The TLS bootstrapping timeout is increased to 5 minutes with a retry
once every 5 seconds. Failing fast if the kubelet is not healthy is also
preserved.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
* Api doc clarification for the mode value.
Apply suggestions from code review
Co-Authored-By: Robert Kielty <rob.kielty@gmail.com>
* Added a note regarding json and yaml api.
* running hack/* scripts.
Co-authored-by: Robert Kielty <rob.kielty@gmail.com>
While rambling again about how unsafe labels.SelectorFromSet is as it
just returns an empty selector that matches everything when it
encounters a parsing error, I noticed that we do not even have a safe
alternate. This commit fixes that by adding a `ValidatedSelectorFromSet`
func that either returns a Selector or an error.
It also changes SelectorFromSet to use SelectorFromValidatedSet under
the hood, so invalid Sets are send to the server and rejected there,
rather than silently doing the wrong thing by using am empty Selector.
The controller needs to be able to set a service's finalizers to be
able to create an EndpointSlice resource that is owned by the service
and sets blockOwnerDeletion=true in its ownerRef.
In case the last upper bound is +Inf, computed quantile is +Inf as well.
Given there's no restriction on how far individual upper bounds are from each other,
cut the last interval and consider the second last upper bound as the final one.
* move well-known kubelet cloud provider annotations to k8s.io/cloud-provider
Signed-off-by: andrewsykim <kim.andrewsy@gmail.com>
* cloud provider: rename AnnotationProvidedIPAddr to AnnotationAlphaProvidedIPAddr to indicate alpha status
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
* minor update
Added a missing period.
* add some more missing periods
- add in the missing period in 2 more places
- update generated files with `make update`
it turns out that the e2e test was not using the timeout used to
hold the CLOSE_WAIT status, hence the test was flake depending
on how fast it checked the conntrack table.
This PR replaces the dependency on ssh using a pod to check the conntrack
entries on the host in a loop, to make the test more robust
and reduce the flakiness due to race conditions and/or ssh issues.
It also fixes a bug trying to grep the conntrack entry, where
the error was swallowed if a conntrack entry wasn't found.
