This change updates the API server code to load the encryption
config once at start up instead of multiple times. Previously the
code would set up the storage transformers and the etcd healthz
checks in separate parse steps. This is problematic for KMS v2 key
ID based staleness checks which need to be able to assert that the
API server has a single view into the KMS plugin's current key ID.
Signed-off-by: Monis Khan <mok@microsoft.com>
Introduce networking/v1alpha1 api group.
Add `ClusterCIDR` type to networking/v1alpha1 api group, this type
will enable the NodeIPAM controller to support multiple ClusterCIDRs.
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Theoretically, the apiserver could be told to advertise additional
ports on the kubernetes service, but there was no way to enable this
functionality without forking/vendoring the apiserver code. This was
apparently added in the distant past for OpenShift to use, but it has
not been used in OpenShift since Kubernetes 1.11.
EndpointSlice is always enabled now, so make it non-optional in the
EndpointsAdapter, make all of the test cases pass an EndpointSlice
client, and remove the "EndpointSlices disabled"-specific tests.
By changing makeEndpointsArray() to return both an Endpoints and an
EndpointsSlice, the "initialObjects" and "expectCreate"/"expectUpdate"
fields of (almost) all of the existing unit tests are automatically
switched to be EndpointSlice-aware; instead of having an initial state
with just Endpoints (or nothing), and testing that just the Endpoints
is created/updated correctly, they now have an initial state with both
Endpoints and EndpointSlice (or nothing), and test that both objects
are created/updated correctly.
The handful of existing test cases that used inconsistent Endpoints
and EndpointSlice state have been modified to create the objects
separately.
Consistently verify creates/updates based on the fake client's action
tracking, not based on the return values of the reconciler functions.
(This will also let us check that both Endpoints and EndpointSlices
were created/updated correctly.)
Pass initial state objects to fake.NewSimpleClientSet() rather than
calling Create() by hand.
(This will make it easier to have an initial state that is a mix of
Endpoints and EndpointSlices later on.)
When the endpoint reconcilers got split out of pkg/controlplane,
GetMasterServiceUpdateIfNeeded() got moved to
pkg/controlplane/reconcilers, even though it needs to be kept in sync
with CreateOrUpdateMasterServiceIfNeeded() which stayed in
pkg/controlplane. (And everything else in pkg/controlplane/reconcilers
is about the Endpoints not the Service anyway.) So move it back.
On the flip side, the implementation of masterCountEndpointReconciler
got moved to pkg/controlplane/reconcilers, but its unit tests didn't.
So belatedly fix that.
* Introduce networking/v1alpha1 api, ClusterCIDRConfig type
Introduce networking/v1alpha1 api group.
Add `ClusterCIDRConfig` type to networking/v1alpha1 api group, this type
will enable the NodeIPAM controller to support multiple ClusterCIDRs.
* Change ClusterCIDRConfig.NodeSelector type in api
* Fix review comments for API
* Update ClusterCIDRConfig API Spec
Introduce PerNodeHostBits field, remove PerNodeMaskSize
This commit includes all the changes needed for APIServer. Instead of modifying the existing signatures for the methods which either generate or return stopChannel, we generate a context from the channel and use the generated context to be passed to the controllers which are started in APIServer. This ensures we don't have to touch APIServer dependencies.
The apiserver owns and manages the kubernetes.default service.
It has 3 different options to reconcile the endpoints that belong to
that service:
- None: endpoints are handled by an external party.
- MasterCount: legacy, it reconciles based on the endpoints generated
and a flag specifying the number of master on the cluster.
- Lease: default since 1.11, each apiserver writes a lease in etcd
and renews periodically, the endpoints are generated based on the
existing leases.
It seems that when the default was set for the lease reconciler, the
controlplane code wasn't updated and kept using the master count
reconciler.
This also starts the deprecation of the master count reconciler in
favor of the lease reconciler.
