg/storage/etcd3/testing/BUILD +++ b/staging/src/k8s.io/apiserver/pkg/storage/etcd3/testing/BUILD @@ -26,6 +26,7 @@ go_library( "//vendor/github.com/coreos/etcd/pkg/testutil:go_default_library", "//vendor/github.com/coreos/etcd/pkg/transport:go_default_library", "//vendor/github.com/coreos/etcd/pkg/types:go_default_library", + "//vendor/go.uber.org/zap:go_default_library", "//vendor/k8s.io/klog:go_default_library", ], ) diff --git a/staging/src/k8s.io/apiserver/pkg/storage/etcd3/testing/test_server.go b/staging/src/k8s.io/apiserver/pkg/storage/etcd3/testing/test_server.go index 7464ff02d78..a596a99d78f 100644 --- a/staging/src/k8s.io/apiserver/pkg/storage/etcd3/testing/test_server.go +++ b/staging/src/k8s.io/apiserver/pkg/storage/etcd3/testing/test_server.go @@ -42,6 +42,7 @@ import ( "go.etcd.io/etcd/pkg/testutil" "go.etcd.io/etcd/pkg/transport" "go.etcd.io/etcd/pkg/types" + "go.uber.org/zap" "k8s.io/klog" ) @@ -85,9 +86,9 @@ func newSecuredLocalListener(t *testing.T, certFile, keyFile, caFile string) net t.Fatal(err) } tlsInfo := transport.TLSInfo{ - CertFile: certFile, - KeyFile: keyFile, - CAFile: caFile, + CertFile: certFile, + KeyFile: keyFile, + TrustedCAFile: caFile, } tlscfg, err := tlsInfo.ServerConfig() if err != nil { @@ -103,9 +104,9 @@ func newSecuredLocalListener(t *testing.T, certFile, keyFile, caFile string) net // newHTTPTransport create a new tls-based transport. func newHTTPTransport(t *testing.T, certFile, keyFile, caFile string) etcd.CancelableTransport { tlsInfo := transport.TLSInfo{ - CertFile: certFile, - KeyFile: keyFile, - CAFile: caFile, + CertFile: certFile, + KeyFile: keyFile, + TrustedCAFile: caFile, } tr, err := transport.NewTransport(tlsInfo, time.Second) if err != nil { @@ -194,7 +195,7 @@ func (m *EtcdTestServer) launch(t *testing.T) error { } m.s.SyncTicker = time.NewTicker(500 * time.Millisecond) m.s.Start() - m.raftHandler = &testutil.PauseableHandler{Next: etcdhttp.NewPeerHandler(m.s)} + m.raftHandler = &testutil.PauseableHandler{Next: etcdhttp.NewPeerHandler(zap.NewExample(), m.s)} for _, ln := range m.PeerListeners { hs := &httptest.Server{ Listener: ln, @@ -206,7 +207,7 @@ func (m *EtcdTestServer) launch(t *testing.T) error { for _, ln := range m.ClientListeners { hs := &httptest.Server{ Listener: ln, - Config: &http.Server{Handler: v2http.NewClientHandler(m.s, m.ServerConfig.ReqTimeout())}, + Config: &http.Server{Handler: v2http.NewClientHandler(zap.NewExample(), m.s, m.ServerConfig.ReqTimeout())}, } hs.Start() m.hss = append(m.hss, hs) diff --git a/staging/src/k8s.io/apiserver/pkg/storage/storagebackend/config.go b/staging/src/k8s.io/apiserver/pkg/storage/storagebackend/config.go index 37c65948e9a..cbf50b2112a 100644 --- a/staging/src/k8s.io/apiserver/pkg/storage/storagebackend/config.go +++ b/staging/src/k8s.io/apiserver/pkg/storage/storagebackend/config.go @@ -36,9 +36,9 @@ type TransportConfig struct { // ServerList is the list of storage servers to connect with. ServerList []string // TLS credentials - KeyFile string - CertFile string - CAFile string + KeyFile string + CertFile string + TrustedCAFile string // function to determine the egress dialer. (i.e. konnectivity server dialer) EgressLookup egressselector.Lookup } diff --git a/staging/src/k8s.io/apiserver/pkg/storage/storagebackend/factory/etcd3.go b/staging/src/k8s.io/apiserver/pkg/storage/storagebackend/factory/etcd3.go index b4a3800697c..81a24825b9e 100644 --- a/staging/src/k8s.io/apiserver/pkg/storage/storagebackend/factory/etcd3.go +++ b/staging/src/k8s.io/apiserver/pkg/storage/storagebackend/factory/etcd3.go @@ -26,9 +26,9 @@ import ( "sync/atomic" "time" + grpcprom "github.com/grpc-ecosystem/go-grpc-prometheus" "go.etcd.io/etcd/clientv3" "go.etcd.io/etcd/pkg/transport" - grpcprom "github.com/grpc-ecosystem/go-grpc-prometheus" "google.golang.org/grpc" utilnet "k8s.io/apimachinery/pkg/util/net" @@ -97,9 +97,9 @@ func newETCD3HealthCheck(c storagebackend.Config) (func() error, error) { func newETCD3Client(c storagebackend.TransportConfig) (*clientv3.Client, error) { tlsInfo := transport.TLSInfo{ - CertFile: c.CertFile, - KeyFile: c.KeyFile, - CAFile: c.CAFile, + CertFile: c.CertFile, + KeyFile: c.KeyFile, + TrustedCAFile: c.TrustedCAFile, } tlsConfig, err := tlsInfo.ClientConfig() if err != nil { @@ -107,7 +107,7 @@ func newETCD3Client(c storagebackend.TransportConfig) (*clientv3.Client, error) } // NOTE: Client relies on nil tlsConfig // for non-secure connections, update the implicit variable - if len(c.CertFile) == 0 && len(c.KeyFile) == 0 && len(c.CAFile) == 0 { + if len(c.CertFile) == 0 && len(c.KeyFile) == 0 && len(c.TrustedCAFile) == 0 { tlsConfig = nil } networkContext := egressselector.Etcd.AsNetworkContext() diff --git a/staging/src/k8s.io/apiserver/pkg/storage/storagebackend/factory/tls_test.go b/staging/src/k8s.io/apiserver/pkg/storage/storagebackend/factory/tls_test.go index 40271f07cc4..829a8af730b 100644 --- a/staging/src/k8s.io/apiserver/pkg/storage/storagebackend/factory/tls_test.go +++ b/staging/src/k8s.io/apiserver/pkg/storage/storagebackend/factory/tls_test.go @@ -54,9 +54,9 @@ func TestTLSConnection(t *testing.T) { defer os.RemoveAll(filepath.Dir(certFile)) tlsInfo := &transport.TLSInfo{ - CertFile: certFile, - KeyFile: keyFile, - CAFile: caFile, + CertFile: certFile, + KeyFile: keyFile, + TrustedCAFile: caFile, } cluster := integration.NewClusterV3(t, &integration.ClusterConfig{ @@ -68,10 +68,10 @@ func TestTLSConnection(t *testing.T) { cfg := storagebackend.Config{ Type: storagebackend.StorageTypeETCD3, Transport: storagebackend.TransportConfig{ - ServerList: []string{cluster.Members[0].GRPCAddr()}, - CertFile: certFile, - KeyFile: keyFile, - CAFile: caFile, + ServerList: []string{cluster.Members[0].GRPCAddr()}, + CertFile: certFile, + KeyFile: keyFile, + TrustedCAFile: caFile, }, Codec: codec, } diff --git a/staging/src/k8s.io/component-base/metrics/legacyregistry/registry.go b/staging/src/k8s.io/component-base/metrics/legacyregistry/registry.go index 54146bebff2..267706c4b25 100644 --- a/staging/src/k8s.io/component-base/metrics/legacyregistry/registry.go +++ b/staging/src/k8s.io/component-base/metrics/legacyregistry/registry.go @@ -43,7 +43,7 @@ func init() { // Deprecated: Please note the issues described in the doc comment of // InstrumentHandler. You might want to consider using promhttp.Handler instead. func Handler() http.Handler { - return prometheus.InstrumentHandler("prometheus", promhttp.HandlerFor(defaultRegistry, promhttp.HandlerOpts{})) + return promhttp.InstrumentMetricHandler(prometheus.DefaultRegisterer, promhttp.HandlerFor(defaultRegistry, promhttp.HandlerOpts{})) } // Register registers a collectable metric but uses the global registry diff --git a/test/integration/scale/scale_test.go b/test/integration/scale/scale_test.go index 6955baefc52..f23b4981b6f 100644 --- a/test/integration/scale/scale_test.go +++ b/test/integration/scale/scale_test.go @@ -22,8 +22,8 @@ import ( "strings" "testing" - _ "go.etcd.io/etcd/etcdserver/api/v3rpc" // Force package logger init. "github.com/coreos/pkg/capnslog" + _ "go.etcd.io/etcd/etcdserver/api/v3rpc" // Force package logger init. appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" diff --git a/test/integration/utils.go b/test/integration/utils.go index c449a77ce4f..5a0a6d51b29 100644 --- a/test/integration/utils.go +++ b/test/integration/utils.go @@ -72,9 +72,9 @@ func WaitForPodToDisappear(podClient coreclient.PodInterface, podName string, in // GetEtcdClients returns an initialized clientv3.Client and clientv3.KV. func GetEtcdClients(config storagebackend.TransportConfig) (*clientv3.Client, clientv3.KV, error) { tlsInfo := transport.TLSInfo{ - CertFile: config.CertFile, - KeyFile: config.KeyFile, - CAFile: config.CAFile, + CertFile: config.CertFile, + KeyFile: config.KeyFile, + TrustedCAFile: config.TrustedCAFile, } tlsConfig, err := tlsInfo.ClientConfig()