They are not needed for any of the tests and in practice apparently
caused enough overhead that even unrelated tests timed out. For
example, in the pull-kubernetes-e2e-kind test, 43 out of 5771 tests
failed, including tests from sig-node, sig-cli, sig-api-machinery,
sig-network.
Mirroring the various YAML files by hand is tedious. The new
update-hostpath.sh does all the necessary steps automatically.
The result is now a bit more consistent with the upstream repos in the
sense that the original file names and paths for the RBAC YAML files
are used.
The csi-hostpath-testing.yaml is included for the sake of
completeness, but not used during E2E testing.
The new hostpath driver release is v1.6.2, which adds the
external-health-monitor for the first time.
The previous base image, debian-base:v1.0.0, is affected by
CVE-2017-14062. This change upgrades to the most recent Debian stretch
image from the following command:
```
$ gcloud container images list-tags k8s.gcr.io/debian-base-amd64
DIGEST TAGS TIMESTAMP
7e9f2f88b813 v1.0.1 2020-02-18T13:18:50
d7be39e143d4 v2.0.0 2019-11-01T13:14:18
5f25d97ece90 v1.0.0 2019-03-25T10:59:09
dddca919baec 1.0.0 2019-03-25T09:43:09
```
This marks kube-addon-manager version 9.1.5.
Change-Id: I02321a781fb19dd33c0a19671b56c0b12d9b52fd
Kubelet cert rotation involves two certificate manager instances
(one for client and one for server certs) and the log lines are
identical and confusing. Since certificate manager is a utility
library it is also inappropriate to simply assume klog output is
sufficient.
certificate.Manager now accepts a Name and Logf function on its
config struct to identify the purpose of the manager and to
provide a way to redirect where output should go. If Name is
absent, the name is defaulted from the SignerName, and if that
is not found then the name is set to "client auth" if that is
a provided key usage, or "certificate" otherwise. If Logf is
not provided it defaults to klog.V(2). as today. The name is printed
in "foo: bar" form on every line, but can be converted to structured
logging in the future. The log level is not customizable and it
is up to the caller to decide whether that is an issue.
Some log messages are slightly cleaned up to more clearly indicate
their intent. One log message is removed in a utility function that
was already at v(4) and less likely to be needed.
The default behavior of the certificate manager is as before and
the kubelet now identifies the server and client signerName as
separate entities:
I0414 19:07:33.590419 1539 certificate_manager.go:263] kubernetes.io/kube-apiserver-client-kubelet: Rotating certificates
E0414 19:07:33.594154 1539 certificate_manager.go:464] kubernetes.io/kube-apiserver-client-kubelet: Failed while requesting a signed certificate from the master: cannot create certificate signing request: Post "https://...
- scheme: switch to:
utilruntime.Must(scheme.SetVersionPriority(v1beta3.SchemeGroupVersion))
- change all imports in the code base from v1beta2 to v1beta3
- rename all import aliases for kubeadmapiv1beta2 to "kubeadmapiv".
this allows smaller diffs when changing the default public API.
