This change updates TestAggregatedAPIServer and the related test
server wiring to exercise the full network path between the Kube API
server and the aggregated API server. We now assert that the wardle
API service and Kube API server discovery endpoints are fully healthy.
CRUD operations are performed through the Kube API server to the
wardle API server.
Signed-off-by: Monis Khan <mok@microsoft.com>
Since ClientCAs are provided by "client-ca::kube-system::extension-apiserver-authentication::client-ca-file" controller
we need to wait until it picks up the configmap (via a lister) before checking the CAs otherwise the response might contain an empty result.
So multiple instances of kube-apiserver can bind on the same address and
port, to provide seamless upgrades.
Signed-off-by: Mateusz Gozdek <mateusz@kinvolk.io>
The test package imports cmd/kubeadm, which is far from ideal.
There are a couple of reasons for the import:
1) Marshaling of Ingress from api/extensions/v1beta1.
To fix that include a local function in e2e/manifest/manifest.go
that does that same as the kubeadm MarshalToYaml.
2) Using PKI helper function in apimachinery and auth tests.
To fix that include a new file under test/utils/pki_helpers.go
that only contains the required helpers instead of including the whole
kubeadm pkiutil package.
There is another related problem:
e2e_node/e2e_node_suite_test.go includes:
k8s.io/kubernetes/cmd/kubeadm/app/util/system
But this has to be done in a follow up.
This package contains public/private key utilities copied directly from
client-go/util/cert. All imports were updated.
Future PRs will actually refactor the libraries.
Updates #71004
Automatic merge from submit-queue (batch tested with PRs 66394, 66888, 66932). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Include unavailable apiservices in discovery response
**What this PR does / why we need it**:
Include unavailable apiservices into `apis/` discovery endpoint response to fix namespace deletion https://github.com/kubernetes-incubator/service-catalog/issues/2254
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes-incubator/service-catalog/issues/2254
**Special notes for your reviewer**:
**Release note**:
```release-note
kube-apiserver now includes all registered API groups in discovery, including registered extension API group/versions for unavailable extension API servers.
```
This change updates the REST mapper used by all admission plugins to
be backed by cached discovery information. This cache is updated
every ten seconds via a post start hook and will not attempt to
update on calls to RESTMapping. It solely relies on the hook to
keep the cache in sync with discovery.
This prevents issues with the OwnerReferencesPermissionEnforcement
admission plugin when it is used with custom resources that set
blockOwnerDeletion.
Signed-off-by: Monis Khan <mkhan@redhat.com>
