When the KUBE_LIST_FROM_CACHE_INCONSISTENCY_DETECTOR environment variable was set
then clients (client-go, dynamic-client) perform a data consistency check
for requests that have a high chance of being served from the watch-cache.
The consistency check is meant to be enforced only in the CI, not in production.
The check ensures that data retrieved by a list api call from the watch-cache
is exactly the same as data received by the list api call from etcd.
Note that this function will panic when data inconsistency is detected.
This is intentional because we want to catch it in the CI.
Note that the new env var is set in the same places
the ENABLE_CACHE_MUTATION_DETECTOR is set.
when the KUBE_WATCHLIST_INCONSISTENCY_DETECTOR environment variable was set
then the reflector performs a data consistency check.
The consistency check is meant to be enforced only in the CI, not in production.
The check ensures that data retrieved by the watch-list api call
is exactly the same as data received by the standard list api call.
note that the new env var is set in the same places
the ENABLE_CACHE_MUTATION_DETECTOR is set.
This change enables the external cloud provider by default for GCE
infrastructure. It is the result of several squashed commits, these are
their commit messages:
* no longer need to enable endpoinslices controller since GA
* use external by default
* DisableKubeletCloudCredentialProviders
* temp test feature gates
This change removes support for basic authn in v1.19 via the
--basic-auth-file flag. This functionality was deprecated in v1.16
in response to ATR-K8S-002: Non-constant time password comparison.
Similar functionality is available via the --token-auth-file flag
for development purposes.
Signed-off-by: Monis Khan <mok@vmware.com>
