The command can be used to validate an input --config and throw
warnings and errors.
Add a new argument strctErrors to the functions
documentMapTo{Init|Join}Configuration(). This allows
to return errors from the calls to VerifyUnmarshalStrict().
Add a new function verifyKnownGVKs() in config/common.go
that is used to verify if a list of GVKs in a config file is
known. This function is used by the "validate" and "migrate"
commands.
Both commands now throw errors for unknown APIs or fields.
Move the Linux-specific conntrack setup code into a new
"platformSetup" rather than trying to fit it into the generic setup
code.
Also move metrics registration there.
TestBindToCommandArgRequirements has a .Pointer()
comparison that is not guaranteed to pass given
the reflected functions are closures.
This test is consistently failing on Go 1.21 rc1.
Remove said comparison from the test.
Before this commit, kubeadm starts kubelet before it creates
/etc/kubernetes/manifests. On boot, kubelet tries to load the
static pod manifests from this dir by calling `listConfig()`
7ad8303b96/pkg/kubelet/config/file.go (L97)
and it'll then try to start a file watcher every second for 20s
7ad8303b96/pkg/kubelet/config/file.go (L114)7ad8303b96/pkg/kubelet/config/file_linux.go (L51-L67)
If kubelet starts and calls `listConfig()` before kubeadm creates
`/etc/kubernetes/manifests` (while writing the static pods manifests),
the file watcher will be created less than a second after, but there
will be no changes to report, so the manifests will only be detected
on the next tick of `listTicker`, a bit less than 20s later
7ad8303b96/pkg/kubelet/config/file.go (L102-L103)
Even if we fixed the watch code to `listConfig()` just after starting the
inotify watch, watching source file is only supported on linux,
so moving the manifests generation before kubelet start fixes all
cases and make more sense IMO.
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
If scheduler fails to be active (elected if leader election is enabled),
setting this option will not start informers so that to avoid memory
overhead.
Signed-off-by: Eric Lin <exlin@google.com>
kubelet option '--image-gc-low-threshold' description says it 'should not be larger than that of --image-gc-high-threshold'. But actually, it must less than '--image-gc-high-threshold', according to 02659772cb/pkg/kubelet/apis/config/validation/validation.go (L84)
If the etcd member is not found, then it has already been removed, and
kubeadm reset should immediately complete the 'remove-etcd-member'
phase. Previously, the phase would complete only once the
exponential-backoff retry expired, up to 3 minutes duration.
This commit also fixes a semantic error in etcd.GetMemberID. Previously,
the function returned 0 if no member was found, but 0 is not a valid
member ID.
* update serial number to a valid non-zero number in ca certificate
* fix the existing problem (0 SerialNumber in all certificate) as part of this PR in a separate commit
