Revert to previous behavior in 1.21/1.20 of setting pod phase to failed
during graceful node shutdown.
Setting pods to failed phase will ensure that external controllers that
manage pods like deployments will create new pods to replace those that
are shutdown. Many customers have taken a dependency on this behavior
and it was breaking change in 1.22, so this change reverts back to the
previous behavior.
Signed-off-by: David Porter <david@porter.me>
* Each exposed type/func is aliased to an equilvalent in
k8s.io/utils/clock.
* Adds deprecation notices to each type.
* This package should be completely deleted in 1.25.
* The test file is deleted since types are now references
to k8s.io/utils/clock
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
This is a fix for the issue #97031. It may happen that a subpath mount
point on a networking FS gets deleted on the server but in the case of
some file systems (CIFS) it would make the stat syscall end with ENOENT,
preventing the mount point to be cleaned up and pods using the mount
can't be cleanly deleted.
This situation can be detected by calling also access syscall on the
same path: if there is a discrepancy between stat and access results,
treating the mount as corrupted allows for successful cleanup and
unmount.
Print information from both the original path registration and the new
path registration stack traces when encountering a duplicate. This helps
the developer determine where the duplication is coming from and makes
it much easier to resolve.
Signed-off-by: Andy Goldstein <andy.goldstein@redhat.com>
Apply a small fix to ensure the kubeconfig files
that kubeadm manages have a CA when printed in the table
of the "check expiration" command. "CAName" is the field used for that.
In practice kubeconfig files can contain multiple credentials
from different CAs, but this is not supported by kubeadm and there
is a single cluster CA that signs the single client cert/key
in kubeadm managed kubeconfigs.
In case stacked etcd is used, the code that does expiration checks
does not validate if the etcd CA is "external" (missing key)
and if the etcd CA signed certificates are valid.
Add a new function UsingExternalEtcdCA() similar to existing functions
for the cluster CA and front-proxy CA, that performs the checks for
missing etcd CA key and certificate validity.
This function only runs for stacked etcd, since if etcd is external
kubeadm does not track any certs signed by that etcd CA.
This fixes a bug where the etcd CA will be reported as local even
if the etcd/ca.key is missing during "certs check-expiration".
In translation lib rbd pluin, the monitors slice is nil which
has to be initialized with an empty value. This commit address the same.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
