- move assigned slave to T.Spec.AssignedSlave
- only create the BindingHost annoation in prepareTaskForLaunch
- recover the assigned slave from annotation and write it back to the T.Spec field
Before this patch the annotation were used to store the assign slave. But due
to the cloning of tasks in the registry, this value was never persisted in the
registry.
This patch adds it to the Spec of a task and only creates the annotation
last-minute before launching.
Without this patch pods which fail before binding will stay in the registry,
but they are never rescheduled again. The reason: the BindingHost annotation does
not exist in the registry and not on the apiserver (compare reconcilePod function).
pflag can handle IP addresses so use the pflag code instead of doing it
ourselves. This means our code just uses net.IP and we don't have all of
the useless casting back and forth!
The EndpointPort struct only stores one port: the port which is used
to connect to the container from outside. In the case of the Mesos
endpoint controller this is the host port. The container port is not part
of the endpoint structure at all.
A number of e2e tests need the container port information to validate correct
endpoint creation. Therefore this patch annotates the Endpoint struct with a
number of annotations mapping "<HostIP>:<HostPort>" to "<ContainerPort>". In a
follow-up commit these annotations are used to validate endpoints in a Mesos
setup.
All binaries in kubenretes show `-` for help and seem to expect `-`. Although
`_` also works. The inconsistencies across the codebase using - and _
result in difficultly using things like grep to find things that need to
be changed.
The test assumes that all nodes have Ceph client utilities installed.
Ceph RBD container is hand crafted to be really minimal. It creates a new RBD
on startup, which can take up to several minutes on busy machines.
iSCSI and RBD volumes don't work as Kubernetes services - these protocols
are broken by S-NAT created by kube-proxy - at least iSCSI exhanges real
IP address of the iSCSI target as part of the protocol.
This reverts commit 118004c166.
Proxies on a TCP port are accessible outside the current security
context (eg: uid). Add support for having the proxy listen on a
unix socket, which has permissions applied to it.
We make sure the socket starts its life only accessible by the
current user using Umask.
This is useful for applications like Cockpit and other tools which
want the help of kubectl to handle authentication, configuration and
transport security, but also want to not make that accessible to
all users on a multi-user system.
