Kube-proxy's iptables mode used to care whether utiliptables's
EnsureRule was able to use "iptables -C" or if it had to implement it
hackily using "iptables-save". But that became irrelevant when
kube-proxy was reimplemented using "iptables-restore", and no one ever
noticed. So remove that check.
The iptables code was doing version detection on the iptables binary
but feature detection on the iptables-restore binary, to try to
support the version of iptables in RHEL 7, which claims to be 1.4.21
but has certain features from iptables 1.6.
The problem is that this particular set of versions and checks
resulted in the code passing "-w" ("wait forever for the lock") to
iptables, but "-w 5" ("wait at most 5 seconds for the lock") to
iptables-restore. On systems with very very many iptables rules, this
could result in the kubelet periodic resyncs (which use "iptables")
blocking kube-proxy (which uses "iptables-restore") and causing it to
time out.
We already have code to grab the lock file by hand when using a
version of iptables-restore that doesn't support "-w", and it works
fine. So just use that instead, and only pass "-w 5" to
iptables-restore when iptables reports a version that actually
supports it.
The Configurator has been used as a holder for listers that tests need,
which is not its purpose. By making the tests obtain listers from more
appropriate places, such as informers, there is no need for various
accessors to the Configurator.
Also, FakeConfigurator is not being used anymore, so there's no need for
an interface instead of a plain pointer.
Signed-off-by: Aldo Culquicondor <acondor@google.com>
- common_test.go: use constants.CurrentKubernetesVersion
- diff_test.go: write temporary files instead of using testdata.
this allows us to not have to bump kubernetesVersions in the
testdata files (now removed)
- policy_test.go: apply fixes to tests that were previously passing,
but a bump in constants.go breaks them. these tests now work
for any version.
- The code for google analytics is not well-formatted, which cause its not
rendered well and properly not work as expected.
- webhook v1beta1 is out, the `TODO` in the guide could be removed.
Signed-off-by: Dave Chen <dave.chen@arm.com>
Shared blob disks are now created with default skuname value if the
referenced storage class possesses empty values for storageaccounttype
and skuname. Prior, the provisioning process would fail if a new
storage account needed to be created. This is because a storage account
may not be created with an empty sotrageaccounttype.
