Passing in a context instead of a stop channel has several advantages:
- ensures that client-go calls return as soon as the controller is asked to stop
- contextual logging can be used
By passing that context down to its own functions and checking it while
waiting, the lease controller also doesn't get stuck in backoffEnsureLease
anymore (https://github.com/kubernetes/kubernetes/issues/116196).
This adds a new resource.k8s.io API group with v1alpha1 as version. It contains
four new types: resource.ResourceClaim, resource.ResourceClass, resource.ResourceClaimTemplate, and
resource.PodScheduling.
This change enables hot reload of encryption config file when api server
flag --encryption-provider-config-automatic-reload is set to true. This
allows the user to change the encryption config file without restarting
kube-apiserver. The change is detected by polling the file and is done
by using fsnotify watcher. When file is updated it's process to generate
new set of transformers and close the old ones.
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
This change updates the API server code to load the encryption
config once at start up instead of multiple times. Previously the
code would set up the storage transformers and the etcd healthz
checks in separate parse steps. This is problematic for KMS v2 key
ID based staleness checks which need to be able to assert that the
API server has a single view into the KMS plugin's current key ID.
Signed-off-by: Monis Khan <mok@microsoft.com>
Introduce networking/v1alpha1 api group.
Add `ClusterCIDR` type to networking/v1alpha1 api group, this type
will enable the NodeIPAM controller to support multiple ClusterCIDRs.
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Theoretically, the apiserver could be told to advertise additional
ports on the kubernetes service, but there was no way to enable this
functionality without forking/vendoring the apiserver code. This was
apparently added in the distant past for OpenShift to use, but it has
not been used in OpenShift since Kubernetes 1.11.
EndpointSlice is always enabled now, so make it non-optional in the
EndpointsAdapter, make all of the test cases pass an EndpointSlice
client, and remove the "EndpointSlices disabled"-specific tests.
By changing makeEndpointsArray() to return both an Endpoints and an
EndpointsSlice, the "initialObjects" and "expectCreate"/"expectUpdate"
fields of (almost) all of the existing unit tests are automatically
switched to be EndpointSlice-aware; instead of having an initial state
with just Endpoints (or nothing), and testing that just the Endpoints
is created/updated correctly, they now have an initial state with both
Endpoints and EndpointSlice (or nothing), and test that both objects
are created/updated correctly.
The handful of existing test cases that used inconsistent Endpoints
and EndpointSlice state have been modified to create the objects
separately.
Consistently verify creates/updates based on the fake client's action
tracking, not based on the return values of the reconciler functions.
(This will also let us check that both Endpoints and EndpointSlices
were created/updated correctly.)
Pass initial state objects to fake.NewSimpleClientSet() rather than
calling Create() by hand.
(This will make it easier to have an initial state that is a mix of
Endpoints and EndpointSlices later on.)
