Currently --rootfs does not work with "upgrade node" for CP nodes
because the only check of CP nodes is performed in newNodeOptions()
which runs before the root kubeadm command is run, thus the chroot()
path coming from --rootfs is not applied yet.
To work around that call the "isControlPlaneNode" check when
constructing the command data on command runtime.
Because /tmp/kubelet.log shows trailing log.
Flag --container-runtime-endpoint has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
snuck in there while I was working on the test, but is ultimately not necessary to test the functionality.
skipping healthz check resulted in leaking goroutines from poststarthooks.
These tests will create the userns record mapping file, so let's use a
temporal directory for that.
Without specifying one, by mistake we were using the
"/tmp/non-existant-dir.This-is-not-used-in-tests/" directory.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
The error we are wrapping is already verbose, let's just use minimal
wrapping as it is usually the case in go code.
Note that the error on parseUserNsFileAndRecord() can be returned to the
user, so we added some context about user namespace. Otherwise, an error
to parse the json would not be clear to which of all the json the kubelet
parses it refers to.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Most error messages are properly wrapped already, but this was missing.
The kubelet logs will show something like this now:
E0201 12:00:03.505680 3007049 run.go:74] "command failed" err="failed to run Kubelet: failed to create kubelet: record pod mappings: create user namespace store: mkdir XXX: permission denied"
Before this commit, the message was not so clear:
E0120 16:02:40.484404 474711 run.go:74] "command failed" err="failed to run Kubelet: failed to create kubelet: mkdir XXX: permission denied"
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
kubeadm upgrade checks the migration path for the existing CoreDNS
deployment pre-flight. Migration paths are defined for CoreDNS
versions, which are derived from the image tag used in the existing
deployment.
The kubeadm ClusterConfiguration.DNS.ImageMeta supports suffixing the
tag with a digest, but at upgrade time does not derive the version
correctly from an image with digest suffix, because DeployedDNSAddon
does not deal with digests correctly. This commit makes DeployedDNSAddon
digest-aware.
Signed-off-by: Markus Rudy <mr@edgeless.systems>
Previous v1beta4 work added support for
ClusterConfiguration.EncryptionAlgorithm, however the possible
values were limited to just "RSA" (2048 key size) and "ECDSA" (P256).
Allow more arbitrary algorithm types, that can also include key size
or curve type encoded in the name:
"RSA-2048" (default), "RSA-3072", "RSA-4096" or "ECDSA-P256".
Update the deprecation notice of the PublicKeysECDSA FeatureGate
as ideally it should be removed only after v1beta3 is removed.
This fixes the race condition that could happen because
resize controller just finished volume expansiona and has only
finished marking PV and yet to mark PVC.
The workaround proposed here should not be necessary once
RecoverVolumeExpansionFailure goes GA/beta.
Allow kubelet orphan cleanup to delete both files and empty directories as
subpath mount points.
A pod does not need to use a directory as a subpath, it can use a file
(unix domain socket, pipe, ...) too. Therefore the cleanup should use
`os.Remove` that deletes both files and empty directories.
Don't implement interfaces that trigger tests with in-line and
pre-provisioned vSphere volumes.
With cloud provider removal, the in-tree vSphere tests won't be able to
create a volume in vSphere and thus test in-line volumes in Pods and
pre-provisioned PVs. Only dynamically provisioned volumes can be used for
testing, because they're provisioned by the vSphere CSI driver.
