This should fix a bug that could break masters when the EndpointSlice
feature gate was enabled. This was all tied to how the apiserver creates
and manages it's own services and endpoints (or in this case endpoint
slices). Consumers of endpoint slices also need to know about the
corresponding service. Previously we were trying to set an owner
reference here for this purpose, but that came with potential downsides
and increased complexity. This commit changes behavior of the apiserver
endpointslice integration to set the service name label instead of owner
references, and simplifies consumer logic to reference that (both are
set by the EndpointSlice controller).
Additionally, this should fix a bug with the EndpointSlice GenerateName
value that had previously been set with a "." as a suffix.
Currently, the character limit for the usernames set in the RunAsUserName is 20,
which is too low, considering that "ContainerAdministrator" is a valid username and
it is longer than 20 characters. A user should be able to run containers as
Administrator, if needed.
According to [1], Logon names can be up to 104 characters. The previous limit
only applies to local user accounts for the local system.
[1] https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb726984(v=technet.10)
When adding CSIDriver.Spec.VolumeLifecycleModes, the defaulting in
pkg/apis/storage/fuzzer/fuzzer.go did not quite match the one from
pkg/apis/storage/v1beta1/defaults.go, causing a test failure when the
corresponding feature gate is enabled.
This ensures that users get a good error message early on when trying
to do something that isn't okay:
$ kubectl create -f csi-hostpath-driverinfo.yaml
The CSIDriver "hostpath.csi.k8s.io" is invalid: spec.volumeLifecycleModes: Unsupported value: "foobar": supported values: "persistent", "ephemeral"
Using a "normal" CSI driver for an inline ephemeral volume may have
unexpected and potentially harmful effects when the driver gets a
NodePublishVolume call that it isn't expecting. To prevent that mistake,
driver deployments for a driver that supports such volumes must:
- deploy a CSIDriver object for the driver
- list "ephemeral" as one of the supported modes
The default is "persistent", so existing deployments continue to work
and are automatically protected against incorrect usage.
This commit contains the API change. Generated code and manual code
which uses the new API follow.
