From 6de16a406e563d5cb066e52705be3998a82237ed Mon Sep 17 00:00:00 2001 From: Ilya Zuyev Date: Mon, 21 Jun 2021 15:26:35 -0700 Subject: [PATCH 001/205] Add libvirt domain definition for arm64 --- pkg/drivers/kvm/domain.go | 63 +---------------- pkg/drivers/kvm/domain_definition_arm64.go | 80 ++++++++++++++++++++++ pkg/drivers/kvm/domain_definition_x86.go | 80 ++++++++++++++++++++++ 3 files changed, 161 insertions(+), 62 deletions(-) create mode 100644 pkg/drivers/kvm/domain_definition_arm64.go create mode 100644 pkg/drivers/kvm/domain_definition_x86.go diff --git a/pkg/drivers/kvm/domain.go b/pkg/drivers/kvm/domain.go index 1628962bb3..764801013f 100644 --- a/pkg/drivers/kvm/domain.go +++ b/pkg/drivers/kvm/domain.go @@ -23,71 +23,10 @@ import ( "fmt" "text/template" - libvirt "github.com/libvirt/libvirt-go" + "github.com/libvirt/libvirt-go" "github.com/pkg/errors" ) -const domainTmpl = ` - - {{.MachineName}} - {{.Memory}} - {{.CPU}} - - - - - {{if .Hidden}} - - - - {{end}} - - - {{if gt .NUMANodeCount 1}} - {{.NUMANodeXML}} - {{end}} - - - hvm - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - /dev/random - - {{if .GPU}} - {{.DevicesXML}} - {{end}} - - -` - func (d *Driver) getDomain() (*libvirt.Domain, *libvirt.Connect, error) { conn, err := getConnection(d.ConnectionURI) if err != nil { diff --git a/pkg/drivers/kvm/domain_definition_arm64.go b/pkg/drivers/kvm/domain_definition_arm64.go new file mode 100644 index 0000000000..842c7c198d --- /dev/null +++ b/pkg/drivers/kvm/domain_definition_arm64.go @@ -0,0 +1,80 @@ +// +build linux,arm64 + +/* +Copyright 2016 The Kubernetes Authors All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package kvm + +const domainTmpl = ` + + {{.MachineName}} + {{.Memory}} + {{.CPU}} + + + + + {{if .Hidden}} + + + + {{end}} + + + {{if gt .NUMANodeCount 1}} + {{.NUMANodeXML}} + {{end}} + + + hvm + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + /dev/random + + {{if .GPU}} + {{.DevicesXML}} + {{end}} + + +` diff --git a/pkg/drivers/kvm/domain_definition_x86.go b/pkg/drivers/kvm/domain_definition_x86.go new file mode 100644 index 0000000000..2e2627e53c --- /dev/null +++ b/pkg/drivers/kvm/domain_definition_x86.go @@ -0,0 +1,80 @@ +// +build linux,amd64 + +/* +Copyright 2016 The Kubernetes Authors All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package kvm + +const domainTmpl = ` + + {{.MachineName}} + {{.Memory}} + {{.CPU}} + + + + + {{if .Hidden}} + + + + {{end}} + + + {{if gt .NUMANodeCount 1}} + {{.NUMANodeXML}} + {{end}} + + + hvm + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + /dev/random + + {{if .GPU}} + {{.DevicesXML}} + {{end}} + + +` From 70b4328753e74af547515ee934d7586b544df3cf Mon Sep 17 00:00:00 2001 From: Ilya Zuyev Date: Mon, 21 Jun 2021 16:09:36 -0700 Subject: [PATCH 002/205] build native kvm driver by default --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index db9a23088e..fa50bfdd5e 100644 --- a/Makefile +++ b/Makefile @@ -799,7 +799,7 @@ release-notes: update-leaderboard: hack/update_contributions.sh -out/docker-machine-driver-kvm2: out/docker-machine-driver-kvm2-amd64 +out/docker-machine-driver-kvm2: out/docker-machine-driver-kvm2-$(GOARCH) $(if $(quiet),@echo " CP $@") $(Q)cp $< $@ From 84feb87502fc10eb7b00136aa37ccbad5cef136c Mon Sep 17 00:00:00 2001 From: Ilya Zuyev Date: Mon, 21 Jun 2021 16:16:10 -0700 Subject: [PATCH 003/205] fix arm64 libvirt domain definition --- pkg/drivers/kvm/domain_definition_arm64.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/drivers/kvm/domain_definition_arm64.go b/pkg/drivers/kvm/domain_definition_arm64.go index 842c7c198d..ffd5daa416 100644 --- a/pkg/drivers/kvm/domain_definition_arm64.go +++ b/pkg/drivers/kvm/domain_definition_arm64.go @@ -39,7 +39,7 @@ const domainTmpl = ` {{end}} - hvm + hvm From a59e6a73414e95ee11bf23c48968bbb5ed8105d0 Mon Sep 17 00:00:00 2001 From: Ilya Zuyev Date: Mon, 21 Jun 2021 16:26:37 -0700 Subject: [PATCH 004/205] remove acpi config from amd64 libvirt domain --- pkg/drivers/kvm/domain_definition_arm64.go | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/drivers/kvm/domain_definition_arm64.go b/pkg/drivers/kvm/domain_definition_arm64.go index ffd5daa416..e45926e0ac 100644 --- a/pkg/drivers/kvm/domain_definition_arm64.go +++ b/pkg/drivers/kvm/domain_definition_arm64.go @@ -24,7 +24,6 @@ const domainTmpl = ` {{.Memory}} {{.CPU}} - {{if .Hidden}} From 37faf73207616a6d6839879e34a22e124a448baa Mon Sep 17 00:00:00 2001 From: Ilya Zuyev Date: Mon, 21 Jun 2021 17:56:14 -0700 Subject: [PATCH 005/205] improve logs --- pkg/drivers/kvm/kvm.go | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/pkg/drivers/kvm/kvm.go b/pkg/drivers/kvm/kvm.go index 0bcb00bdc6..87345505ae 100644 --- a/pkg/drivers/kvm/kvm.go +++ b/pkg/drivers/kvm/kvm.go @@ -28,7 +28,7 @@ import ( "github.com/docker/machine/libmachine/drivers" "github.com/docker/machine/libmachine/log" "github.com/docker/machine/libmachine/state" - libvirt "github.com/libvirt/libvirt-go" + "github.com/libvirt/libvirt-go" "github.com/pkg/errors" pkgdrivers "k8s.io/minikube/pkg/drivers" "k8s.io/minikube/pkg/util/retry" @@ -320,7 +320,6 @@ func (d *Driver) waitForStaticIP(conn *libvirt.Connect) error { // Create a host using the driver's config func (d *Driver) Create() (err error) { log.Info("Creating KVM machine...") - defer log.Infof("KVM machine creation complete!") err = d.createNetwork() if err != nil { return errors.Wrap(err, "creating network") @@ -364,10 +363,16 @@ func (d *Driver) Create() (err error) { } defer func() { if ferr := dom.Free(); ferr != nil { + log.Warnf("unable to free domain: %v", err) err = ferr } }() - return d.Start() + if err = d.Start(); err != nil { + log.Errorf("unable to start VM: %v", err) + return err + } + log.Infof("KVM machine creation complete!") + return nil } // ensureDirPermissions ensures that libvirt has access to access the image store directory From 952b28e3b75b0599689cb4ff277d83d840be51da Mon Sep 17 00:00:00 2001 From: Ilya Zuyev Date: Mon, 21 Jun 2021 21:15:47 -0700 Subject: [PATCH 006/205] log out xml domain definition --- pkg/drivers/kvm/domain.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/drivers/kvm/domain.go b/pkg/drivers/kvm/domain.go index 764801013f..9bd322acb5 100644 --- a/pkg/drivers/kvm/domain.go +++ b/pkg/drivers/kvm/domain.go @@ -74,6 +74,7 @@ func (d *Driver) createDomain() (*libvirt.Domain, error) { } defer conn.Close() + log.Infof("define libvirt domain using xml: %v", domainXML.String()) // define the domain in libvirt using the generated XML dom, err := conn.DomainDefineXML(domainXML.String()) if err != nil { From e48c8d289f8bc1268984a4ddc45061159bf4dadb Mon Sep 17 00:00:00 2001 From: Ilya Zuyev Date: Mon, 21 Jun 2021 21:16:04 -0700 Subject: [PATCH 007/205] fix domain definition --- pkg/drivers/kvm/domain_definition_arm64.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/drivers/kvm/domain_definition_arm64.go b/pkg/drivers/kvm/domain_definition_arm64.go index e45926e0ac..bce4d51a5b 100644 --- a/pkg/drivers/kvm/domain_definition_arm64.go +++ b/pkg/drivers/kvm/domain_definition_arm64.go @@ -38,7 +38,7 @@ const domainTmpl = ` {{end}} - hvm + hvm From cab20137ab9032b6a96b71d4a1e686060bcb9fcd Mon Sep 17 00:00:00 2001 From: Ilya Zuyev Date: Mon, 21 Jun 2021 22:38:21 -0700 Subject: [PATCH 008/205] try to download arch specific driver --- pkg/minikube/download/driver.go | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/pkg/minikube/download/driver.go b/pkg/minikube/download/driver.go index 2a3f121949..a2865c7260 100644 --- a/pkg/minikube/download/driver.go +++ b/pkg/minikube/download/driver.go @@ -19,9 +19,11 @@ package download import ( "fmt" "os" + "runtime" "github.com/blang/semver" "github.com/pkg/errors" + "k8s.io/klog/v2" "k8s.io/minikube/pkg/minikube/out" "k8s.io/minikube/pkg/minikube/style" ) @@ -30,12 +32,21 @@ func driverWithChecksumURL(name string, v semver.Version) string { base := fmt.Sprintf("https://github.com/kubernetes/minikube/releases/download/v%s/%s", v, name) return fmt.Sprintf("%s?checksum=file:%s.sha256", base, base) } +func driverWithArchAndChecksumURL(name string, v semver.Version) string { + base := fmt.Sprintf("https://github.com/kubernetes/minikube/releases/download/v%s-%s/%s", v, runtime.GOARCH, name) + return fmt.Sprintf("%s?checksum=file:%s.sha256", base, base) +} // Driver downloads an arbitrary driver func Driver(name string, destination string, v semver.Version) error { out.Step(style.FileDownload, "Downloading driver {{.driver}}:", out.V{"driver": name}) - if err := download(driverWithChecksumURL(name, v), destination); err != nil { - return errors.Wrap(err, "download") + + archUrl := driverWithArchAndChecksumURL(name, v) + if err := download(archUrl, destination); err != nil { + klog.Infof("failed to download arch specific driver: %v. trying to get the common version", err) + if err := download(driverWithChecksumURL(name, v), destination); err != nil { + return errors.Wrap(err, "download") + } } // Give downloaded drivers a baseline decent file permission From bb0e51661705059d2835f63d00586504c4aeb045 Mon Sep 17 00:00:00 2001 From: Vishal Jain Date: Tue, 22 Jun 2021 15:32:07 -0700 Subject: [PATCH 009/205] Clean up ssh tunnels during exit. --- pkg/minikube/tunnel/kic/ssh_conn.go | 38 +++++++++++++++++---------- pkg/minikube/tunnel/kic/ssh_tunnel.go | 10 +++++++ 2 files changed, 34 insertions(+), 14 deletions(-) diff --git a/pkg/minikube/tunnel/kic/ssh_conn.go b/pkg/minikube/tunnel/kic/ssh_conn.go index b43e47af6a..991fcaa5b5 100644 --- a/pkg/minikube/tunnel/kic/ssh_conn.go +++ b/pkg/minikube/tunnel/kic/ssh_conn.go @@ -29,10 +29,11 @@ import ( ) type sshConn struct { - name string - service string - cmd *exec.Cmd - ports []int + name string + service string + cmd *exec.Cmd + ports []int + activeConn bool } func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn { @@ -87,9 +88,10 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn { cmd := exec.Command(command, sshArgs...) return &sshConn{ - name: name, - service: svc.Name, - cmd: cmd, + name: name, + service: svc.Name, + cmd: cmd, + activeConn: false, } } @@ -127,10 +129,11 @@ func createSSHConnWithRandomPorts(name, sshPort, sshKey string, svc *v1.Service) cmd := exec.Command("ssh", sshArgs...) return &sshConn{ - name: name, - service: svc.Name, - cmd: cmd, - ports: usedPorts, + name: name, + service: svc.Name, + cmd: cmd, + ports: usedPorts, + activeConn: false, }, nil } @@ -142,14 +145,21 @@ func (c *sshConn) startAndWait() error { return err } + c.activeConn = true // we ignore wait error because the process will be killed _ = c.cmd.Wait() + // Wait is finished for connection, mark false. + c.activeConn = false + return nil } func (c *sshConn) stop() error { - out.Step(style.Stopping, "Stopping tunnel for service {{.service}}.", out.V{"service": c.service}) - - return c.cmd.Process.Kill() + if c.activeConn { + out.Step(style.Stopping, "Stopping tunnel for service {{.service}}.", out.V{"service": c.service}) + return c.cmd.Process.Kill() + } + out.Step(style.Stopping, "Stopped tunnel for service {{.service}}.", out.V{"service": c.service}) + return nil } diff --git a/pkg/minikube/tunnel/kic/ssh_tunnel.go b/pkg/minikube/tunnel/kic/ssh_tunnel.go index a6bd5f0671..9fcd6446a2 100644 --- a/pkg/minikube/tunnel/kic/ssh_tunnel.go +++ b/pkg/minikube/tunnel/kic/ssh_tunnel.go @@ -63,6 +63,7 @@ func (t *SSHTunnel) Start() error { if err != nil { klog.Errorf("error cleaning up: %v", err) } + t.stopActiveConnections() return err default: } @@ -120,6 +121,15 @@ func (t *SSHTunnel) startConnection(svc v1.Service) { } } +func (t *SSHTunnel) stopActiveConnections() { + for _, conn := range t.conns { + err := conn.stop() + if err != nil { + klog.Errorf("error stopping ssh tunnel: %v", err) + } + } +} + func (t *SSHTunnel) stopMarkedConnections() { for _, sshConn := range t.connsToStop { err := sshConn.stop() From 58754c910c2e2c9786928beafef073057beb95aa Mon Sep 17 00:00:00 2001 From: Ilya Zuyev Date: Thu, 24 Jun 2021 23:06:56 -0700 Subject: [PATCH 010/205] update domain definition --- pkg/drivers/kvm/domain_definition_arm64.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkg/drivers/kvm/domain_definition_arm64.go b/pkg/drivers/kvm/domain_definition_arm64.go index bce4d51a5b..02575813fe 100644 --- a/pkg/drivers/kvm/domain_definition_arm64.go +++ b/pkg/drivers/kvm/domain_definition_arm64.go @@ -24,8 +24,8 @@ const domainTmpl = ` {{.Memory}} {{.CPU}} - - + + {{if .Hidden}} @@ -37,7 +37,10 @@ const domainTmpl = ` {{.NUMANodeXML}} {{end}} + + /usr/share/AAVMF/AAVMF_CODE.fd + /var/lib/libvirt/qemu/nvram/ubuntu_VARS.fd hvm From b5dbfe97e812c626d6a2413bf1ed69fd9c96a241 Mon Sep 17 00:00:00 2001 From: Ilya Zuyev Date: Fri, 25 Jun 2021 10:56:50 -0700 Subject: [PATCH 011/205] Fix linter error --- pkg/minikube/download/driver.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/minikube/download/driver.go b/pkg/minikube/download/driver.go index a2865c7260..b5ceadd763 100644 --- a/pkg/minikube/download/driver.go +++ b/pkg/minikube/download/driver.go @@ -41,8 +41,8 @@ func driverWithArchAndChecksumURL(name string, v semver.Version) string { func Driver(name string, destination string, v semver.Version) error { out.Step(style.FileDownload, "Downloading driver {{.driver}}:", out.V{"driver": name}) - archUrl := driverWithArchAndChecksumURL(name, v) - if err := download(archUrl, destination); err != nil { + archURL := driverWithArchAndChecksumURL(name, v) + if err := download(archURL, destination); err != nil { klog.Infof("failed to download arch specific driver: %v. trying to get the common version", err) if err := download(driverWithChecksumURL(name, v), destination); err != nil { return errors.Wrap(err, "download") From e3b5c2f8cf274810ca1c07eb376c71e09ee0dac5 Mon Sep 17 00:00:00 2001 From: Ilya Zuyev Date: Fri, 25 Jun 2021 13:49:54 -0700 Subject: [PATCH 012/205] fix linter error --- pkg/drivers/kvm/domain.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/drivers/kvm/domain.go b/pkg/drivers/kvm/domain.go index 9bd322acb5..a19428cdf9 100644 --- a/pkg/drivers/kvm/domain.go +++ b/pkg/drivers/kvm/domain.go @@ -23,6 +23,7 @@ import ( "fmt" "text/template" + "github.com/docker/machine/libmachine/log" "github.com/libvirt/libvirt-go" "github.com/pkg/errors" ) From 7dab2e078e1eb8cabc61330e06a31a855eaea916 Mon Sep 17 00:00:00 2001 From: amit dixit Date: Fri, 23 Jul 2021 13:18:53 +0200 Subject: [PATCH 013/205] fix for issues #12039 and #12025 --- site/README.md | 2 ++ site/layouts/partials/sidebar-tree.html | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/site/README.md b/site/README.md index 0ee275ebf2..4dca11d1b8 100644 --- a/site/README.md +++ b/site/README.md @@ -1,3 +1,5 @@ +[Minikube](https://minikube.sigs.k8s.io/docs/) uses Docsy theme. + [Docsy](https://github.com/google/docsy) is a Hugo theme for technical documentation sites, providing easy site navigation, structure, and more. This **Docsy Example Project** uses the Docsy theme, as well as providing a skeleton documentation structure for you to use. You can either copy this project and edit it with your own content, or use the theme in your projects like any other [Hugo theme](https://themes.gohugo.io/). This Docsy Example Project is hosted at [https://goldydocs.netlify.com/](https://goldydocs.netlify.com/). diff --git a/site/layouts/partials/sidebar-tree.html b/site/layouts/partials/sidebar-tree.html index 61ba2a9a81..3ec07373b8 100644 --- a/site/layouts/partials/sidebar-tree.html +++ b/site/layouts/partials/sidebar-tree.html @@ -68,7 +68,7 @@
  • - {{ $s.LinkTitle }} + 🍀 {{ $s.LinkTitle }}
    • @@ -100,7 +100,7 @@ {{ end }} {{ if $showPage }} - {{ .LinkTitle }} + ➔ {{ .LinkTitle }} {{ end }} {{/* end minikube hack */}} From cc03cdab2149e4c52512b2574ec1b687faf8c25f Mon Sep 17 00:00:00 2001 From: amit dixit Date: Fri, 23 Jul 2021 13:35:15 +0200 Subject: [PATCH 014/205] fix for issues #12039 and #12025 --- site/README.md | 50 +++++++++++++++----------------------------------- 1 file changed, 15 insertions(+), 35 deletions(-) diff --git a/site/README.md b/site/README.md index 4dca11d1b8..926a8d6277 100644 --- a/site/README.md +++ b/site/README.md @@ -1,28 +1,23 @@ -[Minikube](https://minikube.sigs.k8s.io/docs/) uses Docsy theme. -[Docsy](https://github.com/google/docsy) is a Hugo theme for technical documentation sites, providing easy site navigation, structure, and more. This **Docsy Example Project** uses the Docsy theme, as well as providing a skeleton documentation structure for you to use. You can either copy this project and edit it with your own content, or use the theme in your projects like any other [Hugo theme](https://themes.gohugo.io/). - -This Docsy Example Project is hosted at [https://goldydocs.netlify.com/](https://goldydocs.netlify.com/). +[Docsy](https://github.com/google/docsy) is a Hugo theme for technical documentation sites, providing easy site navigation, structure, and more. This **Minikube project** uses the Docsy theme for [Minikube Website](https://minikube.sigs.k8s.io/docs/). You can find detailed theme instructions in the Docsy user guide: https://docsydocs.netlify.com/docs/ -This is not an officially supported Google product. This project is currently maintained. -## Cloning the Docsy Example Project - -The following will give you a project that is set up and ready to use (don't forget to use `--recurse-submodules` or you won't pull down some of the code you need to generate a working site). The `hugo server` command builds and serves the site. If you just want to build the site, run `hugo` instead. +## Running the website locally +Clone the minikube project fork with option ```--recurse-submodules --depth 1 ``` to download and update submodule dependencies. ```bash -git clone --recurse-submodules --depth 1 https://github.com/google/docsy-example.git -cd docsy-example -hugo server +git clone --recurse-submodules --depth 1 https://github.com/kubernetes/minikube.git # replace path with your github fork of minikube +cd minikube/site +hugo server # to server site locally ``` The theme is included as a Git submodule: ```bash ▶ git submodule - a053131a4ebf6a59e4e8834a42368e248d98c01d themes/docsy (heads/master) + 2536303cad19991c673037f4f16332075141364a themes/docsy (2536303) ``` If you want to do SCSS edits and want to publish these, you need to install `PostCSS` (not needed for `hugo server`): @@ -30,29 +25,14 @@ If you want to do SCSS edits and want to publish these, you need to install `Pos ```bash npm install ``` - - - -## Running the website locally - -Once you've cloned the site repo, from the repo root folder, run: - -``` -hugo server -``` From 4edece6dc86ac7f64a611ca85fb4564e24e6561e Mon Sep 17 00:00:00 2001 From: amit dixit Date: Fri, 23 Jul 2021 14:05:49 +0200 Subject: [PATCH 015/205] updated site/README.md --- site/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/README.md b/site/README.md index 926a8d6277..4121b87e77 100644 --- a/site/README.md +++ b/site/README.md @@ -32,7 +32,7 @@ hugo v0.86.0+extended darwin/amd64 BuildDate=unknown Error: Error building site: "/minikube/site/content/en/docs/contrib/releasing/binaries.md:64:1": failed to extract shortcode: template for shortcode "alert" not found Built in 667 ms ``` -> This indicates the submodules are not upated. +This indicates the submodules are not upated. Please run the following command to fix. ``` git submodule update --init --recursive ``` From ecaa3c1f0302562bc54d47e1aac803c12deaa9ad Mon Sep 17 00:00:00 2001 From: Vishal Jain Date: Sun, 25 Jul 2021 14:45:41 -0700 Subject: [PATCH 016/205] Addressed comment about activeConn. --- pkg/minikube/tunnel/kic/ssh_conn.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/minikube/tunnel/kic/ssh_conn.go b/pkg/minikube/tunnel/kic/ssh_conn.go index 991fcaa5b5..35b1abac02 100644 --- a/pkg/minikube/tunnel/kic/ssh_conn.go +++ b/pkg/minikube/tunnel/kic/ssh_conn.go @@ -157,6 +157,7 @@ func (c *sshConn) startAndWait() error { func (c *sshConn) stop() error { if c.activeConn { + c.activeConn = false out.Step(style.Stopping, "Stopping tunnel for service {{.service}}.", out.V{"service": c.service}) return c.cmd.Process.Kill() } From d1cdd24efc79320e2a7177173559caba4821092c Mon Sep 17 00:00:00 2001 From: amit dixit Date: Wed, 28 Jul 2021 14:36:38 +0200 Subject: [PATCH 017/205] resolve change requests for #12040 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1. changed icon from ☘ to ⬛ (solid black square) 2. fix benchmark folder renderation (for subfolders) Signed-off-by: amit dixit --- .../en/docs/benchmarks/cpuUsage/{linux/_index.md => linux.md} | 0 .../en/docs/benchmarks/cpuUsage/{macOS/_index.md => macos.md} | 0 .../{benchmarkingProcess/_index.md => benchmarkingprocess.md} | 0 .../imageBuild/{linux/_index.md => linuxbenchmark.md} | 0 .../benchmarks/imageBuild/{mac/_index.md => macbenchmark.md} | 0 .../{minikubeVsOthers/_index.md => minikubevsothers.md} | 0 site/layouts/partials/sidebar-tree.html | 2 +- 7 files changed, 1 insertion(+), 1 deletion(-) rename site/content/en/docs/benchmarks/cpuUsage/{linux/_index.md => linux.md} (100%) rename site/content/en/docs/benchmarks/cpuUsage/{macOS/_index.md => macos.md} (100%) rename site/content/en/docs/benchmarks/imageBuild/{benchmarkingProcess/_index.md => benchmarkingprocess.md} (100%) rename site/content/en/docs/benchmarks/imageBuild/{linux/_index.md => linuxbenchmark.md} (100%) rename site/content/en/docs/benchmarks/imageBuild/{mac/_index.md => macbenchmark.md} (100%) rename site/content/en/docs/benchmarks/imageBuild/{minikubeVsOthers/_index.md => minikubevsothers.md} (100%) diff --git a/site/content/en/docs/benchmarks/cpuUsage/linux/_index.md b/site/content/en/docs/benchmarks/cpuUsage/linux.md similarity index 100% rename from site/content/en/docs/benchmarks/cpuUsage/linux/_index.md rename to site/content/en/docs/benchmarks/cpuUsage/linux.md diff --git a/site/content/en/docs/benchmarks/cpuUsage/macOS/_index.md b/site/content/en/docs/benchmarks/cpuUsage/macos.md similarity index 100% rename from site/content/en/docs/benchmarks/cpuUsage/macOS/_index.md rename to site/content/en/docs/benchmarks/cpuUsage/macos.md diff --git a/site/content/en/docs/benchmarks/imageBuild/benchmarkingProcess/_index.md b/site/content/en/docs/benchmarks/imageBuild/benchmarkingprocess.md similarity index 100% rename from site/content/en/docs/benchmarks/imageBuild/benchmarkingProcess/_index.md rename to site/content/en/docs/benchmarks/imageBuild/benchmarkingprocess.md diff --git a/site/content/en/docs/benchmarks/imageBuild/linux/_index.md b/site/content/en/docs/benchmarks/imageBuild/linuxbenchmark.md similarity index 100% rename from site/content/en/docs/benchmarks/imageBuild/linux/_index.md rename to site/content/en/docs/benchmarks/imageBuild/linuxbenchmark.md diff --git a/site/content/en/docs/benchmarks/imageBuild/mac/_index.md b/site/content/en/docs/benchmarks/imageBuild/macbenchmark.md similarity index 100% rename from site/content/en/docs/benchmarks/imageBuild/mac/_index.md rename to site/content/en/docs/benchmarks/imageBuild/macbenchmark.md diff --git a/site/content/en/docs/benchmarks/imageBuild/minikubeVsOthers/_index.md b/site/content/en/docs/benchmarks/imageBuild/minikubevsothers.md similarity index 100% rename from site/content/en/docs/benchmarks/imageBuild/minikubeVsOthers/_index.md rename to site/content/en/docs/benchmarks/imageBuild/minikubevsothers.md diff --git a/site/layouts/partials/sidebar-tree.html b/site/layouts/partials/sidebar-tree.html index 3ec07373b8..7161bf0595 100644 --- a/site/layouts/partials/sidebar-tree.html +++ b/site/layouts/partials/sidebar-tree.html @@ -68,7 +68,7 @@
      • - 🍀 {{ $s.LinkTitle }} + ⬛ {{ $s.LinkTitle }}
        • From 23a4cd3f0fa166db97e62fcb73366598abd0cdc3 Mon Sep 17 00:00:00 2001 From: amit dixit Date: Thu, 29 Jul 2021 09:04:07 +0200 Subject: [PATCH 018/205] fix casing for Tuturials| replaced arrow with blank space | top level box color change to blue ( as per the asthetics) when selected --- site/content/en/docs/tutorials/custom_cert_ingress.md | 2 +- .../en/docs/tutorials/setup_minikube_in_github_actions.md | 2 +- site/content/en/docs/tutorials/telemetry.md | 2 +- site/layouts/partials/sidebar-tree.html | 5 +++-- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/site/content/en/docs/tutorials/custom_cert_ingress.md b/site/content/en/docs/tutorials/custom_cert_ingress.md index dd6e0865f6..f130549903 100644 --- a/site/content/en/docs/tutorials/custom_cert_ingress.md +++ b/site/content/en/docs/tutorials/custom_cert_ingress.md @@ -1,6 +1,6 @@ --- title: "How to use custom TLS certificate with ingress addon" -linkTitle: "Using custom TLS certificate with ingress addon" +linkTitle: "Using Custom TLS certificate with Ingress Addon" weight: 1 date: 2020-11-30 --- diff --git a/site/content/en/docs/tutorials/setup_minikube_in_github_actions.md b/site/content/en/docs/tutorials/setup_minikube_in_github_actions.md index c91030fd5f..7d97a3c79c 100644 --- a/site/content/en/docs/tutorials/setup_minikube_in_github_actions.md +++ b/site/content/en/docs/tutorials/setup_minikube_in_github_actions.md @@ -1,6 +1,6 @@ --- title: "Setup minikube as CI step in github actions" -linkTitle: "minikube in github actions" +linkTitle: "Minikube in github actions" weight: 1 date: 2020-06-02 description: > diff --git a/site/content/en/docs/tutorials/telemetry.md b/site/content/en/docs/tutorials/telemetry.md index 55e16d4f02..b3dc9ab3a3 100644 --- a/site/content/en/docs/tutorials/telemetry.md +++ b/site/content/en/docs/tutorials/telemetry.md @@ -1,6 +1,6 @@ --- title: "Telemetry" -linkTitle: "telemetry" +linkTitle: "Telemetry" weight: 1 date: 2020-11-24 --- diff --git a/site/layouts/partials/sidebar-tree.html b/site/layouts/partials/sidebar-tree.html index 7161bf0595..954211f15d 100644 --- a/site/layouts/partials/sidebar-tree.html +++ b/site/layouts/partials/sidebar-tree.html @@ -68,7 +68,8 @@
          • - ⬛ {{ $s.LinkTitle }} + {{ if $activeSection}} 🟦 {{ else }} ⬛ {{ end }} + {{ $s.LinkTitle }}
            • @@ -100,7 +101,7 @@ {{ end }} {{ if $showPage }} - ➔ {{ .LinkTitle }} + {{ .LinkTitle }} {{ end }} {{/* end minikube hack */}} From 88a4add138ca07a99b2a32292fd6ceea1a8e3613 Mon Sep 17 00:00:00 2001 From: Steven Powell Date: Thu, 29 Jul 2021 16:50:29 -0700 Subject: [PATCH 019/205] auto start buildkit daemon on `image load` for containerd --- pkg/minikube/cruntime/containerd.go | 23 +++++++++++++++++++++++ test/integration/functional_test.go | 16 +--------------- 2 files changed, 24 insertions(+), 15 deletions(-) diff --git a/pkg/minikube/cruntime/containerd.go b/pkg/minikube/cruntime/containerd.go index 24e872bc66..3ca3fc3974 100644 --- a/pkg/minikube/cruntime/containerd.go +++ b/pkg/minikube/cruntime/containerd.go @@ -343,6 +343,10 @@ func downloadRemote(cr CommandRunner, src string) (string, error) { // BuildImage builds an image into this runtime func (r *Containerd) BuildImage(src string, file string, tag string, push bool, env []string, opts []string) error { + if err := r.initBuildkitDaemon(); err != nil { + return fmt.Errorf("failed to init buildkit daemon: %v", err) + } + // download url if not already present dir, err := downloadRemote(r.Runner, src) if err != nil { @@ -393,6 +397,25 @@ func (r *Containerd) BuildImage(src string, file string, tag string, push bool, return nil } +func (r *Containerd) initBuildkitDaemon() error { + // if daemon is already running, do nothing + cmd := exec.Command("pgrep", "buildkitd") + if _, err := r.Runner.RunCmd(cmd); err == nil { + return nil + } + + // otherwise, start daemon + cmd = exec.Command("/bin/bash", "-c", "sudo -b buildkitd --oci-worker false --containerd-worker true --containerd-worker-namespace k8s.io &> /dev/null") + if _, err := r.Runner.RunCmd(cmd); err != nil { + return fmt.Errorf("failed to start buildkit daemon: %v", err) + } + + // give the daemon time to finish starting up or image build will fail + time.Sleep(1 * time.Second) + + return nil +} + // CGroupDriver returns cgroup driver ("cgroupfs" or "systemd") func (r *Containerd) CGroupDriver() (string, error) { info, err := getCRIInfo(r.Runner) diff --git a/test/integration/functional_test.go b/test/integration/functional_test.go index 5ccae3ca6d..0516e39712 100644 --- a/test/integration/functional_test.go +++ b/test/integration/functional_test.go @@ -342,7 +342,7 @@ func listImages(ctx context.Context, t *testing.T, profile string) (*RunResult, // validateBuildImage makes sures that `minikube image build` works as expected func validateBuildImage(ctx context.Context, t *testing.T, profile string) { if NoneDriver() { - t.Skip("load image not available on none driver") + t.Skip("image build not available on none driver") } if GithubActionRunner() && runtime.GOOS == "darwin" { t.Skip("skipping on github actions and darwin, as this test requires a running docker daemon") @@ -350,10 +350,6 @@ func validateBuildImage(ctx context.Context, t *testing.T, profile string) { defer PostMortemLogs(t, profile) newImage := fmt.Sprintf("localhost/my-image:%s", profile) - if ContainerRuntime() == "containerd" { - startBuildkit(ctx, t, profile) - // unix:///run/buildkit/buildkitd.sock - } // try to build the new image with minikube rr, err := Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "image", "build", "-t", newImage, filepath.Join(*testdataDir, "build"))) @@ -379,16 +375,6 @@ func validateBuildImage(ctx context.Context, t *testing.T, profile string) { } } -func startBuildkit(ctx context.Context, t *testing.T, profile string) { - // sudo systemctl start buildkit.socket - cmd := exec.CommandContext(ctx, Target(), "ssh", "-p", profile, "--", "nohup", - "sudo", "-b", "buildkitd", "--oci-worker=false", - "--containerd-worker=true", "--containerd-worker-namespace=k8s.io") - if rr, err := Run(t, cmd); err != nil { - t.Fatalf("%s failed: %v", rr.Command(), err) - } -} - // validateListImages makes sures that `minikube image ls` works as expected func validateListImages(ctx context.Context, t *testing.T, profile string) { if NoneDriver() { From 60c9a3752c06e5585d0dcaeabc2f8ec4350c024a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Fri, 30 Jul 2021 17:50:21 +0200 Subject: [PATCH 020/205] Allow building kicbase without pushing it Otherwise it is the same as push-kic-base-image --- Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Makefile b/Makefile index eea14c2ca5..98b39485b6 100644 --- a/Makefile +++ b/Makefile @@ -702,6 +702,10 @@ endif local-kicbase-debug: local-kicbase ## Builds a local kicbase image and switches source code to point to it $(SED) 's|Version = .*|Version = \"$(KIC_VERSION)-$(COMMIT_SHORT)\"|;s|baseImageSHA = .*|baseImageSHA = \"\"|;s|gcrRepo = .*|gcrRepo = \"local/kicbase\"|;s|dockerhubRepo = .*|dockerhubRepo = \"local/kicbase\"|' pkg/drivers/kic/types.go +.PHONY: build-kic-base-image +build-kic-base-image: docker-multi-arch-builder ## Build multi-arch local/kicbase:latest + env $(X_BUILD_ENV) docker buildx build -f ./deploy/kicbase/Dockerfile --builder $(X_DOCKER_BUILDER) --platform $(KICBASE_ARCH) $(addprefix -t ,$(KICBASE_IMAGE_REGISTRIES)) --load --build-arg COMMIT_SHA=${VERSION}-$(COMMIT) . + .PHONY: push-kic-base-image push-kic-base-image: docker-multi-arch-builder ## Push multi-arch local/kicbase:latest to all remote registries ifdef AUTOPUSH From 4b9faa73a6f16abe9f14674f59e4165753de2ff0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Fri, 30 Jul 2021 18:07:39 +0200 Subject: [PATCH 021/205] Build kicbase image for all architectures Synchronize ALL_ARCH and KICBASE_ARCH Build release image for all 5 k8s arch --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index eea14c2ca5..04630ce960 100644 --- a/Makefile +++ b/Makefile @@ -682,7 +682,7 @@ docker-multi-arch-builder: env $(X_BUILD_ENV) docker buildx rm --builder $(X_DOCKER_BUILDER) || true env $(X_BUILD_ENV) docker buildx create --name $(X_DOCKER_BUILDER) --buildkitd-flags '--debug' || true -KICBASE_ARCH = linux/arm64,linux/amd64 +KICBASE_ARCH = linux/amd64,linux/arm,linux/arm64,linux/ppc64le,linux/s390x KICBASE_IMAGE_GCR ?= $(REGISTRY)/kicbase:$(KIC_VERSION) KICBASE_IMAGE_HUB ?= kicbase/stable:$(KIC_VERSION) KICBASE_IMAGE_REGISTRIES ?= $(KICBASE_IMAGE_GCR) $(KICBASE_IMAGE_HUB) From 46c379716995a831196e72ed34c8b8d11c7c3639 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Sun, 1 Aug 2021 09:53:47 +0200 Subject: [PATCH 022/205] Show cli versions instead of daemon versions Since the server daemon might not be running This affects docker and containerd runtimes --- cmd/minikube/cmd/version.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/cmd/minikube/cmd/version.go b/cmd/minikube/cmd/version.go index 7b45f6f0ea..fdb1d40973 100644 --- a/cmd/minikube/cmd/version.go +++ b/cmd/minikube/cmd/version.go @@ -53,13 +53,14 @@ var versionCmd = &cobra.Command{ co := mustload.Running(ClusterFlagValue()) runner := co.CP.Runner versionCMDS := map[string]*exec.Cmd{ - "docker": exec.Command("docker", "version", "--format={{.Client.Version}}"), + "docker": exec.Command("docker", "--version"), + "dockerd": exec.Command("dockerd", "--version"), "containerd": exec.Command("containerd", "--version"), - "crio": exec.Command("crio", "version"), - "podman": exec.Command("sudo", "podman", "version"), - "crictl": exec.Command("sudo", "crictl", "version"), + "crio": exec.Command("crio", "--version"), + "podman": exec.Command("sudo", "podman", "--version"), + "crictl": exec.Command("sudo", "crictl", "--version"), "buildctl": exec.Command("buildctl", "--version"), - "ctr": exec.Command("sudo", "ctr", "version"), + "ctr": exec.Command("ctr", "--version"), "runc": exec.Command("runc", "--version"), } for k, v := range versionCMDS { From 4f6ee47f281e85e469bc77fc566f529ef4cafc49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Sun, 1 Aug 2021 10:12:15 +0200 Subject: [PATCH 023/205] Remove extra output lines after the version Some commands, like crio and runc, dump extra line noise after the --version even though they have a long version. --- cmd/minikube/cmd/version.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cmd/minikube/cmd/version.go b/cmd/minikube/cmd/version.go index fdb1d40973..c073f53e3a 100644 --- a/cmd/minikube/cmd/version.go +++ b/cmd/minikube/cmd/version.go @@ -69,7 +69,10 @@ var versionCmd = &cobra.Command{ klog.Warningf("error getting %s's version: %v", k, err) data[k] = "error" } else { - data[k] = strings.TrimSpace(rr.Stdout.String()) + version := rr.Stdout.String() + // remove extra lines after the version + version = strings.Split(version, "\n")[0] + data[k] = strings.TrimSpace(version) } } From 6e571d830f76ccc87dd56cf893f50e2e8f8c6306 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Sun, 1 Aug 2021 10:20:39 +0200 Subject: [PATCH 024/205] Show data with keys sorted instead of random --- cmd/minikube/cmd/version.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/cmd/minikube/cmd/version.go b/cmd/minikube/cmd/version.go index c073f53e3a..6f2a2da02b 100644 --- a/cmd/minikube/cmd/version.go +++ b/cmd/minikube/cmd/version.go @@ -19,6 +19,7 @@ package cmd import ( "encoding/json" "os/exec" + "sort" "strings" "github.com/spf13/cobra" @@ -86,7 +87,13 @@ var versionCmd = &cobra.Command{ if gitCommitID != "" { out.Ln("commit: %v", gitCommitID) } - for k, v := range data { + keys := make([]string, 0, len(data)) + for k := range data { + keys = append(keys, k) + } + sort.Strings(keys) + for _, k := range keys { + v := data[k] // for backward compatibility we keep displaying the old way for these two if k == "minikubeVersion" || k == "commit" { continue From 9197a591898f57d5457a5088d4ee534b8ef6c56b Mon Sep 17 00:00:00 2001 From: Zhang Shihe Date: Sun, 1 Aug 2021 16:51:05 +0800 Subject: [PATCH 025/205] Update custom_cert_ingress.md --- site/content/en/docs/tutorials/custom_cert_ingress.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/site/content/en/docs/tutorials/custom_cert_ingress.md b/site/content/en/docs/tutorials/custom_cert_ingress.md index dd6e0865f6..ffba21ed80 100644 --- a/site/content/en/docs/tutorials/custom_cert_ingress.md +++ b/site/content/en/docs/tutorials/custom_cert_ingress.md @@ -7,7 +7,8 @@ date: 2020-11-30 ## Overview -- This tutorial will show you how to configure custom TLS certificatate for ingress addon. +- This tutorial will show you how to configure custom TLS certificatate for ingress addon. +- [mkcert](https://github.com/FiloSottile/mkcert) is a simple tool for making locally-trusted development certificates. It requires no configuration. ## Tutorial From ef136c85347cb4de731a4a1c27b23ab69124a41f Mon Sep 17 00:00:00 2001 From: Jeff MAURY Date: Mon, 2 Aug 2021 09:47:00 +0200 Subject: [PATCH 026/205] Add issue French template Signed-off-by: Jeff MAURY --- .github/ISSUE_TEMPLATE/fr.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/fr.md diff --git a/.github/ISSUE_TEMPLATE/fr.md b/.github/ISSUE_TEMPLATE/fr.md new file mode 100644 index 0000000000..8ef71cf5d0 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/fr.md @@ -0,0 +1,24 @@ +--- +name: Français +about: Signaler un problème +labels: l/fr +--- + +**Étapes pour reproduire le problème:** + +1. +2. +3. + +**Sortie complète de la commande `minikube logs`:** +
              + + +
              + + +**Sortie complète de la commande échouée:** +
              + + +
              From ef196a35b8efdc9532ab344b8ef4d9419e4b9710 Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Mon, 2 Aug 2021 08:03:07 +0000 Subject: [PATCH 027/205] bump default/newest kubernetes versions --- .../bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml | 2 +- .../bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml | 2 +- pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml | 2 +- pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml | 2 +- pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml | 2 +- pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml | 2 +- .../bootstrapper/bsutil/testdata/v1.22/image-repository.yaml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml index 9df5003de0..047fc02b67 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s + tcpCloseWaitTimeout: 0s \ No newline at end of file diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml index dbb3848b7a..94f9304344 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s + tcpCloseWaitTimeout: 0s \ No newline at end of file diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml index 0b4338aa95..5dcf6fa1cb 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s + tcpCloseWaitTimeout: 0s \ No newline at end of file diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml index 0f98e04878..8f64537e5f 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s + tcpCloseWaitTimeout: 0s \ No newline at end of file diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml index 6a04619bf1..cbcd72f146 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s + tcpCloseWaitTimeout: 0s \ No newline at end of file diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml index 9bbacc2ff8..b2deec7229 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s + tcpCloseWaitTimeout: 0s \ No newline at end of file diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml index 169d8d4721..418f7c5a1d 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml @@ -72,4 +72,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s + tcpCloseWaitTimeout: 0s \ No newline at end of file From 184b6c95c6a1be560608363af260144356ca410c Mon Sep 17 00:00:00 2001 From: Jeff MAURY Date: Mon, 2 Aug 2021 10:19:35 +0200 Subject: [PATCH 028/205] Fix french translation Signed-off-by: Jeff MAURY --- translations/fr.json | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/translations/fr.json b/translations/fr.json index c86e3a257a..395c2a5881 100644 --- a/translations/fr.json +++ b/translations/fr.json @@ -101,7 +101,7 @@ "Consider creating a cluster with larger memory size using `minikube start --memory SIZE_MB` ": "Envisagez de créer un cluster avec une plus grande taille de mémoire en utilisant `minikube start --memory SIZE_MB`", "Consider increasing Docker Desktop's memory size.": "Envisagez d'augmenter la taille de la mémoire de Docker Desktop.", "Continuously listing/getting the status with optional interval duration.": "Répertorier/obtenir le statut en continu avec une durée d'intervalle facultative.", - "Control Plane could not update, try minikube delete --all --purge": "", + "Control Plane could not update, try minikube delete --all --purge": "Le plan de contrôle n'a pas pu mettre à jour, essayez minikube delete --all --purge", "Copy the specified file into minikube": "Copiez le fichier spécifié dans minikube", "Copy the specified file into minikube, it will be saved at path \u003ctarget file absolute path\u003e in your minikube.\\nExample Command : \\\"minikube cp a.txt /home/docker/b.txt\\\"\\n \\\"minikube cp a.txt minikube-m02:/home/docker/b.txt\\\"\\n": "Copiez le fichier spécifié dans minikube, il sera enregistré au chemin \u003ctarget file absolute path\u003e dans votre minikube.\\nExemple de commande : \\\"minikube cp a.txt /home/docker/b.txt\\\"\\n \\\"minikube cp a.txt minikube-m02:/home/docker/b.txt\\\"\\n", "Could not determine a Google Cloud project, which might be ok.": "Impossible de déterminer un projet Google Cloud, ce qui peut convenir.", @@ -219,7 +219,7 @@ "Existing disk is missing new features ({{.error}}). To upgrade, run 'minikube delete'": "Il manque de nouvelles fonctionnalités sur le disque existant ({{.error}}). Pour mettre à niveau, exécutez 'minikube delete'", "Exiting": "Fermeture…", "Exiting due to {{.fatal_code}}: {{.fatal_msg}}": "Fermeture en raison de {{.fatal_code}} : {{.fatal_msg}}", - "Exposed port of the proxyfied dashboard. Set to 0 to pick a random port.": "", + "Exposed port of the proxyfied dashboard. Set to 0 to pick a random port.": "Port exposé du tableau de bord proxyfié. Réglez sur 0 pour choisir un port aléatoire.", "External Adapter on which external switch will be created if no external switch is found. (hyperv driver only)": "L'adaptateur externe sur lequel un commutateur externe sera créé si aucun commutateur externe n'est trouvé. (pilote hyperv uniquement)", "Fail check if container paused": "Échec de la vérification si le conteneur est en pause", "Failed runtime": "Échec de l'exécution", @@ -339,7 +339,7 @@ "Install VirtualBox and ensure it is in the path, or select an alternative value for --driver": "Installez VirtualBox et assurez-vous qu'il est dans le chemin, ou sélectionnez une valeur alternative pour --driver", "Install the latest hyperkit binary, and run 'minikube delete'": "Installez le dernier binaire hyperkit et exécutez 'minikube delete'", "Invalid Container Runtime: \"{{.runtime}}\". Valid runtimes are: {{.validOptions}}": "Exécution de conteneur non valide : \"{{.runtime}}\". Les environnements d'exécution valides sont : {{.validOptions}}", - "Invalid port": "", + "Invalid port": "Port invalide", "Istio needs {{.minCPUs}} CPUs -- your configuration only allocates {{.cpus}} CPUs": "Istio a besoin de {{.minCPUs}} processeurs -- votre configuration n'alloue que {{.cpus}} processeurs", "Istio needs {{.minMem}}MB of memory -- your configuration only allocates {{.memory}}MB": "Istio a besoin de {{.minMem}}Mo de mémoire -- votre configuration n'alloue que {{.memory}}Mo", "It seems that you are running in GCE, which means authentication should work without the GCP Auth addon. If you would still like to authenticate using a credentials file, use the --force flag.": "Il semble que vous exécutiez GCE, ce qui signifie que l'authentification devrait fonctionner sans le module GCP Auth. Si vous souhaitez toujours vous authentifier à l'aide d'un fichier d'informations d'identification, utilisez l'indicateur --force.", @@ -402,7 +402,7 @@ "Noticed you have an activated docker-env on {{.driver_name}} driver in this terminal:": "Vous avez remarqué que vous avez un docker-env activé sur le pilote {{.driver_name}} dans ce terminal :", "Noticed you have an activated podman-env on {{.driver_name}} driver in this terminal:": "Vous avez remarqué que vous avez un pilote podman-env activé sur {{.driver_name}} dans ce terminal :", "Number of CPUs allocated to the minikube VM": "Nombre de processeurs alloués à la VM minikube.", - "Number of extra disks created and attached to the minikube VM (currently only implemented for hyperkit driver)": "", + "Number of extra disks created and attached to the minikube VM (currently only implemented for hyperkit driver)": "Nombre de disques supplémentaires créés et attachés à la machine virtuelle minikube (actuellement implémenté uniquement pour le pilote hyperkit)", "Number of lines back to go within the log": "Nombre de lignes à remonter dans le journal", "OS release is {{.pretty_name}}": "La version du système d'exploitation est {{.pretty_name}}", "One of 'yaml' or 'json'.": "Un parmi 'yaml' ou 'json'.", @@ -557,8 +557,8 @@ "Specify the 9p version that the mount should use": "Spécifiez la version 9p que la montage doit utiliser", "Specify the ip that the mount should be setup on": "Spécifiez l'adresse IP sur laquelle le montage doit être configuré", "Specify the mount filesystem type (supported types: 9p)": "Spécifiez le type de système de fichiers de montage (types pris en charge : 9p)", - "Specify the port that the mount should be setup on, where 0 means any free port.": "", - "Specifying extra disks is currently only supported for the following drivers: {{.supported_drivers}}. If you can contribute to add this feature, please create a PR.": "", + "Specify the port that the mount should be setup on, where 0 means any free port.": "Spécifiez le port sur lequel le montage doit être configuré, où 0 signifie tout port libre.", + "Specifying extra disks is currently only supported for the following drivers: {{.supported_drivers}}. If you can contribute to add this feature, please create a PR.": "La spécification de disques supplémentaires n'est actuellement prise en charge que pour les pilotes suivants : {{.supported_drivers}}. Si vous pouvez contribuer à ajouter cette fonctionnalité, veuillez créer un PR.", "StartHost failed, but will try again: {{.error}}": "StartHost a échoué, mais va réessayer : {{.error}}", "Starting control plane node {{.name}} in cluster {{.cluster}}": "Démarrage du noeud de plan de contrôle {{.name}} dans le cluster {{.cluster}}", "Starting node {{.name}} in cluster {{.cluster}}": "Démarrage du noeud {{.name}} dans le cluster {{.cluster}}", @@ -597,7 +597,7 @@ "The '{{.name}}' driver does not respect the --cpus flag": "Le pilote '{{.name}}' ne respecte pas l'indicateur --cpus", "The '{{.name}}' driver does not respect the --memory flag": "Le pilote '{{.name}}' ne respecte pas l'indicateur --memory", "The --image-repository flag your provided contains Scheme: {{.scheme}}, it will be as a domian, removed automatically": "L'indicateur --image-repository que vous avez fourni contient le schéma : {{.scheme}}, ce sera en tant que domaine, supprimé automatiquement", - "The --image-repository flag your provided contains Scheme: {{.scheme}}, which will be removed automatically": "", + "The --image-repository flag your provided contains Scheme: {{.scheme}}, which will be removed automatically": "L'indicateur --image-repository que vous avez fourni contient le schéma: {{.scheme}}, qui sera automatiquement supprimé", "The --image-repository flag your provided ended with a trailing / that could cause conflict in kuberentes, removed automatically": "L'indicateur --image-repository que vous avez fourni s'est terminé par un / qui pourrait provoquer un conflit dans kubernetes, supprimé automatiquement", "The CIDR to be used for service cluster IPs.": "Méthode CIDR à exploiter pour les adresses IP des clusters du service.", "The CIDR to be used for the minikube VM (virtualbox driver only)": "Méthode CIDR à exploiter pour la VM minikube (pilote virtualbox uniquement).", @@ -810,12 +810,12 @@ "You are trying to run windows .exe binary inside WSL, for better integration please use Linux binary instead (Download at https://minikube.sigs.k8s.io/docs/start/.). Otherwise if you still want to do this, you can do it using --force": "Vous essayez d'exécuter le binaire Windows .exe dans WSL. Pour une meilleure intégration, veuillez utiliser le binaire Linux à la place (Télécharger sur https://minikube.sigs.k8s.io/docs/start/.). Sinon, si vous voulez toujours le faire, vous pouvez le faire en utilisant --force", "You can delete them using the following command(s): ": "Vous pouvez les supprimer à l'aide de la ou des commandes suivantes :", "You can force an unsupported Kubernetes version via the --force flag": "Vous pouvez forcer une version Kubernetes non prise en charge via l'indicateur --force", - "You cannot add or remove extra disks for an existing minikube cluster. Please first delete the cluster.": "", + "You cannot add or remove extra disks for an existing minikube cluster. Please first delete the cluster.": "Vous ne pouvez pas ajouter ou supprimer des disques supplémentaires pour un cluster minikube existant. Veuillez d'abord supprimer le cluster.", "You cannot change the CPUs for an existing minikube cluster. Please first delete the cluster.": "Vous ne pouvez pas modifier les processeurs d'un cluster minikube existant. Veuillez d'abord supprimer le cluster.", "You cannot change the disk size for an existing minikube cluster. Please first delete the cluster.": "Vous ne pouvez pas modifier la taille du disque pour un cluster minikube existant. Veuillez d'abord supprimer le cluster.", "You cannot change the memory size for an existing minikube cluster. Please first delete the cluster.": "Vous ne pouvez pas modifier la taille de la mémoire d'un cluster minikube existant. Veuillez d'abord supprimer le cluster.", "You have chosen to disable the CNI but the \\\"{{.name}}\\\" container runtime requires CNI": "Vous avez choisi de désactiver le CNI mais le runtime du conteneur \\\"{{.name}}\\\" nécessite CNI", - "You have selected \"virtualbox\" driver, but there are better options !\nFor better performance and support consider using a different driver: {{.drivers}}\n\nTo turn off this warning run:\n\n\t$ minikube config set WantVirtualBoxDriverWarning false\n\n\nTo learn more about on minikube drivers checkout https://minikube.sigs.k8s.io/docs/drivers/\nTo see benchmarks checkout https://minikube.sigs.k8s.io/docs/benchmarks/cpuusage/\n\n": "", + "You have selected \"virtualbox\" driver, but there are better options !\nFor better performance and support consider using a different driver: {{.drivers}}\n\nTo turn off this warning run:\n\n\t$ minikube config set WantVirtualBoxDriverWarning false\n\n\nTo learn more about on minikube drivers checkout https://minikube.sigs.k8s.io/docs/drivers/\nTo see benchmarks checkout https://minikube.sigs.k8s.io/docs/benchmarks/cpuusage/\n\n": "Vous avez sélectionné le pilote \"virtualbox\", mais il existe de meilleures options !\nPour de meilleures performances et une meilleure assistance, envisagez d'utiliser un autre pilote: {{.drivers}}\n\nPour désactiver cet avertissement, exécutez :\n\n\t $ minikube config set WantVirtualBoxDriverWarning false\n\n\nPour en savoir plus sur les pilotes minikube, consultez https://minikube.sigs.k8s.io/docs/drivers/\nPour voir les benchmarks, consultez https://minikube.sigs.k8s. io/docs/benchmarks/cpuusage/\n\n", "You may need to manually remove the \"{{.name}}\" VM from your hypervisor": "Vous devrez peut-être supprimer la VM \"{{.name}}\" manuellement de votre hyperviseur.", "You may need to stop the Hyper-V Manager and run `minikube delete` again.": "Vous devrez peut-être arrêter le gestionnaire Hyper-V et exécuter à nouveau 'minikube delete'.", "You might be using an amd64 version of minikube on a M1 Mac, use the arm64 version of minikube instead": "Vous utilisez peut-être une version amd64 de minikube sur un Mac M1, utilisez plutôt la version arm64 de minikube", @@ -876,7 +876,7 @@ "kubectl proxy": "proxy kubectl", "libmachine failed": "libmachine a échoué", "list displays all valid default settings for PROPERTY_NAME\nAcceptable fields: \\n\\n": "la liste affiche tous les paramètres par défaut valides pour PROPERTY_NAME\nChamps acceptables : \\n\\n", - "list versions of all components included with minikube. (the cluster must be running)": "", + "list versions of all components included with minikube. (the cluster must be running)": "répertorier les versions de tous les composants inclus avec minikube. (le cluster doit être en cours d'exécution)", "loading profile": "profil de chargement", "max time to wait per Kubernetes or host to be healthy.": "temps d'attente maximal par Kubernetes ou hôte pour être en bonne santé.", "minikube addons list --output OUTPUT. json, list": "liste des modules minikube --output OUTPUT. json, liste", @@ -892,7 +892,7 @@ "minikube {{.version}} is available! Download it: {{.url}}": "minikube {{.version}} est disponible ! Téléchargez-le ici : {{.url}}", "mkcmp is used to compare performance of two minikube binaries": "mkcmp est utilisé pour comparer les performances de deux binaires minikube", "mount argument \"{{.value}}\" must be in form: \u003csource directory\u003e:\u003ctarget directory\u003e": "argument de montage \"{{.value}}\" doit être de la forme : \u003cdossier source\u003e:\u003cdossier de destination\u003e", - "mount could not connect": "", + "mount could not connect": "le montage n'a pas pu se connecter", "mount failed": "échec du montage", "namespaces to pause": "espaces de noms à mettre en pause", "namespaces to unpause": "espaces de noms à réactiver", From 8c283b189da58d983fe90202e5ea38c31fb451a7 Mon Sep 17 00:00:00 2001 From: amit dixit Date: Mon, 2 Aug 2021 18:53:52 +0200 Subject: [PATCH 029/205] added outlined bullets and filled bullets for selecte item --- site/content/en/docs/tutorials/kubevirt.md | 2 +- site/content/en/docs/tutorials/multi_node.md | 2 +- .../docs/tutorials/nginx_tcp_udp_ingress.md | 2 +- site/content/en/docs/tutorials/nvidia_gpu.md | 2 +- .../setup_minikube_in_github_actions.md | 2 +- site/layouts/partials/sidebar-tree.html | 177 ++++++++---------- 6 files changed, 86 insertions(+), 101 deletions(-) diff --git a/site/content/en/docs/tutorials/kubevirt.md b/site/content/en/docs/tutorials/kubevirt.md index 6116bb1678..5fddb46ba5 100644 --- a/site/content/en/docs/tutorials/kubevirt.md +++ b/site/content/en/docs/tutorials/kubevirt.md @@ -1,6 +1,6 @@ --- title: "How to use KubeVirt with minikube" -linkTitle: "KubeVirt support" +linkTitle: "KubeVirt Support" weight: 1 date: 2020-05-26 description: > diff --git a/site/content/en/docs/tutorials/multi_node.md b/site/content/en/docs/tutorials/multi_node.md index aef19f9722..51eab5b216 100644 --- a/site/content/en/docs/tutorials/multi_node.md +++ b/site/content/en/docs/tutorials/multi_node.md @@ -1,6 +1,6 @@ --- title: "Using Multi-Node Clusters" -linkTitle: "Using multi-node clusters" +linkTitle: "Using Multi-Node Clusters" weight: 1 date: 2019-11-24 --- diff --git a/site/content/en/docs/tutorials/nginx_tcp_udp_ingress.md b/site/content/en/docs/tutorials/nginx_tcp_udp_ingress.md index f38712de76..7c9fd083ce 100644 --- a/site/content/en/docs/tutorials/nginx_tcp_udp_ingress.md +++ b/site/content/en/docs/tutorials/nginx_tcp_udp_ingress.md @@ -1,6 +1,6 @@ --- title: "Ingress nginx for TCP and UDP services" -linkTitle: "Ingress nginx for TCP and UDP services" +linkTitle: "Ingress Nginx for TCP and UDP Services" weight: 1 date: 2019-08-15 description: > diff --git a/site/content/en/docs/tutorials/nvidia_gpu.md b/site/content/en/docs/tutorials/nvidia_gpu.md index 80c454933d..ca5ee78620 100644 --- a/site/content/en/docs/tutorials/nvidia_gpu.md +++ b/site/content/en/docs/tutorials/nvidia_gpu.md @@ -1,6 +1,6 @@ --- title: "NVIDIA GPU Support" -linkTitle: "NVIDIA GPU support" +linkTitle: "NVIDIA GPU Support" weight: 1 date: 2018-01-02 description: > diff --git a/site/content/en/docs/tutorials/setup_minikube_in_github_actions.md b/site/content/en/docs/tutorials/setup_minikube_in_github_actions.md index 7d97a3c79c..100c2e38ed 100644 --- a/site/content/en/docs/tutorials/setup_minikube_in_github_actions.md +++ b/site/content/en/docs/tutorials/setup_minikube_in_github_actions.md @@ -1,6 +1,6 @@ --- title: "Setup minikube as CI step in github actions" -linkTitle: "Minikube in github actions" +linkTitle: "Minikube in Github Actions" weight: 1 date: 2020-06-02 description: > diff --git a/site/layouts/partials/sidebar-tree.html b/site/layouts/partials/sidebar-tree.html index 954211f15d..1f04a94093 100644 --- a/site/layouts/partials/sidebar-tree.html +++ b/site/layouts/partials/sidebar-tree.html @@ -1,116 +1,101 @@ -{{/* minikube hack: temporarily forked from docsy/layouts/partials/sidebar-tree.html for hugo v0.69 compatibility */}} - -{{/* We cache this partial for bigger sites and set the active class client side. */}} -{{ $shouldDelayActive := ge (len .Site.Pages) 2000 }} -
              +{{/* minikube hack: temporarily forked from +docsy/layouts/partials/sidebar-tree.html for hugo v0.69 compatibility */}} {{/* +We cache this partial for bigger sites and set the active class client side. +*/}} {{ $shouldDelayActive := ge (len .Site.Pages) 2000 }} +
              {{ if not .Site.Params.ui.sidebar_search_disable }}
              {{ partial "search-input.html" . }} - +
              {{ end }}
              - -{{ define "section-tree-nav-section" }} -{{ $s := .section }} -{{ $p := .page }} -{{ $shouldDelayActive := .delayActive }} -{{ $activeSection := eq $p.CurrentSection $s }} - -{{/* minikube hack: Override $showSection due to a Hugo upgrade bug */}} -{{ $showSection := false }} -{{ $expandSection := false }} -{{ $sid := $s.RelPermalink | anchorize }} -{{ $sectionParent := $s.Parent.Title | anchorize }} -{{ $csid := $p.CurrentSection.Title | anchorize }} - -{{ if $p.IsDescendant $s }} - - {{ $showSection = true }} -{{ else if eq $sectionParent "minikube" }} - - {{ $showSection = true }} -{{ else if eq $sectionParent "welcome" }} - - {{ $showSection = true }} -{{ else if eq $sectionParent "handbook" }} - - {{ $showSection = true }} -{{ else if eq $p.CurrentSection $s.Parent }} - - {{ $showSection = true }} -{{ else if $p.Parent.IsAncestor $s }} - - {{ if eq $s $p.CurrentSection }} - {{ $showSection = true }} - {{ end }} - -{{ end }} +{{ define "section-tree-nav-section" }} {{ $s := .section }} {{ $p := .page }} +{{ $shouldDelayActive := .delayActive }} {{ $activeSection := eq +$p.CurrentSection $s }} {{/* minikube hack: Override $showSection due to a Hugo +upgrade bug */}} {{ $showSection := false }} {{ $expandSection := false }} {{ +$sid := $s.RelPermalink | anchorize }} {{ $sectionParent := $s.Parent.Title | +anchorize }} {{ $csid := $p.CurrentSection.Title | anchorize }} {{ if +$p.IsDescendant $s }} + +{{ $showSection = true }} {{ else if eq $sectionParent "minikube" }} + +{{ $showSection = true }} {{ else if eq $sectionParent "welcome" }} + +{{ $showSection = true }} {{ else if eq $sectionParent "handbook" }} + +{{ $showSection = true }} {{ else if eq $p.CurrentSection $s.Parent }} + +{{ $showSection = true }} {{ else if $p.Parent.IsAncestor $s }} + +{{ if eq $s $p.CurrentSection }} {{ $showSection = true }} {{ end }} {{ end }} -{{/* end minikube hack */}} +{{/* end minikube hack */}} {{ $sid := $s.RelPermalink | anchorize }} {{ if +$showSection }} +
                +
              • + + + {{ if $activeSection}} ⦿ {{ else }} ⦾ {{ end }} + {{$s.LinkTitle }} +
                • +
                  +
                • + {{ $pages := where (union $s.Pages $s.Sections).ByWeight + ".Params.toc_hide" "!=" true }} {{ $pages := $pages | first 50 }} {{ range + $pages }} {{ if .IsPage }} {{ $mid := printf "m-%s" (.RelPermalink | + anchorize) }} {{/* minikube hack: Override $activeSection due to a Hugo + upgrade bug */}} {{ $showPage := false }} {{ $activePage := false }} -{{ $sid := $s.RelPermalink | anchorize }} -{{ if $showSection }} -
                    -
                  • - - {{ if $activeSection}} 🟦 {{ else }} ⬛ {{ end }} - {{ $s.LinkTitle }} + + {{ if $activeSection }} {{ $showPage = true }} {{ $activePage = eq . $p }} + {{ end }} + + + {{ if eq $s.Title "Handbook" }} {{ if lt (len $p.CurrentSection.Pages) 7 + }} {{ $showPage = true }} {{ end }} + + {{ if eq $csid "welcome" }} {{ $showPage = true }} {{ end }} {{ end }} {{ + if $showPage }} + + {{.LinkTitle }} + + {{ end }} {{/* end minikube hack */}} {{ else }} {{ template + "section-tree-nav-section" (dict "page" $p "section" .) }} {{ end }} {{ + end }}
                    • -
                      -
                    • - {{ $pages := where (union $s.Pages $s.Sections).ByWeight ".Params.toc_hide" "!=" true }} - {{ $pages := $pages | first 50 }} - {{ range $pages }} - {{ if .IsPage }} - {{ $mid := printf "m-%s" (.RelPermalink | anchorize) }} - - {{/* minikube hack: Override $activeSection due to a Hugo upgrade bug */}} - {{ $showPage := false }} - {{ $activePage := false }} - - - {{ if $activeSection }} - {{ $showPage = true }} - {{ $activePage = eq . $p }} - {{ end }} - - - {{ if eq $s.Title "Handbook" }} - {{ if lt (len $p.CurrentSection.Pages) 7 }} - {{ $showPage = true }} - {{ end }} - - {{ if eq $csid "welcome" }} - {{ $showPage = true }} - {{ end }} - {{ end }} - - {{ if $showPage }} - {{ .LinkTitle }} - {{ end }} - - {{/* end minikube hack */}} - {{ else }} - {{ template "section-tree-nav-section" (dict "page" $p "section" .) }} - {{ end }} - {{ end }} -
                      • -
                  - {{ end }} -{{ end }} +
                +{{ end }} {{ end }} From b4bb12cc8325a74cc8df0c74412151c80497e112 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Aug 2021 18:23:24 +0000 Subject: [PATCH 030/205] Bump google.golang.org/api from 0.51.0 to 0.52.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.51.0 to 0.52.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.51.0...v0.52.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 62d25daa6d..4f9514575a 100644 --- a/go.mod +++ b/go.mod @@ -87,7 +87,7 @@ require ( golang.org/x/term v0.0.0-20210406210042-72f3dc4e9b72 golang.org/x/text v0.3.6 gonum.org/v1/plot v0.9.0 - google.golang.org/api v0.51.0 + google.golang.org/api v0.52.0 gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 // indirect gopkg.in/yaml.v2 v2.4.0 k8s.io/api v0.21.3 diff --git a/go.sum b/go.sum index 02276d1066..f8b8e0ef7b 100644 --- a/go.sum +++ b/go.sum @@ -24,8 +24,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= -cloud.google.com/go v0.87.0 h1:8ZtzmY4a2JIO2sljMbpqkDYxA8aJQveYr3AMa+X40oc= -cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= +cloud.google.com/go v0.88.0 h1:MZ2cf9Elnv1wqccq8ooKO2MqHQLc+ChCp/+QWObCpxg= +cloud.google.com/go v0.88.0/go.mod h1:dnKwfYbP9hQhefiUvpbcAyoGSHUrOxR20JVElLiUvEY= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -573,7 +573,7 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210715191844-86eeefc3e471/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/slowjam v1.0.0 h1:dA9flW4oGTJcSy8FpEvdq8JKwPFVgqYwMmjhqlb2L+s= @@ -1582,8 +1582,8 @@ google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFo google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= -google.golang.org/api v0.51.0 h1:SQaA2Cx57B+iPw2MBgyjEkoeMkRK2IenSGoia0U3lCk= -google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= +google.golang.org/api v0.52.0 h1:m5FLEd6dp5CU1F0tMWyqDi2XjchviIz8ntzOSz7w8As= +google.golang.org/api v0.52.0/go.mod h1:Him/adpjt0sxtkWViy0b6xyKW/SD71CwdJ7HqJo7SrU= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1647,9 +1647,9 @@ google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxH google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= -google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea h1:8ZyCcgugUqamxp/vZSEJw9CMy7VZlSWYJLLJPi/dSDA= -google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= +google.golang.org/genproto v0.0.0-20210721163202-f1cecdd8b78a/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210722135532-667f2b7c528f h1:YORWxaStkWBnWgELOHTmDrqNlFXuVGEbhwbB5iK94bQ= +google.golang.org/genproto v0.0.0-20210722135532-667f2b7c528f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= From 43a0518eb1b769c90d6b70e6f00c7188251d0753 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Aug 2021 18:24:12 +0000 Subject: [PATCH 031/205] Bump github.com/shirou/gopsutil/v3 from 3.21.6 to 3.21.7 Bumps [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil) from 3.21.6 to 3.21.7. - [Release notes](https://github.com/shirou/gopsutil/releases) - [Commits](https://github.com/shirou/gopsutil/compare/v3.21.6...v3.21.7) --- updated-dependencies: - dependency-name: github.com/shirou/gopsutil/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 21 ++++++++++----------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 62d25daa6d..2aff9e5b7a 100644 --- a/go.mod +++ b/go.mod @@ -67,7 +67,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 github.com/russross/blackfriday v1.5.3-0.20200218234912-41c5fccfd6f6 // indirect github.com/samalba/dockerclient v0.0.0-20160414174713-91d7393ff859 // indirect - github.com/shirou/gopsutil/v3 v3.21.6 + github.com/shirou/gopsutil/v3 v3.21.7 github.com/spf13/cobra v1.2.1 github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.8.1 diff --git a/go.sum b/go.sum index 02276d1066..69368e42d9 100644 --- a/go.sum +++ b/go.sum @@ -107,8 +107,8 @@ github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbt github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= -github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d h1:G0m3OIz70MZUWq3EgK3CesDbo8upS2Vm9/P3FtgI+Jk= -github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= +github.com/StackExchange/wmi v1.2.1 h1:VIkavFPXSjcnS+O8yTq7NI32k0R5Aj+v39y29VYDOSA= +github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8= github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM= github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA= github.com/VividCortex/godaemon v1.0.0 h1:aHYrScWvgaSOdAoYCdObWXLm+e1rldP9Pwb1ZvuZkQw= @@ -430,8 +430,8 @@ github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v0.4.0 h1:K7/B1jt6fIBQVd4Owv2MqGQClcgf0R266+7C/QjRcLc= github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-ole/go-ole v1.2.4 h1:nNBDSCOigTSiarFpYE9J/KtEA1IOW4CNeqT9TQDqCxI= -github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM= +github.com/go-ole/go-ole v1.2.5 h1:t4MGB5xEDZvXI+0rMjjsfBsD7yAgp/s9ZDkL1JndXwY= +github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= @@ -1011,8 +1011,8 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/shirou/gopsutil/v3 v3.21.6 h1:vU7jrp1Ic/2sHB7w6UNs7MIkn7ebVtTb5D9j45o9VYE= -github.com/shirou/gopsutil/v3 v3.21.6/go.mod h1:JfVbDpIBLVzT8oKbvMg9P3wEIMDDpVn+LwHTKj0ST88= +github.com/shirou/gopsutil/v3 v3.21.7 h1:PnTqQamUjwEDSgn+nBGu0qSDV/CfvyiR/gwTH3i7HTU= +github.com/shirou/gopsutil/v3 v3.21.7/go.mod h1:RGl11Y7XMTQPmHh8F0ayC6haKNBgH4PXMJuTAcMOlz4= github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= @@ -1080,10 +1080,10 @@ github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cb github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= github.com/thecodeteam/goscaleio v0.1.0/go.mod h1:68sdkZAsK8bvEwBlbQnlLS+xU+hvLYM/iQ8KXej1AwM= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= -github.com/tklauser/go-sysconf v0.3.6 h1:oc1sJWvKkmvIxhDHeKWvZS4f6AW+YcoguSfRF2/Hmo4= -github.com/tklauser/go-sysconf v0.3.6/go.mod h1:MkWzOF4RMCshBAMXuhXJs64Rte09mITnppBXY/rYEFI= -github.com/tklauser/numcpus v0.2.2 h1:oyhllyrScuYI6g+h/zUvNXNp1wy7x8qQy3t/piefldA= -github.com/tklauser/numcpus v0.2.2/go.mod h1:x3qojaO3uyYt0i56EW/VUYs7uBvdl2fkfZFu0T9wgjM= +github.com/tklauser/go-sysconf v0.3.7 h1:HT7h4+536gjqeq1ZIJPgOl1rg1XFatQGVZWp7Py53eg= +github.com/tklauser/go-sysconf v0.3.7/go.mod h1:JZIdXh4RmBvZDBZ41ld2bGxRV3n4daiiqA3skYhAoQ4= +github.com/tklauser/numcpus v0.2.3 h1:nQ0QYpiritP6ViFhrKYsiv6VVxOpum2Gks5GhnJbS/8= +github.com/tklauser/numcpus v0.2.3/go.mod h1:vpEPS/JC+oZGGQ/My/vJnNsvMDQL6PwOqt8dsCw5j+E= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= @@ -1430,7 +1430,6 @@ golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210304124612-50617c2ba197/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210316164454-77fc1eacc6aa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= From 4abf6cd31f2b3288798969545d76d7cd0fb8e28b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Aug 2021 18:24:41 +0000 Subject: [PATCH 032/205] Bump github.com/hashicorp/go-getter from 1.5.5 to 1.5.6 Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.5.5 to 1.5.6. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](https://github.com/hashicorp/go-getter/compare/v1.5.5...v1.5.6) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 62d25daa6d..3ec469d935 100644 --- a/go.mod +++ b/go.mod @@ -30,7 +30,7 @@ require ( github.com/google/slowjam v1.0.0 github.com/google/uuid v1.3.0 github.com/gookit/color v1.4.2 // indirect - github.com/hashicorp/go-getter v1.5.5 + github.com/hashicorp/go-getter v1.5.6 github.com/hashicorp/go-retryablehttp v0.7.0 github.com/hectane/go-acl v0.0.0-20190604041725-da78bae5fc95 // indirect github.com/hooklift/assert v0.0.0-20170704181755-9d1defd6d214 // indirect diff --git a/go.sum b/go.sum index 02276d1066..e189eeadac 100644 --- a/go.sum +++ b/go.sum @@ -619,8 +619,8 @@ github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brv github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-getter v1.5.5 h1:kAiuyk4LvTCqXfDkxNcCS/s0j/jye9USXT+iHH3EX68= -github.com/hashicorp/go-getter v1.5.5/go.mod h1:BrrV/1clo8cCYu6mxvboYg+KutTiFnXjMEgDD8+i7ZI= +github.com/hashicorp/go-getter v1.5.6 h1:G3YZUoFzwAqDS3dSQKwfVfxM1f/wxrM5LdRP9Sne8z0= +github.com/hashicorp/go-getter v1.5.6/go.mod h1:BrrV/1clo8cCYu6mxvboYg+KutTiFnXjMEgDD8+i7ZI= github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= From c2a4e03ad057571be24c39d5ac34547d296142c1 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Tue, 3 Aug 2021 10:49:24 -0700 Subject: [PATCH 033/205] Add message at bottom of page saying when the data was collected. --- hack/jenkins/test-flake-chart/flake_chart.html | 3 +++ hack/jenkins/test-flake-chart/flake_chart.js | 12 ++++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/hack/jenkins/test-flake-chart/flake_chart.html b/hack/jenkins/test-flake-chart/flake_chart.html index 55d1356300..e98e2a7a29 100644 --- a/hack/jenkins/test-flake-chart/flake_chart.html +++ b/hack/jenkins/test-flake-chart/flake_chart.html @@ -20,6 +20,9 @@
                + \ No newline at end of file diff --git a/hack/jenkins/test-flake-chart/flake_chart.js b/hack/jenkins/test-flake-chart/flake_chart.js index ea7937d39d..16b9de9659 100644 --- a/hack/jenkins/test-flake-chart/flake_chart.js +++ b/hack/jenkins/test-flake-chart/flake_chart.js @@ -81,6 +81,8 @@ async function loadTestData() { throw `Failed to fetch data from GCS bucket. Error: ${responseText}`; } + const responseDate = new Date(response.headers.get("date").toString()); + const box = document.createElement("div"); box.style.width = "100%"; const innerBox = document.createElement("div"); @@ -143,7 +145,7 @@ async function loadTestData() { if (testData.length == 0) { throw "Fetched CSV data is empty or poorly formatted."; } - return testData; + return [testData, responseDate]; } Array.prototype.sum = function() { @@ -636,7 +638,7 @@ function displayEnvironmentChart(testData, environmentName) { chart.draw(data, options); } - document.body.appendChild( + chartsContainer.appendChild( createRecentFlakePercentageTable( recentFlakePercentage, previousFlakePercentageMap, @@ -645,11 +647,11 @@ function displayEnvironmentChart(testData, environmentName) { async function init() { google.charts.load('current', { 'packages': ['corechart'] }); - let testData; + let testData, responseDate; try { // Wait for Google Charts to load, and for test data to load. // Only store the test data (at index 1) into `testData`. - testData = (await Promise.all([ + [testData, responseDate] = (await Promise.all([ new Promise(resolve => google.charts.setOnLoadCallback(resolve)), loadTestData() ]))[1]; @@ -666,6 +668,8 @@ async function init() { } else { displayTestAndEnvironmentChart(testData, desiredTest, desiredEnvironment); } + document.querySelector('#data_date_container').style.display = 'block'; + document.querySelector('#data_date').innerText = responseDate.toLocaleString(); } init(); From 3d79bba97d6bbe1af35208e4d0fa170a66ba8167 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Tue, 3 Aug 2021 11:48:20 -0700 Subject: [PATCH 034/205] configure gcp-auth addon pull secret to work with all GCR and AR mirrors --- go.mod | 1 + go.sum | 2 ++ pkg/addons/addons_gcpauth.go | 12 +++++++++++- test/integration/addons_test.go | 15 ++++++++++++++- 4 files changed, 28 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 62d25daa6d..9a7bed57b6 100644 --- a/go.mod +++ b/go.mod @@ -6,6 +6,7 @@ require ( cloud.google.com/go/storage v1.15.0 contrib.go.opencensus.io/exporter/stackdriver v0.12.1 github.com/Delta456/box-cli-maker/v2 v2.2.1 + github.com/GoogleCloudPlatform/docker-credential-gcr v0.0.0-20210713212222-faed5e8b8ca2 github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v0.16.0 github.com/Microsoft/hcsshim v0.8.17 // indirect github.com/Parallels/docker-machine-parallels/v2 v2.0.1 diff --git a/go.sum b/go.sum index 02276d1066..71105fd01d 100644 --- a/go.sum +++ b/go.sum @@ -70,6 +70,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Delta456/box-cli-maker/v2 v2.2.1 h1:uTcuvT6Ty+LBHuRUdFrJBpqP9RhtLxI5+5ZpKYAUuVw= github.com/Delta456/box-cli-maker/v2 v2.2.1/go.mod h1:R7jxZHK2wGBR2Luz/Vgi8jP5fz1ljUXgu2o2JQNmvFU= +github.com/GoogleCloudPlatform/docker-credential-gcr v0.0.0-20210713212222-faed5e8b8ca2 h1:rMamBsR6iCT9Y5m2Il6vFGJvY7FAgck4AoA/LobheKU= +github.com/GoogleCloudPlatform/docker-credential-gcr v0.0.0-20210713212222-faed5e8b8ca2/go.mod h1:BB1eHdMLYEFuFdBlRMb0N7YGVdM5s6Pt0njxgvfbGGs= github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20200415212048-7901bc822317/go.mod h1:DF8FZRxMHMGv/vP2lQP6h+dYzzjpuRn24VeRiYn3qjQ= github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v0.16.0 h1:ljU7eS7Fe0eGWEJxhoIjGANPEhx2f5PKTbDjvT61Kwk= github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v0.16.0/go.mod h1:TLDTgf8D4fD8Y1DizdJKtfIjkHJZU1J+mieFB1qS5T8= diff --git a/pkg/addons/addons_gcpauth.go b/pkg/addons/addons_gcpauth.go index 4c363818e0..cb66f3efe2 100644 --- a/pkg/addons/addons_gcpauth.go +++ b/pkg/addons/addons_gcpauth.go @@ -23,8 +23,10 @@ import ( "os" "os/exec" "strconv" + "strings" "time" + gcr_config "github.com/GoogleCloudPlatform/docker-credential-gcr/config" "github.com/pkg/errors" "golang.org/x/oauth2/google" corev1 "k8s.io/api/core/v1" @@ -131,8 +133,16 @@ func createPullSecret(cc *config.ClusterConfig, creds *google.Credentials) error token, err := creds.TokenSource.Token() // Only try to add secret if Token was found if err == nil { + dockercfg := "" + registries := append(gcr_config.DefaultGCRRegistries[:], gcr_config.DefaultARRegistries[:]...) + for _, reg := range registries { + dockercfg += fmt.Sprintf(`"https://%s":{"username":"oauth2accesstoken","password":"%s","email":"none"},`, reg, token.AccessToken) + } + + dockercfg = strings.TrimSuffix(dockercfg, ",") + data := map[string][]byte{ - ".dockercfg": []byte(fmt.Sprintf(`{"https://gcr.io":{"username":"oauth2accesstoken","password":"%s","email":"none"}, "https://us-docker.pkg.dev":{"username":"oauth2accesstoken","password":"%s","email":"none"}}`, token.AccessToken, token.AccessToken)), + ".dockercfg": []byte(fmt.Sprintf(`{%s}`, dockercfg)), } for _, n := range namespaces.Items { diff --git a/test/integration/addons_test.go b/test/integration/addons_test.go index 369ca99271..59025f671f 100644 --- a/test/integration/addons_test.go +++ b/test/integration/addons_test.go @@ -700,7 +700,20 @@ func validateGCPAuthAddon(ctx context.Context, t *testing.T, profile string) { // Make sure the pod is up and running, which means we successfully pulled the private image down // 8 minutes, because 4 is not enough for images to pull in all cases. - _, err := PodWait(ctx, t, profile, "default", "integration-test=private-image", Minutes(8)) + _, err = PodWait(ctx, t, profile, "default", "integration-test=private-image", Minutes(8)) + if err != nil { + t.Fatalf("wait for private image: %v", err) + } + + // Try it with a European mirror as well + _, err = Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "apply", "-f", filepath.Join(*testdataDir, "private-image-eu.yaml"))) + if err != nil { + t.Fatalf("print env project: %v", err) + } + + // Make sure the pod is up and running, which means we successfully pulled the private image down + // 8 minutes, because 4 is not enough for images to pull in all cases. + _, err = PodWait(ctx, t, profile, "default", "integration-test=private-image-eu", Minutes(8)) if err != nil { t.Fatalf("wait for private image: %v", err) } From eff683bfaf97b6606cf68c4f50e32ff71339e77a Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Tue, 3 Aug 2021 13:21:33 -0700 Subject: [PATCH 035/205] Revert "fix whitespace in test yaml" --- .../bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml | 2 +- .../bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml | 2 +- pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml | 2 +- pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml | 2 +- pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml | 2 +- pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml | 2 +- .../bootstrapper/bsutil/testdata/v1.22/image-repository.yaml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml index 047fc02b67..9df5003de0 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s \ No newline at end of file + tcpCloseWaitTimeout: 0s diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml index 94f9304344..dbb3848b7a 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s \ No newline at end of file + tcpCloseWaitTimeout: 0s diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml index 5dcf6fa1cb..0b4338aa95 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s \ No newline at end of file + tcpCloseWaitTimeout: 0s diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml index 8f64537e5f..0f98e04878 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s \ No newline at end of file + tcpCloseWaitTimeout: 0s diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml index cbcd72f146..6a04619bf1 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s \ No newline at end of file + tcpCloseWaitTimeout: 0s diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml index b2deec7229..9bbacc2ff8 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s \ No newline at end of file + tcpCloseWaitTimeout: 0s diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml index 418f7c5a1d..169d8d4721 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml @@ -72,4 +72,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s \ No newline at end of file + tcpCloseWaitTimeout: 0s From c1e386f4f21c57586016ce955143d7f9f5eb2f27 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Tue, 3 Aug 2021 13:22:38 -0700 Subject: [PATCH 036/205] add new eu image yaml --- .../testdata/private-image-eu.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 test/integration/testdata/private-image-eu.yaml diff --git a/test/integration/testdata/private-image-eu.yaml b/test/integration/testdata/private-image-eu.yaml new file mode 100644 index 0000000000..fbadd38c67 --- /dev/null +++ b/test/integration/testdata/private-image-eu.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: private-image-eu + labels: + integration-test: private-image-eu +spec: + selector: + matchLabels: + integration-test: private-image-eu + template: + metadata: + labels: + integration-test: private-image-eu + spec: + containers: + - image: europe-west1-docker.pkg.dev/k8s-minikube/test-artifacts-eu/echoserver:1.4 + imagePullPolicy: IfNotPresent + name: private-image-eu From 01343b001b0163f28183c8108a732ad240c8d7e2 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Tue, 3 Aug 2021 13:55:33 -0700 Subject: [PATCH 037/205] Simplify bodyByLinesIterator to only use splitting instead of regex. --- hack/jenkins/test-flake-chart/flake_chart.js | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/hack/jenkins/test-flake-chart/flake_chart.js b/hack/jenkins/test-flake-chart/flake_chart.js index ea7937d39d..66a517525b 100644 --- a/hack/jenkins/test-flake-chart/flake_chart.js +++ b/hack/jenkins/test-flake-chart/flake_chart.js @@ -19,9 +19,7 @@ async function* bodyByLinesIterator(response, updateProgress) { const utf8Decoder = new TextDecoder('utf-8'); const reader = response.body.getReader(); - const re = /\n|\r|\r\n/gm; let pendingText = ""; - let readerDone = false; while (!readerDone) { // Read a chunk. @@ -34,21 +32,15 @@ async function* bodyByLinesIterator(response, updateProgress) { updateProgress(chunk.length); const decodedChunk = utf8Decoder.decode(chunk); - let startIndex = 0; - let result; - // Keep processing until there are no more new lines. - while ((result = re.exec(decodedChunk)) !== null) { - const text = decodedChunk.substring(startIndex, result.index); - startIndex = re.lastIndex; - - const line = pendingText + text; + const sublines = decodedChunk.split('\n'); + for (let i = 0; i < sublines.length - 1; i++) { + const fullLine = pendingText + sublines[i]; pendingText = ""; - if (line !== "") { - yield line; + if (fullLine !== "") { + yield fullLine; } } - // Any text after the last new line is appended to any pending text. - pendingText += decodedChunk.substring(startIndex); + pendingText = sublines[sublines.length - 1]; } // If there is any text remaining, return it. From 37d7ff3effbf49e425d54ab4e598f2e0674d7a0e Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Tue, 3 Aug 2021 14:22:31 -0700 Subject: [PATCH 038/205] Turn bodyByLinesIterator into getBodyLinesWithProgress. Yielding is slow! Improves processing time from 8s to 3s. --- hack/jenkins/test-flake-chart/flake_chart.js | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/hack/jenkins/test-flake-chart/flake_chart.js b/hack/jenkins/test-flake-chart/flake_chart.js index 66a517525b..87df4a8acf 100644 --- a/hack/jenkins/test-flake-chart/flake_chart.js +++ b/hack/jenkins/test-flake-chart/flake_chart.js @@ -14,11 +14,12 @@ function displayError(message) { document.body.appendChild(element); } -// Creates a generator that reads the response body one line at a time. -async function* bodyByLinesIterator(response, updateProgress) { +// Reads `response` into an array of lines while calling `updateProgress` in between. +async function getBodyLinesWithProgress(response, updateProgress) { const utf8Decoder = new TextDecoder('utf-8'); const reader = response.body.getReader(); + const lines = []; let pendingText = ""; let readerDone = false; while (!readerDone) { @@ -37,16 +38,17 @@ async function* bodyByLinesIterator(response, updateProgress) { const fullLine = pendingText + sublines[i]; pendingText = ""; if (fullLine !== "") { - yield fullLine; + lines.push(fullLine); } } pendingText = sublines[sublines.length - 1]; } - // If there is any text remaining, return it. + // If there is any text remaining, append it. if (pendingText !== "") { - yield pendingText; + lines.push(pendingText); } + return lines; } // Determines whether `str` matches at least one value in `enumObject`. @@ -90,12 +92,12 @@ async function loadTestData() { document.body.appendChild(box); let readBytes = 0; - const lines = bodyByLinesIterator(response, value => { + const lines = await getBodyLinesWithProgress(response, value => { readBytes += value; progressBar.setAttribute("value", readBytes); }); // Consume the header to ensure the data has the right number of fields. - const header = (await lines.next()).value; + const header = lines[0]; if (header.split(",").length != 9) { document.body.removeChild(box); throw `Fetched CSV data contains wrong number of fields. Expected: 9. Actual Header: "${header}"`; @@ -103,7 +105,8 @@ async function loadTestData() { const testData = []; let lineData = ["", "", "", "", "", "", "", "", ""]; - for await (const line of lines) { + for (let i = 1; i < lines.length; i++) { + const line = lines[i]; let splitLine = line.split(","); if (splitLine.length != 9) { console.warn(`Found line with wrong number of fields. Actual: ${splitLine.length} Expected: 9. Line: "${line}"`); From 4e0478eb973853fe8f333c5d1d7368bdcfc35fbe Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Tue, 3 Aug 2021 14:51:52 -0700 Subject: [PATCH 039/205] Add progress bar for parsing data. --- hack/jenkins/test-flake-chart/flake_chart.js | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/hack/jenkins/test-flake-chart/flake_chart.js b/hack/jenkins/test-flake-chart/flake_chart.js index 87df4a8acf..0c120668e0 100644 --- a/hack/jenkins/test-flake-chart/flake_chart.js +++ b/hack/jenkins/test-flake-chart/flake_chart.js @@ -103,9 +103,20 @@ async function loadTestData() { throw `Fetched CSV data contains wrong number of fields. Expected: 9. Actual Header: "${header}"`; } + progressBarPrompt.textContent = "Parsing data..."; + progressBar.setAttribute("max", lines.length); + const testData = []; let lineData = ["", "", "", "", "", "", "", "", ""]; for (let i = 1; i < lines.length; i++) { + if (i % 30000 === 0) { + await new Promise(resolve => { + setTimeout(() => { + progressBar.setAttribute("value", i); + resolve(); + }); + }); + } const line = lines[i]; let splitLine = line.split(","); if (splitLine.length != 9) { From a27500e1b511db7933251985c6fe652486033a2d Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Wed, 28 Jul 2021 09:39:18 -0700 Subject: [PATCH 040/205] Disable caching on HTML. --- hack/jenkins/test-flake-chart/flake_chart.html | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hack/jenkins/test-flake-chart/flake_chart.html b/hack/jenkins/test-flake-chart/flake_chart.html index 55d1356300..cb0cdac4f7 100644 --- a/hack/jenkins/test-flake-chart/flake_chart.html +++ b/hack/jenkins/test-flake-chart/flake_chart.html @@ -1,5 +1,9 @@ + + + + From 1515f668dd4c37b9a7936f8ca60c30035d366fc1 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Wed, 28 Jul 2021 09:47:42 -0700 Subject: [PATCH 041/205] Prevent caching of flake_chart.js. --- hack/jenkins/test-flake-chart/flake_chart.html | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hack/jenkins/test-flake-chart/flake_chart.html b/hack/jenkins/test-flake-chart/flake_chart.html index cb0cdac4f7..51a8bacfb1 100644 --- a/hack/jenkins/test-flake-chart/flake_chart.html +++ b/hack/jenkins/test-flake-chart/flake_chart.html @@ -25,5 +25,9 @@
                - + \ No newline at end of file From fbd96a4bad761bca7725899f836e40bcfef804c8 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Tue, 3 Aug 2021 15:33:45 -0700 Subject: [PATCH 042/205] Add cache control to ensure data.csv is checked at least after an hour of use. --- hack/jenkins/test-flake-chart/flake_chart.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hack/jenkins/test-flake-chart/flake_chart.js b/hack/jenkins/test-flake-chart/flake_chart.js index ea7937d39d..053081c400 100644 --- a/hack/jenkins/test-flake-chart/flake_chart.js +++ b/hack/jenkins/test-flake-chart/flake_chart.js @@ -75,7 +75,11 @@ const testStatus = { } async function loadTestData() { - const response = await fetch("data.csv"); + const response = await fetch("data.csv", { + headers: { + "Cache-Control": "max-age=3600,must-revalidate", + } + }); if (!response.ok) { const responseText = await response.text(); throw `Failed to fetch data from GCS bucket. Error: ${responseText}`; From e75fbcc18219b5ed7eb18b03dd7e3277c4da700e Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Wed, 4 Aug 2021 10:27:45 -0700 Subject: [PATCH 043/205] Create tutorial for using a static token file. --- .../en/docs/tutorials/token-auth-file.md | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 site/content/en/docs/tutorials/token-auth-file.md diff --git a/site/content/en/docs/tutorials/token-auth-file.md b/site/content/en/docs/tutorials/token-auth-file.md new file mode 100644 index 0000000000..e1d105093e --- /dev/null +++ b/site/content/en/docs/tutorials/token-auth-file.md @@ -0,0 +1,30 @@ +--- +title: "Using Static Token file" +linkTitle: "Using Static Token file" +weight: 1 +date: 2021-08-04 +description: > + Using a static token file in Minikube +--- + +## Overview + +A [static token file](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#static-token-file) can be used to ensure only authenticated users access the API server. As minikube nodes are run in VMs/containers, this adds a complication to ensuring this token file is accessable to the node. This tutorial explains how to configure a static token file. + +## Tutorial + +This must be done before creating the minikube cluster. + +```shell +# Create the folder that will be copied into the control plane. +mkdir -p ~/.minikube/files/etc/ca-certificates/ + +# Copy the token file into the folder. +cp token.csv ~/.minikube/files/etc/ca-certificates/token.csv + +# Start minikube with the token auth file specified. +minikube start \ + --extra-config=apiserver.token-auth-file=/etc/ca-certificates/token.csv +``` + +Placing files in `~/.minikube/files/` automatically copies them to the specified path in each minikube node. This means once we call `minikube start`, it is able to access the token file since it is locally present in the node. From b2bc9135969d02500142aceab34c0c5d9beea9c0 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Wed, 4 Aug 2021 16:35:26 -0700 Subject: [PATCH 044/205] gcp-auth: always create the pull secret and don't require --force if GOOGLE_APPLICATION_CREDENTIALS env var is set --- pkg/addons/addons_gcpauth.go | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/pkg/addons/addons_gcpauth.go b/pkg/addons/addons_gcpauth.go index 4c363818e0..1afd489318 100644 --- a/pkg/addons/addons_gcpauth.go +++ b/pkg/addons/addons_gcpauth.go @@ -61,10 +61,6 @@ func enableOrDisableGCPAuth(cfg *config.ClusterConfig, name string, val string) } func enableAddonGCPAuth(cfg *config.ClusterConfig) error { - if !Force && detect.IsOnGCE() { - exit.Message(reason.InternalCredsNotNeeded, "It seems that you are running in GCE, which means authentication should work without the GCP Auth addon. If you would still like to authenticate using a credentials file, use the --force flag.") - } - // Grab command runner from running cluster cc := mustload.Running(cfg.Name) r := cc.CP.Runner @@ -76,6 +72,18 @@ func enableAddonGCPAuth(cfg *config.ClusterConfig) error { exit.Message(reason.InternalCredsNotFound, "Could not find any GCP credentials. Either run `gcloud auth application-default login` or set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of your credentials file.") } + // Create a registry secret in every namespace we can find + // Always create the pull secret, no matter where we are + err = createPullSecret(cfg, creds) + if err != nil { + return errors.Wrap(err, "pull secret") + } + + // If the env var is explicitly set, even in GCE, then defer to the user and continue + if !Force && detect.IsOnGCE() && os.Getenv("GOOGLE_APPLICATION_CREDENTUALS") == "" { + exit.Message(reason.InternalCredsNotNeeded, "It seems that you are running in GCE, which means authentication should work without the GCP Auth addon. If you would still like to authenticate using a credentials file, use the --force flag.") + } + // Actually copy the creds over f := assets.NewMemoryAssetTarget(creds.JSON, credentialsPath, "0444") @@ -84,12 +92,6 @@ func enableAddonGCPAuth(cfg *config.ClusterConfig) error { return err } - // Create a registry secret in every namespace we can find - err = createPullSecret(cfg, creds) - if err != nil { - return errors.Wrap(err, "pull secret") - } - // First check if the project env var is explicitly set projectEnv := os.Getenv("GOOGLE_CLOUD_PROJECT") if projectEnv != "" { From 87d208545cee10defe86b5ea13c13a864f3ba07f Mon Sep 17 00:00:00 2001 From: Steven Powell Date: Wed, 4 Aug 2021 17:02:08 -0700 Subject: [PATCH 045/205] fix ScheduledStop tests --- test/integration/scheduled_stop_test.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/test/integration/scheduled_stop_test.go b/test/integration/scheduled_stop_test.go index cf43f66cff..80dab3b03c 100644 --- a/test/integration/scheduled_stop_test.go +++ b/test/integration/scheduled_stop_test.go @@ -63,15 +63,15 @@ func TestScheduledStopWindows(t *testing.T) { // reschedule stop for 5 seconds from now stopMinikube(ctx, t, profile, []string{"--schedule", "5s"}) - // sleep for 5 seconds - time.Sleep(5 * time.Second) + // wait for stop to complete + time.Sleep(15 * time.Second) // make sure minikube timetoStop is not present ensureTimeToStopNotPresent(ctx, t, profile) // make sure minikube status is "Stopped" ensureMinikubeStatus(ctx, t, profile, "Host", state.Stopped.String()) } -// TestScheduledStopWindows tests the schedule stop functionality on Unix +// TestScheduledStopUnix tests the schedule stop functionality on Unix func TestScheduledStopUnix(t *testing.T) { if runtime.GOOS == "windows" { t.Skip("test only runs on unix") @@ -115,6 +115,8 @@ func TestScheduledStopUnix(t *testing.T) { t.Fatalf("process %v running but should have been killed on reschedule of stop", pid) } + // wait for stop to complete + time.Sleep(15 * time.Second) // make sure minikube timetoStop is not present ensureTimeToStopNotPresent(ctx, t, profile) // make sure minikube status is "Stopped" @@ -134,7 +136,7 @@ func stopMinikube(ctx context.Context, t *testing.T, profile string, additionalA args = append(args, additionalArgs...) rr, err := Run(t, exec.CommandContext(ctx, Target(), args...)) if err != nil { - t.Fatalf("starting minikube: %v\n%s", err, rr.Output()) + t.Fatalf("stopping minikube: %v\n%s", err, rr.Output()) } } @@ -201,7 +203,7 @@ func ensureMinikubeScheduledTime(ctx context.Context, t *testing.T, profile stri func ensureTimeToStopNotPresent(ctx context.Context, t *testing.T, profile string) { args := []string{"status", "-p", profile} rr, err := Run(t, exec.CommandContext(ctx, Target(), args...)) - if err != nil { + if err != nil && strings.Contains(rr.Output(), "Error") { t.Fatalf("minikube status: %v\n%s", err, rr.Output()) } if strings.Contains(rr.Output(), "TimeToStop") { From 85d4b20a6c2db23de561687a9cfc107df44b5015 Mon Sep 17 00:00:00 2001 From: Steven Powell Date: Wed, 4 Aug 2021 17:12:07 -0700 Subject: [PATCH 046/205] added comment --- test/integration/scheduled_stop_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/integration/scheduled_stop_test.go b/test/integration/scheduled_stop_test.go index 80dab3b03c..4a52be4ae3 100644 --- a/test/integration/scheduled_stop_test.go +++ b/test/integration/scheduled_stop_test.go @@ -203,6 +203,8 @@ func ensureMinikubeScheduledTime(ctx context.Context, t *testing.T, profile stri func ensureTimeToStopNotPresent(ctx context.Context, t *testing.T, profile string) { args := []string{"status", "-p", profile} rr, err := Run(t, exec.CommandContext(ctx, Target(), args...)) + // `minikube status` returns a non-zero exit code if the cluster is not running + // so also check for "Error" in the output to confirm it's an actual error if err != nil && strings.Contains(rr.Output(), "Error") { t.Fatalf("minikube status: %v\n%s", err, rr.Output()) } From f089c7f8e13ae27094b2c32549dfb437e28be555 Mon Sep 17 00:00:00 2001 From: Steven Powell Date: Thu, 5 Aug 2021 00:37:46 +0000 Subject: [PATCH 047/205] fix PATH separator for Windows --- test/integration/skaffold_test.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/integration/skaffold_test.go b/test/integration/skaffold_test.go index 2b04e0351d..2723a87568 100644 --- a/test/integration/skaffold_test.go +++ b/test/integration/skaffold_test.go @@ -81,7 +81,11 @@ func TestSkaffold(t *testing.T) { } oldPath := os.Getenv("PATH") - os.Setenv("PATH", fmt.Sprintf("%s:%s", filepath.Dir(abs), os.Getenv("PATH"))) + pathSeparator := ":" + if runtime.GOOS == "windows" { + pathSeparator = ";" + } + os.Setenv("PATH", fmt.Sprintf("%s%s%s", filepath.Dir(abs), pathSeparator, os.Getenv("PATH"))) // make sure 'docker' and 'minikube' are now in PATH for _, binary := range []string{"minikube", "docker"} { From 2584519c0c148b5a8fe5eba7c10aea4efb82b5e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Thu, 5 Aug 2021 10:15:37 +0200 Subject: [PATCH 048/205] Update crictl to v1.20.0 --- deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.hash | 1 + deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.mk | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.hash b/deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.hash index 86dde7ae50..b2fd7bacee 100644 --- a/deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.hash +++ b/deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.hash @@ -5,3 +5,4 @@ sha256 19fed421710fccfe58f5573383bb137c19438a9056355556f1a15da8d23b3ad1 crictl- sha256 7b72073797f638f099ed19550d52e9b9067672523fc51b746e65d7aa0bafa414 crictl-v1.17.0-linux-amd64.tar.gz sha256 876dd2b3d0d1c2590371f940fb1bf1fbd5f15aebfbe456703ee465d959700f4a crictl-v1.18.0-linux-amd64.tar.gz sha256 87d8ef70b61f2fe3d8b4a48f6f712fd798c6e293ed3723c1e4bbb5052098f0ae crictl-v1.19.0-linux-amd64.tar.gz +sha256 44d5f550ef3f41f9b53155906e0229ffdbee4b19452b4df540265e29572b899c crictl-v1.20.0-linux-amd64.tar.gz diff --git a/deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.mk b/deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.mk index 1a6cf0c5b1..59979bf3af 100644 --- a/deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.mk +++ b/deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.mk @@ -4,7 +4,7 @@ # ################################################################################ -CRICTL_BIN_VERSION = v1.19.0 +CRICTL_BIN_VERSION = v1.20.0 CRICTL_BIN_SITE = https://github.com/kubernetes-sigs/cri-tools/releases/download/$(CRICTL_BIN_VERSION) CRICTL_BIN_SOURCE = crictl-$(CRICTL_BIN_VERSION)-linux-amd64.tar.gz CRICTL_BIN_STRIP_COMPONENTS = 0 From e5c662ce4fea24e9eb95e736016eea88e158e689 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Thu, 5 Aug 2021 10:16:22 +0200 Subject: [PATCH 049/205] Update crictl to v1.21.0 --- deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.hash | 1 + deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.mk | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.hash b/deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.hash index b2fd7bacee..432a95b281 100644 --- a/deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.hash +++ b/deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.hash @@ -6,3 +6,4 @@ sha256 7b72073797f638f099ed19550d52e9b9067672523fc51b746e65d7aa0bafa414 crictl- sha256 876dd2b3d0d1c2590371f940fb1bf1fbd5f15aebfbe456703ee465d959700f4a crictl-v1.18.0-linux-amd64.tar.gz sha256 87d8ef70b61f2fe3d8b4a48f6f712fd798c6e293ed3723c1e4bbb5052098f0ae crictl-v1.19.0-linux-amd64.tar.gz sha256 44d5f550ef3f41f9b53155906e0229ffdbee4b19452b4df540265e29572b899c crictl-v1.20.0-linux-amd64.tar.gz +sha256 85c78a35584971625bf1c3bcd46e5404a90396f979d7586f18b11119cb623e24 crictl-v1.21.0-linux-amd64.tar.gz diff --git a/deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.mk b/deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.mk index 59979bf3af..16331a6c01 100644 --- a/deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.mk +++ b/deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.mk @@ -4,7 +4,7 @@ # ################################################################################ -CRICTL_BIN_VERSION = v1.20.0 +CRICTL_BIN_VERSION = v1.21.0 CRICTL_BIN_SITE = https://github.com/kubernetes-sigs/cri-tools/releases/download/$(CRICTL_BIN_VERSION) CRICTL_BIN_SOURCE = crictl-$(CRICTL_BIN_VERSION)-linux-amd64.tar.gz CRICTL_BIN_STRIP_COMPONENTS = 0 From 16f5466439af172887348eab53b68d2ba92916ee Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Thu, 5 Aug 2021 11:19:56 +0000 Subject: [PATCH 050/205] Updating ISO to v1.22.0-1628159026-12129 --- Makefile | 2 +- pkg/minikube/download/iso.go | 2 +- site/content/en/docs/commands/start.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 98b39485b6..96af848bc5 100644 --- a/Makefile +++ b/Makefile @@ -23,7 +23,7 @@ KUBERNETES_VERSION ?= $(shell egrep "DefaultKubernetesVersion =" pkg/minikube/co KIC_VERSION ?= $(shell egrep "Version =" pkg/drivers/kic/types.go | cut -d \" -f2) # Default to .0 for higher cache hit rates, as build increments typically don't require new ISO versions -ISO_VERSION ?= v1.22.0-1627488369-11483 +ISO_VERSION ?= v1.22.0-1628159026-12129 # Dashes are valid in semver, but not Linux packaging. Use ~ to delimit alpha/beta DEB_VERSION ?= $(subst -,~,$(RAW_VERSION)) DEB_REVISION ?= 0 diff --git a/pkg/minikube/download/iso.go b/pkg/minikube/download/iso.go index 4bf837cddc..7d928a4a4a 100644 --- a/pkg/minikube/download/iso.go +++ b/pkg/minikube/download/iso.go @@ -40,7 +40,7 @@ const fileScheme = "file" // DefaultISOURLs returns a list of ISO URL's to consult by default, in priority order func DefaultISOURLs() []string { v := version.GetISOVersion() - isoBucket := "minikube-builds/iso/11483" + isoBucket := "minikube-builds/iso/12129" return []string{ fmt.Sprintf("https://storage.googleapis.com/%s/minikube-%s.iso", isoBucket, v), fmt.Sprintf("https://github.com/kubernetes/minikube/releases/download/%s/minikube-%s.iso", v, v), diff --git a/site/content/en/docs/commands/start.md b/site/content/en/docs/commands/start.md index bc836458ed..f015981a18 100644 --- a/site/content/en/docs/commands/start.md +++ b/site/content/en/docs/commands/start.md @@ -65,7 +65,7 @@ minikube start [flags] --insecure-registry strings Insecure Docker registries to pass to the Docker daemon. The default service CIDR range will automatically be added. --install-addons If set, install addons. Defaults to true. (default true) --interactive Allow user prompts for more information (default true) - --iso-url strings Locations to fetch the minikube ISO from. (default [https://storage.googleapis.com/minikube-builds/iso/11483/minikube-v1.22.0-1627488369-11483.iso,https://github.com/kubernetes/minikube/releases/download/v1.22.0-1627488369-11483/minikube-v1.22.0-1627488369-11483.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.22.0-1627488369-11483.iso]) + --iso-url strings Locations to fetch the minikube ISO from. (default [https://storage.googleapis.com/minikube-builds/iso/12129/minikube-v1.22.0-1628159026-12129.iso,https://github.com/kubernetes/minikube/releases/download/v1.22.0-1628159026-12129/minikube-v1.22.0-1628159026-12129.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.22.0-1628159026-12129.iso]) --keep-context This will keep the existing kubectl context and will create a minikube context. --kubernetes-version string The Kubernetes version that the minikube VM will use (ex: v1.2.3, 'stable' for v1.21.3, 'latest' for v1.22.0-rc.0). Defaults to 'stable'. --kvm-gpu Enable experimental NVIDIA GPU support in minikube From aa6b98717881b1bab579a7a696733bef2c06b19d Mon Sep 17 00:00:00 2001 From: Steven Powell Date: Thu, 5 Aug 2021 09:20:23 -0700 Subject: [PATCH 051/205] add unpause command under pause in docs --- site/content/en/docs/start/_index.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/site/content/en/docs/start/_index.md b/site/content/en/docs/start/_index.md index a44fa855bf..59174dd807 100644 --- a/site/content/en/docs/start/_index.md +++ b/site/content/en/docs/start/_index.md @@ -573,6 +573,11 @@ Pause Kubernetes without impacting deployed applications: minikube pause ``` +Unpause a paused instance: +```shell +minikube unpause +``` + Halt the cluster: ```shell From b1b701860663e2d21416ab37397608256f9f3ed2 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Thu, 5 Aug 2021 09:26:43 -0700 Subject: [PATCH 052/205] Move legacy version selection to its own function so both tests are synchronized. --- test/integration/version_upgrade_test.go | 78 ++++++++++-------------- 1 file changed, 31 insertions(+), 47 deletions(-) diff --git a/test/integration/version_upgrade_test.go b/test/integration/version_upgrade_test.go index c5441e421d..27311475fb 100644 --- a/test/integration/version_upgrade_test.go +++ b/test/integration/version_upgrade_test.go @@ -58,6 +58,26 @@ func installRelease(version string) (f *os.File, err error) { return tf, nil } +func legacyVersion() string { + // Should be a version from the last 6 months + version := "v1.6.2" + if KicDriver() { + if arm64Platform() { + // arm64 KIC driver is supported starting from v1.17.0 + version = "v1.17.0" + } else { + // v1.8.0 would be selected, but: https://github.com/kubernetes/minikube/issues/8740 + version = "v1.9.0" + } + } + // the version containerd in ISO was upgraded to 1.4.2 + // we need it to use runc.v2 plugin + if ContainerRuntime() == "containerd" { + version = "v1.16.0" + } + return version +} + // legacyStartArgs returns the arguments normally used for starting older versions of minikube func legacyStartArgs() []string { return strings.Split(strings.ReplaceAll(*startArgs, "--driver", "--vm-driver"), " ") @@ -76,26 +96,10 @@ func TestRunningBinaryUpgrade(t *testing.T) { defer CleanupWithLogs(t, profile, cancel) - // Should be a version from the last 6 months - legacyVersion := "v1.6.2" - if KicDriver() { - if arm64Platform() { - // arm64 KIC driver is supported starting from v1.17.0 - legacyVersion = "v1.17.0" - } else { - // v1.8.0 would be selected, but: https://github.com/kubernetes/minikube/issues/8740 - legacyVersion = "v1.9.0" - } - } - // the version containerd in ISO was upgraded to 1.4.2 - // we need it to use runc.v2 plugin - if ContainerRuntime() == "containerd" { - legacyVersion = "v1.16.0" - } - - tf, err := installRelease(legacyVersion) + desiredLegacyVersion := legacyVersion() + tf, err := installRelease(desiredLegacyVersion) if err != nil { - t.Fatalf("%s release installation failed: %v", legacyVersion, err) + t.Fatalf("%s release installation failed: %v", desiredLegacyVersion, err) } defer os.Remove(tf.Name()) @@ -127,13 +131,13 @@ func TestRunningBinaryUpgrade(t *testing.T) { // Retry up to two times, to allow flakiness for the legacy release if err := retry.Expo(r, 1*time.Second, Minutes(30), 2); err != nil { - t.Fatalf("legacy %s start failed: %v", legacyVersion, err) + t.Fatalf("legacy %s start failed: %v", desiredLegacyVersion, err) } args = append([]string{"start", "-p", profile, "--memory=2200", "--alsologtostderr", "-v=1"}, StartArgs()...) rr, err = Run(t, exec.CommandContext(ctx, Target(), args...)) if err != nil { - t.Fatalf("upgrade from %s to HEAD failed: %s: %v", legacyVersion, rr.Command(), err) + t.Fatalf("upgrade from %s to HEAD failed: %s: %v", desiredLegacyVersion, rr.Command(), err) } } @@ -150,30 +154,10 @@ func TestStoppedBinaryUpgrade(t *testing.T) { defer CleanupWithLogs(t, profile, cancel) - // Guarantee stopped upgrade compatibility from a release that is at least 1 year old - // NOTE: Date: Thu, 5 Aug 2021 11:38:45 -0700 Subject: [PATCH 053/205] Add documentation explaining the maintainer field. --- site/content/en/docs/contrib/addons.en.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site/content/en/docs/contrib/addons.en.md b/site/content/en/docs/contrib/addons.en.md index b16a2f9ad9..ba1a67b1d8 100644 --- a/site/content/en/docs/contrib/addons.en.md +++ b/site/content/en/docs/contrib/addons.en.md @@ -77,7 +77,7 @@ Then, add into `pkg/minikube/assets/addons.go` the list of files to copy into th "registry-proxy.yaml", "0640", false), - }, false, "registry"), + }, false, "registry", "google"), ``` The `MustBinAsset` arguments are: @@ -89,7 +89,7 @@ The `MustBinAsset` arguments are: * permissions (typically `0640`) * boolean value representing if template substitution is required (often `false`) -The boolean value on the last line is whether the addon should be enabled by default. This should always be `false`. +The boolean value on the last line is whether the addon should be enabled by default. This should always be `false`. In addition, following the addon name on the last line is the maintainer field. This is meant to inform users about the controlling party of an addon's images. In the case above, the maintainer is Google, since the registry addon uses images that Google controls. When creating a new addon, the source of the images should be contacted and requested whether they are willing to be the point of contact for this addon before being put. If the source does not accept the responsibility, leaving the maintainer field empty is acceptable. To see other examples, see the [addons commit history](https://github.com/kubernetes/minikube/commits/master/deploy/addons) for other recent examples. From bd00169c07e57d4a925369ade88491161b9efcbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Thu, 5 Aug 2021 13:07:18 +0200 Subject: [PATCH 054/205] Make sure to return valid containerd version For instance ubuntu put their packaging version into it. Only return the major, minor and patch no in that case. --- pkg/minikube/cruntime/containerd.go | 24 +++++++++++++++++++----- pkg/minikube/cruntime/containerd_test.go | 23 +++++++++++++++++++++++ 2 files changed, 42 insertions(+), 5 deletions(-) diff --git a/pkg/minikube/cruntime/containerd.go b/pkg/minikube/cruntime/containerd.go index 3ca3fc3974..d9b5e141e8 100644 --- a/pkg/minikube/cruntime/containerd.go +++ b/pkg/minikube/cruntime/containerd.go @@ -140,6 +140,21 @@ func (r *Containerd) Style() style.Enum { return style.Containerd } +// parseContainerdVersion parses version from containerd --version +func parseContainerdVersion(line string) (string, error) { + // containerd github.com/containerd/containerd v1.0.0 89623f28b87a6004d4b785663257362d1658a729 + words := strings.Split(line, " ") + if len(words) >= 4 && words[0] == "containerd" { + version := strings.Replace(words[2], "v", "", 1) + if _, err := semver.Parse(version); err != nil { + parts := strings.SplitN(version, "-", 2) + return parts[0], nil + } + return version, nil + } + return "", fmt.Errorf("unknown version: %q", line) +} + // Version retrieves the current version of this runtime func (r *Containerd) Version() (string, error) { c := exec.Command("containerd", "--version") @@ -147,12 +162,11 @@ func (r *Containerd) Version() (string, error) { if err != nil { return "", errors.Wrapf(err, "containerd check version.") } - // containerd github.com/containerd/containerd v1.2.0 c4446665cb9c30056f4998ed953e6d4ff22c7c39 - words := strings.Split(rr.Stdout.String(), " ") - if len(words) >= 4 && words[0] == "containerd" { - return strings.Replace(words[2], "v", "", 1), nil + version, err := parseContainerdVersion(rr.Stdout.String()) + if err != nil { + return "", err } - return "", fmt.Errorf("unknown version: %q", rr.Stdout.String()) + return version, nil } // SocketPath returns the path to the socket file for containerd diff --git a/pkg/minikube/cruntime/containerd_test.go b/pkg/minikube/cruntime/containerd_test.go index b6ce4de377..bed4064e74 100644 --- a/pkg/minikube/cruntime/containerd_test.go +++ b/pkg/minikube/cruntime/containerd_test.go @@ -40,3 +40,26 @@ func TestAddRepoTagToImageName(t *testing.T) { }) } } + +func TestParseContainerdVersion(t *testing.T) { + var tests = []struct { + version string + want string + }{ + {"containerd github.com/containerd/containerd v1.2.0 c4446665cb9c30056f4998ed953e6d4ff22c7c39", "1.2.0"}, + {"containerd github.com/containerd/containerd v1.2.1-rc.0 de1f167ab96338a9f5c2b17347abf84bdf1dd411", "1.2.1-rc.0"}, + {"containerd github.com/containerd/containerd 1.4.4-0ubuntu1 ", "1.4.4-0ubuntu1"}, + {"containerd github.com/containerd/containerd 1.5.2-0ubuntu1~21.04.2 ", "1.5.2"}, + } + for _, tc := range tests { + t.Run(tc.version, func(t *testing.T) { + got, err := parseContainerdVersion(tc.version) + if err != nil { + t.Fatalf("parse(%s): %v", tc.version, err) + } + if got != tc.want { + t.Errorf("expected version to be: %q but got %q", tc.want, got) + } + }) + } +} From e6af39a3586b00396a7a567289b5faab66084dab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Thu, 5 Aug 2021 23:02:49 +0200 Subject: [PATCH 055/205] Special case for handling deb package versions So that we still show the patched version, if possible. But not everything can be represented as semver, like ~. --- pkg/minikube/cruntime/containerd.go | 1 + pkg/minikube/cruntime/containerd_test.go | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/minikube/cruntime/containerd.go b/pkg/minikube/cruntime/containerd.go index d9b5e141e8..edc22533f1 100644 --- a/pkg/minikube/cruntime/containerd.go +++ b/pkg/minikube/cruntime/containerd.go @@ -146,6 +146,7 @@ func parseContainerdVersion(line string) (string, error) { words := strings.Split(line, " ") if len(words) >= 4 && words[0] == "containerd" { version := strings.Replace(words[2], "v", "", 1) + version = strings.SplitN(version, "~", 2)[0] if _, err := semver.Parse(version); err != nil { parts := strings.SplitN(version, "-", 2) return parts[0], nil diff --git a/pkg/minikube/cruntime/containerd_test.go b/pkg/minikube/cruntime/containerd_test.go index bed4064e74..1b518bf5cb 100644 --- a/pkg/minikube/cruntime/containerd_test.go +++ b/pkg/minikube/cruntime/containerd_test.go @@ -49,7 +49,8 @@ func TestParseContainerdVersion(t *testing.T) { {"containerd github.com/containerd/containerd v1.2.0 c4446665cb9c30056f4998ed953e6d4ff22c7c39", "1.2.0"}, {"containerd github.com/containerd/containerd v1.2.1-rc.0 de1f167ab96338a9f5c2b17347abf84bdf1dd411", "1.2.1-rc.0"}, {"containerd github.com/containerd/containerd 1.4.4-0ubuntu1 ", "1.4.4-0ubuntu1"}, - {"containerd github.com/containerd/containerd 1.5.2-0ubuntu1~21.04.2 ", "1.5.2"}, + {"containerd github.com/containerd/containerd 1.5.2-0ubuntu1~21.04.2 ", "1.5.2-0ubuntu1"}, + {"containerd github.com/containerd/containerd 1.5.4~ds1 1.5.4~ds1-1", "1.5.4"}, } for _, tc := range tests { t.Run(tc.version, func(t *testing.T) { From 5ca148661f80c3af8411bd001205d3f3d1dcee96 Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Thu, 5 Aug 2021 21:06:19 +0000 Subject: [PATCH 056/205] Update auto-generated docs and translations --- site/content/en/docs/contrib/tests.en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/content/en/docs/contrib/tests.en.md b/site/content/en/docs/contrib/tests.en.md index 13d3450c34..c80d597181 100644 --- a/site/content/en/docs/contrib/tests.en.md +++ b/site/content/en/docs/contrib/tests.en.md @@ -340,7 +340,7 @@ verifies the preload tarballs get pulled in properly by minikube tests the schedule stop functionality on Windows ## TestScheduledStopUnix -TestScheduledStopWindows tests the schedule stop functionality on Unix +tests the schedule stop functionality on Unix ## TestSkaffold makes sure skaffold run can be run with minikube From 100878eead3984297ffac25b175b14f927d6e4b8 Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Thu, 5 Aug 2021 17:01:31 -0700 Subject: [PATCH 057/205] fix extra line in update kuberenetes autmation --- .../templates/v1beta2/containerd-api-port.yaml | 2 +- .../templates/v1beta2/containerd-pod-network-cidr.yaml | 2 +- .../update/kubernetes_version/templates/v1beta2/containerd.yaml | 2 +- hack/update/kubernetes_version/templates/v1beta2/crio.yaml | 2 +- hack/update/kubernetes_version/templates/v1beta2/default.yaml | 2 +- hack/update/kubernetes_version/templates/v1beta2/dns.yaml | 2 +- .../kubernetes_version/templates/v1beta2/image-repository.yaml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/hack/update/kubernetes_version/templates/v1beta2/containerd-api-port.yaml b/hack/update/kubernetes_version/templates/v1beta2/containerd-api-port.yaml index 9037f63241..c946a53272 100644 --- a/hack/update/kubernetes_version/templates/v1beta2/containerd-api-port.yaml +++ b/hack/update/kubernetes_version/templates/v1beta2/containerd-api-port.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s \ No newline at end of file + tcpCloseWaitTimeout: 0s diff --git a/hack/update/kubernetes_version/templates/v1beta2/containerd-pod-network-cidr.yaml b/hack/update/kubernetes_version/templates/v1beta2/containerd-pod-network-cidr.yaml index 1d4c47557c..e1f0f3f325 100644 --- a/hack/update/kubernetes_version/templates/v1beta2/containerd-pod-network-cidr.yaml +++ b/hack/update/kubernetes_version/templates/v1beta2/containerd-pod-network-cidr.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s \ No newline at end of file + tcpCloseWaitTimeout: 0s diff --git a/hack/update/kubernetes_version/templates/v1beta2/containerd.yaml b/hack/update/kubernetes_version/templates/v1beta2/containerd.yaml index 371a01462a..9e1fd6d74b 100644 --- a/hack/update/kubernetes_version/templates/v1beta2/containerd.yaml +++ b/hack/update/kubernetes_version/templates/v1beta2/containerd.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s \ No newline at end of file + tcpCloseWaitTimeout: 0s diff --git a/hack/update/kubernetes_version/templates/v1beta2/crio.yaml b/hack/update/kubernetes_version/templates/v1beta2/crio.yaml index 1a28f99a7d..bc7a440b6c 100644 --- a/hack/update/kubernetes_version/templates/v1beta2/crio.yaml +++ b/hack/update/kubernetes_version/templates/v1beta2/crio.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s \ No newline at end of file + tcpCloseWaitTimeout: 0s diff --git a/hack/update/kubernetes_version/templates/v1beta2/default.yaml b/hack/update/kubernetes_version/templates/v1beta2/default.yaml index 6fd15b0bf0..dc484b5891 100644 --- a/hack/update/kubernetes_version/templates/v1beta2/default.yaml +++ b/hack/update/kubernetes_version/templates/v1beta2/default.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s \ No newline at end of file + tcpCloseWaitTimeout: 0s diff --git a/hack/update/kubernetes_version/templates/v1beta2/dns.yaml b/hack/update/kubernetes_version/templates/v1beta2/dns.yaml index f8536ad49a..7891a251e1 100644 --- a/hack/update/kubernetes_version/templates/v1beta2/dns.yaml +++ b/hack/update/kubernetes_version/templates/v1beta2/dns.yaml @@ -71,4 +71,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s \ No newline at end of file + tcpCloseWaitTimeout: 0s diff --git a/hack/update/kubernetes_version/templates/v1beta2/image-repository.yaml b/hack/update/kubernetes_version/templates/v1beta2/image-repository.yaml index f9114b72e0..39d7d628f3 100644 --- a/hack/update/kubernetes_version/templates/v1beta2/image-repository.yaml +++ b/hack/update/kubernetes_version/templates/v1beta2/image-repository.yaml @@ -72,4 +72,4 @@ conntrack: # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established" tcpEstablishedTimeout: 0s # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close" - tcpCloseWaitTimeout: 0s \ No newline at end of file + tcpCloseWaitTimeout: 0s From 6d4eec056be83bf5afeac7f963be156d60f6f35f Mon Sep 17 00:00:00 2001 From: Steven Powell Date: Fri, 6 Aug 2021 00:24:28 +0000 Subject: [PATCH 058/205] fix loading an image from tar failing on existing delete --- pkg/minikube/machine/cache_images.go | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/pkg/minikube/machine/cache_images.go b/pkg/minikube/machine/cache_images.go index 36c2fe2ad4..ad97ddcf8d 100644 --- a/pkg/minikube/machine/cache_images.go +++ b/pkg/minikube/machine/cache_images.go @@ -269,11 +269,8 @@ func transferAndLoadImage(cr command.Runner, k8s config.KubernetesConfig, src st return errors.Wrap(err, "runtime") } - if err := r.RemoveImage(imgName); err != nil { - errStr := strings.ToLower(err.Error()) - if !strings.Contains(errStr, "no such image") { - return errors.Wrap(err, "removing image") - } + if err := removeExistingImage(r, src, imgName); err != nil { + return err } klog.Infof("Loading image from: %s", src) @@ -309,6 +306,26 @@ func transferAndLoadImage(cr command.Runner, k8s config.KubernetesConfig, src st return nil } +func removeExistingImage(r cruntime.Manager, src string, imgName string) error { + // if loading an image from tar, skip deleting as we don't have the actual image name + // ie. imgName = "C:\this_is_a_dir\image.tar.gz" + if src == imgName { + return nil + } + + err := r.RemoveImage(imgName) + if err == nil { + return nil + } + + errStr := strings.ToLower(err.Error()) + if !strings.Contains(errStr, "no such image") { + return errors.Wrap(err, "removing image") + } + + return nil +} + // pullImages pulls images to the container run time func pullImages(cruntime cruntime.Manager, images []string) error { klog.Infof("PullImages start: %s", images) From 1c1f4a64e5530c30783a3a2aa7d4b6f77fc5859a Mon Sep 17 00:00:00 2001 From: Julien Breux Date: Fri, 6 Aug 2021 10:13:48 +0200 Subject: [PATCH 059/205] doc: refresh roadmap year date and sort checkboxes --- site/content/en/docs/contrib/roadmap.en.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/site/content/en/docs/contrib/roadmap.en.md b/site/content/en/docs/contrib/roadmap.en.md index affbe6aa7b..b4f07c3c24 100644 --- a/site/content/en/docs/contrib/roadmap.en.md +++ b/site/content/en/docs/contrib/roadmap.en.md @@ -6,17 +6,17 @@ description: > Development Roadmap --- -This roadmap is a living document outlining the major technical improvements which we would like to see in minikube during 2020, divided by how they apply to our [guiding principles]({{< ref "/docs/contrib/principles" >}}) +This roadmap is a living document outlining the major technical improvements which we would like to see in minikube during 2021, divided by how they apply to our [guiding principles]({{< ref "/docs/contrib/principles" >}}) Please send a PR to suggest any improvements to it. -# 2020 +# 2021 ## (#1) Inclusive and community-driven - [x] Maintainers from 4 countries, 4 companies -- [ ] Installation documentation in 5+ written languages - [x] Enhancements approved by a community-driven process +- [ ] Installation documentation in 5+ written languages ## (#2) User-friendly @@ -48,9 +48,9 @@ Please send a PR to suggest any improvements to it. ## (#6) High Performance - [x] Startup latency under 30s -- [ ] Kernel-assisted mounts (CIFS, NFS) by default - [x] Pause support - [x] <25% CPU overhead on a single core +- [ ] Kernel-assisted mounts (CIFS, NFS) by default ## (#7) Developer Focused From cd08ce7c4dc6ddced16e61d4489b73dafb6e6600 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Mon, 7 Jun 2021 19:40:56 +0200 Subject: [PATCH 060/205] Upgrade Docker, from 20.10.6 to 20.10.7 runc v1.0.0-rc95 containerd v1.4.6 --- .../minikube-iso/package/containerd-bin/containerd-bin.hash | 1 + .../iso/minikube-iso/package/containerd-bin/containerd-bin.mk | 4 ++-- deploy/iso/minikube-iso/package/docker-bin/docker-bin.hash | 1 + deploy/iso/minikube-iso/package/docker-bin/docker-bin.mk | 2 +- deploy/iso/minikube-iso/package/runc-master/runc-master.hash | 1 + deploy/iso/minikube-iso/package/runc-master/runc-master.mk | 4 ++-- 6 files changed, 8 insertions(+), 5 deletions(-) diff --git a/deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.hash b/deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.hash index 5e9b1d0ea1..511018f447 100644 --- a/deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.hash +++ b/deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.hash @@ -9,3 +9,4 @@ sha256 d30d59e143697aa4f0960205b3f5ac59c573b332f20507740ef2dc0fb5ae8ded v1.3.7.t sha256 9244212589c84b12262769dca6fb985c0c680cb5259c8904b29c511d81fd62d0 v1.3.9.tar.gz sha256 bc6d9452c700af0ebc09c0da8ddba55be4c03ac8928e72ca92d98905800c8018 v1.4.3.tar.gz sha256 ac62c64664bf62fd44df0891c896eecdb6d93def3438271d7892dca75bc069d1 v1.4.4.tar.gz +sha256 285a3f4c00a87538bd7d0a82a0a8a758458c02b925349f44f3189f480c326038 v1.4.6.tar.gz diff --git a/deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.mk b/deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.mk index 9b13803827..aba7cb9f3d 100644 --- a/deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.mk +++ b/deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.mk @@ -3,8 +3,8 @@ # containerd # ################################################################################ -CONTAINERD_BIN_VERSION = v1.4.4 -CONTAINERD_BIN_COMMIT = 05f951a3781f4f2c1911b05e61c160e9c30eaa8e +CONTAINERD_BIN_VERSION = v1.4.6 +CONTAINERD_BIN_COMMIT = d71fcd7d8303cbf684402823e425e9dd2e99285d CONTAINERD_BIN_SITE = https://github.com/containerd/containerd/archive CONTAINERD_BIN_SOURCE = $(CONTAINERD_BIN_VERSION).tar.gz CONTAINERD_BIN_DEPENDENCIES = host-go libgpgme diff --git a/deploy/iso/minikube-iso/package/docker-bin/docker-bin.hash b/deploy/iso/minikube-iso/package/docker-bin/docker-bin.hash index 2a5c68af7f..07fb21462b 100644 --- a/deploy/iso/minikube-iso/package/docker-bin/docker-bin.hash +++ b/deploy/iso/minikube-iso/package/docker-bin/docker-bin.hash @@ -30,3 +30,4 @@ sha256 47065a47f0692cd5af03073c7386fe090d9ef5ac88a7d8455a884d8e15809be5 docker- sha256 6ec28b6a251e093f5cf32569c4bfce4821eda02923b33c060694e6ca2c851daa docker-20.10.4.tgz sha256 3f18edc66e1faae607d428349e77f9800bdea554528521f0f6c49fc3f1de6abf docker-20.10.5.tgz sha256 e3b6c3b11518281a51fb0eee73138482b83041e908f01adf8abd3a24b34ea21e docker-20.10.6.tgz +sha256 34ad50146fce29b28e5115a1e8510dd5232459c9a4a9f28f65909f92cca314d9 docker-20.10.7.tgz diff --git a/deploy/iso/minikube-iso/package/docker-bin/docker-bin.mk b/deploy/iso/minikube-iso/package/docker-bin/docker-bin.mk index 0539d87d75..1f425f7761 100644 --- a/deploy/iso/minikube-iso/package/docker-bin/docker-bin.mk +++ b/deploy/iso/minikube-iso/package/docker-bin/docker-bin.mk @@ -4,7 +4,7 @@ # ################################################################################ -DOCKER_BIN_VERSION = 20.10.6 +DOCKER_BIN_VERSION = 20.10.7 DOCKER_BIN_SITE = https://download.docker.com/linux/static/stable/x86_64 DOCKER_BIN_SOURCE = docker-$(DOCKER_BIN_VERSION).tgz diff --git a/deploy/iso/minikube-iso/package/runc-master/runc-master.hash b/deploy/iso/minikube-iso/package/runc-master/runc-master.hash index 290e159f11..6df4fd451d 100644 --- a/deploy/iso/minikube-iso/package/runc-master/runc-master.hash +++ b/deploy/iso/minikube-iso/package/runc-master/runc-master.hash @@ -9,3 +9,4 @@ sha256 4ffe8323397d85dda7d5875fa6bdaf3f8c93592c1947dfa24a034719dc6f728e d736ef14 sha256 defe87a5f15edc54288d3261f5be28219b9b9d904d98c6020eb2e45400a04fb2 dc9208a3303feef5b3839f4323d9beb36df0a9dd.tar.gz sha256 bfcbbcb12664d5f8c1b794f37a457a8db53291c82be5a3157d8efb91aab193bf ff819c7e9184c13b7c2607fe6c30ae19403a7aff.tar.gz sha256 144973344b73627b5f69aa88b9e6655d692447ec317a0d5fa9777496a8ac186e 12644e614e25b05da6fd08a38ffa0cfe1903fdec.tar.gz +sha256 821ff8629329b4b7e4ccf24b5bf369c9739887736be30ba06a0d8053eb0e0b23 b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7.tar.gz diff --git a/deploy/iso/minikube-iso/package/runc-master/runc-master.mk b/deploy/iso/minikube-iso/package/runc-master/runc-master.mk index 50976e73a5..e251fb9a20 100644 --- a/deploy/iso/minikube-iso/package/runc-master/runc-master.mk +++ b/deploy/iso/minikube-iso/package/runc-master/runc-master.mk @@ -4,8 +4,8 @@ # ################################################################################ -# As of 2021-02-03, v1.0.0-rc93 -RUNC_MASTER_VERSION = 12644e614e25b05da6fd08a38ffa0cfe1903fdec +# As of 2021-05-19, v1.0.0-rc95 +RUNC_MASTER_VERSION = b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7 RUNC_MASTER_SITE = https://github.com/opencontainers/runc/archive RUNC_MASTER_SOURCE = $(RUNC_MASTER_VERSION).tar.gz RUNC_MASTER_LICENSE = Apache-2.0 From 7971e043de8322fc638e46bf442282fd84022f68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Wed, 4 Aug 2021 21:44:57 +0200 Subject: [PATCH 061/205] Upgrade Docker, from 20.10.7 to 20.10.8 runc v1.0.1 containerd v1.4.9 --- .../minikube-iso/package/containerd-bin/containerd-bin.hash | 1 + .../iso/minikube-iso/package/containerd-bin/containerd-bin.mk | 4 ++-- deploy/iso/minikube-iso/package/docker-bin/docker-bin.hash | 1 + deploy/iso/minikube-iso/package/docker-bin/docker-bin.mk | 2 +- deploy/iso/minikube-iso/package/runc-master/runc-master.hash | 1 + deploy/iso/minikube-iso/package/runc-master/runc-master.mk | 4 ++-- 6 files changed, 8 insertions(+), 5 deletions(-) diff --git a/deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.hash b/deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.hash index 511018f447..23ec573fc8 100644 --- a/deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.hash +++ b/deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.hash @@ -10,3 +10,4 @@ sha256 9244212589c84b12262769dca6fb985c0c680cb5259c8904b29c511d81fd62d0 v1.3.9.t sha256 bc6d9452c700af0ebc09c0da8ddba55be4c03ac8928e72ca92d98905800c8018 v1.4.3.tar.gz sha256 ac62c64664bf62fd44df0891c896eecdb6d93def3438271d7892dca75bc069d1 v1.4.4.tar.gz sha256 285a3f4c00a87538bd7d0a82a0a8a758458c02b925349f44f3189f480c326038 v1.4.6.tar.gz +sha256 3bb9f54be022067847f5930d21ebbfe4e7a67f589d78930aa0ac713492c28bcc v1.4.9.tar.gz diff --git a/deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.mk b/deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.mk index aba7cb9f3d..31f483c2ed 100644 --- a/deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.mk +++ b/deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.mk @@ -3,8 +3,8 @@ # containerd # ################################################################################ -CONTAINERD_BIN_VERSION = v1.4.6 -CONTAINERD_BIN_COMMIT = d71fcd7d8303cbf684402823e425e9dd2e99285d +CONTAINERD_BIN_VERSION = v1.4.9 +CONTAINERD_BIN_COMMIT = e25210fe30a0a703442421b0f60afac609f950a3 CONTAINERD_BIN_SITE = https://github.com/containerd/containerd/archive CONTAINERD_BIN_SOURCE = $(CONTAINERD_BIN_VERSION).tar.gz CONTAINERD_BIN_DEPENDENCIES = host-go libgpgme diff --git a/deploy/iso/minikube-iso/package/docker-bin/docker-bin.hash b/deploy/iso/minikube-iso/package/docker-bin/docker-bin.hash index 07fb21462b..b574e52130 100644 --- a/deploy/iso/minikube-iso/package/docker-bin/docker-bin.hash +++ b/deploy/iso/minikube-iso/package/docker-bin/docker-bin.hash @@ -31,3 +31,4 @@ sha256 6ec28b6a251e093f5cf32569c4bfce4821eda02923b33c060694e6ca2c851daa docker- sha256 3f18edc66e1faae607d428349e77f9800bdea554528521f0f6c49fc3f1de6abf docker-20.10.5.tgz sha256 e3b6c3b11518281a51fb0eee73138482b83041e908f01adf8abd3a24b34ea21e docker-20.10.6.tgz sha256 34ad50146fce29b28e5115a1e8510dd5232459c9a4a9f28f65909f92cca314d9 docker-20.10.7.tgz +sha256 7ea11ecb100fdc085dbfd9ab1ff380e7f99733c890ed815510a5952e5d6dd7e0 docker-20.10.8.tgz diff --git a/deploy/iso/minikube-iso/package/docker-bin/docker-bin.mk b/deploy/iso/minikube-iso/package/docker-bin/docker-bin.mk index 1f425f7761..726209627d 100644 --- a/deploy/iso/minikube-iso/package/docker-bin/docker-bin.mk +++ b/deploy/iso/minikube-iso/package/docker-bin/docker-bin.mk @@ -4,7 +4,7 @@ # ################################################################################ -DOCKER_BIN_VERSION = 20.10.7 +DOCKER_BIN_VERSION = 20.10.8 DOCKER_BIN_SITE = https://download.docker.com/linux/static/stable/x86_64 DOCKER_BIN_SOURCE = docker-$(DOCKER_BIN_VERSION).tgz diff --git a/deploy/iso/minikube-iso/package/runc-master/runc-master.hash b/deploy/iso/minikube-iso/package/runc-master/runc-master.hash index 6df4fd451d..d00061b352 100644 --- a/deploy/iso/minikube-iso/package/runc-master/runc-master.hash +++ b/deploy/iso/minikube-iso/package/runc-master/runc-master.hash @@ -10,3 +10,4 @@ sha256 defe87a5f15edc54288d3261f5be28219b9b9d904d98c6020eb2e45400a04fb2 dc9208a3 sha256 bfcbbcb12664d5f8c1b794f37a457a8db53291c82be5a3157d8efb91aab193bf ff819c7e9184c13b7c2607fe6c30ae19403a7aff.tar.gz sha256 144973344b73627b5f69aa88b9e6655d692447ec317a0d5fa9777496a8ac186e 12644e614e25b05da6fd08a38ffa0cfe1903fdec.tar.gz sha256 821ff8629329b4b7e4ccf24b5bf369c9739887736be30ba06a0d8053eb0e0b23 b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7.tar.gz +sha256 50cc479cabf6e7edb9070a7c28b3460b0acc2a01650fc5934f5037cb96b9e2cf 4144b63817ebcc5b358fc2c8ef95f7cddd709aa7.tar.gz diff --git a/deploy/iso/minikube-iso/package/runc-master/runc-master.mk b/deploy/iso/minikube-iso/package/runc-master/runc-master.mk index e251fb9a20..d4b8852c04 100644 --- a/deploy/iso/minikube-iso/package/runc-master/runc-master.mk +++ b/deploy/iso/minikube-iso/package/runc-master/runc-master.mk @@ -4,8 +4,8 @@ # ################################################################################ -# As of 2021-05-19, v1.0.0-rc95 -RUNC_MASTER_VERSION = b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7 +# As of 2021-07-16, v1.0.1 +RUNC_MASTER_VERSION = 4144b63817ebcc5b358fc2c8ef95f7cddd709aa7 RUNC_MASTER_SITE = https://github.com/opencontainers/runc/archive RUNC_MASTER_SOURCE = $(RUNC_MASTER_VERSION).tar.gz RUNC_MASTER_LICENSE = Apache-2.0 From 3dccb2bea08f38d55d9ce519692a250a8015c413 Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Fri, 6 Aug 2021 09:27:20 +0000 Subject: [PATCH 062/205] Updating ISO to v1.22.0-1628238775-12122 --- Makefile | 2 +- pkg/minikube/download/iso.go | 2 +- site/content/en/docs/commands/start.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 96af848bc5..ac835771e2 100644 --- a/Makefile +++ b/Makefile @@ -23,7 +23,7 @@ KUBERNETES_VERSION ?= $(shell egrep "DefaultKubernetesVersion =" pkg/minikube/co KIC_VERSION ?= $(shell egrep "Version =" pkg/drivers/kic/types.go | cut -d \" -f2) # Default to .0 for higher cache hit rates, as build increments typically don't require new ISO versions -ISO_VERSION ?= v1.22.0-1628159026-12129 +ISO_VERSION ?= v1.22.0-1628238775-12122 # Dashes are valid in semver, but not Linux packaging. Use ~ to delimit alpha/beta DEB_VERSION ?= $(subst -,~,$(RAW_VERSION)) DEB_REVISION ?= 0 diff --git a/pkg/minikube/download/iso.go b/pkg/minikube/download/iso.go index 7d928a4a4a..498c90c70d 100644 --- a/pkg/minikube/download/iso.go +++ b/pkg/minikube/download/iso.go @@ -40,7 +40,7 @@ const fileScheme = "file" // DefaultISOURLs returns a list of ISO URL's to consult by default, in priority order func DefaultISOURLs() []string { v := version.GetISOVersion() - isoBucket := "minikube-builds/iso/12129" + isoBucket := "minikube-builds/iso/12122" return []string{ fmt.Sprintf("https://storage.googleapis.com/%s/minikube-%s.iso", isoBucket, v), fmt.Sprintf("https://github.com/kubernetes/minikube/releases/download/%s/minikube-%s.iso", v, v), diff --git a/site/content/en/docs/commands/start.md b/site/content/en/docs/commands/start.md index f015981a18..b8404dc5e2 100644 --- a/site/content/en/docs/commands/start.md +++ b/site/content/en/docs/commands/start.md @@ -65,7 +65,7 @@ minikube start [flags] --insecure-registry strings Insecure Docker registries to pass to the Docker daemon. The default service CIDR range will automatically be added. --install-addons If set, install addons. Defaults to true. (default true) --interactive Allow user prompts for more information (default true) - --iso-url strings Locations to fetch the minikube ISO from. (default [https://storage.googleapis.com/minikube-builds/iso/12129/minikube-v1.22.0-1628159026-12129.iso,https://github.com/kubernetes/minikube/releases/download/v1.22.0-1628159026-12129/minikube-v1.22.0-1628159026-12129.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.22.0-1628159026-12129.iso]) + --iso-url strings Locations to fetch the minikube ISO from. (default [https://storage.googleapis.com/minikube-builds/iso/12122/minikube-v1.22.0-1628238775-12122.iso,https://github.com/kubernetes/minikube/releases/download/v1.22.0-1628238775-12122/minikube-v1.22.0-1628238775-12122.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.22.0-1628238775-12122.iso]) --keep-context This will keep the existing kubectl context and will create a minikube context. --kubernetes-version string The Kubernetes version that the minikube VM will use (ex: v1.2.3, 'stable' for v1.21.3, 'latest' for v1.22.0-rc.0). Defaults to 'stable'. --kvm-gpu Enable experimental NVIDIA GPU support in minikube From 2d4b88bb296a3e8e6daebacc2b81135aa5a743b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Fri, 6 Aug 2021 17:54:08 +0200 Subject: [PATCH 063/205] Mark ssh driver and image build as completed --- site/content/en/docs/contrib/roadmap.en.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site/content/en/docs/contrib/roadmap.en.md b/site/content/en/docs/contrib/roadmap.en.md index affbe6aa7b..cf72db6ce9 100644 --- a/site/content/en/docs/contrib/roadmap.en.md +++ b/site/content/en/docs/contrib/roadmap.en.md @@ -37,7 +37,7 @@ Please send a PR to suggest any improvements to it. - [x] Windows as a first-class citizen - [x] WSL2 support (no additional VM required) - [ ] Firecracker VM support -- [ ] Generic (SSH) driver support +- [x] Generic (SSH) driver support ## (#5) Reliable @@ -54,5 +54,5 @@ Please send a PR to suggest any improvements to it. ## (#7) Developer Focused -- [ ] Container build integration +- [x] Container build integration - [ ] Documented workflow for Kubernetes development From dc11031e7083cedec519ba191fc01cacae85ee68 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Fri, 6 Aug 2021 09:35:08 -0700 Subject: [PATCH 064/205] Create script to handle flake rate computation Jenkins job. --- .../test-flake-chart/compute_flake_rate.sh | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 hack/jenkins/test-flake-chart/compute_flake_rate.sh diff --git a/hack/jenkins/test-flake-chart/compute_flake_rate.sh b/hack/jenkins/test-flake-chart/compute_flake_rate.sh new file mode 100644 index 0000000000..99be706449 --- /dev/null +++ b/hack/jenkins/test-flake-chart/compute_flake_rate.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +# Copyright 2021 The Kubernetes Authors All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -eux -o pipefail + +# Get directory of script. +DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) + +# Update html+js of flake charts. +gsutil cp "${DIR}/flake_chart.html" gs://minikube-flake-rate/flake_chart.html +gsutil cp "${DIR}/flake_chart.js" gs://minikube-flake-rate/flake_chart.js + +DATA_CSV=$(mktemp) +FLAKE_RATES_CSV=$(mktemp) +# Get raw test data. +gsutil cp gs://minikube-flake-rate/data.csv "${DATA_CSV}" +# Compute flake rates. +go run "${DIR}/compute_flake_rate.go" --data-csv="${DATA_CSV}" --date-range=15 > "${FLAKE_RATES_CSV}" +# Upload flake rates. +gsutil cp "${FLAKE_RATES_CSV}" gs://minikube-flake-rate/flake_rates.csv From 9a955c23c4c05dc57eedbefb91289a0ff2507582 Mon Sep 17 00:00:00 2001 From: Steven Powell Date: Fri, 6 Aug 2021 15:01:38 -0700 Subject: [PATCH 065/205] added test that loads an image from a local file --- test/integration/functional_test.go | 51 +++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/test/integration/functional_test.go b/test/integration/functional_test.go index 0516e39712..6dbca5e744 100644 --- a/test/integration/functional_test.go +++ b/test/integration/functional_test.go @@ -152,6 +152,7 @@ func TestFunctional(t *testing.T) { {"NodeLabels", validateNodeLabels}, {"LoadImage", validateLoadImage}, {"RemoveImage", validateRemoveImage}, + {"LoadImageFromFile", validateLoadImageFromFile}, {"BuildImage", validateBuildImage}, {"ListImages", validateListImages}, {"NonActiveRuntimeDisabled", validateNotActiveRuntimeDisabled}, @@ -264,6 +265,56 @@ func validateLoadImage(ctx context.Context, t *testing.T, profile string) { } +// validateLoadImageFromFile makes sure that `minikube image load` works from a local file +func validateLoadImageFromFile(ctx context.Context, t *testing.T, profile string) { + if NoneDriver() { + t.Skip("load image not available on none driver") + } + if GithubActionRunner() && runtime.GOOS == "darwin" { + t.Skip("skipping on github actions and darwin, as this test requires a running docker daemon") + } + defer PostMortemLogs(t, profile) + // pull busybox + busyboxImage := "busybox:1.31" + rr, err := Run(t, exec.CommandContext(ctx, "docker", "pull", busyboxImage)) + if err != nil { + t.Fatalf("failed to setup test (pull image): %v\n%s", err, rr.Output()) + } + + newImage := fmt.Sprintf("docker.io/library/busybox:load-from-file-%s", profile) + rr, err = Run(t, exec.CommandContext(ctx, "docker", "tag", busyboxImage, newImage)) + if err != nil { + t.Fatalf("failed to setup test (tag image) : %v\n%s", err, rr.Output()) + } + + // save image to file + imageFile := "busybox.tar.gz" + rr, err := Run(t, exec.CommandContext(ctx, "docker", "save", newImage, "|", "gzip", ">", imageFile)) + if err != nil { + t.Fatalf("failed to save image to file: %v\n%s", err, rr.Output()) + } + defer os.Remove(imageFile) + + // try to load the new image into minikube + imagePath, err := filepath.Abs(imageFile) + if err != nil { + t.Fatalf("failed to get absolute path of file %q: %v", imageFile, err) + } + rr, err = Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "image", "load", imagePath)) + if err != nil { + t.Fatalf("loading image into minikube: %v\n%s", err, rr.Output()) + } + + // make sure the image was correctly loaded + rr, err = inspectImage(ctx, t, profile, newImage) + if err != nil { + t.Fatalf("listing images: %v\n%s", err, rr.Output()) + } + if !strings.Contains(rr.Output(), fmt.Sprintf("busybox:load-from-file-%s", profile)) { + t.Fatalf("expected %s to be loaded into minikube but the image is not there", newImage) + } +} + // validateRemoveImage makes sures that `minikube image rm` works as expected func validateRemoveImage(ctx context.Context, t *testing.T, profile string) { if NoneDriver() { From b859ede3c014ccf8b30e0f8f8d99807009c99dc1 Mon Sep 17 00:00:00 2001 From: Steven Powell Date: Fri, 6 Aug 2021 15:08:35 -0700 Subject: [PATCH 066/205] fix linting --- test/integration/functional_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/functional_test.go b/test/integration/functional_test.go index 6dbca5e744..b06f797077 100644 --- a/test/integration/functional_test.go +++ b/test/integration/functional_test.go @@ -289,7 +289,7 @@ func validateLoadImageFromFile(ctx context.Context, t *testing.T, profile string // save image to file imageFile := "busybox.tar.gz" - rr, err := Run(t, exec.CommandContext(ctx, "docker", "save", newImage, "|", "gzip", ">", imageFile)) + rr, err = Run(t, exec.CommandContext(ctx, "docker", "save", newImage, "|", "gzip", ">", imageFile)) if err != nil { t.Fatalf("failed to save image to file: %v\n%s", err, rr.Output()) } From 92a3f8c365baa6cb8f874759e0b205765db0912e Mon Sep 17 00:00:00 2001 From: Steven Powell Date: Fri, 6 Aug 2021 16:21:57 -0700 Subject: [PATCH 067/205] fix not appending .exe to binary --- test/integration/skaffold_test.go | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/test/integration/skaffold_test.go b/test/integration/skaffold_test.go index 2723a87568..f801b6117c 100644 --- a/test/integration/skaffold_test.go +++ b/test/integration/skaffold_test.go @@ -72,8 +72,15 @@ func TestSkaffold(t *testing.T) { t.Fatalf("unable to determine abs path: %v", err) } - if filepath.Base(Target()) != "minikube" { - new := filepath.Join(filepath.Dir(abs), "minikube") + binaryName := "minikube" + pathSeparator := ":" + if runtime.GOOS == "windows" { + binaryName += ".exe" + pathSeparator = ";" + } + + if filepath.Base(Target()) != binaryName { + new := filepath.Join(filepath.Dir(abs), binaryName) t.Logf("copying %s to %s", Target(), new) if err := copy.Copy(Target(), new); err != nil { t.Fatalf("error copying to minikube") @@ -81,10 +88,6 @@ func TestSkaffold(t *testing.T) { } oldPath := os.Getenv("PATH") - pathSeparator := ":" - if runtime.GOOS == "windows" { - pathSeparator = ";" - } os.Setenv("PATH", fmt.Sprintf("%s%s%s", filepath.Dir(abs), pathSeparator, os.Getenv("PATH"))) // make sure 'docker' and 'minikube' are now in PATH From 5e4f5d435ee332d1e3818148135f3346dd16898a Mon Sep 17 00:00:00 2001 From: rajdevworks <57292575+rajdevworks@users.noreply.github.com> Date: Mon, 9 Aug 2021 00:15:12 -0500 Subject: [PATCH 068/205] Create external-packages.en.md A page under Contributions to guide managing external packages Add first external package - chocolatey --- site/content/en/docs/contrib/external-packages.en.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 site/content/en/docs/contrib/external-packages.en.md diff --git a/site/content/en/docs/contrib/external-packages.en.md b/site/content/en/docs/contrib/external-packages.en.md new file mode 100644 index 0000000000..fab9b2c4c6 --- /dev/null +++ b/site/content/en/docs/contrib/external-packages.en.md @@ -0,0 +1,12 @@ +--- +title: "Managing External Packages" +linkTitle: "Managing External Packages" +--- + +## Managing External Packages + +### Chocolatey +* It is a software management automation for Windows that wraps installers, executables, zips, and scripts into compiled packages. +* View Minikube package on Chocolatey [here](https://community.chocolatey.org/packages/Minikube/). +* View current status of the Chocolatey pacakge [here](https://gist.github.com/choco-bot/a14b1e5bfaf70839b338eb1ab7f8226f). +* View the update script [here](https://github.com/chocolatey-community/chocolatey-coreteampackages/tree/master/automatic/minikube). From f3a069b7293681b4aede51788b5d4fd0291fe0b8 Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Mon, 9 Aug 2021 09:02:04 +0000 Subject: [PATCH 069/205] bump golang versions --- .github/workflows/build.yml | 2 +- .github/workflows/docs.yml | 2 +- .github/workflows/leaderboard.yml | 2 +- .github/workflows/master.yml | 2 +- .github/workflows/pr.yml | 2 +- .github/workflows/pr_verified.yaml | 2 +- .github/workflows/time-to-k8s-public-chart.yml | 2 +- .github/workflows/time-to-k8s.yml | 2 +- .github/workflows/translations.yml | 2 +- .github/workflows/update-golang-version.yml | 2 +- .github/workflows/update-k8s-versions.yml | 2 +- Makefile | 2 +- hack/jenkins/common.sh | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a24f20a20c..c9c14c92dd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,7 +12,7 @@ on: - "!deploy/iso/**" env: GOPROXY: https://proxy.golang.org - GO_VERSION: '1.16.6' + GO_VERSION: '1.16.7' jobs: build_minikube: runs-on: ubuntu-18.04 diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 7ca895ee57..dc6e2dc393 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -6,7 +6,7 @@ on: - master env: GOPROXY: https://proxy.golang.org - GO_VERSION: '1.16.6' + GO_VERSION: '1.16.7' jobs: generate-docs: runs-on: ubuntu-18.04 diff --git a/.github/workflows/leaderboard.yml b/.github/workflows/leaderboard.yml index deee9681cc..38c118625f 100644 --- a/.github/workflows/leaderboard.yml +++ b/.github/workflows/leaderboard.yml @@ -7,7 +7,7 @@ on: release: types: [published] env: - GO_VERSION: '1.16.6' + GO_VERSION: '1.16.7' jobs: update-leaderboard: runs-on: ubuntu-latest diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 6dddc2eea1..d735338d83 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -14,7 +14,7 @@ on: - "!deploy/iso/**" env: GOPROXY: https://proxy.golang.org - GO_VERSION: '1.16.6' + GO_VERSION: '1.16.7' jobs: # Runs before all other jobs # builds the minikube binaries diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index ad8b8cd1c7..1b1c36b173 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -12,7 +12,7 @@ on: - "!deploy/iso/**" env: GOPROXY: https://proxy.golang.org - GO_VERSION: '1.16.6' + GO_VERSION: '1.16.7' jobs: # Runs before all other jobs # builds the minikube binaries diff --git a/.github/workflows/pr_verified.yaml b/.github/workflows/pr_verified.yaml index 40692f470e..46f69ae0e7 100644 --- a/.github/workflows/pr_verified.yaml +++ b/.github/workflows/pr_verified.yaml @@ -21,7 +21,7 @@ on: - deleted env: GOPROXY: https://proxy.golang.org - GO_VERSION: '1.16.6' + GO_VERSION: '1.16.7' jobs: # Runs before all other jobs diff --git a/.github/workflows/time-to-k8s-public-chart.yml b/.github/workflows/time-to-k8s-public-chart.yml index f1521149fb..a41de2aa06 100644 --- a/.github/workflows/time-to-k8s-public-chart.yml +++ b/.github/workflows/time-to-k8s-public-chart.yml @@ -6,7 +6,7 @@ on: - cron: "0 2,14 * * *" env: GOPROXY: https://proxy.golang.org - GO_VERSION: '1.16.6' + GO_VERSION: '1.16.7' jobs: time-to-k8s-public-chart: runs-on: ubuntu-latest diff --git a/.github/workflows/time-to-k8s.yml b/.github/workflows/time-to-k8s.yml index ae2deee431..791b2a19c9 100644 --- a/.github/workflows/time-to-k8s.yml +++ b/.github/workflows/time-to-k8s.yml @@ -5,7 +5,7 @@ on: types: [released] env: GOPROXY: https://proxy.golang.org - GO_VERSION: '1.16.6' + GO_VERSION: '1.16.7' jobs: benchmark: runs-on: ubuntu-20.04 diff --git a/.github/workflows/translations.yml b/.github/workflows/translations.yml index 9b82733ab7..98605138e6 100644 --- a/.github/workflows/translations.yml +++ b/.github/workflows/translations.yml @@ -6,7 +6,7 @@ on: - "translations/**" env: GOPROXY: https://proxy.golang.org - GO_VERSION: '1.16.6' + GO_VERSION: '1.16.7' jobs: unit_test: runs-on: ubuntu-20.04 diff --git a/.github/workflows/update-golang-version.yml b/.github/workflows/update-golang-version.yml index 7d7c50bb71..b4cf4cd549 100644 --- a/.github/workflows/update-golang-version.yml +++ b/.github/workflows/update-golang-version.yml @@ -6,7 +6,7 @@ on: - cron: "0 9 * * 1" env: GOPROXY: https://proxy.golang.org - GO_VERSION: '1.16.6' + GO_VERSION: '1.16.7' jobs: bump-k8s-versions: runs-on: ubuntu-latest diff --git a/.github/workflows/update-k8s-versions.yml b/.github/workflows/update-k8s-versions.yml index a8310e17fa..97b4a6043e 100644 --- a/.github/workflows/update-k8s-versions.yml +++ b/.github/workflows/update-k8s-versions.yml @@ -6,7 +6,7 @@ on: - cron: "0 8 * * 1" env: GOPROXY: https://proxy.golang.org - GO_VERSION: '1.16.6' + GO_VERSION: '1.16.7' jobs: bump-k8s-versions: runs-on: ubuntu-20.04 diff --git a/Makefile b/Makefile index ac835771e2..50c60c69ba 100644 --- a/Makefile +++ b/Makefile @@ -32,7 +32,7 @@ RPM_VERSION ?= $(DEB_VERSION) RPM_REVISION ?= 0 # used by hack/jenkins/release_build_and_upload.sh and KVM_BUILD_IMAGE, see also BUILD_IMAGE below -GO_VERSION ?= 1.16.6 +GO_VERSION ?= 1.16.7 # replace "x.y.0" => "x.y". kube-cross and golang.org/dl use different formats for x.y.0 go versions KVM_GO_VERSION ?= $(GO_VERSION:.0=) diff --git a/hack/jenkins/common.sh b/hack/jenkins/common.sh index b76cb638e1..2c795da101 100755 --- a/hack/jenkins/common.sh +++ b/hack/jenkins/common.sh @@ -91,7 +91,7 @@ else fi # installing golang so we could do go get for gopogh -./installers/check_install_golang.sh "1.16.6" "/usr/local" || true +./installers/check_install_golang.sh "1.16.7" "/usr/local" || true # install docker and kubectl if not present sudo ARCH="$ARCH" ./installers/check_install_docker.sh || true From 9ea203bb2af8e223a8aaf7b8482da5988b466b9d Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Mon, 9 Aug 2021 10:22:30 -0700 Subject: [PATCH 070/205] Make date range be relative to the current date rather than based on when tests ran. --- .../test-flake-chart/compute_flake_rate.go | 47 ++++--------------- .../compute_flake_rate_test.go | 34 ++++++-------- 2 files changed, 23 insertions(+), 58 deletions(-) diff --git a/hack/jenkins/test-flake-chart/compute_flake_rate.go b/hack/jenkins/test-flake-chart/compute_flake_rate.go index 94470af80a..3b1f090401 100644 --- a/hack/jenkins/test-flake-chart/compute_flake_rate.go +++ b/hack/jenkins/test-flake-chart/compute_flake_rate.go @@ -23,7 +23,6 @@ import ( "io" "os" "runtime/debug" - "sort" "strconv" "strings" "time" @@ -31,7 +30,7 @@ import ( var ( dataCsv = flag.String("data-csv", "", "Source data to compute flake rates on") - dateRange = flag.Uint("date-range", 5, "Number of test dates to consider when computing flake rate") + dateRange = flag.Uint("date-range", 5, "Number of days prior to today to compute flake rate for") ) func main() { @@ -42,9 +41,11 @@ func main() { exit("Unable to read data CSV", err) } + dateCutoff := time.Now().AddDate(0, 0, -int(*dateRange)) + testEntries := readData(file) splitEntries := splitData(testEntries) - filteredEntries := filterRecentEntries(splitEntries, *dateRange) + filteredEntries := filterRecentEntries(splitEntries, dateCutoff) flakeRates := computeFlakeRates(filteredEntries) averageDurations := computeAverageDurations(filteredEntries) fmt.Println("Environment,Test,Flake Rate,Duration") @@ -162,48 +163,16 @@ func appendEntry(splitEntries splitEntryMap, environment, test string, entry tes environmentSplit[test] = append(testSplit, entry) } -// Filters `splitEntries` to include only the most recent `date_range` dates. -func filterRecentEntries(splitEntries splitEntryMap, dateRange uint) splitEntryMap { +// Filters `splitEntries` to include only entries after `dateCutoff`. +func filterRecentEntries(splitEntries splitEntryMap, dateCutoff time.Time) splitEntryMap { filteredEntries := make(splitEntryMap) for environment, environmentSplit := range splitEntries { for test, testSplit := range environmentSplit { - dates := make([]time.Time, len(testSplit)) for _, entry := range testSplit { - dates = append(dates, entry.date) - } - // Sort dates from future to past. - sort.Slice(dates, func(i, j int) bool { - return dates[j].Before(dates[i]) - }) - datesInRange := make([]time.Time, 0, dateRange) - var lastDate time.Time - // Go through each date. - for _, date := range dates { - // If date is the same as last date, ignore it. - if date.Equal(lastDate) { - continue + if !entry.date.Before(dateCutoff) { + appendEntry(filteredEntries, environment, test, entry) } - - // Add the date. - datesInRange = append(datesInRange, date) - lastDate = date - // If the date_range has been hit, break out. - if uint(len(datesInRange)) == dateRange { - break - } - } - - for _, entry := range testSplit { - // Look for the first element <= entry.date - index := sort.Search(len(datesInRange), func(i int) bool { - return !datesInRange[i].After(entry.date) - }) - // If no date is <= entry.date, or the found date does not equal entry.date. - if index == len(datesInRange) || !datesInRange[index].Equal(entry.date) { - continue - } - appendEntry(filteredEntries, environment, test, entry) } } } diff --git a/hack/jenkins/test-flake-chart/compute_flake_rate_test.go b/hack/jenkins/test-flake-chart/compute_flake_rate_test.go index d4013c0885..3cb44f1049 100644 --- a/hack/jenkins/test-flake-chart/compute_flake_rate_test.go +++ b/hack/jenkins/test-flake-chart/compute_flake_rate_test.go @@ -51,12 +51,12 @@ func compareEntrySlices(t *testing.T, actualData, expectedData []testEntry, extr func TestReadData(t *testing.T) { actualData := readData(strings.NewReader( - `A,B,C,D,E,F - hash,2000-01-01,env1,test1,Passed,1 - hash,2001-01-01,env2,test2,Failed,0.5 - hash,,,test1,,0.6 - hash,2002-01-01,,,Passed,0.9 - hash,2003-01-01,env3,test3,Passed,2`, + `A,B,C,D,E,F,G,H,I + hash,2000-01-01,env1,test1,Passed,1,1,1,1 + hash,2001-01-01,env2,test2,Failed,0.5,,, + hash,,,test1,,0.6,,, + hash,2002-01-01,,,Passed,0.9,,, + hash,2003-01-01,env3,test3,Passed,2,,,`, )) expectedData := []testEntry{ { @@ -179,7 +179,7 @@ func TestSplitData(t *testing.T) { } func TestFilterRecentEntries(t *testing.T) { - entryE1T1R1, entryE1T1R2, entryE1T1R3, entryE1T1O1, entryE1T1O2 := testEntry{ + entryE1T1O1, entryE1T1O2, entryE1T1O3, entryE1T1O4, entryE1T1O5 := testEntry{ name: "test1", environment: "env1", date: simpleDate(2000, 4), @@ -221,7 +221,7 @@ func TestFilterRecentEntries(t *testing.T) { date: simpleDate(2001, 1), status: "Passed", } - entryE2T2R1, entryE2T2R2, entryE2T2O1 := testEntry{ + entryE2T2R1, entryE2T2R2, entryE2T2R3 := testEntry{ name: "test2", environment: "env2", date: simpleDate(2003, 3), @@ -241,34 +241,29 @@ func TestFilterRecentEntries(t *testing.T) { actualData := filterRecentEntries(splitEntryMap{ "env1": { "test1": { - entryE1T1R1, - entryE1T1R2, - entryE1T1R3, entryE1T1O1, entryE1T1O2, + entryE1T1O3, + entryE1T1O4, + entryE1T1O5, }, "test2": { + entryE1T2O1, entryE1T2R1, entryE1T2R2, - entryE1T2O1, }, }, "env2": { "test2": { entryE2T2R1, entryE2T2R2, - entryE2T2O1, + entryE2T2R3, }, }, - }, 2) + }, simpleDate(2001, 2)) expectedData := splitEntryMap{ "env1": { - "test1": { - entryE1T1R1, - entryE1T1R2, - entryE1T1R3, - }, "test2": { entryE1T2R1, entryE1T2R2, @@ -278,6 +273,7 @@ func TestFilterRecentEntries(t *testing.T) { "test2": { entryE2T2R1, entryE2T2R2, + entryE2T2R3, }, }, } From 51117f93ba632e750dfacbd20879420b9d3909c4 Mon Sep 17 00:00:00 2001 From: Steven Powell Date: Mon, 9 Aug 2021 10:52:53 -0700 Subject: [PATCH 071/205] fixed test --- test/integration/functional_test.go | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/test/integration/functional_test.go b/test/integration/functional_test.go index b06f797077..91ec1e1ea1 100644 --- a/test/integration/functional_test.go +++ b/test/integration/functional_test.go @@ -281,15 +281,9 @@ func validateLoadImageFromFile(ctx context.Context, t *testing.T, profile string t.Fatalf("failed to setup test (pull image): %v\n%s", err, rr.Output()) } - newImage := fmt.Sprintf("docker.io/library/busybox:load-from-file-%s", profile) - rr, err = Run(t, exec.CommandContext(ctx, "docker", "tag", busyboxImage, newImage)) - if err != nil { - t.Fatalf("failed to setup test (tag image) : %v\n%s", err, rr.Output()) - } - // save image to file - imageFile := "busybox.tar.gz" - rr, err = Run(t, exec.CommandContext(ctx, "docker", "save", newImage, "|", "gzip", ">", imageFile)) + imageFile := "busybox.tar" + rr, err = Run(t, exec.CommandContext(ctx, "docker", "save", "-o", imageFile, busyboxImage)) if err != nil { t.Fatalf("failed to save image to file: %v\n%s", err, rr.Output()) } @@ -306,12 +300,12 @@ func validateLoadImageFromFile(ctx context.Context, t *testing.T, profile string } // make sure the image was correctly loaded - rr, err = inspectImage(ctx, t, profile, newImage) + rr, err = listImages(ctx, t, profile) if err != nil { t.Fatalf("listing images: %v\n%s", err, rr.Output()) } - if !strings.Contains(rr.Output(), fmt.Sprintf("busybox:load-from-file-%s", profile)) { - t.Fatalf("expected %s to be loaded into minikube but the image is not there", newImage) + if !strings.Contains(rr.Output(), busyboxImage) { + t.Fatalf("expected %s to be loaded into minikube but the image is not there", busyboxImage) } } From 8f4ebba570fd16aafbe0c75df16d2aece6989db2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Aug 2021 18:24:46 +0000 Subject: [PATCH 072/205] Bump k8s.io/apimachinery from 0.21.3 to 0.22.0 Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.21.3 to 0.22.0. - [Release notes](https://github.com/kubernetes/apimachinery/releases) - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.21.3...v0.22.0) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index e40ce63790..4b7696cbf5 100644 --- a/go.mod +++ b/go.mod @@ -91,7 +91,7 @@ require ( gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 // indirect gopkg.in/yaml.v2 v2.4.0 k8s.io/api v0.21.3 - k8s.io/apimachinery v0.21.3 + k8s.io/apimachinery v0.22.0 k8s.io/client-go v0.21.3 k8s.io/klog/v2 v2.10.0 k8s.io/kubectl v0.21.3 From 4c722d02ead49f36884fd686991e0b052b9f0da9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Aug 2021 19:34:17 +0000 Subject: [PATCH 073/205] Bump k8s.io/kubectl from 0.21.3 to 0.22.0 Bumps [k8s.io/kubectl](https://github.com/kubernetes/kubectl) from 0.21.3 to 0.22.0. - [Release notes](https://github.com/kubernetes/kubectl/releases) - [Commits](https://github.com/kubernetes/kubectl/compare/v0.21.3...v0.22.0) --- updated-dependencies: - dependency-name: k8s.io/kubectl dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 883041d491..743cbfe97d 100644 --- a/go.mod +++ b/go.mod @@ -95,7 +95,7 @@ require ( k8s.io/apimachinery v0.22.0 k8s.io/client-go v0.21.3 k8s.io/klog/v2 v2.10.0 - k8s.io/kubectl v0.21.3 + k8s.io/kubectl v0.22.0 k8s.io/kubernetes v1.21.3 sigs.k8s.io/sig-storage-lib-external-provisioner/v6 v6.3.0 ) From 4ffd0de205e883af868d98d36584ec3f9a8fb8a5 Mon Sep 17 00:00:00 2001 From: Steven Powell Date: Mon, 9 Aug 2021 13:41:44 -0700 Subject: [PATCH 074/205] fix test --- test/integration/functional_test.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/test/integration/functional_test.go b/test/integration/functional_test.go index 91ec1e1ea1..10bee2cbbf 100644 --- a/test/integration/functional_test.go +++ b/test/integration/functional_test.go @@ -281,9 +281,16 @@ func validateLoadImageFromFile(ctx context.Context, t *testing.T, profile string t.Fatalf("failed to setup test (pull image): %v\n%s", err, rr.Output()) } + tag := fmt.Sprintf("load-from-file-%s", profile) + taggedImage := fmt.Sprintf("docker.io/library/busybox:%s", tag) + rr, err = Run(t, exec.CommandContext(ctx, "docker", "tag", busyboxImage, taggedImage)) + if err != nil { + t.Fatalf("failed to setup test (tag image) : %v\n%s", err, rr.Output()) + } + // save image to file imageFile := "busybox.tar" - rr, err = Run(t, exec.CommandContext(ctx, "docker", "save", "-o", imageFile, busyboxImage)) + rr, err = Run(t, exec.CommandContext(ctx, "docker", "save", "-o", imageFile, taggedImage)) if err != nil { t.Fatalf("failed to save image to file: %v\n%s", err, rr.Output()) } @@ -304,8 +311,8 @@ func validateLoadImageFromFile(ctx context.Context, t *testing.T, profile string if err != nil { t.Fatalf("listing images: %v\n%s", err, rr.Output()) } - if !strings.Contains(rr.Output(), busyboxImage) { - t.Fatalf("expected %s to be loaded into minikube but the image is not there", busyboxImage) + if !strings.Contains(rr.Output(), tag) { + t.Fatalf("expected %s to be loaded into minikube but the image is not there", taggedImage) } } From c85594c9bf36a03241e041e4d4c23fd4665cfb5d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Aug 2021 20:52:56 +0000 Subject: [PATCH 075/205] Bump k8s.io/api from 0.21.3 to 0.22.0 Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.21.3 to 0.22.0. - [Release notes](https://github.com/kubernetes/api/releases) - [Commits](https://github.com/kubernetes/api/compare/v0.21.3...v0.22.0) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 743cbfe97d..7b8070c2db 100644 --- a/go.mod +++ b/go.mod @@ -91,7 +91,7 @@ require ( google.golang.org/api v0.52.0 gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 // indirect gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.21.3 + k8s.io/api v0.22.0 k8s.io/apimachinery v0.22.0 k8s.io/client-go v0.21.3 k8s.io/klog/v2 v2.10.0 From bdf25baac80dd6a62965d422c307d9fd74e308ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Aug 2021 20:55:54 +0000 Subject: [PATCH 076/205] Bump github.com/hashicorp/go-getter from 1.5.6 to 1.5.7 Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.5.6 to 1.5.7. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](https://github.com/hashicorp/go-getter/compare/v1.5.6...v1.5.7) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 5 +++-- go.sum | 6 ++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 4b7696cbf5..bc7f1e5fd1 100644 --- a/go.mod +++ b/go.mod @@ -6,6 +6,7 @@ require ( cloud.google.com/go/storage v1.15.0 contrib.go.opencensus.io/exporter/stackdriver v0.12.1 github.com/Delta456/box-cli-maker/v2 v2.2.1 + github.com/GoogleCloudPlatform/docker-credential-gcr v0.0.0-20210713212222-faed5e8b8ca2 github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v0.16.0 github.com/Microsoft/hcsshim v0.8.17 // indirect github.com/Parallels/docker-machine-parallels/v2 v2.0.1 @@ -30,7 +31,7 @@ require ( github.com/google/slowjam v1.0.0 github.com/google/uuid v1.3.0 github.com/gookit/color v1.4.2 // indirect - github.com/hashicorp/go-getter v1.5.6 + github.com/hashicorp/go-getter v1.5.7 github.com/hashicorp/go-retryablehttp v0.7.0 github.com/hectane/go-acl v0.0.0-20190604041725-da78bae5fc95 // indirect github.com/hooklift/assert v0.0.0-20170704181755-9d1defd6d214 // indirect @@ -94,7 +95,7 @@ require ( k8s.io/apimachinery v0.22.0 k8s.io/client-go v0.21.3 k8s.io/klog/v2 v2.10.0 - k8s.io/kubectl v0.21.3 + k8s.io/kubectl v0.22.0 k8s.io/kubernetes v1.21.3 sigs.k8s.io/sig-storage-lib-external-provisioner/v6 v6.3.0 ) diff --git a/go.sum b/go.sum index 1c6928048a..51c276c046 100644 --- a/go.sum +++ b/go.sum @@ -70,6 +70,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Delta456/box-cli-maker/v2 v2.2.1 h1:uTcuvT6Ty+LBHuRUdFrJBpqP9RhtLxI5+5ZpKYAUuVw= github.com/Delta456/box-cli-maker/v2 v2.2.1/go.mod h1:R7jxZHK2wGBR2Luz/Vgi8jP5fz1ljUXgu2o2JQNmvFU= +github.com/GoogleCloudPlatform/docker-credential-gcr v0.0.0-20210713212222-faed5e8b8ca2 h1:rMamBsR6iCT9Y5m2Il6vFGJvY7FAgck4AoA/LobheKU= +github.com/GoogleCloudPlatform/docker-credential-gcr v0.0.0-20210713212222-faed5e8b8ca2/go.mod h1:BB1eHdMLYEFuFdBlRMb0N7YGVdM5s6Pt0njxgvfbGGs= github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20200415212048-7901bc822317/go.mod h1:DF8FZRxMHMGv/vP2lQP6h+dYzzjpuRn24VeRiYn3qjQ= github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v0.16.0 h1:ljU7eS7Fe0eGWEJxhoIjGANPEhx2f5PKTbDjvT61Kwk= github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v0.16.0/go.mod h1:TLDTgf8D4fD8Y1DizdJKtfIjkHJZU1J+mieFB1qS5T8= @@ -619,8 +621,8 @@ github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brv github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-getter v1.5.6 h1:G3YZUoFzwAqDS3dSQKwfVfxM1f/wxrM5LdRP9Sne8z0= -github.com/hashicorp/go-getter v1.5.6/go.mod h1:BrrV/1clo8cCYu6mxvboYg+KutTiFnXjMEgDD8+i7ZI= +github.com/hashicorp/go-getter v1.5.7 h1:HBLsom8eGHLxj78ta+/MVSyct8KWG4B4z6lhBA4vJcg= +github.com/hashicorp/go-getter v1.5.7/go.mod h1:BrrV/1clo8cCYu6mxvboYg+KutTiFnXjMEgDD8+i7ZI= github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= From 790d2f1aab8b4d76a0b2f1582c4deea2f8f9e2a8 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Mon, 9 Aug 2021 11:58:37 -0700 Subject: [PATCH 077/205] Refactor report_flakes.sh to make it easier to read. --- .../jenkins/test-flake-chart/report_flakes.sh | 22 ++++++++++++------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/hack/jenkins/test-flake-chart/report_flakes.sh b/hack/jenkins/test-flake-chart/report_flakes.sh index c901bf1f3e..2cb80b5476 100755 --- a/hack/jenkins/test-flake-chart/report_flakes.sh +++ b/hack/jenkins/test-flake-chart/report_flakes.sh @@ -42,11 +42,15 @@ TMP_DATA=$(mktemp) # 5) Filter tests to only include failed tests (and only get their names and environment). # 6) Sort by environment, then test name. # 7) Store in file $TMP_DATA. -< "${ENVIRONMENT_LIST}" sed -r "s|^|gs://minikube-builds/logs/${PR_NUMBER}/${ROOT_JOB}/|; s|$|_summary.json|" \ +sed -r "s|^|gs://minikube-builds/logs/${PR_NUMBER}/${ROOT_JOB}/|; s|$|_summary.json|" "${ENVIRONMENT_LIST}" \ | (xargs gsutil ls || true) \ | xargs gsutil cat \ | "$DIR/process_data.sh" \ - | sed -n -r -e "s|[0-9a-f]*,[0-9-]*,([a-zA-Z/_0-9-]*),([a-zA-Z/_0-9-]*),Failed,[.0-9]*,[a-zA-Z/_0-9-]*,[0-9]*,[.0-9]*|\1:\2|p" \ + | awk -F, 'NR>1 { + if ($5 == "Failed") { + printf "%s:%s\n", $3, $4 + } + }' \ | sort \ > "$TMP_DATA" @@ -60,7 +64,9 @@ TMP_FAILED_RATES="$TMP_FLAKE_RATES\_filtered" # 3) Join the flake rates with the failing tests to only get flake rates of failing tests. # 4) Sort failed test flake rates based on the flakiness of that test - stable tests should be first on the list. # 5) Store in file $TMP_FAILED_RATES. -< "$TMP_FLAKE_RATES" sed -n -r -e "s|([a-zA-Z0-9_-]*),([a-zA-Z/0-9_-]*),([.0-9]*),[.0-9]*|\1:\2,\3|p" \ +awk -F, 'NR>1 { + printf "%s:%s,%s\n", $1, $2, $3 +}' "$TMP_FLAKE_RATES" \ | sort -t, -k1,1 \ | join -t , -j 1 "$TMP_DATA" - \ | sort -g -t, -k2,2 \ @@ -77,14 +83,14 @@ TMP_COMMENT=$(mktemp) printf "These are the flake rates of all failed tests.\n|Environment|Failed Tests|Flake Rate (%%)|\n|---|---|---|\n" > "$TMP_COMMENT" # Create variables to use for sed command. -ENV_CHART_LINK_FORMAT="https://storage.googleapis.com/minikube-flake-rate/flake_chart.html?env=\1" -TEST_CHART_LINK_FORMAT="${ENV_CHART_LINK_FORMAT}\&test=\2" -TEST_GOPOGH_LINK_FORMAT="https://storage.googleapis.com/minikube-builds/logs/${PR_NUMBER}/${ROOT_JOB}/\1.html#fail_\2" +ENV_CHART_LINK_FORMAT='https://storage.googleapis.com/minikube-flake-rate/flake_chart.html?env=%1$s' +TEST_CHART_LINK_FORMAT=${ENV_CHART_LINK_FORMAT}'&test=%2$s' +TEST_GOPOGH_LINK_FORMAT='https://storage.googleapis.com/minikube-builds/logs/'${PR_NUMBER}'/'${ROOT_JOB}'/%1$s.html#fail_%2$s' # 1) Get the first $MAX_REPORTED_TESTS lines. # 2) Print a row in the table with the environment, test name, flake rate, and a link to the flake chart for that test. # 3) Append these rows to file $TMP_COMMENT. -< "$TMP_FAILED_RATES" head -n $MAX_REPORTED_TESTS \ - | sed -n -r -e "s|([a-zA-Z\/0-9_-]*):([a-zA-Z\/0-9_-]*),([.0-9]*)|\|[\1](${ENV_CHART_LINK_FORMAT})\|\2 ([gopogh](${TEST_GOPOGH_LINK_FORMAT}))\|\3 ([chart](${TEST_CHART_LINK_FORMAT}))\||p" \ +head -n "$MAX_REPORTED_TESTS" "$TMP_FAILED_RATES" \ + | awk '-F[:,]' '{ printf "|[%1$s]('$ENV_CHART_LINK_FORMAT')|%2$s ([gopogh]('$TEST_GOPOGH_LINK_FORMAT'))|%3$s ([chart]('$TEST_CHART_LINK_FORMAT'))|\n", $1, $2, $3 }' \ >> "$TMP_COMMENT" # If there are too many failing tests, add an extra row explaining this, and a message after the table. From 7e14f877860f22ec58102a12c90c062dad35dd47 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Mon, 9 Aug 2021 14:09:09 -0700 Subject: [PATCH 078/205] Add reporting for tests with no flake rates computed. --- .../jenkins/test-flake-chart/report_flakes.sh | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/hack/jenkins/test-flake-chart/report_flakes.sh b/hack/jenkins/test-flake-chart/report_flakes.sh index 2cb80b5476..4391edb44f 100755 --- a/hack/jenkins/test-flake-chart/report_flakes.sh +++ b/hack/jenkins/test-flake-chart/report_flakes.sh @@ -58,19 +58,32 @@ sed -r "s|^|gs://minikube-builds/logs/${PR_NUMBER}/${ROOT_JOB}/|; s|$|_summary.j TMP_FLAKE_RATES=$(mktemp) gsutil cp gs://minikube-flake-rate/flake_rates.csv "$TMP_FLAKE_RATES" -TMP_FAILED_RATES="$TMP_FLAKE_RATES\_filtered" +TMP_FAILED_RATES=$(mktemp) +# 1) Parse the flake rates to only include the environment and test name. +# 2) Sort the environment+test names. +# 3) Get all lines in $TMP_DATA not present in $TMP_FLAKE_RATES. +# 4) Append column containing "n/a" to data. +# 4) Store in $TMP_FAILED_RATES +awk -F, 'NR>1 { + printf "%s:%s\n", $1, $2 +}' "$TMP_FLAKE_RATES" \ + | sort \ + | comm -13 - "$TMP_DATA" \ + | sed -r -e 's|$|,n/a|' \ + > "$TMP_FAILED_RATES" + # 1) Parse the flake rates to only include the environment, test name, and flake rates. # 2) Sort the flake rates based on environment+test name. # 3) Join the flake rates with the failing tests to only get flake rates of failing tests. # 4) Sort failed test flake rates based on the flakiness of that test - stable tests should be first on the list. -# 5) Store in file $TMP_FAILED_RATES. +# 5) Append to file $TMP_FAILED_RATES. awk -F, 'NR>1 { printf "%s:%s,%s\n", $1, $2, $3 }' "$TMP_FLAKE_RATES" \ | sort -t, -k1,1 \ | join -t , -j 1 "$TMP_DATA" - \ | sort -g -t, -k2,2 \ - > "$TMP_FAILED_RATES" + >> "$TMP_FAILED_RATES" FAILED_RATES_LINES=$(wc -l < "$TMP_FAILED_RATES") if [[ "$FAILED_RATES_LINES" -eq 0 ]]; then From 7bdb76deb63e27129ae866fe76e99b2bd0770376 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Mon, 9 Aug 2021 14:41:45 -0700 Subject: [PATCH 079/205] For missing flake rate, do not link to the charts. --- hack/jenkins/test-flake-chart/report_flakes.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/hack/jenkins/test-flake-chart/report_flakes.sh b/hack/jenkins/test-flake-chart/report_flakes.sh index 4391edb44f..e47a49a52e 100755 --- a/hack/jenkins/test-flake-chart/report_flakes.sh +++ b/hack/jenkins/test-flake-chart/report_flakes.sh @@ -103,7 +103,14 @@ TEST_GOPOGH_LINK_FORMAT='https://storage.googleapis.com/minikube-builds/logs/'${ # 2) Print a row in the table with the environment, test name, flake rate, and a link to the flake chart for that test. # 3) Append these rows to file $TMP_COMMENT. head -n "$MAX_REPORTED_TESTS" "$TMP_FAILED_RATES" \ - | awk '-F[:,]' '{ printf "|[%1$s]('$ENV_CHART_LINK_FORMAT')|%2$s ([gopogh]('$TEST_GOPOGH_LINK_FORMAT'))|%3$s ([chart]('$TEST_CHART_LINK_FORMAT'))|\n", $1, $2, $3 }' \ + | awk '-F[:,]' '{ + if ($3 != "n/a") { + rate_text = sprintf("%3$s ([chart]('$TEST_CHART_LINK_FORMAT'))", $1, $2, $3) + } else { + rate_text = $3 + } + printf "|[%1$s]('$ENV_CHART_LINK_FORMAT')|%2$s ([gopogh]('$TEST_GOPOGH_LINK_FORMAT'))|%3$s|\n", $1, $2, rate_text + }' \ >> "$TMP_COMMENT" # If there are too many failing tests, add an extra row explaining this, and a message after the table. From 2c23bbefb86b08ccbc9ff204b18f1bc1f7d5c06b Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Mon, 9 Aug 2021 22:17:18 +0000 Subject: [PATCH 080/205] Update auto-generated docs and translations --- site/content/en/docs/contrib/tests.en.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/site/content/en/docs/contrib/tests.en.md b/site/content/en/docs/contrib/tests.en.md index c80d597181..f3c3efe625 100644 --- a/site/content/en/docs/contrib/tests.en.md +++ b/site/content/en/docs/contrib/tests.en.md @@ -78,6 +78,9 @@ checks if minikube cluster is created with correct kubernetes's node label #### validateLoadImage makes sure that `minikube image load` works as expected +#### validateLoadImageFromFile +makes sure that `minikube image load` works from a local file + #### validateRemoveImage makes sures that `minikube image rm` works as expected From b1dcba955ca71b9bc4ebb0592ea877796ca6dde0 Mon Sep 17 00:00:00 2001 From: Steven Powell Date: Mon, 9 Aug 2021 15:45:21 -0700 Subject: [PATCH 081/205] ping `releases.json` file if `WantUpdateNotification` is false --- pkg/minikube/notify/notify.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/minikube/notify/notify.go b/pkg/minikube/notify/notify.go index c993714814..4e1a77569d 100644 --- a/pkg/minikube/notify/notify.go +++ b/pkg/minikube/notify/notify.go @@ -48,14 +48,14 @@ func MaybePrintUpdateTextFromGithub() { } func maybePrintUpdateText(latestReleasesURL string, betaReleasesURL string, lastUpdatePath string) { - if !shouldCheckURLVersion(lastUpdatePath) { - return - } latestVersion, err := latestVersionFromURL(latestReleasesURL) if err != nil { klog.Warning(err) return } + if !shouldCheckURLVersion(lastUpdatePath) { + return + } localVersion, err := version.GetSemverVersion() if err != nil { klog.Warning(err) From 4f8b628f4945d429febf9c463323241e1d54eb91 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Mon, 9 Aug 2021 16:22:46 -0700 Subject: [PATCH 082/205] display the URL to the logs on failed kicbase/iso builds --- hack/jenkins/build_iso.sh | 5 +---- hack/jenkins/kicbase_auto_build.sh | 7 ++----- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/hack/jenkins/build_iso.sh b/hack/jenkins/build_iso.sh index c796ba61c4..2411aec719 100755 --- a/hack/jenkins/build_iso.sh +++ b/hack/jenkins/build_iso.sh @@ -46,10 +46,7 @@ ec=$? if [ $ec -gt 0 ]; then if [ "$release" = false ]; then gh pr comment ${ghprbPullId} --body "Hi ${ghprbPullAuthorLoginMention}, building a new ISO failed. - See the logs at: - ``` - https://storage.cloud.google.com/minikube-builds/logs/${ghprbPullId}/iso-${BUILD_NUMBER}/iso_build.txt - ``` + See the logs at: https://storage.cloud.google.com/minikube-builds/logs/${ghprbPullId}/iso-${BUILD_NUMBER}/iso_build.txt " fi exit $ec diff --git a/hack/jenkins/kicbase_auto_build.sh b/hack/jenkins/kicbase_auto_build.sh index 2bbc2777bb..e73d86ac2b 100755 --- a/hack/jenkins/kicbase_auto_build.sh +++ b/hack/jenkins/kicbase_auto_build.sh @@ -68,10 +68,7 @@ ec=$? if [ $ec -gt 0 ]; then if [ "$release" = false ]; then gh pr comment ${ghprbPullId} --body "Hi ${ghprbPullAuthorLoginMention}, building a new kicbase image failed. - See the logs at: - ``` - https://storage.cloud.google.com/minikube-builds/logs/${ghprbPullId}/kicbase-${BUILD_NUMBER}/kic_image_build.txt - ``` + See the logs at: https://storage.cloud.google.com/minikube-builds/logs/${ghprbPullId}/kicbase-${BUILD_NUMBER}/kic_image_build.txt " fi exit $ec @@ -101,7 +98,7 @@ if [ "$release" = false ]; then if [ $? -gt 0 ]; then message="Hi ${ghprbPullAuthorLoginMention}, we failed to push the reference to the kicbase to your PR. Please run the following command and push manually. - sed -i 's|Version = .*|Version = \"${KIC_VERSION}\"|;s|baseImageSHA = .*|baseImageSHA = \"${sha}\"|;s|gcrRepo = .*|gcrRepo = \"${GCR_REPO}\"|;s|dockerhubRepo = .*|dockerhubRepo = \"${DH_REPO}\"|' pkg/drivers/kic/types.go; make generate-docs; + sed -i 's|Version = .*|Version = \"${KIC_VERSION}\"|;s|baseImageSHA = .*|baseImageSHA = \"${sha}\"|;s|gcrRepo = .*|gcrRepo = \"${GCR_REPO}\"|;s|dockerhubRepo = .*|dockerhubRepo = \"${DH_REPO}\"|' pkg/drivers/kic/types.go " fi From 45a0ff9335b89f4bf512a5c2999ff047703f042a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Aug 2021 23:23:34 +0000 Subject: [PATCH 083/205] Bump k8s.io/client-go from 0.21.3 to 0.22.0 Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.21.3 to 0.22.0. - [Release notes](https://github.com/kubernetes/client-go/releases) - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.21.3...v0.22.0) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 400663d3f5..45356abb6d 100644 --- a/go.mod +++ b/go.mod @@ -93,7 +93,7 @@ require ( gopkg.in/yaml.v2 v2.4.0 k8s.io/api v0.22.0 k8s.io/apimachinery v0.22.0 - k8s.io/client-go v0.21.3 + k8s.io/client-go v0.22.0 k8s.io/klog/v2 v2.10.0 k8s.io/kubectl v0.22.0 k8s.io/kubernetes v1.21.3 From b252738824b082328b02153f10ff3966d90e5a74 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Fri, 6 Aug 2021 13:07:20 -0700 Subject: [PATCH 084/205] Use gh and flake rates csv to manage issues for flake rates. --- .../test-flake-chart/compute_flake_rate.sh | 141 ++++++++++++++++++ 1 file changed, 141 insertions(+) diff --git a/hack/jenkins/test-flake-chart/compute_flake_rate.sh b/hack/jenkins/test-flake-chart/compute_flake_rate.sh index 99be706449..5bb557f54c 100644 --- a/hack/jenkins/test-flake-chart/compute_flake_rate.sh +++ b/hack/jenkins/test-flake-chart/compute_flake_rate.sh @@ -31,3 +31,144 @@ gsutil cp gs://minikube-flake-rate/data.csv "${DATA_CSV}" go run "${DIR}/compute_flake_rate.go" --data-csv="${DATA_CSV}" --date-range=15 > "${FLAKE_RATES_CSV}" # Upload flake rates. gsutil cp "${FLAKE_RATES_CSV}" gs://minikube-flake-rate/flake_rates.csv + +# Threshold to open issues at (either creation or re-opening) +OPEN_ISSUE_THRESHOLD=80 +# Threshold to close existing issues at +CLOSE_ISSUE_THRESHOLD=20 + +# Get a list of issues from Github and extract only those that look like flake issues. +# Sort by test name for later usage. +EXISTING_ISSUES_LIST=$(mktemp) +gh issue list -L 10000 -s all -A "minikube-bot" -l kind/failing-test \ + | awk '-F\t' 'BEGIN { OFS="," } { + where = match($3, /^Frequent test failures of `([a-zA-Z0-9.\/_-]*)`$/, captures) + if (where != 0) { + print $1, $2, captures[1] + } + }' \ + | sort -t , -k 3,3 \ + > "${EXISTING_ISSUES_LIST}" + +# Get a list of only the tests for each issue. +EXISTING_ISSUES_TESTS_ONLY=$(mktemp) +awk -F, '{ print $3 }' "${EXISTING_ISSUES_LIST}" \ + > "${EXISTING_ISSUES_TESTS_ONLY}" + +# Get a list of all tests present in the flake rate CSV. +FLAKES_TESTS_ONLY=$(mktemp) +awk -F, 'NR>1 { + print $2 +}' "${FLAKE_RATES_CSV}" \ + | sort \ + | uniq \ + > "${FLAKES_TESTS_ONLY}" + +# 1) Get only entries above the close threshold +# 2) Sort by the test name +# 3) Ensure the list is unique +# 4) Store in $MID_FLAKES_DATA +MID_FLAKES_DATA=$(mktemp) +awk -F, 'BEGIN { OFS="," } NR>1 { + if ($3 >= '${CLOSE_ISSUE_THRESHOLD}') { + print $1, $2, $3 + } + }' "${FLAKE_RATES_CSV}" \ + | sort -t , -k 2,2\ + | uniq \ + > "${MID_FLAKES_DATA}" + +# 1) Get only the test names from the $MID_FLAKES_DATA +# 2) Ensure the list is unique +# 3) Get only tests not present in the $MID_FLAKES_DATA +CLOSE_ISSUES_LIST=$(mktemp) +awk -F, '{ print $2 }' "${MID_FLAKES_DATA}" \ + | uniq \ + | comm -13 - "${FLAKES_TESTS_ONLY}" \ + > "${CLOSE_ISSUES_LIST}" + +# Get test names of issues that are not present in the flake rate CSV and append +# to the close-issues list. +awk -F, 'NR>1 { print $2 }' "${FLAKE_RATES_CSV}" \ + | sort \ + | uniq \ + | comm -13 - "${EXISTING_ISSUES_TESTS_ONLY}" \ + >> "${CLOSE_ISSUES_LIST}" + +# 1) Sort the close-issues list +# 2) Ensure the list is unique +# 3) Filter the existing issues to only include issues we intend to close +# 4) Extract only the issue number +# 5) Close the issue +sort "${CLOSE_ISSUES_LIST}" \ + | uniq \ + | join -t , -1 1 -2 3 - "${EXISTING_ISSUES_LIST}" \ + | awk -F, '{ if ($3 == "OPEN") { print $2 } }' \ + | xargs -I % gh issue close % + +# Filter the $MID_FLAKES_DATA for tests that surpass the $OPEN_ISSUE_THRESHOLD. +# Also, only return the test name +OPEN_ISSUES_LIST=$(mktemp) +awk -F, '{ + if ($3 >= '${OPEN_ISSUE_THRESHOLD}') { + print $2 + } + }' "${MID_FLAKES_DATA}" \ + | uniq \ + > "${OPEN_ISSUES_LIST}" + +# 1) Get existing issues that we want to be open +# 2) Filter for only closed issues, and get just the issue number +# 3) Reopen the issue +join -t , -1 1 -2 3 "${OPEN_ISSUES_LIST}" "${EXISTING_ISSUES_LIST}" \ + | awk -F, '{ + if ($3 == "CLOSED") { + print $2 + } + }' \ + | xargs -I % gh issue reopen % + +# 1) Get only tests without an existing issue +# 2) For each test, create an issue for it and format into a row for $EXISTING_ISSUES_LIST +# 3) Append to $EXISTING_ISSUES_LIST +comm -13 "${EXISTING_ISSUES_TESTS_ONLY}" "${OPEN_ISSUES_LIST}" \ + | xargs -I % sh -c \ + 'gh issue create -b "Will be filled in with details" -l kind/failing-test -t "Frequent test failures of \`%\`" \ + | sed -n -r "s~^https://github.com/kubernetes/minikube/issues/([0-9]*)$~\1,OPEN,%~p"' \ + >> "${EXISTING_ISSUES_LIST}" + +# Re-sort $EXISTING_ISSUES_LIST to account for any newly created issues. +sort -t , -k 3,3 "${EXISTING_ISSUES_LIST}" -o "${EXISTING_ISSUES_LIST}" + +# Join the existing issues with those that we wish to report. +# Only take the test name and issue number. +MID_FLAKES_ISSUES=$(mktemp) +join -t , -1 2 -2 3 "${MID_FLAKES_DATA}" "${EXISTING_ISSUES_LIST}" \ + | awk -F, 'BEGIN { OFS="," } { print $1, $4 }' \ + | uniq \ + > "${MID_FLAKES_ISSUES}" + +# Go through each high-flake issue. +ISSUE_BODY_TMP=$(mktemp) +for ROW in $(cat ${MID_FLAKES_ISSUES}); do + # Parse the row into its test name and issue number. + IFS=','; ROW_ENTRIES=($ROW); unset IFS + TEST_NAME=${ROW_ENTRIES[0]} + ISSUE_NUMBER=${ROW_ENTRIES[1]} + + # Clear $ISSUE_BODY_TMP and fill with the standard header. + printf "This test has high flake rates for the following environments:\n\n|Environment|Flake Rate (%%)|\n|---|---|\n" > "${ISSUE_BODY_TMP}" + + # 1) Filter $MID_FLAKES_DATA to only include entries with the given test name + # 2) Sort by flake rates in descending order + # 3) Format the entry into a row in the table + # 4) Append all entries to $ISSUE_BODY_TMP + echo "${TEST_NAME}" \ + | join -t , -1 1 -2 2 - "${MID_FLAKES_DATA}" \ + | sort -t , -g -r -k 3,3 \ + | awk -F, '{ printf "|%s|%s|\n", $2, $3 }' \ + >> "${ISSUE_BODY_TMP}" + + # Edit the issue body to use $ISSUE_BODY_TMP + gh issue edit "${ISSUE_NUMBER}" --body "$(cat "$ISSUE_BODY_TMP")" +done From e4ce399a6f3b8a09323da3b304132d21ff5dfba1 Mon Sep 17 00:00:00 2001 From: rajdevworks <57292575+rajdevworks@users.noreply.github.com> Date: Mon, 9 Aug 2021 21:32:48 -0500 Subject: [PATCH 085/205] Rephrased and rearranged the chocolatey section Added a note on Windows support Removed bullets and used paragraph Rephrased statements --- .../en/docs/contrib/external-packages.en.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/site/content/en/docs/contrib/external-packages.en.md b/site/content/en/docs/contrib/external-packages.en.md index fab9b2c4c6..d3b75210bc 100644 --- a/site/content/en/docs/contrib/external-packages.en.md +++ b/site/content/en/docs/contrib/external-packages.en.md @@ -5,8 +5,14 @@ linkTitle: "Managing External Packages" ## Managing External Packages -### Chocolatey -* It is a software management automation for Windows that wraps installers, executables, zips, and scripts into compiled packages. -* View Minikube package on Chocolatey [here](https://community.chocolatey.org/packages/Minikube/). -* View current status of the Chocolatey pacakge [here](https://gist.github.com/choco-bot/a14b1e5bfaf70839b338eb1ab7f8226f). -* View the update script [here](https://github.com/chocolatey-community/chocolatey-coreteampackages/tree/master/automatic/minikube). +### Chocolatey (Windows) +It is a software management automation for Windows that wraps installers, executables, zips, and scripts into compiled packages. Use Chocolatey to install Minikube on Windows. The following links provide details necessary to install, get status, and update to the latest minikube chocolatey package on windows. + + +Minikube package on Chocolatey community - [Install, Upgrade and Uninstall](https://community.chocolatey.org/packages/Minikube/). + +Get the [current status](https://gist.github.com/choco-bot/a14b1e5bfaf70839b338eb1ab7f8226f) of the Chocolatey pacakge . + + Minikube Chocolatey update script on [Github](https://github.com/chocolatey-community/chocolatey-coreteampackages/tree/master/automatic/minikube). + +#### Note: Windows support is limited to 64bit systems. From c0be805e393860ba56f69621f99d26c75c75ca92 Mon Sep 17 00:00:00 2001 From: rajdevworks <57292575+rajdevworks@users.noreply.github.com> Date: Mon, 9 Aug 2021 21:36:18 -0500 Subject: [PATCH 086/205] Change Note font size --- site/content/en/docs/contrib/external-packages.en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/content/en/docs/contrib/external-packages.en.md b/site/content/en/docs/contrib/external-packages.en.md index d3b75210bc..43224236a9 100644 --- a/site/content/en/docs/contrib/external-packages.en.md +++ b/site/content/en/docs/contrib/external-packages.en.md @@ -15,4 +15,4 @@ Get the [current status](https://gist.github.com/choco-bot/a14b1e5bfaf70839b338e Minikube Chocolatey update script on [Github](https://github.com/chocolatey-community/chocolatey-coreteampackages/tree/master/automatic/minikube). -#### Note: Windows support is limited to 64bit systems. +**Note: Windows support is limited to 64bit systems.** From 0255bbb6754bd2f51a6e4faaa7f402b64b0e5382 Mon Sep 17 00:00:00 2001 From: Parthvi Vala Date: Tue, 10 Aug 2021 12:47:03 +0530 Subject: [PATCH 087/205] Fix typo in addons/ingress-dns --- site/content/en/docs/handbook/addons/ingress-dns.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site/content/en/docs/handbook/addons/ingress-dns.md b/site/content/en/docs/handbook/addons/ingress-dns.md index 84eb968468..5c59e10eda 100644 --- a/site/content/en/docs/handbook/addons/ingress-dns.md +++ b/site/content/en/docs/handbook/addons/ingress-dns.md @@ -19,7 +19,7 @@ only real way to do this is to add an entry for every service in your `/etc/host reasons. If you have a lot of services running that each have their own dns entry then you have to set those up manually. Even if you automate it you then need to rely on the host operating system storing configurations instead of storing them in your cluster. To make it worse it has to be constantly maintained and updated as services are added, -remove, and renamed. I call it the `/ets/hosts` pollution problem. +remove, and renamed. I call it the `/etc/hosts` pollution problem. ### Solution What if you could just access your local services magically without having to edit your `/etc/hosts` file? Well now you @@ -185,4 +185,4 @@ sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.pli | Image | Source | Owner | | :--- | :--- | :--- | | [ingress-nginx](https://quay.io/repository/kubernetes-ingress-controller/nginx-ingress-controller) | [ingress-nginx](https://github.com/kubernetes/ingress-nginx) | Kubernetes ingress-nginx -| [minikube-ingress-dns](https://hub.docker.com/r/cryptexlabs/minikube-ingress-dns) | [minikube-ingress-dns](https://gitlab.com/cryptexlabs/public/development/minikube-ingress-dns) | Cryptex Labs \ No newline at end of file +| [minikube-ingress-dns](https://hub.docker.com/r/cryptexlabs/minikube-ingress-dns) | [minikube-ingress-dns](https://gitlab.com/cryptexlabs/public/development/minikube-ingress-dns) | Cryptex Labs From a62a02bc9a2e3fca6a3033fcb2199e49b1271c50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Sun, 8 Aug 2021 23:17:15 +0200 Subject: [PATCH 088/205] Add method to copy files from the VM as well Previously you could only Copy(To), not CopyFrom. Implies that some Assets can be written to instead. --- pkg/minikube/assets/vm_assets.go | 59 ++++++++++++++++++ pkg/minikube/command/command_runner.go | 3 + pkg/minikube/command/exec_runner.go | 18 ++++++ pkg/minikube/command/fake_runner.go | 13 ++++ pkg/minikube/command/kic_runner.go | 17 ++++++ pkg/minikube/command/ssh_runner.go | 82 ++++++++++++++++++++++++++ pkg/minikube/cruntime/cruntime.go | 2 + pkg/minikube/cruntime/cruntime_test.go | 4 ++ 8 files changed, 198 insertions(+) diff --git a/pkg/minikube/assets/vm_assets.go b/pkg/minikube/assets/vm_assets.go index b6ec89e9b8..752953e960 100644 --- a/pkg/minikube/assets/vm_assets.go +++ b/pkg/minikube/assets/vm_assets.go @@ -24,6 +24,7 @@ import ( "io" "os" "path" + "strconv" "time" "github.com/pkg/errors" @@ -37,8 +38,11 @@ const MemorySource = "memory" // CopyableFile is something that can be copied type CopyableFile interface { io.Reader + io.Writer GetLength() int + SetLength(int) GetSourcePath() string + GetTargetPath() string GetTargetDir() string GetTargetName() string @@ -62,6 +66,11 @@ func (b *BaseAsset) GetSourcePath() string { return b.SourcePath } +// GetTargetPath returns target path +func (b *BaseAsset) GetTargetPath() string { + return path.Join(b.GetTargetDir(), b.GetTargetName()) +} + // GetTargetDir returns target dir func (b *BaseAsset) GetTargetDir() string { return b.TargetDir @@ -86,6 +95,7 @@ func (b *BaseAsset) GetModTime() (time.Time, error) { type FileAsset struct { BaseAsset reader io.ReadSeeker + writer io.Writer file *os.File // Optional pointer to close file through FileAsset.Close() } @@ -134,6 +144,14 @@ func (f *FileAsset) GetLength() (flen int) { return int(fi.Size()) } +// SetLength sets the file length +func (f *FileAsset) SetLength(flen int) { + err := os.Truncate(f.SourcePath, int64(flen)) + if err != nil { + klog.Errorf("truncate(%q) failed: %v", f.SourcePath, err) + } +} + // GetModTime returns modification time of the file func (f *FileAsset) GetModTime() (time.Time, error) { fi, err := os.Stat(f.SourcePath) @@ -152,6 +170,23 @@ func (f *FileAsset) Read(p []byte) (int, error) { return f.reader.Read(p) } +// Write writes the asset +func (f *FileAsset) Write(p []byte) (int, error) { + if f.writer == nil { + f.file.Close() + perms, err := strconv.ParseUint(f.Permissions, 8, 32) + if err != nil || perms > 07777 { + return 0, err + } + f.file, err = os.OpenFile(f.SourcePath, os.O_RDWR|os.O_CREATE, os.FileMode(perms)) + if err != nil { + return 0, err + } + f.writer = io.Writer(f.file) + } + return f.writer.Write(p) +} + // Seek resets the reader to offset func (f *FileAsset) Seek(offset int64, whence int) (int64, error) { return f.reader.Seek(offset, whence) @@ -177,11 +212,23 @@ func (m *MemoryAsset) GetLength() int { return m.length } +// SetLength returns length +func (m *MemoryAsset) SetLength(len int) { + m.length = len +} + // Read reads the asset func (m *MemoryAsset) Read(p []byte) (int, error) { return m.reader.Read(p) } +// Writer writes the asset +func (m *MemoryAsset) Write(p []byte) (int, error) { + m.length = len(p) + m.reader = bytes.NewReader(p) + return len(p), nil +} + // Seek resets the reader to offset func (m *MemoryAsset) Seek(offset int64, whence int) (int64, error) { return m.reader.Seek(offset, whence) @@ -298,6 +345,11 @@ func (m *BinAsset) GetLength() int { return m.length } +// SetLength sets length +func (m *BinAsset) SetLength(len int) { + m.length = len +} + // Read reads the asset func (m *BinAsset) Read(p []byte) (int, error) { if m.GetLength() == 0 { @@ -306,6 +358,13 @@ func (m *BinAsset) Read(p []byte) (int, error) { return m.reader.Read(p) } +// Write writes the asset +func (m *BinAsset) Write(p []byte) (int, error) { + m.length = len(p) + m.reader = bytes.NewReader(p) + return len(p), nil +} + // Seek resets the reader to offset func (m *BinAsset) Seek(offset int64, whence int) (int64, error) { return m.reader.Seek(offset, whence) diff --git a/pkg/minikube/command/command_runner.go b/pkg/minikube/command/command_runner.go index 41619b1af8..3abd0dbdfc 100644 --- a/pkg/minikube/command/command_runner.go +++ b/pkg/minikube/command/command_runner.go @@ -75,6 +75,9 @@ type Runner interface { // Copy is a convenience method that runs a command to copy a file Copy(assets.CopyableFile) error + // CopyFrom is a convenience method that runs a command to copy a file back + CopyFrom(assets.CopyableFile) error + // Remove is a convenience method that runs a command to remove a file Remove(assets.CopyableFile) error } diff --git a/pkg/minikube/command/exec_runner.go b/pkg/minikube/command/exec_runner.go index b803b9b949..7d91519776 100644 --- a/pkg/minikube/command/exec_runner.go +++ b/pkg/minikube/command/exec_runner.go @@ -184,6 +184,24 @@ func (e *execRunner) Copy(f assets.CopyableFile) error { return writeFile(dst, f, os.FileMode(perms)) } +// CopyFrom copies a file +func (e *execRunner) CopyFrom(f assets.CopyableFile) error { + src := path.Join(f.GetTargetDir(), f.GetTargetName()) + + dst := f.GetSourcePath() + klog.Infof("cp: %s --> %s (%d bytes)", src, dst, f.GetLength()) + if f.GetLength() == 0 { + klog.Warningf("0 byte asset: %+v", f) + } + + perms, err := strconv.ParseInt(f.GetPermissions(), 8, 0) + if err != nil || perms > 07777 { + return errors.Wrapf(err, "error converting permissions %s to integer", f.GetPermissions()) + } + + return writeFile(dst, f, os.FileMode(perms)) +} + // Remove removes a file func (e *execRunner) Remove(f assets.CopyableFile) error { dst := filepath.Join(f.GetTargetDir(), f.GetTargetName()) diff --git a/pkg/minikube/command/fake_runner.go b/pkg/minikube/command/fake_runner.go index b663ff7a38..0e8521a99f 100644 --- a/pkg/minikube/command/fake_runner.go +++ b/pkg/minikube/command/fake_runner.go @@ -142,6 +142,19 @@ func (f *FakeCommandRunner) Copy(file assets.CopyableFile) error { return nil } +func (f *FakeCommandRunner) CopyFrom(file assets.CopyableFile) error { + v, ok := f.fileMap.Load(file.GetSourcePath()) + if !ok { + return fmt.Errorf("not found in map") + } + b := v.(bytes.Buffer) + _, err := io.Copy(file, &b) + if err != nil { + return errors.Wrapf(err, "error writing file: %+v", file) + } + return nil +} + // Remove removes the filename, file contents key value pair from the stored map func (f *FakeCommandRunner) Remove(file assets.CopyableFile) error { f.fileMap.Delete(file.GetSourcePath()) diff --git a/pkg/minikube/command/kic_runner.go b/pkg/minikube/command/kic_runner.go index 71e56feb77..7156246ff2 100644 --- a/pkg/minikube/command/kic_runner.go +++ b/pkg/minikube/command/kic_runner.go @@ -204,6 +204,15 @@ func (k *kicRunner) Copy(f assets.CopyableFile) error { return k.copy(tf.Name(), dst) } +// CopyFrom copies a file +func (k *kicRunner) CopyFrom(f assets.CopyableFile) error { + src := f.GetTargetPath() + dst := f.GetSourcePath() + + klog.Infof("%s (direct): %s --> %s", k.ociBin, src, dst) + return k.copyFrom(src, dst) +} + // tempDirectory returns the directory to use as the temp directory // or an empty string if it should use the os default temp directory. func tempDirectory(isMinikubeSnap bool, isDockerSnap bool) (string, error) { @@ -229,6 +238,14 @@ func (k *kicRunner) copy(src string, dst string) error { return copyToDocker(src, fullDest) } +func (k *kicRunner) copyFrom(src string, dst string) error { + fullSource := fmt.Sprintf("%s:%s", k.nameOrID, src) + if k.ociBin == oci.Podman { + return copyToPodman(fullSource, dst) + } + return copyToDocker(fullSource, dst) +} + func (k *kicRunner) chmod(dst string, perm string) error { _, err := k.RunCmd(exec.Command("sudo", "chmod", perm, dst)) return err diff --git a/pkg/minikube/command/ssh_runner.go b/pkg/minikube/command/ssh_runner.go index fe92bffe00..d0044f4c74 100644 --- a/pkg/minikube/command/ssh_runner.go +++ b/pkg/minikube/command/ssh_runner.go @@ -17,11 +17,14 @@ limitations under the License. package command import ( + "bufio" "bytes" "fmt" "io" "os/exec" "path" + "strconv" + "strings" "sync" "time" @@ -373,3 +376,82 @@ func (s *SSHRunner) Copy(f assets.CopyableFile) error { } return g.Wait() } + +// CopyFrom copies a file from the remote over SSH. +func (s *SSHRunner) CopyFrom(f assets.CopyableFile) error { + dst := path.Join(path.Join(f.GetTargetDir(), f.GetTargetName())) + + sess, err := s.session() + if err != nil { + return errors.Wrap(err, "NewSession") + } + defer func() { + if err := sess.Close(); err != nil { + if err != io.EOF { + klog.Errorf("session close: %v", err) + } + } + }() + + cmd := exec.Command("stat", "-c", "%s", dst) + rr, err := s.RunCmd(cmd) + if err != nil { + return fmt.Errorf("%s: %v", cmd, err) + } + length, err := strconv.Atoi(strings.TrimSuffix(rr.Stdout.String(), "\n")) + if err != nil { + return err + } + src := f.GetSourcePath() + klog.Infof("scp %s --> %s (%d bytes)", dst, src, length) + f.SetLength(length) + + r, err := sess.StdoutPipe() + if err != nil { + return errors.Wrap(err, "StdoutPipe") + } + w, err := sess.StdinPipe() + if err != nil { + return errors.Wrap(err, "StdinPipe") + } + // The scpcmd below *should not* return until all data is copied and the + // StdinPipe is closed. But let's use errgroup to make it explicit. + var g errgroup.Group + var copied int64 + + g.Go(func() error { + defer w.Close() + br := bufio.NewReader(r) + fmt.Fprint(w, "\x00") + b, err := br.ReadBytes('\n') + if err != nil { + return errors.Wrap(err, "ReadBytes") + } + if b[0] != 'C' { + return fmt.Errorf("unexpected: %v", b) + } + fmt.Fprint(w, "\x00") + + copied = 0 + for copied < int64(length) { + n, err := io.CopyN(f, br, int64(length)) + if err != nil { + return errors.Wrap(err, "io.CopyN") + } + copied += n + } + fmt.Fprint(w, "\x00") + err = sess.Wait() + if err != nil { + return err + } + return nil + }) + + scp := fmt.Sprintf("sudo scp -f %s", f.GetTargetPath()) + err = sess.Start(scp) + if err != nil { + return fmt.Errorf("%s: %s", scp, err) + } + return g.Wait() +} diff --git a/pkg/minikube/cruntime/cruntime.go b/pkg/minikube/cruntime/cruntime.go index 95d9084839..e2df9d83a9 100644 --- a/pkg/minikube/cruntime/cruntime.go +++ b/pkg/minikube/cruntime/cruntime.go @@ -65,6 +65,8 @@ type CommandRunner interface { WaitCmd(sc *command.StartedCmd) (*command.RunResult, error) // Copy is a convenience method that runs a command to copy a file Copy(assets.CopyableFile) error + // CopyFrom is a convenience method that runs a command to copy a file back + CopyFrom(assets.CopyableFile) error // Remove is a convenience method that runs a command to remove a file Remove(assets.CopyableFile) error } diff --git a/pkg/minikube/cruntime/cruntime_test.go b/pkg/minikube/cruntime/cruntime_test.go index ca1c6cd54b..3a55059cc4 100644 --- a/pkg/minikube/cruntime/cruntime_test.go +++ b/pkg/minikube/cruntime/cruntime_test.go @@ -236,6 +236,10 @@ func (f *FakeRunner) Copy(assets.CopyableFile) error { return nil } +func (f *FakeRunner) CopyFrom(assets.CopyableFile) error { + return nil +} + func (f *FakeRunner) Remove(assets.CopyableFile) error { return nil } From b75bf279424ccfb7b7c120090310aa6ca2389051 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Sun, 8 Aug 2021 23:21:10 +0200 Subject: [PATCH 089/205] Add command to save images from the cluster This is the opposite command of "minikube image load", and can be used after doing a "minikube image build". The default is to save images in the cache, but it is also possible to save to files or to standard output. --- cmd/minikube/cmd/image.go | 74 ++++++++ pkg/minikube/image/image.go | 58 ++++++ pkg/minikube/machine/cache_images.go | 171 ++++++++++++++++++ pkg/minikube/reason/reason.go | 2 + site/content/en/docs/commands/image.md | 48 +++++ site/content/en/docs/contrib/errorcodes.en.md | 3 + 6 files changed, 356 insertions(+) diff --git a/cmd/minikube/cmd/image.go b/cmd/minikube/cmd/image.go index 85616c09c4..8fdc870e57 100644 --- a/cmd/minikube/cmd/image.go +++ b/cmd/minikube/cmd/image.go @@ -144,6 +144,77 @@ var loadImageCmd = &cobra.Command{ }, } +func readFile(w io.Writer, tmp string) error { + r, err := os.Open(tmp) + if err != nil { + return err + } + _, err = io.Copy(w, r) + if err != nil { + return err + } + err = r.Close() + if err != nil { + return err + } + return nil +} + +// saveImageCmd represents the image load command +var saveImageCmd = &cobra.Command{ + Use: "save IMAGE [ARCHIVE | -]", + Short: "Save a image from minikube", + Long: "Save a image from minikube", + Example: "minikube image save image\nminikube image save image image.tar", + Run: func(cmd *cobra.Command, args []string) { + if len(args) == 0 { + exit.Message(reason.Usage, "Please provide an image in the container runtime to save from minikube via ") + } + // Save images from container runtime + profile, err := config.LoadProfile(viper.GetString(config.ProfileName)) + if err != nil { + exit.Error(reason.Usage, "loading profile", err) + } + + if len(args) > 1 { + output = args[1] + + if args[1] == "-" { + tmp, err := ioutil.TempFile("", "image.*.tar") + if err != nil { + exit.Error(reason.GuestImageSave, "Failed to get temp", err) + } + tmp.Close() + output = tmp.Name() + } + + if err := machine.DoSaveImages([]string{args[0]}, output, []*config.Profile{profile}, ""); err != nil { + exit.Error(reason.GuestImageSave, "Failed to save image", err) + } + + if args[1] == "-" { + err := readFile(os.Stdout, output) + if err != nil { + exit.Error(reason.GuestImageSave, "Failed to read temp", err) + } + os.Remove(output) + } + } else { + if err := machine.SaveAndCacheImages([]string{args[0]}, []*config.Profile{profile}); err != nil { + exit.Error(reason.GuestImageSave, "Failed to save image", err) + } + if imgDaemon || imgRemote { + image.UseDaemon(imgDaemon) + image.UseRemote(imgRemote) + err := image.UploadCachedImage(args[0]) + if err != nil { + exit.Error(reason.GuestImageSave, "Failed to save image", err) + } + } + } + }, +} + var removeImageCmd = &cobra.Command{ Use: "rm IMAGE [IMAGE...]", Short: "Remove one or more images", @@ -258,5 +329,8 @@ func init() { buildImageCmd.Flags().StringArrayVar(&buildEnv, "build-env", nil, "Environment variables to pass to the build. (format: key=value)") buildImageCmd.Flags().StringArrayVar(&buildOpt, "build-opt", nil, "Specify arbitrary flags to pass to the build. (format: key=value)") imageCmd.AddCommand(buildImageCmd) + saveImageCmd.Flags().BoolVar(&imgDaemon, "daemon", false, "Cache image to docker daemon") + saveImageCmd.Flags().BoolVar(&imgRemote, "remote", false, "Cache image to remote registry") + imageCmd.AddCommand(saveImageCmd) imageCmd.AddCommand(listImageCmd) } diff --git a/pkg/minikube/image/image.go b/pkg/minikube/image/image.go index 7814ce9abd..f10b4c16fd 100644 --- a/pkg/minikube/image/image.go +++ b/pkg/minikube/image/image.go @@ -33,10 +33,12 @@ import ( "github.com/google/go-containerregistry/pkg/v1/daemon" "github.com/google/go-containerregistry/pkg/v1/mutate" "github.com/google/go-containerregistry/pkg/v1/remote" + "github.com/google/go-containerregistry/pkg/v1/tarball" "github.com/pkg/errors" "k8s.io/klog/v2" "k8s.io/minikube/pkg/minikube/constants" + "k8s.io/minikube/pkg/minikube/localpath" ) const ( @@ -191,6 +193,62 @@ func retrieveRemote(ref name.Reference, p v1.Platform) (v1.Image, error) { return img, err } +// imagePathInCache returns path in local cache directory +func imagePathInCache(img string) string { + f := filepath.Join(constants.ImageCacheDir, img) + f = localpath.SanitizeCacheDir(f) + return f +} + +func UploadCachedImage(imgName string) error { + tag, err := name.NewTag(imgName, name.WeakValidation) + if err != nil { + klog.Infof("error parsing image name %s tag %v ", imgName, err) + return err + } + return uploadImage(tag, imagePathInCache(imgName)) +} + +func uploadImage(tag name.Tag, p string) error { + var err error + var img v1.Image + + if !useDaemon && !useRemote { + return fmt.Errorf("neither daemon nor remote") + } + + img, err = tarball.ImageFromPath(p, &tag) + if err != nil { + return errors.Wrap(err, "tarball") + } + ref := name.Reference(tag) + + klog.Infof("uploading image: %+v from: %s", ref, p) + if useDaemon { + return uploadDaemon(ref, img) + } + if useRemote { + return uploadRemote(ref, img, defaultPlatform) + } + return nil +} + +func uploadDaemon(ref name.Reference, img v1.Image) error { + resp, err := daemon.Write(ref, img) + if err != nil { + klog.Warningf("daemon load for %s: %v\n%s", ref, err, resp) + } + return err +} + +func uploadRemote(ref name.Reference, img v1.Image, p v1.Platform) error { + err := remote.Write(ref, img, remote.WithAuthFromKeychain(authn.DefaultKeychain), remote.WithPlatform(p)) + if err != nil { + klog.Warningf("remote push for %s: %v", ref, err) + } + return err +} + // See https://github.com/kubernetes/minikube/issues/10402 // check if downloaded image Architecture field matches the requested and fix it otherwise func fixPlatform(ref name.Reference, img v1.Image, p v1.Platform) (v1.Image, error) { diff --git a/pkg/minikube/machine/cache_images.go b/pkg/minikube/machine/cache_images.go index ad97ddcf8d..f7ba9b8e3f 100644 --- a/pkg/minikube/machine/cache_images.go +++ b/pkg/minikube/machine/cache_images.go @@ -19,6 +19,7 @@ package machine import ( "fmt" "os" + "os/exec" "path" "path/filepath" "sort" @@ -48,6 +49,9 @@ var loadRoot = path.Join(vmpath.GuestPersistentDir, "images") // loadImageLock is used to serialize image loads to avoid overloading the guest VM var loadImageLock sync.Mutex +// saveRoot is where images should be saved from within the guest VM +var saveRoot = path.Join(vmpath.GuestPersistentDir, "images") + // CacheImagesForBootstrapper will cache images for a bootstrapper func CacheImagesForBootstrapper(imageRepository string, version string, clusterBootstrapper string) error { images, err := bootstrapper.GetCachedImageList(imageRepository, version, clusterBootstrapper) @@ -326,6 +330,173 @@ func removeExistingImage(r cruntime.Manager, src string, imgName string) error { return nil } +// SaveCachedImages saves from the container runtime to the cache +func SaveCachedImages(cc *config.ClusterConfig, runner command.Runner, images []string, cacheDir string) error { + klog.Infof("SaveImages start: %s", images) + start := time.Now() + + defer func() { + klog.Infof("SaveImages completed in %s", time.Since(start)) + }() + + var g errgroup.Group + + for _, image := range images { + image := image + g.Go(func() error { + return transferAndSaveCachedImage(runner, cc.KubernetesConfig, image, cacheDir) + }) + } + if err := g.Wait(); err != nil { + return errors.Wrap(err, "saving cached images") + } + klog.Infoln("Successfully saved all cached images") + return nil +} + +// SaveLocalImages saves images from the container runtime +func SaveLocalImages(cc *config.ClusterConfig, runner command.Runner, images []string, output string) error { + var g errgroup.Group + for _, image := range images { + image := image + g.Go(func() error { + return transferAndSaveImage(runner, cc.KubernetesConfig, output, image) + }) + } + if err := g.Wait(); err != nil { + return errors.Wrap(err, "saving images") + } + klog.Infoln("Successfully saved all images") + return nil +} + +// SaveAndCacheImages saves images from all profiles into the cache +func SaveAndCacheImages(images []string, profiles []*config.Profile) error { + if len(images) == 0 { + return nil + } + + return DoSaveImages(images, "", profiles, constants.ImageCacheDir) +} + +// DoSaveImages saves images from all profiles +func DoSaveImages(images []string, output string, profiles []*config.Profile, cacheDir string) error { + api, err := NewAPIClient() + if err != nil { + return errors.Wrap(err, "api") + } + defer api.Close() + + klog.Infof("Save images: %q", images) + + succeeded := []string{} + failed := []string{} + + for _, p := range profiles { // loading images to all running profiles + pName := p.Name // capture the loop variable + + c, err := config.Load(pName) + if err != nil { + // Non-fatal because it may race with profile deletion + klog.Errorf("Failed to load profile %q: %v", pName, err) + failed = append(failed, pName) + continue + } + + for _, n := range c.Nodes { + m := config.MachineName(*c, n) + + status, err := Status(api, m) + if err != nil { + klog.Warningf("error getting status for %s: %v", m, err) + failed = append(failed, m) + continue + } + + if status == state.Running.String() { // the not running hosts will load on next start + h, err := api.Load(m) + if err != nil { + klog.Warningf("Failed to load machine %q: %v", m, err) + failed = append(failed, m) + continue + } + cr, err := CommandRunner(h) + if err != nil { + return err + } + if cacheDir != "" { + // saving image names, to cache + err = SaveCachedImages(c, cr, images, cacheDir) + } else { + // saving mage files + err = SaveLocalImages(c, cr, images, output) + } + if err != nil { + failed = append(failed, m) + klog.Warningf("Failed to load cached images for profile %s. make sure the profile is running. %v", pName, err) + continue + } + succeeded = append(succeeded, m) + } + } + } + + klog.Infof("succeeded pulling from : %s", strings.Join(succeeded, " ")) + klog.Infof("failed pulling from : %s", strings.Join(failed, " ")) + // Live pushes are not considered a failure + return nil +} + +// transferAndSaveCachedImage transfers and loads a single image from the cache +func transferAndSaveCachedImage(cr command.Runner, k8s config.KubernetesConfig, imgName string, cacheDir string) error { + dst := filepath.Join(cacheDir, imgName) + dst = localpath.SanitizeCacheDir(dst) + return transferAndSaveImage(cr, k8s, dst, imgName) +} + +// transferAndSaveImage transfers and loads a single image +func transferAndSaveImage(cr command.Runner, k8s config.KubernetesConfig, dst string, imgName string) error { + r, err := cruntime.New(cruntime.Config{Type: k8s.ContainerRuntime, Runner: cr}) + if err != nil { + return errors.Wrap(err, "runtime") + } + + klog.Infof("Saving image to: %s", dst) + filename := filepath.Base(dst) + + _, err = os.OpenFile(dst, os.O_CREATE|os.O_WRONLY, 0777) + if err != nil { + return err + } + + f, err := assets.NewFileAsset(dst, saveRoot, filename, "0644") + if err != nil { + return errors.Wrapf(err, "creating copyable file asset: %s", filename) + } + defer func() { + if err := f.Close(); err != nil { + klog.Warningf("error closing the file %s: %v", f.GetSourcePath(), err) + } + }() + + src := path.Join(saveRoot, filename) + args := append([]string{"rm", "-f"}, src) + if _, err := cr.RunCmd(exec.Command("sudo", args...)); err != nil { + return err + } + err = r.SaveImage(imgName, src) + if err != nil { + return errors.Wrapf(err, "%s save %s", r.Name(), src) + } + + if err := cr.CopyFrom(f); err != nil { + return errors.Wrap(err, "transferring cached image") + } + + klog.Infof("Transferred and saved %s to cache", dst) + return nil +} + // pullImages pulls images to the container run time func pullImages(cruntime cruntime.Manager, images []string) error { klog.Infof("PullImages start: %s", images) diff --git a/pkg/minikube/reason/reason.go b/pkg/minikube/reason/reason.go index 9b044e45b8..dc01e2f3ae 100644 --- a/pkg/minikube/reason/reason.go +++ b/pkg/minikube/reason/reason.go @@ -317,6 +317,8 @@ var ( GuestImageRemove = Kind{ID: "GUEST_IMAGE_REMOVE", ExitCode: ExGuestError} // minikube failed to build an image GuestImageBuild = Kind{ID: "GUEST_IMAGE_BUILD", ExitCode: ExGuestError} + // minikube failed to push or save an image + GuestImageSave = Kind{ID: "GUEST_IMAGE_SAVE", ExitCode: ExGuestError} // minikube failed to load host GuestLoadHost = Kind{ID: "GUEST_LOAD_HOST", ExitCode: ExGuestError} // minkube failed to create a mount diff --git a/site/content/en/docs/commands/image.md b/site/content/en/docs/commands/image.md index 299e0c80ae..112794ff40 100644 --- a/site/content/en/docs/commands/image.md +++ b/site/content/en/docs/commands/image.md @@ -264,3 +264,51 @@ $ minikube image unload image busybox --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging ``` +## minikube image save + +Save a image from minikube + +### Synopsis + +Save a image from minikube + +```shell +minikube image save IMAGE [ARCHIVE | -] [flags] +``` + +### Examples + +``` +minikube image save image +minikube image save image image.tar +``` + +### Options + +``` + --daemon Cache image to docker daemon + --remote Cache image to remote registry +``` + +### Options inherited from parent commands + +``` + --add_dir_header If true, adds the file directory to the header of the log messages + --alsologtostderr log to standard error as well as files + -b, --bootstrapper string The name of the cluster bootstrapper that will set up the Kubernetes cluster. (default "kubeadm") + -h, --help + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --log_file string If non-empty, use this log file + --log_file_max_size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) + --logtostderr log to standard error instead of files + --one_output If true, only write logs to their native severity level (vs also writing to each lower severity level) + -p, --profile string The name of the minikube VM being used. This can be set to allow having multiple instances of minikube independently. (default "minikube") + --skip_headers If true, avoid header prefixes in the log messages + --skip_log_headers If true, avoid headers when opening log files + --stderrthreshold severity logs at or above this threshold go to stderr (default 2) + --user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username. + -v, --v Level number for the log level verbosity + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + diff --git a/site/content/en/docs/contrib/errorcodes.en.md b/site/content/en/docs/contrib/errorcodes.en.md index d2589bf1e5..c3621b7ed4 100644 --- a/site/content/en/docs/contrib/errorcodes.en.md +++ b/site/content/en/docs/contrib/errorcodes.en.md @@ -381,6 +381,9 @@ minikube failed to remove an image "GUEST_IMAGE_BUILD" (Exit code ExGuestError) minikube failed to build an image +"GUEST_IMAGE_SAVE" (Exit code ExGuestError) +minikube failed to push or save an image + "GUEST_LOAD_HOST" (Exit code ExGuestError) minikube failed to load host From dbb295d078cb02a39d007c0b1a7befd6972eaebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Tue, 10 Aug 2021 10:30:36 +0200 Subject: [PATCH 090/205] Go back to upstream google/go-containerregistry Do the docker pull (of the manifest and its digest) explicitly, instead of implicitly in the library. Also, no progress bar. Pass the digest to the fetch and the tag to the tarball save, as usual there are _no_ digests used in the tarball files. --- go.mod | 1 - go.sum | 4 +-- pkg/minikube/download/image.go | 56 ++++++++++++++++++++++------------ 3 files changed, 38 insertions(+), 23 deletions(-) diff --git a/go.mod b/go.mod index 400663d3f5..b73666435f 100644 --- a/go.mod +++ b/go.mod @@ -104,7 +104,6 @@ replace ( git.apache.org/thrift.git => github.com/apache/thrift v0.0.0-20180902110319-2566ecd5d999 github.com/briandowns/spinner => github.com/alonyb/spinner v1.12.7 github.com/docker/machine => github.com/machine-drivers/machine v0.7.1-0.20210719174735-6eca26732baa - github.com/google/go-containerregistry => github.com/afbjorklund/go-containerregistry v0.4.1-0.20210321165649-761f6f9626b1 github.com/samalba/dockerclient => github.com/sayboras/dockerclient v1.0.0 k8s.io/api => k8s.io/api v0.21.2 k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.21.2 diff --git a/go.sum b/go.sum index 51c276c046..d9d4dd91bc 100644 --- a/go.sum +++ b/go.sum @@ -115,8 +115,6 @@ github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdc github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA= github.com/VividCortex/godaemon v1.0.0 h1:aHYrScWvgaSOdAoYCdObWXLm+e1rldP9Pwb1ZvuZkQw= github.com/VividCortex/godaemon v1.0.0/go.mod h1:hBWe/72KbGt/lb95E+Sh9ersdYbB57Dt6CG66S1YPno= -github.com/afbjorklund/go-containerregistry v0.4.1-0.20210321165649-761f6f9626b1 h1:AI8EIk8occ3pruhaTpkaQxQGlC1dHx3J9hAtg7t+FLI= -github.com/afbjorklund/go-containerregistry v0.4.1-0.20210321165649-761f6f9626b1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af h1:wVe6/Ea46ZMeNkQjjBW6xcqyQA/j5e0D6GytH95g0gQ= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= @@ -548,6 +546,8 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-containerregistry v0.4.1 h1:Lrcj2AOoZ7WKawsoKAh2O0dH0tBqMW2lTEmozmK4Z3k= +github.com/google/go-containerregistry v0.4.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-github/v36 v36.0.0 h1:ndCzM616/oijwufI7nBRa+5eZHLldT+4yIB68ib5ogs= diff --git a/pkg/minikube/download/image.go b/pkg/minikube/download/image.go index bf69d3671c..0346834c88 100644 --- a/pkg/minikube/download/image.go +++ b/pkg/minikube/download/image.go @@ -121,6 +121,10 @@ func ImageToCache(img string) error { if err != nil { return errors.Wrap(err, "parsing reference") } + tag, err := name.NewTag(strings.Split(img, "@")[0]) + if err != nil { + return errors.Wrap(err, "parsing tag") + } klog.V(3).Infof("Getting image %v", ref) i, err := remote.Image(ref, remote.WithPlatform(defaultPlatform)) if err != nil { @@ -134,7 +138,7 @@ func ImageToCache(img string) error { return errors.Wrap(err, "getting remote image") } - klog.V(3).Infof("Writing image %v", ref) + klog.V(3).Infof("Writing image %v", tag) errchan := make(chan error) p := pb.Full.Start64(0) fn := strings.Split(ref.Name(), "@")[0] @@ -150,7 +154,7 @@ func ImageToCache(img string) error { p.SetWidth(79) go func() { - err = tarball.WriteToFile(f, ref, i, tarball.WithProgress(c)) + err = tarball.WriteToFile(f, tag, i, tarball.WithProgress(c)) errchan <- err }() var update v1.Update @@ -170,24 +174,25 @@ func ImageToCache(img string) error { } func parseImage(img string) (*name.Tag, name.Reference, error) { - digest, err := name.NewDigest(img) - if err == nil { - tag := digest.Tag() - return &tag, digest, nil - } - _, ok := err.(*name.ErrBadName) - if !ok { - return nil, nil, errors.Wrap(err, "new ref") - } - // ErrBadName means img contains no digest - // It happens if its value is name:tag for example. - // In this case we want to give it a second chance and try to parse it one more time using name.NewTag(img) - tag, err := name.NewTag(img) + var ref name.Reference + tag, err := name.NewTag(strings.Split(img, "@")[0]) if err != nil { return nil, nil, errors.Wrap(err, "failed to parse image reference") } - return &tag, tag, nil + digest, err := name.NewDigest(img) + if err != nil { + _, ok := err.(*name.ErrBadName) + if !ok { + return nil, nil, errors.Wrap(err, "new ref") + } + // ErrBadName means img contains no digest + // It happens if its value is name:tag for example. + ref = tag + } else { + ref = digest + } + return &tag, ref, nil } // CacheToDaemon loads image from tarball in the local cache directory to the local docker daemon @@ -210,7 +215,7 @@ func CacheToDaemon(img string) error { return errors.Wrap(err, "tarball") } - resp, err := daemon.Write(ref, i) + resp, err := daemon.Write(*tag, i) klog.V(2).Infof("response: %s", resp) return err } @@ -240,6 +245,10 @@ func ImageToDaemon(img string) error { if err != nil { return errors.Wrap(err, "parsing reference") } + tag, err := name.NewTag(strings.Split(img, "@")[0]) + if err != nil { + return errors.Wrap(err, "parsing tag") + } if DownloadMock != nil { klog.Infof("Mock download: %s -> daemon", img) @@ -260,7 +269,7 @@ func ImageToDaemon(img string) error { return errors.Wrap(err, "getting remote image") } - klog.V(3).Infof("Writing image %v", ref) + klog.V(3).Infof("Writing image %v", tag) errchan := make(chan error) p := pb.Full.Start64(0) fn := strings.Split(ref.Name(), "@")[0] @@ -276,7 +285,7 @@ func ImageToDaemon(img string) error { p.SetWidth(79) go func() { - _, err = daemon.Write(ref, i, tarball.WithProgress(c)) + _, err = daemon.Write(tag, i) errchan <- err }() var update v1.Update @@ -290,7 +299,14 @@ func ImageToDaemon(img string) error { if err != nil { return errors.Wrap(err, "writing daemon image") } - return nil + break } } + klog.V(3).Infof("Pulling image %v", ref) + // Pull digest + cmd := exec.Command("docker", "pull", "--quiet", img) + if _, err := cmd.Output(); err != nil { + return errors.Wrap(err, "pulling remote image") + } + return nil } From e91b0375462a0cf18b908d4639adc39478ab0035 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Tue, 10 Aug 2021 13:16:45 +0200 Subject: [PATCH 091/205] Make sure to break loop and not select --- pkg/minikube/download/image.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/minikube/download/image.go b/pkg/minikube/download/image.go index 0346834c88..ee17a020a6 100644 --- a/pkg/minikube/download/image.go +++ b/pkg/minikube/download/image.go @@ -289,6 +289,7 @@ func ImageToDaemon(img string) error { errchan <- err }() var update v1.Update +loop: for { select { case update = <-c: @@ -299,7 +300,7 @@ func ImageToDaemon(img string) error { if err != nil { return errors.Wrap(err, "writing daemon image") } - break + break loop } } klog.V(3).Infof("Pulling image %v", ref) From 6c36bb49abc242f3e0537f5571fbb8952a813bec Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Tue, 10 Aug 2021 10:19:17 -0700 Subject: [PATCH 092/205] Ensure gh is installed for compute_flake_rate. --- hack/jenkins/test-flake-chart/compute_flake_rate.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hack/jenkins/test-flake-chart/compute_flake_rate.sh b/hack/jenkins/test-flake-chart/compute_flake_rate.sh index 5bb557f54c..c72414e1f5 100644 --- a/hack/jenkins/test-flake-chart/compute_flake_rate.sh +++ b/hack/jenkins/test-flake-chart/compute_flake_rate.sh @@ -37,6 +37,8 @@ OPEN_ISSUE_THRESHOLD=80 # Threshold to close existing issues at CLOSE_ISSUE_THRESHOLD=20 +"${DIR}/../installers/check_install_gh.sh" || true + # Get a list of issues from Github and extract only those that look like flake issues. # Sort by test name for later usage. EXISTING_ISSUES_LIST=$(mktemp) From b36be9cd520d3d1e89b3cf71404d4dd7d69e98c4 Mon Sep 17 00:00:00 2001 From: Steven Powell Date: Wed, 21 Jul 2021 10:54:27 -0700 Subject: [PATCH 093/205] Upgrade buildkit from 0.8.2 to 0.9.0 --- .../iso/minikube-iso/package/buildkit-bin/buildkit-bin.hash | 1 + deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.mk | 4 ++-- deploy/kicbase/Dockerfile | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.hash b/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.hash index 2993ed2c59..75c50b02ab 100644 --- a/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.hash +++ b/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.hash @@ -2,3 +2,4 @@ sha256 33bcaa49b31bc3a277ac75d32fce3f5442d39f53a1799b8624e985279b579f74 buildki sha256 28005748fae926edf8c93b7cb1df53ec49df65dec67105b94e7fb9c513fa78a4 buildkit-v0.8.0.linux-amd64.tar.gz sha256 e0438a701d4192f80b2211b0a333984ee4f097c547904e40fc941daad57fe153 buildkit-v0.8.1.linux-amd64.tar.gz sha256 d6d1ebc68806e626f31dd4ea17a406a93dcff14763971cd91b28cbaf3bfffcd4 buildkit-v0.8.2.linux-amd64.tar.gz +sha256 1b307268735c8f8e68b55781a6f4c03af38acc1bc29ba39ebaec6d422bccfb25 buildkit-v0.9.0.linux-amd64.tar.gz diff --git a/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.mk b/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.mk index ba2879dd1f..cc479a30fd 100644 --- a/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.mk +++ b/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.mk @@ -4,8 +4,8 @@ # ################################################################################ -BUILDKIT_BIN_VERSION = v0.8.2 -BUILDKIT_BIN_COMMIT = 9065b18ba4633c75862befca8188de4338d9f94a +BUILDKIT_BIN_VERSION = v0.9.0 +BUILDKIT_BIN_COMMIT = c8bb937807d405d92be91f06ce2629e6202ac7a9 BUILDKIT_BIN_SITE = https://github.com/moby/buildkit/releases/download/$(BUILDKIT_BIN_VERSION) BUILDKIT_BIN_SOURCE = buildkit-$(BUILDKIT_BIN_VERSION).linux-amd64.tar.gz diff --git a/deploy/kicbase/Dockerfile b/deploy/kicbase/Dockerfile index 714c6ce23b..95a62efccf 100644 --- a/deploy/kicbase/Dockerfile +++ b/deploy/kicbase/Dockerfile @@ -29,7 +29,7 @@ RUN cd ./cmd/auto-pause/ && go build # for a kubernetes node image, it doesn't contain much we don't need FROM ubuntu:focal-20210401 -ARG BUILDKIT_VERSION="v0.8.2" +ARG BUILDKIT_VERSION="v0.9.0" # copy in static files (configs, scripts) COPY deploy/kicbase/10-network-security.conf /etc/sysctl.d/10-network-security.conf From 4efd9514c51dcc21eb236a2234fd83513bd17e22 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Tue, 10 Aug 2021 11:22:51 -0700 Subject: [PATCH 094/205] Add priority/backlog label to all newly created issues. --- hack/jenkins/test-flake-chart/compute_flake_rate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/jenkins/test-flake-chart/compute_flake_rate.sh b/hack/jenkins/test-flake-chart/compute_flake_rate.sh index c72414e1f5..e57a27a6e9 100644 --- a/hack/jenkins/test-flake-chart/compute_flake_rate.sh +++ b/hack/jenkins/test-flake-chart/compute_flake_rate.sh @@ -135,7 +135,7 @@ join -t , -1 1 -2 3 "${OPEN_ISSUES_LIST}" "${EXISTING_ISSUES_LIST}" \ # 3) Append to $EXISTING_ISSUES_LIST comm -13 "${EXISTING_ISSUES_TESTS_ONLY}" "${OPEN_ISSUES_LIST}" \ | xargs -I % sh -c \ - 'gh issue create -b "Will be filled in with details" -l kind/failing-test -t "Frequent test failures of \`%\`" \ + 'gh issue create -b "Will be filled in with details" -l kind/failing-test -l priority/backlog -t "Frequent test failures of \`%\`" \ | sed -n -r "s~^https://github.com/kubernetes/minikube/issues/([0-9]*)$~\1,OPEN,%~p"' \ >> "${EXISTING_ISSUES_LIST}" From 6cecbf6fe5fbdef8a74b8b4e8d83abff377b3bff Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Tue, 10 Aug 2021 18:33:49 +0000 Subject: [PATCH 095/205] Updating kicbase image to v0.0.25-1628619379-12032 --- pkg/drivers/kic/types.go | 8 ++++---- site/content/en/docs/commands/start.md | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pkg/drivers/kic/types.go b/pkg/drivers/kic/types.go index f19a169ca8..c0af453356 100644 --- a/pkg/drivers/kic/types.go +++ b/pkg/drivers/kic/types.go @@ -24,13 +24,13 @@ import ( const ( // Version is the current version of kic - Version = "v0.0.25" + Version = "v0.0.25-1628619379-12032" // SHA of the kic base image - baseImageSHA = "6f936e3443b95cd918d77623bf7b595653bb382766e280290a02b4a349e88b79" + baseImageSHA = "937faef407987cbd8b3cb0a90c6c5dfd664817d5377be0b77a4ecbf0f9f9c1b6" // The name of the GCR kicbase repository - gcrRepo = "gcr.io/k8s-minikube/kicbase" + gcrRepo = "gcr.io/k8s-minikube/kicbase-builds" // The name of the Dockerhub kicbase repository - dockerhubRepo = "docker.io/kicbase/stable" + dockerhubRepo = "docker.io/kicbase/build" ) var ( diff --git a/site/content/en/docs/commands/start.md b/site/content/en/docs/commands/start.md index b8404dc5e2..89dcf9802c 100644 --- a/site/content/en/docs/commands/start.md +++ b/site/content/en/docs/commands/start.md @@ -26,7 +26,7 @@ minikube start [flags] --apiserver-names strings A set of apiserver names which are used in the generated certificate for kubernetes. This can be used if you want to make the apiserver available from outside the machine --apiserver-port int The apiserver listening port (default 8443) --auto-update-drivers If set, automatically updates drivers to the latest version. Defaults to true. (default true) - --base-image string The base image to use for docker/podman drivers. Intended for local development. (default "gcr.io/k8s-minikube/kicbase:v0.0.25@sha256:6f936e3443b95cd918d77623bf7b595653bb382766e280290a02b4a349e88b79") + --base-image string The base image to use for docker/podman drivers. Intended for local development. (default "gcr.io/k8s-minikube/kicbase-builds:v0.0.25-1628619379-12032@sha256:937faef407987cbd8b3cb0a90c6c5dfd664817d5377be0b77a4ecbf0f9f9c1b6") --cache-images If true, cache docker images for the current bootstrapper and load them into the machine. Always false with --driver=none. (default true) --cni string CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto) --container-runtime string The container runtime to be used (docker, cri-o, containerd). (default "docker") From d7681967bf5fa220c82e397e9f70b9f594b28975 Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Tue, 10 Aug 2021 20:06:04 +0000 Subject: [PATCH 096/205] Updating ISO to v1.22.0-1628622362-12032 --- Makefile | 2 +- pkg/minikube/download/iso.go | 2 +- site/content/en/docs/commands/start.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 50c60c69ba..caf2e9087e 100644 --- a/Makefile +++ b/Makefile @@ -23,7 +23,7 @@ KUBERNETES_VERSION ?= $(shell egrep "DefaultKubernetesVersion =" pkg/minikube/co KIC_VERSION ?= $(shell egrep "Version =" pkg/drivers/kic/types.go | cut -d \" -f2) # Default to .0 for higher cache hit rates, as build increments typically don't require new ISO versions -ISO_VERSION ?= v1.22.0-1628238775-12122 +ISO_VERSION ?= v1.22.0-1628622362-12032 # Dashes are valid in semver, but not Linux packaging. Use ~ to delimit alpha/beta DEB_VERSION ?= $(subst -,~,$(RAW_VERSION)) DEB_REVISION ?= 0 diff --git a/pkg/minikube/download/iso.go b/pkg/minikube/download/iso.go index 498c90c70d..79f618cc09 100644 --- a/pkg/minikube/download/iso.go +++ b/pkg/minikube/download/iso.go @@ -40,7 +40,7 @@ const fileScheme = "file" // DefaultISOURLs returns a list of ISO URL's to consult by default, in priority order func DefaultISOURLs() []string { v := version.GetISOVersion() - isoBucket := "minikube-builds/iso/12122" + isoBucket := "minikube-builds/iso/12032" return []string{ fmt.Sprintf("https://storage.googleapis.com/%s/minikube-%s.iso", isoBucket, v), fmt.Sprintf("https://github.com/kubernetes/minikube/releases/download/%s/minikube-%s.iso", v, v), diff --git a/site/content/en/docs/commands/start.md b/site/content/en/docs/commands/start.md index 89dcf9802c..cc960f7888 100644 --- a/site/content/en/docs/commands/start.md +++ b/site/content/en/docs/commands/start.md @@ -65,7 +65,7 @@ minikube start [flags] --insecure-registry strings Insecure Docker registries to pass to the Docker daemon. The default service CIDR range will automatically be added. --install-addons If set, install addons. Defaults to true. (default true) --interactive Allow user prompts for more information (default true) - --iso-url strings Locations to fetch the minikube ISO from. (default [https://storage.googleapis.com/minikube-builds/iso/12122/minikube-v1.22.0-1628238775-12122.iso,https://github.com/kubernetes/minikube/releases/download/v1.22.0-1628238775-12122/minikube-v1.22.0-1628238775-12122.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.22.0-1628238775-12122.iso]) + --iso-url strings Locations to fetch the minikube ISO from. (default [https://storage.googleapis.com/minikube-builds/iso/12032/minikube-v1.22.0-1628622362-12032.iso,https://github.com/kubernetes/minikube/releases/download/v1.22.0-1628622362-12032/minikube-v1.22.0-1628622362-12032.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.22.0-1628622362-12032.iso]) --keep-context This will keep the existing kubectl context and will create a minikube context. --kubernetes-version string The Kubernetes version that the minikube VM will use (ex: v1.2.3, 'stable' for v1.21.3, 'latest' for v1.22.0-rc.0). Defaults to 'stable'. --kvm-gpu Enable experimental NVIDIA GPU support in minikube From c6a4fd9f684483205328e1e5dae85ab516ad6357 Mon Sep 17 00:00:00 2001 From: Steven Powell Date: Tue, 10 Aug 2021 13:10:31 -0700 Subject: [PATCH 097/205] increase time waiting for stop to complete --- test/integration/scheduled_stop_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/scheduled_stop_test.go b/test/integration/scheduled_stop_test.go index 4a52be4ae3..b01bcca913 100644 --- a/test/integration/scheduled_stop_test.go +++ b/test/integration/scheduled_stop_test.go @@ -116,7 +116,7 @@ func TestScheduledStopUnix(t *testing.T) { } // wait for stop to complete - time.Sleep(15 * time.Second) + time.Sleep(25 * time.Second) // make sure minikube timetoStop is not present ensureTimeToStopNotPresent(ctx, t, profile) // make sure minikube status is "Stopped" From d2d0fee726a83d9fd35e9556db6f83c6159404e2 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Tue, 10 Aug 2021 13:24:32 -0700 Subject: [PATCH 098/205] Use Load function in implementation of LoadProfile function. --- pkg/minikube/config/profile.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/minikube/config/profile.go b/pkg/minikube/config/profile.go index 18de6a27ba..2e13436988 100644 --- a/pkg/minikube/config/profile.go +++ b/pkg/minikube/config/profile.go @@ -287,7 +287,7 @@ func removeChildNodes(inValidPs []*Profile, nodeNames map[string]bool) (ps []*Pr // LoadProfile loads type Profile based on its name func LoadProfile(name string, miniHome ...string) (*Profile, error) { - cfg, err := DefaultLoader.LoadConfigFromFile(name, miniHome...) + cfg, err := Load(name, miniHome...) p := &Profile{ Name: name, Config: cfg, From 146f1dd3eb1d79eadbbc2d6a9c6f548f5568a7be Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Tue, 10 Aug 2021 13:50:34 -0700 Subject: [PATCH 099/205] Add link to flake charts in auto-created issues --- hack/jenkins/test-flake-chart/compute_flake_rate.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hack/jenkins/test-flake-chart/compute_flake_rate.sh b/hack/jenkins/test-flake-chart/compute_flake_rate.sh index e57a27a6e9..eb4c6d5165 100644 --- a/hack/jenkins/test-flake-chart/compute_flake_rate.sh +++ b/hack/jenkins/test-flake-chart/compute_flake_rate.sh @@ -161,6 +161,7 @@ for ROW in $(cat ${MID_FLAKES_ISSUES}); do # Clear $ISSUE_BODY_TMP and fill with the standard header. printf "This test has high flake rates for the following environments:\n\n|Environment|Flake Rate (%%)|\n|---|---|\n" > "${ISSUE_BODY_TMP}" + TEST_CHART_LINK_FORMAT='https://storage.googleapis.com/minikube-flake-rate/flake_chart.html?env=%1$s&test='${TEST_NAME} # 1) Filter $MID_FLAKES_DATA to only include entries with the given test name # 2) Sort by flake rates in descending order # 3) Format the entry into a row in the table @@ -168,7 +169,7 @@ for ROW in $(cat ${MID_FLAKES_ISSUES}); do echo "${TEST_NAME}" \ | join -t , -1 1 -2 2 - "${MID_FLAKES_DATA}" \ | sort -t , -g -r -k 3,3 \ - | awk -F, '{ printf "|%s|%s|\n", $2, $3 }' \ + | awk -F, '{ printf "|[%1$s]('$TEST_CHART_LINK_FORMAT')|%2$s|\n", $2, $3 }' \ >> "${ISSUE_BODY_TMP}" # Edit the issue body to use $ISSUE_BODY_TMP From 4e32f41c836e9c021a12ab8ec720ab6aea4bc3f0 Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Tue, 10 Aug 2021 14:24:43 -0700 Subject: [PATCH 100/205] move away from v1beta apis --- .../ambassador-operator-crds.yaml.tmpl | 2 +- .../ingress-dns/ingress-dns-pod.yaml.tmpl | 4 +-- .../istio-operator.yaml.tmpl | 2 +- pkg/minikube/cni/calico.go | 30 +++++++++---------- pkg/minikube/cni/flannel.go | 4 +-- .../docs/tutorials/includes/kube-flannel.yaml | 4 +-- test/integration/addons_test.go | 23 ++++---------- .../integration/testdata/nginx-ingv1beta.yaml | 17 ----------- 8 files changed, 28 insertions(+), 58 deletions(-) delete mode 100644 test/integration/testdata/nginx-ingv1beta.yaml diff --git a/deploy/addons/ambassador/ambassador-operator-crds.yaml.tmpl b/deploy/addons/ambassador/ambassador-operator-crds.yaml.tmpl index e8495d9551..b8d52b3b89 100644 --- a/deploy/addons/ambassador/ambassador-operator-crds.yaml.tmpl +++ b/deploy/addons/ambassador/ambassador-operator-crds.yaml.tmpl @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: ambassadorinstallations.getambassador.io diff --git a/deploy/addons/ingress-dns/ingress-dns-pod.yaml.tmpl b/deploy/addons/ingress-dns/ingress-dns-pod.yaml.tmpl index bb0e7c1b3f..4eaa00a48f 100644 --- a/deploy/addons/ingress-dns/ingress-dns-pod.yaml.tmpl +++ b/deploy/addons/ingress-dns/ingress-dns-pod.yaml.tmpl @@ -24,7 +24,7 @@ metadata: app.kubernetes.io/part-of: kube-system addonmanager.kubernetes.io/mode: Reconcile --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: minikube-ingress-dns @@ -47,7 +47,7 @@ rules: - list - watch --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: minikube-ingress-dns diff --git a/deploy/addons/istio-provisioner/istio-operator.yaml.tmpl b/deploy/addons/istio-provisioner/istio-operator.yaml.tmpl index 6c5f23118b..2ac8a34890 100644 --- a/deploy/addons/istio-provisioner/istio-operator.yaml.tmpl +++ b/deploy/addons/istio-provisioner/istio-operator.yaml.tmpl @@ -8,7 +8,7 @@ metadata: addonmanager.kubernetes.io/mode: EnsureExists ... --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: istiooperators.install.istio.io diff --git a/pkg/minikube/cni/calico.go b/pkg/minikube/cni/calico.go index fee66bfd09..7b28fda254 100644 --- a/pkg/minikube/cni/calico.go +++ b/pkg/minikube/cni/calico.go @@ -83,7 +83,7 @@ data: --- # Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: bgpconfigurations.crd.projectcalico.org @@ -97,7 +97,7 @@ spec: singular: bgpconfiguration --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: bgppeers.crd.projectcalico.org @@ -111,7 +111,7 @@ spec: singular: bgppeer --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: blockaffinities.crd.projectcalico.org @@ -125,7 +125,7 @@ spec: singular: blockaffinity --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusterinformations.crd.projectcalico.org @@ -139,7 +139,7 @@ spec: singular: clusterinformation --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: felixconfigurations.crd.projectcalico.org @@ -153,7 +153,7 @@ spec: singular: felixconfiguration --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: globalnetworkpolicies.crd.projectcalico.org @@ -169,7 +169,7 @@ spec: - gnp --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: globalnetworksets.crd.projectcalico.org @@ -183,7 +183,7 @@ spec: singular: globalnetworkset --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: hostendpoints.crd.projectcalico.org @@ -197,7 +197,7 @@ spec: singular: hostendpoint --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: ipamblocks.crd.projectcalico.org @@ -211,7 +211,7 @@ spec: singular: ipamblock --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: ipamconfigs.crd.projectcalico.org @@ -225,7 +225,7 @@ spec: singular: ipamconfig --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: ipamhandles.crd.projectcalico.org @@ -239,7 +239,7 @@ spec: singular: ipamhandle --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: ippools.crd.projectcalico.org @@ -253,7 +253,7 @@ spec: singular: ippool --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: kubecontrollersconfigurations.crd.projectcalico.org @@ -266,7 +266,7 @@ spec: plural: kubecontrollersconfigurations singular: kubecontrollersconfiguration --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: networkpolicies.crd.projectcalico.org @@ -280,7 +280,7 @@ spec: singular: networkpolicy --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: networksets.crd.projectcalico.org diff --git a/pkg/minikube/cni/flannel.go b/pkg/minikube/cni/flannel.go index 27e199f118..eefb86a9bf 100644 --- a/pkg/minikube/cni/flannel.go +++ b/pkg/minikube/cni/flannel.go @@ -76,7 +76,7 @@ spec: rule: 'RunAsAny' --- kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel rules: @@ -105,7 +105,7 @@ rules: - patch --- kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel roleRef: diff --git a/site/content/en/docs/tutorials/includes/kube-flannel.yaml b/site/content/en/docs/tutorials/includes/kube-flannel.yaml index bfed51be44..a3e8c916bf 100644 --- a/site/content/en/docs/tutorials/includes/kube-flannel.yaml +++ b/site/content/en/docs/tutorials/includes/kube-flannel.yaml @@ -47,7 +47,7 @@ spec: rule: 'RunAsAny' --- kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel rules: @@ -76,7 +76,7 @@ rules: - patch --- kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel roleRef: diff --git a/test/integration/addons_test.go b/test/integration/addons_test.go index 59025f671f..9c5d0270b6 100644 --- a/test/integration/addons_test.go +++ b/test/integration/addons_test.go @@ -159,10 +159,10 @@ func validateIngressAddon(ctx context.Context, t *testing.T, profile string) { t.Fatalf("failed waititing for ingress-nginx-controller : %v", err) } - // create networking.k8s.io/v1beta1 ingress - createv1betaIngress := func() error { + // create networking.k8s.io/v1 ingress + createv1Ingress := func() error { // apply networking.k8s.io/v1beta1 ingress - rr, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "replace", "--force", "-f", filepath.Join(*testdataDir, "nginx-ingv1beta.yaml"))) + rr, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "replace", "--force", "-f", filepath.Join(*testdataDir, "nginx-ingv1.yaml"))) if err != nil { return err } @@ -172,8 +172,8 @@ func validateIngressAddon(ctx context.Context, t *testing.T, profile string) { return nil } - // create networking.k8s.io/v1beta1 ingress - if err := retry.Expo(createv1betaIngress, 1*time.Second, Seconds(90)); err != nil { + // create networking.k8s.io/v1 ingress + if err := retry.Expo(createv1Ingress, 1*time.Second, Seconds(90)); err != nil { t.Errorf("failed to create ingress: %v", err) } @@ -224,19 +224,6 @@ func validateIngressAddon(ctx context.Context, t *testing.T, profile string) { t.Errorf("failed to get expected response from %s within minikube: %v", addr, err) } - // create networking.k8s.io/v1 ingress - createv1Ingress := func() error { - // apply networking.k8s.io/v1beta1 ingress - rr, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "replace", "--force", "-f", filepath.Join(*testdataDir, "nginx-ingv1.yaml"))) - if err != nil { - return err - } - if rr.Stderr.String() != "" { - t.Logf("%v: unexpected stderr: %s (may be temporary)", rr.Command(), rr.Stderr) - } - return nil - } - // create networking.k8s.io/v1 ingress if err := retry.Expo(createv1Ingress, 1*time.Second, Seconds(90)); err != nil { t.Errorf("failed to create ingress: %v", err) diff --git a/test/integration/testdata/nginx-ingv1beta.yaml b/test/integration/testdata/nginx-ingv1beta.yaml deleted file mode 100644 index a714737080..0000000000 --- a/test/integration/testdata/nginx-ingv1beta.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: - name: nginx-ingress - annotations: - kubernetes.io/ingress.class: "nginx" - labels: - integration-test: ingress -spec: - rules: - - host: nginx.example.com - http: - paths: - - path: "/" - backend: - serviceName: nginx - servicePort: 80 \ No newline at end of file From 61fb4757d0d2c4734287fa3260744d3b36ec9079 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Tue, 10 Aug 2021 13:40:29 -0700 Subject: [PATCH 101/205] Add info log message to print driver, container runtime, and Kubernetes version. --- pkg/minikube/config/config.go | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/pkg/minikube/config/config.go b/pkg/minikube/config/config.go index a1129fcb72..f5c76c6deb 100644 --- a/pkg/minikube/config/config.go +++ b/pkg/minikube/config/config.go @@ -26,6 +26,7 @@ import ( "github.com/pkg/errors" "github.com/spf13/viper" + "k8s.io/klog/v2" "k8s.io/minikube/pkg/minikube/localpath" ) @@ -171,7 +172,15 @@ func encode(w io.Writer, m MinikubeConfig) error { // Load loads the Kubernetes and machine config for the current machine func Load(profile string, miniHome ...string) (*ClusterConfig, error) { - return DefaultLoader.LoadConfigFromFile(profile, miniHome...) + cc, err := DefaultLoader.LoadConfigFromFile(profile, miniHome...) + if err == nil { + klog.Infof("Loaded profile config \"%s\": Driver=%s, ContainerRuntime=%s, KubernetesVersion=%s", + profile, + cc.Driver, + cc.KubernetesConfig.ContainerRuntime, + cc.KubernetesConfig.KubernetesVersion) + } + return cc, err } // Write writes the Kubernetes and machine config for the current machine From c62edf779cc71a8ad7c1862830202c5460c410a0 Mon Sep 17 00:00:00 2001 From: rajdevworks <57292575+rajdevworks@users.noreply.github.com> Date: Tue, 10 Aug 2021 20:32:28 -0500 Subject: [PATCH 102/205] Small cosmetic changes to chocolatey package --- site/content/en/docs/contrib/external-packages.en.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/site/content/en/docs/contrib/external-packages.en.md b/site/content/en/docs/contrib/external-packages.en.md index 43224236a9..308c94b2e8 100644 --- a/site/content/en/docs/contrib/external-packages.en.md +++ b/site/content/en/docs/contrib/external-packages.en.md @@ -6,13 +6,11 @@ linkTitle: "Managing External Packages" ## Managing External Packages ### Chocolatey (Windows) -It is a software management automation for Windows that wraps installers, executables, zips, and scripts into compiled packages. Use Chocolatey to install Minikube on Windows. The following links provide details necessary to install, get status, and update to the latest minikube chocolatey package on windows. +Chocolatey is a software package manager for Windows that wraps installers, executables, zips, and scripts into compiled packages. Use Chocolatey to install Minikube on Windows. The following links provide details necessary to install, get status, and update to the latest minikube chocolatey package on windows. -Minikube package on Chocolatey community - [Install, Upgrade and Uninstall](https://community.chocolatey.org/packages/Minikube/). +* Minikube package on Chocolatey community - [Install, Upgrade and Uninstall](https://community.chocolatey.org/packages/Minikube/). +* Get the [current status](https://gist.github.com/choco-bot/a14b1e5bfaf70839b338eb1ab7f8226f) of the Chocolatey pacakge. +* Minikube Chocolatey update script on [Github](https://github.com/chocolatey-community/chocolatey-coreteampackages/tree/master/automatic/minikube). -Get the [current status](https://gist.github.com/choco-bot/a14b1e5bfaf70839b338eb1ab7f8226f) of the Chocolatey pacakge . - - Minikube Chocolatey update script on [Github](https://github.com/chocolatey-community/chocolatey-coreteampackages/tree/master/automatic/minikube). - -**Note: Windows support is limited to 64bit systems.** +**Note: Windows support is limited to 64bit operating systems.** From d2f5edd9cc0a57c5b1bec7cf1516a6b910e87e17 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Aug 2021 10:38:21 +0000 Subject: [PATCH 103/205] Bump golang.org/x/text from 0.3.6 to 0.3.7 Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.6 to 0.3.7. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.3.6...v0.3.7) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index a049c7fc18..4b8f335e37 100644 --- a/go.mod +++ b/go.mod @@ -86,7 +86,7 @@ require ( golang.org/x/sync v0.0.0-20210220032951-036812b2e83c golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c golang.org/x/term v0.0.0-20210406210042-72f3dc4e9b72 - golang.org/x/text v0.3.6 + golang.org/x/text v0.3.7 gonum.org/v1/plot v0.9.0 google.golang.org/api v0.52.0 gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 // indirect diff --git a/go.sum b/go.sum index d9d4dd91bc..458a0af963 100644 --- a/go.sum +++ b/go.sum @@ -1457,8 +1457,9 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From a5893aa5f347d8c1d2b165f3120b103844cf3ce6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Aug 2021 17:55:52 +0000 Subject: [PATCH 104/205] Bump github.com/google/go-containerregistry from 0.4.1 to 0.6.0 Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.4.1 to 0.6.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.4.1...v0.6.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 3 +-- go.sum | 44 ++++++++++++++++++++------------------------ 2 files changed, 21 insertions(+), 26 deletions(-) diff --git a/go.mod b/go.mod index a049c7fc18..c60b30ea84 100644 --- a/go.mod +++ b/go.mod @@ -19,14 +19,13 @@ require ( github.com/cloudevents/sdk-go/v2 v2.3.1 github.com/cloudfoundry-attic/jibber_jabber v0.0.0-20151120183258-bcc4c8345a21 github.com/cloudfoundry/jibber_jabber v0.0.0-20151120183258-bcc4c8345a21 // indirect - github.com/docker/cli v0.0.0-20200303162255-7d407207c304 // indirect github.com/docker/docker v20.10.7+incompatible github.com/docker/go-units v0.4.0 github.com/docker/machine v0.16.2 github.com/elazarl/goproxy v0.0.0-20210110162100-a92cc753f88e github.com/golang-collections/collections v0.0.0-20130729185459-604e922904d3 github.com/google/go-cmp v0.5.6 - github.com/google/go-containerregistry v0.4.1 + github.com/google/go-containerregistry v0.6.0 github.com/google/go-github/v36 v36.0.0 github.com/google/slowjam v1.0.0 github.com/google/uuid v1.3.0 diff --git a/go.sum b/go.sum index d9d4dd91bc..5d393434c4 100644 --- a/go.sum +++ b/go.sum @@ -86,8 +86,9 @@ github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= -github.com/Microsoft/go-winio v0.4.17 h1:iT12IBVClFevaf8PuVyi3UmZOVh4OqnaLxDTW2O6j3w= github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= +github.com/Microsoft/go-winio v0.5.0 h1:Elr9Wn+sGKPlkaBvwu4mTrxtmOp3F3yV9qhaHbXGjwU= +github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ= @@ -245,8 +246,9 @@ github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7 github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU= github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI= github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s= -github.com/containerd/containerd v1.5.1 h1:xWHPAoe6VkUiI9GAvndJM7s/0MTrmwX3AQiYTr3olf0= github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g= +github.com/containerd/containerd v1.5.2 h1:MG/Bg1pbmMb61j3wHCFWPxESXHieiKr2xG64px/k8zQ= +github.com/containerd/containerd v1.5.2/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= @@ -275,8 +277,8 @@ github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJ github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c= github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= -github.com/containerd/stargz-snapshotter/estargz v0.4.1 h1:5e7heayhB7CcgdTkqfZqrNaNv15gABwr3Q2jBTbLlt4= -github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM= +github.com/containerd/stargz-snapshotter/estargz v0.7.0 h1:1d/rydzTywc76lnjJb6qbPCiTiCwts49AzKps/Ecblw= +github.com/containerd/stargz-snapshotter/estargz v0.7.0/go.mod h1:83VWDqHnurTKliEB0YvWMiCfLDwv4Cjj1X9Vk98GJZw= github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8= @@ -339,14 +341,12 @@ github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= -github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/cli v0.0.0-20200303162255-7d407207c304 h1:A7SYzidcyuQ/yS4wezWGYeUioUFJQk8HYWY9aMYTF4I= -github.com/docker/cli v0.0.0-20200303162255-7d407207c304/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v20.10.7+incompatible h1:pv/3NqibQKphWZiAskMzdz8w0PRbtTaEB+f6NwdU7Is= +github.com/docker/cli v20.10.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v17.12.0-ce-rc1.0.20181225093023-5ddb1d410a8b+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v17.12.0-ce-rc1.0.20190115220918-5ec31380a5d3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= @@ -528,6 +528,7 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -546,8 +547,8 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-containerregistry v0.4.1 h1:Lrcj2AOoZ7WKawsoKAh2O0dH0tBqMW2lTEmozmK4Z3k= -github.com/google/go-containerregistry v0.4.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= +github.com/google/go-containerregistry v0.6.0 h1:niQ+8XD//kKgArIFwDVBXsWVWbde16LPdHMyNwSC8h4= +github.com/google/go-containerregistry v0.6.0/go.mod h1:euCCtNbZ6tKqi1E72vwDj2xZcN5ttKpZLfa/wSo5iLw= github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-github/v36 v36.0.0 h1:ndCzM616/oijwufI7nBRa+5eZHLldT+4yIB68ib5ogs= @@ -684,7 +685,6 @@ github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9Y github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8= github.com/johanneswuerbach/nfsexports v0.0.0-20200318065542-c48c3734757f h1:tL0xH80QVHQOde6Qqdohv6PewABH8l8N9pywZtuojJ0= github.com/johanneswuerbach/nfsexports v0.0.0-20200318065542-c48c3734757f/go.mod h1:+c1/kUpg2zlkoWqTOvzDs36Wpbm3Gd1nlmtXAEB0WGU= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= @@ -729,8 +729,10 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.11.2/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/compress v1.11.13 h1:eSvu8Tmq6j2psUJqJrLcWH6K3w5Dwc+qipbaA6eVEN4= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= +github.com/klauspost/compress v1.13.0 h1:2T7tUoQrQT+fQWdaY5rjWztFGAFwbGD04iPJg90ZiOs= +github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/cpuid v1.2.0 h1:NMpwD2G9JSFOE1/TJjGSo5zG7Yb2bTe7eq1jH+irmeE= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -802,7 +804,6 @@ github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vq github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/mholt/certmagic v0.6.2-0.20190624175158-6a42ef9fe8c2/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= @@ -1000,22 +1001,21 @@ github.com/russross/blackfriday v0.0.0-20170610170232-067529f716f4/go.mod h1:JO/ github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday v1.5.3-0.20200218234912-41c5fccfd6f6 h1:tlXG832s5pa9x9Gs3Rp2rTvEqjiDEuETUOSfBEiTcns= github.com/russross/blackfriday v1.5.3-0.20200218234912-41c5fccfd6f6/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sayboras/dockerclient v1.0.0 h1:awHcxOzTP07Gl1SJAhkTCTagyJwgA6f/Az/Z4xMP2yg= github.com/sayboras/dockerclient v1.0.0/go.mod h1:mUmEoqt0b+uQg57s006FsvL4mybi+N5wINLDBGtaPTY= -github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shirou/gopsutil/v3 v3.21.7 h1:PnTqQamUjwEDSgn+nBGu0qSDV/CfvyiR/gwTH3i7HTU= github.com/shirou/gopsutil/v3 v3.21.7/go.mod h1:RGl11Y7XMTQPmHh8F0ayC6haKNBgH4PXMJuTAcMOlz4= -github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= @@ -1024,8 +1024,9 @@ github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= +github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= @@ -1313,8 +1314,9 @@ golang.org/x/net v0.0.0-20210224082022-3d97a244fca7/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420 h1:a8jGStKg0XqKDlKqjLrXn0ioF5MH36pT7Z0BRTqLhbk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210525063256-abc453219eb5 h1:wjuX4b5yYQnEQHzd+CBcrcC6OVR2J1CN6mUy0oSxIPo= +golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1373,7 +1375,6 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1463,7 +1464,6 @@ golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba h1:O8mE0/t419eoIwhTFpKVkHiTs/Igowgfkj25AcZrtiE= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1488,7 +1488,6 @@ golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190706070813-72ffa07ba3db/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -1526,7 +1525,6 @@ golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -1622,7 +1620,6 @@ google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/genproto v0.0.0-20200605102947-12044bf5ea91/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/genproto v0.0.0-20200711021454-869866162049/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -1774,7 +1771,6 @@ k8s.io/controller-manager v0.21.2/go.mod h1:tkiSDYJj4H/QRxGNefy5ibFAmhEvqmEh9yLz k8s.io/cri-api v0.21.2/go.mod h1:ukzeKnOkrG9/+ghKZA57WeZbQfRtqlGLF5GcF3RtHZ8= k8s.io/csi-translation-lib v0.21.2/go.mod h1:LgswOMSIdOntgqxcHsspcG61R34t954N//9jiSD/TTM= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/heapster v1.2.0-beta.1/go.mod h1:h1uhptVXMwC8xtZBYsPXKVi8fpdlYkTs6k949KozGrM= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= From 2646b49a19431d99515792d4ab551f0c4fe33265 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Wed, 11 Aug 2021 11:15:51 -0700 Subject: [PATCH 105/205] add TestStartStop to Cloud Shell tests --- hack/jenkins/cloud_shell_functional_tests_docker.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/jenkins/cloud_shell_functional_tests_docker.sh b/hack/jenkins/cloud_shell_functional_tests_docker.sh index 70c937fd23..4433bc9b4d 100755 --- a/hack/jenkins/cloud_shell_functional_tests_docker.sh +++ b/hack/jenkins/cloud_shell_functional_tests_docker.sh @@ -30,7 +30,7 @@ gcloud cloud-shell ssh --authorize-session << EOF DRIVER="docker" JOB_NAME="Docker_Cloud_Shell" CONTAINER_RUNTIME="docker" - EXTRA_TEST_ARGS="-test.run (TestFunctional|TestAddons)" + EXTRA_TEST_ARGS="-test.run (TestFunctional|TestAddons|TestStartStop/group/default-k8s-different-port)" # Need to set these in cloud-shell or will not be present in common.sh MINIKUBE_LOCATION=$MINIKUBE_LOCATION From 72c5ee1e3280b30d4064dc5c1d03f75c3d50104c Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Wed, 11 Aug 2021 12:49:48 -0700 Subject: [PATCH 106/205] widen it to all start stop tests --- hack/jenkins/cloud_shell_functional_tests_docker.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/jenkins/cloud_shell_functional_tests_docker.sh b/hack/jenkins/cloud_shell_functional_tests_docker.sh index 4433bc9b4d..8f743dcc3e 100755 --- a/hack/jenkins/cloud_shell_functional_tests_docker.sh +++ b/hack/jenkins/cloud_shell_functional_tests_docker.sh @@ -30,7 +30,7 @@ gcloud cloud-shell ssh --authorize-session << EOF DRIVER="docker" JOB_NAME="Docker_Cloud_Shell" CONTAINER_RUNTIME="docker" - EXTRA_TEST_ARGS="-test.run (TestFunctional|TestAddons|TestStartStop/group/default-k8s-different-port)" +EXTRA_TEST_ARGS="-test.run (TestFunctional|TestAddons|TestStartStop)" # Need to set these in cloud-shell or will not be present in common.sh MINIKUBE_LOCATION=$MINIKUBE_LOCATION From f6788118f3ffb019953162b2e491478e01e72876 Mon Sep 17 00:00:00 2001 From: rajdevworks <57292575+rajdevworks@users.noreply.github.com> Date: Wed, 11 Aug 2021 16:23:57 -0500 Subject: [PATCH 107/205] Adding maintainer for chocolatey package --- site/content/en/docs/contrib/external-packages.en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/content/en/docs/contrib/external-packages.en.md b/site/content/en/docs/contrib/external-packages.en.md index 308c94b2e8..5530bf896c 100644 --- a/site/content/en/docs/contrib/external-packages.en.md +++ b/site/content/en/docs/contrib/external-packages.en.md @@ -9,7 +9,7 @@ linkTitle: "Managing External Packages" Chocolatey is a software package manager for Windows that wraps installers, executables, zips, and scripts into compiled packages. Use Chocolatey to install Minikube on Windows. The following links provide details necessary to install, get status, and update to the latest minikube chocolatey package on windows. -* Minikube package on Chocolatey community - [Install, Upgrade and Uninstall](https://community.chocolatey.org/packages/Minikube/). +* Chocolatey community is the maintainer of the Minikube package. Latest approved version is available for [Install, Upgrade and Uninstall](https://community.chocolatey.org/packages/Minikube/). * Get the [current status](https://gist.github.com/choco-bot/a14b1e5bfaf70839b338eb1ab7f8226f) of the Chocolatey pacakge. * Minikube Chocolatey update script on [Github](https://github.com/chocolatey-community/chocolatey-coreteampackages/tree/master/automatic/minikube). From e88344977e71a2be2794475b4e45fd8763ded243 Mon Sep 17 00:00:00 2001 From: Steven Powell Date: Wed, 11 Aug 2021 15:05:35 -0700 Subject: [PATCH 108/205] add `--volumes` to `docker system prune` --- .github/workflows/pr_verified.yaml | 4 ++-- hack/jenkins/windows_cleanup_and_reboot_docker.ps1 | 2 +- hack/jenkins/windows_integration_teardown.ps1 | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr_verified.yaml b/.github/workflows/pr_verified.yaml index 46f69ae0e7..5dabbfd60f 100644 --- a/.github/workflows/pr_verified.yaml +++ b/.github/workflows/pr_verified.yaml @@ -854,7 +854,7 @@ jobs: $docker_running = $? } Write-Output "Docker is running" - docker system prune -f + docker system prune -f --volumes - name: Info shell: powershell run: | @@ -949,7 +949,7 @@ jobs: $docker_running = $? } Write-Output "Docker is running" - docker system prune -f + docker system prune -f --volumes - name: Info continue-on-error: true shell: powershell diff --git a/hack/jenkins/windows_cleanup_and_reboot_docker.ps1 b/hack/jenkins/windows_cleanup_and_reboot_docker.ps1 index f3c6d4ac6f..48186ebce3 100644 --- a/hack/jenkins/windows_cleanup_and_reboot_docker.ps1 +++ b/hack/jenkins/windows_cleanup_and_reboot_docker.ps1 @@ -15,6 +15,6 @@ if (Jenkins) { exit 0 } echo "doing it" -docker system prune --all --force +docker system prune --all --force --volumes Get-Process "*Docker Desktop*" | Stop-Process shutdown /r diff --git a/hack/jenkins/windows_integration_teardown.ps1 b/hack/jenkins/windows_integration_teardown.ps1 index eb1c0d953f..db04b21adc 100644 --- a/hack/jenkins/windows_integration_teardown.ps1 +++ b/hack/jenkins/windows_integration_teardown.ps1 @@ -16,7 +16,7 @@ $test_home="$env:HOMEDRIVE$env:HOMEPATH\minikube-integration" if ($driver -eq "docker") { # Remove unused images and containers - docker system prune --all --force + docker system prune --all --force --volumes # Just shutdown Docker, it's safer than anything else Get-Process "*Docker Desktop*" | Stop-Process From aae639000448e714766ba524f81ef8115238bd6c Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Thu, 12 Aug 2021 10:05:43 -0700 Subject: [PATCH 109/205] Add link directly to test log for gopogh link. --- hack/jenkins/test-flake-chart/flake_chart.js | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/hack/jenkins/test-flake-chart/flake_chart.js b/hack/jenkins/test-flake-chart/flake_chart.js index df4edfeb0e..494d9aee72 100644 --- a/hack/jenkins/test-flake-chart/flake_chart.js +++ b/hack/jenkins/test-flake-chart/flake_chart.js @@ -235,7 +235,7 @@ function aggregateWeeklyRuns(testRuns, weekDates) { })); } -const jobIdToLink = (jobId, environment) => `https://storage.googleapis.com/minikube-builds/logs/master/${jobId}/${environment}.html`; +const testGopoghLink = (jobId, environment, testName) => `https://storage.googleapis.com/minikube-builds/logs/master/${jobId}/${environment}.html${testName ? `#fail_${testName}` : ``}`; function displayTestAndEnvironmentChart(testData, testName, environmentName) { const testRuns = testData @@ -259,14 +259,14 @@ function displayTestAndEnvironmentChart(testData, testName, environmentName) { ${groupData.date.toString()}
                Flake Percentage: ${groupData.flakeRate.toFixed(2)}%
                Jobs:
                - ${groupData.jobs.map(({ id, status }) => ` - ${id} (${status})`).join("
                ")} + ${groupData.jobs.map(({ id, status }) => ` - ${id} (${status})`).join("
                ")}
              `, groupData.duration, `
              ${groupData.date.toString()}
              Average Duration: ${groupData.duration.toFixed(2)}s
              Jobs:
              - ${groupData.jobs.map(({ id, duration }) => ` - ${id} (${duration}s)`).join("
              ")} + ${groupData.jobs.map(({ id, duration }) => ` - ${id} (${duration}s)`).join("
              ")}
              `, ]) ); @@ -335,14 +335,14 @@ function displayTestAndEnvironmentChart(testData, testName, environmentName) { ${groupData.date.toString()}
              Flake Percentage: ${groupData.flakeRate.toFixed(2)}%
              Jobs:
              - ${groupData.jobs.map(({ id, status }) => ` - ${id} (${status})`).join("
              ")} + ${groupData.jobs.map(({ id, status }) => ` - ${id} (${status})`).join("
              ")} `, groupData.duration, `
              ${groupData.date.toString()}
              Average Duration: ${groupData.duration.toFixed(2)}s
              Jobs:
              - ${groupData.jobs.map(({ id, duration }) => ` - ${id} (${duration}s)`).join("
              ")} + ${groupData.jobs.map(({ id, duration }) => ` - ${id} (${duration}s)`).join("
              ")}
              `, ]) ); @@ -477,7 +477,7 @@ function displayEnvironmentChart(testData, environmentName) { ${data.date.toString()}
              Flake Percentage: ${data.flakeRate.toFixed(2)}%
              Jobs:
              - ${data.jobs.map(({ id, status }) => ` - ${id} (${status})`).join("
              ")} + ${data.jobs.map(({ id, status }) => ` - ${id} (${status})`).join("
              ")} ` ] : [null, null]; })).flat()) @@ -554,7 +554,7 @@ function displayEnvironmentChart(testData, environmentName) { ${data.date.toString()}
              Flake Percentage: ${data.flakeRate.toFixed(2)}%
              Jobs:
              - ${data.jobs.map(({ id, status }) => ` - ${id} (${status})`).join("
              ")} + ${data.jobs.map(({ id, status }) => ` - ${id} (${status})`).join("
              ")} ` ] : [null, null]; })).flat()) @@ -614,14 +614,14 @@ function displayEnvironmentChart(testData, environmentName) { ${dateInfo.date.toString()}
              Test Count (averaged): ${+dateInfo.testCount.toFixed(2)}
              Jobs:
              - ${dateInfo.runInfo.map(job => ` - ${job.rootJob} Test count: ${job.testCount}`).join("
              ")} + ${dateInfo.runInfo.map(job => ` - ${job.rootJob} Test count: ${job.testCount}`).join("
              ")} `, dateInfo.totalDuration, `
              ${dateInfo.date.toString()}
              Total Duration (averaged): ${+dateInfo.totalDuration.toFixed(2)}
              Jobs:
              - ${dateInfo.runInfo.map(job => ` - ${job.rootJob} Total Duration: ${+job.totalDuration.toFixed(2)}s`).join("
              ")} + ${dateInfo.runInfo.map(job => ` - ${job.rootJob} Total Duration: ${+job.totalDuration.toFixed(2)}s`).join("
              ")}
              `, ])); const options = { From 5f85842b07c6ad6282ac99a468ca123c6fbe54c4 Mon Sep 17 00:00:00 2001 From: Steven Powell Date: Thu, 12 Aug 2021 13:55:53 -0700 Subject: [PATCH 110/205] skip describing non-running pods if none present --- test/integration/helpers_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/integration/helpers_test.go b/test/integration/helpers_test.go index 5e1fa1fc9e..6680dcb32f 100644 --- a/test/integration/helpers_test.go +++ b/test/integration/helpers_test.go @@ -265,6 +265,9 @@ func PostMortemLogs(t *testing.T, profile string, multinode ...bool) { return } notRunning := strings.Split(rr.Stdout.String(), " ") + if len(notRunning) == 0 { + continue + } t.Logf("non-running pods: %s", strings.Join(notRunning, " ")) t.Logf("======> post-mortem[%s]: describe non-running pods <======", t.Name()) From cf10ce5663b72314ac69739ecea105d9a9a7dd77 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Thu, 12 Aug 2021 14:40:42 -0700 Subject: [PATCH 111/205] run simple test for cloud shell --- test/integration/start_stop_delete_test.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/test/integration/start_stop_delete_test.go b/test/integration/start_stop_delete_test.go index 85e0f0f924..c756965d03 100644 --- a/test/integration/start_stop_delete_test.go +++ b/test/integration/start_stop_delete_test.go @@ -33,6 +33,7 @@ import ( "github.com/google/go-cmp/cmp" "k8s.io/minikube/pkg/minikube/bootstrapper/images" "k8s.io/minikube/pkg/minikube/constants" + "k8s.io/minikube/pkg/minikube/detect" ) // TestStartStop tests starting, stopping and restarting a minikube clusters with various Kubernetes versions and configurations @@ -76,6 +77,16 @@ func TestStartStop(t *testing.T) { }}, } + if detect.IsCloudShell() { + tests = []struct { + name string + version string + args []string + }{ + {"cloud-shell", constants.DefaultKubernetesVersion, []string{}}, + } + } + for _, tc := range tests { tc := tc t.Run(tc.name, func(t *testing.T) { From 7809b3b2aed53da256662fa095c641e952d0230f Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Thu, 12 Aug 2021 15:22:32 -0700 Subject: [PATCH 112/205] update calico to v 3.20 --- pkg/minikube/bootstrapper/images/images.go | 27 +- pkg/minikube/cni/calico.go | 862 +---- pkg/minikube/cni/calico.yaml | 4090 ++++++++++++++++++++ 3 files changed, 4127 insertions(+), 852 deletions(-) create mode 100644 pkg/minikube/cni/calico.yaml diff --git a/pkg/minikube/bootstrapper/images/images.go b/pkg/minikube/bootstrapper/images/images.go index 4ce501418f..6d8fcf4b07 100644 --- a/pkg/minikube/bootstrapper/images/images.go +++ b/pkg/minikube/bootstrapper/images/images.go @@ -163,18 +163,37 @@ func KindNet(repo string) string { return path.Join(repo, "kindnetd:v20210326-1e038dc5") } +// all calico images are from https://docs.projectcalico.org/manifests/calico.yaml +const calicoVersion = "v3.20.0" + // CalicoDaemonSet returns the image used for calicoDaemonSet func CalicoDaemonSet(repo string) string { if repo == "" { - repo = "calico" + repo = "docker.io/calico" } - return path.Join(repo, "node:v3.14.1") + return path.Join(repo, "node:"+calicoVersion) } // CalicoDeployment returns the image used for calicoDeployment func CalicoDeployment(repo string) string { if repo == "" { - repo = "calico" + repo = "docker.io/calico" } - return path.Join(repo, "kube-controllers:v3.14.1") + return path.Join(repo, "kube-controllers::"+calicoVersion) +} + +// CalicoFelixDriver returns image used for felix driver +func CalicoFelixDriver(repo string) string { + if repo == "" { + repo = "docker.io/calico" + } + return path.Join(repo, "pod2daemon-flexvol::"+calicoVersion) +} + +// CalicoBin returns image used for calico binary image +func CalicoBin(repo string) string { + if repo == "" { + repo = "docker.io/calico" + } + return path.Join(repo, "cni::"+calicoVersion) } diff --git a/pkg/minikube/cni/calico.go b/pkg/minikube/cni/calico.go index 7b28fda254..11c03a233e 100644 --- a/pkg/minikube/cni/calico.go +++ b/pkg/minikube/cni/calico.go @@ -18,6 +18,7 @@ package cni import ( "bytes" + _ "embed" "text/template" "github.com/pkg/errors" @@ -26,851 +27,12 @@ import ( "k8s.io/minikube/pkg/minikube/config" ) +// https://docs.projectcalico.org/manifests/calico.yaml +//go:embed calico.yaml +var calicoYaml string + // calicoTmpl is from https://docs.projectcalico.org/manifests/calico.yaml -var calicoTmpl = template.Must(template.New("calico").Parse(`--- -# Source: calico/templates/calico-config.yaml -# This ConfigMap is used to configure a self-hosted Calico installation. -kind: ConfigMap -apiVersion: v1 -metadata: - name: calico-config - namespace: kube-system -data: - # Typha is disabled. - typha_service_name: "none" - # Configure the backend to use. - calico_backend: "bird" - # Configure the MTU to use for workload interfaces and the - # tunnels. For IPIP, set to your network MTU - 20; for VXLAN - # set to your network MTU - 50. - veth_mtu: "1440" - - # The CNI network configuration to install on each node. The special - # values in this config will be automatically populated. - cni_network_config: |- - { - "name": "k8s-pod-network", - "cniVersion": "0.3.1", - "plugins": [ - { - "type": "calico", - "log_level": "info", - "datastore_type": "kubernetes", - "nodename": "__KUBERNETES_NODE_NAME__", - "mtu": __CNI_MTU__, - "ipam": { - "type": "calico-ipam" - }, - "policy": { - "type": "k8s" - }, - "kubernetes": { - "kubeconfig": "__KUBECONFIG_FILEPATH__" - } - }, - { - "type": "portmap", - "snat": true, - "capabilities": {"portMappings": true} - }, - { - "type": "bandwidth", - "capabilities": {"bandwidth": true} - } - ] - } - ---- -# Source: calico/templates/kdd-crds.yaml - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: bgpconfigurations.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: BGPConfiguration - plural: bgpconfigurations - singular: bgpconfiguration - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: bgppeers.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: BGPPeer - plural: bgppeers - singular: bgppeer - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: blockaffinities.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: BlockAffinity - plural: blockaffinities - singular: blockaffinity - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterinformations.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: ClusterInformation - plural: clusterinformations - singular: clusterinformation - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: felixconfigurations.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: FelixConfiguration - plural: felixconfigurations - singular: felixconfiguration - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: globalnetworkpolicies.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: GlobalNetworkPolicy - plural: globalnetworkpolicies - singular: globalnetworkpolicy - shortNames: - - gnp - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: globalnetworksets.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: GlobalNetworkSet - plural: globalnetworksets - singular: globalnetworkset - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: hostendpoints.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: HostEndpoint - plural: hostendpoints - singular: hostendpoint - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ipamblocks.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: IPAMBlock - plural: ipamblocks - singular: ipamblock - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ipamconfigs.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: IPAMConfig - plural: ipamconfigs - singular: ipamconfig - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ipamhandles.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: IPAMHandle - plural: ipamhandles - singular: ipamhandle - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ippools.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: IPPool - plural: ippools - singular: ippool - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kubecontrollersconfigurations.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: KubeControllersConfiguration - plural: kubecontrollersconfigurations - singular: kubecontrollersconfiguration ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: networkpolicies.crd.projectcalico.org -spec: - scope: Namespaced - group: crd.projectcalico.org - version: v1 - names: - kind: NetworkPolicy - plural: networkpolicies - singular: networkpolicy - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: networksets.crd.projectcalico.org -spec: - scope: Namespaced - group: crd.projectcalico.org - version: v1 - names: - kind: NetworkSet - plural: networksets - singular: networkset - ---- ---- -# Source: calico/templates/rbac.yaml - -# Include a clusterrole for the kube-controllers component, -# and bind it to the calico-kube-controllers serviceaccount. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-kube-controllers -rules: - # Nodes are watched to monitor for deletions. - - apiGroups: [""] - resources: - - nodes - verbs: - - watch - - list - - get - # Pods are queried to check for existence. - - apiGroups: [""] - resources: - - pods - verbs: - - get - # IPAM resources are manipulated when nodes are deleted. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - verbs: - - list - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - - ipamblocks - - ipamhandles - verbs: - - get - - list - - create - - update - - delete - # kube-controllers manages hostendpoints. - - apiGroups: ["crd.projectcalico.org"] - resources: - - hostendpoints - verbs: - - get - - list - - create - - update - - delete - # Needs access to update clusterinformations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - clusterinformations - verbs: - - get - - create - - update - # KubeControllersConfiguration is where it gets its config - - apiGroups: ["crd.projectcalico.org"] - resources: - - kubecontrollersconfigurations - verbs: - # read its own config - - get - # create a default if none exists - - create - # update status - - update - # watch for changes - - watch ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-kube-controllers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-kube-controllers -subjects: -- kind: ServiceAccount - name: calico-kube-controllers - namespace: kube-system ---- -# Include a clusterrole for the calico-node DaemonSet, -# and bind it to the calico-node serviceaccount. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-node -rules: - # The CNI plugin needs to get pods, nodes, and namespaces. - - apiGroups: [""] - resources: - - pods - - nodes - - namespaces - verbs: - - get - - apiGroups: [""] - resources: - - endpoints - - services - verbs: - # Used to discover service IPs for advertisement. - - watch - - list - # Used to discover Typhas. - - get - # Pod CIDR auto-detection on kubeadm needs access to config maps. - - apiGroups: [""] - resources: - - configmaps - verbs: - - get - - apiGroups: [""] - resources: - - nodes/status - verbs: - # Needed for clearing NodeNetworkUnavailable flag. - - patch - # Calico stores some configuration information in node annotations. - - update - # Watch for changes to Kubernetes NetworkPolicies. - - apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: - - watch - - list - # Used by Calico for policy information. - - apiGroups: [""] - resources: - - pods - - namespaces - - serviceaccounts - verbs: - - list - - watch - # The CNI plugin patches pods/status. - - apiGroups: [""] - resources: - - pods/status - verbs: - - patch - # Calico monitors various CRDs for config. - - apiGroups: ["crd.projectcalico.org"] - resources: - - globalfelixconfigs - - felixconfigurations - - bgppeers - - globalbgpconfigs - - bgpconfigurations - - ippools - - ipamblocks - - globalnetworkpolicies - - globalnetworksets - - networkpolicies - - networksets - - clusterinformations - - hostendpoints - - blockaffinities - verbs: - - get - - list - - watch - # Calico must create and update some CRDs on startup. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - - felixconfigurations - - clusterinformations - verbs: - - create - - update - # Calico stores some configuration information on the node. - - apiGroups: [""] - resources: - - nodes - verbs: - - get - - list - - watch - # These permissions are only required for upgrade from v2.6, and can - # be removed after upgrade or on fresh installations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - bgpconfigurations - - bgppeers - verbs: - - create - - update - # These permissions are required for Calico CNI to perform IPAM allocations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - - ipamblocks - - ipamhandles - verbs: - - get - - list - - create - - update - - delete - - apiGroups: ["crd.projectcalico.org"] - resources: - - ipamconfigs - verbs: - - get - # Block affinities must also be watchable by confd for route aggregation. - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - verbs: - - watch - # The Calico IPAM migration needs to get daemonsets. These permissions can be - # removed if not upgrading from an installation using host-local IPAM. - - apiGroups: ["apps"] - resources: - - daemonsets - verbs: - - get - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: calico-node -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-node -subjects: -- kind: ServiceAccount - name: calico-node - namespace: kube-system - ---- -# Source: calico/templates/calico-node.yaml -# This manifest installs the calico-node container, as well -# as the CNI plugins and network config on -# each master and worker node in a Kubernetes cluster. -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: calico-node - namespace: kube-system - labels: - k8s-app: calico-node -spec: - selector: - matchLabels: - k8s-app: calico-node - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - template: - metadata: - labels: - k8s-app: calico-node - annotations: - # This, along with the CriticalAddonsOnly toleration below, - # marks the pod as a critical add-on, ensuring it gets - # priority scheduling and that its resources are reserved - # if it ever gets evicted. - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - nodeSelector: - kubernetes.io/os: linux - hostNetwork: true - tolerations: - # Make sure calico-node gets scheduled on all nodes. - - effect: NoSchedule - operator: Exists - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - serviceAccountName: calico-node - # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force - # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. - terminationGracePeriodSeconds: 0 - priorityClassName: system-node-critical - initContainers: - # This container performs upgrade from host-local IPAM to calico-ipam. - # It can be deleted if this is a fresh installation, or if you have already - # upgraded to use calico-ipam. - - name: upgrade-ipam - image: calico/cni:v3.14.1 - command: ["/opt/cni/bin/calico-ipam", "-upgrade"] - env: - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: CALICO_NETWORKING_BACKEND - valueFrom: - configMapKeyRef: - name: calico-config - key: calico_backend - volumeMounts: - - mountPath: /var/lib/cni/networks - name: host-local-net-dir - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - securityContext: - privileged: true - # This container installs the CNI binaries - # and CNI network config file on each node. - - name: install-cni - image: calico/cni:v3.14.1 - command: ["/install-cni.sh"] - env: - # Name of the CNI config file to create. - - name: CNI_CONF_NAME - value: "10-calico.conflist" - # The CNI network config to install on each node. - - name: CNI_NETWORK_CONFIG - valueFrom: - configMapKeyRef: - name: calico-config - key: cni_network_config - # Set the hostname based on the k8s node name. - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # CNI MTU Config variable - - name: CNI_MTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # Prevents the container from sleeping forever. - - name: SLEEP - value: "false" - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - securityContext: - privileged: true - # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes - # to communicate with Felix over the Policy Sync API. - - name: flexvol-driver - image: calico/pod2daemon-flexvol:v3.14.1 - volumeMounts: - - name: flexvol-driver-host - mountPath: /host/driver - securityContext: - privileged: true - containers: - # Runs calico-node container on each Kubernetes node. This - # container programs network policy and routes on each - # host. - - name: calico-node - image: {{ .DaemonSetImageName }} - env: - # Use Kubernetes API as the backing datastore. - - name: DATASTORE_TYPE - value: "kubernetes" - # Wait for the datastore. - - name: WAIT_FOR_DATASTORE - value: "true" - # Set based on the k8s node name. - - name: NODENAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # Choose the backend to use. - - name: CALICO_NETWORKING_BACKEND - valueFrom: - configMapKeyRef: - name: calico-config - key: calico_backend - # Cluster type to identify the deployment type - - name: CLUSTER_TYPE - value: "k8s,bgp" - # Auto-detect the BGP IP address. - - name: IP - value: "autodetect" - # Enable IPIP - - name: CALICO_IPV4POOL_IPIP - value: "Always" - # Enable or Disable VXLAN on the default IP pool. - - name: CALICO_IPV4POOL_VXLAN - value: "Never" - # Set MTU for tunnel device used if ipip is enabled - - name: FELIX_IPINIPMTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # Set MTU for the VXLAN tunnel device. - - name: FELIX_VXLANMTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # The default IPv4 pool to create on startup if none exists. Pod IPs will be - # chosen from this range. Changing this value after installation will have - # no effect. This should fall within --cluster-cidr - # - name: CALICO_IPV4POOL_CIDR - # value: "192.168.0.0/16" - # Disable file logging so kubectl logs works. - - name: CALICO_DISABLE_FILE_LOGGING - value: "true" - # Set Felix endpoint to host default action to ACCEPT. - - name: FELIX_DEFAULTENDPOINTTOHOSTACTION - value: "ACCEPT" - # Disable IPv6 on Kubernetes. - - name: FELIX_IPV6SUPPORT - value: "false" - # Set Felix logging to "info" - - name: FELIX_LOGSEVERITYSCREEN - value: "info" - - name: FELIX_HEALTHENABLED - value: "true" - - name: IP_AUTODETECTION_METHOD - value: interface=eth.* - securityContext: - privileged: true - resources: - requests: - cpu: 250m - livenessProbe: - exec: - command: - - /bin/calico-node - - -felix-live - - -bird-live - periodSeconds: 10 - initialDelaySeconds: 10 - failureThreshold: 6 - readinessProbe: - exec: - command: - - /bin/calico-node - - -felix-ready - - -bird-ready - periodSeconds: 10 - volumeMounts: - - mountPath: /lib/modules - name: lib-modules - readOnly: true - - mountPath: /run/xtables.lock - name: xtables-lock - readOnly: false - - mountPath: /var/run/calico - name: var-run-calico - readOnly: false - - mountPath: /var/lib/calico - name: var-lib-calico - readOnly: false - - name: policysync - mountPath: /var/run/nodeagent - volumes: - # Used by calico-node. - - name: lib-modules - hostPath: - path: /lib/modules - - name: var-run-calico - hostPath: - path: /var/run/calico - - name: var-lib-calico - hostPath: - path: /var/lib/calico - - name: xtables-lock - hostPath: - path: /run/xtables.lock - type: FileOrCreate - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: /opt/cni/bin - - name: cni-net-dir - hostPath: - path: /etc/cni/net.d - # Mount in the directory for host-local IPAM allocations. This is - # used when upgrading from host-local to calico-ipam, and can be removed - # if not using the upgrade-ipam init container. - - name: host-local-net-dir - hostPath: - path: /var/lib/cni/networks - # Used to create per-pod Unix Domain Sockets - - name: policysync - hostPath: - type: DirectoryOrCreate - path: /var/run/nodeagent - # Used to install Flex Volume Driver - - name: flexvol-driver-host - hostPath: - type: DirectoryOrCreate - path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-node - namespace: kube-system - ---- -# Source: calico/templates/calico-kube-controllers.yaml -# See https://github.com/projectcalico/kube-controllers -apiVersion: apps/v1 -kind: Deployment -metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers -spec: - # The controllers can only have a single active instance. - replicas: 1 - selector: - matchLabels: - k8s-app: calico-kube-controllers - strategy: - type: Recreate - template: - metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - nodeSelector: - kubernetes.io/os: linux - tolerations: - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - key: node-role.kubernetes.io/master - effect: NoSchedule - serviceAccountName: calico-kube-controllers - priorityClassName: system-cluster-critical - containers: - - name: calico-kube-controllers - image: {{ .DeploymentImageName }} - env: - # Choose which controllers to run. - - name: ENABLED_CONTROLLERS - value: node - - name: DATASTORE_TYPE - value: kubernetes - readinessProbe: - exec: - command: - - /usr/bin/check-status - - -r - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-kube-controllers - namespace: kube-system - ---- -# Source: calico/templates/calico-etcd-secrets.yaml - ---- -# Source: calico/templates/calico-typha.yaml - ---- -# Source: calico/templates/configure-canal.yaml - -`)) +var calicoTmpl = template.Must(template.New("calico").Parse(calicoYaml)) // Calico is the Calico CNI manager type Calico struct { @@ -878,8 +40,10 @@ type Calico struct { } type calicoTmplStruct struct { - DeploymentImageName string - DaemonSetImageName string + DeploymentImageName string + DaemonSetImageName string + FelixDriverImageName string + BinaryImageName string } // String returns a string representation of this CNI @@ -890,8 +54,10 @@ func (c Calico) String() string { // manifest returns a Kubernetes manifest for a CNI func (c Calico) manifest() (assets.CopyableFile, error) { input := &calicoTmplStruct{ - DeploymentImageName: images.CalicoDeployment(c.cc.KubernetesConfig.ImageRepository), - DaemonSetImageName: images.CalicoDaemonSet(c.cc.KubernetesConfig.ImageRepository), + DeploymentImageName: images.CalicoDeployment(c.cc.KubernetesConfig.ImageRepository), + DaemonSetImageName: images.CalicoDaemonSet(c.cc.KubernetesConfig.ImageRepository), + FelixDriverImageName: images.CalicoFelixDriver(c.cc.KubernetesConfig.ImageRepository), + BinaryImageName: images.CalicoBin(c.cc.KubernetesConfig.ImageRepository), } b := bytes.Buffer{} diff --git a/pkg/minikube/cni/calico.yaml b/pkg/minikube/cni/calico.yaml new file mode 100644 index 0000000000..8f9d2776bf --- /dev/null +++ b/pkg/minikube/cni/calico.yaml @@ -0,0 +1,4090 @@ +--- +# Source: calico/templates/calico-config.yaml +# This ConfigMap is used to configure a self-hosted Calico installation. +kind: ConfigMap +apiVersion: v1 +metadata: + name: calico-config + namespace: kube-system +data: + # Typha is disabled. + typha_service_name: "none" + # Configure the backend to use. + calico_backend: "bird" + + # Configure the MTU to use for workload interfaces and tunnels. + # By default, MTU is auto-detected, and explicitly setting this field should not be required. + # You can override auto-detection by providing a non-zero value. + veth_mtu: "0" + + # The CNI network configuration to install on each node. The special + # values in this config will be automatically populated. + cni_network_config: |- + { + "name": "k8s-pod-network", + "cniVersion": "0.3.1", + "plugins": [ + { + "type": "calico", + "log_level": "info", + "log_file_path": "/var/log/calico/cni/cni.log", + "datastore_type": "kubernetes", + "nodename": "__KUBERNETES_NODE_NAME__", + "mtu": __CNI_MTU__, + "ipam": { + "type": "calico-ipam" + }, + "policy": { + "type": "k8s" + }, + "kubernetes": { + "kubeconfig": "__KUBECONFIG_FILEPATH__" + } + }, + { + "type": "portmap", + "snat": true, + "capabilities": {"portMappings": true} + }, + { + "type": "bandwidth", + "capabilities": {"bandwidth": true} + } + ] + } + +--- +# Source: calico/templates/kdd-crds.yaml + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: bgpconfigurations.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: BGPConfiguration + listKind: BGPConfigurationList + plural: bgpconfigurations + singular: bgpconfiguration + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: BGPConfiguration contains the configuration for any BGP routing. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BGPConfigurationSpec contains the values of the BGP configuration. + properties: + asNumber: + description: 'ASNumber is the default AS number used by a node. [Default: + 64512]' + format: int32 + type: integer + communities: + description: Communities is a list of BGP community values and their + arbitrary names for tagging routes. + items: + description: Community contains standard or large community value + and its name. + properties: + name: + description: Name given to community value. + type: string + value: + description: Value must be of format `aa:nn` or `aa:nn:mm`. + For standard community use `aa:nn` format, where `aa` and + `nn` are 16 bit number. For large community use `aa:nn:mm` + format, where `aa`, `nn` and `mm` are 32 bit number. Where, + `aa` is an AS Number, `nn` and `mm` are per-AS identifier. + pattern: ^(\d+):(\d+)$|^(\d+):(\d+):(\d+)$ + type: string + type: object + type: array + listenPort: + description: ListenPort is the port where BGP protocol should listen. + Defaults to 179 + maximum: 65535 + minimum: 1 + type: integer + logSeverityScreen: + description: 'LogSeverityScreen is the log severity above which logs + are sent to the stdout. [Default: INFO]' + type: string + nodeToNodeMeshEnabled: + description: 'NodeToNodeMeshEnabled sets whether full node to node + BGP mesh is enabled. [Default: true]' + type: boolean + prefixAdvertisements: + description: PrefixAdvertisements contains per-prefix advertisement + configuration. + items: + description: PrefixAdvertisement configures advertisement properties + for the specified CIDR. + properties: + cidr: + description: CIDR for which properties should be advertised. + type: string + communities: + description: Communities can be list of either community names + already defined in `Specs.Communities` or community value + of format `aa:nn` or `aa:nn:mm`. For standard community use + `aa:nn` format, where `aa` and `nn` are 16 bit number. For + large community use `aa:nn:mm` format, where `aa`, `nn` and + `mm` are 32 bit number. Where,`aa` is an AS Number, `nn` and + `mm` are per-AS identifier. + items: + type: string + type: array + type: object + type: array + serviceClusterIPs: + description: ServiceClusterIPs are the CIDR blocks from which service + cluster IPs are allocated. If specified, Calico will advertise these + blocks, as well as any cluster IPs within them. + items: + description: ServiceClusterIPBlock represents a single allowed ClusterIP + CIDR block. + properties: + cidr: + type: string + type: object + type: array + serviceExternalIPs: + description: ServiceExternalIPs are the CIDR blocks for Kubernetes + Service External IPs. Kubernetes Service ExternalIPs will only be + advertised if they are within one of these blocks. + items: + description: ServiceExternalIPBlock represents a single allowed + External IP CIDR block. + properties: + cidr: + type: string + type: object + type: array + serviceLoadBalancerIPs: + description: ServiceLoadBalancerIPs are the CIDR blocks for Kubernetes + Service LoadBalancer IPs. Kubernetes Service status.LoadBalancer.Ingress + IPs will only be advertised if they are within one of these blocks. + items: + description: ServiceLoadBalancerIPBlock represents a single allowed + LoadBalancer IP CIDR block. + properties: + cidr: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: bgppeers.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: BGPPeer + listKind: BGPPeerList + plural: bgppeers + singular: bgppeer + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BGPPeerSpec contains the specification for a BGPPeer resource. + properties: + asNumber: + description: The AS Number of the peer. + format: int32 + type: integer + keepOriginalNextHop: + description: Option to keep the original nexthop field when routes + are sent to a BGP Peer. Setting "true" configures the selected BGP + Peers node to use the "next hop keep;" instead of "next hop self;"(default) + in the specific branch of the Node on "bird.cfg". + type: boolean + maxRestartTime: + description: Time to allow for software restart. When specified, this + is configured as the graceful restart timeout. When not specified, + the BIRD default of 120s is used. + type: string + node: + description: The node name identifying the Calico node instance that + is targeted by this peer. If this is not set, and no nodeSelector + is specified, then this BGP peer selects all nodes in the cluster. + type: string + nodeSelector: + description: Selector for the nodes that should have this peering. When + this is set, the Node field must be empty. + type: string + password: + description: Optional BGP password for the peerings generated by this + BGPPeer resource. + properties: + secretKeyRef: + description: Selects a key of a secret in the node pod's namespace. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + type: object + peerIP: + description: The IP address of the peer followed by an optional port + number to peer with. If port number is given, format should be `[]:port` + or `:` for IPv4. If optional port number is not set, + and this peer IP and ASNumber belongs to a calico/node with ListenPort + set in BGPConfiguration, then we use that port to peer. + type: string + peerSelector: + description: Selector for the remote nodes to peer with. When this + is set, the PeerIP and ASNumber fields must be empty. For each + peering between the local node and selected remote nodes, we configure + an IPv4 peering if both ends have NodeBGPSpec.IPv4Address specified, + and an IPv6 peering if both ends have NodeBGPSpec.IPv6Address specified. The + remote AS number comes from the remote node's NodeBGPSpec.ASNumber, + or the global default if that is not set. + type: string + sourceAddress: + description: Specifies whether and how to configure a source address + for the peerings generated by this BGPPeer resource. Default value + "UseNodeIP" means to configure the node IP as the source address. "None" + means not to configure a source address. + type: string + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: blockaffinities.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: BlockAffinity + listKind: BlockAffinityList + plural: blockaffinities + singular: blockaffinity + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BlockAffinitySpec contains the specification for a BlockAffinity + resource. + properties: + cidr: + type: string + deleted: + description: Deleted indicates that this block affinity is being deleted. + This field is a string for compatibility with older releases that + mistakenly treat this field as a string. + type: string + node: + type: string + state: + type: string + required: + - cidr + - deleted + - node + - state + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterinformations.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: ClusterInformation + listKind: ClusterInformationList + plural: clusterinformations + singular: clusterinformation + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ClusterInformation contains the cluster specific information. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterInformationSpec contains the values of describing + the cluster. + properties: + calicoVersion: + description: CalicoVersion is the version of Calico that the cluster + is running + type: string + clusterGUID: + description: ClusterGUID is the GUID of the cluster + type: string + clusterType: + description: ClusterType describes the type of the cluster + type: string + datastoreReady: + description: DatastoreReady is used during significant datastore migrations + to signal to components such as Felix that it should wait before + accessing the datastore. + type: boolean + variant: + description: Variant declares which variant of Calico should be active. + type: string + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: felixconfigurations.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: FelixConfiguration + listKind: FelixConfigurationList + plural: felixconfigurations + singular: felixconfiguration + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Felix Configuration contains the configuration for Felix. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FelixConfigurationSpec contains the values of the Felix configuration. + properties: + allowIPIPPacketsFromWorkloads: + description: 'AllowIPIPPacketsFromWorkloads controls whether Felix + will add a rule to drop IPIP encapsulated traffic from workloads + [Default: false]' + type: boolean + allowVXLANPacketsFromWorkloads: + description: 'AllowVXLANPacketsFromWorkloads controls whether Felix + will add a rule to drop VXLAN encapsulated traffic from workloads + [Default: false]' + type: boolean + awsSrcDstCheck: + description: 'Set source-destination-check on AWS EC2 instances. Accepted + value must be one of "DoNothing", "Enabled" or "Disabled". [Default: + DoNothing]' + enum: + - DoNothing + - Enable + - Disable + type: string + bpfConnectTimeLoadBalancingEnabled: + description: 'BPFConnectTimeLoadBalancingEnabled when in BPF mode, + controls whether Felix installs the connection-time load balancer. The + connect-time load balancer is required for the host to be able to + reach Kubernetes services and it improves the performance of pod-to-service + connections. The only reason to disable it is for debugging purposes. [Default: + true]' + type: boolean + bpfDataIfacePattern: + description: BPFDataIfacePattern is a regular expression that controls + which interfaces Felix should attach BPF programs to in order to + catch traffic to/from the network. This needs to match the interfaces + that Calico workload traffic flows over as well as any interfaces + that handle incoming traffic to nodeports and services from outside + the cluster. It should not match the workload interfaces (usually + named cali...). + type: string + bpfDisableUnprivileged: + description: 'BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled + sysctl to disable unprivileged use of BPF. This ensures that unprivileged + users cannot access Calico''s BPF maps and cannot insert their own + BPF programs to interfere with Calico''s. [Default: true]' + type: boolean + bpfEnabled: + description: 'BPFEnabled, if enabled Felix will use the BPF dataplane. + [Default: false]' + type: boolean + bpfExternalServiceMode: + description: 'BPFExternalServiceMode in BPF mode, controls how connections + from outside the cluster to services (node ports and cluster IPs) + are forwarded to remote workloads. If set to "Tunnel" then both + request and response traffic is tunneled to the remote node. If + set to "DSR", the request traffic is tunneled but the response traffic + is sent directly from the remote node. In "DSR" mode, the remote + node appears to use the IP of the ingress node; this requires a + permissive L2 network. [Default: Tunnel]' + type: string + bpfExtToServiceConnmark: + description: 'BPFExtToServiceConnmark in BPF mode, controls a + 32bit mark that is set on connections from an external client to + a local service. This mark allows us to control how packets of + that connection are routed within the host and how is routing + intepreted by RPF check. [Default: 0]' + type: integer + + bpfKubeProxyEndpointSlicesEnabled: + description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls + whether Felix's embedded kube-proxy accepts EndpointSlices or not. + type: boolean + bpfKubeProxyIptablesCleanupEnabled: + description: 'BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF + mode, Felix will proactively clean up the upstream Kubernetes kube-proxy''s + iptables chains. Should only be enabled if kube-proxy is not running. [Default: + true]' + type: boolean + bpfKubeProxyMinSyncPeriod: + description: 'BPFKubeProxyMinSyncPeriod, in BPF mode, controls the + minimum time between updates to the dataplane for Felix''s embedded + kube-proxy. Lower values give reduced set-up latency. Higher values + reduce Felix CPU usage by batching up more work. [Default: 1s]' + type: string + bpfLogLevel: + description: 'BPFLogLevel controls the log level of the BPF programs + when in BPF dataplane mode. One of "Off", "Info", or "Debug". The + logs are emitted to the BPF trace pipe, accessible with the command + `tc exec bpf debug`. [Default: Off].' + type: string + chainInsertMode: + description: 'ChainInsertMode controls whether Felix hooks the kernel''s + top-level iptables chains by inserting a rule at the top of the + chain or by appending a rule at the bottom. insert is the safe default + since it prevents Calico''s rules from being bypassed. If you switch + to append mode, be sure that the other rules in the chains signal + acceptance by falling through to the Calico rules, otherwise the + Calico policy will be bypassed. [Default: insert]' + type: string + dataplaneDriver: + type: string + debugDisableLogDropping: + type: boolean + debugMemoryProfilePath: + type: string + debugSimulateCalcGraphHangAfter: + type: string + debugSimulateDataplaneHangAfter: + type: string + defaultEndpointToHostAction: + description: 'DefaultEndpointToHostAction controls what happens to + traffic that goes from a workload endpoint to the host itself (after + the traffic hits the endpoint egress policy). By default Calico + blocks traffic from workload endpoints to the host itself with an + iptables "DROP" action. If you want to allow some or all traffic + from endpoint to host, set this parameter to RETURN or ACCEPT. Use + RETURN if you have your own rules in the iptables "INPUT" chain; + Calico will insert its rules at the top of that chain, then "RETURN" + packets to the "INPUT" chain once it has completed processing workload + endpoint egress policy. Use ACCEPT to unconditionally accept packets + from workloads after processing workload endpoint egress policy. + [Default: Drop]' + type: string + deviceRouteProtocol: + description: This defines the route protocol added to programmed device + routes, by default this will be RTPROT_BOOT when left blank. + type: integer + deviceRouteSourceAddress: + description: This is the source address to use on programmed device + routes. By default the source address is left blank, leaving the + kernel to choose the source address used. + type: string + disableConntrackInvalidCheck: + type: boolean + endpointReportingDelay: + type: string + endpointReportingEnabled: + type: boolean + externalNodesList: + description: ExternalNodesCIDRList is a list of CIDR's of external-non-calico-nodes + which may source tunnel traffic and have the tunneled traffic be + accepted at calico nodes. + items: + type: string + type: array + failsafeInboundHostPorts: + description: 'FailsafeInboundHostPorts is a list of UDP/TCP ports + and CIDRs that Felix will allow incoming traffic to host endpoints + on irrespective of the security policy. This is useful to avoid + accidentally cutting off a host with incorrect configuration. For + back-compatibility, if the protocol is not specified, it defaults + to "tcp". If a CIDR is not specified, it will allow traffic from + all addresses. To disable all inbound host ports, use the value + none. The default value allows ssh access and DHCP. [Default: tcp:22, + udp:68, tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667]' + items: + description: ProtoPort is combination of protocol, port, and CIDR. + Protocol and port must be specified. + properties: + net: + type: string + port: + type: integer + protocol: + type: string + required: + - port + - protocol + type: object + type: array + failsafeOutboundHostPorts: + description: 'FailsafeOutboundHostPorts is a list of UDP/TCP ports + and CIDRs that Felix will allow outgoing traffic from host endpoints + to irrespective of the security policy. This is useful to avoid + accidentally cutting off a host with incorrect configuration. For + back-compatibility, if the protocol is not specified, it defaults + to "tcp". If a CIDR is not specified, it will allow traffic from + all addresses. To disable all outbound host ports, use the value + none. The default value opens etcd''s standard ports to ensure that + Felix does not get cut off from etcd as well as allowing DHCP and + DNS. [Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, + tcp:6667, udp:53, udp:67]' + items: + description: ProtoPort is combination of protocol, port, and CIDR. + Protocol and port must be specified. + properties: + net: + type: string + port: + type: integer + protocol: + type: string + required: + - port + - protocol + type: object + type: array + featureDetectOverride: + description: FeatureDetectOverride is used to override the feature + detection. Values are specified in a comma separated list with no + spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". + "true" or "false" will force the feature, empty or omitted values + are auto-detected. + type: string + genericXDPEnabled: + description: 'GenericXDPEnabled enables Generic XDP so network cards + that don''t support XDP offload or driver modes can use XDP. This + is not recommended since it doesn''t provide better performance + than iptables. [Default: false]' + type: boolean + healthEnabled: + type: boolean + healthHost: + type: string + healthPort: + type: integer + interfaceExclude: + description: 'InterfaceExclude is a comma-separated list of interfaces + that Felix should exclude when monitoring for host endpoints. The + default value ensures that Felix ignores Kubernetes'' IPVS dummy + interface, which is used internally by kube-proxy. If you want to + exclude multiple interface names using a single value, the list + supports regular expressions. For regular expressions you must wrap + the value with ''/''. For example having values ''/^kube/,veth1'' + will exclude all interfaces that begin with ''kube'' and also the + interface ''veth1''. [Default: kube-ipvs0]' + type: string + interfacePrefix: + description: 'InterfacePrefix is the interface name prefix that identifies + workload endpoints and so distinguishes them from host endpoint + interfaces. Note: in environments other than bare metal, the orchestrators + configure this appropriately. For example our Kubernetes and Docker + integrations set the ''cali'' value, and our OpenStack integration + sets the ''tap'' value. [Default: cali]' + type: string + interfaceRefreshInterval: + description: InterfaceRefreshInterval is the period at which Felix + rescans local interfaces to verify their state. The rescan can be + disabled by setting the interval to 0. + type: string + ipipEnabled: + type: boolean + ipipMTU: + description: 'IPIPMTU is the MTU to set on the tunnel device. See + Configuring MTU [Default: 1440]' + type: integer + ipsetsRefreshInterval: + description: 'IpsetsRefreshInterval is the period at which Felix re-checks + all iptables state to ensure that no other process has accidentally + broken Calico''s rules. Set to 0 to disable iptables refresh. [Default: + 90s]' + type: string + iptablesBackend: + description: IptablesBackend specifies which backend of iptables will + be used. The default is legacy. + type: string + iptablesFilterAllowAction: + type: string + iptablesLockFilePath: + description: 'IptablesLockFilePath is the location of the iptables + lock file. You may need to change this if the lock file is not in + its standard location (for example if you have mapped it into Felix''s + container at a different path). [Default: /run/xtables.lock]' + type: string + iptablesLockProbeInterval: + description: 'IptablesLockProbeInterval is the time that Felix will + wait between attempts to acquire the iptables lock if it is not + available. Lower values make Felix more responsive when the lock + is contended, but use more CPU. [Default: 50ms]' + type: string + iptablesLockTimeout: + description: 'IptablesLockTimeout is the time that Felix will wait + for the iptables lock, or 0, to disable. To use this feature, Felix + must share the iptables lock file with all other processes that + also take the lock. When running Felix inside a container, this + requires the /run directory of the host to be mounted into the calico/node + or calico/felix container. [Default: 0s disabled]' + type: string + iptablesMangleAllowAction: + type: string + iptablesMarkMask: + description: 'IptablesMarkMask is the mask that Felix selects its + IPTables Mark bits from. Should be a 32 bit hexadecimal number with + at least 8 bits set, none of which clash with any other mark bits + in use on the system. [Default: 0xff000000]' + format: int32 + type: integer + iptablesNATOutgoingInterfaceFilter: + type: string + iptablesPostWriteCheckInterval: + description: 'IptablesPostWriteCheckInterval is the period after Felix + has done a write to the dataplane that it schedules an extra read + back in order to check the write was not clobbered by another process. + This should only occur if another application on the system doesn''t + respect the iptables lock. [Default: 1s]' + type: string + iptablesRefreshInterval: + description: 'IptablesRefreshInterval is the period at which Felix + re-checks the IP sets in the dataplane to ensure that no other process + has accidentally broken Calico''s rules. Set to 0 to disable IP + sets refresh. Note: the default for this value is lower than the + other refresh intervals as a workaround for a Linux kernel bug that + was fixed in kernel version 4.11. If you are using v4.11 or greater + you may want to set this to, a higher value to reduce Felix CPU + usage. [Default: 10s]' + type: string + ipv6Support: + type: boolean + kubeNodePortRanges: + description: 'KubeNodePortRanges holds list of port ranges used for + service node ports. Only used if felix detects kube-proxy running + in ipvs mode. Felix uses these ranges to separate host and workload + traffic. [Default: 30000:32767].' + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + logFilePath: + description: 'LogFilePath is the full path to the Felix log. Set to + none to disable file logging. [Default: /var/log/calico/felix.log]' + type: string + logPrefix: + description: 'LogPrefix is the log prefix that Felix uses when rendering + LOG rules. [Default: calico-packet]' + type: string + logSeverityFile: + description: 'LogSeverityFile is the log severity above which logs + are sent to the log file. [Default: Info]' + type: string + logSeverityScreen: + description: 'LogSeverityScreen is the log severity above which logs + are sent to the stdout. [Default: Info]' + type: string + logSeveritySys: + description: 'LogSeveritySys is the log severity above which logs + are sent to the syslog. Set to None for no logging to syslog. [Default: + Info]' + type: string + maxIpsetSize: + type: integer + metadataAddr: + description: 'MetadataAddr is the IP address or domain name of the + server that can answer VM queries for cloud-init metadata. In OpenStack, + this corresponds to the machine running nova-api (or in Ubuntu, + nova-api-metadata). A value of none (case insensitive) means that + Felix should not set up any NAT rule for the metadata path. [Default: + 127.0.0.1]' + type: string + metadataPort: + description: 'MetadataPort is the port of the metadata server. This, + combined with global.MetadataAddr (if not ''None''), is used to + set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. + In most cases this should not need to be changed [Default: 8775].' + type: integer + mtuIfacePattern: + description: MTUIfacePattern is a regular expression that controls + which interfaces Felix should scan in order to calculate the host's + MTU. This should not match workload interfaces (usually named cali...). + type: string + natOutgoingAddress: + description: NATOutgoingAddress specifies an address to use when performing + source NAT for traffic in a natOutgoing pool that is leaving the + network. By default the address used is an address on the interface + the traffic is leaving on (ie it uses the iptables MASQUERADE target) + type: string + natPortRange: + anyOf: + - type: integer + - type: string + description: NATPortRange specifies the range of ports that is used + for port mapping when doing outgoing NAT. When unset the default + behavior of the network stack is used. + pattern: ^.* + x-kubernetes-int-or-string: true + netlinkTimeout: + type: string + openstackRegion: + description: 'OpenstackRegion is the name of the region that a particular + Felix belongs to. In a multi-region Calico/OpenStack deployment, + this must be configured somehow for each Felix (here in the datamodel, + or in felix.cfg or the environment on each compute node), and must + match the [calico] openstack_region value configured in neutron.conf + on each node. [Default: Empty]' + type: string + policySyncPathPrefix: + description: 'PolicySyncPathPrefix is used to by Felix to communicate + policy changes to external services, like Application layer policy. + [Default: Empty]' + type: string + prometheusGoMetricsEnabled: + description: 'PrometheusGoMetricsEnabled disables Go runtime metrics + collection, which the Prometheus client does by default, when set + to false. This reduces the number of metrics reported, reducing + Prometheus load. [Default: true]' + type: boolean + prometheusMetricsEnabled: + description: 'PrometheusMetricsEnabled enables the Prometheus metrics + server in Felix if set to true. [Default: false]' + type: boolean + prometheusMetricsHost: + description: 'PrometheusMetricsHost is the host that the Prometheus + metrics server should bind to. [Default: empty]' + type: string + prometheusMetricsPort: + description: 'PrometheusMetricsPort is the TCP port that the Prometheus + metrics server should bind to. [Default: 9091]' + type: integer + prometheusProcessMetricsEnabled: + description: 'PrometheusProcessMetricsEnabled disables process metrics + collection, which the Prometheus client does by default, when set + to false. This reduces the number of metrics reported, reducing + Prometheus load. [Default: true]' + type: boolean + removeExternalRoutes: + description: Whether or not to remove device routes that have not + been programmed by Felix. Disabling this will allow external applications + to also add device routes. This is enabled by default which means + we will remove externally added routes. + type: boolean + reportingInterval: + description: 'ReportingInterval is the interval at which Felix reports + its status into the datastore or 0 to disable. Must be non-zero + in OpenStack deployments. [Default: 30s]' + type: string + reportingTTL: + description: 'ReportingTTL is the time-to-live setting for process-wide + status reports. [Default: 90s]' + type: string + routeRefreshInterval: + description: 'RouteRefreshInterval is the period at which Felix re-checks + the routes in the dataplane to ensure that no other process has + accidentally broken Calico''s rules. Set to 0 to disable route refresh. + [Default: 90s]' + type: string + routeSource: + description: 'RouteSource configures where Felix gets its routing + information. - WorkloadIPs: use workload endpoints to construct + routes. - CalicoIPAM: the default - use IPAM data to construct routes.' + type: string + routeTableRange: + description: Calico programs additional Linux route tables for various + purposes. RouteTableRange specifies the indices of the route tables + that Calico should use. + properties: + max: + type: integer + min: + type: integer + required: + - max + - min + type: object + serviceLoopPrevention: + description: 'When service IP advertisement is enabled, prevent routing + loops to service IPs that are not in use, by dropping or rejecting + packets that do not get DNAT''d by kube-proxy. Unless set to "Disabled", + in which case such routing loops continue to be allowed. [Default: + Drop]' + type: string + sidecarAccelerationEnabled: + description: 'SidecarAccelerationEnabled enables experimental sidecar + acceleration [Default: false]' + type: boolean + usageReportingEnabled: + description: 'UsageReportingEnabled reports anonymous Calico version + number and cluster size to projectcalico.org. Logs warnings returned + by the usage server. For example, if a significant security vulnerability + has been discovered in the version of Calico being used. [Default: + true]' + type: boolean + usageReportingInitialDelay: + description: 'UsageReportingInitialDelay controls the minimum delay + before Felix makes a report. [Default: 300s]' + type: string + usageReportingInterval: + description: 'UsageReportingInterval controls the interval at which + Felix makes reports. [Default: 86400s]' + type: string + useInternalDataplaneDriver: + type: boolean + vxlanEnabled: + type: boolean + vxlanMTU: + description: 'VXLANMTU is the MTU to set on the tunnel device. See + Configuring MTU [Default: 1440]' + type: integer + vxlanPort: + type: integer + vxlanVNI: + type: integer + wireguardEnabled: + description: 'WireguardEnabled controls whether Wireguard is enabled. + [Default: false]' + type: boolean + wireguardInterfaceName: + description: 'WireguardInterfaceName specifies the name to use for + the Wireguard interface. [Default: wg.calico]' + type: string + wireguardListeningPort: + description: 'WireguardListeningPort controls the listening port used + by Wireguard. [Default: 51820]' + type: integer + wireguardMTU: + description: 'WireguardMTU controls the MTU on the Wireguard interface. + See Configuring MTU [Default: 1420]' + type: integer + wireguardRoutingRulePriority: + description: 'WireguardRoutingRulePriority controls the priority value + to use for the Wireguard routing rule. [Default: 99]' + type: integer + xdpEnabled: + description: 'XDPEnabled enables XDP acceleration for suitable untracked + incoming deny rules. [Default: true]' + type: boolean + xdpRefreshInterval: + description: 'XDPRefreshInterval is the period at which Felix re-checks + all XDP state to ensure that no other process has accidentally broken + Calico''s BPF maps or attached programs. Set to 0 to disable XDP + refresh. [Default: 90s]' + type: string + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: globalnetworkpolicies.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: GlobalNetworkPolicy + listKind: GlobalNetworkPolicyList + plural: globalnetworkpolicies + singular: globalnetworkpolicy + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + applyOnForward: + description: ApplyOnForward indicates to apply the rules in this policy + on forward traffic. + type: boolean + doNotTrack: + description: DoNotTrack indicates whether packets matched by the rules + in this policy should go through the data plane's connection tracking, + such as Linux conntrack. If True, the rules in this policy are + applied before any data plane connection tracking, and packets allowed + by this policy are marked as not to be tracked. + type: boolean + egress: + description: The ordered set of egress rules. Each rule contains + a set of packet match criteria and a corresponding action to apply. + items: + description: "A Rule encapsulates a set of match criteria and an + action. Both selector-based security Policy and security Profiles + reference rules - separated out as a list of rules for both ingress + and egress packet matching. \n Each positive match criteria has + a negated version, prefixed with \"Not\". All the match criteria + within a rule must be satisfied for a packet to match. A single + rule can contain the positive and negative version of a match + and both must be satisfied for the rule to match." + properties: + action: + type: string + destination: + description: Destination contains the match criteria that apply + to destination entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and another selector are defined on the same rule, then + only workload endpoints that are matched by both selectors + will be selected by the rule. \n For NetworkPolicy, an + empty NamespaceSelector implies that the Selector is limited + to selecting only workload endpoints in the same namespace + as the NetworkPolicy. \n For NetworkPolicy, `global()` + NamespaceSelector implies that the Selector is limited + to selecting only GlobalNetworkSet or HostEndpoint. \n + For GlobalNetworkPolicy, an empty NamespaceSelector implies + the Selector applies to workload endpoints across all + namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label \"my_label\". \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label \"my_label\". + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + services: + description: "Services is an optional field that contains + options for matching Kubernetes Services. If specified, + only traffic that originates from or terminates at endpoints + within the selected service(s) will be matched, and only + to/from each endpoint's port. \n Services cannot be specified + on the same rule as Selector, NotSelector, NamespaceSelector, + Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n + Only valid on egress rules." + properties: + name: + description: Name specifies the name of a Kubernetes + Service to match. + type: string + namespace: + description: Namespace specifies the namespace of the + given Service. If left empty, the rule will match + within this policy's namespace. + type: string + type: object + type: object + http: + description: HTTP contains match criteria that apply to HTTP + requests. + properties: + methods: + description: Methods is an optional field that restricts + the rule to apply only to HTTP requests that use one of + the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple + methods are OR'd together. + items: + type: string + type: array + paths: + description: 'Paths is an optional field that restricts + the rule to apply to HTTP requests that use one of the + listed HTTP Paths. Multiple paths are OR''d together. + e.g: - exact: /foo - prefix: /bar NOTE: Each entry may + ONLY specify either a `exact` or a `prefix` match. The + validator will check for it.' + items: + description: 'HTTPPath specifies an HTTP path to match. + It may be either of the form: exact: : which matches + the path exactly or prefix: : which matches + the path prefix' + properties: + exact: + type: string + prefix: + type: string + type: object + type: array + type: object + icmp: + description: ICMP is an optional field that restricts the rule + to apply to a specific type and code of ICMP traffic. This + should only be specified if the Protocol field is set to "ICMP" + or "ICMPv6". + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel's iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + ipVersion: + description: IPVersion is an optional field that restricts the + rule to only match a specific IP version. + type: integer + metadata: + description: Metadata contains additional information for this + rule + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a set of key value pairs that + give extra information about the rule + type: object + type: object + notICMP: + description: NotICMP is the negated version of the ICMP field. + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel's iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + notProtocol: + anyOf: + - type: integer + - type: string + description: NotProtocol is the negated version of the Protocol + field. + pattern: ^.* + x-kubernetes-int-or-string: true + protocol: + anyOf: + - type: integer + - type: string + description: "Protocol is an optional field that restricts the + rule to only apply to traffic of a specific IP protocol. Required + if any of the EntityRules contain Ports (because ports only + apply to certain protocols). \n Must be one of these string + values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", + \"UDPLite\" or an integer in the range 1-255." + pattern: ^.* + x-kubernetes-int-or-string: true + source: + description: Source contains the match criteria that apply to + source entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and another selector are defined on the same rule, then + only workload endpoints that are matched by both selectors + will be selected by the rule. \n For NetworkPolicy, an + empty NamespaceSelector implies that the Selector is limited + to selecting only workload endpoints in the same namespace + as the NetworkPolicy. \n For NetworkPolicy, `global()` + NamespaceSelector implies that the Selector is limited + to selecting only GlobalNetworkSet or HostEndpoint. \n + For GlobalNetworkPolicy, an empty NamespaceSelector implies + the Selector applies to workload endpoints across all + namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label \"my_label\". \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label \"my_label\". + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + services: + description: "Services is an optional field that contains + options for matching Kubernetes Services. If specified, + only traffic that originates from or terminates at endpoints + within the selected service(s) will be matched, and only + to/from each endpoint's port. \n Services cannot be specified + on the same rule as Selector, NotSelector, NamespaceSelector, + Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n + Only valid on egress rules." + properties: + name: + description: Name specifies the name of a Kubernetes + Service to match. + type: string + namespace: + description: Namespace specifies the namespace of the + given Service. If left empty, the rule will match + within this policy's namespace. + type: string + type: object + type: object + required: + - action + type: object + type: array + ingress: + description: The ordered set of ingress rules. Each rule contains + a set of packet match criteria and a corresponding action to apply. + items: + description: "A Rule encapsulates a set of match criteria and an + action. Both selector-based security Policy and security Profiles + reference rules - separated out as a list of rules for both ingress + and egress packet matching. \n Each positive match criteria has + a negated version, prefixed with \"Not\". All the match criteria + within a rule must be satisfied for a packet to match. A single + rule can contain the positive and negative version of a match + and both must be satisfied for the rule to match." + properties: + action: + type: string + destination: + description: Destination contains the match criteria that apply + to destination entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and another selector are defined on the same rule, then + only workload endpoints that are matched by both selectors + will be selected by the rule. \n For NetworkPolicy, an + empty NamespaceSelector implies that the Selector is limited + to selecting only workload endpoints in the same namespace + as the NetworkPolicy. \n For NetworkPolicy, `global()` + NamespaceSelector implies that the Selector is limited + to selecting only GlobalNetworkSet or HostEndpoint. \n + For GlobalNetworkPolicy, an empty NamespaceSelector implies + the Selector applies to workload endpoints across all + namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label \"my_label\". \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label \"my_label\". + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + services: + description: "Services is an optional field that contains + options for matching Kubernetes Services. If specified, + only traffic that originates from or terminates at endpoints + within the selected service(s) will be matched, and only + to/from each endpoint's port. \n Services cannot be specified + on the same rule as Selector, NotSelector, NamespaceSelector, + Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n + Only valid on egress rules." + properties: + name: + description: Name specifies the name of a Kubernetes + Service to match. + type: string + namespace: + description: Namespace specifies the namespace of the + given Service. If left empty, the rule will match + within this policy's namespace. + type: string + type: object + type: object + http: + description: HTTP contains match criteria that apply to HTTP + requests. + properties: + methods: + description: Methods is an optional field that restricts + the rule to apply only to HTTP requests that use one of + the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple + methods are OR'd together. + items: + type: string + type: array + paths: + description: 'Paths is an optional field that restricts + the rule to apply to HTTP requests that use one of the + listed HTTP Paths. Multiple paths are OR''d together. + e.g: - exact: /foo - prefix: /bar NOTE: Each entry may + ONLY specify either a `exact` or a `prefix` match. The + validator will check for it.' + items: + description: 'HTTPPath specifies an HTTP path to match. + It may be either of the form: exact: : which matches + the path exactly or prefix: : which matches + the path prefix' + properties: + exact: + type: string + prefix: + type: string + type: object + type: array + type: object + icmp: + description: ICMP is an optional field that restricts the rule + to apply to a specific type and code of ICMP traffic. This + should only be specified if the Protocol field is set to "ICMP" + or "ICMPv6". + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel's iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + ipVersion: + description: IPVersion is an optional field that restricts the + rule to only match a specific IP version. + type: integer + metadata: + description: Metadata contains additional information for this + rule + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a set of key value pairs that + give extra information about the rule + type: object + type: object + notICMP: + description: NotICMP is the negated version of the ICMP field. + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel's iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + notProtocol: + anyOf: + - type: integer + - type: string + description: NotProtocol is the negated version of the Protocol + field. + pattern: ^.* + x-kubernetes-int-or-string: true + protocol: + anyOf: + - type: integer + - type: string + description: "Protocol is an optional field that restricts the + rule to only apply to traffic of a specific IP protocol. Required + if any of the EntityRules contain Ports (because ports only + apply to certain protocols). \n Must be one of these string + values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", + \"UDPLite\" or an integer in the range 1-255." + pattern: ^.* + x-kubernetes-int-or-string: true + source: + description: Source contains the match criteria that apply to + source entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and another selector are defined on the same rule, then + only workload endpoints that are matched by both selectors + will be selected by the rule. \n For NetworkPolicy, an + empty NamespaceSelector implies that the Selector is limited + to selecting only workload endpoints in the same namespace + as the NetworkPolicy. \n For NetworkPolicy, `global()` + NamespaceSelector implies that the Selector is limited + to selecting only GlobalNetworkSet or HostEndpoint. \n + For GlobalNetworkPolicy, an empty NamespaceSelector implies + the Selector applies to workload endpoints across all + namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label \"my_label\". \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label \"my_label\". + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + services: + description: "Services is an optional field that contains + options for matching Kubernetes Services. If specified, + only traffic that originates from or terminates at endpoints + within the selected service(s) will be matched, and only + to/from each endpoint's port. \n Services cannot be specified + on the same rule as Selector, NotSelector, NamespaceSelector, + Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n + Only valid on egress rules." + properties: + name: + description: Name specifies the name of a Kubernetes + Service to match. + type: string + namespace: + description: Namespace specifies the namespace of the + given Service. If left empty, the rule will match + within this policy's namespace. + type: string + type: object + type: object + required: + - action + type: object + type: array + namespaceSelector: + description: NamespaceSelector is an optional field for an expression + used to select a pod based on namespaces. + type: string + order: + description: Order is an optional field that specifies the order in + which the policy is applied. Policies with higher "order" are applied + after those with lower order. If the order is omitted, it may be + considered to be "infinite" - i.e. the policy will be applied last. Policies + with identical order will be applied in alphanumerical order based + on the Policy "Name". + type: number + preDNAT: + description: PreDNAT indicates to apply the rules in this policy before + any DNAT. + type: boolean + selector: + description: "The selector is an expression used to pick pick out + the endpoints that the policy should be applied to. \n Selector + expressions follow this syntax: \n \tlabel == \"string_literal\" + \ -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" + \ -> not equal; also matches if label is not present \tlabel in + { \"a\", \"b\", \"c\", ... } -> true if the value of label X is + one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", + ... } -> true if the value of label X is not one of \"a\", \"b\", + \"c\" \thas(label_name) -> True if that label is present \t! expr + -> negation of expr \texpr && expr -> Short-circuit and \texpr + || expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() + or the empty selector -> matches all endpoints. \n Label names are + allowed to contain alphanumerics, -, _ and /. String literals are + more permissive but they do not support escape characters. \n Examples + (with made-up labels): \n \ttype == \"webserver\" && deployment + == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment != + \"dev\" \t! has(label_name)" + type: string + serviceAccountSelector: + description: ServiceAccountSelector is an optional field for an expression + used to select a pod based on service accounts. + type: string + types: + description: "Types indicates whether this policy applies to ingress, + or to egress, or to both. When not explicitly specified (and so + the value on creation is empty or nil), Calico defaults Types according + to what Ingress and Egress rules are present in the policy. The + default is: \n - [ PolicyTypeIngress ], if there are no Egress rules + (including the case where there are also no Ingress rules) \n + - [ PolicyTypeEgress ], if there are Egress rules but no Ingress + rules \n - [ PolicyTypeIngress, PolicyTypeEgress ], if there are + both Ingress and Egress rules. \n When the policy is read back again, + Types will always be one of these values, never empty or nil." + items: + description: PolicyType enumerates the possible values of the PolicySpec + Types field. + type: string + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: globalnetworksets.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: GlobalNetworkSet + listKind: GlobalNetworkSetList + plural: globalnetworksets + singular: globalnetworkset + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: GlobalNetworkSet contains a set of arbitrary IP sub-networks/CIDRs + that share labels to allow rules to refer to them via selectors. The labels + of GlobalNetworkSet are not namespaced. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GlobalNetworkSetSpec contains the specification for a NetworkSet + resource. + properties: + nets: + description: The list of IP networks that belong to this set. + items: + type: string + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: hostendpoints.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: HostEndpoint + listKind: HostEndpointList + plural: hostendpoints + singular: hostendpoint + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HostEndpointSpec contains the specification for a HostEndpoint + resource. + properties: + expectedIPs: + description: "The expected IP addresses (IPv4 and IPv6) of the endpoint. + If \"InterfaceName\" is not present, Calico will look for an interface + matching any of the IPs in the list and apply policy to that. Note: + \tWhen using the selector match criteria in an ingress or egress + security Policy \tor Profile, Calico converts the selector into + a set of IP addresses. For host \tendpoints, the ExpectedIPs field + is used for that purpose. (If only the interface \tname is specified, + Calico does not learn the IPs of the interface for use in match + \tcriteria.)" + items: + type: string + type: array + interfaceName: + description: "Either \"*\", or the name of a specific Linux interface + to apply policy to; or empty. \"*\" indicates that this HostEndpoint + governs all traffic to, from or through the default network namespace + of the host named by the \"Node\" field; entering and leaving that + namespace via any interface, including those from/to non-host-networked + local workloads. \n If InterfaceName is not \"*\", this HostEndpoint + only governs traffic that enters or leaves the host through the + specific interface named by InterfaceName, or - when InterfaceName + is empty - through the specific interface that has one of the IPs + in ExpectedIPs. Therefore, when InterfaceName is empty, at least + one expected IP must be specified. Only external interfaces (such + as \"eth0\") are supported here; it isn't possible for a HostEndpoint + to protect traffic through a specific local workload interface. + \n Note: Only some kinds of policy are implemented for \"*\" HostEndpoints; + initially just pre-DNAT policy. Please check Calico documentation + for the latest position." + type: string + node: + description: The node name identifying the Calico node instance. + type: string + ports: + description: Ports contains the endpoint's named ports, which may + be referenced in security policy rules. + items: + properties: + name: + type: string + port: + type: integer + protocol: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + required: + - name + - port + - protocol + type: object + type: array + profiles: + description: A list of identifiers of security Profile objects that + apply to this endpoint. Each profile is applied in the order that + they appear in this list. Profile rules are applied after the selector-based + security policy. + items: + type: string + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ipamblocks.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: IPAMBlock + listKind: IPAMBlockList + plural: ipamblocks + singular: ipamblock + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAMBlockSpec contains the specification for an IPAMBlock + resource. + properties: + affinity: + type: string + allocations: + items: + type: integer + # TODO: This nullable is manually added in. We should update controller-gen + # to handle []*int properly itself. + nullable: true + type: array + attributes: + items: + properties: + handle_id: + type: string + secondary: + additionalProperties: + type: string + type: object + type: object + type: array + cidr: + type: string + deleted: + type: boolean + strictAffinity: + type: boolean + unallocated: + items: + type: integer + type: array + required: + - allocations + - attributes + - cidr + - strictAffinity + - unallocated + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ipamconfigs.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: IPAMConfig + listKind: IPAMConfigList + plural: ipamconfigs + singular: ipamconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAMConfigSpec contains the specification for an IPAMConfig + resource. + properties: + autoAllocateBlocks: + type: boolean + maxBlocksPerHost: + description: MaxBlocksPerHost, if non-zero, is the max number of blocks + that can be affine to each host. + type: integer + strictAffinity: + type: boolean + required: + - autoAllocateBlocks + - strictAffinity + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ipamhandles.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: IPAMHandle + listKind: IPAMHandleList + plural: ipamhandles + singular: ipamhandle + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAMHandleSpec contains the specification for an IPAMHandle + resource. + properties: + block: + additionalProperties: + type: integer + type: object + deleted: + type: boolean + handleID: + type: string + required: + - block + - handleID + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ippools.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: IPPool + listKind: IPPoolList + plural: ippools + singular: ippool + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPPoolSpec contains the specification for an IPPool resource. + properties: + blockSize: + description: The block size to use for IP address assignments from + this pool. Defaults to 26 for IPv4 and 112 for IPv6. + type: integer + cidr: + description: The pool CIDR. + type: string + disabled: + description: When disabled is true, Calico IPAM will not assign addresses + from this pool. + type: boolean + ipip: + description: 'Deprecated: this field is only used for APIv1 backwards + compatibility. Setting this field is not allowed, this field is + for internal use only.' + properties: + enabled: + description: When enabled is true, ipip tunneling will be used + to deliver packets to destinations within this pool. + type: boolean + mode: + description: The IPIP mode. This can be one of "always" or "cross-subnet". A + mode of "always" will also use IPIP tunneling for routing to + destination IP addresses within this pool. A mode of "cross-subnet" + will only use IPIP tunneling when the destination node is on + a different subnet to the originating node. The default value + (if not specified) is "always". + type: string + type: object + ipipMode: + description: Contains configuration for IPIP tunneling for this pool. + If not specified, then this is defaulted to "Never" (i.e. IPIP tunneling + is disabled). + type: string + nat-outgoing: + description: 'Deprecated: this field is only used for APIv1 backwards + compatibility. Setting this field is not allowed, this field is + for internal use only.' + type: boolean + natOutgoing: + description: When nat-outgoing is true, packets sent from Calico networked + containers in this pool to destinations outside of this pool will + be masqueraded. + type: boolean + nodeSelector: + description: Allows IPPool to allocate for a specific node by label + selector. + type: string + vxlanMode: + description: Contains configuration for VXLAN tunneling for this pool. + If not specified, then this is defaulted to "Never" (i.e. VXLAN + tunneling is disabled). + type: string + required: + - cidr + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kubecontrollersconfigurations.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: KubeControllersConfiguration + listKind: KubeControllersConfigurationList + plural: kubecontrollersconfigurations + singular: kubecontrollersconfiguration + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeControllersConfigurationSpec contains the values of the + Kubernetes controllers configuration. + properties: + controllers: + description: Controllers enables and configures individual Kubernetes + controllers + properties: + namespace: + description: Namespace enables and configures the namespace controller. + Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform reconciliation + with the Calico datastore. [Default: 5m]' + type: string + type: object + node: + description: Node enables and configures the node controller. + Enabled by default, set to nil to disable. + properties: + hostEndpoint: + description: HostEndpoint controls syncing nodes to host endpoints. + Disabled by default, set to nil to disable. + properties: + autoCreate: + description: 'AutoCreate enables automatic creation of + host endpoints for every node. [Default: Disabled]' + type: string + type: object + leakGracePeriod: + description: 'LeakGracePeriod is the period used by the controller + to determine if an IP address has been leaked. Set to 0 + to disable IP garbage collection. [Default: 15m]' + type: string + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform reconciliation + with the Calico datastore. [Default: 5m]' + type: string + syncLabels: + description: 'SyncLabels controls whether to copy Kubernetes + node labels to Calico nodes. [Default: Enabled]' + type: string + type: object + policy: + description: Policy enables and configures the policy controller. + Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform reconciliation + with the Calico datastore. [Default: 5m]' + type: string + type: object + serviceAccount: + description: ServiceAccount enables and configures the service + account controller. Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform reconciliation + with the Calico datastore. [Default: 5m]' + type: string + type: object + workloadEndpoint: + description: WorkloadEndpoint enables and configures the workload + endpoint controller. Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform reconciliation + with the Calico datastore. [Default: 5m]' + type: string + type: object + type: object + etcdV3CompactionPeriod: + description: 'EtcdV3CompactionPeriod is the period between etcdv3 + compaction requests. Set to 0 to disable. [Default: 10m]' + type: string + healthChecks: + description: 'HealthChecks enables or disables support for health + checks [Default: Enabled]' + type: string + logSeverityScreen: + description: 'LogSeverityScreen is the log severity above which logs + are sent to the stdout. [Default: Info]' + type: string + prometheusMetricsPort: + description: 'PrometheusMetricsPort is the TCP port that the Prometheus + metrics server should bind to. Set to 0 to disable. [Default: 9094]' + type: integer + required: + - controllers + type: object + status: + description: KubeControllersConfigurationStatus represents the status + of the configuration. It's useful for admins to be able to see the actual + config that was applied, which can be modified by environment variables + on the kube-controllers process. + properties: + environmentVars: + additionalProperties: + type: string + description: EnvironmentVars contains the environment variables on + the kube-controllers that influenced the RunningConfig. + type: object + runningConfig: + description: RunningConfig contains the effective config that is running + in the kube-controllers pod, after merging the API resource with + any environment variables. + properties: + controllers: + description: Controllers enables and configures individual Kubernetes + controllers + properties: + namespace: + description: Namespace enables and configures the namespace + controller. Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform + reconciliation with the Calico datastore. [Default: + 5m]' + type: string + type: object + node: + description: Node enables and configures the node controller. + Enabled by default, set to nil to disable. + properties: + hostEndpoint: + description: HostEndpoint controls syncing nodes to host + endpoints. Disabled by default, set to nil to disable. + properties: + autoCreate: + description: 'AutoCreate enables automatic creation + of host endpoints for every node. [Default: Disabled]' + type: string + type: object + leakGracePeriod: + description: 'LeakGracePeriod is the period used by the + controller to determine if an IP address has been leaked. + Set to 0 to disable IP garbage collection. [Default: + 15m]' + type: string + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform + reconciliation with the Calico datastore. [Default: + 5m]' + type: string + syncLabels: + description: 'SyncLabels controls whether to copy Kubernetes + node labels to Calico nodes. [Default: Enabled]' + type: string + type: object + policy: + description: Policy enables and configures the policy controller. + Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform + reconciliation with the Calico datastore. [Default: + 5m]' + type: string + type: object + serviceAccount: + description: ServiceAccount enables and configures the service + account controller. Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform + reconciliation with the Calico datastore. [Default: + 5m]' + type: string + type: object + workloadEndpoint: + description: WorkloadEndpoint enables and configures the workload + endpoint controller. Enabled by default, set to nil to disable. + properties: + reconcilerPeriod: + description: 'ReconcilerPeriod is the period to perform + reconciliation with the Calico datastore. [Default: + 5m]' + type: string + type: object + type: object + etcdV3CompactionPeriod: + description: 'EtcdV3CompactionPeriod is the period between etcdv3 + compaction requests. Set to 0 to disable. [Default: 10m]' + type: string + healthChecks: + description: 'HealthChecks enables or disables support for health + checks [Default: Enabled]' + type: string + logSeverityScreen: + description: 'LogSeverityScreen is the log severity above which + logs are sent to the stdout. [Default: Info]' + type: string + prometheusMetricsPort: + description: 'PrometheusMetricsPort is the TCP port that the Prometheus + metrics server should bind to. Set to 0 to disable. [Default: + 9094]' + type: integer + required: + - controllers + type: object + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: networkpolicies.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: NetworkPolicy + listKind: NetworkPolicyList + plural: networkpolicies + singular: networkpolicy + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + egress: + description: The ordered set of egress rules. Each rule contains + a set of packet match criteria and a corresponding action to apply. + items: + description: "A Rule encapsulates a set of match criteria and an + action. Both selector-based security Policy and security Profiles + reference rules - separated out as a list of rules for both ingress + and egress packet matching. \n Each positive match criteria has + a negated version, prefixed with \"Not\". All the match criteria + within a rule must be satisfied for a packet to match. A single + rule can contain the positive and negative version of a match + and both must be satisfied for the rule to match." + properties: + action: + type: string + destination: + description: Destination contains the match criteria that apply + to destination entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and another selector are defined on the same rule, then + only workload endpoints that are matched by both selectors + will be selected by the rule. \n For NetworkPolicy, an + empty NamespaceSelector implies that the Selector is limited + to selecting only workload endpoints in the same namespace + as the NetworkPolicy. \n For NetworkPolicy, `global()` + NamespaceSelector implies that the Selector is limited + to selecting only GlobalNetworkSet or HostEndpoint. \n + For GlobalNetworkPolicy, an empty NamespaceSelector implies + the Selector applies to workload endpoints across all + namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label \"my_label\". \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label \"my_label\". + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + services: + description: "Services is an optional field that contains + options for matching Kubernetes Services. If specified, + only traffic that originates from or terminates at endpoints + within the selected service(s) will be matched, and only + to/from each endpoint's port. \n Services cannot be specified + on the same rule as Selector, NotSelector, NamespaceSelector, + Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n + Only valid on egress rules." + properties: + name: + description: Name specifies the name of a Kubernetes + Service to match. + type: string + namespace: + description: Namespace specifies the namespace of the + given Service. If left empty, the rule will match + within this policy's namespace. + type: string + type: object + type: object + http: + description: HTTP contains match criteria that apply to HTTP + requests. + properties: + methods: + description: Methods is an optional field that restricts + the rule to apply only to HTTP requests that use one of + the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple + methods are OR'd together. + items: + type: string + type: array + paths: + description: 'Paths is an optional field that restricts + the rule to apply to HTTP requests that use one of the + listed HTTP Paths. Multiple paths are OR''d together. + e.g: - exact: /foo - prefix: /bar NOTE: Each entry may + ONLY specify either a `exact` or a `prefix` match. The + validator will check for it.' + items: + description: 'HTTPPath specifies an HTTP path to match. + It may be either of the form: exact: : which matches + the path exactly or prefix: : which matches + the path prefix' + properties: + exact: + type: string + prefix: + type: string + type: object + type: array + type: object + icmp: + description: ICMP is an optional field that restricts the rule + to apply to a specific type and code of ICMP traffic. This + should only be specified if the Protocol field is set to "ICMP" + or "ICMPv6". + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel's iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + ipVersion: + description: IPVersion is an optional field that restricts the + rule to only match a specific IP version. + type: integer + metadata: + description: Metadata contains additional information for this + rule + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a set of key value pairs that + give extra information about the rule + type: object + type: object + notICMP: + description: NotICMP is the negated version of the ICMP field. + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel's iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + notProtocol: + anyOf: + - type: integer + - type: string + description: NotProtocol is the negated version of the Protocol + field. + pattern: ^.* + x-kubernetes-int-or-string: true + protocol: + anyOf: + - type: integer + - type: string + description: "Protocol is an optional field that restricts the + rule to only apply to traffic of a specific IP protocol. Required + if any of the EntityRules contain Ports (because ports only + apply to certain protocols). \n Must be one of these string + values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", + \"UDPLite\" or an integer in the range 1-255." + pattern: ^.* + x-kubernetes-int-or-string: true + source: + description: Source contains the match criteria that apply to + source entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and another selector are defined on the same rule, then + only workload endpoints that are matched by both selectors + will be selected by the rule. \n For NetworkPolicy, an + empty NamespaceSelector implies that the Selector is limited + to selecting only workload endpoints in the same namespace + as the NetworkPolicy. \n For NetworkPolicy, `global()` + NamespaceSelector implies that the Selector is limited + to selecting only GlobalNetworkSet or HostEndpoint. \n + For GlobalNetworkPolicy, an empty NamespaceSelector implies + the Selector applies to workload endpoints across all + namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label \"my_label\". \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label \"my_label\". + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + services: + description: "Services is an optional field that contains + options for matching Kubernetes Services. If specified, + only traffic that originates from or terminates at endpoints + within the selected service(s) will be matched, and only + to/from each endpoint's port. \n Services cannot be specified + on the same rule as Selector, NotSelector, NamespaceSelector, + Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n + Only valid on egress rules." + properties: + name: + description: Name specifies the name of a Kubernetes + Service to match. + type: string + namespace: + description: Namespace specifies the namespace of the + given Service. If left empty, the rule will match + within this policy's namespace. + type: string + type: object + type: object + required: + - action + type: object + type: array + ingress: + description: The ordered set of ingress rules. Each rule contains + a set of packet match criteria and a corresponding action to apply. + items: + description: "A Rule encapsulates a set of match criteria and an + action. Both selector-based security Policy and security Profiles + reference rules - separated out as a list of rules for both ingress + and egress packet matching. \n Each positive match criteria has + a negated version, prefixed with \"Not\". All the match criteria + within a rule must be satisfied for a packet to match. A single + rule can contain the positive and negative version of a match + and both must be satisfied for the rule to match." + properties: + action: + type: string + destination: + description: Destination contains the match criteria that apply + to destination entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and another selector are defined on the same rule, then + only workload endpoints that are matched by both selectors + will be selected by the rule. \n For NetworkPolicy, an + empty NamespaceSelector implies that the Selector is limited + to selecting only workload endpoints in the same namespace + as the NetworkPolicy. \n For NetworkPolicy, `global()` + NamespaceSelector implies that the Selector is limited + to selecting only GlobalNetworkSet or HostEndpoint. \n + For GlobalNetworkPolicy, an empty NamespaceSelector implies + the Selector applies to workload endpoints across all + namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label \"my_label\". \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label \"my_label\". + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + services: + description: "Services is an optional field that contains + options for matching Kubernetes Services. If specified, + only traffic that originates from or terminates at endpoints + within the selected service(s) will be matched, and only + to/from each endpoint's port. \n Services cannot be specified + on the same rule as Selector, NotSelector, NamespaceSelector, + Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n + Only valid on egress rules." + properties: + name: + description: Name specifies the name of a Kubernetes + Service to match. + type: string + namespace: + description: Namespace specifies the namespace of the + given Service. If left empty, the rule will match + within this policy's namespace. + type: string + type: object + type: object + http: + description: HTTP contains match criteria that apply to HTTP + requests. + properties: + methods: + description: Methods is an optional field that restricts + the rule to apply only to HTTP requests that use one of + the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple + methods are OR'd together. + items: + type: string + type: array + paths: + description: 'Paths is an optional field that restricts + the rule to apply to HTTP requests that use one of the + listed HTTP Paths. Multiple paths are OR''d together. + e.g: - exact: /foo - prefix: /bar NOTE: Each entry may + ONLY specify either a `exact` or a `prefix` match. The + validator will check for it.' + items: + description: 'HTTPPath specifies an HTTP path to match. + It may be either of the form: exact: : which matches + the path exactly or prefix: : which matches + the path prefix' + properties: + exact: + type: string + prefix: + type: string + type: object + type: array + type: object + icmp: + description: ICMP is an optional field that restricts the rule + to apply to a specific type and code of ICMP traffic. This + should only be specified if the Protocol field is set to "ICMP" + or "ICMPv6". + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel's iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + ipVersion: + description: IPVersion is an optional field that restricts the + rule to only match a specific IP version. + type: integer + metadata: + description: Metadata contains additional information for this + rule + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a set of key value pairs that + give extra information about the rule + type: object + type: object + notICMP: + description: NotICMP is the negated version of the ICMP field. + properties: + code: + description: Match on a specific ICMP code. If specified, + the Type value must also be specified. This is a technical + limitation imposed by the kernel's iptables firewall, + which Calico uses to enforce the rule. + type: integer + type: + description: Match on a specific ICMP type. For example + a value of 8 refers to ICMP Echo Request (i.e. pings). + type: integer + type: object + notProtocol: + anyOf: + - type: integer + - type: string + description: NotProtocol is the negated version of the Protocol + field. + pattern: ^.* + x-kubernetes-int-or-string: true + protocol: + anyOf: + - type: integer + - type: string + description: "Protocol is an optional field that restricts the + rule to only apply to traffic of a specific IP protocol. Required + if any of the EntityRules contain Ports (because ports only + apply to certain protocols). \n Must be one of these string + values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", + \"UDPLite\" or an integer in the range 1-255." + pattern: ^.* + x-kubernetes-int-or-string: true + source: + description: Source contains the match criteria that apply to + source entity. + properties: + namespaceSelector: + description: "NamespaceSelector is an optional field that + contains a selector expression. Only traffic that originates + from (or terminates at) endpoints within the selected + namespaces will be matched. When both NamespaceSelector + and another selector are defined on the same rule, then + only workload endpoints that are matched by both selectors + will be selected by the rule. \n For NetworkPolicy, an + empty NamespaceSelector implies that the Selector is limited + to selecting only workload endpoints in the same namespace + as the NetworkPolicy. \n For NetworkPolicy, `global()` + NamespaceSelector implies that the Selector is limited + to selecting only GlobalNetworkSet or HostEndpoint. \n + For GlobalNetworkPolicy, an empty NamespaceSelector implies + the Selector applies to workload endpoints across all + namespaces." + type: string + nets: + description: Nets is an optional field that restricts the + rule to only apply to traffic that originates from (or + terminates at) IP addresses in any of the given subnets. + items: + type: string + type: array + notNets: + description: NotNets is the negated version of the Nets + field. + items: + type: string + type: array + notPorts: + description: NotPorts is the negated version of the Ports + field. Since only some protocols have ports, if any ports + are specified it requires the Protocol match in the Rule + to be set to "TCP" or "UDP". + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + notSelector: + description: NotSelector is the negated version of the Selector + field. See Selector field for subtleties with negated + selectors. + type: string + ports: + description: "Ports is an optional field that restricts + the rule to only apply to traffic that has a source (destination) + port that matches one of these ranges/values. This value + is a list of integers or strings that represent ranges + of ports. \n Since only some protocols have ports, if + any ports are specified it requires the Protocol match + in the Rule to be set to \"TCP\" or \"UDP\"." + items: + anyOf: + - type: integer + - type: string + pattern: ^.* + x-kubernetes-int-or-string: true + type: array + selector: + description: "Selector is an optional field that contains + a selector expression (see Policy for sample syntax). + \ Only traffic that originates from (terminates at) endpoints + matching the selector will be matched. \n Note that: in + addition to the negated version of the Selector (see NotSelector + below), the selector expression syntax itself supports + negation. The two types of negation are subtly different. + One negates the set of matched endpoints, the other negates + the whole match: \n \tSelector = \"!has(my_label)\" matches + packets that are from other Calico-controlled \tendpoints + that do not have the label \"my_label\". \n \tNotSelector + = \"has(my_label)\" matches packets that are not from + Calico-controlled \tendpoints that do have the label \"my_label\". + \n The effect is that the latter will accept packets from + non-Calico sources whereas the former is limited to packets + from Calico-controlled endpoints." + type: string + serviceAccounts: + description: ServiceAccounts is an optional field that restricts + the rule to only apply to traffic that originates from + (or terminates at) a pod running as a matching service + account. + properties: + names: + description: Names is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account whose name is in the list. + items: + type: string + type: array + selector: + description: Selector is an optional field that restricts + the rule to only apply to traffic that originates + from (or terminates at) a pod running as a service + account that matches the given label selector. If + both Names and Selector are specified then they are + AND'ed. + type: string + type: object + services: + description: "Services is an optional field that contains + options for matching Kubernetes Services. If specified, + only traffic that originates from or terminates at endpoints + within the selected service(s) will be matched, and only + to/from each endpoint's port. \n Services cannot be specified + on the same rule as Selector, NotSelector, NamespaceSelector, + Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n + Only valid on egress rules." + properties: + name: + description: Name specifies the name of a Kubernetes + Service to match. + type: string + namespace: + description: Namespace specifies the namespace of the + given Service. If left empty, the rule will match + within this policy's namespace. + type: string + type: object + type: object + required: + - action + type: object + type: array + order: + description: Order is an optional field that specifies the order in + which the policy is applied. Policies with higher "order" are applied + after those with lower order. If the order is omitted, it may be + considered to be "infinite" - i.e. the policy will be applied last. Policies + with identical order will be applied in alphanumerical order based + on the Policy "Name". + type: number + selector: + description: "The selector is an expression used to pick pick out + the endpoints that the policy should be applied to. \n Selector + expressions follow this syntax: \n \tlabel == \"string_literal\" + \ -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" + \ -> not equal; also matches if label is not present \tlabel in + { \"a\", \"b\", \"c\", ... } -> true if the value of label X is + one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", + ... } -> true if the value of label X is not one of \"a\", \"b\", + \"c\" \thas(label_name) -> True if that label is present \t! expr + -> negation of expr \texpr && expr -> Short-circuit and \texpr + || expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() + or the empty selector -> matches all endpoints. \n Label names are + allowed to contain alphanumerics, -, _ and /. String literals are + more permissive but they do not support escape characters. \n Examples + (with made-up labels): \n \ttype == \"webserver\" && deployment + == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment != + \"dev\" \t! has(label_name)" + type: string + serviceAccountSelector: + description: ServiceAccountSelector is an optional field for an expression + used to select a pod based on service accounts. + type: string + types: + description: "Types indicates whether this policy applies to ingress, + or to egress, or to both. When not explicitly specified (and so + the value on creation is empty or nil), Calico defaults Types according + to what Ingress and Egress are present in the policy. The default + is: \n - [ PolicyTypeIngress ], if there are no Egress rules (including + the case where there are also no Ingress rules) \n - [ PolicyTypeEgress + ], if there are Egress rules but no Ingress rules \n - [ PolicyTypeIngress, + PolicyTypeEgress ], if there are both Ingress and Egress rules. + \n When the policy is read back again, Types will always be one + of these values, never empty or nil." + items: + description: PolicyType enumerates the possible values of the PolicySpec + Types field. + type: string + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: networksets.crd.projectcalico.org +spec: + group: crd.projectcalico.org + names: + kind: NetworkSet + listKind: NetworkSetList + plural: networksets + singular: networkset + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: NetworkSet is the Namespaced-equivalent of the GlobalNetworkSet. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NetworkSetSpec contains the specification for a NetworkSet + resource. + properties: + nets: + description: The list of IP networks that belong to this set. + items: + type: string + type: array + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +--- +# Source: calico/templates/calico-kube-controllers-rbac.yaml + +# Include a clusterrole for the kube-controllers component, +# and bind it to the calico-kube-controllers serviceaccount. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: calico-kube-controllers +rules: + # Nodes are watched to monitor for deletions. + - apiGroups: [""] + resources: + - nodes + verbs: + - watch + - list + - get + # Pods are watched to check for existence as part of IPAM controller. + - apiGroups: [""] + resources: + - pods + verbs: + - get + - list + - watch + # IPAM resources are manipulated when nodes are deleted. + - apiGroups: ["crd.projectcalico.org"] + resources: + - ippools + verbs: + - list + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + - ipamblocks + - ipamhandles + verbs: + - get + - list + - create + - update + - delete + - watch + # kube-controllers manages hostendpoints. + - apiGroups: ["crd.projectcalico.org"] + resources: + - hostendpoints + verbs: + - get + - list + - create + - update + - delete + # Needs access to update clusterinformations. + - apiGroups: ["crd.projectcalico.org"] + resources: + - clusterinformations + verbs: + - get + - create + - update + # KubeControllersConfiguration is where it gets its config + - apiGroups: ["crd.projectcalico.org"] + resources: + - kubecontrollersconfigurations + verbs: + # read its own config + - get + # create a default if none exists + - create + # update status + - update + # watch for changes + - watch +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: calico-kube-controllers +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: calico-kube-controllers +subjects: +- kind: ServiceAccount + name: calico-kube-controllers + namespace: kube-system +--- + +--- +# Source: calico/templates/calico-node-rbac.yaml +# Include a clusterrole for the calico-node DaemonSet, +# and bind it to the calico-node serviceaccount. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: calico-node +rules: + # The CNI plugin needs to get pods, nodes, and namespaces. + - apiGroups: [""] + resources: + - pods + - nodes + - namespaces + verbs: + - get + # EndpointSlices are used for Service-based network policy rule + # enforcement. + - apiGroups: ["discovery.k8s.io"] + resources: + - endpointslices + verbs: + - watch + - list + - apiGroups: [""] + resources: + - endpoints + - services + verbs: + # Used to discover service IPs for advertisement. + - watch + - list + # Used to discover Typhas. + - get + # Pod CIDR auto-detection on kubeadm needs access to config maps. + - apiGroups: [""] + resources: + - configmaps + verbs: + - get + - apiGroups: [""] + resources: + - nodes/status + verbs: + # Needed for clearing NodeNetworkUnavailable flag. + - patch + # Calico stores some configuration information in node annotations. + - update + # Watch for changes to Kubernetes NetworkPolicies. + - apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: + - watch + - list + # Used by Calico for policy information. + - apiGroups: [""] + resources: + - pods + - namespaces + - serviceaccounts + verbs: + - list + - watch + # The CNI plugin patches pods/status. + - apiGroups: [""] + resources: + - pods/status + verbs: + - patch + # Calico monitors various CRDs for config. + - apiGroups: ["crd.projectcalico.org"] + resources: + - globalfelixconfigs + - felixconfigurations + - bgppeers + - globalbgpconfigs + - bgpconfigurations + - ippools + - ipamblocks + - globalnetworkpolicies + - globalnetworksets + - networkpolicies + - networksets + - clusterinformations + - hostendpoints + - blockaffinities + verbs: + - get + - list + - watch + # Calico must create and update some CRDs on startup. + - apiGroups: ["crd.projectcalico.org"] + resources: + - ippools + - felixconfigurations + - clusterinformations + verbs: + - create + - update + # Calico stores some configuration information on the node. + - apiGroups: [""] + resources: + - nodes + verbs: + - get + - list + - watch + # These permissions are only required for upgrade from v2.6, and can + # be removed after upgrade or on fresh installations. + - apiGroups: ["crd.projectcalico.org"] + resources: + - bgpconfigurations + - bgppeers + verbs: + - create + - update + # These permissions are required for Calico CNI to perform IPAM allocations. + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + - ipamblocks + - ipamhandles + verbs: + - get + - list + - create + - update + - delete + - apiGroups: ["crd.projectcalico.org"] + resources: + - ipamconfigs + verbs: + - get + # Block affinities must also be watchable by confd for route aggregation. + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + verbs: + - watch + # The Calico IPAM migration needs to get daemonsets. These permissions can be + # removed if not upgrading from an installation using host-local IPAM. + - apiGroups: ["apps"] + resources: + - daemonsets + verbs: + - get + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: calico-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: calico-node +subjects: +- kind: ServiceAccount + name: calico-node + namespace: kube-system + +--- +# Source: calico/templates/calico-node.yaml +# This manifest installs the calico-node container, as well +# as the CNI plugins and network config on +# each master and worker node in a Kubernetes cluster. +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: calico-node + namespace: kube-system + labels: + k8s-app: calico-node +spec: + selector: + matchLabels: + k8s-app: calico-node + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + k8s-app: calico-node + spec: + nodeSelector: + kubernetes.io/os: linux + hostNetwork: true + tolerations: + # Make sure calico-node gets scheduled on all nodes. + - effect: NoSchedule + operator: Exists + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + serviceAccountName: calico-node + # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force + # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. + terminationGracePeriodSeconds: 0 + priorityClassName: system-node-critical + initContainers: + # This container performs upgrade from host-local IPAM to calico-ipam. + # It can be deleted if this is a fresh installation, or if you have already + # upgraded to use calico-ipam. + - name: upgrade-ipam + image: {{ .BinaryImageName }} + command: ["/opt/cni/bin/calico-ipam", "-upgrade"] + envFrom: + - configMapRef: + # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. + name: kubernetes-services-endpoint + optional: true + env: + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CALICO_NETWORKING_BACKEND + valueFrom: + configMapKeyRef: + name: calico-config + key: calico_backend + volumeMounts: + - mountPath: /var/lib/cni/networks + name: host-local-net-dir + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + securityContext: + privileged: true + # This container installs the CNI binaries + # and CNI network config file on each node. + - name: install-cni + image: {{ .BinaryImageName }} + command: ["/opt/cni/bin/install"] + envFrom: + - configMapRef: + # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. + name: kubernetes-services-endpoint + optional: true + env: + # Name of the CNI config file to create. + - name: CNI_CONF_NAME + value: "10-calico.conflist" + # The CNI network config to install on each node. + - name: CNI_NETWORK_CONFIG + valueFrom: + configMapKeyRef: + name: calico-config + key: cni_network_config + # Set the hostname based on the k8s node name. + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # CNI MTU Config variable + - name: CNI_MTU + valueFrom: + configMapKeyRef: + name: calico-config + key: veth_mtu + # Prevents the container from sleeping forever. + - name: SLEEP + value: "false" + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + - mountPath: /host/etc/cni/net.d + name: cni-net-dir + securityContext: + privileged: true + # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes + # to communicate with Felix over the Policy Sync API. + - name: flexvol-driver + image: {{ .FelixDriverImageName }} + volumeMounts: + - name: flexvol-driver-host + mountPath: /host/driver + securityContext: + privileged: true + containers: + # Runs calico-node container on each Kubernetes node. This + # container programs network policy and routes on each + # host. + - name: calico-node + image: {{ .DaemonSetImageName }} + envFrom: + - configMapRef: + # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. + name: kubernetes-services-endpoint + optional: true + env: + # Use Kubernetes API as the backing datastore. + - name: DATASTORE_TYPE + value: "kubernetes" + # Wait for the datastore. + - name: WAIT_FOR_DATASTORE + value: "true" + # Set based on the k8s node name. + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # Choose the backend to use. + - name: CALICO_NETWORKING_BACKEND + valueFrom: + configMapKeyRef: + name: calico-config + key: calico_backend + # Cluster type to identify the deployment type + - name: CLUSTER_TYPE + value: "k8s,bgp" + # Auto-detect the BGP IP address. + - name: IP + value: "autodetect" + # Enable IPIP + - name: CALICO_IPV4POOL_IPIP + value: "Always" + # Enable or Disable VXLAN on the default IP pool. + - name: CALICO_IPV4POOL_VXLAN + value: "Never" + # Set MTU for tunnel device used if ipip is enabled + - name: FELIX_IPINIPMTU + valueFrom: + configMapKeyRef: + name: calico-config + key: veth_mtu + # Set MTU for the VXLAN tunnel device. + - name: FELIX_VXLANMTU + valueFrom: + configMapKeyRef: + name: calico-config + key: veth_mtu + # Set MTU for the Wireguard tunnel device. + - name: FELIX_WIREGUARDMTU + valueFrom: + configMapKeyRef: + name: calico-config + key: veth_mtu + # The default IPv4 pool to create on startup if none exists. Pod IPs will be + # chosen from this range. Changing this value after installation will have + # no effect. This should fall within `--cluster-cidr`. + # - name: CALICO_IPV4POOL_CIDR + # value: "192.168.0.0/16" + # Disable file logging so `kubectl logs` works. + - name: CALICO_DISABLE_FILE_LOGGING + value: "true" + # Set Felix endpoint to host default action to ACCEPT. + - name: FELIX_DEFAULTENDPOINTTOHOSTACTION + value: "ACCEPT" + # Disable IPv6 on Kubernetes. + - name: FELIX_IPV6SUPPORT + value: "false" + - name: FELIX_HEALTHENABLED + value: "true" + securityContext: + privileged: true + resources: + requests: + cpu: 250m + livenessProbe: + exec: + command: + - /bin/calico-node + - -felix-live + - -bird-live + periodSeconds: 10 + initialDelaySeconds: 10 + failureThreshold: 6 + timeoutSeconds: 10 + readinessProbe: + exec: + command: + - /bin/calico-node + - -felix-ready + - -bird-ready + periodSeconds: 10 + timeoutSeconds: 10 + volumeMounts: + # For maintaining CNI plugin API credentials. + - mountPath: /host/etc/cni/net.d + name: cni-net-dir + readOnly: false + - mountPath: /lib/modules + name: lib-modules + readOnly: true + - mountPath: /run/xtables.lock + name: xtables-lock + readOnly: false + - mountPath: /var/run/calico + name: var-run-calico + readOnly: false + - mountPath: /var/lib/calico + name: var-lib-calico + readOnly: false + - name: policysync + mountPath: /var/run/nodeagent + # For eBPF mode, we need to be able to mount the BPF filesystem at /sys/fs/bpf so we mount in the + # parent directory. + - name: sysfs + mountPath: /sys/fs/ + # Bidirectional means that, if we mount the BPF filesystem at /sys/fs/bpf it will propagate to the host. + # If the host is known to mount that filesystem already then Bidirectional can be omitted. + mountPropagation: Bidirectional + - name: cni-log-dir + mountPath: /var/log/calico/cni + readOnly: true + volumes: + # Used by calico-node. + - name: lib-modules + hostPath: + path: /lib/modules + - name: var-run-calico + hostPath: + path: /var/run/calico + - name: var-lib-calico + hostPath: + path: /var/lib/calico + - name: xtables-lock + hostPath: + path: /run/xtables.lock + type: FileOrCreate + - name: sysfs + hostPath: + path: /sys/fs/ + type: DirectoryOrCreate + # Used to install CNI. + - name: cni-bin-dir + hostPath: + path: /opt/cni/bin + - name: cni-net-dir + hostPath: + path: /etc/cni/net.d + # Used to access CNI logs. + - name: cni-log-dir + hostPath: + path: /var/log/calico/cni + # Mount in the directory for host-local IPAM allocations. This is + # used when upgrading from host-local to calico-ipam, and can be removed + # if not using the upgrade-ipam init container. + - name: host-local-net-dir + hostPath: + path: /var/lib/cni/networks + # Used to create per-pod Unix Domain Sockets + - name: policysync + hostPath: + type: DirectoryOrCreate + path: /var/run/nodeagent + # Used to install Flex Volume Driver + - name: flexvol-driver-host + hostPath: + type: DirectoryOrCreate + path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: calico-node + namespace: kube-system + +--- +# Source: calico/templates/calico-kube-controllers.yaml +# See https://github.com/projectcalico/kube-controllers +apiVersion: apps/v1 +kind: Deployment +metadata: + name: calico-kube-controllers + namespace: kube-system + labels: + k8s-app: calico-kube-controllers +spec: + # The controllers can only have a single active instance. + replicas: 1 + selector: + matchLabels: + k8s-app: calico-kube-controllers + strategy: + type: Recreate + template: + metadata: + name: calico-kube-controllers + namespace: kube-system + labels: + k8s-app: calico-kube-controllers + spec: + nodeSelector: + kubernetes.io/os: linux + tolerations: + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - key: node-role.kubernetes.io/master + effect: NoSchedule + serviceAccountName: calico-kube-controllers + priorityClassName: system-cluster-critical + containers: + - name: calico-kube-controllers + image: {{ .DeploymentImageName }} + env: + # Choose which controllers to run. + - name: ENABLED_CONTROLLERS + value: node + - name: DATASTORE_TYPE + value: kubernetes + livenessProbe: + exec: + command: + - /usr/bin/check-status + - -l + periodSeconds: 10 + initialDelaySeconds: 10 + failureThreshold: 6 + timeoutSeconds: 10 + readinessProbe: + exec: + command: + - /usr/bin/check-status + - -r + periodSeconds: 10 + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: calico-kube-controllers + namespace: kube-system + +--- + +# This manifest creates a Pod Disruption Budget for Controller to allow K8s Cluster Autoscaler to evict + +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: calico-kube-controllers + namespace: kube-system + labels: + k8s-app: calico-kube-controllers +spec: + maxUnavailable: 1 + selector: + matchLabels: + k8s-app: calico-kube-controllers + +--- +# Source: calico/templates/calico-etcd-secrets.yaml + +--- +# Source: calico/templates/calico-typha.yaml + +--- +# Source: calico/templates/configure-canal.yaml + From 1c76ff5cea01605c2d985c010644edf1e689d34b Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Thu, 12 Aug 2021 15:29:54 -0700 Subject: [PATCH 113/205] lint --- pkg/minikube/cni/calico.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/minikube/cni/calico.go b/pkg/minikube/cni/calico.go index 11c03a233e..9d5ec46287 100644 --- a/pkg/minikube/cni/calico.go +++ b/pkg/minikube/cni/calico.go @@ -18,6 +18,7 @@ package cni import ( "bytes" + // goembed needs this _ "embed" "text/template" From e6d23715185cd65724ca45321e911724588493e8 Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Thu, 12 Aug 2021 15:50:11 -0700 Subject: [PATCH 114/205] update golang version --- Makefile | 10 ++- .../golint_version/update_golint_version.go | 88 +++++++++++++++++++ 2 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 hack/update/golint_version/update_golint_version.go diff --git a/Makefile b/Makefile index 50c60c69ba..3a7ba8d0a9 100644 --- a/Makefile +++ b/Makefile @@ -32,6 +32,7 @@ RPM_VERSION ?= $(DEB_VERSION) RPM_REVISION ?= 0 # used by hack/jenkins/release_build_and_upload.sh and KVM_BUILD_IMAGE, see also BUILD_IMAGE below +# update this only by running `make update-golang-version` GO_VERSION ?= 1.16.7 # replace "x.y.0" => "x.y". kube-cross and golang.org/dl use different formats for x.y.0 go versions @@ -66,7 +67,8 @@ MINIKUBE_UPLOAD_LOCATION := gs://${MINIKUBE_BUCKET} MINIKUBE_RELEASES_URL=https://github.com/kubernetes/minikube/releases/download KERNEL_VERSION ?= 4.19.182 -# latest from https://github.com/golangci/golangci-lint/releases +# latest from https://github.com/golangci/golangci-lint/releases +# update this only by running `make update-golint-version` GOLINT_VERSION ?= v1.39.0 # Limit number of default jobs, to avoid the CI builds running out of memory GOLINT_JOBS ?= 4 @@ -973,6 +975,12 @@ update-kubernetes-version: (cd hack/update/kubernetes_version && \ go run update_kubernetes_version.go) +.PHONY: update-golint-version +update-golint-version: + (cd hack/update/golint_version && \ + go run update_golint_version.go) + + .PHONY: update-kubernetes-version-pr update-kubernetes-version-pr: ifndef GITHUB_TOKEN diff --git a/hack/update/golint_version/update_golint_version.go b/hack/update/golint_version/update_golint_version.go new file mode 100644 index 0000000000..db9261bc94 --- /dev/null +++ b/hack/update/golint_version/update_golint_version.go @@ -0,0 +1,88 @@ +/* +Copyright 2020 The Kubernetes Authors All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +/* +Script expects the following env variables: + - UPDATE_TARGET=: optional - if unset/absent, default option is "fs"; valid options are: + - "fs" - update only local filesystem repo files [default] + - "gh" - update only remote GitHub repo files and create PR (if one does not exist already) + - "all" - update local and remote repo files and create PR (if one does not exist already) + - GITHUB_TOKEN=: GitHub [personal] access token + - note: GITHUB_TOKEN is required if UPDATE_TARGET is "gh" or "all" +*/ + +package main + +import ( + "context" + "time" + + "golang.org/x/mod/semver" + "k8s.io/klog/v2" + + "k8s.io/minikube/hack/update" +) + +const ( + // default context timeout + cxTimeout = 300 * time.Second +) + +var ( + schema = map[string]update.Item{ + "Makefile": { + Replace: map[string]string{ + `GOLINT_VERSION \?= v1.*`: `GOLINT_VERSION ?= {{.StableVersion}}`, + }, + }, + } + + // PR data + prBranchPrefix = "update-golint-version_" // will be appended with first 7 characters of the PR commit SHA + prTitle = `update go lint version: {stable: "{{.StableVersion}}"}` +) + +// Data holds stable gopogh version in semver format. +type Data struct { + StableVersion string `json:"stableVersion"` +} + +func main() { + // set a context with defined timeout + ctx, cancel := context.WithTimeout(context.Background(), cxTimeout) + defer cancel() + + // get Golang stable version + stable, err := golintVersion(ctx, "golangci", "golangci-lint") + if err != nil { + klog.Fatalf("Unable to get Golang stable version: %v", err) + } + data := Data{StableVersion: stable} + klog.Infof("Golang stable version: %s", data.StableVersion) + + update.Apply(ctx, schema, data, prBranchPrefix, prTitle, 12247) +} + +// +// golintVersions returns stable version in semver format. +func golintVersion(ctx context.Context, owner, repo string) (stable string, err error) { + // get Kubernetes versions from GitHub Releases + stable, _, err = update.GHReleases(ctx, owner, repo) + if err != nil || !semver.IsValid(stable) { + return "", err + } + return stable, nil +} From 2a60c0672fb089579926350c71a5b5767552f095 Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Thu, 12 Aug 2021 16:01:41 -0700 Subject: [PATCH 115/205] add github workflow --- .github/workflows/update-golang-version.yml | 2 +- .github/workflows/update-golint-version.yml | 45 +++++++++++++++++++ .../golang_version/update_golang_version.go | 6 +++ 3 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/update-golint-version.yml diff --git a/.github/workflows/update-golang-version.yml b/.github/workflows/update-golang-version.yml index b4cf4cd549..18cc51b982 100644 --- a/.github/workflows/update-golang-version.yml +++ b/.github/workflows/update-golang-version.yml @@ -8,7 +8,7 @@ env: GOPROXY: https://proxy.golang.org GO_VERSION: '1.16.7' jobs: - bump-k8s-versions: + bump-golang-version: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/update-golint-version.yml b/.github/workflows/update-golint-version.yml new file mode 100644 index 0000000000..e2f6d13cdc --- /dev/null +++ b/.github/workflows/update-golint-version.yml @@ -0,0 +1,45 @@ +name: "update-golang-versions" +on: + workflow_dispatch: + schedule: + # every Monday at around 3 am pacific/10 am UTC + - cron: "0 10 * * 1" +env: + GOPROXY: https://proxy.golang.org + GO_VERSION: '1.16.7' +jobs: + bump-golint-version: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-go@v2 + with: + go-version: ${{env.GO_VERSION}} + stable: true + - name: Bump Golint Versions + id: bumpGolint + run: | + make update-golint-version + echo "::set-output name=changes::$(git status --porcelain)" + - name: Create PR + if: ${{ steps.bumpGolint.outputs.changes != '' }} + uses: peter-evans/create-pull-request@v3 + with: + token: ${{ secrets.MINIKUBE_BOT_PAT }} + commit-message: bump golang versions + committer: minikube-bot + author: minikube-bot + branch: auto_bump_golint_version + push-to-fork: minikube-bot/minikube + base: master + delete-branch: true + title: 'bump golint version' + labels: ok-to-test + body: | + Golangci-lint Project release a [new version](https://github.com/golangci/golangci-lint/releases), + + This PR was auto-generated by `make update-golint-version` using [update-golint-version.yml](https://github.com/kubernetes/minikube/tree/master/.github/workflows/update-golint-version.yml) CI Workflow. + + + + diff --git a/hack/update/golang_version/update_golang_version.go b/hack/update/golang_version/update_golang_version.go index 62eeb23735..4978e46b2d 100644 --- a/hack/update/golang_version/update_golang_version.go +++ b/hack/update/golang_version/update_golang_version.go @@ -90,6 +90,12 @@ var ( `GO_VERSION: .*`: `GO_VERSION: '{{.StableVersion}}'`, }, }, + ".github/workflows/update-golint-version.yml": { + Replace: map[string]string{ + `GO_VERSION: .*`: `GO_VERSION: '{{.StableVersion}}'`, + }, + }, + ".github/workflows/time-to-k8s-public-chart.yml": { Replace: map[string]string{ `GO_VERSION: .*`: `GO_VERSION: '{{.StableVersion}}'`, From cdc85c6f0a2886cd61a97ba39a2c5b7984d6ad0b Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Thu, 12 Aug 2021 16:11:54 -0700 Subject: [PATCH 116/205] typo --- .github/workflows/update-golint-version.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-golint-version.yml b/.github/workflows/update-golint-version.yml index e2f6d13cdc..243c9a0533 100644 --- a/.github/workflows/update-golint-version.yml +++ b/.github/workflows/update-golint-version.yml @@ -1,4 +1,4 @@ -name: "update-golang-versions" +name: "update-golint-version" on: workflow_dispatch: schedule: From de221b50a3f292a04ab71850904bf05777ce1f98 Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Thu, 12 Aug 2021 16:15:42 -0700 Subject: [PATCH 117/205] typo --- .github/workflows/update-golint-version.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-golint-version.yml b/.github/workflows/update-golint-version.yml index 243c9a0533..3b21d6da96 100644 --- a/.github/workflows/update-golint-version.yml +++ b/.github/workflows/update-golint-version.yml @@ -26,7 +26,7 @@ jobs: uses: peter-evans/create-pull-request@v3 with: token: ${{ secrets.MINIKUBE_BOT_PAT }} - commit-message: bump golang versions + commit-message: bump golaint versions committer: minikube-bot author: minikube-bot branch: auto_bump_golint_version From 8b9cddb7e07246b7e5af7c1fc3708fc4ece3f822 Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Thu, 12 Aug 2021 23:26:51 +0000 Subject: [PATCH 118/205] bump golaint versions --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 3a7ba8d0a9..ea380b5081 100644 --- a/Makefile +++ b/Makefile @@ -69,7 +69,7 @@ MINIKUBE_RELEASES_URL=https://github.com/kubernetes/minikube/releases/download KERNEL_VERSION ?= 4.19.182 # latest from https://github.com/golangci/golangci-lint/releases # update this only by running `make update-golint-version` -GOLINT_VERSION ?= v1.39.0 +GOLINT_VERSION ?= v1.41.1 # Limit number of default jobs, to avoid the CI builds running out of memory GOLINT_JOBS ?= 4 # see https://github.com/golangci/golangci-lint#memory-usage-of-golangci-lint From 5206f7fb39176f6574bedaf86859aa6c46cf9906 Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Thu, 12 Aug 2021 17:11:31 -0700 Subject: [PATCH 119/205] fix lint --- pkg/minikube/cruntime/cri.go | 8 ++++---- pkg/minikube/proxy/proxy_test.go | 4 ---- pkg/minikube/tunnel/route_darwin.go | 2 +- pkg/minikube/tunnel/route_linux.go | 2 +- pkg/provision/provision.go | 3 ++- 5 files changed, 8 insertions(+), 11 deletions(-) diff --git a/pkg/minikube/cruntime/cri.go b/pkg/minikube/cruntime/cri.go index 7c1c1e5719..f4a223388c 100644 --- a/pkg/minikube/cruntime/cri.go +++ b/pkg/minikube/cruntime/cri.go @@ -134,9 +134,9 @@ func pauseCRIContainers(cr CommandRunner, root string, ids []string) error { args = append(args, "--root", root) } args = append(args, "pause") - + cargs := args for _, id := range ids { - cargs := append(args, id) + cargs = append(cargs, id) if _, err := cr.RunCmd(exec.Command("sudo", cargs...)); err != nil { return errors.Wrap(err, "runc") } @@ -161,9 +161,9 @@ func unpauseCRIContainers(cr CommandRunner, root string, ids []string) error { args = append(args, "--root", root) } args = append(args, "resume") - + cargs := args for _, id := range ids { - cargs := append(args, id) + cargs := append(cargs, id) if _, err := cr.RunCmd(exec.Command("sudo", cargs...)); err != nil { return errors.Wrap(err, "runc") } diff --git a/pkg/minikube/proxy/proxy_test.go b/pkg/minikube/proxy/proxy_test.go index 8c87124325..b7cb3963d8 100644 --- a/pkg/minikube/proxy/proxy_test.go +++ b/pkg/minikube/proxy/proxy_test.go @@ -225,10 +225,6 @@ func TestUpdateTransport(t *testing.T) { c := UpdateTransport(&rc) tr := &http.Transport{} tr.RegisterProtocol("file", http.NewFileTransport(http.Dir("/tmp"))) - rt := c.WrapTransport(tr) - if _, ok := rt.(http.RoundTripper); !ok { - t.Fatalf("Cannot cast rt(%v) to http.RoundTripper", rt) - } }) t.Run("existing", func(t *testing.T) { // rest config initialized with WrapTransport function diff --git a/pkg/minikube/tunnel/route_darwin.go b/pkg/minikube/tunnel/route_darwin.go index 9bf4c7de8c..e73894cb73 100644 --- a/pkg/minikube/tunnel/route_darwin.go +++ b/pkg/minikube/tunnel/route_darwin.go @@ -50,7 +50,7 @@ func (router *osRouter) EnsureRouteIsAdded(route *Route) error { command := exec.Command("sudo", "route", "-n", "add", serviceCIDR, gatewayIP) klog.Infof("About to run command: %s", command.Args) stdInAndOut, err := command.CombinedOutput() - message := fmt.Sprintf("%s", stdInAndOut) + message := string(stdInAndOut) re := regexp.MustCompile(fmt.Sprintf("add net (.*): gateway %s\n", gatewayIP)) if !re.MatchString(message) { return fmt.Errorf("error adding Route: %s, %d", message, len(strings.Split(message, "\n"))) diff --git a/pkg/minikube/tunnel/route_linux.go b/pkg/minikube/tunnel/route_linux.go index 1e360c81d6..4fc6f6d5be 100644 --- a/pkg/minikube/tunnel/route_linux.go +++ b/pkg/minikube/tunnel/route_linux.go @@ -129,7 +129,7 @@ func (router *osRouter) Cleanup(route *Route) error { klog.Infof("Cleaning up route for CIDR %s to gateway %s\n", serviceCIDR, gatewayIP) command := exec.Command("sudo", "ip", "route", "delete", serviceCIDR) stdInAndOut, err := command.CombinedOutput() - message := fmt.Sprintf("%s", stdInAndOut) + message := string(stdInAndOut) klog.Infof("%s", message) if err != nil { return fmt.Errorf("error deleting Route: %s, %s", message, err) diff --git a/pkg/provision/provision.go b/pkg/provision/provision.go index 5fa693bb4f..6ea1932786 100644 --- a/pkg/provision/provision.go +++ b/pkg/provision/provision.go @@ -106,8 +106,9 @@ func configureAuth(p miniProvisioner) error { return err } + hosts := authOptions.ServerCertSANs // The Host IP is always added to the certificate's SANs list - hosts := append(authOptions.ServerCertSANs, ip, hostIP, "localhost", "127.0.0.1", "minikube", machineName) + hosts = append(hosts, ip, hostIP, "localhost", "127.0.0.1", "minikube", machineName) klog.Infof("generating server cert: %s ca-key=%s private-key=%s org=%s san=%s", authOptions.ServerCertPath, authOptions.CaCertPath, From 6aa7abc24a0c3ecac35337735785897739fe5ea3 Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Thu, 12 Aug 2021 17:38:24 -0700 Subject: [PATCH 120/205] fix lint issues on master --- cmd/auto-pause/auto-pause-hook/config.go | 4 ++-- cmd/minikube/cmd/delete.go | 3 ++- cmd/minikube/cmd/delete_test.go | 3 ++- hack/benchmark/cpu_usage/auto_pause/chart.go | 4 ++-- hack/benchmark/cpu_usage/idle_only/chart.go | 2 +- pkg/gvisor/enable.go | 2 +- pkg/minikube/bootstrapper/certs.go | 11 +++++++---- pkg/minikube/proxy/proxy_test.go | 2 +- pkg/minikube/registry/drvs/docker/docker_test.go | 3 ++- pkg/minikube/tunnel/route_darwin.go | 2 +- 10 files changed, 21 insertions(+), 15 deletions(-) diff --git a/cmd/auto-pause/auto-pause-hook/config.go b/cmd/auto-pause/auto-pause-hook/config.go index 0f25e3f041..5fe8c83f00 100644 --- a/cmd/auto-pause/auto-pause-hook/config.go +++ b/cmd/auto-pause/auto-pause-hook/config.go @@ -91,8 +91,8 @@ func selfRegistration(clientset *kubernetes.Clientset, caCert []byte) { klog.Fatal(err2) } } - var failurePolicy v1.FailurePolicyType = v1.Fail - var sideEffects v1.SideEffectClass = v1.SideEffectClassNone + var failurePolicy = v1.Fail + var sideEffects = v1.SideEffectClassNone webhookConfig := &v1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{ diff --git a/cmd/minikube/cmd/delete.go b/cmd/minikube/cmd/delete.go index ec657fe817..655b57ee79 100644 --- a/cmd/minikube/cmd/delete.go +++ b/cmd/minikube/cmd/delete.go @@ -157,7 +157,8 @@ func runDelete(cmd *cobra.Command, args []string) { if err != nil { klog.Warningf("'error loading profiles in minikube home %q: %v", localpath.MiniPath(), err) } - profilesToDelete := append(validProfiles, invalidProfiles...) + profilesToDelete := validProfiles + profilesToDelete = append(profilesToDelete, invalidProfiles...) // in the case user has more than 1 profile and runs --purge // to prevent abandoned VMs/containers, force user to run with delete --all if purge && len(profilesToDelete) > 1 && !deleteAll { diff --git a/cmd/minikube/cmd/delete_test.go b/cmd/minikube/cmd/delete_test.go index fff2ffabf8..6422d04ac5 100644 --- a/cmd/minikube/cmd/delete_test.go +++ b/cmd/minikube/cmd/delete_test.go @@ -221,7 +221,8 @@ func TestDeleteAllProfiles(t *testing.T) { t.Errorf("ListProfiles length = %d, expected %d\nvalid: %v\ninvalid: %v\n", len(validProfiles)+len(inValidProfiles), numberOfTotalProfileDirs, validProfiles, inValidProfiles) } - profiles := append(validProfiles, inValidProfiles...) + profiles := validProfiles + profiles = append(profiles, inValidProfiles...) hostAndDirsDeleter = hostAndDirsDeleterMock errs := DeleteProfiles(profiles) diff --git a/hack/benchmark/cpu_usage/auto_pause/chart.go b/hack/benchmark/cpu_usage/auto_pause/chart.go index 304d6a3b3f..53ebf9b8bc 100644 --- a/hack/benchmark/cpu_usage/auto_pause/chart.go +++ b/hack/benchmark/cpu_usage/auto_pause/chart.go @@ -72,7 +72,7 @@ func execute() error { // Open non-autopause csv file of benchmark summary napResults := []float64{} - var napFn string = "./out/benchmark-results/" + sessionID + "/cstat.nonautopause.summary" + napFn := "./out/benchmark-results/" + sessionID + "/cstat.nonautopause.summary" napFile, err := os.Open(napFn) if err != nil { return errors.Wrap(err, "Missing summary csv") @@ -97,7 +97,7 @@ func execute() error { // Open auto-pause csv file of benchmark summary apResults := []float64{} - var apFn string = "./out/benchmark-results/" + sessionID + "/cstat.autopause.summary" + apFn := "./out/benchmark-results/" + sessionID + "/cstat.autopause.summary" apFile, err := os.Open(apFn) if err != nil { return errors.Wrap(err, "Missing summary csv") diff --git a/hack/benchmark/cpu_usage/idle_only/chart.go b/hack/benchmark/cpu_usage/idle_only/chart.go index ea49d50afc..e06138b322 100644 --- a/hack/benchmark/cpu_usage/idle_only/chart.go +++ b/hack/benchmark/cpu_usage/idle_only/chart.go @@ -71,7 +71,7 @@ func execute() error { // Open csv file of benchmark summary results := []float64{} - var fn string = "./out/benchmark-results/" + sessionID + "/cstat.summary" + fn := "./out/benchmark-results/" + sessionID + "/cstat.summary" file, err := os.Open(fn) if err != nil { return errors.Wrap(err, "Missing summary csv") diff --git a/pkg/gvisor/enable.go b/pkg/gvisor/enable.go index 27d0260406..d55dae38d4 100644 --- a/pkg/gvisor/enable.go +++ b/pkg/gvisor/enable.go @@ -62,7 +62,7 @@ func Enable() error { return errors.Wrap(err, "restarting containerd") } // When pod is terminated, disable gvisor and exit - c := make(chan os.Signal) + c := make(chan os.Signal, 1) signal.Notify(c, os.Interrupt, syscall.SIGTERM) go func() { <-c diff --git a/pkg/minikube/bootstrapper/certs.go b/pkg/minikube/bootstrapper/certs.go index e666e8e23d..3f5cd98976 100644 --- a/pkg/minikube/bootstrapper/certs.go +++ b/pkg/minikube/bootstrapper/certs.go @@ -204,12 +204,15 @@ func generateProfileCerts(k8s config.KubernetesConfig, n config.Node, ccs CACert return nil, errors.Wrap(err, "getting service cluster ip") } - apiServerIPs := append(k8s.APIServerIPs, + apiServerIPs := k8s.APIServerIPs + apiServerIPs = append(apiServerIPs, net.ParseIP(n.IP), serviceIP, net.ParseIP(oci.DefaultBindIPV4), net.ParseIP("10.0.0.1")) - apiServerNames := append(k8s.APIServerNames, k8s.APIServerName, constants.ControlPlaneAlias) - apiServerAlternateNames := append( - apiServerNames, + apiServerNames := k8s.APIServerNames + apiServerNames = append(apiServerNames, k8s.APIServerName, constants.ControlPlaneAlias) + + apiServerAlternateNames := apiServerNames + apiServerAlternateNames = append(apiServerAlternateNames, util.GetAlternateDNS(k8s.DNSDomain)...) daemonHost := oci.DaemonHost(k8s.ContainerRuntime) diff --git a/pkg/minikube/proxy/proxy_test.go b/pkg/minikube/proxy/proxy_test.go index b7cb3963d8..aa1341af49 100644 --- a/pkg/minikube/proxy/proxy_test.go +++ b/pkg/minikube/proxy/proxy_test.go @@ -222,7 +222,7 @@ func TestExcludeIP(t *testing.T) { func TestUpdateTransport(t *testing.T) { t.Run("new", func(t *testing.T) { rc := rest.Config{} - c := UpdateTransport(&rc) + UpdateTransport(&rc) tr := &http.Transport{} tr.RegisterProtocol("file", http.NewFileTransport(http.Dir("/tmp"))) }) diff --git a/pkg/minikube/registry/drvs/docker/docker_test.go b/pkg/minikube/registry/drvs/docker/docker_test.go index 8392f949a6..0d3e6ac890 100644 --- a/pkg/minikube/registry/drvs/docker/docker_test.go +++ b/pkg/minikube/registry/drvs/docker/docker_test.go @@ -30,7 +30,8 @@ type testCase struct { } func appendVersionVariations(tc []testCase, v []int, reason string) []testCase { - appendedTc := append(tc, testCase{ + appendedTc := tc + appendedTc = append(appendedTc, testCase{ version: fmt.Sprintf("linux-%02d.%02d", v[0], v[1]), expect: reason, }) diff --git a/pkg/minikube/tunnel/route_darwin.go b/pkg/minikube/tunnel/route_darwin.go index e73894cb73..7583bf2ce7 100644 --- a/pkg/minikube/tunnel/route_darwin.go +++ b/pkg/minikube/tunnel/route_darwin.go @@ -164,7 +164,7 @@ func (router *osRouter) Cleanup(route *Route) error { if err != nil { return err } - msg := fmt.Sprintf("%s", stdInAndOut) + msg := string(stdInAndOut) klog.V(4).Infof("%s", msg) re := regexp.MustCompile("^delete net ([^:]*)$") if !re.MatchString(msg) { From ccf4af099729e4ba6d6ad251ca953b01c399290e Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Thu, 12 Aug 2021 18:11:16 -0700 Subject: [PATCH 121/205] change depricated golint to revive and fix lint issues --- Makefile | 14 +++----------- hack/benchmark/time-to-k8s/chart.go | 6 +----- hack/update/registry.go | 5 +---- hack/update/update.go | 7 ++----- pkg/addons/addons.go | 6 +++--- pkg/drivers/hyperkit/driver.go | 5 +---- pkg/drivers/none/none.go | 5 +---- pkg/drivers/ssh/ssh.go | 5 +---- pkg/minikube/config/profile.go | 11 ++--------- pkg/minikube/download/download.go | 4 ++-- pkg/minikube/download/preload.go | 2 +- pkg/minikube/driver/driver_darwin.go | 2 +- pkg/minikube/kubeconfig/context.go | 8 ++++---- pkg/minikube/kubeconfig/extension.go | 5 +---- pkg/minikube/node/start.go | 12 ++---------- pkg/minikube/shell/shell.go | 2 +- test/integration/functional_test_mount_test.go | 2 +- 17 files changed, 28 insertions(+), 73 deletions(-) diff --git a/Makefile b/Makefile index ea380b5081..51e0d5edbd 100644 --- a/Makefile +++ b/Makefile @@ -32,7 +32,6 @@ RPM_VERSION ?= $(DEB_VERSION) RPM_REVISION ?= 0 # used by hack/jenkins/release_build_and_upload.sh and KVM_BUILD_IMAGE, see also BUILD_IMAGE below -# update this only by running `make update-golang-version` GO_VERSION ?= 1.16.7 # replace "x.y.0" => "x.y". kube-cross and golang.org/dl use different formats for x.y.0 go versions @@ -67,9 +66,8 @@ MINIKUBE_UPLOAD_LOCATION := gs://${MINIKUBE_BUCKET} MINIKUBE_RELEASES_URL=https://github.com/kubernetes/minikube/releases/download KERNEL_VERSION ?= 4.19.182 -# latest from https://github.com/golangci/golangci-lint/releases -# update this only by running `make update-golint-version` -GOLINT_VERSION ?= v1.41.1 +# latest from https://github.com/golangci/golangci-lint/releases +GOLINT_VERSION ?= v1.39.0 # Limit number of default jobs, to avoid the CI builds running out of memory GOLINT_JOBS ?= 4 # see https://github.com/golangci/golangci-lint#memory-usage-of-golangci-lint @@ -77,7 +75,7 @@ GOLINT_GOGC ?= 100 # options for lint (golangci-lint) GOLINT_OPTIONS = --timeout 7m \ --build-tags "${MINIKUBE_INTEGRATION_BUILD_TAGS}" \ - --enable gofmt,goimports,gocritic,golint,gocyclo,misspell,nakedret,stylecheck,unconvert,unparam,dogsled \ + --enable gofmt,goimports,gocritic,revive,gocyclo,misspell,nakedret,stylecheck,unconvert,unparam,dogsled \ --exclude 'variable on range scope.*in function literal|ifElseChain' export GO111MODULE := on @@ -975,12 +973,6 @@ update-kubernetes-version: (cd hack/update/kubernetes_version && \ go run update_kubernetes_version.go) -.PHONY: update-golint-version -update-golint-version: - (cd hack/update/golint_version && \ - go run update_golint_version.go) - - .PHONY: update-kubernetes-version-pr update-kubernetes-version-pr: ifndef GITHUB_TOKEN diff --git a/hack/benchmark/time-to-k8s/chart.go b/hack/benchmark/time-to-k8s/chart.go index ae3ef9cb65..c15ec89000 100644 --- a/hack/benchmark/time-to-k8s/chart.go +++ b/hack/benchmark/time-to-k8s/chart.go @@ -220,11 +220,7 @@ func createChart(chartPath string, values []plotter.Values, totals []float64, na p.Add(l) - if err := p.Save(12*vg.Inch, 8*vg.Inch, chartPath); err != nil { - return err - } - - return nil + return p.Save(12*vg.Inch, 8*vg.Inch, chartPath) } func createBars(values plotter.Values, index int) (*plotter.BarChart, error) { diff --git a/hack/update/registry.go b/hack/update/registry.go index 09196494fc..99c0db210a 100644 --- a/hack/update/registry.go +++ b/hack/update/registry.go @@ -98,10 +98,7 @@ func crUpdate(ctx context.Context, reg registry, image, version string) error { // TagImage tags local image:current with stable version, and returns any error occurred. func TagImage(ctx context.Context, image, current, stable string) error { tag := exec.CommandContext(ctx, "docker", "tag", image+":"+current, image+":"+stable) - if err := RunWithRetryNotify(ctx, tag, nil, 1*time.Second, 10); err != nil { - return err - } - return nil + return RunWithRetryNotify(ctx, tag, nil, 1*time.Second, 10) } // PullImage checks if current image exists locally, tries to pull it if not, and returns reference image url and any error occurred. diff --git a/hack/update/update.go b/hack/update/update.go index dbf7061999..f4ba35bbaa 100644 --- a/hack/update/update.go +++ b/hack/update/update.go @@ -189,7 +189,7 @@ func RunWithRetryNotify(ctx context.Context, cmd *exec.Cmd, stdin io.Reader, max notify := func(err error, wait time.Duration) { klog.Errorf("Temporary error running '%s' (will retry in %s): %v", cmd.String(), wait, err) } - if err := backoff.RetryNotify(func() error { + return backoff.RetryNotify(func() error { cmd.Stdin = stdin var stderr bytes.Buffer cmd.Stderr = &stderr @@ -198,10 +198,7 @@ func RunWithRetryNotify(ctx context.Context, cmd *exec.Cmd, stdin io.Reader, max return fmt.Errorf("%w: %s", err, stderr.String()) } return nil - }, bc, notify); err != nil { - return err - } - return nil + }, bc, notify) } // Run runs command cmd with stdin diff --git a/pkg/addons/addons.go b/pkg/addons/addons.go index a960a96553..6a00bb5423 100644 --- a/pkg/addons/addons.go +++ b/pkg/addons/addons.go @@ -48,11 +48,11 @@ import ( ) // Force is used to override checks for addons -var Force bool = false +var Force = false // Refresh is used to refresh pods in specific cases when an addon is enabled // Currently only used for gcp-auth -var Refresh bool = false +var Refresh = false // RunCallbacks runs all actions associated to an addon, but does not set it (thread-safe) func RunCallbacks(cc *config.ClusterConfig, name string, value string) error { @@ -377,7 +377,7 @@ func Start(wg *sync.WaitGroup, cc *config.ClusterConfig, toEnable map[string]boo var awg sync.WaitGroup - enabledAddons := []string{} + var enabledAddons []string defer func() { // making it show after verifications (see #7613) register.Reg.SetStep(register.EnablingAddons) diff --git a/pkg/drivers/hyperkit/driver.go b/pkg/drivers/hyperkit/driver.go index 027977bf38..d074b49017 100644 --- a/pkg/drivers/hyperkit/driver.go +++ b/pkg/drivers/hyperkit/driver.go @@ -276,10 +276,7 @@ func (d *Driver) Start() error { return err } - if err := d.setupNFSMounts(); err != nil { - return err - } - return nil + return d.setupNFSMounts() } func (d *Driver) setupIP(mac string) error { diff --git a/pkg/drivers/none/none.go b/pkg/drivers/none/none.go index 4f67577322..f441711eb6 100644 --- a/pkg/drivers/none/none.go +++ b/pkg/drivers/none/none.go @@ -192,10 +192,7 @@ func (d *Driver) Remove() error { // Restart a host func (d *Driver) Restart() error { - if err := sysinit.New(d.exec).Restart("kubelet"); err != nil { - return err - } - return nil + return sysinit.New(d.exec).Restart("kubelet") } // Start a host diff --git a/pkg/drivers/ssh/ssh.go b/pkg/drivers/ssh/ssh.go index 97ff1d0b71..aa613a75be 100644 --- a/pkg/drivers/ssh/ssh.go +++ b/pkg/drivers/ssh/ssh.go @@ -206,10 +206,7 @@ func (d *Driver) Stop() error { // Restart a host func (d *Driver) Restart() error { - if err := sysinit.New(d.exec).Restart("kubelet"); err != nil { - return err - } - return nil + return sysinit.New(d.exec).Restart("kubelet") } // Kill stops a host forcefully, including any containers that we are managing. diff --git a/pkg/minikube/config/profile.go b/pkg/minikube/config/profile.go index 2e13436988..167558f15f 100644 --- a/pkg/minikube/config/profile.go +++ b/pkg/minikube/config/profile.go @@ -152,10 +152,7 @@ func SaveProfile(name string, cfg *ClusterConfig, miniHome ...string) error { // If no config file exists, don't worry about swapping paths if _, err := os.Stat(path); os.IsNotExist(err) { - if err := lock.WriteFile(path, data, 0600); err != nil { - return err - } - return nil + return lock.WriteFile(path, data, 0600) } tf, err := ioutil.TempFile(filepath.Dir(path), "config.json.tmp") @@ -176,11 +173,7 @@ func SaveProfile(name string, cfg *ClusterConfig, miniHome ...string) error { return err } - if err = os.Rename(tf.Name(), path); err != nil { - return err - } - - return nil + return os.Rename(tf.Name(), path) } // DeleteProfile deletes a profile and removes the profile dir diff --git a/pkg/minikube/download/download.go b/pkg/minikube/download/download.go index d65590775e..dd64fe1de9 100644 --- a/pkg/minikube/download/download.go +++ b/pkg/minikube/download/download.go @@ -35,8 +35,8 @@ import ( var ( // DownloadMock is called instead of the download implementation if not nil. - DownloadMock func(src, dst string) error = nil - checkCache = os.Stat + DownloadMock func(src, dst string) error + checkCache = os.Stat ) // CreateDstDownloadMock is the default mock implementation of download. diff --git a/pkg/minikube/download/preload.go b/pkg/minikube/download/preload.go index b174b1aeca..1f3e09d6ee 100644 --- a/pkg/minikube/download/preload.go +++ b/pkg/minikube/download/preload.go @@ -49,7 +49,7 @@ const ( ) var ( - preloadStates map[string]map[string]bool = make(map[string]map[string]bool) + preloadStates = make(map[string]map[string]bool) ) // TarballName returns name of the tarball diff --git a/pkg/minikube/driver/driver_darwin.go b/pkg/minikube/driver/driver_darwin.go index 168b3084d9..b29222459e 100644 --- a/pkg/minikube/driver/driver_darwin.go +++ b/pkg/minikube/driver/driver_darwin.go @@ -22,7 +22,7 @@ import ( ) // supportedDrivers is a list of supported drivers on Darwin. -var supportedDrivers []string = func() []string { +var supportedDrivers = func() []string { if runtime.GOARCH == "arm64" { // on darwin/arm64 only docker and ssh are supported yet return []string{ diff --git a/pkg/minikube/kubeconfig/context.go b/pkg/minikube/kubeconfig/context.go index 4b927d2121..8b3d584643 100644 --- a/pkg/minikube/kubeconfig/context.go +++ b/pkg/minikube/kubeconfig/context.go @@ -28,15 +28,15 @@ func UnsetCurrentContext(machineName string, configPath ...string) error { if configPath != nil { fPath = configPath[0] } - kCfg, err := readOrNew(fPath) + cfg, err := readOrNew(fPath) if err != nil { return errors.Wrap(err, "Error getting kubeconfig status") } // Unset current-context only if profile is the current-context - if kCfg.CurrentContext == machineName { - kCfg.CurrentContext = "" - if err := writeToFile(kCfg, fPath); err != nil { + if cfg.CurrentContext == machineName { + cfg.CurrentContext = "" + if err := writeToFile(cfg, fPath); err != nil { return errors.Wrap(err, "writing kubeconfig") } return nil diff --git a/pkg/minikube/kubeconfig/extension.go b/pkg/minikube/kubeconfig/extension.go index aff7cb25a8..413e8b11cf 100644 --- a/pkg/minikube/kubeconfig/extension.go +++ b/pkg/minikube/kubeconfig/extension.go @@ -55,10 +55,7 @@ func (in *Extension) DeepCopy() *Extension { // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. func (in *Extension) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil + return in.DeepCopy() } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. diff --git a/pkg/minikube/node/start.go b/pkg/minikube/node/start.go index 6e1e435714..1361c67ebb 100644 --- a/pkg/minikube/node/start.go +++ b/pkg/minikube/node/start.go @@ -401,11 +401,7 @@ func waitForCRISocket(runner cruntime.CommandRunner, socket string, wait int, in } return nil } - if err := retry.Expo(chkPath, time.Duration(interval)*time.Second, time.Duration(wait)*time.Second); err != nil { - return err - } - - return nil + return retry.Expo(chkPath, time.Duration(interval)*time.Second, time.Duration(wait)*time.Second) } func waitForCRIVersion(runner cruntime.CommandRunner, socket string, wait int, interval int) error { @@ -426,11 +422,7 @@ func waitForCRIVersion(runner cruntime.CommandRunner, socket string, wait int, i klog.Info(rr.Stdout.String()) return nil } - if err := retry.Expo(chkInfo, time.Duration(interval)*time.Second, time.Duration(wait)*time.Second); err != nil { - return err - } - - return nil + return retry.Expo(chkInfo, time.Duration(interval)*time.Second, time.Duration(wait)*time.Second) } // setupKubeAdm adds any requested files into the VM before Kubernetes is started diff --git a/pkg/minikube/shell/shell.go b/pkg/minikube/shell/shell.go index f224c41c9c..2b5c550310 100644 --- a/pkg/minikube/shell/shell.go +++ b/pkg/minikube/shell/shell.go @@ -139,7 +139,7 @@ REM @FOR /f "tokens=*" %%i IN ('%s') DO @%%i } var defaultSh = "bash" -var defaultShell shellData = shellConfigMap[defaultSh] +var defaultShell = shellConfigMap[defaultSh] var ( // ForceShell forces a shell name diff --git a/test/integration/functional_test_mount_test.go b/test/integration/functional_test_mount_test.go index 211f9d4d8a..d7e8a84709 100644 --- a/test/integration/functional_test_mount_test.go +++ b/test/integration/functional_test_mount_test.go @@ -276,7 +276,7 @@ func validateMountCmd(ctx context.Context, t *testing.T, profile string) { // no t.Logf("reading mount text") mountText := func() string { str := "" - var err error = nil + var err error for err == nil { var add string add, err = ss.Stdout.ReadString(0) From 6baebf6fdce7c78168f33848636d76f2663642a2 Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Thu, 12 Aug 2021 18:14:25 -0700 Subject: [PATCH 122/205] fix version --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 51e0d5edbd..693add0020 100644 --- a/Makefile +++ b/Makefile @@ -67,7 +67,7 @@ MINIKUBE_RELEASES_URL=https://github.com/kubernetes/minikube/releases/download KERNEL_VERSION ?= 4.19.182 # latest from https://github.com/golangci/golangci-lint/releases -GOLINT_VERSION ?= v1.39.0 +GOLINT_VERSION ?= v1.41.1 # Limit number of default jobs, to avoid the CI builds running out of memory GOLINT_JOBS ?= 4 # see https://github.com/golangci/golangci-lint#memory-usage-of-golangci-lint From 90da153fc562c05b83ff926e5997d8c972451d7d Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Thu, 12 Aug 2021 18:16:47 -0700 Subject: [PATCH 123/205] revert unrelated changes --- Makefile | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 693add0020..99da509615 100644 --- a/Makefile +++ b/Makefile @@ -32,6 +32,7 @@ RPM_VERSION ?= $(DEB_VERSION) RPM_REVISION ?= 0 # used by hack/jenkins/release_build_and_upload.sh and KVM_BUILD_IMAGE, see also BUILD_IMAGE below +# update this only by running `make update-golang-version` GO_VERSION ?= 1.16.7 # replace "x.y.0" => "x.y". kube-cross and golang.org/dl use different formats for x.y.0 go versions @@ -66,7 +67,8 @@ MINIKUBE_UPLOAD_LOCATION := gs://${MINIKUBE_BUCKET} MINIKUBE_RELEASES_URL=https://github.com/kubernetes/minikube/releases/download KERNEL_VERSION ?= 4.19.182 -# latest from https://github.com/golangci/golangci-lint/releases +# latest from https://github.com/golangci/golangci-lint/releases +# update this only by running `make update-golint-version` GOLINT_VERSION ?= v1.41.1 # Limit number of default jobs, to avoid the CI builds running out of memory GOLINT_JOBS ?= 4 @@ -973,6 +975,12 @@ update-kubernetes-version: (cd hack/update/kubernetes_version && \ go run update_kubernetes_version.go) +.PHONY: update-golint-version +update-golint-version: + (cd hack/update/golint_version && \ + go run update_golint_version.go) + + .PHONY: update-kubernetes-version-pr update-kubernetes-version-pr: ifndef GITHUB_TOKEN @@ -1003,4 +1011,4 @@ time-to-k8s-benchmark: .PHONY: update-gopogh-version update-gopogh-version: ## update gopogh version (cd hack/update/gopogh_version && \ - go run update_gopogh_version.go) + go run update_gopogh_version.go) \ No newline at end of file From b7e8f730eddb82eaa017f03057f79d92fc92bbf0 Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Thu, 12 Aug 2021 18:17:09 -0700 Subject: [PATCH 124/205] revert unrelated changes --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 99da509615..4210729538 100644 --- a/Makefile +++ b/Makefile @@ -1011,4 +1011,4 @@ time-to-k8s-benchmark: .PHONY: update-gopogh-version update-gopogh-version: ## update gopogh version (cd hack/update/gopogh_version && \ - go run update_gopogh_version.go) \ No newline at end of file + go run update_gopogh_version.go) From 2a1693655a89e90cdaf34e15ec069316b605a196 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Fri, 13 Aug 2021 12:30:24 -0700 Subject: [PATCH 125/205] add space for aesthetics --- hack/jenkins/cloud_shell_functional_tests_docker.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/jenkins/cloud_shell_functional_tests_docker.sh b/hack/jenkins/cloud_shell_functional_tests_docker.sh index 8f743dcc3e..6a229375c6 100755 --- a/hack/jenkins/cloud_shell_functional_tests_docker.sh +++ b/hack/jenkins/cloud_shell_functional_tests_docker.sh @@ -30,7 +30,7 @@ gcloud cloud-shell ssh --authorize-session << EOF DRIVER="docker" JOB_NAME="Docker_Cloud_Shell" CONTAINER_RUNTIME="docker" -EXTRA_TEST_ARGS="-test.run (TestFunctional|TestAddons|TestStartStop)" + EXTRA_TEST_ARGS="-test.run (TestFunctional|TestAddons|TestStartStop)" # Need to set these in cloud-shell or will not be present in common.sh MINIKUBE_LOCATION=$MINIKUBE_LOCATION From 098adff14f97e55ded5626b0a90c858c09622337 Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Fri, 13 Aug 2021 12:55:06 -0700 Subject: [PATCH 126/205] fix image name --- pkg/minikube/bootstrapper/images/images.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/minikube/bootstrapper/images/images.go b/pkg/minikube/bootstrapper/images/images.go index 6d8fcf4b07..319983e7f9 100644 --- a/pkg/minikube/bootstrapper/images/images.go +++ b/pkg/minikube/bootstrapper/images/images.go @@ -179,7 +179,7 @@ func CalicoDeployment(repo string) string { if repo == "" { repo = "docker.io/calico" } - return path.Join(repo, "kube-controllers::"+calicoVersion) + return path.Join(repo, "kube-controllers:"+calicoVersion) } // CalicoFelixDriver returns image used for felix driver @@ -187,7 +187,7 @@ func CalicoFelixDriver(repo string) string { if repo == "" { repo = "docker.io/calico" } - return path.Join(repo, "pod2daemon-flexvol::"+calicoVersion) + return path.Join(repo, "pod2daemon-flexvol:"+calicoVersion) } // CalicoBin returns image used for calico binary image @@ -195,5 +195,5 @@ func CalicoBin(repo string) string { if repo == "" { repo = "docker.io/calico" } - return path.Join(repo, "cni::"+calicoVersion) + return path.Join(repo, "cni:"+calicoVersion) } From 0bd906077f72e6ed103b92e7c2d72145cde0ba18 Mon Sep 17 00:00:00 2001 From: Medya Ghazizadeh Date: Fri, 13 Aug 2021 14:06:42 -0700 Subject: [PATCH 127/205] Revert "new `image save` command" --- cmd/minikube/cmd/image.go | 74 -------- pkg/minikube/assets/vm_assets.go | 59 ------ pkg/minikube/command/command_runner.go | 3 - pkg/minikube/command/exec_runner.go | 18 -- pkg/minikube/command/fake_runner.go | 13 -- pkg/minikube/command/kic_runner.go | 17 -- pkg/minikube/command/ssh_runner.go | 82 --------- pkg/minikube/cruntime/cruntime.go | 2 - pkg/minikube/cruntime/cruntime_test.go | 4 - pkg/minikube/image/image.go | 58 ------ pkg/minikube/machine/cache_images.go | 171 ------------------ pkg/minikube/reason/reason.go | 2 - site/content/en/docs/commands/image.md | 48 ----- site/content/en/docs/contrib/errorcodes.en.md | 3 - 14 files changed, 554 deletions(-) diff --git a/cmd/minikube/cmd/image.go b/cmd/minikube/cmd/image.go index 8fdc870e57..85616c09c4 100644 --- a/cmd/minikube/cmd/image.go +++ b/cmd/minikube/cmd/image.go @@ -144,77 +144,6 @@ var loadImageCmd = &cobra.Command{ }, } -func readFile(w io.Writer, tmp string) error { - r, err := os.Open(tmp) - if err != nil { - return err - } - _, err = io.Copy(w, r) - if err != nil { - return err - } - err = r.Close() - if err != nil { - return err - } - return nil -} - -// saveImageCmd represents the image load command -var saveImageCmd = &cobra.Command{ - Use: "save IMAGE [ARCHIVE | -]", - Short: "Save a image from minikube", - Long: "Save a image from minikube", - Example: "minikube image save image\nminikube image save image image.tar", - Run: func(cmd *cobra.Command, args []string) { - if len(args) == 0 { - exit.Message(reason.Usage, "Please provide an image in the container runtime to save from minikube via ") - } - // Save images from container runtime - profile, err := config.LoadProfile(viper.GetString(config.ProfileName)) - if err != nil { - exit.Error(reason.Usage, "loading profile", err) - } - - if len(args) > 1 { - output = args[1] - - if args[1] == "-" { - tmp, err := ioutil.TempFile("", "image.*.tar") - if err != nil { - exit.Error(reason.GuestImageSave, "Failed to get temp", err) - } - tmp.Close() - output = tmp.Name() - } - - if err := machine.DoSaveImages([]string{args[0]}, output, []*config.Profile{profile}, ""); err != nil { - exit.Error(reason.GuestImageSave, "Failed to save image", err) - } - - if args[1] == "-" { - err := readFile(os.Stdout, output) - if err != nil { - exit.Error(reason.GuestImageSave, "Failed to read temp", err) - } - os.Remove(output) - } - } else { - if err := machine.SaveAndCacheImages([]string{args[0]}, []*config.Profile{profile}); err != nil { - exit.Error(reason.GuestImageSave, "Failed to save image", err) - } - if imgDaemon || imgRemote { - image.UseDaemon(imgDaemon) - image.UseRemote(imgRemote) - err := image.UploadCachedImage(args[0]) - if err != nil { - exit.Error(reason.GuestImageSave, "Failed to save image", err) - } - } - } - }, -} - var removeImageCmd = &cobra.Command{ Use: "rm IMAGE [IMAGE...]", Short: "Remove one or more images", @@ -329,8 +258,5 @@ func init() { buildImageCmd.Flags().StringArrayVar(&buildEnv, "build-env", nil, "Environment variables to pass to the build. (format: key=value)") buildImageCmd.Flags().StringArrayVar(&buildOpt, "build-opt", nil, "Specify arbitrary flags to pass to the build. (format: key=value)") imageCmd.AddCommand(buildImageCmd) - saveImageCmd.Flags().BoolVar(&imgDaemon, "daemon", false, "Cache image to docker daemon") - saveImageCmd.Flags().BoolVar(&imgRemote, "remote", false, "Cache image to remote registry") - imageCmd.AddCommand(saveImageCmd) imageCmd.AddCommand(listImageCmd) } diff --git a/pkg/minikube/assets/vm_assets.go b/pkg/minikube/assets/vm_assets.go index 752953e960..b6ec89e9b8 100644 --- a/pkg/minikube/assets/vm_assets.go +++ b/pkg/minikube/assets/vm_assets.go @@ -24,7 +24,6 @@ import ( "io" "os" "path" - "strconv" "time" "github.com/pkg/errors" @@ -38,11 +37,8 @@ const MemorySource = "memory" // CopyableFile is something that can be copied type CopyableFile interface { io.Reader - io.Writer GetLength() int - SetLength(int) GetSourcePath() string - GetTargetPath() string GetTargetDir() string GetTargetName() string @@ -66,11 +62,6 @@ func (b *BaseAsset) GetSourcePath() string { return b.SourcePath } -// GetTargetPath returns target path -func (b *BaseAsset) GetTargetPath() string { - return path.Join(b.GetTargetDir(), b.GetTargetName()) -} - // GetTargetDir returns target dir func (b *BaseAsset) GetTargetDir() string { return b.TargetDir @@ -95,7 +86,6 @@ func (b *BaseAsset) GetModTime() (time.Time, error) { type FileAsset struct { BaseAsset reader io.ReadSeeker - writer io.Writer file *os.File // Optional pointer to close file through FileAsset.Close() } @@ -144,14 +134,6 @@ func (f *FileAsset) GetLength() (flen int) { return int(fi.Size()) } -// SetLength sets the file length -func (f *FileAsset) SetLength(flen int) { - err := os.Truncate(f.SourcePath, int64(flen)) - if err != nil { - klog.Errorf("truncate(%q) failed: %v", f.SourcePath, err) - } -} - // GetModTime returns modification time of the file func (f *FileAsset) GetModTime() (time.Time, error) { fi, err := os.Stat(f.SourcePath) @@ -170,23 +152,6 @@ func (f *FileAsset) Read(p []byte) (int, error) { return f.reader.Read(p) } -// Write writes the asset -func (f *FileAsset) Write(p []byte) (int, error) { - if f.writer == nil { - f.file.Close() - perms, err := strconv.ParseUint(f.Permissions, 8, 32) - if err != nil || perms > 07777 { - return 0, err - } - f.file, err = os.OpenFile(f.SourcePath, os.O_RDWR|os.O_CREATE, os.FileMode(perms)) - if err != nil { - return 0, err - } - f.writer = io.Writer(f.file) - } - return f.writer.Write(p) -} - // Seek resets the reader to offset func (f *FileAsset) Seek(offset int64, whence int) (int64, error) { return f.reader.Seek(offset, whence) @@ -212,23 +177,11 @@ func (m *MemoryAsset) GetLength() int { return m.length } -// SetLength returns length -func (m *MemoryAsset) SetLength(len int) { - m.length = len -} - // Read reads the asset func (m *MemoryAsset) Read(p []byte) (int, error) { return m.reader.Read(p) } -// Writer writes the asset -func (m *MemoryAsset) Write(p []byte) (int, error) { - m.length = len(p) - m.reader = bytes.NewReader(p) - return len(p), nil -} - // Seek resets the reader to offset func (m *MemoryAsset) Seek(offset int64, whence int) (int64, error) { return m.reader.Seek(offset, whence) @@ -345,11 +298,6 @@ func (m *BinAsset) GetLength() int { return m.length } -// SetLength sets length -func (m *BinAsset) SetLength(len int) { - m.length = len -} - // Read reads the asset func (m *BinAsset) Read(p []byte) (int, error) { if m.GetLength() == 0 { @@ -358,13 +306,6 @@ func (m *BinAsset) Read(p []byte) (int, error) { return m.reader.Read(p) } -// Write writes the asset -func (m *BinAsset) Write(p []byte) (int, error) { - m.length = len(p) - m.reader = bytes.NewReader(p) - return len(p), nil -} - // Seek resets the reader to offset func (m *BinAsset) Seek(offset int64, whence int) (int64, error) { return m.reader.Seek(offset, whence) diff --git a/pkg/minikube/command/command_runner.go b/pkg/minikube/command/command_runner.go index 3abd0dbdfc..41619b1af8 100644 --- a/pkg/minikube/command/command_runner.go +++ b/pkg/minikube/command/command_runner.go @@ -75,9 +75,6 @@ type Runner interface { // Copy is a convenience method that runs a command to copy a file Copy(assets.CopyableFile) error - // CopyFrom is a convenience method that runs a command to copy a file back - CopyFrom(assets.CopyableFile) error - // Remove is a convenience method that runs a command to remove a file Remove(assets.CopyableFile) error } diff --git a/pkg/minikube/command/exec_runner.go b/pkg/minikube/command/exec_runner.go index 7d91519776..b803b9b949 100644 --- a/pkg/minikube/command/exec_runner.go +++ b/pkg/minikube/command/exec_runner.go @@ -184,24 +184,6 @@ func (e *execRunner) Copy(f assets.CopyableFile) error { return writeFile(dst, f, os.FileMode(perms)) } -// CopyFrom copies a file -func (e *execRunner) CopyFrom(f assets.CopyableFile) error { - src := path.Join(f.GetTargetDir(), f.GetTargetName()) - - dst := f.GetSourcePath() - klog.Infof("cp: %s --> %s (%d bytes)", src, dst, f.GetLength()) - if f.GetLength() == 0 { - klog.Warningf("0 byte asset: %+v", f) - } - - perms, err := strconv.ParseInt(f.GetPermissions(), 8, 0) - if err != nil || perms > 07777 { - return errors.Wrapf(err, "error converting permissions %s to integer", f.GetPermissions()) - } - - return writeFile(dst, f, os.FileMode(perms)) -} - // Remove removes a file func (e *execRunner) Remove(f assets.CopyableFile) error { dst := filepath.Join(f.GetTargetDir(), f.GetTargetName()) diff --git a/pkg/minikube/command/fake_runner.go b/pkg/minikube/command/fake_runner.go index 0e8521a99f..b663ff7a38 100644 --- a/pkg/minikube/command/fake_runner.go +++ b/pkg/minikube/command/fake_runner.go @@ -142,19 +142,6 @@ func (f *FakeCommandRunner) Copy(file assets.CopyableFile) error { return nil } -func (f *FakeCommandRunner) CopyFrom(file assets.CopyableFile) error { - v, ok := f.fileMap.Load(file.GetSourcePath()) - if !ok { - return fmt.Errorf("not found in map") - } - b := v.(bytes.Buffer) - _, err := io.Copy(file, &b) - if err != nil { - return errors.Wrapf(err, "error writing file: %+v", file) - } - return nil -} - // Remove removes the filename, file contents key value pair from the stored map func (f *FakeCommandRunner) Remove(file assets.CopyableFile) error { f.fileMap.Delete(file.GetSourcePath()) diff --git a/pkg/minikube/command/kic_runner.go b/pkg/minikube/command/kic_runner.go index 7156246ff2..71e56feb77 100644 --- a/pkg/minikube/command/kic_runner.go +++ b/pkg/minikube/command/kic_runner.go @@ -204,15 +204,6 @@ func (k *kicRunner) Copy(f assets.CopyableFile) error { return k.copy(tf.Name(), dst) } -// CopyFrom copies a file -func (k *kicRunner) CopyFrom(f assets.CopyableFile) error { - src := f.GetTargetPath() - dst := f.GetSourcePath() - - klog.Infof("%s (direct): %s --> %s", k.ociBin, src, dst) - return k.copyFrom(src, dst) -} - // tempDirectory returns the directory to use as the temp directory // or an empty string if it should use the os default temp directory. func tempDirectory(isMinikubeSnap bool, isDockerSnap bool) (string, error) { @@ -238,14 +229,6 @@ func (k *kicRunner) copy(src string, dst string) error { return copyToDocker(src, fullDest) } -func (k *kicRunner) copyFrom(src string, dst string) error { - fullSource := fmt.Sprintf("%s:%s", k.nameOrID, src) - if k.ociBin == oci.Podman { - return copyToPodman(fullSource, dst) - } - return copyToDocker(fullSource, dst) -} - func (k *kicRunner) chmod(dst string, perm string) error { _, err := k.RunCmd(exec.Command("sudo", "chmod", perm, dst)) return err diff --git a/pkg/minikube/command/ssh_runner.go b/pkg/minikube/command/ssh_runner.go index d0044f4c74..fe92bffe00 100644 --- a/pkg/minikube/command/ssh_runner.go +++ b/pkg/minikube/command/ssh_runner.go @@ -17,14 +17,11 @@ limitations under the License. package command import ( - "bufio" "bytes" "fmt" "io" "os/exec" "path" - "strconv" - "strings" "sync" "time" @@ -376,82 +373,3 @@ func (s *SSHRunner) Copy(f assets.CopyableFile) error { } return g.Wait() } - -// CopyFrom copies a file from the remote over SSH. -func (s *SSHRunner) CopyFrom(f assets.CopyableFile) error { - dst := path.Join(path.Join(f.GetTargetDir(), f.GetTargetName())) - - sess, err := s.session() - if err != nil { - return errors.Wrap(err, "NewSession") - } - defer func() { - if err := sess.Close(); err != nil { - if err != io.EOF { - klog.Errorf("session close: %v", err) - } - } - }() - - cmd := exec.Command("stat", "-c", "%s", dst) - rr, err := s.RunCmd(cmd) - if err != nil { - return fmt.Errorf("%s: %v", cmd, err) - } - length, err := strconv.Atoi(strings.TrimSuffix(rr.Stdout.String(), "\n")) - if err != nil { - return err - } - src := f.GetSourcePath() - klog.Infof("scp %s --> %s (%d bytes)", dst, src, length) - f.SetLength(length) - - r, err := sess.StdoutPipe() - if err != nil { - return errors.Wrap(err, "StdoutPipe") - } - w, err := sess.StdinPipe() - if err != nil { - return errors.Wrap(err, "StdinPipe") - } - // The scpcmd below *should not* return until all data is copied and the - // StdinPipe is closed. But let's use errgroup to make it explicit. - var g errgroup.Group - var copied int64 - - g.Go(func() error { - defer w.Close() - br := bufio.NewReader(r) - fmt.Fprint(w, "\x00") - b, err := br.ReadBytes('\n') - if err != nil { - return errors.Wrap(err, "ReadBytes") - } - if b[0] != 'C' { - return fmt.Errorf("unexpected: %v", b) - } - fmt.Fprint(w, "\x00") - - copied = 0 - for copied < int64(length) { - n, err := io.CopyN(f, br, int64(length)) - if err != nil { - return errors.Wrap(err, "io.CopyN") - } - copied += n - } - fmt.Fprint(w, "\x00") - err = sess.Wait() - if err != nil { - return err - } - return nil - }) - - scp := fmt.Sprintf("sudo scp -f %s", f.GetTargetPath()) - err = sess.Start(scp) - if err != nil { - return fmt.Errorf("%s: %s", scp, err) - } - return g.Wait() -} diff --git a/pkg/minikube/cruntime/cruntime.go b/pkg/minikube/cruntime/cruntime.go index e2df9d83a9..95d9084839 100644 --- a/pkg/minikube/cruntime/cruntime.go +++ b/pkg/minikube/cruntime/cruntime.go @@ -65,8 +65,6 @@ type CommandRunner interface { WaitCmd(sc *command.StartedCmd) (*command.RunResult, error) // Copy is a convenience method that runs a command to copy a file Copy(assets.CopyableFile) error - // CopyFrom is a convenience method that runs a command to copy a file back - CopyFrom(assets.CopyableFile) error // Remove is a convenience method that runs a command to remove a file Remove(assets.CopyableFile) error } diff --git a/pkg/minikube/cruntime/cruntime_test.go b/pkg/minikube/cruntime/cruntime_test.go index 3a55059cc4..ca1c6cd54b 100644 --- a/pkg/minikube/cruntime/cruntime_test.go +++ b/pkg/minikube/cruntime/cruntime_test.go @@ -236,10 +236,6 @@ func (f *FakeRunner) Copy(assets.CopyableFile) error { return nil } -func (f *FakeRunner) CopyFrom(assets.CopyableFile) error { - return nil -} - func (f *FakeRunner) Remove(assets.CopyableFile) error { return nil } diff --git a/pkg/minikube/image/image.go b/pkg/minikube/image/image.go index f10b4c16fd..7814ce9abd 100644 --- a/pkg/minikube/image/image.go +++ b/pkg/minikube/image/image.go @@ -33,12 +33,10 @@ import ( "github.com/google/go-containerregistry/pkg/v1/daemon" "github.com/google/go-containerregistry/pkg/v1/mutate" "github.com/google/go-containerregistry/pkg/v1/remote" - "github.com/google/go-containerregistry/pkg/v1/tarball" "github.com/pkg/errors" "k8s.io/klog/v2" "k8s.io/minikube/pkg/minikube/constants" - "k8s.io/minikube/pkg/minikube/localpath" ) const ( @@ -193,62 +191,6 @@ func retrieveRemote(ref name.Reference, p v1.Platform) (v1.Image, error) { return img, err } -// imagePathInCache returns path in local cache directory -func imagePathInCache(img string) string { - f := filepath.Join(constants.ImageCacheDir, img) - f = localpath.SanitizeCacheDir(f) - return f -} - -func UploadCachedImage(imgName string) error { - tag, err := name.NewTag(imgName, name.WeakValidation) - if err != nil { - klog.Infof("error parsing image name %s tag %v ", imgName, err) - return err - } - return uploadImage(tag, imagePathInCache(imgName)) -} - -func uploadImage(tag name.Tag, p string) error { - var err error - var img v1.Image - - if !useDaemon && !useRemote { - return fmt.Errorf("neither daemon nor remote") - } - - img, err = tarball.ImageFromPath(p, &tag) - if err != nil { - return errors.Wrap(err, "tarball") - } - ref := name.Reference(tag) - - klog.Infof("uploading image: %+v from: %s", ref, p) - if useDaemon { - return uploadDaemon(ref, img) - } - if useRemote { - return uploadRemote(ref, img, defaultPlatform) - } - return nil -} - -func uploadDaemon(ref name.Reference, img v1.Image) error { - resp, err := daemon.Write(ref, img) - if err != nil { - klog.Warningf("daemon load for %s: %v\n%s", ref, err, resp) - } - return err -} - -func uploadRemote(ref name.Reference, img v1.Image, p v1.Platform) error { - err := remote.Write(ref, img, remote.WithAuthFromKeychain(authn.DefaultKeychain), remote.WithPlatform(p)) - if err != nil { - klog.Warningf("remote push for %s: %v", ref, err) - } - return err -} - // See https://github.com/kubernetes/minikube/issues/10402 // check if downloaded image Architecture field matches the requested and fix it otherwise func fixPlatform(ref name.Reference, img v1.Image, p v1.Platform) (v1.Image, error) { diff --git a/pkg/minikube/machine/cache_images.go b/pkg/minikube/machine/cache_images.go index f7ba9b8e3f..ad97ddcf8d 100644 --- a/pkg/minikube/machine/cache_images.go +++ b/pkg/minikube/machine/cache_images.go @@ -19,7 +19,6 @@ package machine import ( "fmt" "os" - "os/exec" "path" "path/filepath" "sort" @@ -49,9 +48,6 @@ var loadRoot = path.Join(vmpath.GuestPersistentDir, "images") // loadImageLock is used to serialize image loads to avoid overloading the guest VM var loadImageLock sync.Mutex -// saveRoot is where images should be saved from within the guest VM -var saveRoot = path.Join(vmpath.GuestPersistentDir, "images") - // CacheImagesForBootstrapper will cache images for a bootstrapper func CacheImagesForBootstrapper(imageRepository string, version string, clusterBootstrapper string) error { images, err := bootstrapper.GetCachedImageList(imageRepository, version, clusterBootstrapper) @@ -330,173 +326,6 @@ func removeExistingImage(r cruntime.Manager, src string, imgName string) error { return nil } -// SaveCachedImages saves from the container runtime to the cache -func SaveCachedImages(cc *config.ClusterConfig, runner command.Runner, images []string, cacheDir string) error { - klog.Infof("SaveImages start: %s", images) - start := time.Now() - - defer func() { - klog.Infof("SaveImages completed in %s", time.Since(start)) - }() - - var g errgroup.Group - - for _, image := range images { - image := image - g.Go(func() error { - return transferAndSaveCachedImage(runner, cc.KubernetesConfig, image, cacheDir) - }) - } - if err := g.Wait(); err != nil { - return errors.Wrap(err, "saving cached images") - } - klog.Infoln("Successfully saved all cached images") - return nil -} - -// SaveLocalImages saves images from the container runtime -func SaveLocalImages(cc *config.ClusterConfig, runner command.Runner, images []string, output string) error { - var g errgroup.Group - for _, image := range images { - image := image - g.Go(func() error { - return transferAndSaveImage(runner, cc.KubernetesConfig, output, image) - }) - } - if err := g.Wait(); err != nil { - return errors.Wrap(err, "saving images") - } - klog.Infoln("Successfully saved all images") - return nil -} - -// SaveAndCacheImages saves images from all profiles into the cache -func SaveAndCacheImages(images []string, profiles []*config.Profile) error { - if len(images) == 0 { - return nil - } - - return DoSaveImages(images, "", profiles, constants.ImageCacheDir) -} - -// DoSaveImages saves images from all profiles -func DoSaveImages(images []string, output string, profiles []*config.Profile, cacheDir string) error { - api, err := NewAPIClient() - if err != nil { - return errors.Wrap(err, "api") - } - defer api.Close() - - klog.Infof("Save images: %q", images) - - succeeded := []string{} - failed := []string{} - - for _, p := range profiles { // loading images to all running profiles - pName := p.Name // capture the loop variable - - c, err := config.Load(pName) - if err != nil { - // Non-fatal because it may race with profile deletion - klog.Errorf("Failed to load profile %q: %v", pName, err) - failed = append(failed, pName) - continue - } - - for _, n := range c.Nodes { - m := config.MachineName(*c, n) - - status, err := Status(api, m) - if err != nil { - klog.Warningf("error getting status for %s: %v", m, err) - failed = append(failed, m) - continue - } - - if status == state.Running.String() { // the not running hosts will load on next start - h, err := api.Load(m) - if err != nil { - klog.Warningf("Failed to load machine %q: %v", m, err) - failed = append(failed, m) - continue - } - cr, err := CommandRunner(h) - if err != nil { - return err - } - if cacheDir != "" { - // saving image names, to cache - err = SaveCachedImages(c, cr, images, cacheDir) - } else { - // saving mage files - err = SaveLocalImages(c, cr, images, output) - } - if err != nil { - failed = append(failed, m) - klog.Warningf("Failed to load cached images for profile %s. make sure the profile is running. %v", pName, err) - continue - } - succeeded = append(succeeded, m) - } - } - } - - klog.Infof("succeeded pulling from : %s", strings.Join(succeeded, " ")) - klog.Infof("failed pulling from : %s", strings.Join(failed, " ")) - // Live pushes are not considered a failure - return nil -} - -// transferAndSaveCachedImage transfers and loads a single image from the cache -func transferAndSaveCachedImage(cr command.Runner, k8s config.KubernetesConfig, imgName string, cacheDir string) error { - dst := filepath.Join(cacheDir, imgName) - dst = localpath.SanitizeCacheDir(dst) - return transferAndSaveImage(cr, k8s, dst, imgName) -} - -// transferAndSaveImage transfers and loads a single image -func transferAndSaveImage(cr command.Runner, k8s config.KubernetesConfig, dst string, imgName string) error { - r, err := cruntime.New(cruntime.Config{Type: k8s.ContainerRuntime, Runner: cr}) - if err != nil { - return errors.Wrap(err, "runtime") - } - - klog.Infof("Saving image to: %s", dst) - filename := filepath.Base(dst) - - _, err = os.OpenFile(dst, os.O_CREATE|os.O_WRONLY, 0777) - if err != nil { - return err - } - - f, err := assets.NewFileAsset(dst, saveRoot, filename, "0644") - if err != nil { - return errors.Wrapf(err, "creating copyable file asset: %s", filename) - } - defer func() { - if err := f.Close(); err != nil { - klog.Warningf("error closing the file %s: %v", f.GetSourcePath(), err) - } - }() - - src := path.Join(saveRoot, filename) - args := append([]string{"rm", "-f"}, src) - if _, err := cr.RunCmd(exec.Command("sudo", args...)); err != nil { - return err - } - err = r.SaveImage(imgName, src) - if err != nil { - return errors.Wrapf(err, "%s save %s", r.Name(), src) - } - - if err := cr.CopyFrom(f); err != nil { - return errors.Wrap(err, "transferring cached image") - } - - klog.Infof("Transferred and saved %s to cache", dst) - return nil -} - // pullImages pulls images to the container run time func pullImages(cruntime cruntime.Manager, images []string) error { klog.Infof("PullImages start: %s", images) diff --git a/pkg/minikube/reason/reason.go b/pkg/minikube/reason/reason.go index dc01e2f3ae..9b044e45b8 100644 --- a/pkg/minikube/reason/reason.go +++ b/pkg/minikube/reason/reason.go @@ -317,8 +317,6 @@ var ( GuestImageRemove = Kind{ID: "GUEST_IMAGE_REMOVE", ExitCode: ExGuestError} // minikube failed to build an image GuestImageBuild = Kind{ID: "GUEST_IMAGE_BUILD", ExitCode: ExGuestError} - // minikube failed to push or save an image - GuestImageSave = Kind{ID: "GUEST_IMAGE_SAVE", ExitCode: ExGuestError} // minikube failed to load host GuestLoadHost = Kind{ID: "GUEST_LOAD_HOST", ExitCode: ExGuestError} // minkube failed to create a mount diff --git a/site/content/en/docs/commands/image.md b/site/content/en/docs/commands/image.md index 112794ff40..299e0c80ae 100644 --- a/site/content/en/docs/commands/image.md +++ b/site/content/en/docs/commands/image.md @@ -264,51 +264,3 @@ $ minikube image unload image busybox --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging ``` -## minikube image save - -Save a image from minikube - -### Synopsis - -Save a image from minikube - -```shell -minikube image save IMAGE [ARCHIVE | -] [flags] -``` - -### Examples - -``` -minikube image save image -minikube image save image image.tar -``` - -### Options - -``` - --daemon Cache image to docker daemon - --remote Cache image to remote registry -``` - -### Options inherited from parent commands - -``` - --add_dir_header If true, adds the file directory to the header of the log messages - --alsologtostderr log to standard error as well as files - -b, --bootstrapper string The name of the cluster bootstrapper that will set up the Kubernetes cluster. (default "kubeadm") - -h, --help - --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) - --log_dir string If non-empty, write log files in this directory - --log_file string If non-empty, use this log file - --log_file_max_size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) - --logtostderr log to standard error instead of files - --one_output If true, only write logs to their native severity level (vs also writing to each lower severity level) - -p, --profile string The name of the minikube VM being used. This can be set to allow having multiple instances of minikube independently. (default "minikube") - --skip_headers If true, avoid header prefixes in the log messages - --skip_log_headers If true, avoid headers when opening log files - --stderrthreshold severity logs at or above this threshold go to stderr (default 2) - --user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username. - -v, --v Level number for the log level verbosity - --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging -``` - diff --git a/site/content/en/docs/contrib/errorcodes.en.md b/site/content/en/docs/contrib/errorcodes.en.md index c3621b7ed4..d2589bf1e5 100644 --- a/site/content/en/docs/contrib/errorcodes.en.md +++ b/site/content/en/docs/contrib/errorcodes.en.md @@ -381,9 +381,6 @@ minikube failed to remove an image "GUEST_IMAGE_BUILD" (Exit code ExGuestError) minikube failed to build an image -"GUEST_IMAGE_SAVE" (Exit code ExGuestError) -minikube failed to push or save an image - "GUEST_LOAD_HOST" (Exit code ExGuestError) minikube failed to load host From a6d75ff368a8ec846491c69deec65a61187edf8b Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Fri, 13 Aug 2021 21:15:47 +0000 Subject: [PATCH 128/205] Update auto-generated docs and translations --- translations/de.json | 1 + translations/es.json | 1 + translations/fr.json | 1 + translations/ja.json | 1 + translations/ko.json | 1 + translations/pl.json | 1 + translations/strings.txt | 1 + translations/zh-CN.json | 1 + 8 files changed, 8 insertions(+) diff --git a/translations/de.json b/translations/de.json index 4e495e4688..7939370b14 100644 --- a/translations/de.json +++ b/translations/de.json @@ -562,6 +562,7 @@ "Starts a node.": "", "Starts an existing stopped node in a cluster.": "", "Startup with {{.old_driver}} driver failed, trying with alternate driver {{.new_driver}}: {{.error}}": "", + "Stopped tunnel for service {{.service}}.": "", "Stopping node \"{{.name}}\" ...": "", "Stopping tunnel for service {{.service}}.": "", "Stops a local Kubernetes cluster. This command stops the underlying VM or container, but keeps user data intact. The cluster can be started again with the \"start\" command.": "", diff --git a/translations/es.json b/translations/es.json index 4f728b2483..db2a072f24 100644 --- a/translations/es.json +++ b/translations/es.json @@ -567,6 +567,7 @@ "Starts a node.": "", "Starts an existing stopped node in a cluster.": "", "Startup with {{.old_driver}} driver failed, trying with alternate driver {{.new_driver}}: {{.error}}": "", + "Stopped tunnel for service {{.service}}.": "", "Stopping node \"{{.name}}\" ...": "", "Stopping tunnel for service {{.service}}.": "", "Stops a local Kubernetes cluster. This command stops the underlying VM or container, but keeps user data intact. The cluster can be started again with the \"start\" command.": "", diff --git a/translations/fr.json b/translations/fr.json index 395c2a5881..82ccf25555 100644 --- a/translations/fr.json +++ b/translations/fr.json @@ -568,6 +568,7 @@ "Starts a node.": "Démarre un nœud.", "Starts an existing stopped node in a cluster.": "Démarre un nœud arrêté existant dans un cluster.", "Startup with {{.old_driver}} driver failed, trying with alternate driver {{.new_driver}}: {{.error}}": "Échec du démarrage avec le pilote {{.old_driver}}, essai avec un autre pilote {{.new_driver}} : {{.error}}", + "Stopped tunnel for service {{.service}}.": "", "Stopping \"{{.profile_name}}\" in {{.driver_name}} ...": "Arrêt de \"{{.profile_name}}\" sur {{.driver_name}}...", "Stopping node \"{{.name}}\" ...": "Nœud d'arrêt \"{{.name}}\" ...", "Stopping tunnel for service {{.service}}.": "Tunnel d'arrêt pour le service {{.service}}.", diff --git a/translations/ja.json b/translations/ja.json index c2439c79af..1647f09dfc 100644 --- a/translations/ja.json +++ b/translations/ja.json @@ -561,6 +561,7 @@ "Starts a node.": "", "Starts an existing stopped node in a cluster.": "", "Startup with {{.old_driver}} driver failed, trying with alternate driver {{.new_driver}}: {{.error}}": "", + "Stopped tunnel for service {{.service}}.": "", "Stopping node \"{{.name}}\" ...": "ノード \"{{.name}}\" を停止しています...", "Stopping tunnel for service {{.service}}.": "サービス {{.service}} のトンネルを停止しています。", "Stops a local Kubernetes cluster. This command stops the underlying VM or container, but keeps user data intact. The cluster can be started again with the \"start\" command.": "", diff --git a/translations/ko.json b/translations/ko.json index 312446022d..ca9c9a9995 100644 --- a/translations/ko.json +++ b/translations/ko.json @@ -583,6 +583,7 @@ "Starts a node.": "노드를 시작합니다", "Starts an existing stopped node in a cluster.": "클러스터의 중지된 노드를 시작합니다", "Startup with {{.old_driver}} driver failed, trying with alternate driver {{.new_driver}}: {{.error}}": "", + "Stopped tunnel for service {{.service}}.": "", "Stopping node \"{{.name}}\" ...": "", "Stopping tunnel for service {{.service}}.": "", "Stops a local Kubernetes cluster. This command stops the underlying VM or container, but keeps user data intact. The cluster can be started again with the \"start\" command.": "", diff --git a/translations/pl.json b/translations/pl.json index e634bbdefd..fe3f2b9ee8 100644 --- a/translations/pl.json +++ b/translations/pl.json @@ -581,6 +581,7 @@ "Starts a node.": "", "Starts an existing stopped node in a cluster.": "", "Startup with {{.old_driver}} driver failed, trying with alternate driver {{.new_driver}}: {{.error}}": "", + "Stopped tunnel for service {{.service}}.": "", "Stopping \"{{.profile_name}}\" in {{.driver_name}} ...": "Zatrzymywanie \"{{.profile_name}}\" - {{.driver_name}}...", "Stopping node \"{{.name}}\" ...": "", "Stopping tunnel for service {{.service}}.": "", diff --git a/translations/strings.txt b/translations/strings.txt index 3256057b22..9dfd494451 100644 --- a/translations/strings.txt +++ b/translations/strings.txt @@ -532,6 +532,7 @@ "Starts a node.": "", "Starts an existing stopped node in a cluster.": "", "Startup with {{.old_driver}} driver failed, trying with alternate driver {{.new_driver}}: {{.error}}": "", + "Stopped tunnel for service {{.service}}.": "", "Stopping node \"{{.name}}\" ...": "", "Stopping tunnel for service {{.service}}.": "", "Stops a local Kubernetes cluster. This command stops the underlying VM or container, but keeps user data intact. The cluster can be started again with the \"start\" command.": "", diff --git a/translations/zh-CN.json b/translations/zh-CN.json index a0fa529346..a62527de4b 100644 --- a/translations/zh-CN.json +++ b/translations/zh-CN.json @@ -663,6 +663,7 @@ "Starts a node.": "", "Starts an existing stopped node in a cluster.": "", "Startup with {{.old_driver}} driver failed, trying with alternate driver {{.new_driver}}: {{.error}}": "", + "Stopped tunnel for service {{.service}}.": "", "Stopping node \"{{.name}}\" ...": "", "Stopping tunnel for service {{.service}}.": "", "Stops a local Kubernetes cluster. This command stops the underlying VM or container, but keeps user data intact. The cluster can be started again with the \"start\" command.": "", From 6f608d3704693ec5594d54c9464b5d87b2aaac20 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Thu, 12 Aug 2021 09:19:51 -0700 Subject: [PATCH 129/205] Fix TestStoppedBinaryUpgrade structure so most of the potentially broken code is in a leaf subtest. --- test/integration/version_upgrade_test.go | 76 ++++++++++++------------ 1 file changed, 39 insertions(+), 37 deletions(-) diff --git a/test/integration/version_upgrade_test.go b/test/integration/version_upgrade_test.go index 27311475fb..928cadb643 100644 --- a/test/integration/version_upgrade_test.go +++ b/test/integration/version_upgrade_test.go @@ -161,51 +161,53 @@ func TestStoppedBinaryUpgrade(t *testing.T) { } defer os.Remove(tf.Name()) - args := append([]string{"start", "-p", profile, "--memory=2200"}, legacyStartArgs()...) - rr := &RunResult{} - r := func() error { - c := exec.CommandContext(ctx, tf.Name(), args...) - var legacyEnv []string - // replace the global KUBECONFIG with a fresh kubeconfig - // because for minikube<1.17.0 it can not read the new kubeconfigs that have extra "Extenions" block - // see: https://github.com/kubernetes/minikube/issues/10210 - for _, e := range os.Environ() { - if !strings.Contains(e, "KUBECONFIG") { // get all global envs except the Kubeconfig which is used by new versions of minikubes - legacyEnv = append(legacyEnv, e) + t.Run("Upgrade", func(t *testing.T) { + args := append([]string{"start", "-p", profile, "--memory=2200"}, legacyStartArgs()...) + rr := &RunResult{} + r := func() error { + c := exec.CommandContext(ctx, tf.Name(), args...) + var legacyEnv []string + // replace the global KUBECONFIG with a fresh kubeconfig + // because for minikube<1.17.0 it can not read the new kubeconfigs that have extra "Extenions" block + // see: https://github.com/kubernetes/minikube/issues/10210 + for _, e := range os.Environ() { + if !strings.Contains(e, "KUBECONFIG") { // get all global envs except the Kubeconfig which is used by new versions of minikubes + legacyEnv = append(legacyEnv, e) + } } + // using a fresh kubeconfig for this test + legacyKubeConfig, err := ioutil.TempFile("", "legacy_kubeconfig") + if err != nil { + t.Fatalf("failed to create temp file for legacy kubeconfig %v", err) + } + + defer os.Remove(legacyKubeConfig.Name()) // clean up + legacyEnv = append(legacyEnv, fmt.Sprintf("KUBECONFIG=%s", legacyKubeConfig.Name())) + c.Env = legacyEnv + rr, err = Run(t, c) + return err } - // using a fresh kubeconfig for this test - legacyKubeConfig, err := ioutil.TempFile("", "legacy_kubeconfig") + + // Retry up to two times, to allow flakiness for the legacy release + if err := retry.Expo(r, 1*time.Second, Minutes(30), 2); err != nil { + t.Fatalf("legacy %s start failed: %v", desiredLegacyVersion, err) + } + + rr, err = Run(t, exec.CommandContext(ctx, tf.Name(), "-p", profile, "stop")) if err != nil { - t.Fatalf("failed to create temp file for legacy kubeconfig %v", err) + t.Errorf("failed to stop cluster: %s: %v", rr.Command(), err) } - defer os.Remove(legacyKubeConfig.Name()) // clean up - legacyEnv = append(legacyEnv, fmt.Sprintf("KUBECONFIG=%s", legacyKubeConfig.Name())) - c.Env = legacyEnv - rr, err = Run(t, c) - return err - } - - // Retry up to two times, to allow flakiness for the legacy release - if err := retry.Expo(r, 1*time.Second, Minutes(30), 2); err != nil { - t.Fatalf("legacy %s start failed: %v", desiredLegacyVersion, err) - } - - rr, err = Run(t, exec.CommandContext(ctx, tf.Name(), "-p", profile, "stop")) - if err != nil { - t.Errorf("failed to stop cluster: %s: %v", rr.Command(), err) - } - - args = append([]string{"start", "-p", profile, "--memory=2200", "--alsologtostderr", "-v=1"}, StartArgs()...) - rr, err = Run(t, exec.CommandContext(ctx, Target(), args...)) - if err != nil { - t.Fatalf("upgrade from %s to HEAD failed: %s: %v", desiredLegacyVersion, rr.Command(), err) - } + args = append([]string{"start", "-p", profile, "--memory=2200", "--alsologtostderr", "-v=1"}, StartArgs()...) + rr, err = Run(t, exec.CommandContext(ctx, Target(), args...)) + if err != nil { + t.Fatalf("upgrade from %s to HEAD failed: %s: %v", desiredLegacyVersion, rr.Command(), err) + } + }) t.Run("MinikubeLogs", func(t *testing.T) { args := []string{"logs", "-p", profile} - rr, err = Run(t, exec.CommandContext(ctx, Target(), args...)) + _, err := Run(t, exec.CommandContext(ctx, Target(), args...)) if err != nil { t.Fatalf("`minikube logs` after upgrade to HEAD from %s failed: %v", desiredLegacyVersion, err) } From e7c190b3267f842ab4dba32c204af003f2a98e3c Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Thu, 12 Aug 2021 09:25:27 -0700 Subject: [PATCH 130/205] Fix TestJSONOutput tests when failing on the specific command. --- test/integration/json_output_test.go | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/test/integration/json_output_test.go b/test/integration/json_output_test.go index 1505f95dd8..72eda4bb5c 100644 --- a/test/integration/json_output_test.go +++ b/test/integration/json_output_test.go @@ -55,18 +55,21 @@ func TestJSONOutput(t *testing.T) { for _, test := range tests { t.Run(test.command, func(t *testing.T) { - args := []string{test.command, "-p", profile, "--output=json", "--user=testUser"} - args = append(args, test.args...) + var ces []*cloudEvent + t.Run("Command", func(t *testing.T) { + args := []string{test.command, "-p", profile, "--output=json", "--user=testUser"} + args = append(args, test.args...) - rr, err := Run(t, exec.CommandContext(ctx, Target(), args...)) - if err != nil { - t.Errorf("failed to clean up: args %q: %v", rr.Command(), err) - } + rr, err := Run(t, exec.CommandContext(ctx, Target(), args...)) + if err != nil { + t.Errorf("failed to clean up: args %q: %v", rr.Command(), err) + } - ces, err := cloudEvents(t, rr) - if err != nil { - t.Fatalf("converting to cloud events: %v\n", err) - } + ces, err = cloudEvents(t, rr) + if err != nil { + t.Fatalf("converting to cloud events: %v\n", err) + } + }) t.Run("Audit", func(t *testing.T) { got, err := auditContains("testUser") From 1d2b78197beffde561e271fd3ac888f1f6aaf729 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Thu, 12 Aug 2021 09:34:29 -0700 Subject: [PATCH 131/205] Fix TestAddons to perform setup in a subtest and final checks in another subtest. --- test/integration/addons_test.go | 118 +++++++++++++++++--------------- 1 file changed, 61 insertions(+), 57 deletions(-) diff --git a/test/integration/addons_test.go b/test/integration/addons_test.go index 59025f671f..7cea83a66c 100644 --- a/test/integration/addons_test.go +++ b/test/integration/addons_test.go @@ -46,58 +46,60 @@ func TestAddons(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), Minutes(40)) defer Cleanup(t, profile, cancel) - // We don't need a dummy file is we're on GCE - if !detect.IsOnGCE() || detect.IsCloudShell() { - // Set an env var to point to our dummy credentials file - err := os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", filepath.Join(*testdataDir, "gcp-creds.json")) - defer os.Unsetenv("GOOGLE_APPLICATION_CREDENTIALS") - if err != nil { - t.Fatalf("Failed setting GOOGLE_APPLICATION_CREDENTIALS env var: %v", err) + t.Run("Setup", func(t *testing.T) { + // We don't need a dummy file is we're on GCE + if !detect.IsOnGCE() || detect.IsCloudShell() { + // Set an env var to point to our dummy credentials file + err := os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", filepath.Join(*testdataDir, "gcp-creds.json")) + defer os.Unsetenv("GOOGLE_APPLICATION_CREDENTIALS") + if err != nil { + t.Fatalf("Failed setting GOOGLE_APPLICATION_CREDENTIALS env var: %v", err) + } + + err = os.Setenv("GOOGLE_CLOUD_PROJECT", "this_is_fake") + defer os.Unsetenv("GOOGLE_CLOUD_PROJECT") + if err != nil { + t.Fatalf("Failed setting GOOGLE_CLOUD_PROJECT env var: %v", err) + } } - err = os.Setenv("GOOGLE_CLOUD_PROJECT", "this_is_fake") - defer os.Unsetenv("GOOGLE_CLOUD_PROJECT") - if err != nil { - t.Fatalf("Failed setting GOOGLE_CLOUD_PROJECT env var: %v", err) + args := append([]string{"start", "-p", profile, "--wait=true", "--memory=4000", "--alsologtostderr", "--addons=registry", "--addons=metrics-server", "--addons=olm", "--addons=volumesnapshots", "--addons=csi-hostpath-driver"}, StartArgs()...) + if !NoneDriver() && !(runtime.GOOS == "darwin" && KicDriver()) { // none driver and macos docker driver does not support ingress + args = append(args, "--addons=ingress") + } + if !arm64Platform() { + args = append(args, "--addons=helm-tiller") + } + if !detect.IsOnGCE() { + args = append(args, "--addons=gcp-auth") } - } - - args := append([]string{"start", "-p", profile, "--wait=true", "--memory=4000", "--alsologtostderr", "--addons=registry", "--addons=metrics-server", "--addons=olm", "--addons=volumesnapshots", "--addons=csi-hostpath-driver"}, StartArgs()...) - if !NoneDriver() && !(runtime.GOOS == "darwin" && KicDriver()) { // none driver and macos docker driver does not support ingress - args = append(args, "--addons=ingress") - } - if !arm64Platform() { - args = append(args, "--addons=helm-tiller") - } - if !detect.IsOnGCE() { - args = append(args, "--addons=gcp-auth") - } - rr, err := Run(t, exec.CommandContext(ctx, Target(), args...)) - if err != nil { - t.Fatalf("%s failed: %v", rr.Command(), err) - } - - // If we're running the integration tests on GCE, which is frequently the case, first check to make sure we exit out properly, - // then use force to actually test using creds. - if detect.IsOnGCE() { - args = []string{"-p", profile, "addons", "enable", "gcp-auth"} rr, err := Run(t, exec.CommandContext(ctx, Target(), args...)) - if err == nil { - t.Errorf("Expected error but didn't get one. command %v, output %v", rr.Command(), rr.Output()) - } else { - if !strings.Contains(rr.Output(), "It seems that you are running in GCE") { - t.Errorf("Unexpected error message: %v", rr.Output()) + if err != nil { + t.Fatalf("%s failed: %v", rr.Command(), err) + } + + // If we're running the integration tests on GCE, which is frequently the case, first check to make sure we exit out properly, + // then use force to actually test using creds. + if detect.IsOnGCE() { + args = []string{"-p", profile, "addons", "enable", "gcp-auth"} + rr, err := Run(t, exec.CommandContext(ctx, Target(), args...)) + if err == nil { + t.Errorf("Expected error but didn't get one. command %v, output %v", rr.Command(), rr.Output()) } else { - // ok, use force here since we are in GCE - // do not use --force unless absolutely necessary - args = append(args, "--force") - rr, err := Run(t, exec.CommandContext(ctx, Target(), args...)) - if err != nil { - t.Errorf("%s failed: %v", rr.Command(), err) + if !strings.Contains(rr.Output(), "It seems that you are running in GCE") { + t.Errorf("Unexpected error message: %v", rr.Output()) + } else { + // ok, use force here since we are in GCE + // do not use --force unless absolutely necessary + args = append(args, "--force") + rr, err := Run(t, exec.CommandContext(ctx, Target(), args...)) + if err != nil { + t.Errorf("%s failed: %v", rr.Command(), err) + } } } } - } + }) // Parallelized tests t.Run("parallel", func(t *testing.T) { @@ -125,19 +127,21 @@ func TestAddons(t *testing.T) { } }) - // Assert that disable/enable works offline - rr, err = Run(t, exec.CommandContext(ctx, Target(), "stop", "-p", profile)) - if err != nil { - t.Errorf("failed to stop minikube. args %q : %v", rr.Command(), err) - } - rr, err = Run(t, exec.CommandContext(ctx, Target(), "addons", "enable", "dashboard", "-p", profile)) - if err != nil { - t.Errorf("failed to enable dashboard addon: args %q : %v", rr.Command(), err) - } - rr, err = Run(t, exec.CommandContext(ctx, Target(), "addons", "disable", "dashboard", "-p", profile)) - if err != nil { - t.Errorf("failed to disable dashboard addon: args %q : %v", rr.Command(), err) - } + t.Run("StoppedEnableDisable", func(t *testing.T) { + // Assert that disable/enable works offline + rr, err := Run(t, exec.CommandContext(ctx, Target(), "stop", "-p", profile)) + if err != nil { + t.Errorf("failed to stop minikube. args %q : %v", rr.Command(), err) + } + rr, err = Run(t, exec.CommandContext(ctx, Target(), "addons", "enable", "dashboard", "-p", profile)) + if err != nil { + t.Errorf("failed to enable dashboard addon: args %q : %v", rr.Command(), err) + } + rr, err = Run(t, exec.CommandContext(ctx, Target(), "addons", "disable", "dashboard", "-p", profile)) + if err != nil { + t.Errorf("failed to disable dashboard addon: args %q : %v", rr.Command(), err) + } + }) } // validateIngressAddon tests the ingress addon by deploying a default nginx pod From 58ab8876b5b2bd686f90dff61555389b0d3460bc Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Thu, 12 Aug 2021 13:22:08 -0700 Subject: [PATCH 132/205] Fix TestGuestEnvironment structure. --- test/integration/guest_env_test.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/test/integration/guest_env_test.go b/test/integration/guest_env_test.go index a55f95cccb..21f274b477 100644 --- a/test/integration/guest_env_test.go +++ b/test/integration/guest_env_test.go @@ -35,11 +35,13 @@ func TestGuestEnvironment(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), Minutes(15)) defer CleanupWithLogs(t, profile, cancel) - args := append([]string{"start", "-p", profile, "--install-addons=false", "--memory=2048", "--wait=false"}, StartArgs()...) - rr, err := Run(t, exec.CommandContext(ctx, Target(), args...)) - if err != nil { - t.Errorf("failed to start minikube: args %q: %v", rr.Command(), err) - } + t.Run("Setup", func(t *testing.T) { + args := append([]string{"start", "-p", profile, "--install-addons=false", "--memory=2048", "--wait=false"}, StartArgs()...) + rr, err := Run(t, exec.CommandContext(ctx, Target(), args...)) + if err != nil { + t.Errorf("failed to start minikube: args %q: %v", rr.Command(), err) + } + }) // Run as a group so that our defer doesn't happen as tests are runnings t.Run("Binaries", func(t *testing.T) { From c67ceaabee6c00837e11f5eb57f02a6554a8e8a3 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Thu, 12 Aug 2021 13:28:31 -0700 Subject: [PATCH 133/205] Fix tunnel test. --- .../functional_test_tunnel_test.go | 37 +++++++++++-------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/test/integration/functional_test_tunnel_test.go b/test/integration/functional_test_tunnel_test.go index 299d2c1c32..2b3d89b578 100644 --- a/test/integration/functional_test_tunnel_test.go +++ b/test/integration/functional_test_tunnel_test.go @@ -135,24 +135,29 @@ func validateServiceStable(ctx context.Context, t *testing.T, profile string) { if GithubActionRunner() && runtime.GOOS == "darwin" { t.Skip("The test WaitService is broken on github actions in macos https://github.com/kubernetes/minikube/issues/8434") } - checkRoutePassword(t) + setupFailed := t.Run("Setup", func(t *testing.T) { + checkRoutePassword(t) - client, err := kapi.Client(profile) - if err != nil { - t.Fatalf("failed to get Kubernetes client for %q: %v", profile, err) - } + client, err := kapi.Client(profile) + if err != nil { + t.Fatalf("failed to get Kubernetes client for %q: %v", profile, err) + } - // Start the "nginx" pod. - rr, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "apply", "-f", filepath.Join(*testdataDir, "testsvc.yaml"))) - if err != nil { - t.Fatalf("%s failed: %v", rr.Command(), err) - } - if _, err := PodWait(ctx, t, profile, "default", "run=nginx-svc", Minutes(4)); err != nil { - t.Fatalf("wait: %v", err) - } + // Start the "nginx" pod. + rr, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "apply", "-f", filepath.Join(*testdataDir, "testsvc.yaml"))) + if err != nil { + t.Fatalf("%s failed: %v", rr.Command(), err) + } + if _, err := PodWait(ctx, t, profile, "default", "run=nginx-svc", Minutes(4)); err != nil { + t.Fatalf("wait: %v", err) + } - if err := kapi.WaitForService(client, "default", "nginx-svc", true, 1*time.Second, Minutes(2)); err != nil { - t.Fatal(errors.Wrap(err, "Error waiting for nginx service to be up")) + if err := kapi.WaitForService(client, "default", "nginx-svc", true, 1*time.Second, Minutes(2)); err != nil { + t.Fatal(errors.Wrap(err, "Error waiting for nginx service to be up")) + } + }) + if setupFailed { + t.Fatal("Failed setup") } t.Run("IngressIP", func(t *testing.T) { @@ -160,7 +165,7 @@ func validateServiceStable(ctx context.Context, t *testing.T, profile string) { t.Skip("The test WaitService/IngressIP is broken on hyperv https://github.com/kubernetes/minikube/issues/8381") } // Wait until the nginx-svc has a loadbalancer ingress IP - err = wait.PollImmediate(5*time.Second, Minutes(3), func() (bool, error) { + err := wait.PollImmediate(5*time.Second, Minutes(3), func() (bool, error) { rr, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "get", "svc", "nginx-svc", "-o", "jsonpath={.status.loadBalancer.ingress[0].ip}")) if err != nil { return false, err From 486e475929114671a41c0ba3c622faadee10794e Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Thu, 12 Aug 2021 13:49:08 -0700 Subject: [PATCH 134/205] Propagate t.Fatalf on setup failure and ensure cleanup is done correctly for TestAddons. --- test/integration/addons_test.go | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/test/integration/addons_test.go b/test/integration/addons_test.go index 7cea83a66c..513b78ec8f 100644 --- a/test/integration/addons_test.go +++ b/test/integration/addons_test.go @@ -46,18 +46,22 @@ func TestAddons(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), Minutes(40)) defer Cleanup(t, profile, cancel) - t.Run("Setup", func(t *testing.T) { + setupFailed := t.Run("Setup", func(t *testing.T) { // We don't need a dummy file is we're on GCE if !detect.IsOnGCE() || detect.IsCloudShell() { // Set an env var to point to our dummy credentials file err := os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", filepath.Join(*testdataDir, "gcp-creds.json")) - defer os.Unsetenv("GOOGLE_APPLICATION_CREDENTIALS") + t.Cleanup(func() { + os.Unsetenv("GOOGLE_APPLICATION_CREDENTIALS") + }) if err != nil { t.Fatalf("Failed setting GOOGLE_APPLICATION_CREDENTIALS env var: %v", err) } err = os.Setenv("GOOGLE_CLOUD_PROJECT", "this_is_fake") - defer os.Unsetenv("GOOGLE_CLOUD_PROJECT") + t.Cleanup(func() { + os.Unsetenv("GOOGLE_CLOUD_PROJECT") + }) if err != nil { t.Fatalf("Failed setting GOOGLE_CLOUD_PROJECT env var: %v", err) } @@ -101,6 +105,10 @@ func TestAddons(t *testing.T) { } }) + if setupFailed { + t.Fatalf("Failed setup for addon tests") + } + // Parallelized tests t.Run("parallel", func(t *testing.T) { tests := []struct { From 7697b41c738e64d7c4b3f65f12fa72a7f2e87bdf Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Fri, 13 Aug 2021 13:53:56 -0700 Subject: [PATCH 135/205] Move test skipping to start of TunnelTest. --- test/integration/functional_test_tunnel_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/integration/functional_test_tunnel_test.go b/test/integration/functional_test_tunnel_test.go index 2b3d89b578..1d2d9c7ca5 100644 --- a/test/integration/functional_test_tunnel_test.go +++ b/test/integration/functional_test_tunnel_test.go @@ -135,9 +135,8 @@ func validateServiceStable(ctx context.Context, t *testing.T, profile string) { if GithubActionRunner() && runtime.GOOS == "darwin" { t.Skip("The test WaitService is broken on github actions in macos https://github.com/kubernetes/minikube/issues/8434") } + checkRoutePassword(t) setupFailed := t.Run("Setup", func(t *testing.T) { - checkRoutePassword(t) - client, err := kapi.Client(profile) if err != nil { t.Fatalf("failed to get Kubernetes client for %q: %v", profile, err) From 4f8adb6f6d47fbc41e9d2113c7dd561acd52c5cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Fri, 13 Aug 2021 23:30:12 +0200 Subject: [PATCH 136/205] Add output parameter to the docker-env none shell Allows structured output as json and yaml, in addition to the previous text output format. Note that keys might not be sorted. --- cmd/minikube/cmd/docker-env.go | 85 +++++++++++++++++++++ site/content/en/docs/commands/docker-env.md | 11 +-- 2 files changed, 91 insertions(+), 5 deletions(-) diff --git a/cmd/minikube/cmd/docker-env.go b/cmd/minikube/cmd/docker-env.go index 83858724b6..f9dc625308 100644 --- a/cmd/minikube/cmd/docker-env.go +++ b/cmd/minikube/cmd/docker-env.go @@ -20,6 +20,7 @@ limitations under the License. package cmd import ( + "encoding/json" "fmt" "io" "net" @@ -33,6 +34,7 @@ import ( apiWait "k8s.io/apimachinery/pkg/util/wait" "github.com/spf13/cobra" + "gopkg.in/yaml.v2" "k8s.io/klog/v2" kconst "k8s.io/kubernetes/cmd/kubeadm/app/constants" @@ -384,12 +386,94 @@ func dockerSetScript(ec DockerEnvConfig, w io.Writer) error { dockerSetEnvTmpl = dockerEnvTCPTmpl } envVars := dockerEnvVars(ec) + if ec.Shell == "none" { + switch outputFormat { + case "": + // shell "none" + break + case "text": + for k, v := range envVars { + _, err := fmt.Fprintf(w, "%s=%s\n", k, v) + if err != nil { + return err + } + } + return nil + case "json": + json, err := json.Marshal(envVars) + if err != nil { + return err + } + _, err = w.Write(json) + if err != nil { + return err + } + _, err = w.Write([]byte{'\n'}) + if err != nil { + return err + } + return nil + case "yaml": + yaml, err := yaml.Marshal(envVars) + if err != nil { + return err + } + _, err = w.Write(yaml) + if err != nil { + return err + } + return nil + default: + exit.Message(reason.InternalOutputUsage, "error: --output must be 'text', 'yaml' or 'json'") + } + } return shell.SetScript(ec.EnvConfig, w, dockerSetEnvTmpl, dockerShellCfgSet(ec, envVars)) } // dockerSetScript writes out a shell-compatible 'docker-env unset' script func dockerUnsetScript(ec DockerEnvConfig, w io.Writer) error { vars := dockerEnvNames(ec) + if ec.Shell == "none" { + switch outputFormat { + case "": + // shell "none" + break + case "text": + for _, n := range vars { + _, err := fmt.Fprintf(w, "%s\n", n) + if err != nil { + return err + } + } + return nil + case "json": + json, err := json.Marshal(vars) + if err != nil { + return err + } + _, err = w.Write(json) + if err != nil { + return err + } + _, err = w.Write([]byte{'\n'}) + if err != nil { + return err + } + return nil + case "yaml": + yaml, err := yaml.Marshal(vars) + if err != nil { + return err + } + _, err = w.Write(yaml) + if err != nil { + return err + } + return nil + default: + exit.Message(reason.InternalOutputUsage, "error: --output must be 'text', 'yaml' or 'json'") + } + } return shell.UnsetScript(ec.EnvConfig, w, vars) } @@ -508,5 +592,6 @@ func init() { dockerEnvCmd.Flags().BoolVar(&sshHost, "ssh-host", false, "Use SSH connection instead of HTTPS (port 2376)") dockerEnvCmd.Flags().BoolVar(&sshAdd, "ssh-add", false, "Add SSH identity key to SSH authentication agent") dockerEnvCmd.Flags().StringVar(&shell.ForceShell, "shell", "", "Force environment to be configured for a specified shell: [fish, cmd, powershell, tcsh, bash, zsh], default is auto-detect") + dockerEnvCmd.Flags().StringVarP(&outputFormat, "output", "o", "", "One of 'text', 'yaml' or 'json'.") dockerEnvCmd.Flags().BoolVarP(&dockerUnset, "unset", "u", false, "Unset variables instead of setting them") } diff --git a/site/content/en/docs/commands/docker-env.md b/site/content/en/docs/commands/docker-env.md index bfecfc5730..ebd62060a5 100644 --- a/site/content/en/docs/commands/docker-env.md +++ b/site/content/en/docs/commands/docker-env.md @@ -20,11 +20,12 @@ minikube docker-env [flags] ### Options ``` - --no-proxy Add machine IP to NO_PROXY environment variable - --shell string Force environment to be configured for a specified shell: [fish, cmd, powershell, tcsh, bash, zsh], default is auto-detect - --ssh-add Add SSH identity key to SSH authentication agent - --ssh-host Use SSH connection instead of HTTPS (port 2376) - -u, --unset Unset variables instead of setting them + --no-proxy Add machine IP to NO_PROXY environment variable + -o, --output string One of 'text', 'yaml' or 'json'. + --shell string Force environment to be configured for a specified shell: [fish, cmd, powershell, tcsh, bash, zsh], default is auto-detect + --ssh-add Add SSH identity key to SSH authentication agent + --ssh-host Use SSH connection instead of HTTPS (port 2376) + -u, --unset Unset variables instead of setting them ``` ### Options inherited from parent commands From 5bd3f9a79c7087ec58ab15db813c58b859370355 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Fri, 13 Aug 2021 23:31:53 +0200 Subject: [PATCH 137/205] Add tests for the new docker-env output formats --- cmd/minikube/cmd/docker-env_test.go | 115 +++++++++++++++++++++++++++- 1 file changed, 113 insertions(+), 2 deletions(-) diff --git a/cmd/minikube/cmd/docker-env_test.go b/cmd/minikube/cmd/docker-env_test.go index 915b3da622..e0fbb6780a 100644 --- a/cmd/minikube/cmd/docker-env_test.go +++ b/cmd/minikube/cmd/docker-env_test.go @@ -18,10 +18,14 @@ package cmd import ( "bytes" + "encoding/json" "os" + "strings" "testing" "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + "gopkg.in/yaml.v2" ) type FakeNoProxyGetter struct { @@ -36,13 +40,16 @@ func (f FakeNoProxyGetter) GetNoProxyVar() (string, string) { func TestGenerateDockerScripts(t *testing.T) { var tests = []struct { shell string + output string config DockerEnvConfig noProxyGetter *FakeNoProxyGetter wantSet string wantUnset string + diffOpts []cmp.Option }{ { "bash", + "", DockerEnvConfig{profile: "dockerdriver", driver: "docker", hostIP: "127.0.0.1", port: 32842, certsDir: "/certs"}, nil, `export DOCKER_TLS_VERIFY="1" @@ -58,9 +65,11 @@ unset DOCKER_HOST; unset DOCKER_CERT_PATH; unset MINIKUBE_ACTIVE_DOCKERD; `, + nil, }, { "bash", + "", DockerEnvConfig{profile: "dockerdriver", driver: "docker", ssh: true, username: "root", hostname: "host", sshport: 22}, nil, `export DOCKER_HOST="ssh://root@host:22" @@ -74,9 +83,11 @@ unset DOCKER_HOST; unset DOCKER_CERT_PATH; unset MINIKUBE_ACTIVE_DOCKERD; `, + nil, }, { "bash", + "", DockerEnvConfig{profile: "bash", driver: "kvm2", hostIP: "127.0.0.1", port: 2376, certsDir: "/certs"}, nil, `export DOCKER_TLS_VERIFY="1" @@ -92,9 +103,11 @@ unset DOCKER_HOST; unset DOCKER_CERT_PATH; unset MINIKUBE_ACTIVE_DOCKERD; `, + nil, }, { "bash", + "", DockerEnvConfig{profile: "ipv6", driver: "kvm2", hostIP: "fe80::215:5dff:fe00:a903", port: 2376, certsDir: "/certs"}, nil, `export DOCKER_TLS_VERIFY="1" @@ -110,9 +123,11 @@ unset DOCKER_HOST; unset DOCKER_CERT_PATH; unset MINIKUBE_ACTIVE_DOCKERD; `, + nil, }, { "fish", + "", DockerEnvConfig{profile: "fish", driver: "kvm2", hostIP: "127.0.0.1", port: 2376, certsDir: "/certs"}, nil, `set -gx DOCKER_TLS_VERIFY "1"; @@ -128,9 +143,11 @@ set -e DOCKER_HOST; set -e DOCKER_CERT_PATH; set -e MINIKUBE_ACTIVE_DOCKERD; `, + nil, }, { "powershell", + "", DockerEnvConfig{profile: "powershell", driver: "hyperv", hostIP: "192.168.0.1", port: 2376, certsDir: "/certs"}, nil, `$Env:DOCKER_TLS_VERIFY = "1" @@ -146,9 +163,11 @@ Remove-Item Env:\\DOCKER_HOST Remove-Item Env:\\DOCKER_CERT_PATH Remove-Item Env:\\MINIKUBE_ACTIVE_DOCKERD `, + nil, }, { "cmd", + "", DockerEnvConfig{profile: "cmd", driver: "hyperv", hostIP: "192.168.0.1", port: 2376, certsDir: "/certs"}, nil, `SET DOCKER_TLS_VERIFY=1 @@ -164,9 +183,11 @@ SET DOCKER_HOST= SET DOCKER_CERT_PATH= SET MINIKUBE_ACTIVE_DOCKERD= `, + nil, }, { "emacs", + "", DockerEnvConfig{profile: "emacs", driver: "hyperv", hostIP: "192.168.0.1", port: 2376, certsDir: "/certs"}, nil, `(setenv "DOCKER_TLS_VERIFY" "1") @@ -181,9 +202,11 @@ SET MINIKUBE_ACTIVE_DOCKERD= (setenv "DOCKER_CERT_PATH" nil) (setenv "MINIKUBE_ACTIVE_DOCKERD" nil) `, + nil, }, { "bash", + "", DockerEnvConfig{profile: "bash-no-proxy", driver: "kvm2", hostIP: "127.0.0.1", port: 2376, certsDir: "/certs", noProxy: true}, &FakeNoProxyGetter{"NO_PROXY", "127.0.0.1"}, `export DOCKER_TLS_VERIFY="1" @@ -202,9 +225,11 @@ unset DOCKER_CERT_PATH; unset MINIKUBE_ACTIVE_DOCKERD; unset NO_PROXY; `, + nil, }, { "bash", + "", DockerEnvConfig{profile: "bash-no-proxy-lower", driver: "kvm2", hostIP: "127.0.0.1", port: 2376, certsDir: "/certs", noProxy: true}, &FakeNoProxyGetter{"no_proxy", "127.0.0.1"}, `export DOCKER_TLS_VERIFY="1" @@ -223,9 +248,11 @@ unset DOCKER_CERT_PATH; unset MINIKUBE_ACTIVE_DOCKERD; unset no_proxy; `, + nil, }, { "powershell", + "", DockerEnvConfig{profile: "powershell-no-proxy-idempotent", driver: "hyperv", hostIP: "192.168.0.1", port: 2376, certsDir: "/certs", noProxy: true}, &FakeNoProxyGetter{"no_proxy", "192.168.0.1"}, `$Env:DOCKER_TLS_VERIFY = "1" @@ -243,9 +270,11 @@ Remove-Item Env:\\DOCKER_CERT_PATH Remove-Item Env:\\MINIKUBE_ACTIVE_DOCKERD Remove-Item Env:\\no_proxy `, + nil, }, { "bash", + "", DockerEnvConfig{profile: "sh-no-proxy-add", driver: "kvm2", hostIP: "127.0.0.1", port: 2376, certsDir: "/certs", noProxy: true}, &FakeNoProxyGetter{"NO_PROXY", "192.168.0.1,10.0.0.4"}, `export DOCKER_TLS_VERIFY="1" @@ -264,9 +293,11 @@ unset DOCKER_CERT_PATH; unset MINIKUBE_ACTIVE_DOCKERD; unset NO_PROXY; `, + nil, }, { "none", + "", DockerEnvConfig{profile: "noneshell", driver: "docker", hostIP: "127.0.0.1", port: 32842, certsDir: "/certs"}, nil, `DOCKER_TLS_VERIFY=1 @@ -279,11 +310,91 @@ DOCKER_HOST DOCKER_CERT_PATH MINIKUBE_ACTIVE_DOCKERD `, + nil, + }, + { + "none", + "text", + DockerEnvConfig{profile: "nonetext", driver: "docker", hostIP: "127.0.0.1", port: 32842, certsDir: "/certs"}, + nil, + `DOCKER_TLS_VERIFY=1 +DOCKER_HOST=tcp://127.0.0.1:32842 +DOCKER_CERT_PATH=/certs +MINIKUBE_ACTIVE_DOCKERD=nonetext +`, + `DOCKER_TLS_VERIFY +DOCKER_HOST +DOCKER_CERT_PATH +MINIKUBE_ACTIVE_DOCKERD +`, + []cmp.Option{ + cmpopts.AcyclicTransformer("SplitLines", func(s string) []string { + return strings.Split(s, "\n") + }), + cmpopts.SortSlices(func(a, b string) bool { + return a < b + }), + }, + }, + { + "none", + "json", + DockerEnvConfig{profile: "nonejson", driver: "docker", hostIP: "127.0.0.1", port: 32842, certsDir: "/certs"}, + nil, + `{ + "DOCKER_TLS_VERIFY": "1", + "DOCKER_HOST": "tcp://127.0.0.1:32842", + "DOCKER_CERT_PATH": "/certs", + "MINIKUBE_ACTIVE_DOCKERD": "nonejson" + }`, + `[ + "DOCKER_TLS_VERIFY", + "DOCKER_HOST", + "DOCKER_CERT_PATH", + "MINIKUBE_ACTIVE_DOCKERD" + ]`, + []cmp.Option{ + cmp.FilterValues(func(x, y string) bool { + return json.Valid([]byte(x)) && json.Valid([]byte(y)) + }, + cmp.Transformer("ParseJSON", func(in string) (out interface{}) { + if err := json.Unmarshal([]byte(in), &out); err != nil { + panic(err) // should never occur given previous filter to ensure valid JSON + } + return out + })), + }, + }, + { + "none", + "yaml", + DockerEnvConfig{profile: "noneyaml", driver: "docker", hostIP: "127.0.0.1", port: 32842, certsDir: "/certs"}, + nil, + `DOCKER_TLS_VERIFY: "1" +DOCKER_HOST: tcp://127.0.0.1:32842 +DOCKER_CERT_PATH: /certs +MINIKUBE_ACTIVE_DOCKERD: noneyaml +`, + `- DOCKER_TLS_VERIFY +- DOCKER_HOST +- DOCKER_CERT_PATH +- MINIKUBE_ACTIVE_DOCKERD +`, + []cmp.Option{ + cmpopts.AcyclicTransformer("ParseYAML", func(in string) (out interface{}) { + if err := yaml.Unmarshal([]byte(in), &out); err != nil { + return nil + } + return out + }), + }, }, } for _, tc := range tests { t.Run(tc.config.profile, func(t *testing.T) { tc.config.EnvConfig.Shell = tc.shell + // set global variable + outputFormat = tc.output defaultNoProxyGetter = tc.noProxyGetter var b []byte buf := bytes.NewBuffer(b) @@ -291,7 +402,7 @@ MINIKUBE_ACTIVE_DOCKERD t.Errorf("setScript(%+v) error: %v", tc.config, err) } got := buf.String() - if diff := cmp.Diff(tc.wantSet, got); diff != "" { + if diff := cmp.Diff(tc.wantSet, got, tc.diffOpts...); diff != "" { t.Errorf("setScript(%+v) mismatch (-want +got):\n%s\n\nraw output:\n%s\nquoted: %q", tc.config, diff, got, got) } @@ -300,7 +411,7 @@ MINIKUBE_ACTIVE_DOCKERD t.Errorf("unsetScript(%+v) error: %v", tc.config, err) } got = buf.String() - if diff := cmp.Diff(tc.wantUnset, got); diff != "" { + if diff := cmp.Diff(tc.wantUnset, got, tc.diffOpts...); diff != "" { t.Errorf("unsetScript(%+v) mismatch (-want +got):\n%s\n\nraw output:\n%s\nquoted: %q", tc.config, diff, got, got) } From 2b6295b36d4526c80356b7ac2762da52c72a6212 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Aug 2021 21:36:13 +0000 Subject: [PATCH 138/205] Bump golang.org/x/mod from 0.4.2 to 0.5.0 Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.4.2 to 0.5.0. - [Release notes](https://github.com/golang/mod/releases) - [Commits](https://github.com/golang/mod/compare/v0.4.2...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index b1ff90f4d4..4cc289fa1a 100644 --- a/go.mod +++ b/go.mod @@ -80,7 +80,7 @@ require ( golang.org/x/build v0.0.0-20190927031335-2835ba2e683f golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2 golang.org/x/exp v0.0.0-20210220032938-85be41e4509f - golang.org/x/mod v0.4.2 + golang.org/x/mod v0.5.0 golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c diff --git a/go.sum b/go.sum index 74e1c91024..bb863f8cac 100644 --- a/go.sum +++ b/go.sum @@ -1256,8 +1256,9 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.1-0.20200828183125-ce943fd02449/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.5.0 h1:UG21uOlmZabA4fW5i7ZX6bjw1xELEGg/ZLgZq9auk/Q= +golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= From c732c05044c2691fbbd11612ce320709681f94f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Aug 2021 21:36:56 +0000 Subject: [PATCH 139/205] Bump github.com/cloudevents/sdk-go/v2 from 2.3.1 to 2.5.0 Bumps [github.com/cloudevents/sdk-go/v2](https://github.com/cloudevents/sdk-go) from 2.3.1 to 2.5.0. - [Release notes](https://github.com/cloudevents/sdk-go/releases) - [Commits](https://github.com/cloudevents/sdk-go/compare/v2.3.1...v2.5.0) --- updated-dependencies: - dependency-name: github.com/cloudevents/sdk-go/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 3 ++- go.sum | 7 ++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index b1ff90f4d4..141520643e 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/c4milo/gotoolkit v0.0.0-20190525173301-67483a18c17a // indirect github.com/cenkalti/backoff/v4 v4.1.1 github.com/cheggaaa/pb/v3 v3.0.8 - github.com/cloudevents/sdk-go/v2 v2.3.1 + github.com/cloudevents/sdk-go/v2 v2.5.0 github.com/cloudfoundry-attic/jibber_jabber v0.0.0-20151120183258-bcc4c8345a21 github.com/cloudfoundry/jibber_jabber v0.0.0-20151120183258-bcc4c8345a21 // indirect github.com/docker/docker v20.10.7+incompatible @@ -32,6 +32,7 @@ require ( github.com/gookit/color v1.4.2 // indirect github.com/hashicorp/go-getter v1.5.7 github.com/hashicorp/go-retryablehttp v0.7.0 + github.com/hashicorp/golang-lru v0.5.3 // indirect github.com/hectane/go-acl v0.0.0-20190604041725-da78bae5fc95 // indirect github.com/hooklift/assert v0.0.0-20170704181755-9d1defd6d214 // indirect github.com/hooklift/iso9660 v0.0.0-20170318115843-1cf07e5970d8 diff --git a/go.sum b/go.sum index 74e1c91024..5c8449df11 100644 --- a/go.sum +++ b/go.sum @@ -200,8 +200,8 @@ github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/cilium/ebpf v0.5.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudevents/sdk-go/v2 v2.3.1 h1:QRTu0yRA4FbznjRSds0/4Hy6cVYpWV2wInlNJSHWAtw= -github.com/cloudevents/sdk-go/v2 v2.3.1/go.mod h1:4fO2UjPMYYR1/7KPJQCwTPb0lFA8zYuitkUpAZFSY1Q= +github.com/cloudevents/sdk-go/v2 v2.5.0 h1:Ts6aLHbBUJfcNcZ4ouAfJ4+Np7SE1Yf2w4ADKRCd7Fo= +github.com/cloudevents/sdk-go/v2 v2.5.0/go.mod h1:nlXhgFkf0uTopxmRXalyMwS2LG70cRGPrxzmjJgSG0U= github.com/cloudfoundry-attic/jibber_jabber v0.0.0-20151120183258-bcc4c8345a21 h1:Yg2hDs4b13Evkpj42FU2idX2cVXVFqQSheXYKM86Qsk= github.com/cloudfoundry-attic/jibber_jabber v0.0.0-20151120183258-bcc4c8345a21/go.mod h1:MgJyK38wkzZbiZSKeIeFankxxSA8gayko/nr5x5bgBA= github.com/cloudfoundry/jibber_jabber v0.0.0-20151120183258-bcc4c8345a21 h1:tuijfIjZyjZaHq9xDUh0tNitwXshJpbLkqMOJv4H3do= @@ -755,8 +755,6 @@ github.com/libopenstorage/openstorage v1.0.0/go.mod h1:Sp1sIObHjat1BeXhfMqLZ14wn github.com/libvirt/libvirt-go v3.9.0+incompatible h1:tcJOV5bCR8lWsifKnPCEnYSroD5rjuUkCBp/kv1kH/w= github.com/libvirt/libvirt-go v3.9.0+incompatible/go.mod h1:34zsnB4iGeOv7Byj6qotuW8Ya4v4Tr43ttjz/F0wjLE= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= -github.com/lightstep/tracecontext.go v0.0.0-20181129014701-1757c391b1ac h1:+2b6iGRJe3hvV/yVXrd41yVEjxuFHxasJqDhkIjS4gk= -github.com/lightstep/tracecontext.go v0.0.0-20181129014701-1757c391b1ac/go.mod h1:Frd2bnT3w5FB5q49ENTfVlztJES+1k/7lyWX2+9gq/M= github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= github.com/lpabon/godbc v0.1.1/go.mod h1:Jo9QV0cf3U6jZABgiJ2skINAXb9j8m51r07g4KI92ZA= github.com/lucas-clemente/aes12 v0.0.0-20171027163421-cd47fb39b79f/go.mod h1:JpH9J1c9oX6otFSgdUHwUBUizmKlrMjxWnIAjff4m04= @@ -877,7 +875,6 @@ github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.2/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg= From 5c0177aff6e00e226e8206ccb0bca133ca4b2b1d Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Fri, 13 Aug 2021 15:26:39 -0700 Subject: [PATCH 140/205] Replace setupFailed with setupSucceeded because the Go docs lied. --- test/integration/addons_test.go | 4 ++-- test/integration/functional_test_tunnel_test.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/test/integration/addons_test.go b/test/integration/addons_test.go index 513b78ec8f..54c6e30c18 100644 --- a/test/integration/addons_test.go +++ b/test/integration/addons_test.go @@ -46,7 +46,7 @@ func TestAddons(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), Minutes(40)) defer Cleanup(t, profile, cancel) - setupFailed := t.Run("Setup", func(t *testing.T) { + setupSucceeded := t.Run("Setup", func(t *testing.T) { // We don't need a dummy file is we're on GCE if !detect.IsOnGCE() || detect.IsCloudShell() { // Set an env var to point to our dummy credentials file @@ -105,7 +105,7 @@ func TestAddons(t *testing.T) { } }) - if setupFailed { + if !setupSucceeded { t.Fatalf("Failed setup for addon tests") } diff --git a/test/integration/functional_test_tunnel_test.go b/test/integration/functional_test_tunnel_test.go index 1d2d9c7ca5..8d7b4fcb38 100644 --- a/test/integration/functional_test_tunnel_test.go +++ b/test/integration/functional_test_tunnel_test.go @@ -136,7 +136,7 @@ func validateServiceStable(ctx context.Context, t *testing.T, profile string) { t.Skip("The test WaitService is broken on github actions in macos https://github.com/kubernetes/minikube/issues/8434") } checkRoutePassword(t) - setupFailed := t.Run("Setup", func(t *testing.T) { + setupSucceeded := t.Run("Setup", func(t *testing.T) { client, err := kapi.Client(profile) if err != nil { t.Fatalf("failed to get Kubernetes client for %q: %v", profile, err) @@ -155,7 +155,7 @@ func validateServiceStable(ctx context.Context, t *testing.T, profile string) { t.Fatal(errors.Wrap(err, "Error waiting for nginx service to be up")) } }) - if setupFailed { + if !setupSucceeded { t.Fatal("Failed setup") } From e59c41e6f2c9a78be4aff3d0a615ce9f93a49d2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Sun, 8 Aug 2021 23:17:15 +0200 Subject: [PATCH 141/205] Add method to copy files from the VM as well Previously you could only Copy(To), not CopyFrom. Implies that some Assets can be written to instead. --- pkg/minikube/assets/vm_assets.go | 59 ++++++++++++++++++ pkg/minikube/command/command_runner.go | 3 + pkg/minikube/command/exec_runner.go | 18 ++++++ pkg/minikube/command/fake_runner.go | 13 ++++ pkg/minikube/command/kic_runner.go | 17 ++++++ pkg/minikube/command/ssh_runner.go | 82 ++++++++++++++++++++++++++ pkg/minikube/cruntime/cruntime.go | 2 + pkg/minikube/cruntime/cruntime_test.go | 4 ++ 8 files changed, 198 insertions(+) diff --git a/pkg/minikube/assets/vm_assets.go b/pkg/minikube/assets/vm_assets.go index b6ec89e9b8..752953e960 100644 --- a/pkg/minikube/assets/vm_assets.go +++ b/pkg/minikube/assets/vm_assets.go @@ -24,6 +24,7 @@ import ( "io" "os" "path" + "strconv" "time" "github.com/pkg/errors" @@ -37,8 +38,11 @@ const MemorySource = "memory" // CopyableFile is something that can be copied type CopyableFile interface { io.Reader + io.Writer GetLength() int + SetLength(int) GetSourcePath() string + GetTargetPath() string GetTargetDir() string GetTargetName() string @@ -62,6 +66,11 @@ func (b *BaseAsset) GetSourcePath() string { return b.SourcePath } +// GetTargetPath returns target path +func (b *BaseAsset) GetTargetPath() string { + return path.Join(b.GetTargetDir(), b.GetTargetName()) +} + // GetTargetDir returns target dir func (b *BaseAsset) GetTargetDir() string { return b.TargetDir @@ -86,6 +95,7 @@ func (b *BaseAsset) GetModTime() (time.Time, error) { type FileAsset struct { BaseAsset reader io.ReadSeeker + writer io.Writer file *os.File // Optional pointer to close file through FileAsset.Close() } @@ -134,6 +144,14 @@ func (f *FileAsset) GetLength() (flen int) { return int(fi.Size()) } +// SetLength sets the file length +func (f *FileAsset) SetLength(flen int) { + err := os.Truncate(f.SourcePath, int64(flen)) + if err != nil { + klog.Errorf("truncate(%q) failed: %v", f.SourcePath, err) + } +} + // GetModTime returns modification time of the file func (f *FileAsset) GetModTime() (time.Time, error) { fi, err := os.Stat(f.SourcePath) @@ -152,6 +170,23 @@ func (f *FileAsset) Read(p []byte) (int, error) { return f.reader.Read(p) } +// Write writes the asset +func (f *FileAsset) Write(p []byte) (int, error) { + if f.writer == nil { + f.file.Close() + perms, err := strconv.ParseUint(f.Permissions, 8, 32) + if err != nil || perms > 07777 { + return 0, err + } + f.file, err = os.OpenFile(f.SourcePath, os.O_RDWR|os.O_CREATE, os.FileMode(perms)) + if err != nil { + return 0, err + } + f.writer = io.Writer(f.file) + } + return f.writer.Write(p) +} + // Seek resets the reader to offset func (f *FileAsset) Seek(offset int64, whence int) (int64, error) { return f.reader.Seek(offset, whence) @@ -177,11 +212,23 @@ func (m *MemoryAsset) GetLength() int { return m.length } +// SetLength returns length +func (m *MemoryAsset) SetLength(len int) { + m.length = len +} + // Read reads the asset func (m *MemoryAsset) Read(p []byte) (int, error) { return m.reader.Read(p) } +// Writer writes the asset +func (m *MemoryAsset) Write(p []byte) (int, error) { + m.length = len(p) + m.reader = bytes.NewReader(p) + return len(p), nil +} + // Seek resets the reader to offset func (m *MemoryAsset) Seek(offset int64, whence int) (int64, error) { return m.reader.Seek(offset, whence) @@ -298,6 +345,11 @@ func (m *BinAsset) GetLength() int { return m.length } +// SetLength sets length +func (m *BinAsset) SetLength(len int) { + m.length = len +} + // Read reads the asset func (m *BinAsset) Read(p []byte) (int, error) { if m.GetLength() == 0 { @@ -306,6 +358,13 @@ func (m *BinAsset) Read(p []byte) (int, error) { return m.reader.Read(p) } +// Write writes the asset +func (m *BinAsset) Write(p []byte) (int, error) { + m.length = len(p) + m.reader = bytes.NewReader(p) + return len(p), nil +} + // Seek resets the reader to offset func (m *BinAsset) Seek(offset int64, whence int) (int64, error) { return m.reader.Seek(offset, whence) diff --git a/pkg/minikube/command/command_runner.go b/pkg/minikube/command/command_runner.go index 41619b1af8..3abd0dbdfc 100644 --- a/pkg/minikube/command/command_runner.go +++ b/pkg/minikube/command/command_runner.go @@ -75,6 +75,9 @@ type Runner interface { // Copy is a convenience method that runs a command to copy a file Copy(assets.CopyableFile) error + // CopyFrom is a convenience method that runs a command to copy a file back + CopyFrom(assets.CopyableFile) error + // Remove is a convenience method that runs a command to remove a file Remove(assets.CopyableFile) error } diff --git a/pkg/minikube/command/exec_runner.go b/pkg/minikube/command/exec_runner.go index b803b9b949..7d91519776 100644 --- a/pkg/minikube/command/exec_runner.go +++ b/pkg/minikube/command/exec_runner.go @@ -184,6 +184,24 @@ func (e *execRunner) Copy(f assets.CopyableFile) error { return writeFile(dst, f, os.FileMode(perms)) } +// CopyFrom copies a file +func (e *execRunner) CopyFrom(f assets.CopyableFile) error { + src := path.Join(f.GetTargetDir(), f.GetTargetName()) + + dst := f.GetSourcePath() + klog.Infof("cp: %s --> %s (%d bytes)", src, dst, f.GetLength()) + if f.GetLength() == 0 { + klog.Warningf("0 byte asset: %+v", f) + } + + perms, err := strconv.ParseInt(f.GetPermissions(), 8, 0) + if err != nil || perms > 07777 { + return errors.Wrapf(err, "error converting permissions %s to integer", f.GetPermissions()) + } + + return writeFile(dst, f, os.FileMode(perms)) +} + // Remove removes a file func (e *execRunner) Remove(f assets.CopyableFile) error { dst := filepath.Join(f.GetTargetDir(), f.GetTargetName()) diff --git a/pkg/minikube/command/fake_runner.go b/pkg/minikube/command/fake_runner.go index b663ff7a38..0e8521a99f 100644 --- a/pkg/minikube/command/fake_runner.go +++ b/pkg/minikube/command/fake_runner.go @@ -142,6 +142,19 @@ func (f *FakeCommandRunner) Copy(file assets.CopyableFile) error { return nil } +func (f *FakeCommandRunner) CopyFrom(file assets.CopyableFile) error { + v, ok := f.fileMap.Load(file.GetSourcePath()) + if !ok { + return fmt.Errorf("not found in map") + } + b := v.(bytes.Buffer) + _, err := io.Copy(file, &b) + if err != nil { + return errors.Wrapf(err, "error writing file: %+v", file) + } + return nil +} + // Remove removes the filename, file contents key value pair from the stored map func (f *FakeCommandRunner) Remove(file assets.CopyableFile) error { f.fileMap.Delete(file.GetSourcePath()) diff --git a/pkg/minikube/command/kic_runner.go b/pkg/minikube/command/kic_runner.go index 71e56feb77..7156246ff2 100644 --- a/pkg/minikube/command/kic_runner.go +++ b/pkg/minikube/command/kic_runner.go @@ -204,6 +204,15 @@ func (k *kicRunner) Copy(f assets.CopyableFile) error { return k.copy(tf.Name(), dst) } +// CopyFrom copies a file +func (k *kicRunner) CopyFrom(f assets.CopyableFile) error { + src := f.GetTargetPath() + dst := f.GetSourcePath() + + klog.Infof("%s (direct): %s --> %s", k.ociBin, src, dst) + return k.copyFrom(src, dst) +} + // tempDirectory returns the directory to use as the temp directory // or an empty string if it should use the os default temp directory. func tempDirectory(isMinikubeSnap bool, isDockerSnap bool) (string, error) { @@ -229,6 +238,14 @@ func (k *kicRunner) copy(src string, dst string) error { return copyToDocker(src, fullDest) } +func (k *kicRunner) copyFrom(src string, dst string) error { + fullSource := fmt.Sprintf("%s:%s", k.nameOrID, src) + if k.ociBin == oci.Podman { + return copyToPodman(fullSource, dst) + } + return copyToDocker(fullSource, dst) +} + func (k *kicRunner) chmod(dst string, perm string) error { _, err := k.RunCmd(exec.Command("sudo", "chmod", perm, dst)) return err diff --git a/pkg/minikube/command/ssh_runner.go b/pkg/minikube/command/ssh_runner.go index fe92bffe00..d0044f4c74 100644 --- a/pkg/minikube/command/ssh_runner.go +++ b/pkg/minikube/command/ssh_runner.go @@ -17,11 +17,14 @@ limitations under the License. package command import ( + "bufio" "bytes" "fmt" "io" "os/exec" "path" + "strconv" + "strings" "sync" "time" @@ -373,3 +376,82 @@ func (s *SSHRunner) Copy(f assets.CopyableFile) error { } return g.Wait() } + +// CopyFrom copies a file from the remote over SSH. +func (s *SSHRunner) CopyFrom(f assets.CopyableFile) error { + dst := path.Join(path.Join(f.GetTargetDir(), f.GetTargetName())) + + sess, err := s.session() + if err != nil { + return errors.Wrap(err, "NewSession") + } + defer func() { + if err := sess.Close(); err != nil { + if err != io.EOF { + klog.Errorf("session close: %v", err) + } + } + }() + + cmd := exec.Command("stat", "-c", "%s", dst) + rr, err := s.RunCmd(cmd) + if err != nil { + return fmt.Errorf("%s: %v", cmd, err) + } + length, err := strconv.Atoi(strings.TrimSuffix(rr.Stdout.String(), "\n")) + if err != nil { + return err + } + src := f.GetSourcePath() + klog.Infof("scp %s --> %s (%d bytes)", dst, src, length) + f.SetLength(length) + + r, err := sess.StdoutPipe() + if err != nil { + return errors.Wrap(err, "StdoutPipe") + } + w, err := sess.StdinPipe() + if err != nil { + return errors.Wrap(err, "StdinPipe") + } + // The scpcmd below *should not* return until all data is copied and the + // StdinPipe is closed. But let's use errgroup to make it explicit. + var g errgroup.Group + var copied int64 + + g.Go(func() error { + defer w.Close() + br := bufio.NewReader(r) + fmt.Fprint(w, "\x00") + b, err := br.ReadBytes('\n') + if err != nil { + return errors.Wrap(err, "ReadBytes") + } + if b[0] != 'C' { + return fmt.Errorf("unexpected: %v", b) + } + fmt.Fprint(w, "\x00") + + copied = 0 + for copied < int64(length) { + n, err := io.CopyN(f, br, int64(length)) + if err != nil { + return errors.Wrap(err, "io.CopyN") + } + copied += n + } + fmt.Fprint(w, "\x00") + err = sess.Wait() + if err != nil { + return err + } + return nil + }) + + scp := fmt.Sprintf("sudo scp -f %s", f.GetTargetPath()) + err = sess.Start(scp) + if err != nil { + return fmt.Errorf("%s: %s", scp, err) + } + return g.Wait() +} diff --git a/pkg/minikube/cruntime/cruntime.go b/pkg/minikube/cruntime/cruntime.go index 95d9084839..e2df9d83a9 100644 --- a/pkg/minikube/cruntime/cruntime.go +++ b/pkg/minikube/cruntime/cruntime.go @@ -65,6 +65,8 @@ type CommandRunner interface { WaitCmd(sc *command.StartedCmd) (*command.RunResult, error) // Copy is a convenience method that runs a command to copy a file Copy(assets.CopyableFile) error + // CopyFrom is a convenience method that runs a command to copy a file back + CopyFrom(assets.CopyableFile) error // Remove is a convenience method that runs a command to remove a file Remove(assets.CopyableFile) error } diff --git a/pkg/minikube/cruntime/cruntime_test.go b/pkg/minikube/cruntime/cruntime_test.go index ca1c6cd54b..3a55059cc4 100644 --- a/pkg/minikube/cruntime/cruntime_test.go +++ b/pkg/minikube/cruntime/cruntime_test.go @@ -236,6 +236,10 @@ func (f *FakeRunner) Copy(assets.CopyableFile) error { return nil } +func (f *FakeRunner) CopyFrom(assets.CopyableFile) error { + return nil +} + func (f *FakeRunner) Remove(assets.CopyableFile) error { return nil } From 68197de86107fe8fae8ea790669daabf21f78c52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Sun, 8 Aug 2021 23:21:10 +0200 Subject: [PATCH 142/205] Add command to save images from the cluster This is the opposite command of "minikube image load", and can be used after doing a "minikube image build". The default is to save images in the cache, but it is also possible to save to files or to standard output. --- cmd/minikube/cmd/image.go | 74 ++++++++ pkg/minikube/image/image.go | 58 ++++++ pkg/minikube/machine/cache_images.go | 171 ++++++++++++++++++ pkg/minikube/reason/reason.go | 2 + site/content/en/docs/commands/image.md | 48 +++++ site/content/en/docs/contrib/errorcodes.en.md | 3 + 6 files changed, 356 insertions(+) diff --git a/cmd/minikube/cmd/image.go b/cmd/minikube/cmd/image.go index 85616c09c4..8fdc870e57 100644 --- a/cmd/minikube/cmd/image.go +++ b/cmd/minikube/cmd/image.go @@ -144,6 +144,77 @@ var loadImageCmd = &cobra.Command{ }, } +func readFile(w io.Writer, tmp string) error { + r, err := os.Open(tmp) + if err != nil { + return err + } + _, err = io.Copy(w, r) + if err != nil { + return err + } + err = r.Close() + if err != nil { + return err + } + return nil +} + +// saveImageCmd represents the image load command +var saveImageCmd = &cobra.Command{ + Use: "save IMAGE [ARCHIVE | -]", + Short: "Save a image from minikube", + Long: "Save a image from minikube", + Example: "minikube image save image\nminikube image save image image.tar", + Run: func(cmd *cobra.Command, args []string) { + if len(args) == 0 { + exit.Message(reason.Usage, "Please provide an image in the container runtime to save from minikube via ") + } + // Save images from container runtime + profile, err := config.LoadProfile(viper.GetString(config.ProfileName)) + if err != nil { + exit.Error(reason.Usage, "loading profile", err) + } + + if len(args) > 1 { + output = args[1] + + if args[1] == "-" { + tmp, err := ioutil.TempFile("", "image.*.tar") + if err != nil { + exit.Error(reason.GuestImageSave, "Failed to get temp", err) + } + tmp.Close() + output = tmp.Name() + } + + if err := machine.DoSaveImages([]string{args[0]}, output, []*config.Profile{profile}, ""); err != nil { + exit.Error(reason.GuestImageSave, "Failed to save image", err) + } + + if args[1] == "-" { + err := readFile(os.Stdout, output) + if err != nil { + exit.Error(reason.GuestImageSave, "Failed to read temp", err) + } + os.Remove(output) + } + } else { + if err := machine.SaveAndCacheImages([]string{args[0]}, []*config.Profile{profile}); err != nil { + exit.Error(reason.GuestImageSave, "Failed to save image", err) + } + if imgDaemon || imgRemote { + image.UseDaemon(imgDaemon) + image.UseRemote(imgRemote) + err := image.UploadCachedImage(args[0]) + if err != nil { + exit.Error(reason.GuestImageSave, "Failed to save image", err) + } + } + } + }, +} + var removeImageCmd = &cobra.Command{ Use: "rm IMAGE [IMAGE...]", Short: "Remove one or more images", @@ -258,5 +329,8 @@ func init() { buildImageCmd.Flags().StringArrayVar(&buildEnv, "build-env", nil, "Environment variables to pass to the build. (format: key=value)") buildImageCmd.Flags().StringArrayVar(&buildOpt, "build-opt", nil, "Specify arbitrary flags to pass to the build. (format: key=value)") imageCmd.AddCommand(buildImageCmd) + saveImageCmd.Flags().BoolVar(&imgDaemon, "daemon", false, "Cache image to docker daemon") + saveImageCmd.Flags().BoolVar(&imgRemote, "remote", false, "Cache image to remote registry") + imageCmd.AddCommand(saveImageCmd) imageCmd.AddCommand(listImageCmd) } diff --git a/pkg/minikube/image/image.go b/pkg/minikube/image/image.go index 7814ce9abd..f10b4c16fd 100644 --- a/pkg/minikube/image/image.go +++ b/pkg/minikube/image/image.go @@ -33,10 +33,12 @@ import ( "github.com/google/go-containerregistry/pkg/v1/daemon" "github.com/google/go-containerregistry/pkg/v1/mutate" "github.com/google/go-containerregistry/pkg/v1/remote" + "github.com/google/go-containerregistry/pkg/v1/tarball" "github.com/pkg/errors" "k8s.io/klog/v2" "k8s.io/minikube/pkg/minikube/constants" + "k8s.io/minikube/pkg/minikube/localpath" ) const ( @@ -191,6 +193,62 @@ func retrieveRemote(ref name.Reference, p v1.Platform) (v1.Image, error) { return img, err } +// imagePathInCache returns path in local cache directory +func imagePathInCache(img string) string { + f := filepath.Join(constants.ImageCacheDir, img) + f = localpath.SanitizeCacheDir(f) + return f +} + +func UploadCachedImage(imgName string) error { + tag, err := name.NewTag(imgName, name.WeakValidation) + if err != nil { + klog.Infof("error parsing image name %s tag %v ", imgName, err) + return err + } + return uploadImage(tag, imagePathInCache(imgName)) +} + +func uploadImage(tag name.Tag, p string) error { + var err error + var img v1.Image + + if !useDaemon && !useRemote { + return fmt.Errorf("neither daemon nor remote") + } + + img, err = tarball.ImageFromPath(p, &tag) + if err != nil { + return errors.Wrap(err, "tarball") + } + ref := name.Reference(tag) + + klog.Infof("uploading image: %+v from: %s", ref, p) + if useDaemon { + return uploadDaemon(ref, img) + } + if useRemote { + return uploadRemote(ref, img, defaultPlatform) + } + return nil +} + +func uploadDaemon(ref name.Reference, img v1.Image) error { + resp, err := daemon.Write(ref, img) + if err != nil { + klog.Warningf("daemon load for %s: %v\n%s", ref, err, resp) + } + return err +} + +func uploadRemote(ref name.Reference, img v1.Image, p v1.Platform) error { + err := remote.Write(ref, img, remote.WithAuthFromKeychain(authn.DefaultKeychain), remote.WithPlatform(p)) + if err != nil { + klog.Warningf("remote push for %s: %v", ref, err) + } + return err +} + // See https://github.com/kubernetes/minikube/issues/10402 // check if downloaded image Architecture field matches the requested and fix it otherwise func fixPlatform(ref name.Reference, img v1.Image, p v1.Platform) (v1.Image, error) { diff --git a/pkg/minikube/machine/cache_images.go b/pkg/minikube/machine/cache_images.go index ad97ddcf8d..f7ba9b8e3f 100644 --- a/pkg/minikube/machine/cache_images.go +++ b/pkg/minikube/machine/cache_images.go @@ -19,6 +19,7 @@ package machine import ( "fmt" "os" + "os/exec" "path" "path/filepath" "sort" @@ -48,6 +49,9 @@ var loadRoot = path.Join(vmpath.GuestPersistentDir, "images") // loadImageLock is used to serialize image loads to avoid overloading the guest VM var loadImageLock sync.Mutex +// saveRoot is where images should be saved from within the guest VM +var saveRoot = path.Join(vmpath.GuestPersistentDir, "images") + // CacheImagesForBootstrapper will cache images for a bootstrapper func CacheImagesForBootstrapper(imageRepository string, version string, clusterBootstrapper string) error { images, err := bootstrapper.GetCachedImageList(imageRepository, version, clusterBootstrapper) @@ -326,6 +330,173 @@ func removeExistingImage(r cruntime.Manager, src string, imgName string) error { return nil } +// SaveCachedImages saves from the container runtime to the cache +func SaveCachedImages(cc *config.ClusterConfig, runner command.Runner, images []string, cacheDir string) error { + klog.Infof("SaveImages start: %s", images) + start := time.Now() + + defer func() { + klog.Infof("SaveImages completed in %s", time.Since(start)) + }() + + var g errgroup.Group + + for _, image := range images { + image := image + g.Go(func() error { + return transferAndSaveCachedImage(runner, cc.KubernetesConfig, image, cacheDir) + }) + } + if err := g.Wait(); err != nil { + return errors.Wrap(err, "saving cached images") + } + klog.Infoln("Successfully saved all cached images") + return nil +} + +// SaveLocalImages saves images from the container runtime +func SaveLocalImages(cc *config.ClusterConfig, runner command.Runner, images []string, output string) error { + var g errgroup.Group + for _, image := range images { + image := image + g.Go(func() error { + return transferAndSaveImage(runner, cc.KubernetesConfig, output, image) + }) + } + if err := g.Wait(); err != nil { + return errors.Wrap(err, "saving images") + } + klog.Infoln("Successfully saved all images") + return nil +} + +// SaveAndCacheImages saves images from all profiles into the cache +func SaveAndCacheImages(images []string, profiles []*config.Profile) error { + if len(images) == 0 { + return nil + } + + return DoSaveImages(images, "", profiles, constants.ImageCacheDir) +} + +// DoSaveImages saves images from all profiles +func DoSaveImages(images []string, output string, profiles []*config.Profile, cacheDir string) error { + api, err := NewAPIClient() + if err != nil { + return errors.Wrap(err, "api") + } + defer api.Close() + + klog.Infof("Save images: %q", images) + + succeeded := []string{} + failed := []string{} + + for _, p := range profiles { // loading images to all running profiles + pName := p.Name // capture the loop variable + + c, err := config.Load(pName) + if err != nil { + // Non-fatal because it may race with profile deletion + klog.Errorf("Failed to load profile %q: %v", pName, err) + failed = append(failed, pName) + continue + } + + for _, n := range c.Nodes { + m := config.MachineName(*c, n) + + status, err := Status(api, m) + if err != nil { + klog.Warningf("error getting status for %s: %v", m, err) + failed = append(failed, m) + continue + } + + if status == state.Running.String() { // the not running hosts will load on next start + h, err := api.Load(m) + if err != nil { + klog.Warningf("Failed to load machine %q: %v", m, err) + failed = append(failed, m) + continue + } + cr, err := CommandRunner(h) + if err != nil { + return err + } + if cacheDir != "" { + // saving image names, to cache + err = SaveCachedImages(c, cr, images, cacheDir) + } else { + // saving mage files + err = SaveLocalImages(c, cr, images, output) + } + if err != nil { + failed = append(failed, m) + klog.Warningf("Failed to load cached images for profile %s. make sure the profile is running. %v", pName, err) + continue + } + succeeded = append(succeeded, m) + } + } + } + + klog.Infof("succeeded pulling from : %s", strings.Join(succeeded, " ")) + klog.Infof("failed pulling from : %s", strings.Join(failed, " ")) + // Live pushes are not considered a failure + return nil +} + +// transferAndSaveCachedImage transfers and loads a single image from the cache +func transferAndSaveCachedImage(cr command.Runner, k8s config.KubernetesConfig, imgName string, cacheDir string) error { + dst := filepath.Join(cacheDir, imgName) + dst = localpath.SanitizeCacheDir(dst) + return transferAndSaveImage(cr, k8s, dst, imgName) +} + +// transferAndSaveImage transfers and loads a single image +func transferAndSaveImage(cr command.Runner, k8s config.KubernetesConfig, dst string, imgName string) error { + r, err := cruntime.New(cruntime.Config{Type: k8s.ContainerRuntime, Runner: cr}) + if err != nil { + return errors.Wrap(err, "runtime") + } + + klog.Infof("Saving image to: %s", dst) + filename := filepath.Base(dst) + + _, err = os.OpenFile(dst, os.O_CREATE|os.O_WRONLY, 0777) + if err != nil { + return err + } + + f, err := assets.NewFileAsset(dst, saveRoot, filename, "0644") + if err != nil { + return errors.Wrapf(err, "creating copyable file asset: %s", filename) + } + defer func() { + if err := f.Close(); err != nil { + klog.Warningf("error closing the file %s: %v", f.GetSourcePath(), err) + } + }() + + src := path.Join(saveRoot, filename) + args := append([]string{"rm", "-f"}, src) + if _, err := cr.RunCmd(exec.Command("sudo", args...)); err != nil { + return err + } + err = r.SaveImage(imgName, src) + if err != nil { + return errors.Wrapf(err, "%s save %s", r.Name(), src) + } + + if err := cr.CopyFrom(f); err != nil { + return errors.Wrap(err, "transferring cached image") + } + + klog.Infof("Transferred and saved %s to cache", dst) + return nil +} + // pullImages pulls images to the container run time func pullImages(cruntime cruntime.Manager, images []string) error { klog.Infof("PullImages start: %s", images) diff --git a/pkg/minikube/reason/reason.go b/pkg/minikube/reason/reason.go index 9b044e45b8..dc01e2f3ae 100644 --- a/pkg/minikube/reason/reason.go +++ b/pkg/minikube/reason/reason.go @@ -317,6 +317,8 @@ var ( GuestImageRemove = Kind{ID: "GUEST_IMAGE_REMOVE", ExitCode: ExGuestError} // minikube failed to build an image GuestImageBuild = Kind{ID: "GUEST_IMAGE_BUILD", ExitCode: ExGuestError} + // minikube failed to push or save an image + GuestImageSave = Kind{ID: "GUEST_IMAGE_SAVE", ExitCode: ExGuestError} // minikube failed to load host GuestLoadHost = Kind{ID: "GUEST_LOAD_HOST", ExitCode: ExGuestError} // minkube failed to create a mount diff --git a/site/content/en/docs/commands/image.md b/site/content/en/docs/commands/image.md index 299e0c80ae..112794ff40 100644 --- a/site/content/en/docs/commands/image.md +++ b/site/content/en/docs/commands/image.md @@ -264,3 +264,51 @@ $ minikube image unload image busybox --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging ``` +## minikube image save + +Save a image from minikube + +### Synopsis + +Save a image from minikube + +```shell +minikube image save IMAGE [ARCHIVE | -] [flags] +``` + +### Examples + +``` +minikube image save image +minikube image save image image.tar +``` + +### Options + +``` + --daemon Cache image to docker daemon + --remote Cache image to remote registry +``` + +### Options inherited from parent commands + +``` + --add_dir_header If true, adds the file directory to the header of the log messages + --alsologtostderr log to standard error as well as files + -b, --bootstrapper string The name of the cluster bootstrapper that will set up the Kubernetes cluster. (default "kubeadm") + -h, --help + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --log_file string If non-empty, use this log file + --log_file_max_size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) + --logtostderr log to standard error instead of files + --one_output If true, only write logs to their native severity level (vs also writing to each lower severity level) + -p, --profile string The name of the minikube VM being used. This can be set to allow having multiple instances of minikube independently. (default "minikube") + --skip_headers If true, avoid header prefixes in the log messages + --skip_log_headers If true, avoid headers when opening log files + --stderrthreshold severity logs at or above this threshold go to stderr (default 2) + --user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username. + -v, --v Level number for the log level verbosity + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + diff --git a/site/content/en/docs/contrib/errorcodes.en.md b/site/content/en/docs/contrib/errorcodes.en.md index d2589bf1e5..c3621b7ed4 100644 --- a/site/content/en/docs/contrib/errorcodes.en.md +++ b/site/content/en/docs/contrib/errorcodes.en.md @@ -381,6 +381,9 @@ minikube failed to remove an image "GUEST_IMAGE_BUILD" (Exit code ExGuestError) minikube failed to build an image +"GUEST_IMAGE_SAVE" (Exit code ExGuestError) +minikube failed to push or save an image + "GUEST_LOAD_HOST" (Exit code ExGuestError) minikube failed to load host From fa8ee4957e1969e04acd6023e087b65bc8f26b93 Mon Sep 17 00:00:00 2001 From: Predrag Rogic Date: Fri, 13 Aug 2021 23:28:48 +0100 Subject: [PATCH 143/205] fix original pr 12162 --- pkg/minikube/image/image.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/minikube/image/image.go b/pkg/minikube/image/image.go index f10b4c16fd..2bbcf919cb 100644 --- a/pkg/minikube/image/image.go +++ b/pkg/minikube/image/image.go @@ -225,7 +225,7 @@ func uploadImage(tag name.Tag, p string) error { klog.Infof("uploading image: %+v from: %s", ref, p) if useDaemon { - return uploadDaemon(ref, img) + return uploadDaemon(tag, img) } if useRemote { return uploadRemote(ref, img, defaultPlatform) @@ -233,10 +233,10 @@ func uploadImage(tag name.Tag, p string) error { return nil } -func uploadDaemon(ref name.Reference, img v1.Image) error { - resp, err := daemon.Write(ref, img) +func uploadDaemon(tag name.Tag, img v1.Image) error { + resp, err := daemon.Write(tag, img) if err != nil { - klog.Warningf("daemon load for %s: %v\n%s", ref, err, resp) + klog.Warningf("daemon load for %s: %v\n%s", tag, err, resp) } return err } From 5efcdf83ab9d60a178594dfcdd5c5bd178f30a19 Mon Sep 17 00:00:00 2001 From: Predrag Rogic Date: Sat, 14 Aug 2021 14:39:49 +0100 Subject: [PATCH 144/205] fix boilerplate for time-to-k8s git submodule --- test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test.sh b/test.sh index 7473d2d5b9..911c762ae4 100755 --- a/test.sh +++ b/test.sh @@ -45,7 +45,7 @@ then readonly BDIR="${ROOT_DIR}/hack/boilerplate" pushd . >/dev/null cd ${BDIR} - missing="$(go run boilerplate.go -rootdir ${ROOT_DIR} -boilerplate-dir ${BDIR} | egrep -v '/assets.go|/translations.go|/site/themes/|/site/node_modules|\./out|/hugo/' || true)" + missing="$(go run boilerplate.go -rootdir ${ROOT_DIR} -boilerplate-dir ${BDIR} | egrep -v '/assets.go|/translations.go|/site/themes/|/site/node_modules|\./out|/hugo/|hack/benchmark/time-to-k8s/time-to-k8s-repo' || true)" if [[ -n "${missing}" ]]; then echo "boilerplate missing: $missing" echo "consider running: ${BDIR}/fix.sh" From f91a11192ed1b319ab476434110cc6734107e332 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Sat, 14 Aug 2021 20:29:15 +0200 Subject: [PATCH 145/205] Upgrade Buildroot to 2021.02 LTS with Linux 4.19 Upgrade kernel minor version to distribution default Add patch to allow building go inside minikube mod Add sysctl override to revert systemd 245+ rp_filter BR2_PACKAGE_LUAJIT Make sure to build lua required for sysdig BR2_PACKAGE_LZ4_PROGS Make sure to build lz4 required for preload BR2_PACKAGE_UTIL_LINUX_BINARIES Make sure to build lsblk required for automount --- Makefile | 6 +- ...dist-generate-stub-go.mod-in-workdir.patch | 78 +++++++++++++++++++ .../etc/sysctl.d/90-cilium-rp_filter.conf | 2 + .../minikube-iso/configs/minikube_defconfig | 8 +- 4 files changed, 88 insertions(+), 6 deletions(-) create mode 100644 deploy/iso/minikube-iso/board/coreos/minikube/patches/go/1.15.15/dist-generate-stub-go.mod-in-workdir.patch create mode 100644 deploy/iso/minikube-iso/board/coreos/minikube/rootfs-overlay/etc/sysctl.d/90-cilium-rp_filter.conf diff --git a/Makefile b/Makefile index b7f4317bd7..818ffdd63b 100644 --- a/Makefile +++ b/Makefile @@ -40,7 +40,7 @@ KVM_GO_VERSION ?= $(GO_VERSION:.0=) INSTALL_SIZE ?= $(shell du out/minikube-windows-amd64.exe | cut -f1) -BUILDROOT_BRANCH ?= 2020.02.12 +BUILDROOT_BRANCH ?= 2021.02.4 REGISTRY ?= gcr.io/k8s-minikube # Get git commit id @@ -66,7 +66,7 @@ MINIKUBE_BUCKET ?= minikube/releases MINIKUBE_UPLOAD_LOCATION := gs://${MINIKUBE_BUCKET} MINIKUBE_RELEASES_URL=https://github.com/kubernetes/minikube/releases/download -KERNEL_VERSION ?= 4.19.182 +KERNEL_VERSION ?= 4.19.202 # latest from https://github.com/golangci/golangci-lint/releases # update this only by running `make update-golint-version` GOLINT_VERSION ?= v1.41.1 @@ -282,8 +282,6 @@ minikube_iso: deploy/iso/minikube-iso/board/coreos/minikube/rootfs-overlay/usr/b git clone --depth=1 --branch=$(BUILDROOT_BRANCH) https://github.com/buildroot/buildroot $(BUILD_DIR)/buildroot; \ fi; $(MAKE) BR2_EXTERNAL=../../deploy/iso/minikube-iso minikube_defconfig -C $(BUILD_DIR)/buildroot - mkdir -p $(BUILD_DIR)/buildroot/output/build - echo "module buildroot.org/go" > $(BUILD_DIR)/buildroot/output/build/go.mod $(MAKE) -C $(BUILD_DIR)/buildroot host-python $(MAKE) -C $(BUILD_DIR)/buildroot mv $(BUILD_DIR)/buildroot/output/images/rootfs.iso9660 $(BUILD_DIR)/minikube.iso diff --git a/deploy/iso/minikube-iso/board/coreos/minikube/patches/go/1.15.15/dist-generate-stub-go.mod-in-workdir.patch b/deploy/iso/minikube-iso/board/coreos/minikube/patches/go/1.15.15/dist-generate-stub-go.mod-in-workdir.patch new file mode 100644 index 0000000000..1cdd0b5936 --- /dev/null +++ b/deploy/iso/minikube-iso/board/coreos/minikube/patches/go/1.15.15/dist-generate-stub-go.mod-in-workdir.patch @@ -0,0 +1,78 @@ +From 2b512af2ddaae01926fdcc9056b71017cac2a8d2 Mon Sep 17 00:00:00 2001 +From: Tamir Duberstein +Date: Thu, 25 Feb 2021 16:44:46 -0500 +Subject: [PATCH] dist: generate stub go.mod in workdir + +(cherry picked from commit c6374f516206c02b905d0d76ee1a66dab6fcd212) +--- + src/cmd/dist/build.go | 26 ++++++-------------------- + 1 file changed, 6 insertions(+), 20 deletions(-) + +diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go +index 9e2b4f33b8..e5a7f9e9c4 100644 +--- a/src/cmd/dist/build.go ++++ b/src/cmd/dist/build.go +@@ -110,9 +110,6 @@ func xinit() { + fatalf("$GOROOT must be set") + } + goroot = filepath.Clean(b) +- if modRoot := findModuleRoot(goroot); modRoot != "" { +- fatalf("found go.mod file in %s: $GOROOT must not be inside a module", modRoot) +- } + + b = os.Getenv("GOROOT_FINAL") + if b == "" { +@@ -244,6 +241,9 @@ func xinit() { + os.Setenv("LANGUAGE", "en_US.UTF8") + + workdir = xworkdir() ++ if err := ioutil.WriteFile(pathf("%s/go.mod", workdir), []byte("module bootstrap"), 0666); err != nil { ++ fatalf("cannot write stub go.mod: %s", err) ++ } + xatexit(rmworkdir) + + tooldir = pathf("%s/pkg/tool/%s_%s", goroot, gohostos, gohostarch) +@@ -1484,11 +1484,11 @@ func goCmd(goBinary string, cmd string, args ...string) { + goCmd = append(goCmd, "-p=1") + } + +- run(goroot, ShowOutput|CheckExit, append(goCmd, args...)...) ++ run(workdir, ShowOutput|CheckExit, append(goCmd, args...)...) + } + + func checkNotStale(goBinary string, targets ...string) { +- out := run(goroot, CheckExit, ++ out := run(workdir, CheckExit, + append([]string{ + goBinary, + "list", "-gcflags=all=" + gogcflags, "-ldflags=all=" + goldflags, +@@ -1498,7 +1498,7 @@ func checkNotStale(goBinary string, targets ...string) { + os.Setenv("GODEBUG", "gocachehash=1") + for _, target := range []string{"runtime/internal/sys", "cmd/dist", "cmd/link"} { + if strings.Contains(out, "STALE "+target) { +- run(goroot, ShowOutput|CheckExit, goBinary, "list", "-f={{.ImportPath}} {{.Stale}}", target) ++ run(workdir, ShowOutput|CheckExit, goBinary, "list", "-f={{.ImportPath}} {{.Stale}}", target) + break + } + } +@@ -1590,20 +1590,6 @@ func checkCC() { + } + } + +-func findModuleRoot(dir string) (root string) { +- for { +- if fi, err := os.Stat(filepath.Join(dir, "go.mod")); err == nil && !fi.IsDir() { +- return dir +- } +- d := filepath.Dir(dir) +- if d == dir { +- break +- } +- dir = d +- } +- return "" +-} +- + func defaulttarg() string { + // xgetwd might return a path with symlinks fully resolved, and if + // there happens to be symlinks in goroot, then the hasprefix test diff --git a/deploy/iso/minikube-iso/board/coreos/minikube/rootfs-overlay/etc/sysctl.d/90-cilium-rp_filter.conf b/deploy/iso/minikube-iso/board/coreos/minikube/rootfs-overlay/etc/sysctl.d/90-cilium-rp_filter.conf new file mode 100644 index 0000000000..aa285916a5 --- /dev/null +++ b/deploy/iso/minikube-iso/board/coreos/minikube/rootfs-overlay/etc/sysctl.d/90-cilium-rp_filter.conf @@ -0,0 +1,2 @@ +net.ipv4.conf.lxc*.rp_filter = 0 +net.ipv4.conf.cilium_*.rp_filter = 0 diff --git a/deploy/iso/minikube-iso/configs/minikube_defconfig b/deploy/iso/minikube-iso/configs/minikube_defconfig index dcae296ff5..9cd682c723 100644 --- a/deploy/iso/minikube-iso/configs/minikube_defconfig +++ b/deploy/iso/minikube-iso/configs/minikube_defconfig @@ -18,13 +18,12 @@ BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_MINIKUBE_PATH)/board/coreos/minikube/use BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_MINIKUBE_PATH)/board/coreos/minikube/rootfs-overlay" BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.182" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.202" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_MINIKUBE_PATH)/board/coreos/minikube/linux_defconfig" BR2_LINUX_KERNEL_LZ4=y BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y BR2_PACKAGE_GZIP=y -BR2_PACKAGE_LZ4=y BR2_PACKAGE_XZ=y BR2_PACKAGE_STRACE=y BR2_PACKAGE_SYSDIG=y @@ -37,6 +36,9 @@ BR2_PACKAGE_SSHFS=y BR2_PACKAGE_XFSPROGS=y BR2_PACKAGE_PARTED=y BR2_PACKAGE_SYSSTAT=y +BR2_PACKAGE_LUAJIT=y +BR2_PACKAGE_LZ4=y +BR2_PACKAGE_LZ4_PROGS=y BR2_PACKAGE_CA_CERTIFICATES=y BR2_PACKAGE_LIBOPENSSL_BIN=y BR2_PACKAGE_LIBCURL_CURL=y @@ -58,7 +60,9 @@ BR2_PACKAGE_PSMISC=y BR2_PACKAGE_SYSTEMD_LOGIND=y BR2_PACKAGE_SYSTEMD_MACHINED=y BR2_PACKAGE_TAR=y +BR2_PACKAGE_UTIL_LINUX_BINARIES=y BR2_PACKAGE_UTIL_LINUX_LOSETUP=y +BR2_PACKAGE_UTIL_LINUX_NOLOGIN=y BR2_PACKAGE_UTIL_LINUX_NSENTER=y BR2_PACKAGE_UTIL_LINUX_SCHEDUTILS=y BR2_TARGET_ROOTFS_CPIO_GZIP=y From d7484e41ee9f347cdc1a1774c65e034ab9734c71 Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Sat, 14 Aug 2021 22:13:14 +0000 Subject: [PATCH 146/205] Updating ISO to v1.22.0-1628974786-12268 --- Makefile | 2 +- pkg/minikube/download/iso.go | 2 +- site/content/en/docs/commands/start.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 818ffdd63b..da260e6607 100644 --- a/Makefile +++ b/Makefile @@ -23,7 +23,7 @@ KUBERNETES_VERSION ?= $(shell egrep "DefaultKubernetesVersion =" pkg/minikube/co KIC_VERSION ?= $(shell egrep "Version =" pkg/drivers/kic/types.go | cut -d \" -f2) # Default to .0 for higher cache hit rates, as build increments typically don't require new ISO versions -ISO_VERSION ?= v1.22.0-1628622362-12032 +ISO_VERSION ?= v1.22.0-1628974786-12268 # Dashes are valid in semver, but not Linux packaging. Use ~ to delimit alpha/beta DEB_VERSION ?= $(subst -,~,$(RAW_VERSION)) DEB_REVISION ?= 0 diff --git a/pkg/minikube/download/iso.go b/pkg/minikube/download/iso.go index 79f618cc09..ca6f42fc4c 100644 --- a/pkg/minikube/download/iso.go +++ b/pkg/minikube/download/iso.go @@ -40,7 +40,7 @@ const fileScheme = "file" // DefaultISOURLs returns a list of ISO URL's to consult by default, in priority order func DefaultISOURLs() []string { v := version.GetISOVersion() - isoBucket := "minikube-builds/iso/12032" + isoBucket := "minikube-builds/iso/12268" return []string{ fmt.Sprintf("https://storage.googleapis.com/%s/minikube-%s.iso", isoBucket, v), fmt.Sprintf("https://github.com/kubernetes/minikube/releases/download/%s/minikube-%s.iso", v, v), diff --git a/site/content/en/docs/commands/start.md b/site/content/en/docs/commands/start.md index cc960f7888..a57cd14c07 100644 --- a/site/content/en/docs/commands/start.md +++ b/site/content/en/docs/commands/start.md @@ -65,7 +65,7 @@ minikube start [flags] --insecure-registry strings Insecure Docker registries to pass to the Docker daemon. The default service CIDR range will automatically be added. --install-addons If set, install addons. Defaults to true. (default true) --interactive Allow user prompts for more information (default true) - --iso-url strings Locations to fetch the minikube ISO from. (default [https://storage.googleapis.com/minikube-builds/iso/12032/minikube-v1.22.0-1628622362-12032.iso,https://github.com/kubernetes/minikube/releases/download/v1.22.0-1628622362-12032/minikube-v1.22.0-1628622362-12032.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.22.0-1628622362-12032.iso]) + --iso-url strings Locations to fetch the minikube ISO from. (default [https://storage.googleapis.com/minikube-builds/iso/12268/minikube-v1.22.0-1628974786-12268.iso,https://github.com/kubernetes/minikube/releases/download/v1.22.0-1628974786-12268/minikube-v1.22.0-1628974786-12268.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.22.0-1628974786-12268.iso]) --keep-context This will keep the existing kubectl context and will create a minikube context. --kubernetes-version string The Kubernetes version that the minikube VM will use (ex: v1.2.3, 'stable' for v1.21.3, 'latest' for v1.22.0-rc.0). Defaults to 'stable'. --kvm-gpu Enable experimental NVIDIA GPU support in minikube From 9e588e6ba14f2ab68ab7284348fe507af6c43f1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Sun, 15 Aug 2021 20:20:07 +0200 Subject: [PATCH 147/205] Add stand-alone image pull and image tag commands Needed for testing, but maybe elsewhere as well --- cmd/minikube/cmd/image.go | 42 +++++++++ pkg/minikube/cruntime/containerd.go | 10 +++ pkg/minikube/cruntime/crio.go | 10 +++ pkg/minikube/cruntime/cruntime.go | 2 + pkg/minikube/cruntime/docker.go | 10 +++ pkg/minikube/machine/cache_images.go | 57 ++++++++++++ pkg/minikube/reason/reason.go | 4 + site/content/en/docs/commands/image.md | 88 +++++++++++++++++++ site/content/en/docs/contrib/errorcodes.en.md | 6 ++ translations/strings.txt | 5 ++ 10 files changed, 234 insertions(+) diff --git a/cmd/minikube/cmd/image.go b/cmd/minikube/cmd/image.go index 8fdc870e57..c4ef1aab08 100644 --- a/cmd/minikube/cmd/image.go +++ b/cmd/minikube/cmd/image.go @@ -236,6 +236,24 @@ $ minikube image unload image busybox }, } +var pullImageCmd = &cobra.Command{ + Use: "pull", + Short: "Pull images", + Example: ` +$ minikube image pull busybox +`, + Run: func(cmd *cobra.Command, args []string) { + profile, err := config.LoadProfile(viper.GetString(config.ProfileName)) + if err != nil { + exit.Error(reason.Usage, "loading profile", err) + } + + if err := machine.PullImages(args, profile); err != nil { + exit.Error(reason.GuestImagePull, "Failed to pull images", err) + } + }, +} + func createTar(dir string) (string, error) { tar, err := docker.CreateTarStream(dir, dockerFile) if err != nil { @@ -316,6 +334,28 @@ $ minikube image ls }, } +var tagImageCmd = &cobra.Command{ + Use: "tag", + Short: "Tag images", + Example: ` +$ minikube image tag source target +`, + Aliases: []string{"list"}, + Run: func(cmd *cobra.Command, args []string) { + if len(args) != 2 { + exit.Message(reason.Usage, "Please provide source and target image") + } + profile, err := config.LoadProfile(viper.GetString(config.ProfileName)) + if err != nil { + exit.Error(reason.Usage, "loading profile", err) + } + + if err := machine.TagImage(profile, args[0], args[1]); err != nil { + exit.Error(reason.GuestImageTag, "Failed to tag images", err) + } + }, +} + func init() { loadImageCmd.Flags().BoolVarP(&pull, "pull", "", false, "Pull the remote image (no caching)") loadImageCmd.Flags().BoolVar(&imgDaemon, "daemon", false, "Cache image from docker daemon") @@ -323,6 +363,7 @@ func init() { loadImageCmd.Flags().BoolVar(&overwrite, "overwrite", true, "Overwrite image even if same image:tag name exists") imageCmd.AddCommand(loadImageCmd) imageCmd.AddCommand(removeImageCmd) + imageCmd.AddCommand(pullImageCmd) buildImageCmd.Flags().StringVarP(&tag, "tag", "t", "", "Tag to apply to the new image (optional)") buildImageCmd.Flags().BoolVarP(&push, "push", "", false, "Push the new image (requires tag)") buildImageCmd.Flags().StringVarP(&dockerFile, "file", "f", "", "Path to the Dockerfile to use (optional)") @@ -333,4 +374,5 @@ func init() { saveImageCmd.Flags().BoolVar(&imgRemote, "remote", false, "Cache image to remote registry") imageCmd.AddCommand(saveImageCmd) imageCmd.AddCommand(listImageCmd) + imageCmd.AddCommand(tagImageCmd) } diff --git a/pkg/minikube/cruntime/containerd.go b/pkg/minikube/cruntime/containerd.go index edc22533f1..13b0834e9b 100644 --- a/pkg/minikube/cruntime/containerd.go +++ b/pkg/minikube/cruntime/containerd.go @@ -305,6 +305,16 @@ func (r *Containerd) RemoveImage(name string) error { return removeCRIImage(r.Runner, name) } +// TagImage tags an image in this runtime +func (r *Containerd) TagImage(source string, target string) error { + klog.Infof("Tagging image %s: %s", source, target) + c := exec.Command("sudo", "ctr", "-n=k8s.io", "images", "tag", source, target) + if _, err := r.Runner.RunCmd(c); err != nil { + return errors.Wrapf(err, "ctr images tag") + } + return nil +} + func gitClone(cr CommandRunner, src string) (string, error) { // clone to a temporary directory rr, err := cr.RunCmd(exec.Command("mktemp", "-d")) diff --git a/pkg/minikube/cruntime/crio.go b/pkg/minikube/cruntime/crio.go index 82d30647f6..ddb61ceb43 100644 --- a/pkg/minikube/cruntime/crio.go +++ b/pkg/minikube/cruntime/crio.go @@ -216,6 +216,16 @@ func (r *CRIO) RemoveImage(name string) error { return removeCRIImage(r.Runner, name) } +// TagImage tags an image in this runtime +func (r *CRIO) TagImage(source string, target string) error { + klog.Infof("Tagging image %s: %s", source, target) + c := exec.Command("sudo", "podman", "tag", source, target) + if _, err := r.Runner.RunCmd(c); err != nil { + return errors.Wrap(err, "crio tag image") + } + return nil +} + // BuildImage builds an image into this runtime func (r *CRIO) BuildImage(src string, file string, tag string, push bool, env []string, opts []string) error { klog.Infof("Building image: %s", src) diff --git a/pkg/minikube/cruntime/cruntime.go b/pkg/minikube/cruntime/cruntime.go index e2df9d83a9..2388abc8ac 100644 --- a/pkg/minikube/cruntime/cruntime.go +++ b/pkg/minikube/cruntime/cruntime.go @@ -103,6 +103,8 @@ type Manager interface { BuildImage(string, string, string, bool, []string, []string) error // Save an image from the runtime on a host SaveImage(string, string) error + // Tag an image + TagImage(string, string) error // ImageExists takes image name and image sha checks if an it exists ImageExists(string, string) bool diff --git a/pkg/minikube/cruntime/docker.go b/pkg/minikube/cruntime/docker.go index c25c6cc930..641775b78b 100644 --- a/pkg/minikube/cruntime/docker.go +++ b/pkg/minikube/cruntime/docker.go @@ -244,6 +244,16 @@ func (r *Docker) RemoveImage(name string) error { return nil } +// TagImage tags an image in this runtime +func (r *Docker) TagImage(source string, target string) error { + klog.Infof("Tagging image %s: %s", source, target) + c := exec.Command("docker", "tag", source, target) + if _, err := r.Runner.RunCmd(c); err != nil { + return errors.Wrap(err, "tag image docker.") + } + return nil +} + // BuildImage builds an image into this runtime func (r *Docker) BuildImage(src string, file string, tag string, push bool, env []string, opts []string) error { klog.Infof("Building image: %s", src) diff --git a/pkg/minikube/machine/cache_images.go b/pkg/minikube/machine/cache_images.go index f7ba9b8e3f..de3edefc4e 100644 --- a/pkg/minikube/machine/cache_images.go +++ b/pkg/minikube/machine/cache_images.go @@ -710,3 +710,60 @@ func ListImages(profile *config.Profile) error { return nil } + +// TagImage tags image in all nodes in profile +func TagImage(profile *config.Profile, source string, target string) error { + api, err := NewAPIClient() + if err != nil { + return errors.Wrap(err, "error creating api client") + } + defer api.Close() + + succeeded := []string{} + failed := []string{} + + pName := profile.Name + + c, err := config.Load(pName) + if err != nil { + klog.Errorf("Failed to load profile %q: %v", pName, err) + return errors.Wrapf(err, "error loading config for profile :%v", pName) + } + + for _, n := range c.Nodes { + m := config.MachineName(*c, n) + + status, err := Status(api, m) + if err != nil { + klog.Warningf("error getting status for %s: %v", m, err) + continue + } + + if status == state.Running.String() { + h, err := api.Load(m) + if err != nil { + klog.Warningf("Failed to load machine %q: %v", m, err) + continue + } + runner, err := CommandRunner(h) + if err != nil { + return err + } + cruntime, err := cruntime.New(cruntime.Config{Type: c.KubernetesConfig.ContainerRuntime, Runner: runner}) + if err != nil { + return errors.Wrap(err, "error creating container runtime") + } + err = cruntime.TagImage(source, target) + if err != nil { + failed = append(failed, m) + klog.Warningf("Failed to tag image for profile %s %v", pName, err.Error()) + continue + } + succeeded = append(succeeded, m) + } + } + + klog.Infof("succeeded tagging in: %s", strings.Join(succeeded, " ")) + klog.Infof("failed tagging in: %s", strings.Join(failed, " ")) + return nil +} diff --git a/pkg/minikube/reason/reason.go b/pkg/minikube/reason/reason.go index dc01e2f3ae..824cf98612 100644 --- a/pkg/minikube/reason/reason.go +++ b/pkg/minikube/reason/reason.go @@ -315,10 +315,14 @@ var ( GuestImageLoad = Kind{ID: "GUEST_IMAGE_LOAD", ExitCode: ExGuestError} // minikube failed to remove an image GuestImageRemove = Kind{ID: "GUEST_IMAGE_REMOVE", ExitCode: ExGuestError} + // minikube failed to pull an image + GuestImagePull = Kind{ID: "GUEST_IMAGE_PULL", ExitCode: ExGuestError} // minikube failed to build an image GuestImageBuild = Kind{ID: "GUEST_IMAGE_BUILD", ExitCode: ExGuestError} // minikube failed to push or save an image GuestImageSave = Kind{ID: "GUEST_IMAGE_SAVE", ExitCode: ExGuestError} + // minikube failed to tag an image + GuestImageTag = Kind{ID: "GUEST_IMAGE_TAG", ExitCode: ExGuestError} // minikube failed to load host GuestLoadHost = Kind{ID: "GUEST_LOAD_HOST", ExitCode: ExGuestError} // minkube failed to create a mount diff --git a/site/content/en/docs/commands/image.md b/site/content/en/docs/commands/image.md index 112794ff40..9e9478b1b4 100644 --- a/site/content/en/docs/commands/image.md +++ b/site/content/en/docs/commands/image.md @@ -216,6 +216,48 @@ $ minikube image ls --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging ``` +## minikube image pull + +Pull images + +### Synopsis + +Pull images + +```shell +minikube image pull [flags] +``` + +### Examples + +``` + +$ minikube image pull busybox + +``` + +### Options inherited from parent commands + +``` + --add_dir_header If true, adds the file directory to the header of the log messages + --alsologtostderr log to standard error as well as files + -b, --bootstrapper string The name of the cluster bootstrapper that will set up the Kubernetes cluster. (default "kubeadm") + -h, --help + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --log_file string If non-empty, use this log file + --log_file_max_size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) + --logtostderr log to standard error instead of files + --one_output If true, only write logs to their native severity level (vs also writing to each lower severity level) + -p, --profile string The name of the minikube VM being used. This can be set to allow having multiple instances of minikube independently. (default "minikube") + --skip_headers If true, avoid header prefixes in the log messages + --skip_log_headers If true, avoid headers when opening log files + --stderrthreshold severity logs at or above this threshold go to stderr (default 2) + --user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username. + -v, --v Level number for the log level verbosity + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + ## minikube image rm Remove one or more images @@ -312,3 +354,49 @@ minikube image save image image.tar --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging ``` +## minikube image tag + +Tag images + +### Synopsis + +Tag images + +```shell +minikube image tag [flags] +``` + +### Aliases + +[list] + +### Examples + +``` + +$ minikube image tag source target + +``` + +### Options inherited from parent commands + +``` + --add_dir_header If true, adds the file directory to the header of the log messages + --alsologtostderr log to standard error as well as files + -b, --bootstrapper string The name of the cluster bootstrapper that will set up the Kubernetes cluster. (default "kubeadm") + -h, --help + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --log_file string If non-empty, use this log file + --log_file_max_size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) + --logtostderr log to standard error instead of files + --one_output If true, only write logs to their native severity level (vs also writing to each lower severity level) + -p, --profile string The name of the minikube VM being used. This can be set to allow having multiple instances of minikube independently. (default "minikube") + --skip_headers If true, avoid header prefixes in the log messages + --skip_log_headers If true, avoid headers when opening log files + --stderrthreshold severity logs at or above this threshold go to stderr (default 2) + --user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username. + -v, --v Level number for the log level verbosity + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + diff --git a/site/content/en/docs/contrib/errorcodes.en.md b/site/content/en/docs/contrib/errorcodes.en.md index c3621b7ed4..6708070693 100644 --- a/site/content/en/docs/contrib/errorcodes.en.md +++ b/site/content/en/docs/contrib/errorcodes.en.md @@ -378,12 +378,18 @@ minikube failed to pull or load an image "GUEST_IMAGE_REMOVE" (Exit code ExGuestError) minikube failed to remove an image +"GUEST_IMAGE_PULL" (Exit code ExGuestError) +minikube failed to pull an image + "GUEST_IMAGE_BUILD" (Exit code ExGuestError) minikube failed to build an image "GUEST_IMAGE_SAVE" (Exit code ExGuestError) minikube failed to push or save an image +"GUEST_IMAGE_TAG" (Exit code ExGuestError) +minikube failed to tag an image + "GUEST_LOAD_HOST" (Exit code ExGuestError) minikube failed to load host diff --git a/translations/strings.txt b/translations/strings.txt index 9dfd494451..a88b3d4354 100644 --- a/translations/strings.txt +++ b/translations/strings.txt @@ -233,6 +233,7 @@ "Failed to load image": "", "Failed to persist images": "", "Failed to pull image": "", + "Failed to pull images": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", @@ -243,6 +244,7 @@ "Failed to start container runtime": "", "Failed to start {{.driver}} {{.driver_type}}. Running \"{{.cmd}}\" may fix it: {{.error}}": "", "Failed to stop node {{.name}}": "", + "Failed to tag images": "", "Failed to update cluster": "", "Failed to update config": "", "Failed unmount: {{.error}}": "", @@ -406,6 +408,7 @@ "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", + "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", "Please re-eval your podman-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t": "", "Please see {{.documentation_url}} for more details": "", @@ -430,6 +433,7 @@ "Profile name '{{.profilename}}' is not valid": "", "Profile name should be unique": "", "Provide VM UUID to restore MAC address (hyperkit driver only)": "", + "Pull images": "", "Pull the remote image (no caching)": "", "Pulling base image ...": "", "Push the new image (requires tag)": "", @@ -546,6 +550,7 @@ "Successfully stopped node {{.name}}": "", "Suggestion: {{.advice}}": "", "System only has {{.size}}MiB available, less than the required {{.req}}MiB for Kubernetes": "", + "Tag images": "", "Tag to apply to the new image (optional)": "", "Target directory {{.path}} must be an absolute path": "", "Target {{.path}} can not be empty": "", From ab61a07f9597dd5929e9edb818c41722d9e4c48f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Sun, 15 Aug 2021 20:25:37 +0200 Subject: [PATCH 148/205] Make sure to use sudo for load/save docker images Add a test for SaveImage, similar to LoadImage --- pkg/minikube/cruntime/docker.go | 4 +- site/content/en/docs/contrib/tests.en.md | 6 ++ test/integration/functional_test.go | 99 +++++++++++++++++++++++- 3 files changed, 106 insertions(+), 3 deletions(-) diff --git a/pkg/minikube/cruntime/docker.go b/pkg/minikube/cruntime/docker.go index 641775b78b..d805201da0 100644 --- a/pkg/minikube/cruntime/docker.go +++ b/pkg/minikube/cruntime/docker.go @@ -201,7 +201,7 @@ func (r *Docker) ListImages(ListImagesOptions) ([]string, error) { // LoadImage loads an image into this runtime func (r *Docker) LoadImage(path string) error { klog.Infof("Loading image: %s", path) - c := exec.Command("docker", "load", "-i", path) + c := exec.Command("/bin/bash", "-c", fmt.Sprintf("sudo cat %s | docker load", path)) if _, err := r.Runner.RunCmd(c); err != nil { return errors.Wrap(err, "loadimage docker.") } @@ -224,7 +224,7 @@ func (r *Docker) PullImage(name string) error { // SaveImage saves an image from this runtime func (r *Docker) SaveImage(name string, path string) error { klog.Infof("Saving image %s: %s", name, path) - c := exec.Command("docker", "save", name, "-o", path) + c := exec.Command("/bin/bash", "-c", fmt.Sprintf("docker save '%s' | sudo tee %s >/dev/null", name, path)) if _, err := r.Runner.RunCmd(c); err != nil { return errors.Wrap(err, "saveimage docker.") } diff --git a/site/content/en/docs/contrib/tests.en.md b/site/content/en/docs/contrib/tests.en.md index f3c3efe625..119eef71ed 100644 --- a/site/content/en/docs/contrib/tests.en.md +++ b/site/content/en/docs/contrib/tests.en.md @@ -84,6 +84,12 @@ makes sure that `minikube image load` works from a local file #### validateRemoveImage makes sures that `minikube image rm` works as expected +#### validateSaveImage +makes sure that `minikube image save` works as expected + +#### validateSaveImageToFile +makes sure that `minikube image save` works to a local file + #### validateBuildImage makes sures that `minikube image build` works as expected diff --git a/test/integration/functional_test.go b/test/integration/functional_test.go index 10bee2cbbf..cd784cba61 100644 --- a/test/integration/functional_test.go +++ b/test/integration/functional_test.go @@ -151,8 +151,10 @@ func TestFunctional(t *testing.T) { {"PodmanEnv", validatePodmanEnv}, {"NodeLabels", validateNodeLabels}, {"LoadImage", validateLoadImage}, + {"SaveImage", validateSaveImage}, {"RemoveImage", validateRemoveImage}, {"LoadImageFromFile", validateLoadImageFromFile}, + {"SaveImageToFile", validateSaveImageToFile}, {"BuildImage", validateBuildImage}, {"ListImages", validateListImages}, {"NonActiveRuntimeDisabled", validateNotActiveRuntimeDisabled}, @@ -249,7 +251,7 @@ func validateLoadImage(ctx context.Context, t *testing.T, profile string) { } // try to load the new image into minikube - rr, err = Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "image", "load", newImage)) + rr, err = Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "image", "load", "--daemon", newImage)) if err != nil { t.Fatalf("loading image into minikube: %v\n%s", err, rr.Output()) } @@ -363,6 +365,101 @@ func validateRemoveImage(ctx context.Context, t *testing.T, profile string) { } +// validateSaveImage makes sure that `minikube image save` works as expected +func validateSaveImage(ctx context.Context, t *testing.T, profile string) { + if NoneDriver() { + t.Skip("load image not available on none driver") + } + if GithubActionRunner() && runtime.GOOS == "darwin" { + t.Skip("skipping on github actions and darwin, as this test requires a running docker daemon") + } + defer PostMortemLogs(t, profile) + // pull busybox + busyboxImage := "docker.io/library/busybox:1.29" + rr, err := Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "image", "pull", busyboxImage)) + if err != nil { + t.Fatalf("failed to setup test (pull image): %v\n%s", err, rr.Output()) + } + + // tag busybox + name := "busybox" + tag := fmt.Sprintf("save-%s", profile) + newImage := fmt.Sprintf("docker.io/library/%s:%s", name, tag) + rr, err = Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "image", "tag", busyboxImage, newImage)) + if err != nil { + t.Fatalf("failed to setup test (tag image) : %v\n%s", err, rr.Output()) + } + + // try to save the new image from minikube + rr, err = Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "image", "save", "--daemon", newImage)) + if err != nil { + t.Fatalf("loading image into minikube: %v\n%s", err, rr.Output()) + } + + // make sure the image was correctly loaded + rr, err = Run(t, exec.CommandContext(ctx, "docker", "images", name)) + if err != nil { + t.Fatalf("listing images: %v\n%s", err, rr.Output()) + } + if !strings.Contains(rr.Output(), fmt.Sprintf("save-%s", profile)) { + t.Fatalf("expected %s to be loaded into minikube but the image is not there", newImage) + } + +} + +// validateSaveImageToFile makes sure that `minikube image save` works to a local file +func validateSaveImageToFile(ctx context.Context, t *testing.T, profile string) { + if NoneDriver() { + t.Skip("save image not available on none driver") + } + if GithubActionRunner() && runtime.GOOS == "darwin" { + t.Skip("skipping on github actions and darwin, as this test requires a running docker daemon") + } + defer PostMortemLogs(t, profile) + // pull busybox + busyboxImage := "docker.io/library/busybox:1.30" + rr, err := Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "image", "pull", busyboxImage)) + if err != nil { + t.Fatalf("failed to setup test (pull image): %v\n%s", err, rr.Output()) + } + + name := "busybox" + tag := fmt.Sprintf("save-to-file-%s", profile) + taggedImage := fmt.Sprintf("docker.io/library/%s:%s", name, tag) + rr, err = Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "image", "tag", busyboxImage, taggedImage)) + if err != nil { + t.Fatalf("failed to setup test (tag image) : %v\n%s", err, rr.Output()) + } + + // try to save the new image from minikube + imageFile := "busybox.tar" + imagePath, err := filepath.Abs(imageFile) + if err != nil { + t.Fatalf("failed to get absolute path of file %q: %v", imageFile, err) + } + rr, err = Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "image", "save", taggedImage, imagePath)) + if err != nil { + t.Fatalf("saving image from minikube: %v\n%s", err, rr.Output()) + } + + // load image from file + rr, err = Run(t, exec.CommandContext(ctx, "docker", "load", "-i", imagePath)) + if err != nil { + t.Fatalf("failed to load image to file: %v\n%s", err, rr.Output()) + } + defer os.Remove(imageFile) + + // make sure the image was correctly loaded + rr, err = Run(t, exec.CommandContext(ctx, "docker", "images", name)) + if err != nil { + t.Fatalf("listing images: %v\n%s", err, rr.Output()) + } + if !strings.Contains(rr.Output(), tag) { + t.Fatalf("expected %s to be loaded but the image is not there", taggedImage) + } + +} + func inspectImage(ctx context.Context, t *testing.T, profile string, image string) (*RunResult, error) { var cmd *exec.Cmd if ContainerRuntime() == "docker" { From b85c4fe0fcec6d00161b49ecbfd8182c89122b1a Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Mon, 16 Aug 2021 14:24:48 -0700 Subject: [PATCH 149/205] common calico func --- pkg/minikube/bootstrapper/images/images.go | 29 ++++++++++------------ 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/pkg/minikube/bootstrapper/images/images.go b/pkg/minikube/bootstrapper/images/images.go index 319983e7f9..8c7de8ef64 100644 --- a/pkg/minikube/bootstrapper/images/images.go +++ b/pkg/minikube/bootstrapper/images/images.go @@ -165,35 +165,32 @@ func KindNet(repo string) string { // all calico images are from https://docs.projectcalico.org/manifests/calico.yaml const calicoVersion = "v3.20.0" +const calicoRepo = "docker.io/calico" // CalicoDaemonSet returns the image used for calicoDaemonSet func CalicoDaemonSet(repo string) string { - if repo == "" { - repo = "docker.io/calico" - } - return path.Join(repo, "node:"+calicoVersion) + return calicoCommon(repo, "node") + } // CalicoDeployment returns the image used for calicoDeployment func CalicoDeployment(repo string) string { - if repo == "" { - repo = "docker.io/calico" - } - return path.Join(repo, "kube-controllers:"+calicoVersion) + return calicoCommon(repo, "kube-controllers") } // CalicoFelixDriver returns image used for felix driver func CalicoFelixDriver(repo string) string { - if repo == "" { - repo = "docker.io/calico" - } - return path.Join(repo, "pod2daemon-flexvol:"+calicoVersion) + return calicoCommon(repo, "pod2daemon-flexvol") } // CalicoBin returns image used for calico binary image func CalicoBin(repo string) string { - if repo == "" { - repo = "docker.io/calico" - } - return path.Join(repo, "cni:"+calicoVersion) + return calicoCommon(repo, "cni") +} + +func calicoCommon(repo string, name string) string { + if repo == "" { + repo = calicoRepo + } + return path.Join(repo, fmt.Sprintf("%s:%s", name, calicoVersion)) } From 11d31dda140cb57acc94f5a11855f19187b8e440 Mon Sep 17 00:00:00 2001 From: Predrag Rogic Date: Mon, 16 Aug 2021 23:12:38 +0100 Subject: [PATCH 150/205] early check if image exists at all --- pkg/minikube/cruntime/containerd.go | 10 +++++++--- pkg/minikube/cruntime/crio.go | 4 ++-- pkg/minikube/cruntime/cruntime.go | 2 +- pkg/minikube/cruntime/docker.go | 4 ++-- pkg/minikube/machine/cache_images.go | 4 ++++ 5 files changed, 16 insertions(+), 8 deletions(-) diff --git a/pkg/minikube/cruntime/containerd.go b/pkg/minikube/cruntime/containerd.go index 13b0834e9b..cb61f3b980 100644 --- a/pkg/minikube/cruntime/containerd.go +++ b/pkg/minikube/cruntime/containerd.go @@ -248,10 +248,14 @@ func (r *Containerd) Disable() error { return r.Init.ForceStop("containerd") } -// ImageExists checks if an image exists, expected input format +// ImageExists checks if image exists based on image name and optionally image sha func (r *Containerd) ImageExists(name string, sha string) bool { - c := exec.Command("/bin/bash", "-c", fmt.Sprintf("sudo ctr -n=k8s.io images check | grep %s | grep %s", name, sha)) - if _, err := r.Runner.RunCmd(c); err != nil { + c := exec.Command("/bin/bash", "-c", fmt.Sprintf("sudo ctr -n=k8s.io images check | grep %s", name)) + rr, err := r.Runner.RunCmd(c) + if err != nil { + return false + } + if sha != "" && !strings.Contains(rr.Output(), sha) { return false } return true diff --git a/pkg/minikube/cruntime/crio.go b/pkg/minikube/cruntime/crio.go index ddb61ceb43..820ade8e16 100644 --- a/pkg/minikube/cruntime/crio.go +++ b/pkg/minikube/cruntime/crio.go @@ -162,7 +162,7 @@ func (r *CRIO) Disable() error { return r.Init.ForceStop("crio") } -// ImageExists checks if an image exists +// ImageExists checks if image exists based on image name and optionally image sha func (r *CRIO) ImageExists(name string, sha string) bool { // expected output looks like [NAME@sha256:SHA] c := exec.Command("sudo", "podman", "image", "inspect", "--format", "{{.Id}}", name) @@ -170,7 +170,7 @@ func (r *CRIO) ImageExists(name string, sha string) bool { if err != nil { return false } - if !strings.Contains(rr.Output(), sha) { + if sha != "" && !strings.Contains(rr.Output(), sha) { return false } return true diff --git a/pkg/minikube/cruntime/cruntime.go b/pkg/minikube/cruntime/cruntime.go index 2388abc8ac..1ad073a7aa 100644 --- a/pkg/minikube/cruntime/cruntime.go +++ b/pkg/minikube/cruntime/cruntime.go @@ -106,7 +106,7 @@ type Manager interface { // Tag an image TagImage(string, string) error - // ImageExists takes image name and image sha checks if an it exists + // ImageExists takes image name and optionally image sha to check if an image exists ImageExists(string, string) bool // ListImages returns a list of images managed by this container runtime ListImages(ListImagesOptions) ([]string, error) diff --git a/pkg/minikube/cruntime/docker.go b/pkg/minikube/cruntime/docker.go index d805201da0..aace65297a 100644 --- a/pkg/minikube/cruntime/docker.go +++ b/pkg/minikube/cruntime/docker.go @@ -165,7 +165,7 @@ func (r *Docker) Disable() error { return r.Init.Mask("docker.service") } -// ImageExists checks if an image exists +// ImageExists checks if image exists based on image name and optionally image sha func (r *Docker) ImageExists(name string, sha string) bool { // expected output looks like [SHA_ALGO:SHA] c := exec.Command("docker", "image", "inspect", "--format", "{{.Id}}", name) @@ -173,7 +173,7 @@ func (r *Docker) ImageExists(name string, sha string) bool { if err != nil { return false } - if !strings.Contains(rr.Output(), sha) { + if sha != "" && !strings.Contains(rr.Output(), sha) { return false } return true diff --git a/pkg/minikube/machine/cache_images.go b/pkg/minikube/machine/cache_images.go index de3edefc4e..ce91789776 100644 --- a/pkg/minikube/machine/cache_images.go +++ b/pkg/minikube/machine/cache_images.go @@ -461,6 +461,10 @@ func transferAndSaveImage(cr command.Runner, k8s config.KubernetesConfig, dst st return errors.Wrap(err, "runtime") } + if !r.ImageExists(imgName, "") { + return errors.Errorf("image %s not found", imgName) + } + klog.Infof("Saving image to: %s", dst) filename := filepath.Base(dst) From 0167da64358170ccce41cd2bdacb6df6b73985f2 Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Mon, 16 Aug 2021 15:50:33 -0700 Subject: [PATCH 151/205] add solution message for cgroup related issues on cloud shell-like environments --- pkg/minikube/reason/known_issues.go | 31 +++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/pkg/minikube/reason/known_issues.go b/pkg/minikube/reason/known_issues.go index 41bfe18d98..c310f5e9af 100644 --- a/pkg/minikube/reason/known_issues.go +++ b/pkg/minikube/reason/known_issues.go @@ -175,6 +175,37 @@ var hostIssues = []match{ }, Regexp: re(`Container.*is not running.*chown docker:docker`), }, + { + Kind: Kind{ + ID: "HOST_CGROUP_NOT_SUPPORTED", + ExitCode: ExHostUnsupported, + Advice: `CGroup allocation is not available in your environment, You are possibly running minikube in a nested container, try run with these options: + + minikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable="" + + + `, + Issues: []int{12232}, + }, + Regexp: re(`Failed to start ContainerManager" err="Unit kubepods.slice already exists.`), + GOOS: []string{"linux"}, + }, + { + Kind: Kind{ + ID: "HOST_ROOT_CGROUP", + ExitCode: ExHostUnsupported, + Advice: `CGroup allocation is not available in your environment, You are possibly running minikube in a nested container, try run with these options: + + minikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable="" + + + `, + Issues: []int{12232}, + }, + Regexp: re(`Failed to start ContainerManager" err="failed to initialize top level QOS containers: root container [kubepods] doesn't exist`), + GOOS: []string{"linux"}, + }, + { Kind: Kind{ ID: "HOST_PIDS_CGROUP", From 30d55ca7f2dc2412500095fcb7433cb832979696 Mon Sep 17 00:00:00 2001 From: Medya Ghazizadeh Date: Mon, 16 Aug 2021 16:06:28 -0700 Subject: [PATCH 152/205] Update pkg/minikube/reason/known_issues.go Co-authored-by: Sharif Elgamal --- pkg/minikube/reason/known_issues.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/minikube/reason/known_issues.go b/pkg/minikube/reason/known_issues.go index c310f5e9af..8e8f70b778 100644 --- a/pkg/minikube/reason/known_issues.go +++ b/pkg/minikube/reason/known_issues.go @@ -179,7 +179,7 @@ var hostIssues = []match{ Kind: Kind{ ID: "HOST_CGROUP_NOT_SUPPORTED", ExitCode: ExHostUnsupported, - Advice: `CGroup allocation is not available in your environment, You are possibly running minikube in a nested container, try run with these options: + Advice: `CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running: minikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable="" From e0e890f7ae42e7411cbdd889bd42dc0d67a65347 Mon Sep 17 00:00:00 2001 From: Medya Ghazizadeh Date: Mon, 16 Aug 2021 16:08:58 -0700 Subject: [PATCH 153/205] update --- pkg/minikube/reason/known_issues.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/minikube/reason/known_issues.go b/pkg/minikube/reason/known_issues.go index 8e8f70b778..4df8f740f7 100644 --- a/pkg/minikube/reason/known_issues.go +++ b/pkg/minikube/reason/known_issues.go @@ -194,7 +194,7 @@ var hostIssues = []match{ Kind: Kind{ ID: "HOST_ROOT_CGROUP", ExitCode: ExHostUnsupported, - Advice: `CGroup allocation is not available in your environment, You are possibly running minikube in a nested container, try run with these options: + Advice: `CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running: minikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable="" From f94f9b8dd216decd4120e1a35cf7b157f6c0a49c Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Mon, 16 Aug 2021 23:11:37 +0000 Subject: [PATCH 154/205] Update auto-generated docs and translations --- translations/de.json | 2 ++ translations/es.json | 2 ++ translations/fr.json | 2 ++ translations/ja.json | 2 ++ translations/ko.json | 2 ++ translations/pl.json | 2 ++ translations/strings.txt | 2 ++ translations/zh-CN.json | 2 ++ 8 files changed, 16 insertions(+) diff --git a/translations/de.json b/translations/de.json index 7939370b14..c3840a59d1 100644 --- a/translations/de.json +++ b/translations/de.json @@ -68,6 +68,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "", "Build a container image in minikube": "", "Build a container image, using the container runtime.": "", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", diff --git a/translations/es.json b/translations/es.json index db2a072f24..e9ddccf717 100644 --- a/translations/es.json +++ b/translations/es.json @@ -69,6 +69,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "", "Build a container image in minikube": "", "Build a container image, using the container runtime.": "", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "Plug-in CNI para usar. Opciones validas: auto, bridge, calico, cilium, flannel, kindnet, o ruta a un manifiesto CNI (Por defecto: auto)", "Cache image from docker daemon": "", "Cache image from remote registry": "", diff --git a/translations/fr.json b/translations/fr.json index 82ccf25555..74552a86ac 100644 --- a/translations/fr.json +++ b/translations/fr.json @@ -70,6 +70,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "Le pont CNI est incompatible avec les clusters multi-nœuds, utilisez un autre CNI", "Build a container image in minikube": "Construire une image de conteneur dans minikube", "Build a container image, using the container runtime.": "Construire une image de conteneur à l'aide de l'environnement d'exécution du conteneur.", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "Plug-in CNI à utiliser. Options valides : auto, bridge, calico, cilium, flannel, kindnet ou chemin vers un manifeste CNI (par défaut : auto)", "Cache image from docker daemon": "Cacher l'image du démon docker", "Cache image from remote registry": "Cacher l'image du registre distant", diff --git a/translations/ja.json b/translations/ja.json index 1647f09dfc..c65e7a18d5 100644 --- a/translations/ja.json +++ b/translations/ja.json @@ -68,6 +68,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "", "Build a container image in minikube": "", "Build a container image, using the container runtime.": "", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", diff --git a/translations/ko.json b/translations/ko.json index ca9c9a9995..42c0c950e3 100644 --- a/translations/ko.json +++ b/translations/ko.json @@ -73,6 +73,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "", "Build a container image in minikube": "minikube 내 컨테이너 이미지를 빌드합니다", "Build a container image, using the container runtime.": "컨테이너 런타임을 사용하여 컨테이너 이미지를 빌드합니다.", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "도커 데몬의 캐시 이미지", "Cache image from remote registry": "원격 레지스트리의 캐시 이미지", diff --git a/translations/pl.json b/translations/pl.json index fe3f2b9ee8..8dc41f784b 100644 --- a/translations/pl.json +++ b/translations/pl.json @@ -70,6 +70,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "", "Build a container image in minikube": "Zbuduj obraz kontenera w minikube", "Build a container image, using the container runtime.": "Zbuduj obraz kontenera używając środowiska uruchomieniowego kontenera", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", diff --git a/translations/strings.txt b/translations/strings.txt index 9dfd494451..a1d230cbd6 100644 --- a/translations/strings.txt +++ b/translations/strings.txt @@ -64,6 +64,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "", "Build a container image in minikube": "", "Build a container image, using the container runtime.": "", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", diff --git a/translations/zh-CN.json b/translations/zh-CN.json index a62527de4b..67988fff6c 100644 --- a/translations/zh-CN.json +++ b/translations/zh-CN.json @@ -84,6 +84,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "", "Build a container image in minikube": "", "Build a container image, using the container runtime.": "", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", From aa90cfb57ff21741958c8899d3660c88c29eff8b Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Mon, 16 Aug 2021 16:19:47 -0700 Subject: [PATCH 155/205] Replace Math.min with destructuring with custom array min. --- hack/jenkins/test-flake-chart/flake_chart.js | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/hack/jenkins/test-flake-chart/flake_chart.js b/hack/jenkins/test-flake-chart/flake_chart.js index 494d9aee72..330caa7b09 100644 --- a/hack/jenkins/test-flake-chart/flake_chart.js +++ b/hack/jenkins/test-flake-chart/flake_chart.js @@ -158,6 +158,14 @@ async function loadTestData() { return [testData, responseDate]; } +Array.prototype.min = function() { + return this.reduce((acc, val) => Math.min(acc, val), Number.MAX_VALUE) +} + +Array.prototype.max = function() { + return this.reduce((acc, val) => Math.max(acc, val), -Number.MAX_VALUE) +} + Array.prototype.sum = function() { return this.reduce((sum, value) => sum + value, 0); }; @@ -297,8 +305,8 @@ function displayTestAndEnvironmentChart(testData, testName, environmentName) { } { const dates = testRuns.map(run => run.date.getTime()); - const startDate = new Date(Math.min(...dates)); - const endDate = new Date(Math.max(...dates)); + const startDate = new Date(dates.min()); + const endDate = new Date(dates.max()); const weekDates = []; let currentDate = startDate; @@ -502,8 +510,8 @@ function displayEnvironmentChart(testData, environmentName) { } { const dates = testData.map(run => run.date.getTime()); - const startDate = new Date(Math.min(...dates)); - const endDate = new Date(Math.max(...dates)); + const startDate = new Date(dates.min()); + const endDate = new Date(dates.max()); const weekDates = []; let currentDate = startDate; From 9ddf82aa2fefe6a870761f5f6cd9c303fba1e0c3 Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Mon, 16 Aug 2021 23:27:35 +0000 Subject: [PATCH 156/205] Update auto-generated docs and translations --- translations/de.json | 2 ++ translations/es.json | 2 ++ translations/fr.json | 2 ++ translations/ja.json | 2 ++ translations/ko.json | 2 ++ translations/pl.json | 2 ++ translations/strings.txt | 2 ++ translations/zh-CN.json | 2 ++ 8 files changed, 16 insertions(+) diff --git a/translations/de.json b/translations/de.json index 7939370b14..c3840a59d1 100644 --- a/translations/de.json +++ b/translations/de.json @@ -68,6 +68,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "", "Build a container image in minikube": "", "Build a container image, using the container runtime.": "", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", diff --git a/translations/es.json b/translations/es.json index db2a072f24..e9ddccf717 100644 --- a/translations/es.json +++ b/translations/es.json @@ -69,6 +69,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "", "Build a container image in minikube": "", "Build a container image, using the container runtime.": "", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "Plug-in CNI para usar. Opciones validas: auto, bridge, calico, cilium, flannel, kindnet, o ruta a un manifiesto CNI (Por defecto: auto)", "Cache image from docker daemon": "", "Cache image from remote registry": "", diff --git a/translations/fr.json b/translations/fr.json index 82ccf25555..74552a86ac 100644 --- a/translations/fr.json +++ b/translations/fr.json @@ -70,6 +70,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "Le pont CNI est incompatible avec les clusters multi-nœuds, utilisez un autre CNI", "Build a container image in minikube": "Construire une image de conteneur dans minikube", "Build a container image, using the container runtime.": "Construire une image de conteneur à l'aide de l'environnement d'exécution du conteneur.", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "Plug-in CNI à utiliser. Options valides : auto, bridge, calico, cilium, flannel, kindnet ou chemin vers un manifeste CNI (par défaut : auto)", "Cache image from docker daemon": "Cacher l'image du démon docker", "Cache image from remote registry": "Cacher l'image du registre distant", diff --git a/translations/ja.json b/translations/ja.json index 1647f09dfc..c65e7a18d5 100644 --- a/translations/ja.json +++ b/translations/ja.json @@ -68,6 +68,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "", "Build a container image in minikube": "", "Build a container image, using the container runtime.": "", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", diff --git a/translations/ko.json b/translations/ko.json index ca9c9a9995..42c0c950e3 100644 --- a/translations/ko.json +++ b/translations/ko.json @@ -73,6 +73,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "", "Build a container image in minikube": "minikube 내 컨테이너 이미지를 빌드합니다", "Build a container image, using the container runtime.": "컨테이너 런타임을 사용하여 컨테이너 이미지를 빌드합니다.", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "도커 데몬의 캐시 이미지", "Cache image from remote registry": "원격 레지스트리의 캐시 이미지", diff --git a/translations/pl.json b/translations/pl.json index fe3f2b9ee8..8dc41f784b 100644 --- a/translations/pl.json +++ b/translations/pl.json @@ -70,6 +70,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "", "Build a container image in minikube": "Zbuduj obraz kontenera w minikube", "Build a container image, using the container runtime.": "Zbuduj obraz kontenera używając środowiska uruchomieniowego kontenera", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", diff --git a/translations/strings.txt b/translations/strings.txt index 9dfd494451..a1d230cbd6 100644 --- a/translations/strings.txt +++ b/translations/strings.txt @@ -64,6 +64,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "", "Build a container image in minikube": "", "Build a container image, using the container runtime.": "", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", diff --git a/translations/zh-CN.json b/translations/zh-CN.json index a62527de4b..67988fff6c 100644 --- a/translations/zh-CN.json +++ b/translations/zh-CN.json @@ -84,6 +84,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "", "Build a container image in minikube": "", "Build a container image, using the container runtime.": "", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", From def3f067a8ee2ea74817e117dc7420e44f1fba49 Mon Sep 17 00:00:00 2001 From: Jack Zhang Date: Sun, 1 Aug 2021 19:23:39 +0800 Subject: [PATCH 157/205] Support Ingress on MacOS, driver docker --- cmd/minikube/cmd/tunnel.go | 2 +- pkg/addons/addons.go | 10 +---- pkg/minikube/out/out.go | 2 +- pkg/minikube/tunnel/kic/ssh_conn.go | 20 ++++----- pkg/minikube/tunnel/kic/ssh_tunnel.go | 58 ++++++++++++++++++++++++++- test/integration/addons_test.go | 5 +-- 6 files changed, 71 insertions(+), 26 deletions(-) diff --git a/cmd/minikube/cmd/tunnel.go b/cmd/minikube/cmd/tunnel.go index ffdd6cd8fb..8986a89f33 100644 --- a/cmd/minikube/cmd/tunnel.go +++ b/cmd/minikube/cmd/tunnel.go @@ -86,7 +86,7 @@ var tunnelCmd = &cobra.Command{ sshPort := strconv.Itoa(port) sshKey := filepath.Join(localpath.MiniPath(), "machines", cname, "id_rsa") - kicSSHTunnel := kic.NewSSHTunnel(ctx, sshPort, sshKey, clientset.CoreV1()) + kicSSHTunnel := kic.NewSSHTunnel(ctx, sshPort, sshKey, clientset.CoreV1(), clientset.NetworkingV1()) err = kicSSHTunnel.Start() if err != nil { exit.Error(reason.SvcTunnelStart, "error starting tunnel", err) diff --git a/pkg/addons/addons.go b/pkg/addons/addons.go index 6a00bb5423..ab39192932 100644 --- a/pkg/addons/addons.go +++ b/pkg/addons/addons.go @@ -153,16 +153,8 @@ func EnableOrDisableAddon(cc *config.ClusterConfig, name string, val string) err // to match both ingress and ingress-dns addons if strings.HasPrefix(name, "ingress") && enable { if driver.IsKIC(cc.Driver) { - if runtime.GOOS == "windows" { + if runtime.GOOS == "windows" || runtime.GOOS == "darwin" { out.Styled(style.Tip, `After the addon is enabled, please run "minikube tunnel" and your ingress resources would be available at "127.0.0.1"`) - } else if runtime.GOOS != "linux" { - exit.Message(reason.Usage, `Due to networking limitations of driver {{.driver_name}} on {{.os_name}}, {{.addon_name}} addon is not supported. -Alternatively to use this addon you can use a vm-based driver: - - 'minikube start --vm=true' - -To track the update on this work in progress feature please check: -https://github.com/kubernetes/minikube/issues/7332`, out.V{"driver_name": cc.Driver, "os_name": runtime.GOOS, "addon_name": name}) } else if driver.BareMetal(cc.Driver) { out.WarningT(`Due to networking limitations of driver {{.driver_name}}, {{.addon_name}} addon is not fully supported. Try using a different driver.`, out.V{"driver_name": cc.Driver, "addon_name": name}) diff --git a/pkg/minikube/out/out.go b/pkg/minikube/out/out.go index 738864c068..4706f9a706 100644 --- a/pkg/minikube/out/out.go +++ b/pkg/minikube/out/out.go @@ -118,7 +118,7 @@ func Styled(st style.Enum, format string, a ...V) { func boxedCommon(printFunc func(format string, a ...interface{}), cfg box.Config, title string, format string, a ...V) { box := box.New(cfg) if !useColor { - box.Config.Color = "" + box.Config.Color = nil } str := Sprintf(style.None, format, a...) printFunc(box.String(title, strings.TrimSpace(str))) diff --git a/pkg/minikube/tunnel/kic/ssh_conn.go b/pkg/minikube/tunnel/kic/ssh_conn.go index 35b1abac02..2dc1c21310 100644 --- a/pkg/minikube/tunnel/kic/ssh_conn.go +++ b/pkg/minikube/tunnel/kic/ssh_conn.go @@ -36,7 +36,7 @@ type sshConn struct { activeConn bool } -func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn { +func createSSHConn(name, sshPort, sshKey string, resourcePorts []int32, resourceIP string, resourceName string) *sshConn { // extract sshArgs sshArgs := []string{ // TODO: document the options here @@ -50,17 +50,17 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn { askForSudo := false var privilegedPorts []int32 - for _, port := range svc.Spec.Ports { + for _, port := range resourcePorts { arg := fmt.Sprintf( "-L %d:%s:%d", - port.Port, - svc.Spec.ClusterIP, - port.Port, + port, + resourceIP, + port, ) // check if any port is privileged - if port.Port < 1024 { - privilegedPorts = append(privilegedPorts, port.Port) + if port < 1024 { + privilegedPorts = append(privilegedPorts, port) askForSudo = true } @@ -71,8 +71,8 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn { if askForSudo && runtime.GOOS != "windows" { out.Styled( style.Warning, - "The service {{.service}} requires privileged ports to be exposed: {{.ports}}", - out.V{"service": svc.Name, "ports": fmt.Sprintf("%v", privilegedPorts)}, + "The service/ingress {{.resource}} requires privileged ports to be exposed: {{.ports}}", + out.V{"resource": resourceName, "ports": fmt.Sprintf("%v", privilegedPorts)}, ) out.Styled(style.Permissions, "sudo permission will be asked for it.") @@ -89,7 +89,7 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn { return &sshConn{ name: name, - service: svc.Name, + service: resourceName, cmd: cmd, activeConn: false, } diff --git a/pkg/minikube/tunnel/kic/ssh_tunnel.go b/pkg/minikube/tunnel/kic/ssh_tunnel.go index 9fcd6446a2..dafa3f94a9 100644 --- a/pkg/minikube/tunnel/kic/ssh_tunnel.go +++ b/pkg/minikube/tunnel/kic/ssh_tunnel.go @@ -23,8 +23,10 @@ import ( "time" v1 "k8s.io/api/core/v1" + v1_networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" typed_core "k8s.io/client-go/kubernetes/typed/core/v1" + typed_networking "k8s.io/client-go/kubernetes/typed/networking/v1" "k8s.io/klog/v2" "k8s.io/minikube/pkg/minikube/tunnel" @@ -36,19 +38,21 @@ type SSHTunnel struct { sshPort string sshKey string v1Core typed_core.CoreV1Interface + v1Networking typed_networking.NetworkingV1Interface LoadBalancerEmulator tunnel.LoadBalancerEmulator conns map[string]*sshConn connsToStop map[string]*sshConn } // NewSSHTunnel ... -func NewSSHTunnel(ctx context.Context, sshPort, sshKey string, v1Core typed_core.CoreV1Interface) *SSHTunnel { +func NewSSHTunnel(ctx context.Context, sshPort, sshKey string, v1Core typed_core.CoreV1Interface, v1Networking typed_networking.NetworkingV1Interface) *SSHTunnel { return &SSHTunnel{ ctx: ctx, sshPort: sshPort, sshKey: sshKey, v1Core: v1Core, LoadBalancerEmulator: tunnel.NewLoadBalancerEmulator(v1Core), + v1Networking: v1Networking, conns: make(map[string]*sshConn), connsToStop: make(map[string]*sshConn), } @@ -73,6 +77,11 @@ func (t *SSHTunnel) Start() error { klog.Errorf("error listing services: %v", err) } + ingresses, err := t.v1Networking.Ingresses("").List(context.Background(), metav1.ListOptions{}) + if err != nil { + klog.Errorf("error listing ingresses: %v", err) + } + t.markConnectionsToBeStopped() for _, svc := range services.Items { @@ -81,6 +90,10 @@ func (t *SSHTunnel) Start() error { } } + for _, ingress := range ingresses.Items { + t.startConnectionIngress(ingress) + } + t.stopMarkedConnections() // TODO: which time to use? @@ -104,8 +117,14 @@ func (t *SSHTunnel) startConnection(svc v1.Service) { return } + resourcePorts := []int32{} + + for _, port := range svc.Spec.Ports { + resourcePorts = append(resourcePorts, port.Port) + } + // create new ssh conn - newSSHConn := createSSHConn(uniqName, t.sshPort, t.sshKey, &svc) + newSSHConn := createSSHConn(uniqName, t.sshPort, t.sshKey, resourcePorts, svc.Spec.ClusterIP, svc.Name) t.conns[newSSHConn.name] = newSSHConn go func() { @@ -121,6 +140,31 @@ func (t *SSHTunnel) startConnection(svc v1.Service) { } } +func (t *SSHTunnel) startConnectionIngress(ingress v1_networking.Ingress) { + uniqName := sshConnUniqNameIngress(ingress) + existingSSHConn, ok := t.conns[uniqName] + + if ok { + // if the svc still exist we remove the conn from the stopping list + delete(t.connsToStop, existingSSHConn.name) + return + } + + resourcePorts := []int32{80, 443} + resourceIP := "127.0.0.1" + + // create new ssh conn + newSSHConn := createSSHConn(uniqName, t.sshPort, t.sshKey, resourcePorts, resourceIP, ingress.Name) + t.conns[newSSHConn.name] = newSSHConn + + go func() { + err := newSSHConn.startAndWait() + if err != nil { + klog.Errorf("error starting ssh tunnel: %v", err) + } + }() +} + func (t *SSHTunnel) stopActiveConnections() { for _, conn := range t.conns { err := conn.stop() @@ -157,3 +201,13 @@ func sshConnUniqName(service v1.Service) string { return strings.Join(n, "") } + +func sshConnUniqNameIngress(ingress v1_networking.Ingress) string { + n := []string{ingress.Name} + + for _, rule := range ingress.Spec.Rules { + n = append(n, rule.Host) + } + + return strings.Join(n, "") +} diff --git a/test/integration/addons_test.go b/test/integration/addons_test.go index 1d3115d229..62dfd5339c 100644 --- a/test/integration/addons_test.go +++ b/test/integration/addons_test.go @@ -29,7 +29,6 @@ import ( "os/exec" "path/filepath" "reflect" - "runtime" "strings" "testing" "time" @@ -68,7 +67,7 @@ func TestAddons(t *testing.T) { } args := append([]string{"start", "-p", profile, "--wait=true", "--memory=4000", "--alsologtostderr", "--addons=registry", "--addons=metrics-server", "--addons=olm", "--addons=volumesnapshots", "--addons=csi-hostpath-driver"}, StartArgs()...) - if !NoneDriver() && !(runtime.GOOS == "darwin" && KicDriver()) { // none driver and macos docker driver does not support ingress + if !NoneDriver() { // none driver does not support ingress args = append(args, "--addons=ingress") } if !arm64Platform() { @@ -155,7 +154,7 @@ func TestAddons(t *testing.T) { // validateIngressAddon tests the ingress addon by deploying a default nginx pod func validateIngressAddon(ctx context.Context, t *testing.T, profile string) { defer PostMortemLogs(t, profile) - if NoneDriver() || (runtime.GOOS == "darwin" && KicDriver()) { + if NoneDriver() { t.Skipf("skipping: ingress not supported ") } From 7e3d874265afbe7c12326d43034e9c83a78387fd Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Tue, 17 Aug 2021 09:37:52 -0700 Subject: [PATCH 158/205] Display date in a better format, since old format reported time of 0:00 am --- hack/jenkins/test-flake-chart/flake_chart.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/hack/jenkins/test-flake-chart/flake_chart.js b/hack/jenkins/test-flake-chart/flake_chart.js index 330caa7b09..f044e9fe10 100644 --- a/hack/jenkins/test-flake-chart/flake_chart.js +++ b/hack/jenkins/test-flake-chart/flake_chart.js @@ -264,14 +264,14 @@ function displayTestAndEnvironmentChart(testData, testName, environmentName) { groupData.date, groupData.flakeRate, `
              - ${groupData.date.toString()}
              + Date: ${groupData.date.toLocaleString([], {dateStyle: 'medium'})}
              Flake Percentage: ${groupData.flakeRate.toFixed(2)}%
              Jobs:
              ${groupData.jobs.map(({ id, status }) => ` - ${id} (${status})`).join("
              ")}
              `, groupData.duration, `
              - ${groupData.date.toString()}
              + Date: ${groupData.date.toLocaleString([], {dateStyle: 'medium'})}
              Average Duration: ${groupData.duration.toFixed(2)}s
              Jobs:
              ${groupData.jobs.map(({ id, duration }) => ` - ${id} (${duration}s)`).join("
              ")} @@ -340,14 +340,14 @@ function displayTestAndEnvironmentChart(testData, testName, environmentName) { groupData.date, groupData.flakeRate, `
              - ${groupData.date.toString()}
              + Date: ${groupData.date.toLocaleString([], {dateStyle: 'medium'})}
              Flake Percentage: ${groupData.flakeRate.toFixed(2)}%
              Jobs:
              ${groupData.jobs.map(({ id, status }) => ` - ${id} (${status})`).join("
              ")}
              `, groupData.duration, `
              - ${groupData.date.toString()}
              + Date: ${groupData.date.toLocaleString([], {dateStyle: 'medium'})}
              Average Duration: ${groupData.duration.toFixed(2)}s
              Jobs:
              ${groupData.jobs.map(({ id, duration }) => ` - ${id} (${duration}s)`).join("
              ")} @@ -482,7 +482,7 @@ function displayEnvironmentChart(testData, environmentName) { data.flakeRate, `
              ${name}
              - ${data.date.toString()}
              + Date: ${data.date.toLocaleString([], {dateStyle: 'medium'})}
              Flake Percentage: ${data.flakeRate.toFixed(2)}%
              Jobs:
              ${data.jobs.map(({ id, status }) => ` - ${id} (${status})`).join("
              ")} @@ -559,7 +559,7 @@ function displayEnvironmentChart(testData, environmentName) { data.flakeRate, `
              ${name}
              - ${data.date.toString()}
              + Date: ${data.date.toLocaleString([], {dateStyle: 'medium'})}
              Flake Percentage: ${data.flakeRate.toFixed(2)}%
              Jobs:
              ${data.jobs.map(({ id, status }) => ` - ${id} (${status})`).join("
              ")} @@ -619,14 +619,14 @@ function displayEnvironmentChart(testData, environmentName) { dateInfo.date, dateInfo.testCount, `
              - ${dateInfo.date.toString()}
              + Date: ${dateInfo.date.toLocaleString([], {dateStyle: 'medium'})}
              Test Count (averaged): ${+dateInfo.testCount.toFixed(2)}
              Jobs:
              ${dateInfo.runInfo.map(job => ` - ${job.rootJob} Test count: ${job.testCount}`).join("
              ")}
              `, dateInfo.totalDuration, `
              - ${dateInfo.date.toString()}
              + Date: ${dateInfo.date.toLocaleString([], {dateStyle: 'medium'})}
              Total Duration (averaged): ${+dateInfo.totalDuration.toFixed(2)}
              Jobs:
              ${dateInfo.runInfo.map(job => ` - ${job.rootJob} Total Duration: ${+job.totalDuration.toFixed(2)}s`).join("
              ")} From eebbad09780bb812043b7f43319e01b1f3060919 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Tue, 17 Aug 2021 14:06:52 -0700 Subject: [PATCH 159/205] fix unit tests by comparing json structs --- pkg/minikube/out/out_reason_test.go | 21 +++++++--- pkg/minikube/out/register/json_test.go | 47 +++++++++++++--------- pkg/minikube/out/register/register_test.go | 7 ++-- 3 files changed, 48 insertions(+), 27 deletions(-) diff --git a/pkg/minikube/out/out_reason_test.go b/pkg/minikube/out/out_reason_test.go index 1a327d3a7c..33d47e6a60 100644 --- a/pkg/minikube/out/out_reason_test.go +++ b/pkg/minikube/out/out_reason_test.go @@ -18,7 +18,9 @@ package out import ( "bytes" + "encoding/json" "os" + "reflect" "strings" "testing" @@ -86,7 +88,7 @@ func TestDisplayProblem(t *testing.T) { } } -func TestDisplayJSON(t *testing.T) { +func TestDisplayProblemJSON(t *testing.T) { defer SetJSON(false) SetJSON(true) @@ -96,7 +98,6 @@ func TestDisplayJSON(t *testing.T) { }{ { k: &reason.Kind{ - ID: "BUG", ExitCode: 4, Advice: "fix me!", @@ -117,10 +118,20 @@ func TestDisplayJSON(t *testing.T) { return "random-id" } - JSON = true Error(*tc.k, "my error") - actual := buf.String() - if actual != tc.expected { + actual := buf.Bytes() + + var actualJSON struct{} + var expectedJSON struct{} + err := json.Unmarshal(actual, &actualJSON) + if err != nil { + t.Fatalf("error unmarshalling actual: %v", err) + } + err = json.Unmarshal([]byte(tc.expected), &expectedJSON) + if err != nil { + t.Fatalf("error unmarshalling expected: %v", err) + } + if !reflect.DeepEqual(expectedJSON, actualJSON) { t.Fatalf("expected didn't match actual:\nExpected:\n%v\n\nActual:\n%v", tc.expected, actual) } }) diff --git a/pkg/minikube/out/register/json_test.go b/pkg/minikube/out/register/json_test.go index c1fb1c55ee..e48e1fd564 100644 --- a/pkg/minikube/out/register/json_test.go +++ b/pkg/minikube/out/register/json_test.go @@ -18,8 +18,10 @@ package register import ( "bytes" + "encoding/json" "fmt" "os" + "reflect" "testing" ) @@ -39,11 +41,9 @@ func TestPrintStep(t *testing.T) { } PrintStep("message") - actual := buf.String() + actual := buf.Bytes() - if actual != expected { - t.Fatalf("expected didn't match actual:\nExpected:\n%v\n\nActual:\n%v", expected, actual) - } + CompareJSON(t, actual, []byte(expected)) } func TestPrintInfo(t *testing.T) { @@ -59,11 +59,10 @@ func TestPrintInfo(t *testing.T) { } PrintInfo("info") - actual := buf.String() + actual := buf.Bytes() + + CompareJSON(t, actual, []byte(expected)) - if actual != expected { - t.Fatalf("expected didn't match actual:\nExpected:\n%v\n\nActual:\n%v", expected, actual) - } } func TestError(t *testing.T) { @@ -79,11 +78,9 @@ func TestError(t *testing.T) { } PrintError("error") - actual := buf.String() + actual := buf.Bytes() - if actual != expected { - t.Fatalf("expected didn't match actual:\nExpected:\n%v\n\nActual:\n%v", expected, actual) - } + CompareJSON(t, actual, []byte(expected)) } func TestErrorExitCode(t *testing.T) { @@ -99,10 +96,9 @@ func TestErrorExitCode(t *testing.T) { } PrintErrorExitCode("error", 5, map[string]string{"a": "b"}, map[string]string{"c": "d"}) - actual := buf.String() - if actual != expected { - t.Fatalf("expected didn't match actual:\nExpected:\n%v\n\nActual:\n%v", expected, actual) - } + actual := buf.Bytes() + + CompareJSON(t, actual, []byte(expected)) } func TestWarning(t *testing.T) { @@ -118,9 +114,24 @@ func TestWarning(t *testing.T) { } PrintWarning("warning") - actual := buf.String() + actual := buf.Bytes() - if actual != expected { + CompareJSON(t, actual, []byte(expected)) +} + +// CompareJSON compares the structs of actual and expected instead of just the strings +func CompareJSON(t *testing.T, actual []byte, expected []byte) { + var actualJSON struct{} + var expectedJSON struct{} + err := json.Unmarshal(actual, &actualJSON) + if err != nil { + t.Fatalf("error unmarshalling actual: %v", err) + } + err = json.Unmarshal(expected, &expectedJSON) + if err != nil { + t.Fatalf("error unmarshalling expected: %v", err) + } + if !reflect.DeepEqual(expectedJSON, actualJSON) { t.Fatalf("expected didn't match actual:\nExpected:\n%v\n\nActual:\n%v", expected, actual) } } diff --git a/pkg/minikube/out/register/register_test.go b/pkg/minikube/out/register/register_test.go index e9b5a74c7f..9c831e8e58 100644 --- a/pkg/minikube/out/register/register_test.go +++ b/pkg/minikube/out/register/register_test.go @@ -42,9 +42,8 @@ func TestSetCurrentStep(t *testing.T) { } PrintStep("message") - actual := buf.String() + actual := buf.Bytes() - if actual != expected { - t.Fatalf("expected didn't match actual:\nExpected:\n%v\n\nActual:\n%v", expected, actual) - } + // Unmarshal both strings to JSON and compare the structs + CompareJSON(t, actual, []byte(expected)) } From 5c2f2c888f33afcc00f0d4f248a1eaa82480e085 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Thu, 19 Aug 2021 16:13:12 -0700 Subject: [PATCH 160/205] fix unit tests by comparing JSON structs --- pkg/minikube/out/out_reason_test.go | 12 +++--- pkg/minikube/out/register/json_test.go | 33 ++++++-------- pkg/minikube/out/register/register_test.go | 8 ++-- pkg/minikube/tests/json_utils.go | 50 ++++++++++++++++++++++ 4 files changed, 72 insertions(+), 31 deletions(-) create mode 100644 pkg/minikube/tests/json_utils.go diff --git a/pkg/minikube/out/out_reason_test.go b/pkg/minikube/out/out_reason_test.go index 1a327d3a7c..8467961fd4 100644 --- a/pkg/minikube/out/out_reason_test.go +++ b/pkg/minikube/out/out_reason_test.go @@ -24,6 +24,7 @@ import ( "k8s.io/minikube/pkg/minikube/out/register" "k8s.io/minikube/pkg/minikube/reason" + "k8s.io/minikube/pkg/minikube/tests" ) type buffFd struct { @@ -86,7 +87,7 @@ func TestDisplayProblem(t *testing.T) { } } -func TestDisplayJSON(t *testing.T) { +func TestDisplayProblemJSON(t *testing.T) { defer SetJSON(false) SetJSON(true) @@ -96,7 +97,6 @@ func TestDisplayJSON(t *testing.T) { }{ { k: &reason.Kind{ - ID: "BUG", ExitCode: 4, Advice: "fix me!", @@ -117,12 +117,10 @@ func TestDisplayJSON(t *testing.T) { return "random-id" } - JSON = true Error(*tc.k, "my error") - actual := buf.String() - if actual != tc.expected { - t.Fatalf("expected didn't match actual:\nExpected:\n%v\n\nActual:\n%v", tc.expected, actual) - } + actual := buf.Bytes() + + tests.CompareJSON(t, actual, []byte(tc.expected)) }) } } diff --git a/pkg/minikube/out/register/json_test.go b/pkg/minikube/out/register/json_test.go index c1fb1c55ee..738906673d 100644 --- a/pkg/minikube/out/register/json_test.go +++ b/pkg/minikube/out/register/json_test.go @@ -21,6 +21,8 @@ import ( "fmt" "os" "testing" + + "k8s.io/minikube/pkg/minikube/tests" ) func TestPrintStep(t *testing.T) { @@ -39,11 +41,9 @@ func TestPrintStep(t *testing.T) { } PrintStep("message") - actual := buf.String() + actual := buf.Bytes() - if actual != expected { - t.Fatalf("expected didn't match actual:\nExpected:\n%v\n\nActual:\n%v", expected, actual) - } + tests.CompareJSON(t, actual, []byte(expected)) } func TestPrintInfo(t *testing.T) { @@ -59,11 +59,9 @@ func TestPrintInfo(t *testing.T) { } PrintInfo("info") - actual := buf.String() + actual := buf.Bytes() - if actual != expected { - t.Fatalf("expected didn't match actual:\nExpected:\n%v\n\nActual:\n%v", expected, actual) - } + tests.CompareJSON(t, actual, []byte(expected)) } func TestError(t *testing.T) { @@ -79,11 +77,9 @@ func TestError(t *testing.T) { } PrintError("error") - actual := buf.String() + actual := buf.Bytes() - if actual != expected { - t.Fatalf("expected didn't match actual:\nExpected:\n%v\n\nActual:\n%v", expected, actual) - } + tests.CompareJSON(t, actual, []byte(expected)) } func TestErrorExitCode(t *testing.T) { @@ -99,10 +95,9 @@ func TestErrorExitCode(t *testing.T) { } PrintErrorExitCode("error", 5, map[string]string{"a": "b"}, map[string]string{"c": "d"}) - actual := buf.String() - if actual != expected { - t.Fatalf("expected didn't match actual:\nExpected:\n%v\n\nActual:\n%v", expected, actual) - } + actual := buf.Bytes() + + tests.CompareJSON(t, actual, []byte(expected)) } func TestWarning(t *testing.T) { @@ -118,9 +113,7 @@ func TestWarning(t *testing.T) { } PrintWarning("warning") - actual := buf.String() + actual := buf.Bytes() - if actual != expected { - t.Fatalf("expected didn't match actual:\nExpected:\n%v\n\nActual:\n%v", expected, actual) - } + tests.CompareJSON(t, actual, []byte(expected)) } diff --git a/pkg/minikube/out/register/register_test.go b/pkg/minikube/out/register/register_test.go index e9b5a74c7f..bcada4c351 100644 --- a/pkg/minikube/out/register/register_test.go +++ b/pkg/minikube/out/register/register_test.go @@ -21,6 +21,8 @@ import ( "fmt" "os" "testing" + + "k8s.io/minikube/pkg/minikube/tests" ) func TestSetCurrentStep(t *testing.T) { @@ -42,9 +44,7 @@ func TestSetCurrentStep(t *testing.T) { } PrintStep("message") - actual := buf.String() + actual := buf.Bytes() - if actual != expected { - t.Fatalf("expected didn't match actual:\nExpected:\n%v\n\nActual:\n%v", expected, actual) - } + tests.CompareJSON(t, actual, []byte(expected)) } diff --git a/pkg/minikube/tests/json_utils.go b/pkg/minikube/tests/json_utils.go new file mode 100644 index 0000000000..5ea9455ee8 --- /dev/null +++ b/pkg/minikube/tests/json_utils.go @@ -0,0 +1,50 @@ +/* +Copyright 2021 The Kubernetes Authors All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package tests + +import ( + "encoding/json" + "reflect" + "testing" +) + +type TestEvent struct { + Data map[string]string `json:"data"` + Datacontenttype string `json:"datacontenttype"` + ID string `json:"id"` + Source string `json:"source"` + Specversion string `json:"specversion"` + Eventtype string `json:"type"` +} + +func CompareJSON(t *testing.T, actual, expected []byte) { + var actualJSON, expectedJSON TestEvent + + err := json.Unmarshal(actual, &actualJSON) + if err != nil { + t.Fatalf("error unmarshalling json: %v", err) + } + + err = json.Unmarshal(expected, &expectedJSON) + if err != nil { + t.Fatalf("error unmarshalling json: %v", err) + } + + if !reflect.DeepEqual(actualJSON, expectedJSON) { + t.Fatalf("expected didn't match actual:\nExpected:\n%v\n\nActual:\n%v", expected, actual) + } +} From ee28862f2941dcd750a258e3dae075f40b653026 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Thu, 19 Aug 2021 16:31:40 -0700 Subject: [PATCH 161/205] add comments --- pkg/minikube/tests/json_utils.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/minikube/tests/json_utils.go b/pkg/minikube/tests/json_utils.go index 5ea9455ee8..db1b3c3882 100644 --- a/pkg/minikube/tests/json_utils.go +++ b/pkg/minikube/tests/json_utils.go @@ -22,6 +22,7 @@ import ( "testing" ) +// TestEvent simulates a CloudEvent for our JSON output type TestEvent struct { Data map[string]string `json:"data"` Datacontenttype string `json:"datacontenttype"` @@ -31,6 +32,8 @@ type TestEvent struct { Eventtype string `json:"type"` } +// CompareJSON takes two byte slices, unmarshals them to TestEvent +// and compares them, failing the test if they don't match func CompareJSON(t *testing.T, actual, expected []byte) { var actualJSON, expectedJSON TestEvent From daff8762beab1a191f34000b004cb9cc6a35cb45 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Thu, 19 Aug 2021 17:25:42 -0700 Subject: [PATCH 162/205] add extra config for cloud shell start --- test/integration/start_stop_delete_test.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/test/integration/start_stop_delete_test.go b/test/integration/start_stop_delete_test.go index c756965d03..8a6da71577 100644 --- a/test/integration/start_stop_delete_test.go +++ b/test/integration/start_stop_delete_test.go @@ -83,7 +83,10 @@ func TestStartStop(t *testing.T) { version string args []string }{ - {"cloud-shell", constants.DefaultKubernetesVersion, []string{}}, + {"cloud-shell", constants.DefaultKubernetesVersion, []string{ + "--extra-config=kubelet.cgroups-per-qos=false", + "--extra-config=kubelet.enforce-node-allocatable=\"\"", + }}, } } From f8b9b884250ff888ae80930d7029506af5eff5e7 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Fri, 20 Aug 2021 11:03:44 -0700 Subject: [PATCH 163/205] pause each container separately --- pkg/minikube/cruntime/cri.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/minikube/cruntime/cri.go b/pkg/minikube/cruntime/cri.go index f4a223388c..d1d2857e89 100644 --- a/pkg/minikube/cruntime/cri.go +++ b/pkg/minikube/cruntime/cri.go @@ -134,9 +134,8 @@ func pauseCRIContainers(cr CommandRunner, root string, ids []string) error { args = append(args, "--root", root) } args = append(args, "pause") - cargs := args for _, id := range ids { - cargs = append(cargs, id) + cargs := append(args, id) if _, err := cr.RunCmd(exec.Command("sudo", cargs...)); err != nil { return errors.Wrap(err, "runc") } From b6bbf9fd4bc58ebbb9232104743ddb8785be6c79 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Fri, 20 Aug 2021 11:21:07 -0700 Subject: [PATCH 164/205] fix lint --- pkg/minikube/cruntime/cri.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/minikube/cruntime/cri.go b/pkg/minikube/cruntime/cri.go index d1d2857e89..0d88580da2 100644 --- a/pkg/minikube/cruntime/cri.go +++ b/pkg/minikube/cruntime/cri.go @@ -135,8 +135,8 @@ func pauseCRIContainers(cr CommandRunner, root string, ids []string) error { } args = append(args, "pause") for _, id := range ids { - cargs := append(args, id) - if _, err := cr.RunCmd(exec.Command("sudo", cargs...)); err != nil { + args := append(args, id) + if _, err := cr.RunCmd(exec.Command("sudo", args...)); err != nil { return errors.Wrap(err, "runc") } } From 2f094d117d29ab001d17952dcea22c3134b387e4 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Fri, 20 Aug 2021 11:35:15 -0700 Subject: [PATCH 165/205] Use WSL VM IP for mounting in WSL. --- cmd/minikube/cmd/mount.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/cmd/minikube/cmd/mount.go b/cmd/minikube/cmd/mount.go index d1908b0e63..c658febf06 100644 --- a/cmd/minikube/cmd/mount.go +++ b/cmd/minikube/cmd/mount.go @@ -31,6 +31,7 @@ import ( "github.com/spf13/cobra" "k8s.io/klog/v2" "k8s.io/minikube/pkg/minikube/cluster" + "k8s.io/minikube/pkg/minikube/detect" "k8s.io/minikube/pkg/minikube/driver" "k8s.io/minikube/pkg/minikube/exit" "k8s.io/minikube/pkg/minikube/mustload" @@ -111,7 +112,18 @@ var mountCmd = &cobra.Command{ var ip net.IP var err error if mountIP == "" { - ip, err = cluster.HostIP(co.CP.Host, co.Config.Name) + if detect.IsMicrosoftWSL() { + ip, err = func() (net.IP, error) { + conn, err := net.Dial("udp", "8.8.8.8:80") + defer conn.Close() + if err != nil { + return nil, err + } + return conn.LocalAddr().(*net.UDPAddr).IP, nil + }() + } else { + ip, err = cluster.HostIP(co.CP.Host, co.Config.Name) + } if err != nil { exit.Error(reason.IfHostIP, "Error getting the host IP address to use from within the VM", err) } From 47afdc87dfe5320840c3e8de757438950823350b Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Fri, 20 Aug 2021 11:38:57 -0700 Subject: [PATCH 166/205] Add logging message incase someone tries to debug. --- cmd/minikube/cmd/mount.go | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/minikube/cmd/mount.go b/cmd/minikube/cmd/mount.go index c658febf06..6b43f8c080 100644 --- a/cmd/minikube/cmd/mount.go +++ b/cmd/minikube/cmd/mount.go @@ -113,6 +113,7 @@ var mountCmd = &cobra.Command{ var err error if mountIP == "" { if detect.IsMicrosoftWSL() { + klog.Infof("Selecting IP for WSL. This may be incorrect...") ip, err = func() (net.IP, error) { conn, err := net.Dial("udp", "8.8.8.8:80") defer conn.Close() From 405235908d4cbf228f97fa285854d36f15a40f87 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Fri, 20 Aug 2021 15:06:24 -0700 Subject: [PATCH 167/205] Fix lint. --- cmd/minikube/cmd/mount.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/minikube/cmd/mount.go b/cmd/minikube/cmd/mount.go index 6b43f8c080..1bc8dfb4f3 100644 --- a/cmd/minikube/cmd/mount.go +++ b/cmd/minikube/cmd/mount.go @@ -116,10 +116,10 @@ var mountCmd = &cobra.Command{ klog.Infof("Selecting IP for WSL. This may be incorrect...") ip, err = func() (net.IP, error) { conn, err := net.Dial("udp", "8.8.8.8:80") - defer conn.Close() if err != nil { return nil, err } + defer conn.Close() return conn.LocalAddr().(*net.UDPAddr).IP, nil }() } else { From 32f0a138dc93995a910b277d023d0779ea24d269 Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Fri, 20 Aug 2021 22:18:39 +0000 Subject: [PATCH 168/205] Update auto-generated docs and translations --- translations/de.json | 6 ++++-- translations/es.json | 5 ++++- translations/fr.json | 4 ++++ translations/ja.json | 6 ++++-- translations/ko.json | 6 ++++-- translations/pl.json | 6 ++++-- translations/strings.txt | 6 ++++-- translations/zh-CN.json | 6 ++++-- 8 files changed, 32 insertions(+), 13 deletions(-) diff --git a/translations/de.json b/translations/de.json index c3840a59d1..d9327c7d5d 100644 --- a/translations/de.json +++ b/translations/de.json @@ -17,6 +17,7 @@ "- {{.logPath}}": "", "--kvm-numa-count range is 1-8": "", "--network flag is only valid with the docker/podman and KVM drivers, it will be ignored": "", + "127.0.0.1": "", "\u003ctarget file absolute path\u003e must be an absolute Path. Relative Path is not allowed (example: \"/home/docker/copied.txt\")": "", "==\u003e Audit \u003c==": "", "==\u003e Last Start \u003c==": "", @@ -153,7 +154,6 @@ "Downloading Kubernetes {{.version}} preload ...": "", "Downloading VM boot image ...": "", "Downloading driver {{.driver}}:": "", - "Due to networking limitations of driver {{.driver_name}} on {{.os_name}}, {{.addon_name}} addon is not supported.\nAlternatively to use this addon you can use a vm-based driver:\n\n\t'minikube start --vm=true'\n\nTo track the update on this work in progress feature please check:\nhttps://github.com/kubernetes/minikube/issues/7332": "", "Due to networking limitations of driver {{.driver_name}}, {{.addon_name}} addon is not fully supported. Try using a different driver.": "", "ERROR creating `registry-creds-acr` secret": "", "ERROR creating `registry-creds-dpr` secret": "", @@ -402,6 +402,7 @@ "Number of extra disks created and attached to the minikube VM (currently only implemented for hyperkit driver)": "", "Number of lines back to go within the log": "", "OS release is {{.pretty_name}}": "", + "One of 'text', 'yaml' or 'json'.": "", "One of 'yaml' or 'json'.": "", "Only alphanumeric and dashes '-' are permitted. Minimum 1 character, starting with alphanumeric.": "", "Only alphanumeric and dashes '-' are permitted. Minimum 2 characters, starting with alphanumeric.": "", @@ -661,7 +662,7 @@ "The podman-env command is incompatible with multi-node clusters. Use the 'registry' add-on: https://minikube.sigs.k8s.io/docs/handbook/registry/": "", "The requested memory allocation of {{.requested}}MiB does not leave room for system overhead (total system memory: {{.system_limit}}MiB). You may face stability issues.": "", "The service namespace": "", - "The service {{.service}} requires privileged ports to be exposed: {{.ports}}": "", + "The service/ingress {{.resource}} requires privileged ports to be exposed: {{.ports}}": "", "The services namespace": "", "The time interval for each check that wait performs in seconds": "", "The value passed to --format is invalid": "", @@ -848,6 +849,7 @@ "error provisioning guest": "", "error starting tunnel": "", "error stopping tunnel": "", + "error: --output must be 'text', 'yaml' or 'json'": "", "error: --output must be 'yaml' or 'json'": "", "experimental": "", "failed to add node": "", diff --git a/translations/es.json b/translations/es.json index e9ddccf717..2b00fa95ad 100644 --- a/translations/es.json +++ b/translations/es.json @@ -18,6 +18,7 @@ "- {{.logPath}}": "", "--kvm-numa-count range is 1-8": "", "--network flag is only valid with the docker/podman and KVM drivers, it will be ignored": "", + "127.0.0.1": "", "\u003ctarget file absolute path\u003e must be an absolute Path. Relative Path is not allowed (example: \"/home/docker/copied.txt\")": "", "==\u003e Audit \u003c==": "", "==\u003e Last Start \u003c==": "", @@ -407,6 +408,7 @@ "Number of extra disks created and attached to the minikube VM (currently only implemented for hyperkit driver)": "", "Number of lines back to go within the log": "", "OS release is {{.pretty_name}}": "", + "One of 'text', 'yaml' or 'json'.": "", "One of 'yaml' or 'json'.": "", "Only alphanumeric and dashes '-' are permitted. Minimum 1 character, starting with alphanumeric.": "", "Only alphanumeric and dashes '-' are permitted. Minimum 2 characters, starting with alphanumeric.": "", @@ -666,7 +668,7 @@ "The podman-env command is incompatible with multi-node clusters. Use the 'registry' add-on: https://minikube.sigs.k8s.io/docs/handbook/registry/": "", "The requested memory allocation of {{.requested}}MiB does not leave room for system overhead (total system memory: {{.system_limit}}MiB). You may face stability issues.": "", "The service namespace": "", - "The service {{.service}} requires privileged ports to be exposed: {{.ports}}": "", + "The service/ingress {{.resource}} requires privileged ports to be exposed: {{.ports}}": "", "The services namespace": "", "The time interval for each check that wait performs in seconds": "", "The value passed to --format is invalid": "", @@ -853,6 +855,7 @@ "error provisioning guest": "", "error starting tunnel": "", "error stopping tunnel": "", + "error: --output must be 'text', 'yaml' or 'json'": "", "error: --output must be 'yaml' or 'json'": "", "experimental": "", "failed to add node": "", diff --git a/translations/fr.json b/translations/fr.json index 74552a86ac..d1707d7364 100644 --- a/translations/fr.json +++ b/translations/fr.json @@ -18,6 +18,7 @@ "- {{.logPath}}": "- {{.logPath}}", "--kvm-numa-count range is 1-8": "la tranche de --kvm-numa-count est 1 à 8", "--network flag is only valid with the docker/podman and KVM drivers, it will be ignored": "le drapeau --network est valide uniquement avec les pilotes docker/podman et KVM, il va être ignoré", + "127.0.0.1": "", "\u003ctarget file absolute path\u003e must be an absolute Path. Relative Path is not allowed (example: \"/home/docker/copied.txt\")": "\u003ctarget file absolute path\u003e doit être un chemin absolu. Les chemins relatifs ne sont pas autorisés (exemple: \"/home/docker/copied.txt\")", "==\u003e Audit \u003c==": "==\u003e Audit \u003c==", "==\u003e Last Start \u003c==": "==\u003e Dernier démarrage \u003c==", @@ -407,6 +408,7 @@ "Number of extra disks created and attached to the minikube VM (currently only implemented for hyperkit driver)": "Nombre de disques supplémentaires créés et attachés à la machine virtuelle minikube (actuellement implémenté uniquement pour le pilote hyperkit)", "Number of lines back to go within the log": "Nombre de lignes à remonter dans le journal", "OS release is {{.pretty_name}}": "La version du système d'exploitation est {{.pretty_name}}", + "One of 'text', 'yaml' or 'json'.": "", "One of 'yaml' or 'json'.": "Un parmi 'yaml' ou 'json'.", "Only alphanumeric and dashes '-' are permitted. Minimum 1 character, starting with alphanumeric.": "Seuls les caractères alphanumériques et les tirets '-' sont autorisés. Minimum 1 caractère, commençant par alphanumérique.", "Only alphanumeric and dashes '-' are permitted. Minimum 2 characters, starting with alphanumeric.": "Seuls les caractères alphanumériques et les tirets '-' sont autorisés. Minimum 2 caractères, commençant par alphanumérique.", @@ -668,6 +670,7 @@ "The requested memory allocation of {{.requested}}MiB does not leave room for system overhead (total system memory: {{.system_limit}}MiB). You may face stability issues.": "L'allocation de mémoire demandée de {{.requested}}MiB ne laisse pas de place pour la surcharge système (mémoire système totale : {{.system_limit}}MiB). Vous pouvez rencontrer des problèmes de stabilité.", "The service namespace": "L'espace de nom du service", "The service {{.service}} requires privileged ports to be exposed: {{.ports}}": "Le service {{.service}} nécessite l'exposition des ports privilégiés : {{.ports}}", + "The service/ingress {{.resource}} requires privileged ports to be exposed: {{.ports}}": "", "The services namespace": "L'espace de noms des services", "The time interval for each check that wait performs in seconds": "L'intervalle de temps pour chaque contrôle que wait effectue en secondes", "The value passed to --format is invalid": "La valeur passée à --format n'est pas valide", @@ -860,6 +863,7 @@ "error provisioning host": "erreur lors de l'approvisionnement de l'hôte", "error starting tunnel": "erreur de démarrage du tunnel", "error stopping tunnel": "erreur d'arrêt du tunnel", + "error: --output must be 'text', 'yaml' or 'json'": "", "error: --output must be 'yaml' or 'json'": "erreur : --output doit être 'yaml' ou 'json'", "experimental": "expérimental", "failed to add node": "échec de l'ajout du nœud", diff --git a/translations/ja.json b/translations/ja.json index c65e7a18d5..fb37609938 100644 --- a/translations/ja.json +++ b/translations/ja.json @@ -19,6 +19,7 @@ "- {{.logPath}}": "", "--kvm-numa-count range is 1-8": "", "--network flag is only valid with the docker/podman and KVM drivers, it will be ignored": "", + "127.0.0.1": "", "\u003ctarget file absolute path\u003e must be an absolute Path. Relative Path is not allowed (example: \"/home/docker/copied.txt\")": "", "==\u003e Audit \u003c==": "", "==\u003e Last Start \u003c==": "", @@ -150,7 +151,6 @@ "Downloading Kubernetes {{.version}} preload ...": "Kubernetes {{.version}} のダウンロードの準備をしています", "Downloading VM boot image ...": "VM ブートイメージをダウンロードしています...", "Downloading driver {{.driver}}:": "{{.driver}} ドライバをダウンロードしています:", - "Due to networking limitations of driver {{.driver_name}} on {{.os_name}}, {{.addon_name}} addon is not supported.\nAlternatively to use this addon you can use a vm-based driver:\n\n\t'minikube start --vm=true'\n\nTo track the update on this work in progress feature please check:\nhttps://github.com/kubernetes/minikube/issues/7332": "", "Due to networking limitations of driver {{.driver_name}}, {{.addon_name}} addon is not fully supported. Try using a different driver.": "", "ERROR creating `registry-creds-acr` secret": "`registry-creds-acr` シークレット作成中にエラーが発生しました", "ERROR creating `registry-creds-dpr` secret": "`registry-creds-dpr` シークレット作成中にエラーが発生しました", @@ -398,6 +398,7 @@ "Number of extra disks created and attached to the minikube VM (currently only implemented for hyperkit driver)": "", "Number of lines back to go within the log": "", "OS release is {{.pretty_name}}": "OS は {{.pretty_name}} です。", + "One of 'text', 'yaml' or 'json'.": "", "One of 'yaml' or 'json'.": "", "Only alphanumeric and dashes '-' are permitted. Minimum 1 character, starting with alphanumeric.": "", "Only alphanumeric and dashes '-' are permitted. Minimum 2 characters, starting with alphanumeric.": "", @@ -661,7 +662,7 @@ "The podman-env command is incompatible with multi-node clusters. Use the 'registry' add-on: https://minikube.sigs.k8s.io/docs/handbook/registry/": "", "The requested memory allocation of {{.requested}}MiB does not leave room for system overhead (total system memory: {{.system_limit}}MiB). You may face stability issues.": "", "The service namespace": "", - "The service {{.service}} requires privileged ports to be exposed: {{.ports}}": "", + "The service/ingress {{.resource}} requires privileged ports to be exposed: {{.ports}}": "", "The services namespace": "", "The time interval for each check that wait performs in seconds": "", "The value passed to --format is invalid": "", @@ -856,6 +857,7 @@ "error provisioning guest": "", "error starting tunnel": "tunnel を開始する際にエラーが発生しました", "error stopping tunnel": "tunnel を停止する際にエラーが発生しました", + "error: --output must be 'text', 'yaml' or 'json'": "", "error: --output must be 'yaml' or 'json'": "エラーです。 --output は「 yaml 」、あるいは「 json 」である必要があります", "experimental": "", "failed to add node": "", diff --git a/translations/ko.json b/translations/ko.json index 42c0c950e3..c88d31db6d 100644 --- a/translations/ko.json +++ b/translations/ko.json @@ -23,6 +23,7 @@ "- {{.logPath}}": "", "--kvm-numa-count range is 1-8": "--kvm-numa-count 범위는 1부터 8입니다", "--network flag is only valid with the docker/podman and KVM drivers, it will be ignored": "", + "127.0.0.1": "", "\u003ctarget file absolute path\u003e must be an absolute Path. Relative Path is not allowed (example: \"/home/docker/copied.txt\")": "", "==\u003e Audit \u003c==": "", "==\u003e Last Start \u003c==": "", @@ -162,7 +163,6 @@ "Downloading VM boot image ...": "가상 머신 부트 이미지 다운로드 중 ...", "Downloading driver {{.driver}}:": "드라이버 {{.driver}} 다운로드 중 :", "Downloading {{.name}} {{.version}}": "{{.name}} {{.version}} 다운로드 중", - "Due to networking limitations of driver {{.driver_name}} on {{.os_name}}, {{.addon_name}} addon is not supported.\nAlternatively to use this addon you can use a vm-based driver:\n\n\t'minikube start --vm=true'\n\nTo track the update on this work in progress feature please check:\nhttps://github.com/kubernetes/minikube/issues/7332": "", "Due to networking limitations of driver {{.driver_name}}, {{.addon_name}} addon is not fully supported. Try using a different driver.": "", "ERROR creating `registry-creds-acr` secret": "registry-creds-acr` secret 생성 오류", "ERROR creating `registry-creds-dpr` secret": "`registry-creds-dpr` secret 생성 오류", @@ -423,6 +423,7 @@ "Number of extra disks created and attached to the minikube VM (currently only implemented for hyperkit driver)": "", "Number of lines back to go within the log": "", "OS release is {{.pretty_name}}": "", + "One of 'text', 'yaml' or 'json'.": "", "One of 'yaml' or 'json'.": "", "Only alphanumeric and dashes '-' are permitted. Minimum 1 character, starting with alphanumeric.": "", "Only alphanumeric and dashes '-' are permitted. Minimum 2 characters, starting with alphanumeric.": "", @@ -672,7 +673,7 @@ "The podman-env command is incompatible with multi-node clusters. Use the 'registry' add-on: https://minikube.sigs.k8s.io/docs/handbook/registry/": "", "The requested memory allocation of {{.requested}}MiB does not leave room for system overhead (total system memory: {{.system_limit}}MiB). You may face stability issues.": "", "The service namespace": "", - "The service {{.service}} requires privileged ports to be exposed: {{.ports}}": "", + "The service/ingress {{.resource}} requires privileged ports to be exposed: {{.ports}}": "", "The services namespace": "", "The time interval for each check that wait performs in seconds": "", "The value passed to --format is invalid": "", @@ -858,6 +859,7 @@ "error provisioning guest": "", "error starting tunnel": "", "error stopping tunnel": "", + "error: --output must be 'text', 'yaml' or 'json'": "", "error: --output must be 'yaml' or 'json'": "", "experimental": "", "failed to add node": "", diff --git a/translations/pl.json b/translations/pl.json index 8dc41f784b..206d775652 100644 --- a/translations/pl.json +++ b/translations/pl.json @@ -22,6 +22,7 @@ "- {{.logPath}}": "", "--kvm-numa-count range is 1-8": "", "--network flag is only valid with the docker/podman and KVM drivers, it will be ignored": "", + "127.0.0.1": "", "\u003ctarget file absolute path\u003e must be an absolute Path. Relative Path is not allowed (example: \"/home/docker/copied.txt\")": "", "==\u003e Audit \u003c==": "==\u003e Audyt \u003c==", "==\u003e Last Start \u003c==": "==\u003e Ostatni start \u003c==", @@ -162,7 +163,6 @@ "Downloading VM boot image ...": "Pobieranie obrazu maszyny wirtualnej ...", "Downloading driver {{.driver}}:": "", "Downloading {{.name}} {{.version}}": "Pobieranie {{.name}} {{.version}}", - "Due to networking limitations of driver {{.driver_name}} on {{.os_name}}, {{.addon_name}} addon is not supported.\nAlternatively to use this addon you can use a vm-based driver:\n\n\t'minikube start --vm=true'\n\nTo track the update on this work in progress feature please check:\nhttps://github.com/kubernetes/minikube/issues/7332": "", "Due to networking limitations of driver {{.driver_name}}, {{.addon_name}} addon is not fully supported. Try using a different driver.": "", "ERROR creating `registry-creds-acr` secret": "", "ERROR creating `registry-creds-dpr` secret": "", @@ -415,6 +415,7 @@ "Number of extra disks created and attached to the minikube VM (currently only implemented for hyperkit driver)": "", "Number of lines back to go within the log": "", "OS release is {{.pretty_name}}": "Wersja systemu operacyjnego to {{.pretty_name}}", + "One of 'text', 'yaml' or 'json'.": "", "One of 'yaml' or 'json'.": "Jeden z dwóćh formatów - 'yaml' lub 'json'", "Only alphanumeric and dashes '-' are permitted. Minimum 1 character, starting with alphanumeric.": "Tylko znaki alfanumeryczne oraz myślniki '-' są dozwolone. Co najmniej jeden znak, zaczynając od znaku alfanumerycznego", "Only alphanumeric and dashes '-' are permitted. Minimum 2 characters, starting with alphanumeric.": "Tylko znaki alfanumeryczne oraz myślniki '-' są dozwolone. Co najmniej dwa znaki, zaczynając od znaku alfanumerycznego", @@ -680,7 +681,7 @@ "The podman-env command is incompatible with multi-node clusters. Use the 'registry' add-on: https://minikube.sigs.k8s.io/docs/handbook/registry/": "", "The requested memory allocation of {{.requested}}MiB does not leave room for system overhead (total system memory: {{.system_limit}}MiB). You may face stability issues.": "", "The service namespace": "", - "The service {{.service}} requires privileged ports to be exposed: {{.ports}}": "", + "The service/ingress {{.resource}} requires privileged ports to be exposed: {{.ports}}": "", "The services namespace": "", "The time interval for each check that wait performs in seconds": "", "The value passed to --format is invalid": "Wartość przekazana do --format jest nieprawidłowa", @@ -864,6 +865,7 @@ "error provisioning guest": "", "error starting tunnel": "", "error stopping tunnel": "", + "error: --output must be 'text', 'yaml' or 'json'": "", "error: --output must be 'yaml' or 'json'": "", "experimental": "", "failed to add node": "", diff --git a/translations/strings.txt b/translations/strings.txt index a1d230cbd6..e4b5fadb80 100644 --- a/translations/strings.txt +++ b/translations/strings.txt @@ -17,6 +17,7 @@ "- {{.logPath}}": "", "--kvm-numa-count range is 1-8": "", "--network flag is only valid with the docker/podman and KVM drivers, it will be ignored": "", + "127.0.0.1": "", "\u003ctarget file absolute path\u003e must be an absolute Path. Relative Path is not allowed (example: \"/home/docker/copied.txt\")": "", "==\u003e Audit \u003c==": "", "==\u003e Last Start \u003c==": "", @@ -145,7 +146,6 @@ "Downloading Kubernetes {{.version}} preload ...": "", "Downloading VM boot image ...": "", "Downloading driver {{.driver}}:": "", - "Due to networking limitations of driver {{.driver_name}} on {{.os_name}}, {{.addon_name}} addon is not supported.\nAlternatively to use this addon you can use a vm-based driver:\n\n\t'minikube start --vm=true'\n\nTo track the update on this work in progress feature please check:\nhttps://github.com/kubernetes/minikube/issues/7332": "", "Due to networking limitations of driver {{.driver_name}}, {{.addon_name}} addon is not fully supported. Try using a different driver.": "", "ERROR creating `registry-creds-acr` secret": "", "ERROR creating `registry-creds-dpr` secret": "", @@ -377,6 +377,7 @@ "Number of extra disks created and attached to the minikube VM (currently only implemented for hyperkit driver)": "", "Number of lines back to go within the log": "", "OS release is {{.pretty_name}}": "", + "One of 'text', 'yaml' or 'json'.": "", "One of 'yaml' or 'json'.": "", "Only alphanumeric and dashes '-' are permitted. Minimum 1 character, starting with alphanumeric.": "", "Only alphanumeric and dashes '-' are permitted. Minimum 2 characters, starting with alphanumeric.": "", @@ -619,7 +620,7 @@ "The podman-env command is incompatible with multi-node clusters. Use the 'registry' add-on: https://minikube.sigs.k8s.io/docs/handbook/registry/": "", "The requested memory allocation of {{.requested}}MiB does not leave room for system overhead (total system memory: {{.system_limit}}MiB). You may face stability issues.": "", "The service namespace": "", - "The service {{.service}} requires privileged ports to be exposed: {{.ports}}": "", + "The service/ingress {{.resource}} requires privileged ports to be exposed: {{.ports}}": "", "The services namespace": "", "The time interval for each check that wait performs in seconds": "", "The value passed to --format is invalid": "", @@ -793,6 +794,7 @@ "error provisioning guest": "", "error starting tunnel": "", "error stopping tunnel": "", + "error: --output must be 'text', 'yaml' or 'json'": "", "error: --output must be 'yaml' or 'json'": "", "experimental": "", "failed to add node": "", diff --git a/translations/zh-CN.json b/translations/zh-CN.json index 67988fff6c..50858be631 100644 --- a/translations/zh-CN.json +++ b/translations/zh-CN.json @@ -24,6 +24,7 @@ "- {{.logPath}}": "", "--kvm-numa-count range is 1-8": "", "--network flag is only valid with the docker/podman and KVM drivers, it will be ignored": "", + "127.0.0.1": "", "\u003ctarget file absolute path\u003e must be an absolute Path. Relative Path is not allowed (example: \"/home/docker/copied.txt\")": "", "==\u003e Audit \u003c==": "", "==\u003e Last Start \u003c==": "", @@ -187,7 +188,6 @@ "Downloading VM boot image ...": "正在下载 VM boot image...", "Downloading driver {{.driver}}:": "正在下载驱动 {{.driver}}:", "Downloading {{.name}} {{.version}}": "正在下载 {{.name}} {{.version}}", - "Due to networking limitations of driver {{.driver_name}} on {{.os_name}}, {{.addon_name}} addon is not supported.\nAlternatively to use this addon you can use a vm-based driver:\n\n\t'minikube start --vm=true'\n\nTo track the update on this work in progress feature please check:\nhttps://github.com/kubernetes/minikube/issues/7332": "", "Due to networking limitations of driver {{.driver_name}}, {{.addon_name}} addon is not fully supported. Try using a different driver.": "", "ERROR creating `registry-creds-acr` secret": "", "ERROR creating `registry-creds-dpr` secret": "创建 `registry-creds-dpr` secret 时出错", @@ -488,6 +488,7 @@ "Number of extra disks created and attached to the minikube VM (currently only implemented for hyperkit driver)": "", "Number of lines back to go within the log": "", "OS release is {{.pretty_name}}": "", + "One of 'text', 'yaml' or 'json'.": "", "One of 'yaml' or 'json'.": "", "Only alphanumeric and dashes '-' are permitted. Minimum 1 character, starting with alphanumeric.": "", "Only alphanumeric and dashes '-' are permitted. Minimum 2 characters, starting with alphanumeric.": "", @@ -768,7 +769,7 @@ "The podman-env command is incompatible with multi-node clusters. Use the 'registry' add-on: https://minikube.sigs.k8s.io/docs/handbook/registry/": "", "The requested memory allocation of {{.requested}}MiB does not leave room for system overhead (total system memory: {{.system_limit}}MiB). You may face stability issues.": "", "The service namespace": "", - "The service {{.service}} requires privileged ports to be exposed: {{.ports}}": "", + "The service/ingress {{.resource}} requires privileged ports to be exposed: {{.ports}}": "", "The services namespace": "", "The time interval for each check that wait performs in seconds": "", "The value passed to --format is invalid": "", @@ -970,6 +971,7 @@ "error provisioning guest": "", "error starting tunnel": "", "error stopping tunnel": "", + "error: --output must be 'text', 'yaml' or 'json'": "", "error: --output must be 'yaml' or 'json'": "", "experimental": "", "failed to add node": "", From fe6cbc4e428f26c4fdc6f307b4d7f147cebc1511 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Fri, 20 Aug 2021 15:34:53 -0700 Subject: [PATCH 169/205] add extra options to minikube start directly --- cmd/minikube/cmd/start_flags.go | 6 ++++++ test/integration/start_stop_delete_test.go | 5 +---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/cmd/minikube/cmd/start_flags.go b/cmd/minikube/cmd/start_flags.go index bfc39bda3a..e95316895a 100644 --- a/cmd/minikube/cmd/start_flags.go +++ b/cmd/minikube/cmd/start_flags.go @@ -35,6 +35,7 @@ import ( "k8s.io/minikube/pkg/minikube/config" "k8s.io/minikube/pkg/minikube/constants" "k8s.io/minikube/pkg/minikube/cruntime" + "k8s.io/minikube/pkg/minikube/detect" "k8s.io/minikube/pkg/minikube/download" "k8s.io/minikube/pkg/minikube/driver" "k8s.io/minikube/pkg/minikube/exit" @@ -480,6 +481,11 @@ func generateNewConfigFromFlags(cmd *cobra.Command, k8sVersion string, drvName s cc.ContainerVolumeMounts = []string{viper.GetString(mountString)} } + if detect.IsCloudShell() { + cc.KubernetesConfig.ExtraOptions.Set("kubelet.cgroups-per-qos=false") + cc.KubernetesConfig.ExtraOptions.Set("kubelet.enforce-node-allocatable=\"\"") + } + return cc } diff --git a/test/integration/start_stop_delete_test.go b/test/integration/start_stop_delete_test.go index 8a6da71577..c756965d03 100644 --- a/test/integration/start_stop_delete_test.go +++ b/test/integration/start_stop_delete_test.go @@ -83,10 +83,7 @@ func TestStartStop(t *testing.T) { version string args []string }{ - {"cloud-shell", constants.DefaultKubernetesVersion, []string{ - "--extra-config=kubelet.cgroups-per-qos=false", - "--extra-config=kubelet.enforce-node-allocatable=\"\"", - }}, + {"cloud-shell", constants.DefaultKubernetesVersion, []string{}}, } } From 380b8467153944a19bb872811bff9e001216d1a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Sun, 15 Aug 2021 20:20:07 +0200 Subject: [PATCH 170/205] Add stand-alone image pull and image tag commands Needed for testing, but maybe elsewhere as well --- cmd/minikube/cmd/image.go | 42 +++++++++ pkg/minikube/cruntime/containerd.go | 10 +++ pkg/minikube/cruntime/crio.go | 10 +++ pkg/minikube/cruntime/cruntime.go | 2 + pkg/minikube/cruntime/docker.go | 10 +++ pkg/minikube/machine/cache_images.go | 57 ++++++++++++ pkg/minikube/reason/reason.go | 4 + site/content/en/docs/commands/image.md | 88 +++++++++++++++++++ site/content/en/docs/contrib/errorcodes.en.md | 6 ++ translations/strings.txt | 5 ++ 10 files changed, 234 insertions(+) diff --git a/cmd/minikube/cmd/image.go b/cmd/minikube/cmd/image.go index 85616c09c4..cbc6aa87d9 100644 --- a/cmd/minikube/cmd/image.go +++ b/cmd/minikube/cmd/image.go @@ -165,6 +165,24 @@ $ minikube image unload image busybox }, } +var pullImageCmd = &cobra.Command{ + Use: "pull", + Short: "Pull images", + Example: ` +$ minikube image pull busybox +`, + Run: func(cmd *cobra.Command, args []string) { + profile, err := config.LoadProfile(viper.GetString(config.ProfileName)) + if err != nil { + exit.Error(reason.Usage, "loading profile", err) + } + + if err := machine.PullImages(args, profile); err != nil { + exit.Error(reason.GuestImagePull, "Failed to pull images", err) + } + }, +} + func createTar(dir string) (string, error) { tar, err := docker.CreateTarStream(dir, dockerFile) if err != nil { @@ -245,6 +263,28 @@ $ minikube image ls }, } +var tagImageCmd = &cobra.Command{ + Use: "tag", + Short: "Tag images", + Example: ` +$ minikube image tag source target +`, + Aliases: []string{"list"}, + Run: func(cmd *cobra.Command, args []string) { + if len(args) != 2 { + exit.Message(reason.Usage, "Please provide source and target image") + } + profile, err := config.LoadProfile(viper.GetString(config.ProfileName)) + if err != nil { + exit.Error(reason.Usage, "loading profile", err) + } + + if err := machine.TagImage(profile, args[0], args[1]); err != nil { + exit.Error(reason.GuestImageTag, "Failed to tag images", err) + } + }, +} + func init() { loadImageCmd.Flags().BoolVarP(&pull, "pull", "", false, "Pull the remote image (no caching)") loadImageCmd.Flags().BoolVar(&imgDaemon, "daemon", false, "Cache image from docker daemon") @@ -252,6 +292,7 @@ func init() { loadImageCmd.Flags().BoolVar(&overwrite, "overwrite", true, "Overwrite image even if same image:tag name exists") imageCmd.AddCommand(loadImageCmd) imageCmd.AddCommand(removeImageCmd) + imageCmd.AddCommand(pullImageCmd) buildImageCmd.Flags().StringVarP(&tag, "tag", "t", "", "Tag to apply to the new image (optional)") buildImageCmd.Flags().BoolVarP(&push, "push", "", false, "Push the new image (requires tag)") buildImageCmd.Flags().StringVarP(&dockerFile, "file", "f", "", "Path to the Dockerfile to use (optional)") @@ -259,4 +300,5 @@ func init() { buildImageCmd.Flags().StringArrayVar(&buildOpt, "build-opt", nil, "Specify arbitrary flags to pass to the build. (format: key=value)") imageCmd.AddCommand(buildImageCmd) imageCmd.AddCommand(listImageCmd) + imageCmd.AddCommand(tagImageCmd) } diff --git a/pkg/minikube/cruntime/containerd.go b/pkg/minikube/cruntime/containerd.go index edc22533f1..13b0834e9b 100644 --- a/pkg/minikube/cruntime/containerd.go +++ b/pkg/minikube/cruntime/containerd.go @@ -305,6 +305,16 @@ func (r *Containerd) RemoveImage(name string) error { return removeCRIImage(r.Runner, name) } +// TagImage tags an image in this runtime +func (r *Containerd) TagImage(source string, target string) error { + klog.Infof("Tagging image %s: %s", source, target) + c := exec.Command("sudo", "ctr", "-n=k8s.io", "images", "tag", source, target) + if _, err := r.Runner.RunCmd(c); err != nil { + return errors.Wrapf(err, "ctr images tag") + } + return nil +} + func gitClone(cr CommandRunner, src string) (string, error) { // clone to a temporary directory rr, err := cr.RunCmd(exec.Command("mktemp", "-d")) diff --git a/pkg/minikube/cruntime/crio.go b/pkg/minikube/cruntime/crio.go index 82d30647f6..ddb61ceb43 100644 --- a/pkg/minikube/cruntime/crio.go +++ b/pkg/minikube/cruntime/crio.go @@ -216,6 +216,16 @@ func (r *CRIO) RemoveImage(name string) error { return removeCRIImage(r.Runner, name) } +// TagImage tags an image in this runtime +func (r *CRIO) TagImage(source string, target string) error { + klog.Infof("Tagging image %s: %s", source, target) + c := exec.Command("sudo", "podman", "tag", source, target) + if _, err := r.Runner.RunCmd(c); err != nil { + return errors.Wrap(err, "crio tag image") + } + return nil +} + // BuildImage builds an image into this runtime func (r *CRIO) BuildImage(src string, file string, tag string, push bool, env []string, opts []string) error { klog.Infof("Building image: %s", src) diff --git a/pkg/minikube/cruntime/cruntime.go b/pkg/minikube/cruntime/cruntime.go index 95d9084839..a7ae9f4323 100644 --- a/pkg/minikube/cruntime/cruntime.go +++ b/pkg/minikube/cruntime/cruntime.go @@ -101,6 +101,8 @@ type Manager interface { BuildImage(string, string, string, bool, []string, []string) error // Save an image from the runtime on a host SaveImage(string, string) error + // Tag an image + TagImage(string, string) error // ImageExists takes image name and image sha checks if an it exists ImageExists(string, string) bool diff --git a/pkg/minikube/cruntime/docker.go b/pkg/minikube/cruntime/docker.go index c25c6cc930..641775b78b 100644 --- a/pkg/minikube/cruntime/docker.go +++ b/pkg/minikube/cruntime/docker.go @@ -244,6 +244,16 @@ func (r *Docker) RemoveImage(name string) error { return nil } +// TagImage tags an image in this runtime +func (r *Docker) TagImage(source string, target string) error { + klog.Infof("Tagging image %s: %s", source, target) + c := exec.Command("docker", "tag", source, target) + if _, err := r.Runner.RunCmd(c); err != nil { + return errors.Wrap(err, "tag image docker.") + } + return nil +} + // BuildImage builds an image into this runtime func (r *Docker) BuildImage(src string, file string, tag string, push bool, env []string, opts []string) error { klog.Infof("Building image: %s", src) diff --git a/pkg/minikube/machine/cache_images.go b/pkg/minikube/machine/cache_images.go index ad97ddcf8d..c9b9e54632 100644 --- a/pkg/minikube/machine/cache_images.go +++ b/pkg/minikube/machine/cache_images.go @@ -539,3 +539,60 @@ func ListImages(profile *config.Profile) error { return nil } + +// TagImage tags image in all nodes in profile +func TagImage(profile *config.Profile, source string, target string) error { + api, err := NewAPIClient() + if err != nil { + return errors.Wrap(err, "error creating api client") + } + defer api.Close() + + succeeded := []string{} + failed := []string{} + + pName := profile.Name + + c, err := config.Load(pName) + if err != nil { + klog.Errorf("Failed to load profile %q: %v", pName, err) + return errors.Wrapf(err, "error loading config for profile :%v", pName) + } + + for _, n := range c.Nodes { + m := config.MachineName(*c, n) + + status, err := Status(api, m) + if err != nil { + klog.Warningf("error getting status for %s: %v", m, err) + continue + } + + if status == state.Running.String() { + h, err := api.Load(m) + if err != nil { + klog.Warningf("Failed to load machine %q: %v", m, err) + continue + } + runner, err := CommandRunner(h) + if err != nil { + return err + } + cruntime, err := cruntime.New(cruntime.Config{Type: c.KubernetesConfig.ContainerRuntime, Runner: runner}) + if err != nil { + return errors.Wrap(err, "error creating container runtime") + } + err = cruntime.TagImage(source, target) + if err != nil { + failed = append(failed, m) + klog.Warningf("Failed to tag image for profile %s %v", pName, err.Error()) + continue + } + succeeded = append(succeeded, m) + } + } + + klog.Infof("succeeded tagging in: %s", strings.Join(succeeded, " ")) + klog.Infof("failed tagging in: %s", strings.Join(failed, " ")) + return nil +} diff --git a/pkg/minikube/reason/reason.go b/pkg/minikube/reason/reason.go index 9b044e45b8..b64f5cd031 100644 --- a/pkg/minikube/reason/reason.go +++ b/pkg/minikube/reason/reason.go @@ -315,8 +315,12 @@ var ( GuestImageLoad = Kind{ID: "GUEST_IMAGE_LOAD", ExitCode: ExGuestError} // minikube failed to remove an image GuestImageRemove = Kind{ID: "GUEST_IMAGE_REMOVE", ExitCode: ExGuestError} + // minikube failed to pull an image + GuestImagePull = Kind{ID: "GUEST_IMAGE_PULL", ExitCode: ExGuestError} // minikube failed to build an image GuestImageBuild = Kind{ID: "GUEST_IMAGE_BUILD", ExitCode: ExGuestError} + // minikube failed to tag an image + GuestImageTag = Kind{ID: "GUEST_IMAGE_TAG", ExitCode: ExGuestError} // minikube failed to load host GuestLoadHost = Kind{ID: "GUEST_LOAD_HOST", ExitCode: ExGuestError} // minkube failed to create a mount diff --git a/site/content/en/docs/commands/image.md b/site/content/en/docs/commands/image.md index 299e0c80ae..51a509972f 100644 --- a/site/content/en/docs/commands/image.md +++ b/site/content/en/docs/commands/image.md @@ -216,6 +216,48 @@ $ minikube image ls --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging ``` +## minikube image pull + +Pull images + +### Synopsis + +Pull images + +```shell +minikube image pull [flags] +``` + +### Examples + +``` + +$ minikube image pull busybox + +``` + +### Options inherited from parent commands + +``` + --add_dir_header If true, adds the file directory to the header of the log messages + --alsologtostderr log to standard error as well as files + -b, --bootstrapper string The name of the cluster bootstrapper that will set up the Kubernetes cluster. (default "kubeadm") + -h, --help + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --log_file string If non-empty, use this log file + --log_file_max_size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) + --logtostderr log to standard error instead of files + --one_output If true, only write logs to their native severity level (vs also writing to each lower severity level) + -p, --profile string The name of the minikube VM being used. This can be set to allow having multiple instances of minikube independently. (default "minikube") + --skip_headers If true, avoid header prefixes in the log messages + --skip_log_headers If true, avoid headers when opening log files + --stderrthreshold severity logs at or above this threshold go to stderr (default 2) + --user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username. + -v, --v Level number for the log level verbosity + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + ## minikube image rm Remove one or more images @@ -264,3 +306,49 @@ $ minikube image unload image busybox --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging ``` +## minikube image tag + +Tag images + +### Synopsis + +Tag images + +```shell +minikube image tag [flags] +``` + +### Aliases + +[list] + +### Examples + +``` + +$ minikube image tag source target + +``` + +### Options inherited from parent commands + +``` + --add_dir_header If true, adds the file directory to the header of the log messages + --alsologtostderr log to standard error as well as files + -b, --bootstrapper string The name of the cluster bootstrapper that will set up the Kubernetes cluster. (default "kubeadm") + -h, --help + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --log_file string If non-empty, use this log file + --log_file_max_size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) + --logtostderr log to standard error instead of files + --one_output If true, only write logs to their native severity level (vs also writing to each lower severity level) + -p, --profile string The name of the minikube VM being used. This can be set to allow having multiple instances of minikube independently. (default "minikube") + --skip_headers If true, avoid header prefixes in the log messages + --skip_log_headers If true, avoid headers when opening log files + --stderrthreshold severity logs at or above this threshold go to stderr (default 2) + --user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username. + -v, --v Level number for the log level verbosity + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + diff --git a/site/content/en/docs/contrib/errorcodes.en.md b/site/content/en/docs/contrib/errorcodes.en.md index d2589bf1e5..8b718f5acb 100644 --- a/site/content/en/docs/contrib/errorcodes.en.md +++ b/site/content/en/docs/contrib/errorcodes.en.md @@ -378,9 +378,15 @@ minikube failed to pull or load an image "GUEST_IMAGE_REMOVE" (Exit code ExGuestError) minikube failed to remove an image +"GUEST_IMAGE_PULL" (Exit code ExGuestError) +minikube failed to pull an image + "GUEST_IMAGE_BUILD" (Exit code ExGuestError) minikube failed to build an image +"GUEST_IMAGE_TAG" (Exit code ExGuestError) +minikube failed to tag an image + "GUEST_LOAD_HOST" (Exit code ExGuestError) minikube failed to load host diff --git a/translations/strings.txt b/translations/strings.txt index e4b5fadb80..8535d29ba0 100644 --- a/translations/strings.txt +++ b/translations/strings.txt @@ -235,6 +235,7 @@ "Failed to load image": "", "Failed to persist images": "", "Failed to pull image": "", + "Failed to pull images": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", @@ -245,6 +246,7 @@ "Failed to start container runtime": "", "Failed to start {{.driver}} {{.driver_type}}. Running \"{{.cmd}}\" may fix it: {{.error}}": "", "Failed to stop node {{.name}}": "", + "Failed to tag images": "", "Failed to update cluster": "", "Failed to update config": "", "Failed unmount: {{.error}}": "", @@ -409,6 +411,7 @@ "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", + "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", "Please re-eval your podman-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t": "", "Please see {{.documentation_url}} for more details": "", @@ -433,6 +436,7 @@ "Profile name '{{.profilename}}' is not valid": "", "Profile name should be unique": "", "Provide VM UUID to restore MAC address (hyperkit driver only)": "", + "Pull images": "", "Pull the remote image (no caching)": "", "Pulling base image ...": "", "Push the new image (requires tag)": "", @@ -549,6 +553,7 @@ "Successfully stopped node {{.name}}": "", "Suggestion: {{.advice}}": "", "System only has {{.size}}MiB available, less than the required {{.req}}MiB for Kubernetes": "", + "Tag images": "", "Tag to apply to the new image (optional)": "", "Target directory {{.path}} must be an absolute path": "", "Target {{.path}} can not be empty": "", From 817f8b4b70af8231b09773f1d0263e876bf67f83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Sun, 22 Aug 2021 20:07:17 +0200 Subject: [PATCH 171/205] Add also stand-alone image push matching pull Normally this is done as part of image build --- cmd/minikube/cmd/image.go | 19 +++++ pkg/minikube/cruntime/containerd.go | 9 +++ pkg/minikube/cruntime/crio.go | 10 +++ pkg/minikube/cruntime/cruntime.go | 2 + pkg/minikube/cruntime/docker.go | 10 +++ pkg/minikube/machine/cache_images.go | 81 +++++++++++++++++++ pkg/minikube/reason/reason.go | 2 + site/content/en/docs/commands/image.md | 42 ++++++++++ site/content/en/docs/contrib/errorcodes.en.md | 3 + translations/strings.txt | 2 + 10 files changed, 180 insertions(+) diff --git a/cmd/minikube/cmd/image.go b/cmd/minikube/cmd/image.go index cbc6aa87d9..f76da74e23 100644 --- a/cmd/minikube/cmd/image.go +++ b/cmd/minikube/cmd/image.go @@ -285,6 +285,24 @@ $ minikube image tag source target }, } +var pushImageCmd = &cobra.Command{ + Use: "push", + Short: "Push images", + Example: ` +$ minikube image push busybox +`, + Run: func(cmd *cobra.Command, args []string) { + profile, err := config.LoadProfile(viper.GetString(config.ProfileName)) + if err != nil { + exit.Error(reason.Usage, "loading profile", err) + } + + if err := machine.PushImages(args, profile); err != nil { + exit.Error(reason.GuestImagePush, "Failed to push images", err) + } + }, +} + func init() { loadImageCmd.Flags().BoolVarP(&pull, "pull", "", false, "Pull the remote image (no caching)") loadImageCmd.Flags().BoolVar(&imgDaemon, "daemon", false, "Cache image from docker daemon") @@ -301,4 +319,5 @@ func init() { imageCmd.AddCommand(buildImageCmd) imageCmd.AddCommand(listImageCmd) imageCmd.AddCommand(tagImageCmd) + imageCmd.AddCommand(pushImageCmd) } diff --git a/pkg/minikube/cruntime/containerd.go b/pkg/minikube/cruntime/containerd.go index 13b0834e9b..71ca9a9048 100644 --- a/pkg/minikube/cruntime/containerd.go +++ b/pkg/minikube/cruntime/containerd.go @@ -422,6 +422,15 @@ func (r *Containerd) BuildImage(src string, file string, tag string, push bool, return nil } +// PushImage pushes an image +func (r *Containerd) PushImage(name string) error { + klog.Infof("Pushing image %s: %s", name) + c := exec.Command("sudo", "ctr", "-n=k8s.io", "images", "push", name) + if _, err := r.Runner.RunCmd(c); err != nil { + return errors.Wrapf(err, "ctr images push") + } + return nil +} func (r *Containerd) initBuildkitDaemon() error { // if daemon is already running, do nothing cmd := exec.Command("pgrep", "buildkitd") diff --git a/pkg/minikube/cruntime/crio.go b/pkg/minikube/cruntime/crio.go index ddb61ceb43..8d69afa1e0 100644 --- a/pkg/minikube/cruntime/crio.go +++ b/pkg/minikube/cruntime/crio.go @@ -260,6 +260,16 @@ func (r *CRIO) BuildImage(src string, file string, tag string, push bool, env [] return nil } +// PushImage pushes an image +func (r *CRIO) PushImage(name string) error { + klog.Infof("Pushing image %s", name) + c := exec.Command("sudo", "podman", "push", name) + if _, err := r.Runner.RunCmd(c); err != nil { + return errors.Wrap(err, "crio push image") + } + return nil +} + // CGroupDriver returns cgroup driver ("cgroupfs" or "systemd") func (r *CRIO) CGroupDriver() (string, error) { c := exec.Command("crio", "config") diff --git a/pkg/minikube/cruntime/cruntime.go b/pkg/minikube/cruntime/cruntime.go index a7ae9f4323..1ca58e01d4 100644 --- a/pkg/minikube/cruntime/cruntime.go +++ b/pkg/minikube/cruntime/cruntime.go @@ -103,6 +103,8 @@ type Manager interface { SaveImage(string, string) error // Tag an image TagImage(string, string) error + // Push an image from the runtime to the container registry + PushImage(string) error // ImageExists takes image name and image sha checks if an it exists ImageExists(string, string) bool diff --git a/pkg/minikube/cruntime/docker.go b/pkg/minikube/cruntime/docker.go index 641775b78b..2b06321f43 100644 --- a/pkg/minikube/cruntime/docker.go +++ b/pkg/minikube/cruntime/docker.go @@ -288,6 +288,16 @@ func (r *Docker) BuildImage(src string, file string, tag string, push bool, env return nil } +// PushImage pushes an image +func (r *Docker) PushImage(name string) error { + klog.Infof("Pushing image: %s", name) + c := exec.Command("docker", "push", name) + if _, err := r.Runner.RunCmd(c); err != nil { + return errors.Wrap(err, "push image docker.") + } + return nil +} + // CGroupDriver returns cgroup driver ("cgroupfs" or "systemd") func (r *Docker) CGroupDriver() (string, error) { // Note: the server daemon has to be running, for this call to return successfully diff --git a/pkg/minikube/machine/cache_images.go b/pkg/minikube/machine/cache_images.go index c9b9e54632..f2f03dc64b 100644 --- a/pkg/minikube/machine/cache_images.go +++ b/pkg/minikube/machine/cache_images.go @@ -596,3 +596,84 @@ func TagImage(profile *config.Profile, source string, target string) error { klog.Infof("failed tagging in: %s", strings.Join(failed, " ")) return nil } + +// pushImages pushes images from the container run time +func pushImages(cruntime cruntime.Manager, images []string) error { + klog.Infof("PushImages start: %s", images) + start := time.Now() + + defer func() { + klog.Infof("PushImages completed in %s", time.Since(start)) + }() + + var g errgroup.Group + + for _, image := range images { + image := image + g.Go(func() error { + return cruntime.PushImage(image) + }) + } + if err := g.Wait(); err != nil { + return errors.Wrap(err, "error pushing images") + } + klog.Infoln("Successfully pushed images") + return nil +} + +// PushImages push images on all nodes in profile +func PushImages(images []string, profile *config.Profile) error { + api, err := NewAPIClient() + if err != nil { + return errors.Wrap(err, "error creating api client") + } + defer api.Close() + + succeeded := []string{} + failed := []string{} + + pName := profile.Name + + c, err := config.Load(pName) + if err != nil { + klog.Errorf("Failed to load profile %q: %v", pName, err) + return errors.Wrapf(err, "error loading config for profile :%v", pName) + } + + for _, n := range c.Nodes { + m := config.MachineName(*c, n) + + status, err := Status(api, m) + if err != nil { + klog.Warningf("error getting status for %s: %v", m, err) + continue + } + + if status == state.Running.String() { + h, err := api.Load(m) + if err != nil { + klog.Warningf("Failed to load machine %q: %v", m, err) + continue + } + runner, err := CommandRunner(h) + if err != nil { + return err + } + cruntime, err := cruntime.New(cruntime.Config{Type: c.KubernetesConfig.ContainerRuntime, Runner: runner}) + if err != nil { + return errors.Wrap(err, "error creating container runtime") + } + err = pushImages(cruntime, images) + if err != nil { + failed = append(failed, m) + klog.Warningf("Failed to push image for profile %s %v", pName, err.Error()) + continue + } + succeeded = append(succeeded, m) + } + } + + klog.Infof("succeeded pushing in: %s", strings.Join(succeeded, " ")) + klog.Infof("failed pushing in: %s", strings.Join(failed, " ")) + return nil +} diff --git a/pkg/minikube/reason/reason.go b/pkg/minikube/reason/reason.go index b64f5cd031..a3dd176432 100644 --- a/pkg/minikube/reason/reason.go +++ b/pkg/minikube/reason/reason.go @@ -317,6 +317,8 @@ var ( GuestImageRemove = Kind{ID: "GUEST_IMAGE_REMOVE", ExitCode: ExGuestError} // minikube failed to pull an image GuestImagePull = Kind{ID: "GUEST_IMAGE_PULL", ExitCode: ExGuestError} + // minikube failed to push an image + GuestImagePush = Kind{ID: "GUEST_IMAGE_PUSH", ExitCode: ExGuestError} // minikube failed to build an image GuestImageBuild = Kind{ID: "GUEST_IMAGE_BUILD", ExitCode: ExGuestError} // minikube failed to tag an image diff --git a/site/content/en/docs/commands/image.md b/site/content/en/docs/commands/image.md index 51a509972f..6f6537c5ff 100644 --- a/site/content/en/docs/commands/image.md +++ b/site/content/en/docs/commands/image.md @@ -258,6 +258,48 @@ $ minikube image pull busybox --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging ``` +## minikube image push + +Push images + +### Synopsis + +Push images + +```shell +minikube image push [flags] +``` + +### Examples + +``` + +$ minikube image push busybox + +``` + +### Options inherited from parent commands + +``` + --add_dir_header If true, adds the file directory to the header of the log messages + --alsologtostderr log to standard error as well as files + -b, --bootstrapper string The name of the cluster bootstrapper that will set up the Kubernetes cluster. (default "kubeadm") + -h, --help + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --log_file string If non-empty, use this log file + --log_file_max_size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) + --logtostderr log to standard error instead of files + --one_output If true, only write logs to their native severity level (vs also writing to each lower severity level) + -p, --profile string The name of the minikube VM being used. This can be set to allow having multiple instances of minikube independently. (default "minikube") + --skip_headers If true, avoid header prefixes in the log messages + --skip_log_headers If true, avoid headers when opening log files + --stderrthreshold severity logs at or above this threshold go to stderr (default 2) + --user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username. + -v, --v Level number for the log level verbosity + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging +``` + ## minikube image rm Remove one or more images diff --git a/site/content/en/docs/contrib/errorcodes.en.md b/site/content/en/docs/contrib/errorcodes.en.md index 8b718f5acb..a491beb0b4 100644 --- a/site/content/en/docs/contrib/errorcodes.en.md +++ b/site/content/en/docs/contrib/errorcodes.en.md @@ -381,6 +381,9 @@ minikube failed to remove an image "GUEST_IMAGE_PULL" (Exit code ExGuestError) minikube failed to pull an image +"GUEST_IMAGE_PUSH" (Exit code ExGuestError) +minikube failed to push an image + "GUEST_IMAGE_BUILD" (Exit code ExGuestError) minikube failed to build an image diff --git a/translations/strings.txt b/translations/strings.txt index 8535d29ba0..c22e44bce8 100644 --- a/translations/strings.txt +++ b/translations/strings.txt @@ -236,6 +236,7 @@ "Failed to persist images": "", "Failed to pull image": "", "Failed to pull images": "", + "Failed to push images": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", @@ -439,6 +440,7 @@ "Pull images": "", "Pull the remote image (no caching)": "", "Pulling base image ...": "", + "Push images": "", "Push the new image (requires tag)": "", "Reboot to complete VirtualBox installation, verify that VirtualBox is not blocked by your system, and/or use another hypervisor": "", "Rebuild libvirt with virt-network support": "", From cd97ec2195ca167de054563006a2b6e5438e4232 Mon Sep 17 00:00:00 2001 From: Jeff MAURY Date: Tue, 17 Aug 2021 14:20:42 +0200 Subject: [PATCH 172/205] Fix french translation Signed-off-by: Jeff MAURY --- translations/fr.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/translations/fr.json b/translations/fr.json index d1707d7364..8dedc64423 100644 --- a/translations/fr.json +++ b/translations/fr.json @@ -71,8 +71,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "Le pont CNI est incompatible avec les clusters multi-nœuds, utilisez un autre CNI", "Build a container image in minikube": "Construire une image de conteneur dans minikube", "Build a container image, using the container runtime.": "Construire une image de conteneur à l'aide de l'environnement d'exécution du conteneur.", - "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", - "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "L'allocation CGroup n'est pas disponible dans votre environnement, vous exécutez peut-être minikube dans un conteneur imbriqué. Essayez d'exécuter :\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\ n\n\t\t\t\n\t\t\t", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "L'allocation CGroup n'est pas disponible dans votre environnement, vous exécutez peut-être minikube dans un conteneur imbriqué. Essayez d'exécuter :\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\ n\n\t\t\t\n\t\t\t", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "Plug-in CNI à utiliser. Options valides : auto, bridge, calico, cilium, flannel, kindnet ou chemin vers un manifeste CNI (par défaut : auto)", "Cache image from docker daemon": "Cacher l'image du démon docker", "Cache image from remote registry": "Cacher l'image du registre distant", @@ -572,7 +572,7 @@ "Starts a node.": "Démarre un nœud.", "Starts an existing stopped node in a cluster.": "Démarre un nœud arrêté existant dans un cluster.", "Startup with {{.old_driver}} driver failed, trying with alternate driver {{.new_driver}}: {{.error}}": "Échec du démarrage avec le pilote {{.old_driver}}, essai avec un autre pilote {{.new_driver}} : {{.error}}", - "Stopped tunnel for service {{.service}}.": "", + "Stopped tunnel for service {{.service}}.": "Tunnel arrêté pour le service {{.service}}.", "Stopping \"{{.profile_name}}\" in {{.driver_name}} ...": "Arrêt de \"{{.profile_name}}\" sur {{.driver_name}}...", "Stopping node \"{{.name}}\" ...": "Nœud d'arrêt \"{{.name}}\" ...", "Stopping tunnel for service {{.service}}.": "Tunnel d'arrêt pour le service {{.service}}.", From 3e063625fda73b45d476ca2f38170dc6e4e6db66 Mon Sep 17 00:00:00 2001 From: Jeff MAURY Date: Tue, 17 Aug 2021 22:26:11 +0200 Subject: [PATCH 173/205] Fix typo in fr.json Signed-off-by: Jeff MAURY --- translations/fr.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/translations/fr.json b/translations/fr.json index 8dedc64423..1e27b33428 100644 --- a/translations/fr.json +++ b/translations/fr.json @@ -71,8 +71,8 @@ "Bridge CNI is incompatible with multi-node clusters, use a different CNI": "Le pont CNI est incompatible avec les clusters multi-nœuds, utilisez un autre CNI", "Build a container image in minikube": "Construire une image de conteneur dans minikube", "Build a container image, using the container runtime.": "Construire une image de conteneur à l'aide de l'environnement d'exécution du conteneur.", - "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "L'allocation CGroup n'est pas disponible dans votre environnement, vous exécutez peut-être minikube dans un conteneur imbriqué. Essayez d'exécuter :\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\ n\n\t\t\t\n\t\t\t", - "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "L'allocation CGroup n'est pas disponible dans votre environnement, vous exécutez peut-être minikube dans un conteneur imbriqué. Essayez d'exécuter :\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\ n\n\t\t\t\n\t\t\t", + "CGroup allocation is not available in your environment, You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "L'allocation CGroup n'est pas disponible dans votre environnement, vous exécutez peut-être minikube dans un conteneur imbriqué. Essayez d'exécuter :\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t", + "CGroup allocation is not available in your environment. You might be running minikube in a nested container. Try running:\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t": "L'allocation CGroup n'est pas disponible dans votre environnement, vous exécutez peut-être minikube dans un conteneur imbriqué. Essayez d'exécuter :\n\t\t\t\n\tminikube start --extra-config=kubelet.cgroups-per-qos=false --extra-config=kubelet.enforce-node-allocatable=\"\"\n\n\t\t\t\n\t\t\t", "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "Plug-in CNI à utiliser. Options valides : auto, bridge, calico, cilium, flannel, kindnet ou chemin vers un manifeste CNI (par défaut : auto)", "Cache image from docker daemon": "Cacher l'image du démon docker", "Cache image from remote registry": "Cacher l'image du registre distant", @@ -969,4 +969,4 @@ "{{.profile}} profile is not valid: {{.err}}": "Le profil {{.profile}} n'est pas valide : {{.err}}", "{{.type}} is not yet a supported filesystem. We will try anyways!": "{{.type}} n'est pas encore un système de fichiers pris en charge. Nous essaierons quand même !", "{{.url}} is not accessible: {{.error}}": "{{.url}} n'est pas accessible : {{.error}}" -} \ No newline at end of file +} From 68818d421281cdb3bcbf0b4cba78f78bac45fbac Mon Sep 17 00:00:00 2001 From: Jeff MAURY Date: Mon, 23 Aug 2021 07:46:27 +0200 Subject: [PATCH 174/205] Complete missing items Signed-off-by: Jeff MAURY --- translations/fr.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/translations/fr.json b/translations/fr.json index 1e27b33428..6a8fd1a266 100644 --- a/translations/fr.json +++ b/translations/fr.json @@ -18,7 +18,7 @@ "- {{.logPath}}": "- {{.logPath}}", "--kvm-numa-count range is 1-8": "la tranche de --kvm-numa-count est 1 à 8", "--network flag is only valid with the docker/podman and KVM drivers, it will be ignored": "le drapeau --network est valide uniquement avec les pilotes docker/podman et KVM, il va être ignoré", - "127.0.0.1": "", + "127.0.0.1": "127.0.0.1", "\u003ctarget file absolute path\u003e must be an absolute Path. Relative Path is not allowed (example: \"/home/docker/copied.txt\")": "\u003ctarget file absolute path\u003e doit être un chemin absolu. Les chemins relatifs ne sont pas autorisés (exemple: \"/home/docker/copied.txt\")", "==\u003e Audit \u003c==": "==\u003e Audit \u003c==", "==\u003e Last Start \u003c==": "==\u003e Dernier démarrage \u003c==", @@ -408,7 +408,7 @@ "Number of extra disks created and attached to the minikube VM (currently only implemented for hyperkit driver)": "Nombre de disques supplémentaires créés et attachés à la machine virtuelle minikube (actuellement implémenté uniquement pour le pilote hyperkit)", "Number of lines back to go within the log": "Nombre de lignes à remonter dans le journal", "OS release is {{.pretty_name}}": "La version du système d'exploitation est {{.pretty_name}}", - "One of 'text', 'yaml' or 'json'.": "", + "One of 'text', 'yaml' or 'json'.": "Un parmi 'text', 'yaml' ou 'json'.", "One of 'yaml' or 'json'.": "Un parmi 'yaml' ou 'json'.", "Only alphanumeric and dashes '-' are permitted. Minimum 1 character, starting with alphanumeric.": "Seuls les caractères alphanumériques et les tirets '-' sont autorisés. Minimum 1 caractère, commençant par alphanumérique.", "Only alphanumeric and dashes '-' are permitted. Minimum 2 characters, starting with alphanumeric.": "Seuls les caractères alphanumériques et les tirets '-' sont autorisés. Minimum 2 caractères, commençant par alphanumérique.", @@ -670,7 +670,7 @@ "The requested memory allocation of {{.requested}}MiB does not leave room for system overhead (total system memory: {{.system_limit}}MiB). You may face stability issues.": "L'allocation de mémoire demandée de {{.requested}}MiB ne laisse pas de place pour la surcharge système (mémoire système totale : {{.system_limit}}MiB). Vous pouvez rencontrer des problèmes de stabilité.", "The service namespace": "L'espace de nom du service", "The service {{.service}} requires privileged ports to be exposed: {{.ports}}": "Le service {{.service}} nécessite l'exposition des ports privilégiés : {{.ports}}", - "The service/ingress {{.resource}} requires privileged ports to be exposed: {{.ports}}": "", + "The service/ingress {{.resource}} requires privileged ports to be exposed: {{.ports}}": "Le service/ingress {{.resource}} nécessite l'exposition des ports privilégiés : {{.ports}}", "The services namespace": "L'espace de noms des services", "The time interval for each check that wait performs in seconds": "L'intervalle de temps pour chaque contrôle que wait effectue en secondes", "The value passed to --format is invalid": "La valeur passée à --format n'est pas valide", @@ -863,7 +863,7 @@ "error provisioning host": "erreur lors de l'approvisionnement de l'hôte", "error starting tunnel": "erreur de démarrage du tunnel", "error stopping tunnel": "erreur d'arrêt du tunnel", - "error: --output must be 'text', 'yaml' or 'json'": "", + "error: --output must be 'text', 'yaml' or 'json'": "erreur : --output doit être 'text', 'yaml' ou 'json'", "error: --output must be 'yaml' or 'json'": "erreur : --output doit être 'yaml' ou 'json'", "experimental": "expérimental", "failed to add node": "échec de l'ajout du nœud", From 6892652f34477073a752d90466d48775cffb904f Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Mon, 23 Aug 2021 10:01:54 +0000 Subject: [PATCH 175/205] bump golaint versions --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index da260e6607..9eb0bdba96 100644 --- a/Makefile +++ b/Makefile @@ -69,7 +69,7 @@ MINIKUBE_RELEASES_URL=https://github.com/kubernetes/minikube/releases/download KERNEL_VERSION ?= 4.19.202 # latest from https://github.com/golangci/golangci-lint/releases # update this only by running `make update-golint-version` -GOLINT_VERSION ?= v1.41.1 +GOLINT_VERSION ?= v1.42.0 # Limit number of default jobs, to avoid the CI builds running out of memory GOLINT_JOBS ?= 4 # see https://github.com/golangci/golangci-lint#memory-usage-of-golangci-lint From 10dfafeafbfa3270c7f47c23c5f6246b1147fe31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Mon, 23 Aug 2021 18:15:21 +0200 Subject: [PATCH 176/205] Add kubeadm image versions for kubernetes 1.22 Again, the images were wrong in the preload --- pkg/minikube/bootstrapper/images/images.go | 11 ++++++++--- pkg/minikube/bootstrapper/images/images_test.go | 9 +++++++++ pkg/minikube/download/preload.go | 2 +- 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/pkg/minikube/bootstrapper/images/images.go b/pkg/minikube/bootstrapper/images/images.go index 8c7de8ef64..f54215d0e5 100644 --- a/pkg/minikube/bootstrapper/images/images.go +++ b/pkg/minikube/bootstrapper/images/images.go @@ -31,8 +31,11 @@ func Pause(v semver.Version, mirror string) string { // Note: changing this logic requires bumping the preload version // Should match `PauseVersion` in: // https://github.com/kubernetes/kubernetes/blob/master/cmd/kubeadm/app/constants/constants.go - pv := "3.4.1" + pv := "3.5" // https://github.com/kubernetes/kubernetes/blob/master/cmd/kubeadm/app/constants/constants_unix.go + if semver.MustParseRange("<1.22.0-alpha.3")(v) { + pv = "3.4.1" + } if semver.MustParseRange("<1.21.0-alpha.3")(v) { pv = "3.2" } @@ -71,8 +74,10 @@ func coreDNS(v semver.Version, mirror string) string { if semver.MustParseRange("<1.21.0-alpha.1")(v) { in = "coredns" } - cv := "v1.8.0" + cv := "v1.8.4" switch v.Minor { + case 21: + cv = "v1.8.0" case 20, 19: cv = "1.7.0" case 18: @@ -96,7 +101,7 @@ func etcd(v semver.Version, mirror string) string { // Note: changing this logic requires bumping the preload version // Should match `DefaultEtcdVersion` in: // https://github.com/kubernetes/kubernetes/blob/master/cmd/kubeadm/app/constants/constants.go - ev := "3.4.13-3" + ev := "3.5.0-0" switch v.Minor { case 19, 20, 21: diff --git a/pkg/minikube/bootstrapper/images/images_test.go b/pkg/minikube/bootstrapper/images/images_test.go index 8075e45d44..e2bed3f86f 100644 --- a/pkg/minikube/bootstrapper/images/images_test.go +++ b/pkg/minikube/bootstrapper/images/images_test.go @@ -65,6 +65,15 @@ k8s.gcr.io/kube-proxy:v1.21.0 k8s.gcr.io/pause:3.4.1 k8s.gcr.io/etcd:3.4.13-0 k8s.gcr.io/coredns/coredns:v1.8.0 +`, "\n"), "\n")}, + {"v1.22.0", strings.Split(strings.Trim(` +k8s.gcr.io/kube-apiserver:v1.22.0 +k8s.gcr.io/kube-controller-manager:v1.22.0 +k8s.gcr.io/kube-scheduler:v1.22.0 +k8s.gcr.io/kube-proxy:v1.22.0 +k8s.gcr.io/pause:3.5 +k8s.gcr.io/etcd:3.5.0-0 +k8s.gcr.io/coredns/coredns:v1.8.4 `, "\n"), "\n")}, } for _, tc := range testCases { diff --git a/pkg/minikube/download/preload.go b/pkg/minikube/download/preload.go index 1f3e09d6ee..428f595e98 100644 --- a/pkg/minikube/download/preload.go +++ b/pkg/minikube/download/preload.go @@ -43,7 +43,7 @@ const ( // PreloadVersion is the current version of the preloaded tarball // // NOTE: You may need to bump this version up when upgrading auxiliary docker images - PreloadVersion = "v11" + PreloadVersion = "v12" // PreloadBucket is the name of the GCS bucket where preloaded volume tarballs exist PreloadBucket = "minikube-preloaded-volume-tarballs" ) From af957cb64d874a081715021646db79f68691f394 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Mon, 23 Aug 2021 09:48:12 -0700 Subject: [PATCH 177/205] Fix typo. --- site/content/en/docs/faq/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/content/en/docs/faq/_index.md b/site/content/en/docs/faq/_index.md index 2f38a1fd5e..13b318fd07 100644 --- a/site/content/en/docs/faq/_index.md +++ b/site/content/en/docs/faq/_index.md @@ -95,7 +95,7 @@ Simply run the following command to be enrolled into beta notifications: minikube config set WantBetaUpdateNotification true ``` -## Can I get rid of the emoji in minikube's outpuut? +## Can I get rid of the emoji in minikube's output? Yes! If you prefer not having emoji in your minikube output 😔 , just set the `MINIKUBE_IN_STYLE` environment variable to `0` or `false`: From b17f8efa1230274391a58b6a84f531d8e39f285e Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Mon, 23 Aug 2021 17:27:05 +0000 Subject: [PATCH 178/205] Update auto-generated docs and translations --- translations/de.json | 7 +++++++ translations/es.json | 7 +++++++ translations/fr.json | 9 ++++++++- translations/ja.json | 7 +++++++ translations/ko.json | 7 +++++++ translations/pl.json | 7 +++++++ translations/zh-CN.json | 7 +++++++ 7 files changed, 50 insertions(+), 1 deletion(-) diff --git a/translations/de.json b/translations/de.json index d9327c7d5d..c7407570c8 100644 --- a/translations/de.json +++ b/translations/de.json @@ -250,6 +250,8 @@ "Failed to load image": "", "Failed to persist images": "", "Failed to pull image": "", + "Failed to pull images": "", + "Failed to push images": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", @@ -261,6 +263,7 @@ "Failed to start container runtime": "", "Failed to start {{.driver}} {{.driver_type}}. Running \"{{.cmd}}\" may fix it: {{.error}}": "", "Failed to stop node {{.name}}": "", + "Failed to tag images": "", "Failed to update cluster": "", "Failed to update config": "", "Failed unmount: {{.error}}": "", @@ -434,6 +437,7 @@ "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", + "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", "Please re-eval your podman-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t": "", "Please see {{.documentation_url}} for more details": "", @@ -459,8 +463,10 @@ "Profile name '{{.profilename}}' is not valid": "", "Profile name should be unique": "", "Provide VM UUID to restore MAC address (hyperkit driver only)": "Geben Sie die VM-UUID an, um die MAC-Adresse wiederherzustellen (nur Hyperkit-Treiber)", + "Pull images": "", "Pull the remote image (no caching)": "", "Pulling base image ...": "", + "Push images": "", "Push the new image (requires tag)": "", "Reboot to complete VirtualBox installation, verify that VirtualBox is not blocked by your system, and/or use another hypervisor": "", "Rebuild libvirt with virt-network support": "", @@ -579,6 +585,7 @@ "Successfully stopped node {{.name}}": "", "Suggestion: {{.advice}}": "", "System only has {{.size}}MiB available, less than the required {{.req}}MiB for Kubernetes": "", + "Tag images": "", "Tag to apply to the new image (optional)": "", "Target directory {{.path}} must be an absolute path": "", "Target {{.path}} can not be empty": "", diff --git a/translations/es.json b/translations/es.json index 2b00fa95ad..d3a662c985 100644 --- a/translations/es.json +++ b/translations/es.json @@ -256,6 +256,8 @@ "Failed to load image": "", "Failed to persist images": "", "Failed to pull image": "", + "Failed to pull images": "", + "Failed to push images": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", @@ -267,6 +269,7 @@ "Failed to start container runtime": "", "Failed to start {{.driver}} {{.driver_type}}. Running \"{{.cmd}}\" may fix it: {{.error}}": "", "Failed to stop node {{.name}}": "", + "Failed to tag images": "", "Failed to update cluster": "", "Failed to update config": "", "Failed unmount: {{.error}}": "", @@ -440,6 +443,7 @@ "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", + "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", "Please re-eval your podman-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t": "", "Please see {{.documentation_url}} for more details": "", @@ -465,8 +469,10 @@ "Profile name '{{.profilename}}' is not valid": "", "Profile name should be unique": "", "Provide VM UUID to restore MAC address (hyperkit driver only)": "Permite especificar un UUID de VM para restaurar la dirección MAC (solo con el controlador de hyperkit)", + "Pull images": "", "Pull the remote image (no caching)": "", "Pulling base image ...": "", + "Push images": "", "Push the new image (requires tag)": "", "Reboot to complete VirtualBox installation, verify that VirtualBox is not blocked by your system, and/or use another hypervisor": "", "Rebuild libvirt with virt-network support": "", @@ -585,6 +591,7 @@ "Successfully stopped node {{.name}}": "", "Suggestion: {{.advice}}": "", "System only has {{.size}}MiB available, less than the required {{.req}}MiB for Kubernetes": "", + "Tag images": "", "Tag to apply to the new image (optional)": "", "Target directory {{.path}} must be an absolute path": "", "Target {{.path}} can not be empty": "", diff --git a/translations/fr.json b/translations/fr.json index 6a8fd1a266..7e7d5bc396 100644 --- a/translations/fr.json +++ b/translations/fr.json @@ -254,6 +254,8 @@ "Failed to load image": "Échec du chargement de l'image", "Failed to persist images": "Échec de la persistance des images", "Failed to pull image": "Échec de l'extraction de l'image", + "Failed to pull images": "", + "Failed to push images": "", "Failed to reload cached images": "Échec du rechargement des images mises en cache", "Failed to remove image": "Échec de la suppression de l'image", "Failed to save config {{.profile}}": "Échec de l'enregistrement de la configuration {{.profile}}", @@ -265,6 +267,7 @@ "Failed to start container runtime": "Échec du démarrage de l'exécution du conteneur", "Failed to start {{.driver}} {{.driver_type}}. Running \"{{.cmd}}\" may fix it: {{.error}}": "Échec du démarrage de {{.driver}} {{.driver_type}}. L'exécution de \"{{.cmd}}\" peut résoudre le problème : {{.error}}", "Failed to stop node {{.name}}": "Échec de l'arrêt du nœud {{.name}}", + "Failed to tag images": "", "Failed to update cluster": "Échec de la mise à jour du cluster", "Failed to update config": "Échec de la mise à jour de la configuration", "Failed to verify '{{.driver_name}} info' will try again ...": "Échec de la vérification des informations sur '{{.driver_name}}' va réessayer ...", @@ -440,6 +443,7 @@ "Please make sure the service you are looking for is deployed or is in the correct namespace.": "Veuillez vous assurer que le service que vous recherchez est déployé ou se trouve dans le bon espace de noms.", "Please provide a path or url to build": "Veuillez fournir un chemin ou une URL à construire", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "Veuillez fournir une image dans votre démon local à charger dans minikube via \u003cminikube image load IMAGE_NAME\u003e", + "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "Veuillez réévaluer votre docker-env, pour vous assurer que vos variables d'environnement ont des ports mis à jour :\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t", "Please re-eval your podman-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t": "Veuillez réévaluer votre podman-env, pour vous assurer que vos variables d'environnement ont des ports mis à jour :\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t", "Please see {{.documentation_url}} for more details": "Veuillez consulter {{.documentation_url}} pour plus de détails", @@ -465,9 +469,11 @@ "Profile name '{{.profilename}}' is not valid": "Le nom de profil '{{.profilename}}' n'est pas valide", "Profile name should be unique": "Le nom du profil doit être unique", "Provide VM UUID to restore MAC address (hyperkit driver only)": "Fournit l'identifiant unique universel (UUID) de la VM pour restaurer l'adresse MAC (pilote hyperkit uniquement).", + "Pull images": "", "Pull the remote image (no caching)": "Extraire l'image distante (pas de mise en cache)", "Pulling base image ...": "Extraction de l'image de base...", "Pulling images ...": "Extraction des images... ", + "Push images": "", "Push the new image (requires tag)": "Pousser la nouvelle image (nécessite une balise)", "Reboot to complete VirtualBox installation, verify that VirtualBox is not blocked by your system, and/or use another hypervisor": "Redémarrez pour terminer l'installation de VirtualBox, vérifiez que VirtualBox n'est pas bloqué par votre système et/ou utilisez un autre hyperviseur", "Rebuild libvirt with virt-network support": "Reconstruire libvirt avec le support de virt-network", @@ -587,6 +593,7 @@ "Successfully stopped node {{.name}}": "Nœud {{.name}} arrêté avec succès", "Suggestion: {{.advice}}": "Suggestion : {{.advice}}", "System only has {{.size}}MiB available, less than the required {{.req}}MiB for Kubernetes": "Le système n'a que {{.size}} Mio disponibles, moins que les {{.req}} Mio requis pour Kubernetes", + "Tag images": "", "Tag to apply to the new image (optional)": "Tag à appliquer à la nouvelle image (facultatif)", "Target directory {{.path}} must be an absolute path": "Le répertoire cible {{.path}} doit être un chemin absolu", "Target {{.path}} can not be empty": "La cible {{.path}} ne peut pas être vide", @@ -969,4 +976,4 @@ "{{.profile}} profile is not valid: {{.err}}": "Le profil {{.profile}} n'est pas valide : {{.err}}", "{{.type}} is not yet a supported filesystem. We will try anyways!": "{{.type}} n'est pas encore un système de fichiers pris en charge. Nous essaierons quand même !", "{{.url}} is not accessible: {{.error}}": "{{.url}} n'est pas accessible : {{.error}}" -} +} \ No newline at end of file diff --git a/translations/ja.json b/translations/ja.json index fb37609938..331116505a 100644 --- a/translations/ja.json +++ b/translations/ja.json @@ -244,6 +244,8 @@ "Failed to load image": "", "Failed to persist images": "", "Failed to pull image": "", + "Failed to pull images": "", + "Failed to push images": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", @@ -254,6 +256,7 @@ "Failed to start container runtime": "", "Failed to start {{.driver}} {{.driver_type}}. Running \"{{.cmd}}\" may fix it: {{.error}}": "", "Failed to stop node {{.name}}": "", + "Failed to tag images": "", "Failed to update cluster": "", "Failed to update config": "", "Failed unmount: {{.error}}": "", @@ -431,6 +434,7 @@ "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", + "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", "Please re-eval your podman-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t": "", "Please see {{.documentation_url}} for more details": "", @@ -456,8 +460,10 @@ "Profile name '{{.profilename}}' is not valid": "", "Profile name should be unique": "", "Provide VM UUID to restore MAC address (hyperkit driver only)": "MAC アドレスを復元するための VM UUID を指定します(hyperkit ドライバのみ)", + "Pull images": "", "Pull the remote image (no caching)": "", "Pulling base image ...": "イメージを Pull しています...", + "Push images": "", "Push the new image (requires tag)": "", "Reboot to complete VirtualBox installation, verify that VirtualBox is not blocked by your system, and/or use another hypervisor": "", "Rebuild libvirt with virt-network support": "", @@ -579,6 +585,7 @@ "Suggestion: {{.advice}}": "提案: {{.advice}}", "Suggestion: {{.fix}}": "提案: {{.fix}}", "System only has {{.size}}MiB available, less than the required {{.req}}MiB for Kubernetes": "", + "Tag images": "", "Tag to apply to the new image (optional)": "", "Target directory {{.path}} must be an absolute path": "", "Target {{.path}} can not be empty": "", diff --git a/translations/ko.json b/translations/ko.json index c88d31db6d..f3a35395f1 100644 --- a/translations/ko.json +++ b/translations/ko.json @@ -271,6 +271,8 @@ "Failed to load image": "", "Failed to persist images": "", "Failed to pull image": "", + "Failed to pull images": "", + "Failed to push images": "", "Failed to reload cached images": "캐시된 이미지를 다시 불러오는 데 실패하였습니다", "Failed to remove image": "", "Failed to save config": "컨피그 저장에 실패하였습니다", @@ -284,6 +286,7 @@ "Failed to start node {{.name}}": "노드 {{.name}} 시작에 실패하였습니다", "Failed to start {{.driver}} {{.driver_type}}. Running \"{{.cmd}}\" may fix it: {{.error}}": "", "Failed to stop node {{.name}}": "노드 {{.name}} 중지에 실패하였습니다", + "Failed to tag images": "", "Failed to update cluster": "클러스터를 수정하는 데 실패하였습니다", "Failed to update config": "컨피그를 수정하는 데 실패하였습니다", "Failed unmount: {{.error}}": "마운트 해제에 실패하였습니다: {{.error}}", @@ -455,6 +458,7 @@ "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", + "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", "Please re-eval your podman-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t": "", "Please see {{.documentation_url}} for more details": "", @@ -479,8 +483,10 @@ "Profile name '{{.profilename}}' is not valid": "", "Profile name should be unique": "", "Provide VM UUID to restore MAC address (hyperkit driver only)": "", + "Pull images": "", "Pull the remote image (no caching)": "", "Pulling base image ...": "베이스 이미지를 다운받는 중 ...", + "Push images": "", "Push the new image (requires tag)": "", "Reboot to complete VirtualBox installation, verify that VirtualBox is not blocked by your system, and/or use another hypervisor": "", "Rebuild libvirt with virt-network support": "", @@ -601,6 +607,7 @@ "Successfully stopped node {{.name}}": "{{.name}} 노드가 정상적으로 중지되었습니다", "Suggestion: {{.advice}}": "권장: {{.advice}}", "System only has {{.size}}MiB available, less than the required {{.req}}MiB for Kubernetes": "", + "Tag images": "", "Tag to apply to the new image (optional)": "", "Target directory {{.path}} must be an absolute path": "타겟 폴더 {{.path}} 는 절대 경로여야 합니다", "Target {{.path}} can not be empty": "", diff --git a/translations/pl.json b/translations/pl.json index 206d775652..1ac201e79c 100644 --- a/translations/pl.json +++ b/translations/pl.json @@ -258,6 +258,8 @@ "Failed to load image": "", "Failed to persist images": "", "Failed to pull image": "", + "Failed to pull images": "", + "Failed to push images": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to remove profile": "Usunięcie profilu nie powiodło się", @@ -271,6 +273,7 @@ "Failed to start container runtime": "", "Failed to start {{.driver}} {{.driver_type}}. Running \"{{.cmd}}\" may fix it: {{.error}}": "", "Failed to stop node {{.name}}": "", + "Failed to tag images": "", "Failed to update cluster": "Aktualizacja klastra nie powiodła się", "Failed to update config": "Aktualizacja konfiguracji nie powiodła się", "Failed unmount: {{.error}}": "", @@ -448,6 +451,7 @@ "Please make sure the service you are looking for is deployed or is in the correct namespace.": "Proszę upewnij się, że serwis którego szukasz znajduje się w prawidłowej przestrzeni nazw", "Please provide a path or url to build": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", + "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", "Please re-eval your podman-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t": "", "Please see {{.documentation_url}} for more details": "Zobacz {{.documentation_url}} żeby uzyskać więcej informacji", @@ -474,8 +478,10 @@ "Profile name '{{.profilename}}' is not valid": "", "Profile name should be unique": "", "Provide VM UUID to restore MAC address (hyperkit driver only)": "", + "Pull images": "", "Pull the remote image (no caching)": "", "Pulling base image ...": "", + "Push images": "", "Push the new image (requires tag)": "", "Reboot to complete VirtualBox installation, and verify that VirtualBox is not blocked by your system": "Uruchom ponownie komputer aby zakończyć instalację VirtualBox'a i upewnij się, że nie jest on blokowany przez twój system", "Reboot to complete VirtualBox installation, verify that VirtualBox is not blocked by your system, and/or use another hypervisor": "", @@ -600,6 +606,7 @@ "Successfully stopped node {{.name}}": "", "Suggestion: {{.advice}}": "Sugestia: {{.advice}}", "System only has {{.size}}MiB available, less than the required {{.req}}MiB for Kubernetes": "", + "Tag images": "", "Tag to apply to the new image (optional)": "", "Target directory {{.path}} must be an absolute path": "", "Target {{.path}} can not be empty": "", diff --git a/translations/zh-CN.json b/translations/zh-CN.json index 50858be631..1cd5e409e5 100644 --- a/translations/zh-CN.json +++ b/translations/zh-CN.json @@ -321,6 +321,8 @@ "Failed to load image": "", "Failed to persist images": "", "Failed to pull image": "", + "Failed to pull images": "", + "Failed to push images": "", "Failed to reload cached images": "重新加载缓存镜像失败", "Failed to remove image": "", "Failed to remove profile": "无法删除配置文件", @@ -335,6 +337,7 @@ "Failed to start container runtime": "", "Failed to start {{.driver}} {{.driver_type}}. Running \"{{.cmd}}\" may fix it: {{.error}}": "", "Failed to stop node {{.name}}": "", + "Failed to tag images": "", "Failed to update cluster": "更新 cluster 失败", "Failed to update config": "更新 config 失败", "Failed unmount: {{.error}}": "unmount 失败:{{.error}}", @@ -522,6 +525,7 @@ "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", + "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", "Please re-eval your podman-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t": "", "Please see {{.documentation_url}} for more details": "", @@ -549,9 +553,11 @@ "Profile name '{{.profilename}}' is not valid": "", "Profile name should be unique": "", "Provide VM UUID to restore MAC address (hyperkit driver only)": "提供虚拟机 UUID 以恢复 MAC 地址(仅限 hyperkit 驱动程序)", + "Pull images": "", "Pull the remote image (no caching)": "", "Pulling base image ...": "", "Pulling images ...": "拉取镜像 ...", + "Push images": "", "Push the new image (requires tag)": "", "Reboot to complete VirtualBox installation, verify that VirtualBox is not blocked by your system, and/or use another hypervisor": "重启以完成 VirtualBox 安装,检查 VirtualBox 未被您的操作系统禁用,或者使用其他的管理程序。", "Rebuild libvirt with virt-network support": "", @@ -684,6 +690,7 @@ "Suggestion: {{.advice}}": "建议:{{.advice}}", "Suggestion: {{.fix}}": "建议:{{.fix}}", "System only has {{.size}}MiB available, less than the required {{.req}}MiB for Kubernetes": "", + "Tag images": "", "Tag to apply to the new image (optional)": "", "Target directory {{.path}} must be an absolute path": "", "Target {{.path}} can not be empty": "", From fabda37a91f262355b3250373efd603ac5edf334 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Mon, 23 Aug 2021 10:46:19 -0700 Subject: [PATCH 179/205] Add support for tcsh in docker-env subcommand. --- pkg/minikube/shell/shell.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkg/minikube/shell/shell.go b/pkg/minikube/shell/shell.go index 2b5c550310..88a479ab5e 100644 --- a/pkg/minikube/shell/shell.go +++ b/pkg/minikube/shell/shell.go @@ -125,6 +125,17 @@ REM @FOR /f "tokens=*" %%i IN ('%s') DO @%%i `, s...) }, }, + "tcsh": { + prefix: "setenv ", + suffix: "\";\n", + delimiter: " \"", + unsetPrefix: "unsetenv ", + unsetSuffix: ";\n", + unsetDelimiter: "", + usageHint: func(s ...interface{}) string { + return fmt.Sprintf("\n: \"%s\"\n: eval `%s`\n", s...) + }, + }, "none": { prefix: "", suffix: "\n", From b123b77a7219be53f1a829eba54edc87d28ccaf1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Aug 2021 18:35:36 +0000 Subject: [PATCH 180/205] Bump k8s.io/kubectl from 0.22.0 to 0.22.1 Bumps [k8s.io/kubectl](https://github.com/kubernetes/kubectl) from 0.22.0 to 0.22.1. - [Release notes](https://github.com/kubernetes/kubectl/releases) - [Commits](https://github.com/kubernetes/kubectl/compare/v0.22.0...v0.22.1) --- updated-dependencies: - dependency-name: k8s.io/kubectl dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 022219846f..cdef8fc1e3 100644 --- a/go.mod +++ b/go.mod @@ -95,7 +95,7 @@ require ( k8s.io/apimachinery v0.22.0 k8s.io/client-go v0.22.0 k8s.io/klog/v2 v2.10.0 - k8s.io/kubectl v0.22.0 + k8s.io/kubectl v0.22.1 k8s.io/kubernetes v1.21.3 sigs.k8s.io/sig-storage-lib-external-provisioner/v6 v6.3.0 ) From 42818923b33686a2c050fbce3223b5e7e18d9ba3 Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Mon, 23 Aug 2021 20:03:56 +0000 Subject: [PATCH 181/205] Update auto-generated docs and translations --- translations/de.json | 7 +++++++ translations/es.json | 7 +++++++ translations/fr.json | 9 ++++++++- translations/ja.json | 7 +++++++ translations/ko.json | 7 +++++++ translations/pl.json | 7 +++++++ translations/zh-CN.json | 7 +++++++ 7 files changed, 50 insertions(+), 1 deletion(-) diff --git a/translations/de.json b/translations/de.json index d9327c7d5d..c7407570c8 100644 --- a/translations/de.json +++ b/translations/de.json @@ -250,6 +250,8 @@ "Failed to load image": "", "Failed to persist images": "", "Failed to pull image": "", + "Failed to pull images": "", + "Failed to push images": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", @@ -261,6 +263,7 @@ "Failed to start container runtime": "", "Failed to start {{.driver}} {{.driver_type}}. Running \"{{.cmd}}\" may fix it: {{.error}}": "", "Failed to stop node {{.name}}": "", + "Failed to tag images": "", "Failed to update cluster": "", "Failed to update config": "", "Failed unmount: {{.error}}": "", @@ -434,6 +437,7 @@ "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", + "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", "Please re-eval your podman-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t": "", "Please see {{.documentation_url}} for more details": "", @@ -459,8 +463,10 @@ "Profile name '{{.profilename}}' is not valid": "", "Profile name should be unique": "", "Provide VM UUID to restore MAC address (hyperkit driver only)": "Geben Sie die VM-UUID an, um die MAC-Adresse wiederherzustellen (nur Hyperkit-Treiber)", + "Pull images": "", "Pull the remote image (no caching)": "", "Pulling base image ...": "", + "Push images": "", "Push the new image (requires tag)": "", "Reboot to complete VirtualBox installation, verify that VirtualBox is not blocked by your system, and/or use another hypervisor": "", "Rebuild libvirt with virt-network support": "", @@ -579,6 +585,7 @@ "Successfully stopped node {{.name}}": "", "Suggestion: {{.advice}}": "", "System only has {{.size}}MiB available, less than the required {{.req}}MiB for Kubernetes": "", + "Tag images": "", "Tag to apply to the new image (optional)": "", "Target directory {{.path}} must be an absolute path": "", "Target {{.path}} can not be empty": "", diff --git a/translations/es.json b/translations/es.json index 2b00fa95ad..d3a662c985 100644 --- a/translations/es.json +++ b/translations/es.json @@ -256,6 +256,8 @@ "Failed to load image": "", "Failed to persist images": "", "Failed to pull image": "", + "Failed to pull images": "", + "Failed to push images": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", @@ -267,6 +269,7 @@ "Failed to start container runtime": "", "Failed to start {{.driver}} {{.driver_type}}. Running \"{{.cmd}}\" may fix it: {{.error}}": "", "Failed to stop node {{.name}}": "", + "Failed to tag images": "", "Failed to update cluster": "", "Failed to update config": "", "Failed unmount: {{.error}}": "", @@ -440,6 +443,7 @@ "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", + "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", "Please re-eval your podman-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t": "", "Please see {{.documentation_url}} for more details": "", @@ -465,8 +469,10 @@ "Profile name '{{.profilename}}' is not valid": "", "Profile name should be unique": "", "Provide VM UUID to restore MAC address (hyperkit driver only)": "Permite especificar un UUID de VM para restaurar la dirección MAC (solo con el controlador de hyperkit)", + "Pull images": "", "Pull the remote image (no caching)": "", "Pulling base image ...": "", + "Push images": "", "Push the new image (requires tag)": "", "Reboot to complete VirtualBox installation, verify that VirtualBox is not blocked by your system, and/or use another hypervisor": "", "Rebuild libvirt with virt-network support": "", @@ -585,6 +591,7 @@ "Successfully stopped node {{.name}}": "", "Suggestion: {{.advice}}": "", "System only has {{.size}}MiB available, less than the required {{.req}}MiB for Kubernetes": "", + "Tag images": "", "Tag to apply to the new image (optional)": "", "Target directory {{.path}} must be an absolute path": "", "Target {{.path}} can not be empty": "", diff --git a/translations/fr.json b/translations/fr.json index 6a8fd1a266..7e7d5bc396 100644 --- a/translations/fr.json +++ b/translations/fr.json @@ -254,6 +254,8 @@ "Failed to load image": "Échec du chargement de l'image", "Failed to persist images": "Échec de la persistance des images", "Failed to pull image": "Échec de l'extraction de l'image", + "Failed to pull images": "", + "Failed to push images": "", "Failed to reload cached images": "Échec du rechargement des images mises en cache", "Failed to remove image": "Échec de la suppression de l'image", "Failed to save config {{.profile}}": "Échec de l'enregistrement de la configuration {{.profile}}", @@ -265,6 +267,7 @@ "Failed to start container runtime": "Échec du démarrage de l'exécution du conteneur", "Failed to start {{.driver}} {{.driver_type}}. Running \"{{.cmd}}\" may fix it: {{.error}}": "Échec du démarrage de {{.driver}} {{.driver_type}}. L'exécution de \"{{.cmd}}\" peut résoudre le problème : {{.error}}", "Failed to stop node {{.name}}": "Échec de l'arrêt du nœud {{.name}}", + "Failed to tag images": "", "Failed to update cluster": "Échec de la mise à jour du cluster", "Failed to update config": "Échec de la mise à jour de la configuration", "Failed to verify '{{.driver_name}} info' will try again ...": "Échec de la vérification des informations sur '{{.driver_name}}' va réessayer ...", @@ -440,6 +443,7 @@ "Please make sure the service you are looking for is deployed or is in the correct namespace.": "Veuillez vous assurer que le service que vous recherchez est déployé ou se trouve dans le bon espace de noms.", "Please provide a path or url to build": "Veuillez fournir un chemin ou une URL à construire", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "Veuillez fournir une image dans votre démon local à charger dans minikube via \u003cminikube image load IMAGE_NAME\u003e", + "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "Veuillez réévaluer votre docker-env, pour vous assurer que vos variables d'environnement ont des ports mis à jour :\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t", "Please re-eval your podman-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t": "Veuillez réévaluer votre podman-env, pour vous assurer que vos variables d'environnement ont des ports mis à jour :\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t", "Please see {{.documentation_url}} for more details": "Veuillez consulter {{.documentation_url}} pour plus de détails", @@ -465,9 +469,11 @@ "Profile name '{{.profilename}}' is not valid": "Le nom de profil '{{.profilename}}' n'est pas valide", "Profile name should be unique": "Le nom du profil doit être unique", "Provide VM UUID to restore MAC address (hyperkit driver only)": "Fournit l'identifiant unique universel (UUID) de la VM pour restaurer l'adresse MAC (pilote hyperkit uniquement).", + "Pull images": "", "Pull the remote image (no caching)": "Extraire l'image distante (pas de mise en cache)", "Pulling base image ...": "Extraction de l'image de base...", "Pulling images ...": "Extraction des images... ", + "Push images": "", "Push the new image (requires tag)": "Pousser la nouvelle image (nécessite une balise)", "Reboot to complete VirtualBox installation, verify that VirtualBox is not blocked by your system, and/or use another hypervisor": "Redémarrez pour terminer l'installation de VirtualBox, vérifiez que VirtualBox n'est pas bloqué par votre système et/ou utilisez un autre hyperviseur", "Rebuild libvirt with virt-network support": "Reconstruire libvirt avec le support de virt-network", @@ -587,6 +593,7 @@ "Successfully stopped node {{.name}}": "Nœud {{.name}} arrêté avec succès", "Suggestion: {{.advice}}": "Suggestion : {{.advice}}", "System only has {{.size}}MiB available, less than the required {{.req}}MiB for Kubernetes": "Le système n'a que {{.size}} Mio disponibles, moins que les {{.req}} Mio requis pour Kubernetes", + "Tag images": "", "Tag to apply to the new image (optional)": "Tag à appliquer à la nouvelle image (facultatif)", "Target directory {{.path}} must be an absolute path": "Le répertoire cible {{.path}} doit être un chemin absolu", "Target {{.path}} can not be empty": "La cible {{.path}} ne peut pas être vide", @@ -969,4 +976,4 @@ "{{.profile}} profile is not valid: {{.err}}": "Le profil {{.profile}} n'est pas valide : {{.err}}", "{{.type}} is not yet a supported filesystem. We will try anyways!": "{{.type}} n'est pas encore un système de fichiers pris en charge. Nous essaierons quand même !", "{{.url}} is not accessible: {{.error}}": "{{.url}} n'est pas accessible : {{.error}}" -} +} \ No newline at end of file diff --git a/translations/ja.json b/translations/ja.json index fb37609938..331116505a 100644 --- a/translations/ja.json +++ b/translations/ja.json @@ -244,6 +244,8 @@ "Failed to load image": "", "Failed to persist images": "", "Failed to pull image": "", + "Failed to pull images": "", + "Failed to push images": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", @@ -254,6 +256,7 @@ "Failed to start container runtime": "", "Failed to start {{.driver}} {{.driver_type}}. Running \"{{.cmd}}\" may fix it: {{.error}}": "", "Failed to stop node {{.name}}": "", + "Failed to tag images": "", "Failed to update cluster": "", "Failed to update config": "", "Failed unmount: {{.error}}": "", @@ -431,6 +434,7 @@ "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", + "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", "Please re-eval your podman-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t": "", "Please see {{.documentation_url}} for more details": "", @@ -456,8 +460,10 @@ "Profile name '{{.profilename}}' is not valid": "", "Profile name should be unique": "", "Provide VM UUID to restore MAC address (hyperkit driver only)": "MAC アドレスを復元するための VM UUID を指定します(hyperkit ドライバのみ)", + "Pull images": "", "Pull the remote image (no caching)": "", "Pulling base image ...": "イメージを Pull しています...", + "Push images": "", "Push the new image (requires tag)": "", "Reboot to complete VirtualBox installation, verify that VirtualBox is not blocked by your system, and/or use another hypervisor": "", "Rebuild libvirt with virt-network support": "", @@ -579,6 +585,7 @@ "Suggestion: {{.advice}}": "提案: {{.advice}}", "Suggestion: {{.fix}}": "提案: {{.fix}}", "System only has {{.size}}MiB available, less than the required {{.req}}MiB for Kubernetes": "", + "Tag images": "", "Tag to apply to the new image (optional)": "", "Target directory {{.path}} must be an absolute path": "", "Target {{.path}} can not be empty": "", diff --git a/translations/ko.json b/translations/ko.json index c88d31db6d..f3a35395f1 100644 --- a/translations/ko.json +++ b/translations/ko.json @@ -271,6 +271,8 @@ "Failed to load image": "", "Failed to persist images": "", "Failed to pull image": "", + "Failed to pull images": "", + "Failed to push images": "", "Failed to reload cached images": "캐시된 이미지를 다시 불러오는 데 실패하였습니다", "Failed to remove image": "", "Failed to save config": "컨피그 저장에 실패하였습니다", @@ -284,6 +286,7 @@ "Failed to start node {{.name}}": "노드 {{.name}} 시작에 실패하였습니다", "Failed to start {{.driver}} {{.driver_type}}. Running \"{{.cmd}}\" may fix it: {{.error}}": "", "Failed to stop node {{.name}}": "노드 {{.name}} 중지에 실패하였습니다", + "Failed to tag images": "", "Failed to update cluster": "클러스터를 수정하는 데 실패하였습니다", "Failed to update config": "컨피그를 수정하는 데 실패하였습니다", "Failed unmount: {{.error}}": "마운트 해제에 실패하였습니다: {{.error}}", @@ -455,6 +458,7 @@ "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", + "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", "Please re-eval your podman-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t": "", "Please see {{.documentation_url}} for more details": "", @@ -479,8 +483,10 @@ "Profile name '{{.profilename}}' is not valid": "", "Profile name should be unique": "", "Provide VM UUID to restore MAC address (hyperkit driver only)": "", + "Pull images": "", "Pull the remote image (no caching)": "", "Pulling base image ...": "베이스 이미지를 다운받는 중 ...", + "Push images": "", "Push the new image (requires tag)": "", "Reboot to complete VirtualBox installation, verify that VirtualBox is not blocked by your system, and/or use another hypervisor": "", "Rebuild libvirt with virt-network support": "", @@ -601,6 +607,7 @@ "Successfully stopped node {{.name}}": "{{.name}} 노드가 정상적으로 중지되었습니다", "Suggestion: {{.advice}}": "권장: {{.advice}}", "System only has {{.size}}MiB available, less than the required {{.req}}MiB for Kubernetes": "", + "Tag images": "", "Tag to apply to the new image (optional)": "", "Target directory {{.path}} must be an absolute path": "타겟 폴더 {{.path}} 는 절대 경로여야 합니다", "Target {{.path}} can not be empty": "", diff --git a/translations/pl.json b/translations/pl.json index 206d775652..1ac201e79c 100644 --- a/translations/pl.json +++ b/translations/pl.json @@ -258,6 +258,8 @@ "Failed to load image": "", "Failed to persist images": "", "Failed to pull image": "", + "Failed to pull images": "", + "Failed to push images": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to remove profile": "Usunięcie profilu nie powiodło się", @@ -271,6 +273,7 @@ "Failed to start container runtime": "", "Failed to start {{.driver}} {{.driver_type}}. Running \"{{.cmd}}\" may fix it: {{.error}}": "", "Failed to stop node {{.name}}": "", + "Failed to tag images": "", "Failed to update cluster": "Aktualizacja klastra nie powiodła się", "Failed to update config": "Aktualizacja konfiguracji nie powiodła się", "Failed unmount: {{.error}}": "", @@ -448,6 +451,7 @@ "Please make sure the service you are looking for is deployed or is in the correct namespace.": "Proszę upewnij się, że serwis którego szukasz znajduje się w prawidłowej przestrzeni nazw", "Please provide a path or url to build": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", + "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", "Please re-eval your podman-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t": "", "Please see {{.documentation_url}} for more details": "Zobacz {{.documentation_url}} żeby uzyskać więcej informacji", @@ -474,8 +478,10 @@ "Profile name '{{.profilename}}' is not valid": "", "Profile name should be unique": "", "Provide VM UUID to restore MAC address (hyperkit driver only)": "", + "Pull images": "", "Pull the remote image (no caching)": "", "Pulling base image ...": "", + "Push images": "", "Push the new image (requires tag)": "", "Reboot to complete VirtualBox installation, and verify that VirtualBox is not blocked by your system": "Uruchom ponownie komputer aby zakończyć instalację VirtualBox'a i upewnij się, że nie jest on blokowany przez twój system", "Reboot to complete VirtualBox installation, verify that VirtualBox is not blocked by your system, and/or use another hypervisor": "", @@ -600,6 +606,7 @@ "Successfully stopped node {{.name}}": "", "Suggestion: {{.advice}}": "Sugestia: {{.advice}}", "System only has {{.size}}MiB available, less than the required {{.req}}MiB for Kubernetes": "", + "Tag images": "", "Tag to apply to the new image (optional)": "", "Target directory {{.path}} must be an absolute path": "", "Target {{.path}} can not be empty": "", diff --git a/translations/zh-CN.json b/translations/zh-CN.json index 50858be631..1cd5e409e5 100644 --- a/translations/zh-CN.json +++ b/translations/zh-CN.json @@ -321,6 +321,8 @@ "Failed to load image": "", "Failed to persist images": "", "Failed to pull image": "", + "Failed to pull images": "", + "Failed to push images": "", "Failed to reload cached images": "重新加载缓存镜像失败", "Failed to remove image": "", "Failed to remove profile": "无法删除配置文件", @@ -335,6 +337,7 @@ "Failed to start container runtime": "", "Failed to start {{.driver}} {{.driver_type}}. Running \"{{.cmd}}\" may fix it: {{.error}}": "", "Failed to stop node {{.name}}": "", + "Failed to tag images": "", "Failed to update cluster": "更新 cluster 失败", "Failed to update config": "更新 config 失败", "Failed unmount: {{.error}}": "unmount 失败:{{.error}}", @@ -522,6 +525,7 @@ "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", + "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", "Please re-eval your podman-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} podman-env'\n\n\t": "", "Please see {{.documentation_url}} for more details": "", @@ -549,9 +553,11 @@ "Profile name '{{.profilename}}' is not valid": "", "Profile name should be unique": "", "Provide VM UUID to restore MAC address (hyperkit driver only)": "提供虚拟机 UUID 以恢复 MAC 地址(仅限 hyperkit 驱动程序)", + "Pull images": "", "Pull the remote image (no caching)": "", "Pulling base image ...": "", "Pulling images ...": "拉取镜像 ...", + "Push images": "", "Push the new image (requires tag)": "", "Reboot to complete VirtualBox installation, verify that VirtualBox is not blocked by your system, and/or use another hypervisor": "重启以完成 VirtualBox 安装,检查 VirtualBox 未被您的操作系统禁用,或者使用其他的管理程序。", "Rebuild libvirt with virt-network support": "", @@ -684,6 +690,7 @@ "Suggestion: {{.advice}}": "建议:{{.advice}}", "Suggestion: {{.fix}}": "建议:{{.fix}}", "System only has {{.size}}MiB available, less than the required {{.req}}MiB for Kubernetes": "", + "Tag images": "", "Tag to apply to the new image (optional)": "", "Target directory {{.path}} must be an absolute path": "", "Target {{.path}} can not be empty": "", From d261d4a855302b5439704267db3be04467058304 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Mon, 23 Aug 2021 13:41:53 -0700 Subject: [PATCH 182/205] fix changed files output for github actions --- .github/workflows/docs.yml | 6 +++++- .github/workflows/leaderboard.yml | 6 +++++- .github/workflows/update-k8s-versions.yml | 7 ++++++- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index dc6e2dc393..10415104ef 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -20,7 +20,10 @@ jobs: id: gendocs run: | make generate-docs - echo "::set-output name=changes::$(git status --porcelain)" + c=$(git status --porcelain) + c="${c//$'\n'/'%0A'}" + c="${c//$'\r'/'%0D'}" + echo "::set-output name=changes::$c" - name: Create PR if: ${{ steps.gendocs.outputs.changes != '' }} uses: peter-evans/create-pull-request@v3 @@ -37,6 +40,7 @@ jobs: body: | Committing changes resulting from `make generate-docs`. This PR is auto-generated by the [gendocs](https://github.com/kubernetes/minikube/blob/master/.github/workflows/docs.yml) CI workflow. + ``` ${{ steps.gendocs.outputs.changes }} ``` diff --git a/.github/workflows/leaderboard.yml b/.github/workflows/leaderboard.yml index 38c118625f..0c78b6e87e 100644 --- a/.github/workflows/leaderboard.yml +++ b/.github/workflows/leaderboard.yml @@ -21,7 +21,10 @@ jobs: id: leaderboard run: | make update-leaderboard - echo "::set-output name=changes::$(git status --porcelain)" + c=$(git status --porcelain) + c="${c//$'\n'/'%0A'}" + c="${c//$'\r'/'%0D'}" + echo "::set-output name=changes::$c" env: GITHUB_TOKEN: ${{ secrets.MINIKUBE_BOT_PAT }} - name: Create PR @@ -40,6 +43,7 @@ jobs: body: | Committing changes resulting from `make update-leaderboard`. This PR is auto-generated by the [update-leaderboard](https://github.com/kubernetes/minikube/blob/master/.github/workflows/leaderboard.yml) CI workflow. + ``` ${{ steps.leaderboard.outputs.changes }} ``` diff --git a/.github/workflows/update-k8s-versions.yml b/.github/workflows/update-k8s-versions.yml index 97b4a6043e..d94302a62a 100644 --- a/.github/workflows/update-k8s-versions.yml +++ b/.github/workflows/update-k8s-versions.yml @@ -20,7 +20,10 @@ jobs: id: bumpk8s run: | make update-kubernetes-version - echo "::set-output name=changes::$(git status --porcelain)" + c=$(git status --porcelain) + c="${c//$'\n'/'%0A'}" + c="${c//$'\r'/'%0D'}" + echo "::set-output name=changes::$c" - name: Create PR if: ${{ steps.bumpk8s.outputs.changes != '' }} uses: peter-evans/create-pull-request@v3 @@ -39,5 +42,7 @@ jobs: This PR was auto-generated by `make update-kubernetes-version` using [update-k8s-versions.yml](https://github.com/kubernetes/minikube/tree/master/.github/workflows) CI Workflow. Please only merge if all the tests pass. + ``` ${{ steps.bumpk8s.outputs.changes }} + ``` From 8470a955db0fa9a1e21fc584ff915fd7dd037fb1 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Mon, 23 Aug 2021 14:06:23 -0700 Subject: [PATCH 183/205] error handling\! --- cmd/minikube/cmd/start_flags.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/cmd/minikube/cmd/start_flags.go b/cmd/minikube/cmd/start_flags.go index e95316895a..f87fd108e6 100644 --- a/cmd/minikube/cmd/start_flags.go +++ b/cmd/minikube/cmd/start_flags.go @@ -482,8 +482,14 @@ func generateNewConfigFromFlags(cmd *cobra.Command, k8sVersion string, drvName s } if detect.IsCloudShell() { - cc.KubernetesConfig.ExtraOptions.Set("kubelet.cgroups-per-qos=false") - cc.KubernetesConfig.ExtraOptions.Set("kubelet.enforce-node-allocatable=\"\"") + err := cc.KubernetesConfig.ExtraOptions.Set("kubelet.cgroups-per-qos=false") + if err != nil { + exit.Error(reason.InternalConfigSet, "failed to set cloud shell kubelet config options", err) + } + err = cc.KubernetesConfig.ExtraOptions.Set("kubelet.enforce-node-allocatable=\"\"") + if err != nil { + exit.Error(reason.InternalConfigSet, "failed to set cloud shell kubelet config options", err) + } } return cc From 77461f730e822878c93bf3bed60b301cc5007043 Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Mon, 23 Aug 2021 22:33:04 +0000 Subject: [PATCH 184/205] Update auto-generated docs and translations --- translations/de.json | 1 + translations/es.json | 1 + translations/fr.json | 1 + translations/ja.json | 1 + translations/ko.json | 1 + translations/pl.json | 1 + translations/strings.txt | 1 + translations/zh-CN.json | 1 + 8 files changed, 8 insertions(+) diff --git a/translations/de.json b/translations/de.json index c7407570c8..960f99c0a6 100644 --- a/translations/de.json +++ b/translations/de.json @@ -862,6 +862,7 @@ "failed to add node": "", "failed to open browser: {{.error}}": "", "failed to save config": "", + "failed to set cloud shell kubelet config options": "", "failed to start node": "", "fish completion failed": "", "fish completion.": "", diff --git a/translations/es.json b/translations/es.json index d3a662c985..e7934d2f44 100644 --- a/translations/es.json +++ b/translations/es.json @@ -868,6 +868,7 @@ "failed to add node": "", "failed to open browser: {{.error}}": "", "failed to save config": "", + "failed to set cloud shell kubelet config options": "", "failed to start node": "", "fish completion failed": "", "fish completion.": "", diff --git a/translations/fr.json b/translations/fr.json index 7e7d5bc396..1f463da5f3 100644 --- a/translations/fr.json +++ b/translations/fr.json @@ -876,6 +876,7 @@ "failed to add node": "échec de l'ajout du nœud", "failed to open browser: {{.error}}": "échec de l'ouverture du navigateur : {{.error}}", "failed to save config": "échec de l'enregistrement de la configuration", + "failed to set cloud shell kubelet config options": "", "failed to start node": "échec du démarrage du nœud", "fish completion failed": "la complétion fish a échoué", "fish completion.": "complétion fish.", diff --git a/translations/ja.json b/translations/ja.json index 331116505a..da85a27a4f 100644 --- a/translations/ja.json +++ b/translations/ja.json @@ -870,6 +870,7 @@ "failed to add node": "", "failed to open browser: {{.error}}": "ブラウザを起動するのに失敗しました。 {{.error}}", "failed to save config": "", + "failed to set cloud shell kubelet config options": "", "failed to start node": "", "fish completion failed": "", "fish completion.": "", diff --git a/translations/ko.json b/translations/ko.json index f3a35395f1..88c4762012 100644 --- a/translations/ko.json +++ b/translations/ko.json @@ -872,6 +872,7 @@ "failed to add node": "", "failed to open browser: {{.error}}": "", "failed to save config": "", + "failed to set cloud shell kubelet config options": "", "failed to start node": "", "fish completion failed": "", "fish completion.": "", diff --git a/translations/pl.json b/translations/pl.json index 1ac201e79c..c17ea50253 100644 --- a/translations/pl.json +++ b/translations/pl.json @@ -878,6 +878,7 @@ "failed to add node": "", "failed to open browser: {{.error}}": "Nie udało się otworzyć przeglądarki: {{.error}}", "failed to save config": "", + "failed to set cloud shell kubelet config options": "", "failed to start node": "", "fish completion failed": "", "fish completion.": "", diff --git a/translations/strings.txt b/translations/strings.txt index c22e44bce8..8d29cea872 100644 --- a/translations/strings.txt +++ b/translations/strings.txt @@ -807,6 +807,7 @@ "failed to add node": "", "failed to open browser: {{.error}}": "", "failed to save config": "", + "failed to set cloud shell kubelet config options": "", "failed to start node": "", "fish completion failed": "", "fish completion.": "", diff --git a/translations/zh-CN.json b/translations/zh-CN.json index 1cd5e409e5..1690f42703 100644 --- a/translations/zh-CN.json +++ b/translations/zh-CN.json @@ -984,6 +984,7 @@ "failed to add node": "", "failed to open browser: {{.error}}": "", "failed to save config": "", + "failed to set cloud shell kubelet config options": "", "failed to start node": "", "fish completion failed": "", "fish completion.": "", From 41554ddbde4bfb25c7c07f34ebc7518ce2f42bd0 Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Mon, 23 Aug 2021 15:54:58 -0700 Subject: [PATCH 185/205] add ci docs --- README.md | 1 + site/content/en/docs/_index.md | 2 ++ .../docs/tutorials/continuous_integration.md | 28 +++++++++++++++++-- 3 files changed, 28 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a42a6b16a9..e254d5edbd 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@ minikube runs the latest stable release of Kubernetes, with support for standard * [Dashboard](https://minikube.sigs.k8s.io/docs/handbook/dashboard/) - `minikube dashboard` * [Container runtimes](https://minikube.sigs.k8s.io/docs/handbook/config/#runtime-configuration) - `minikube start --container-runtime` * [Configure apiserver and kubelet options](https://minikube.sigs.k8s.io/docs/handbook/config/#modifying-kubernetes-defaults) via command-line flags +* Supports common [CI environments](https://github.com/minikube-ci/examples) As well as developer-friendly features: diff --git a/site/content/en/docs/_index.md b/site/content/en/docs/_index.md index 5fdd320072..7930785c06 100644 --- a/site/content/en/docs/_index.md +++ b/site/content/en/docs/_index.md @@ -22,6 +22,8 @@ minikube quickly sets up a local Kubernetes cluster on macOS, Linux, and Windows * Docker API endpoint for blazing fast [image pushes]({{< ref "/docs/handbook/pushing.md#pushing-directly-to-the-in-cluster-docker-daemon" >}}) * Advanced features such as [LoadBalancer]({{< ref "/docs/handbook/accessing.md#loadbalancer-access" >}}), filesystem mounts, and FeatureGates * [Addons]({{< ref "/docs/handbook/deploying.md#addons" >}}) for easily installed Kubernetes applications +* Supports common [CI environments](https://github.com/minikube-ci/examples) + ## Survey diff --git a/site/content/en/docs/tutorials/continuous_integration.md b/site/content/en/docs/tutorials/continuous_integration.md index c4ced226c3..788d21c4d7 100644 --- a/site/content/en/docs/tutorials/continuous_integration.md +++ b/site/content/en/docs/tutorials/continuous_integration.md @@ -2,14 +2,36 @@ title: "Continuous Integration" weight: 1 description: > - Using minikube for Continuous Integration + How to run minikube in CI (Continuous Integration) --- ## Overview -Most continuous integration environments are already running inside a VM, and may not support nested virtualization. -The `docker` driver was designed for this use case, as well as the older `none` driver. +Most continuous integration environments are already running inside a VM, and may not support nested virtualization. +You could use either `none` or `docker` driver in CI. + +To see a working example of running minikube in CI checkout [minikube-ci/examples](https://github.com/minikube-ci/examples) that contains working examples. + + +## Supported / Tested CI Platforms + + +For any platform not yet listed or listed as "Unsure :question:" we are looking for your help! +Please file Pull Requests and / or Issues for missing CI platforms :smile: + +| Platform | Known to Work? | Status | +|---|---|--| +| [Prow](https://github.com/kubernetes/test-infra/tree/master/prow) | [Yes](https://github.com/kubernetes/test-infra/tree/master/config/jobs/kubernetes/minikube) :heavy_check_mark: | [![Prow](https://prow.k8s.io/badge.svg?jobs=pull-minikube-build)](https://prow.k8s.io/?job=pull-minikube-build) | +| [Google Cloud Build](https://cloud.google.com/cloud-build/) | [Yes](./gcb.md) :heavy_check_mark: | [![cloud build status](https://storage.googleapis.com/minikube-ci-example/build/working.svg)](https://pantheon.corp.google.com/cloud-build/dashboard?project=k8s-minikube) | +| [Github](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/about-continuous-integration) | [Yes](.github/workflows/minikube.yml) :heavy_check_mark: | [![Github](https://github.com/minikube-ci/examples/workflows/Minikube/badge.svg)](https://github.com/minikube-ci/examples/actions) | +| [Azure Pipelines](https://azure.microsoft.com/en-us/services/devops/pipelines/) | [Yes](azure-pipelines.yml) :heavy_check_mark: | [![Azure Pipelines](https://dev.azure.com/medyagh0825/minikube-ci/_apis/build/status/examples?api-version=5.1-preview.1)](https://dev.azure.com/medyagh0825/minikube-ci/_build) +| [Travis CI](https://travis-ci.com/) | [Yes](.travis.yml) :heavy_check_mark: | [![Travis CI](https://travis-ci.com/minikube-ci/examples.svg?branch=master)](https://travis-ci.com/minikube-ci/examples/) | +| [CircleCI](https://circleci.com/) | [Yes](.circleci) :heavy_check_mark: | [![CircleCI](https://circleci.com/gh/minikube-ci/examples.svg?style=svg)](https://circleci.com/gh/minikube-ci/examples) | +| [Gitlab](https://about.gitlab.com/product/continuous-integration/) | [Yes](.gitlab-ci.yml) :heavy_check_mark: | ![Gitlab](https://gitlab.com/minikube-ci/examples/badges/master/pipeline.svg) | + + + ## Example From 673d63b3cb21c47ba31012332df125e481b25e1e Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Mon, 23 Aug 2021 16:04:06 -0700 Subject: [PATCH 186/205] Rewrite docker-env test and add support for multiple docker-env tests for environments. --- test/integration/functional_test.go | 106 +++++++++++++++++----------- 1 file changed, 65 insertions(+), 41 deletions(-) diff --git a/test/integration/functional_test.go b/test/integration/functional_test.go index 10bee2cbbf..4a41926688 100644 --- a/test/integration/functional_test.go +++ b/test/integration/functional_test.go @@ -467,53 +467,77 @@ func validateDockerEnv(ctx context.Context, t *testing.T, profile string) { t.Skipf("only validate docker env with docker container runtime, currently testing %s", cr) } defer PostMortemLogs(t, profile) - mctx, cancel := context.WithTimeout(ctx, Seconds(120)) - defer cancel() - var rr *RunResult - var err error + + type ShellTest struct { + name string + commandPrefix []string + formatArg string + } + + windowsTests := []ShellTest{ + {"powershell", []string{"powershell.exe", "-NoProfile", "-NonInteractive"}, "%[1]s -p %[2]s docker-env | Invoke-Expression ; "}, + } + posixTests := []ShellTest{ + {"bash", []string{"/bin/bash", "-c"}, "eval $(%[1]s -p %[2]s docker-env) && "}, + {"tcsh", []string{"/bin/tcsh", "-c"}, "setenv SHELL /bin/tcsh && eval `%[1]s -p %[2]s docker-env` && "}, + } + + tests := posixTests if runtime.GOOS == "windows" { - c := exec.CommandContext(mctx, "powershell.exe", "-NoProfile", "-NonInteractive", Target()+" -p "+profile+" docker-env | Invoke-Expression ;"+Target()+" status -p "+profile) - rr, err = Run(t, c) - } else { - c := exec.CommandContext(mctx, "/bin/bash", "-c", "eval $("+Target()+" -p "+profile+" docker-env) && "+Target()+" status -p "+profile) - // we should be able to get minikube status with a bash which evaled docker-env - rr, err = Run(t, c) - } - if mctx.Err() == context.DeadlineExceeded { - t.Errorf("failed to run the command by deadline. exceeded timeout. %s", rr.Command()) - } - if err != nil { - t.Fatalf("failed to do status after eval-ing docker-env. error: %v", err) - } - if !strings.Contains(rr.Output(), "Running") { - t.Fatalf("expected status output to include 'Running' after eval docker-env but got: *%s*", rr.Output()) - } - if !strings.Contains(rr.Output(), "in-use") { - t.Fatalf("expected status output to include `in-use` after eval docker-env but got *%s*", rr.Output()) + tests = windowsTests } + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + mctx, cancel := context.WithTimeout(ctx, Seconds(120)) + defer cancel() - mctx, cancel = context.WithTimeout(ctx, Seconds(60)) - defer cancel() - // do a eval $(minikube -p profile docker-env) and check if we are point to docker inside minikube - if runtime.GOOS == "windows" { // testing docker-env eval in powershell - c := exec.CommandContext(mctx, "powershell.exe", "-NoProfile", "-NonInteractive", Target()+" -p "+profile+" docker-env | Invoke-Expression ; docker images") - rr, err = Run(t, c) - } else { - c := exec.CommandContext(mctx, "/bin/bash", "-c", "eval $("+Target()+" -p "+profile+" docker-env) && docker images") - rr, err = Run(t, c) - } + command := make([]string, len(tc.commandPrefix)+1) + // Would use "copy" built-in here, but that is shadowed by "copy" package + for i, v := range tc.commandPrefix { + command[i] = v + } - if mctx.Err() == context.DeadlineExceeded { - t.Errorf("failed to run the command in 30 seconds. exceeded 30s timeout. %s", rr.Command()) - } + formattedArg := fmt.Sprintf(tc.formatArg, Target(), profile) - if err != nil { - t.Fatalf("failed to run minikube docker-env. args %q : %v ", rr.Command(), err) - } + // we should be able to get minikube status with a shell which evaled docker-env + command[len(command)-1] = formattedArg + Target() + " status -p " + profile + c := exec.CommandContext(mctx, command[0], command[1:]...) + rr, err := Run(t, c) - expectedImgInside := "gcr.io/k8s-minikube/storage-provisioner" - if !strings.Contains(rr.Output(), expectedImgInside) { - t.Fatalf("expected 'docker images' to have %q inside minikube. but the output is: *%s*", expectedImgInside, rr.Output()) + if mctx.Err() == context.DeadlineExceeded { + t.Errorf("failed to run the command by deadline. exceeded timeout. %s", rr.Command()) + } + if err != nil { + t.Fatalf("failed to do status after eval-ing docker-env. error: %v", err) + } + if !strings.Contains(rr.Output(), "Running") { + t.Fatalf("expected status output to include 'Running' after eval docker-env but got: *%s*", rr.Output()) + } + if !strings.Contains(rr.Output(), "in-use") { + t.Fatalf("expected status output to include `in-use` after eval docker-env but got *%s*", rr.Output()) + } + + mctx, cancel = context.WithTimeout(ctx, Seconds(60)) + defer cancel() + + // do a eval $(minikube -p profile docker-env) and check if we are point to docker inside minikube + command[len(command)-1] = formattedArg + "docker images" + c = exec.CommandContext(mctx, command[0], command[1:]...) + rr, err = Run(t, c) + + if mctx.Err() == context.DeadlineExceeded { + t.Errorf("failed to run the command in 30 seconds. exceeded 30s timeout. %s", rr.Command()) + } + + if err != nil { + t.Fatalf("failed to run minikube docker-env. args %q : %v ", rr.Command(), err) + } + + expectedImgInside := "gcr.io/k8s-minikube/storage-provisioner" + if !strings.Contains(rr.Output(), expectedImgInside) { + t.Fatalf("expected 'docker images' to have %q inside minikube. but the output is: *%s*", expectedImgInside, rr.Output()) + } + }) } } From d6c244e543b78c0e18c53fe75f4c6922707e27cd Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Mon, 23 Aug 2021 18:28:53 -0700 Subject: [PATCH 187/205] bump gcp-auth-webhook to v0.0.7 --- pkg/minikube/assets/addons.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/minikube/assets/addons.go b/pkg/minikube/assets/addons.go index 563be7271b..4dced7bdb8 100755 --- a/pkg/minikube/assets/addons.go +++ b/pkg/minikube/assets/addons.go @@ -537,7 +537,7 @@ var Addons = map[string]*Addon{ "0640"), }, false, "gcp-auth", "google", map[string]string{ "KubeWebhookCertgen": "jettech/kube-webhook-certgen:v1.3.0@sha256:ff01fba91131ed260df3f3793009efbf9686f5a5ce78a85f81c386a4403f7689", - "GCPAuthWebhook": "k8s-minikube/gcp-auth-webhook:v0.0.6@sha256:c407ad6ee97d8a0e8a21c713e2d9af66aaf73315e4a123874c00b786f962f3cd", + "GCPAuthWebhook": "k8s-minikube/gcp-auth-webhook:v0.0.7@sha256:be9661afbd47e4042bee1cb48cae858cc2f4b4e121340ee69fdc0013aeffcca4", }, map[string]string{ "GCPAuthWebhook": "gcr.io", }), From 5fad8b8f792e2701b6cf663738703f7955a4d325 Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Mon, 23 Aug 2021 18:43:10 -0700 Subject: [PATCH 188/205] update docs --- .../en/docs/tutorials/continuous_integration.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/site/content/en/docs/tutorials/continuous_integration.md b/site/content/en/docs/tutorials/continuous_integration.md index 788d21c4d7..c3b0c81ba5 100644 --- a/site/content/en/docs/tutorials/continuous_integration.md +++ b/site/content/en/docs/tutorials/continuous_integration.md @@ -17,18 +17,17 @@ To see a working example of running minikube in CI checkout [minikube-ci/example ## Supported / Tested CI Platforms -For any platform not yet listed or listed as "Unsure :question:" we are looking for your help! -Please file Pull Requests and / or Issues for missing CI platforms :smile: +For any platform not yet listed we are looking for your help! Please file Pull Requests and / or Issues for missing CI platforms :smile: | Platform | Known to Work? | Status | |---|---|--| -| [Prow](https://github.com/kubernetes/test-infra/tree/master/prow) | [Yes](https://github.com/kubernetes/test-infra/tree/master/config/jobs/kubernetes/minikube) :heavy_check_mark: | [![Prow](https://prow.k8s.io/badge.svg?jobs=pull-minikube-build)](https://prow.k8s.io/?job=pull-minikube-build) | -| [Google Cloud Build](https://cloud.google.com/cloud-build/) | [Yes](./gcb.md) :heavy_check_mark: | [![cloud build status](https://storage.googleapis.com/minikube-ci-example/build/working.svg)](https://pantheon.corp.google.com/cloud-build/dashboard?project=k8s-minikube) | -| [Github](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/about-continuous-integration) | [Yes](.github/workflows/minikube.yml) :heavy_check_mark: | [![Github](https://github.com/minikube-ci/examples/workflows/Minikube/badge.svg)](https://github.com/minikube-ci/examples/actions) | -| [Azure Pipelines](https://azure.microsoft.com/en-us/services/devops/pipelines/) | [Yes](azure-pipelines.yml) :heavy_check_mark: | [![Azure Pipelines](https://dev.azure.com/medyagh0825/minikube-ci/_apis/build/status/examples?api-version=5.1-preview.1)](https://dev.azure.com/medyagh0825/minikube-ci/_build) -| [Travis CI](https://travis-ci.com/) | [Yes](.travis.yml) :heavy_check_mark: | [![Travis CI](https://travis-ci.com/minikube-ci/examples.svg?branch=master)](https://travis-ci.com/minikube-ci/examples/) | -| [CircleCI](https://circleci.com/) | [Yes](.circleci) :heavy_check_mark: | [![CircleCI](https://circleci.com/gh/minikube-ci/examples.svg?style=svg)](https://circleci.com/gh/minikube-ci/examples) | -| [Gitlab](https://about.gitlab.com/product/continuous-integration/) | [Yes](.gitlab-ci.yml) :heavy_check_mark: | ![Gitlab](https://gitlab.com/minikube-ci/examples/badges/master/pipeline.svg) | +| [Prow](https://github.com/kubernetes/test-infra/tree/master/prow) | [Yes](https://github.com/kubernetes/test-infra/tree/master/config/jobs/kubernetes/minikube) ✔️ | [![Prow](https://prow.k8s.io/badge.svg?jobs=pull-minikube-build)](https://prow.k8s.io/?job=pull-minikube-build) | +| [Google Cloud Build](https://cloud.google.com/cloud-build/) | [Yes](https://github.com/minikube-ci/examples/blob/master/gcb.md) :heavy_check_mark: | [![cloud build status](https://storage.googleapis.com/minikube-ci-example/build/working.svg)](https://pantheon.corp.google.com/cloud-build/dashboard?project=k8s-minikube) | +| [Github](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/about-continuous-integration) | [Yes](https://github.com/minikube-ci/examples/blob/master/.github/workflows/minikube.yml) ✔️ | [![Github](https://github.com/minikube-ci/examples/workflows/Minikube/badge.svg)](https://github.com/minikube-ci/examples/actions) | +| [Azure Pipelines](https://azure.microsoft.com/en-us/services/devops/pipelines/) | [Yes](https://github.com/minikube-ci/examples/blob/master/azure-pipelines.yml) ✔️ | [![Azure Pipelines](https://dev.azure.com/medyagh0825/minikube-ci/_apis/build/status/examples?api-version=5.1-preview.1)](https://dev.azure.com/medyagh0825/minikube-ci/_build) +| [Travis CI](https://travis-ci.com/) | [Yes](https://github.com/minikube-ci/examples/blob/master/.travis.yml) ✔️ | [![Travis CI](https://travis-ci.com/minikube-ci/examples.svg?branch=master)](https://travis-ci.com/minikube-ci/examples/) | +| [CircleCI](https://circleci.com/) | [Yes](https://github.com/minikube-ci/examples/blob/master/.circleci) ✔️ | [![CircleCI](https://circleci.com/gh/minikube-ci/examples.svg?style=svg)](https://circleci.com/gh/minikube-ci/examples) | +| [Gitlab](https://about.gitlab.com/product/continuous-integration/) | [Yes](https://github.com/minikube-ci/examples/blob/master/.gitlab-ci.yml) ✔️ | ![Gitlab](https://gitlab.com/minikube-ci/examples/badges/master/pipeline.svg) | From 74b35d87cee203f0a8661053f1e202fef2edfeea Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Tue, 24 Aug 2021 09:50:02 -0700 Subject: [PATCH 189/205] upgrade box-cli-maker to 2.2.2 --- go.mod | 6 ++---- go.sum | 11 ++++------- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 022219846f..57c05b9225 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.16 require ( cloud.google.com/go/storage v1.15.0 contrib.go.opencensus.io/exporter/stackdriver v0.12.1 - github.com/Delta456/box-cli-maker/v2 v2.2.1 + github.com/Delta456/box-cli-maker/v2 v2.2.2 github.com/GoogleCloudPlatform/docker-credential-gcr v0.0.0-20210713212222-faed5e8b8ca2 github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v0.16.0 github.com/Microsoft/hcsshim v0.8.17 // indirect @@ -29,7 +29,6 @@ require ( github.com/google/go-github/v36 v36.0.0 github.com/google/slowjam v1.0.0 github.com/google/uuid v1.3.0 - github.com/gookit/color v1.4.2 // indirect github.com/hashicorp/go-getter v1.5.7 github.com/hashicorp/go-retryablehttp v0.7.0 github.com/hashicorp/golang-lru v0.5.3 // indirect @@ -53,7 +52,6 @@ require ( github.com/machine-drivers/docker-machine-driver-vmware v0.1.3 github.com/mattbaird/jsonpatch v0.0.0-20200820163806-098863c1fc24 github.com/mattn/go-isatty v0.0.13 - github.com/mattn/go-runewidth v0.0.13 // indirect github.com/mitchellh/go-ps v1.0.0 github.com/moby/hyperkit v0.0.0-20210108224842-2f061e447e14 github.com/moby/sys/mount v0.2.0 // indirect @@ -84,7 +82,7 @@ require ( golang.org/x/mod v0.5.0 golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c - golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c + golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf golang.org/x/term v0.0.0-20210406210042-72f3dc4e9b72 golang.org/x/text v0.3.7 gonum.org/v1/plot v0.9.0 diff --git a/go.sum b/go.sum index bf80199a9a..bca11cfce8 100644 --- a/go.sum +++ b/go.sum @@ -68,8 +68,8 @@ github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/Delta456/box-cli-maker/v2 v2.2.1 h1:uTcuvT6Ty+LBHuRUdFrJBpqP9RhtLxI5+5ZpKYAUuVw= -github.com/Delta456/box-cli-maker/v2 v2.2.1/go.mod h1:R7jxZHK2wGBR2Luz/Vgi8jP5fz1ljUXgu2o2JQNmvFU= +github.com/Delta456/box-cli-maker/v2 v2.2.2 h1:CpSLcPgi5pY4+arzpyuWN2+nU8gHqto2Y+OO7VbELQ0= +github.com/Delta456/box-cli-maker/v2 v2.2.2/go.mod h1:idItIMZeyx3bg73XwSgsLeZd+gdpD2IvGbR3FC8a9TU= github.com/GoogleCloudPlatform/docker-credential-gcr v0.0.0-20210713212222-faed5e8b8ca2 h1:rMamBsR6iCT9Y5m2Il6vFGJvY7FAgck4AoA/LobheKU= github.com/GoogleCloudPlatform/docker-credential-gcr v0.0.0-20210713212222-faed5e8b8ca2/go.mod h1:BB1eHdMLYEFuFdBlRMb0N7YGVdM5s6Pt0njxgvfbGGs= github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20200415212048-7901bc822317/go.mod h1:DF8FZRxMHMGv/vP2lQP6h+dYzzjpuRn24VeRiYn3qjQ= @@ -594,7 +594,6 @@ github.com/googleapis/gnostic v0.4.1 h1:DLJCy1n/vrD4HPjOvYcT8aYQXpPIzoRZONaYwyyc github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/googleinterns/cloud-operations-api-mock v0.0.0-20200709193332-a1e58c29bdd3 h1:eHv/jVY/JNop1xg2J9cBb4EzyMpWZoNCP1BslSAIkOI= github.com/googleinterns/cloud-operations-api-mock v0.0.0-20200709193332-a1e58c29bdd3/go.mod h1:h/KNeRx7oYU4SpA4SoY7W2/NxDKEEVuwA6j9A27L4OI= -github.com/gookit/color v1.3.6/go.mod h1:R3ogXq2B9rTbXoSHJ1HyUVAZ3poOJHpd9nQmyGZsfvQ= github.com/gookit/color v1.4.2 h1:tXy44JFSFkKnELV6WaMo/lLfu/meqITX3iAV52do7lk= github.com/gookit/color v1.4.2/go.mod h1:fqRyamkC1W8uxl+lxCQxOT09l/vYfZ+QeiX3rKQHCoQ= github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= @@ -1115,7 +1114,6 @@ github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f h1:mvXjJIHRZy github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg= -github.com/xo/terminfo v0.0.0-20200218205459-454e5b68f9e8/go.mod h1:6Yhx5ZJl5942QrNRWLwITArVT9okUXc5c3brgWJMoDc= github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 h1:QldyIu/L63oPpyvQmHgvgickp1Yw510KJOqX7H24mg8= github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= @@ -1423,7 +1421,6 @@ golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201223074533-0d417f636930/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1442,8 +1439,9 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf h1:2ucpDCmfkl8Bd/FsLtiD653Wf96cW37s+iGx93zsu4k= +golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -1734,7 +1732,6 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= From abd52901cfbf914e0ca2435b160164039327b0bd Mon Sep 17 00:00:00 2001 From: Predrag Rogic Date: Sun, 22 Aug 2021 03:58:34 +0100 Subject: [PATCH 190/205] fix ingress for k8s v1.22+ --- .../addons/ingress-dns/example/example.yaml | 3 + .../ingress-dns/ingress-dns-pod.yaml.tmpl | 8 +- .../ingress/ingress-configmap.yaml.tmpl | 58 -- .../addons/ingress/ingress-deploy.yaml.tmpl | 632 ++++++++++++++++++ deploy/addons/ingress/ingress-dp.yaml.tmpl | 299 --------- deploy/addons/ingress/ingress-rbac.yaml.tmpl | 283 -------- pkg/addons/addons.go | 29 + pkg/minikube/assets/addons.go | 38 +- .../testdata/v1.22/containerd-api-port.yaml | 2 +- .../v1.22/containerd-pod-network-cidr.yaml | 2 +- .../bsutil/testdata/v1.22/containerd.yaml | 2 +- .../testdata/v1.22/crio-options-gates.yaml | 2 +- .../bsutil/testdata/v1.22/crio.yaml | 2 +- .../bsutil/testdata/v1.22/default.yaml | 2 +- .../bsutil/testdata/v1.22/dns.yaml | 2 +- .../testdata/v1.22/image-repository.yaml | 2 +- .../bsutil/testdata/v1.22/options.yaml | 2 +- pkg/minikube/constants/constants.go | 4 +- site/content/en/docs/commands/start.md | 2 +- test/integration/addons_test.go | 53 +- test/integration/main_test.go | 2 +- test/integration/testdata/nginx-ingv1.yaml | 7 +- 22 files changed, 711 insertions(+), 725 deletions(-) delete mode 100644 deploy/addons/ingress/ingress-configmap.yaml.tmpl create mode 100644 deploy/addons/ingress/ingress-deploy.yaml.tmpl delete mode 100644 deploy/addons/ingress/ingress-dp.yaml.tmpl delete mode 100644 deploy/addons/ingress/ingress-rbac.yaml.tmpl diff --git a/deploy/addons/ingress-dns/example/example.yaml b/deploy/addons/ingress-dns/example/example.yaml index e1906c2149..d166deb3ef 100644 --- a/deploy/addons/ingress-dns/example/example.yaml +++ b/deploy/addons/ingress-dns/example/example.yaml @@ -38,6 +38,9 @@ kind: Ingress metadata: name: example-ingress namespace: kube-system + annotations: + # use the shared ingress-nginx + kubernetes.io/ingress.class: nginx spec: rules: - host: hello-john.test diff --git a/deploy/addons/ingress-dns/ingress-dns-pod.yaml.tmpl b/deploy/addons/ingress-dns/ingress-dns-pod.yaml.tmpl index 4eaa00a48f..1cf7cb74c5 100644 --- a/deploy/addons/ingress-dns/ingress-dns-pod.yaml.tmpl +++ b/deploy/addons/ingress-dns/ingress-dns-pod.yaml.tmpl @@ -22,7 +22,6 @@ metadata: app: minikube-ingress-dns kubernetes.io/bootstrapping: rbac-defaults app.kubernetes.io/part-of: kube-system - addonmanager.kubernetes.io/mode: Reconcile --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -33,7 +32,6 @@ metadata: app: minikube-ingress-dns kubernetes.io/bootstrapping: rbac-defaults app.kubernetes.io/part-of: kube-system - addonmanager.kubernetes.io/mode: Reconcile gcp-auth-skip-secret: "true" rules: - apiGroups: @@ -56,7 +54,6 @@ metadata: app: minikube-ingress-dns kubernetes.io/bootstrapping: rbac-defaults app.kubernetes.io/part-of: kube-system - addonmanager.kubernetes.io/mode: Reconcile roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -74,13 +71,12 @@ metadata: labels: app: minikube-ingress-dns app.kubernetes.io/part-of: kube-system - addonmanager.kubernetes.io/mode: Reconcile spec: serviceAccountName: minikube-ingress-dns hostNetwork: true containers: - name: minikube-ingress-dns - image: {{.CustomRegistries.IngressDNS | default .ImageRepository | default .Registries.IngressDNS }}{{.Images.IngressDNS}} + image: {{.CustomRegistries.IngressDNS | default .ImageRepository | default .Registries.IngressDNS }}{{.Images.IngressDNS}} imagePullPolicy: IfNotPresent ports: - containerPort: 53 @@ -91,4 +87,4 @@ spec: - name: POD_IP valueFrom: fieldRef: - fieldPath: status.podIP \ No newline at end of file + fieldPath: status.podIP diff --git a/deploy/addons/ingress/ingress-configmap.yaml.tmpl b/deploy/addons/ingress/ingress-configmap.yaml.tmpl deleted file mode 100644 index 37817eaae3..0000000000 --- a/deploy/addons/ingress/ingress-configmap.yaml.tmpl +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Namespace -metadata: - name: ingress-nginx - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - addonmanager.kubernetes.io/mode: Reconcile ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: EnsureExists - name: ingress-nginx-controller - namespace: ingress-nginx -data: - # see https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md for all possible options and their description - hsts: "false" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: tcp-services - namespace: ingress-nginx - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: EnsureExists ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: udp-services - namespace: ingress-nginx - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: EnsureExists diff --git a/deploy/addons/ingress/ingress-deploy.yaml.tmpl b/deploy/addons/ingress/ingress-deploy.yaml.tmpl new file mode 100644 index 0000000000..4f0c6a6bed --- /dev/null +++ b/deploy/addons/ingress/ingress-deploy.yaml.tmpl @@ -0,0 +1,632 @@ +# Copyright 2021 The Kubernetes Authors All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + +--- +# Source: ingress-nginx/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + name: ingress-nginx + namespace: ingress-nginx +automountServiceAccountToken: true +--- +# Source: ingress-nginx/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + name: ingress-nginx-controller + namespace: ingress-nginx +data: + # see https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md for all possible options and their description + hsts: "false" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: tcp-services + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: udp-services + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + name: ingress-nginx +rules: + - apiGroups: + - '' + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch + - apiGroups: + - '' + resources: + - nodes + verbs: + - get + - apiGroups: + - '' + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io # k8s 1.14+ + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - events + verbs: + - create + - patch + - apiGroups: + - extensions + - networking.k8s.io # k8s 1.14+ + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io # k8s 1.14+ + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +# Source: ingress-nginx/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + name: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ingress-nginx +subjects: + - kind: ServiceAccount + name: ingress-nginx + namespace: ingress-nginx +--- +# Source: ingress-nginx/templates/controller-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + name: ingress-nginx + namespace: ingress-nginx +rules: + - apiGroups: + - '' + resources: + - namespaces + verbs: + - get + - apiGroups: + - '' + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io # k8s 1.14+ + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io # k8s 1.14+ + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io # k8s 1.14+ + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - configmaps + resourceNames: + - ingress-controller-leader-nginx + verbs: + - get + - update + - apiGroups: + - '' + resources: + - configmaps + verbs: + - create + - apiGroups: + - '' + resources: + - events + verbs: + - create + - patch +--- +# Source: ingress-nginx/templates/controller-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + name: ingress-nginx + namespace: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-nginx +subjects: + - kind: ServiceAccount + name: ingress-nginx + namespace: ingress-nginx +--- +# Source: ingress-nginx/templates/controller-service-webhook.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + name: ingress-nginx-controller-admission + namespace: ingress-nginx +spec: + type: ClusterIP + ports: + - name: https-webhook + port: 443 + targetPort: webhook + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + name: ingress-nginx-controller + namespace: ingress-nginx +spec: + type: NodePort + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + name: ingress-nginx-controller + namespace: ingress-nginx +spec: + selector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + minReadySeconds: 0 + template: + metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + gcp-auth-skip-secret: "true" + spec: + dnsPolicy: ClusterFirst + containers: + - name: controller + image: {{.CustomRegistries.IngressController | default .ImageRepository | default .Registries.IngressController}}{{.Images.IngressController}} + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + args: + - /nginx-ingress-controller + - --election-id=ingress-controller-leader + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller + - --report-node-internal-ip-address + - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services + - --udp-services-configmap=$(POD_NAMESPACE)/udp-services + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + {{if .CustomIngressCert}} + - --default-ssl-certificate={{ .CustomIngressCert }} + {{end}} + securityContext: + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + runAsUser: 101 + allowPrivilegeEscalation: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ports: + - name: http + containerPort: 80 + protocol: TCP + hostPort: 80 + - name: https + containerPort: 443 + protocol: TCP + hostPort: 443 + - name: webhook + containerPort: 8443 + protocol: TCP + volumeMounts: + - name: webhook-cert + mountPath: /usr/local/certificates/ + readOnly: true + resources: + requests: + cpu: 100m + memory: 90Mi + serviceAccountName: ingress-nginx + volumes: + - name: webhook-cert + secret: + secretName: ingress-nginx-admission +--- +# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +# before changing this value, check the required kubernetes version +# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites +# Currently(v0.49.0), ValidatingWebhookConfiguration of this validates v1beta1 request +# TODO(govargo): check this after upstream ingress-nginx can validate v1 version +# https://github.com/kubernetes/ingress-nginx/blob/controller-v0.49.0/internal/admission/controller/main.go#L46-L52 +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook + name: ingress-nginx-admission +webhooks: + - name: validate.nginx.ingress.kubernetes.io + matchPolicy: Equivalent + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - {{.IngressAPIVersion}} + operations: + - CREATE + - UPDATE + resources: + - ingresses + failurePolicy: Fail + sideEffects: None + admissionReviewVersions: + {{if eq .IngressAPIVersion "v1beta1"}} + - v1 + {{end}} + - {{.IngressAPIVersion}} + clientConfig: + service: + namespace: ingress-nginx + name: ingress-nginx-controller-admission + path: /networking/{{.IngressAPIVersion}}/ingresses +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ingress-nginx-admission + namespace: ingress-nginx + annotations: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ingress-nginx-admission + annotations: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ingress-nginx-admission + annotations: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: ingress-nginx-admission + namespace: ingress-nginx +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ingress-nginx-admission + namespace: ingress-nginx + annotations: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook +rules: + - apiGroups: + - '' + resources: + - secrets + verbs: + - get + - create +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ingress-nginx-admission + namespace: ingress-nginx + annotations: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: ingress-nginx-admission + namespace: ingress-nginx +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: ingress-nginx-admission-create + namespace: ingress-nginx + annotations: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook +spec: + template: + metadata: + name: ingress-nginx-admission-create + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook + spec: + containers: + - name: create + image: {{.CustomRegistries.KubeWebhookCertgenCreate | default .ImageRepository | default .Registries.KubeWebhookCertgenCreate }}{{.Images.KubeWebhookCertgenCreate}} + imagePullPolicy: IfNotPresent + args: + - create + - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + serviceAccountName: ingress-nginx-admission + securityContext: + runAsNonRoot: true + runAsUser: 2000 +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: ingress-nginx-admission-patch + namespace: ingress-nginx + annotations: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook +spec: + template: + metadata: + name: ingress-nginx-admission-patch + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: admission-webhook + spec: + containers: + - name: patch + image: {{.CustomRegistries.KubeWebhookCertgenPatch | default .ImageRepository | default .Registries.KubeWebhookCertgenPatch }}{{.Images.KubeWebhookCertgenPatch}} + imagePullPolicy: IfNotPresent + args: + - patch + - --webhook-name=ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + serviceAccountName: ingress-nginx-admission + securityContext: + runAsNonRoot: true + runAsUser: 2000 diff --git a/deploy/addons/ingress/ingress-dp.yaml.tmpl b/deploy/addons/ingress/ingress-dp.yaml.tmpl deleted file mode 100644 index 694534c936..0000000000 --- a/deploy/addons/ingress/ingress-dp.yaml.tmpl +++ /dev/null @@ -1,299 +0,0 @@ -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: Reconcile - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - type: ClusterIP - ports: - - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: Reconcile - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - type: NodePort - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ingress-nginx-controller - namespace: ingress-nginx - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: Reconcile -spec: - selector: - matchLabels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: Reconcile - revisionHistoryLimit: 10 - strategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - minReadySeconds: 0 - template: - metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: Reconcile - gcp-auth-skip-secret: "true" - spec: - dnsPolicy: ClusterFirst - containers: - - name: controller - image: {{.CustomRegistries.IngressController | default .ImageRepository | default .Registries.IngressController }}{{.Images.IngressController}} - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - args: - - /nginx-ingress-controller - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --report-node-internal-ip-address - - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - - --udp-services-configmap=$(POD_NAMESPACE)/udp-services - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - {{if .CustomIngressCert}} - - --default-ssl-certificate={{ .CustomIngressCert }} - {{end}} - securityContext: - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - runAsUser: 101 - allowPrivilegeEscalation: true - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - livenessProbe: - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - readinessProbe: - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - ports: - - name: http - containerPort: 80 - protocol: TCP - hostPort: 80 - - name: https - containerPort: 443 - protocol: TCP - hostPort: 443 - - name: webhook - containerPort: 8443 - protocol: TCP - volumeMounts: - - name: webhook-cert - mountPath: /usr/local/certificates/ - readOnly: true - resources: - requests: - cpu: 100m - memory: 90Mi - serviceAccountName: ingress-nginx - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -# Currently(v0.44.0), ValidatingWebhookConfiguration of this validates v1beta1 request -# TODO(govargo): check this after upstream ingress-nginx can validate v1 version -# https://github.com/kubernetes/ingress-nginx/blob/controller-v0.44.0/internal/admission/controller/main.go#L46-L52 -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - name: ingress-nginx-admission -webhooks: - - name: validate.nginx.ingress.kubernetes.io - matchPolicy: Equivalent - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - failurePolicy: Fail - sideEffects: None - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - namespace: ingress-nginx - name: ingress-nginx-controller-admission - path: /networking/v1beta1/ingresses ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: ingress-nginx-admission-create - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - namespace: ingress-nginx -spec: - template: - metadata: - name: ingress-nginx-admission-create - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - spec: - containers: - - name: create - image: {{.CustomRegistries.KubeWebhookCertgenCreate | default .ImageRepository | default .Registries.KubeWebhookCertgenCreate }}{{.Images.KubeWebhookCertgenCreate}} - imagePullPolicy: IfNotPresent - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - restartPolicy: OnFailure - serviceAccountName: ingress-nginx-admission - securityContext: - runAsNonRoot: true - runAsUser: 2000 ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: ingress-nginx-admission-patch - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - namespace: ingress-nginx -spec: - template: - metadata: - name: ingress-nginx-admission-patch - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - spec: - containers: - - name: patch - image: {{.CustomRegistries.KubeWebhookCertgenPatch | default .ImageRepository | default .Registries.KubeWebhookCertgenPatch }}{{.Images.KubeWebhookCertgenPatch}} - imagePullPolicy: IfNotPresent - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - restartPolicy: OnFailure - serviceAccountName: ingress-nginx-admission - securityContext: - runAsNonRoot: true - runAsUser: 2000 diff --git a/deploy/addons/ingress/ingress-rbac.yaml.tmpl b/deploy/addons/ingress/ingress-rbac.yaml.tmpl deleted file mode 100644 index 5a2cf139b7..0000000000 --- a/deploy/addons/ingress/ingress-rbac.yaml.tmpl +++ /dev/null @@ -1,283 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: Reconcile - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - addonmanager.kubernetes.io/mode: Reconcile - name: ingress-nginx -rules: - - apiGroups: - - '' - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - verbs: - - list - - watch - - apiGroups: - - '' - resources: - - nodes - verbs: - - get - - apiGroups: - - '' - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - extensions - - networking.k8s.io # k8s 1.14+ - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - events - verbs: - - create - - patch - - apiGroups: - - extensions - - networking.k8s.io # k8s 1.14+ - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io # k8s 1.18+ - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ingress-nginx - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - addonmanager.kubernetes.io/mode: Reconcile -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: Reconcile - name: ingress-nginx - namespace: ingress-nginx -rules: - - apiGroups: - - '' - resources: - - namespaces - verbs: - - get - - apiGroups: - - '' - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - extensions - - networking.k8s.io # k8s 1.14+ - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - - networking.k8s.io # k8s 1.14+ - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io # k8s 1.18+ - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - configmaps - resourceNames: - - ingress-controller-leader-nginx - verbs: - - get - - update - - apiGroups: - - '' - resources: - - configmaps - verbs: - - create - - apiGroups: - - '' - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - addonmanager.kubernetes.io/mode: Reconcile - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ingress-nginx-admission - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: ingress-nginx-admission - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - namespace: ingress-nginx -rules: - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ingress-nginx-admission - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: - - kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: ingress-nginx-admission - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - namespace: ingress-nginx -rules: - - apiGroups: - - '' - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: ingress-nginx-admission - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: admission-webhook - addonmanager.kubernetes.io/mode: Reconcile - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: - - kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx diff --git a/pkg/addons/addons.go b/pkg/addons/addons.go index ab39192932..a4510ee401 100644 --- a/pkg/addons/addons.go +++ b/pkg/addons/addons.go @@ -26,6 +26,7 @@ import ( "sync" "time" + "github.com/blang/semver/v4" "github.com/pkg/errors" "github.com/spf13/viper" @@ -44,6 +45,7 @@ import ( "k8s.io/minikube/pkg/minikube/reason" "k8s.io/minikube/pkg/minikube/style" "k8s.io/minikube/pkg/minikube/sysinit" + "k8s.io/minikube/pkg/util" "k8s.io/minikube/pkg/util/retry" ) @@ -160,6 +162,9 @@ func EnableOrDisableAddon(cc *config.ClusterConfig, name string, val string) err out.V{"driver_name": cc.Driver, "addon_name": name}) } } + if err := supportLegacyIngress(cc); err != nil { + return err + } } if strings.HasPrefix(name, "istio") && enable { @@ -246,6 +251,30 @@ func isAddonAlreadySet(cc *config.ClusterConfig, addon *assets.Addon, enable boo return false } +// maintain backwards compatibility with k8s < v1.19 +// by replacing images with old versions if custom ones are not already provided +func supportLegacyIngress(cc *config.ClusterConfig) error { + v, err := util.ParseKubernetesVersion(cc.KubernetesConfig.KubernetesVersion) + if err != nil { + return errors.Wrap(err, "parsing Kubernetes version") + } + if semver.MustParseRange("<1.19.0")(v) { + imgs := map[string]string{ + // https://github.com/kubernetes/ingress-nginx/blob/f3c50698d98299b1a61f83cb6c4bb7de0b71fb4b/deploy/static/provider/kind/deploy.yaml#L327 + "IngressController": "ingress-nginx/controller:v0.49.0@sha256:e9707504ad0d4c119036b6d41ace4a33596139d3feb9ccb6617813ce48c3eeef", + // issues: https://github.com/kubernetes/ingress-nginx/issues/7418 and https://github.com/jet/kube-webhook-certgen/issues/30 + "KubeWebhookCertgenCreate": "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7", + "KubeWebhookCertgenPatch": "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7", + } + for name, path := range imgs { + if _, exists := cc.CustomAddonImages[name]; !exists { + cc.CustomAddonImages[name] = path + } + } + } + return nil +} + func enableOrDisableAddonInternal(cc *config.ClusterConfig, addon *assets.Addon, runner command.Runner, data interface{}, enable bool) error { deployFiles := []string{} diff --git a/pkg/minikube/assets/addons.go b/pkg/minikube/assets/addons.go index 4dced7bdb8..e698635a5d 100755 --- a/pkg/minikube/assets/addons.go +++ b/pkg/minikube/assets/addons.go @@ -21,12 +21,15 @@ import ( "runtime" "strings" + "github.com/blang/semver/v4" + "github.com/pkg/errors" "github.com/spf13/viper" "k8s.io/minikube/deploy/addons" "k8s.io/minikube/pkg/minikube/config" "k8s.io/minikube/pkg/minikube/constants" "k8s.io/minikube/pkg/minikube/out" "k8s.io/minikube/pkg/minikube/vmpath" + "k8s.io/minikube/pkg/util" "k8s.io/minikube/pkg/version" ) @@ -230,24 +233,17 @@ var Addons = map[string]*Addon{ }), "ingress": NewAddon([]*BinAsset{ MustBinAsset(addons.IngressAssets, - "ingress/ingress-configmap.yaml.tmpl", + "ingress/ingress-deploy.yaml.tmpl", vmpath.GuestAddonsDir, - "ingress-configmap.yaml", - "0640"), - MustBinAsset(addons.IngressAssets, - "ingress/ingress-rbac.yaml.tmpl", - vmpath.GuestAddonsDir, - "ingress-rbac.yaml", - "0640"), - MustBinAsset(addons.IngressAssets, - "ingress/ingress-dp.yaml.tmpl", - vmpath.GuestAddonsDir, - "ingress-dp.yaml", + "ingress-deploy.yaml", "0640"), }, false, "ingress", "", map[string]string{ - "IngressController": "ingress-nginx/controller:v0.44.0@sha256:3dd0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a", - "KubeWebhookCertgenCreate": "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7", - "KubeWebhookCertgenPatch": "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7", + // https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L323 + "IngressController": "ingress-nginx/controller:v1.0.0-beta.3@sha256:44a7a06b71187a4529b0a9edee5cc22bdf71b414470eff696c3869ea8d90a695", + // https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L612 + "KubeWebhookCertgenCreate": "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0@sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068", + // https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L660 + "KubeWebhookCertgenPatch": "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0@sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068", }, map[string]string{ "IngressController": "k8s.gcr.io", }), @@ -795,6 +791,7 @@ func GenerateTemplateData(addon *Addon, cfg config.KubernetesConfig, netInfo Net LoadBalancerStartIP string LoadBalancerEndIP string CustomIngressCert string + IngressAPIVersion string ContainerRuntime string Images map[string]string Registries map[string]string @@ -807,6 +804,7 @@ func GenerateTemplateData(addon *Addon, cfg config.KubernetesConfig, netInfo Net LoadBalancerStartIP: cfg.LoadBalancerStartIP, LoadBalancerEndIP: cfg.LoadBalancerEndIP, CustomIngressCert: cfg.CustomIngressCert, + IngressAPIVersion: "v1", // api version for ingress (eg, "v1beta1"; defaults to "v1" for k8s 1.19+) ContainerRuntime: cfg.ContainerRuntime, Images: images, Registries: addon.Registries, @@ -820,6 +818,16 @@ func GenerateTemplateData(addon *Addon, cfg config.KubernetesConfig, netInfo Net opts.Registries = make(map[string]string) } + // maintain backwards compatibility with k8s < v1.19 + // by using v1beta1 instead of v1 api version for ingress + v, err := util.ParseKubernetesVersion(cfg.KubernetesVersion) + if err != nil { + return errors.Wrap(err, "parsing Kubernetes version") + } + if semver.MustParseRange("<1.19.0")(v) { + opts.IngressAPIVersion = "v1beta1" + } + // Network info for generating template opts.NetworkInfo["ControlPlaneNodeIP"] = netInfo.ControlPlaneNodeIP opts.NetworkInfo["ControlPlaneNodePort"] = fmt.Sprint(netInfo.ControlPlaneNodePort) diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml index 9df5003de0..a6f66ca3fc 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml @@ -40,7 +40,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: cluster.local podSubnet: "10.244.0.0/16" diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml index dbb3848b7a..be1449f67c 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml @@ -40,7 +40,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: cluster.local podSubnet: "192.168.32.0/20" diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml index 0b4338aa95..17add873e8 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml @@ -40,7 +40,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: cluster.local podSubnet: "10.244.0.0/16" diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio-options-gates.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio-options-gates.yaml index 7146db8f6a..675695d35c 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio-options-gates.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio-options-gates.yaml @@ -46,7 +46,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: cluster.local podSubnet: "10.244.0.0/16" diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml index 0f98e04878..c4cdca797b 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml @@ -40,7 +40,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: cluster.local podSubnet: "10.244.0.0/16" diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml index 6a04619bf1..41c52cead9 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml @@ -40,7 +40,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: cluster.local podSubnet: "10.244.0.0/16" diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml index 9bbacc2ff8..6ad1aece47 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml @@ -40,7 +40,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: minikube.local podSubnet: "10.244.0.0/16" diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml index 169d8d4721..6eea4cd782 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml @@ -41,7 +41,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: cluster.local podSubnet: "10.244.0.0/16" diff --git a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/options.yaml b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/options.yaml index e663396bb6..0869698959 100644 --- a/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/options.yaml +++ b/pkg/minikube/bootstrapper/bsutil/testdata/v1.22/options.yaml @@ -43,7 +43,7 @@ etcd: dataDir: /var/lib/minikube/etcd extraArgs: proxy-refresh-interval: "70000" -kubernetesVersion: v1.22.0-rc.0 +kubernetesVersion: v1.22.0 networking: dnsDomain: cluster.local podSubnet: "10.244.0.0/16" diff --git a/pkg/minikube/constants/constants.go b/pkg/minikube/constants/constants.go index b0d425d958..162f9027fc 100644 --- a/pkg/minikube/constants/constants.go +++ b/pkg/minikube/constants/constants.go @@ -34,10 +34,10 @@ var ( const ( // DefaultKubernetesVersion is the default Kubernetes version // dont update till #10545 is solved - DefaultKubernetesVersion = "v1.21.3" + DefaultKubernetesVersion = "v1.22.1" // NewestKubernetesVersion is the newest Kubernetes version to test against // NOTE: You may need to update coreDNS & etcd versions in pkg/minikube/bootstrapper/images/images.go - NewestKubernetesVersion = "v1.22.0-rc.0" + NewestKubernetesVersion = "v1.22.2-rc.0" // OldestKubernetesVersion is the oldest Kubernetes version to test against OldestKubernetesVersion = "v1.14.0" // DefaultClusterName is the default nane for the k8s cluster diff --git a/site/content/en/docs/commands/start.md b/site/content/en/docs/commands/start.md index a57cd14c07..704501ff24 100644 --- a/site/content/en/docs/commands/start.md +++ b/site/content/en/docs/commands/start.md @@ -67,7 +67,7 @@ minikube start [flags] --interactive Allow user prompts for more information (default true) --iso-url strings Locations to fetch the minikube ISO from. (default [https://storage.googleapis.com/minikube-builds/iso/12268/minikube-v1.22.0-1628974786-12268.iso,https://github.com/kubernetes/minikube/releases/download/v1.22.0-1628974786-12268/minikube-v1.22.0-1628974786-12268.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.22.0-1628974786-12268.iso]) --keep-context This will keep the existing kubectl context and will create a minikube context. - --kubernetes-version string The Kubernetes version that the minikube VM will use (ex: v1.2.3, 'stable' for v1.21.3, 'latest' for v1.22.0-rc.0). Defaults to 'stable'. + --kubernetes-version string The Kubernetes version that the minikube VM will use (ex: v1.2.3, 'stable' for v1.22.1, 'latest' for v1.22.2-rc.0). Defaults to 'stable'. --kvm-gpu Enable experimental NVIDIA GPU support in minikube --kvm-hidden Hide the hypervisor signature from the guest in minikube (kvm2 driver only) --kvm-network string The KVM default network name. (kvm2 driver only) (default "default") diff --git a/test/integration/addons_test.go b/test/integration/addons_test.go index 62dfd5339c..560a4329ab 100644 --- a/test/integration/addons_test.go +++ b/test/integration/addons_test.go @@ -163,16 +163,16 @@ func validateIngressAddon(ctx context.Context, t *testing.T, profile string) { t.Fatalf("failed to get Kubernetes client: %v", client) } - if err := kapi.WaitForDeploymentToStabilize(client, "ingress-nginx", "ingress-nginx-controller", Minutes(6)); err != nil { - t.Errorf("failed waiting for ingress-controller deployment to stabilize: %v", err) - } - if _, err := PodWait(ctx, t, profile, "ingress-nginx", "app.kubernetes.io/name=ingress-nginx", Minutes(12)); err != nil { + // avoid timeouts like: + // Error from server (InternalError): Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": Post "https://ingress-nginx-controller-admission.ingress-nginx.svc:443/networking/v1/ingresses?timeout=10s": dial tcp 10.107.218.58:443: i/o timeout + // Error from server (InternalError): Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": Post "https://ingress-nginx-controller-admission.ingress-nginx.svc:443/networking/v1/ingresses?timeout=10s": context deadline exceeded + if _, err = Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "wait", "--for=condition=ready", "--namespace=ingress-nginx", "pod", "--selector=app.kubernetes.io/component=controller", "--timeout=90s")); err != nil { t.Fatalf("failed waititing for ingress-nginx-controller : %v", err) } // create networking.k8s.io/v1 ingress createv1Ingress := func() error { - // apply networking.k8s.io/v1beta1 ingress + // apply networking.k8s.io/v1 ingress rr, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "replace", "--force", "-f", filepath.Join(*testdataDir, "nginx-ingv1.yaml"))) if err != nil { return err @@ -182,8 +182,6 @@ func validateIngressAddon(ctx context.Context, t *testing.T, profile string) { } return nil } - - // create networking.k8s.io/v1 ingress if err := retry.Expo(createv1Ingress, 1*time.Second, Seconds(90)); err != nil { t.Errorf("failed to create ingress: %v", err) } @@ -202,43 +200,6 @@ func validateIngressAddon(ctx context.Context, t *testing.T, profile string) { want := "Welcome to nginx!" addr := "http://127.0.0.1/" - // check if the ingress can route nginx app with networking.k8s.io/v1beta1 ingress - checkv1betaIngress := func() error { - var rr *RunResult - var err error - if NoneDriver() { // just run curl directly on the none driver - rr, err = Run(t, exec.CommandContext(ctx, "curl", "-s", addr, "-H", "'Host: nginx.example.com'")) - if err != nil { - return err - } - } else { - rr, err = Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "ssh", fmt.Sprintf("curl -s %s -H 'Host: nginx.example.com'", addr))) - if err != nil { - return err - } - } - - stderr := rr.Stderr.String() - if rr.Stderr.String() != "" { - t.Logf("debug: unexpected stderr for %v:\n%s", rr.Command(), stderr) - } - - stdout := rr.Stdout.String() - if !strings.Contains(stdout, want) { - return fmt.Errorf("%v stdout = %q, want %q", rr.Command(), stdout, want) - } - return nil - } - - // check if the ingress can route nginx app with networking.k8s.io/v1beta1 ingress - if err := retry.Expo(checkv1betaIngress, 500*time.Millisecond, Seconds(90)); err != nil { - t.Errorf("failed to get expected response from %s within minikube: %v", addr, err) - } - - // create networking.k8s.io/v1 ingress - if err := retry.Expo(createv1Ingress, 1*time.Second, Seconds(90)); err != nil { - t.Errorf("failed to create ingress: %v", err) - } // check if the ingress can route nginx app with networking.k8s.io/v1 ingress checkv1Ingress := func() error { @@ -255,20 +216,16 @@ func validateIngressAddon(ctx context.Context, t *testing.T, profile string) { return err } } - stderr := rr.Stderr.String() if rr.Stderr.String() != "" { t.Logf("debug: unexpected stderr for %v:\n%s", rr.Command(), stderr) } - stdout := rr.Stdout.String() if !strings.Contains(stdout, want) { return fmt.Errorf("%v stdout = %q, want %q", rr.Command(), stdout, want) } return nil } - - // check if the ingress can route nginx app with networking.k8s.io/v1 ingress if err := retry.Expo(checkv1Ingress, 500*time.Millisecond, Seconds(90)); err != nil { t.Errorf("failed to get expected response from %s within minikube: %v", addr, err) } diff --git a/test/integration/main_test.go b/test/integration/main_test.go index c259933bef..b59b7705e6 100644 --- a/test/integration/main_test.go +++ b/test/integration/main_test.go @@ -146,7 +146,7 @@ func DockerDriver() bool { // PodmanDriver returns whether or not this test is using the docker or podman driver func PodmanDriver() bool { - return strings.Contains(*startArgs, "--vm-driver=podman") || strings.Contains(*startArgs, "driver=podman") + return strings.Contains(*startArgs, "--driver=podman") || strings.Contains(*startArgs, "--vm-driver=podman") } // KicDriver returns whether or not this test is using the docker or podman driver diff --git a/test/integration/testdata/nginx-ingv1.yaml b/test/integration/testdata/nginx-ingv1.yaml index 03663248ea..e95cf7fc02 100644 --- a/test/integration/testdata/nginx-ingv1.yaml +++ b/test/integration/testdata/nginx-ingv1.yaml @@ -3,7 +3,8 @@ kind: Ingress metadata: name: nginx-ingress annotations: - kubernetes.io/ingress.class: "nginx" + # use the shared ingress-nginx + kubernetes.io/ingress.class: nginx labels: integration-test: ingress spec: @@ -11,10 +12,10 @@ spec: - host: nginx.example.com http: paths: - - path: "/" + - path: / pathType: Prefix backend: service: name: nginx port: - number: 80 \ No newline at end of file + number: 80 From 9c3c5d114012a16335fb63ee29ee22122395bf39 Mon Sep 17 00:00:00 2001 From: Predrag Rogic Date: Sun, 22 Aug 2021 12:51:24 +0100 Subject: [PATCH 191/205] prevent 'assignment to entry in nil map' error. --- pkg/addons/addons.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/addons/addons.go b/pkg/addons/addons.go index a4510ee401..3f1bb4568d 100644 --- a/pkg/addons/addons.go +++ b/pkg/addons/addons.go @@ -266,6 +266,9 @@ func supportLegacyIngress(cc *config.ClusterConfig) error { "KubeWebhookCertgenCreate": "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7", "KubeWebhookCertgenPatch": "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7", } + if cc.CustomAddonImages == nil { + cc.CustomAddonImages = map[string]string{} + } for name, path := range imgs { if _, exists := cc.CustomAddonImages[name]; !exists { cc.CustomAddonImages[name] = path From 8a510c05db9e830fe87113b7ccfb25a949d20628 Mon Sep 17 00:00:00 2001 From: Predrag Rogic Date: Sun, 22 Aug 2021 13:49:21 +0100 Subject: [PATCH 192/205] avoid extra newlines around conditions in template --- deploy/addons/ingress/ingress-deploy.yaml.tmpl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/addons/ingress/ingress-deploy.yaml.tmpl b/deploy/addons/ingress/ingress-deploy.yaml.tmpl index 4f0c6a6bed..bbc2965fe5 100644 --- a/deploy/addons/ingress/ingress-deploy.yaml.tmpl +++ b/deploy/addons/ingress/ingress-deploy.yaml.tmpl @@ -351,9 +351,9 @@ spec: - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key - {{if .CustomIngressCert}} + {{- if .CustomIngressCert}} - --default-ssl-certificate={{ .CustomIngressCert }} - {{end}} + {{- end}} securityContext: capabilities: drop: @@ -449,9 +449,9 @@ webhooks: failurePolicy: Fail sideEffects: None admissionReviewVersions: - {{if eq .IngressAPIVersion "v1beta1"}} + {{- if eq .IngressAPIVersion "v1beta1"}} - v1 - {{end}} + {{- end}} - {{.IngressAPIVersion}} clientConfig: service: From 7466e4a109cab0cd278e089c4e0c3201ff0ea5d1 Mon Sep 17 00:00:00 2001 From: Predrag Rogic Date: Tue, 24 Aug 2021 02:30:39 +0100 Subject: [PATCH 193/205] fix gcpauth and olm for k8s v1.22+ --- .../gcp-auth/gcp-auth-service.yaml.tmpl | 3 +- ...l.tmpl.tmpl => gcp-auth-webhook.yaml.tmpl} | 8 +- deploy/addons/olm/crds.yaml.tmpl | 18554 ++++++---------- deploy/addons/olm/olm.yaml.tmpl | 31 +- pkg/minikube/assets/addons.go | 9 +- test/integration/addons_test.go | 35 +- test/integration/testdata/etcd.yaml | 23 +- 7 files changed, 7087 insertions(+), 11576 deletions(-) rename deploy/addons/gcp-auth/{gcp-auth-webhook.yaml.tmpl.tmpl => gcp-auth-webhook.yaml.tmpl} (90%) diff --git a/deploy/addons/gcp-auth/gcp-auth-service.yaml.tmpl b/deploy/addons/gcp-auth/gcp-auth-service.yaml.tmpl index 4a8b5144f6..fa79bafe33 100644 --- a/deploy/addons/gcp-auth/gcp-auth-service.yaml.tmpl +++ b/deploy/addons/gcp-auth/gcp-auth-service.yaml.tmpl @@ -19,7 +19,8 @@ metadata: namespace: gcp-auth spec: ports: - - port: 443 + - name: https + port: 443 targetPort: 8443 protocol: TCP selector: diff --git a/deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl.tmpl b/deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl similarity index 90% rename from deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl.tmpl rename to deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl index 3923a5ed75..a951f24faa 100644 --- a/deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl.tmpl +++ b/deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl @@ -68,7 +68,7 @@ spec: serviceAccountName: minikube-gcp-auth-certs containers: - name: create - image: {{.CustomRegistries.KubeWebhookCertgen | default .ImageRepository | default .Registries.KubeWebhookCertgen }}{{.Images.KubeWebhookCertgen}} + image: {{.CustomRegistries.KubeWebhookCertgen | default .ImageRepository | default .Registries.KubeWebhookCertgen}}{{.Images.KubeWebhookCertgen}} imagePullPolicy: IfNotPresent args: - create @@ -94,7 +94,7 @@ spec: spec: containers: - name: gcp-auth - image: {{.CustomRegistries.GCPAuthWebhook | default .ImageRepository | default .Registries.GCPAuthWebhook }}{{.Images.GCPAuthWebhook}} + image: {{.CustomRegistries.GCPAuthWebhook | default .ImageRepository | default .Registries.GCPAuthWebhook}}{{.Images.GCPAuthWebhook}} imagePullPolicy: IfNotPresent ports: - containerPort: 8443 @@ -127,7 +127,7 @@ spec: serviceAccountName: minikube-gcp-auth-certs containers: - name: patch - image: {{.CustomRegistries.KubeWebhookCertgen | default .ImageRepository | default .Registries.KubeWebhookCertgen }}{{.Images.KubeWebhookCertgen}} + image: {{.CustomRegistries.KubeWebhookCertgen | default .ImageRepository | default .Registries.KubeWebhookCertgen}}{{.Images.KubeWebhookCertgen}} imagePullPolicy: IfNotPresent args: - patch @@ -183,4 +183,4 @@ webhooks: apiGroups: ["*"] apiVersions: ["*"] resources: ["serviceaccounts"] - scope: "*" \ No newline at end of file + scope: "*" diff --git a/deploy/addons/olm/crds.yaml.tmpl b/deploy/addons/olm/crds.yaml.tmpl index 78c15fe69d..44811eb989 100644 --- a/deploy/addons/olm/crds.yaml.tmpl +++ b/deploy/addons/olm/crds.yaml.tmpl @@ -1,11794 +1,7296 @@ +# ref: https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.18.3/crds.yaml + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 + controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: catalogsources.operators.coreos.com spec: group: operators.coreos.com names: categories: - - olm + - olm kind: CatalogSource listKind: CatalogSourceList plural: catalogsources shortNames: - - catsrc + - catsrc singular: catalogsource scope: Namespaced versions: - - additionalPrinterColumns: - - description: The pretty name of the catalog - jsonPath: .spec.displayName - name: Display - type: string - - description: The type of the catalog - jsonPath: .spec.sourceType - name: Type - type: string - - description: The publisher of the catalog - jsonPath: .spec.publisher - name: Publisher - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: CatalogSource is a repository of CSVs, CRDs, and operator packages. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - required: - - sourceType - properties: - address: - description: 'Address is a host that OLM can use to connect to a pre-existing - registry. Format: : Only used when SourceType - = SourceTypeGrpc. Ignored when the Image field is set.' - type: string - configMap: - description: ConfigMap is the name of the ConfigMap to be used to - back a configmap-server registry. Only used when SourceType = SourceTypeConfigmap - or SourceTypeInternal. - type: string - description: - type: string - displayName: - description: Metadata - type: string - icon: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - image: - description: Image is an operator-registry container image to instantiate - a registry-server with. Only used when SourceType = SourceTypeGrpc. - If present, the address field is ignored. - type: string - priority: - description: 'Priority field assigns a weight to the catalog source - to prioritize them so that it can be consumed by the dependency - resolver. Usage: Higher weight indicates that this catalog source - is preferred over lower weighted catalog sources during dependency - resolution. The range of the priority value can go from positive - to negative in the range of int32. The default value to a catalog - source with unassigned priority would be 0. The catalog source with - the same priority values will be ranked lexicographically based - on its name.' - type: integer - publisher: - type: string - secrets: - description: Secrets represent set of secrets that can be used to - access the contents of the catalog. It is best to keep this list - small, since each will need to be tried for every catalog entry. - type: array - items: + - additionalPrinterColumns: + - description: The pretty name of the catalog + jsonPath: .spec.displayName + name: Display + type: string + - description: The type of the catalog + jsonPath: .spec.sourceType + name: Type + type: string + - description: The publisher of the catalog + jsonPath: .spec.publisher + name: Publisher + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: CatalogSource is a repository of CSVs, CRDs, and operator packages. + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + required: + - sourceType + properties: + address: + description: 'Address is a host that OLM can use to connect to a pre-existing registry. Format: : Only used when SourceType = SourceTypeGrpc. Ignored when the Image field is set.' type: string - sourceType: - description: SourceType is the type of source - type: string - updateStrategy: - description: UpdateStrategy defines how updated catalog source images - can be discovered Consists of an interval that defines polling duration - and an embedded strategy type - type: object - properties: - registryPoll: - type: object - properties: - interval: - description: Interval is used to determine the time interval - between checks of the latest catalog source version. The - catalog operator polls to see if a new version of the catalog - source is available. If available, the latest image is pulled - and gRPC traffic is directed to the latest catalog source. - type: string - status: - type: object - properties: - configMapReference: - type: object - required: - - name - - namespace - properties: - lastUpdateTime: + configMap: + description: ConfigMap is the name of the ConfigMap to be used to back a configmap-server registry. Only used when SourceType = SourceTypeConfigmap or SourceTypeInternal. + type: string + description: + type: string + displayName: + description: Metadata + type: string + icon: + type: object + required: + - base64data + - mediatype + properties: + base64data: + type: string + mediatype: + type: string + image: + description: Image is an operator-registry container image to instantiate a registry-server with. Only used when SourceType = SourceTypeGrpc. If present, the address field is ignored. + type: string + priority: + description: 'Priority field assigns a weight to the catalog source to prioritize them so that it can be consumed by the dependency resolver. Usage: Higher weight indicates that this catalog source is preferred over lower weighted catalog sources during dependency resolution. The range of the priority value can go from positive to negative in the range of int32. The default value to a catalog source with unassigned priority would be 0. The catalog source with the same priority values will be ranked lexicographically based on its name.' + type: integer + publisher: + type: string + secrets: + description: Secrets represent set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. + type: array + items: type: string - format: date-time - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias to - string. Being a type captures intent and helps make sure that - UIDs and names do not get conflated. - type: string - connectionState: - type: object - required: - - lastObservedState - properties: - address: - type: string - lastConnect: - type: string - format: date-time - lastObservedState: - type: string - latestImageRegistryPoll: - description: The last time the CatalogSource image registry has been - polled to ensure the image is up-to-date - type: string - format: date-time - message: - description: A human readable message indicating details about why - the CatalogSource is in this condition. - type: string - reason: - description: Reason is the reason the CatalogSource was transitioned - to its current state. - type: string - registryService: - type: object - properties: - createdAt: - type: string - format: date-time - port: - type: string - protocol: - type: string - serviceName: - type: string - serviceNamespace: - type: string - served: true - storage: true - subresources: - status: {} + sourceType: + description: SourceType is the type of source + type: string + updateStrategy: + description: UpdateStrategy defines how updated catalog source images can be discovered Consists of an interval that defines polling duration and an embedded strategy type + type: object + properties: + registryPoll: + type: object + properties: + interval: + description: Interval is used to determine the time interval between checks of the latest catalog source version. The catalog operator polls to see if a new version of the catalog source is available. If available, the latest image is pulled and gRPC traffic is directed to the latest catalog source. + type: string + status: + type: object + properties: + configMapReference: + type: object + required: + - name + - namespace + properties: + lastUpdateTime: + type: string + format: date-time + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + type: string + connectionState: + type: object + required: + - lastObservedState + properties: + address: + type: string + lastConnect: + type: string + format: date-time + lastObservedState: + type: string + latestImageRegistryPoll: + description: The last time the CatalogSource image registry has been polled to ensure the image is up-to-date + type: string + format: date-time + message: + description: A human readable message indicating details about why the CatalogSource is in this condition. + type: string + reason: + description: Reason is the reason the CatalogSource was transitioned to its current state. + type: string + registryService: + type: object + properties: + createdAt: + type: string + format: date-time + port: + type: string + protocol: + type: string + serviceName: + type: string + serviceNamespace: + type: string + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 + controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: clusterserviceversions.operators.coreos.com spec: group: operators.coreos.com names: categories: - - olm + - olm kind: ClusterServiceVersion listKind: ClusterServiceVersionList plural: clusterserviceversions shortNames: - - csv - - csvs + - csv + - csvs singular: clusterserviceversion scope: Namespaced versions: - - additionalPrinterColumns: - - description: The name of the CSV - jsonPath: .spec.displayName - name: Display - type: string - - description: The version of the CSV - jsonPath: .spec.version - name: Version - type: string - - description: The name of a CSV that this one replaces - jsonPath: .spec.replaces - name: Replaces - type: string - - jsonPath: .status.phase - name: Phase - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterServiceVersionSpec declarations tell OLM how to install - an operator that can manage apps for a given version. - type: object - required: - - displayName - - install - properties: - annotations: - description: Annotations is an unstructured key value map stored with - a resource that may be set by external tools to store and retrieve - arbitrary metadata. - type: object - additionalProperties: - type: string - apiservicedefinitions: - description: APIServiceDefinitions declares all of the extension apis - managed or required by an operator being ran by ClusterServiceVersion. - type: object - properties: - owned: - type: array - items: - description: APIServiceDescription provides details to OLM about - apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: APIServiceDescription provides details to OLM about - apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - customresourcedefinitions: - description: "CustomResourceDefinitions declares all of the CRDs managed - or required by an operator being ran by ClusterServiceVersion. \n - If the CRD is present in the Owned list, it is implicitly required." - type: object - properties: - owned: - type: array - items: - description: CRDDescription provides details to OLM about the - CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: CRDDescription provides details to OLM about the - CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - description: - type: string - displayName: - type: string - icon: - type: array - items: + - additionalPrinterColumns: + - description: The name of the CSV + jsonPath: .spec.displayName + name: Display + type: string + - description: The version of the CSV + jsonPath: .spec.version + name: Version + type: string + - description: The name of a CSV that this one replaces + jsonPath: .spec.replaces + name: Replaces + type: string + - jsonPath: .status.phase + name: Phase + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterServiceVersionSpec declarations tell OLM how to install an operator that can manage apps for a given version. + type: object + required: + - displayName + - install + properties: + annotations: + description: Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. + type: object + additionalProperties: + type: string + apiservicedefinitions: + description: APIServiceDefinitions declares all of the extension apis managed or required by an operator being ran by ClusterServiceVersion. type: object - required: - - base64data - - mediatype properties: - base64data: - type: string - mediatype: - type: string - install: - description: NamedInstallStrategy represents the block of an ClusterServiceVersion - resource where the install strategy is specified. - type: object - required: - - strategy - properties: - spec: - description: StrategyDetailsDeployment represents the parsed details - of a Deployment InstallStrategy. - type: object - required: - - deployments - properties: - clusterPermissions: - type: array - items: - description: StrategyDeploymentPermissions describe the - rbac rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes - a policy rule, but does not contain information - about who the rule applies to or which namespace - the rule applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup - that contains the resources. If multiple API - groups are specified, any action requested against - one of the enumerated resources in any API group - will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial - urls that a user should have access to. *s - are allowed, but only as the full, final step - in the path Since non-resource URLs are not - namespaced, this field is only applicable for - ClusterRoles referenced from a ClusterRoleBinding. - Rules can either apply to API resources (such - as "pods" or "secrets") or non-resource URL - paths (such as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white - list of names that the rule applies to. An - empty set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources - this rule applies to. ResourceAll represents - all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply - to ALL the ResourceKinds and AttributeRestrictions - contained in this rule. VerbAll represents - all kinds. - type: array - items: - type: string - serviceAccountName: - type: string - deployments: - type: array - items: - description: StrategyDeploymentSpec contains the name, spec - and labels for the deployment ALM should create - type: object - required: + owned: + type: array + items: + description: APIServiceDescription provides details to OLM about apis provided via aggregation + type: object + required: + - group + - kind - name - - spec - properties: - label: - description: Set is a map of label:value. It implements - Labels. - type: object - additionalProperties: - type: string - name: - type: string - spec: - description: DeploymentSpec is the specification of - the desired behavior of the Deployment. + - version + properties: + actionDescriptors: + type: array + items: + description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance type: object required: - - selector - - template + - path properties: - minReadySeconds: - description: Minimum number of seconds for which - a newly created pod should be ready without any - of its container crashing, for it to be considered - available. Defaults to 0 (pod will be considered - available as soon as it is ready) - type: integer - format: int32 - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: The maximum time in seconds for a deployment - to make progress before it is considered to be - failed. The deployment controller will continue - to process failed deployments and a condition - with a ProgressDeadlineExceeded reason will be - surfaced in the deployment status. Note that progress - will not be estimated during the time a deployment - is paused. Defaults to 600s. - type: integer - format: int32 - replicas: - description: Number of desired pods. This is a pointer - to distinguish between explicit zero and not specified. - Defaults to 1. - type: integer - format: int32 - revisionHistoryLimit: - description: The number of old ReplicaSets to retain - to allow rollback. This is a pointer to distinguish - between explicit zero and not specified. Defaults - to 10. - type: integer - format: int32 - selector: - description: Label selector for pods. Existing ReplicaSets - whose pods are selected by this will be the ones - affected by this deployment. It must match the - pod template's labels. + description: + type: string + displayName: + type: string + path: + type: string + value: + description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. + type: string + format: byte + x-descriptors: + type: array + items: + type: string + containerPort: + type: integer + format: int32 + deploymentName: + type: string + description: + type: string + displayName: + type: string + group: + type: string + kind: + type: string + name: + type: string + resources: + type: array + items: + description: APIResourceReference is a Kubernetes resource type used by a custom resource + type: object + required: + - kind + - name + - version + properties: + kind: + type: string + name: + type: string + version: + type: string + specDescriptors: + type: array + items: + description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it + type: object + required: + - path + properties: + description: + type: string + displayName: + type: string + path: + type: string + value: + description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. + type: string + format: byte + x-descriptors: + type: array + items: + type: string + statusDescriptors: + type: array + items: + description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it + type: object + required: + - path + properties: + description: + type: string + displayName: + type: string + path: + type: string + value: + description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. + type: string + format: byte + x-descriptors: + type: array + items: + type: string + version: + type: string + required: + type: array + items: + description: APIServiceDescription provides details to OLM about apis provided via aggregation + type: object + required: + - group + - kind + - name + - version + properties: + actionDescriptors: + type: array + items: + description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance + type: object + required: + - path + properties: + description: + type: string + displayName: + type: string + path: + type: string + value: + description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. + type: string + format: byte + x-descriptors: + type: array + items: + type: string + containerPort: + type: integer + format: int32 + deploymentName: + type: string + description: + type: string + displayName: + type: string + group: + type: string + kind: + type: string + name: + type: string + resources: + type: array + items: + description: APIResourceReference is a Kubernetes resource type used by a custom resource + type: object + required: + - kind + - name + - version + properties: + kind: + type: string + name: + type: string + version: + type: string + specDescriptors: + type: array + items: + description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it + type: object + required: + - path + properties: + description: + type: string + displayName: + type: string + path: + type: string + value: + description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. + type: string + format: byte + x-descriptors: + type: array + items: + type: string + statusDescriptors: + type: array + items: + description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it + type: object + required: + - path + properties: + description: + type: string + displayName: + type: string + path: + type: string + value: + description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. + type: string + format: byte + x-descriptors: + type: array + items: + type: string + version: + type: string + cleanup: + description: Cleanup specifies the cleanup behaviour when the CSV gets deleted + type: object + required: + - enabled + properties: + enabled: + type: boolean + customresourcedefinitions: + description: "CustomResourceDefinitions declares all of the CRDs managed or required by an operator being ran by ClusterServiceVersion. \n If the CRD is present in the Owned list, it is implicitly required." + type: object + properties: + owned: + type: array + items: + description: CRDDescription provides details to OLM about the CRDs + type: object + required: + - kind + - name + - version + properties: + actionDescriptors: + type: array + items: + description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance + type: object + required: + - path + properties: + description: + type: string + displayName: + type: string + path: + type: string + value: + description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. + type: string + format: byte + x-descriptors: + type: array + items: + type: string + description: + type: string + displayName: + type: string + kind: + type: string + name: + type: string + resources: + type: array + items: + description: APIResourceReference is a Kubernetes resource type used by a custom resource + type: object + required: + - kind + - name + - version + properties: + kind: + type: string + name: + type: string + version: + type: string + specDescriptors: + type: array + items: + description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it + type: object + required: + - path + properties: + description: + type: string + displayName: + type: string + path: + type: string + value: + description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. + type: string + format: byte + x-descriptors: + type: array + items: + type: string + statusDescriptors: + type: array + items: + description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it + type: object + required: + - path + properties: + description: + type: string + displayName: + type: string + path: + type: string + value: + description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. + type: string + format: byte + x-descriptors: + type: array + items: + type: string + version: + type: string + required: + type: array + items: + description: CRDDescription provides details to OLM about the CRDs + type: object + required: + - kind + - name + - version + properties: + actionDescriptors: + type: array + items: + description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance + type: object + required: + - path + properties: + description: + type: string + displayName: + type: string + path: + type: string + value: + description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. + type: string + format: byte + x-descriptors: + type: array + items: + type: string + description: + type: string + displayName: + type: string + kind: + type: string + name: + type: string + resources: + type: array + items: + description: APIResourceReference is a Kubernetes resource type used by a custom resource + type: object + required: + - kind + - name + - version + properties: + kind: + type: string + name: + type: string + version: + type: string + specDescriptors: + type: array + items: + description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it + type: object + required: + - path + properties: + description: + type: string + displayName: + type: string + path: + type: string + value: + description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. + type: string + format: byte + x-descriptors: + type: array + items: + type: string + statusDescriptors: + type: array + items: + description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it + type: object + required: + - path + properties: + description: + type: string + displayName: + type: string + path: + type: string + value: + description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. + type: string + format: byte + x-descriptors: + type: array + items: + type: string + version: + type: string + description: + type: string + displayName: + type: string + icon: + type: array + items: + type: object + required: + - base64data + - mediatype + properties: + base64data: + type: string + mediatype: + type: string + install: + description: NamedInstallStrategy represents the block of an ClusterServiceVersion resource where the install strategy is specified. + type: object + required: + - strategy + properties: + spec: + description: StrategyDetailsDeployment represents the parsed details of a Deployment InstallStrategy. + type: object + required: + - deployments + properties: + clusterPermissions: + type: array + items: + description: StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy + type: object + required: + - rules + - serviceAccountName + properties: + rules: + type: array + items: + description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. type: object + required: + - verbs properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. + apiGroups: + description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. type: array items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + type: string + nonResourceURLs: + description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. + type: array + items: + type: string + resourceNames: + description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. + type: array + items: + type: string + resources: + description: Resources is a list of resources this rule applies to. ResourceAll represents all resources. + type: array + items: + type: string + verbs: + description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. + type: array + items: + type: string + serviceAccountName: + type: string + deployments: + type: array + items: + description: StrategyDeploymentSpec contains the name, spec and labels for the deployment ALM should create + type: object + required: + - name + - spec + properties: + label: + description: Set is a map of label:value. It implements Labels. + type: object + additionalProperties: + type: string + name: + type: string + spec: + description: DeploymentSpec is the specification of the desired behavior of the Deployment. + type: object + required: + - selector + - template + properties: + minReadySeconds: + description: Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) + type: integer + format: int32 + paused: + description: Indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s. + type: integer + format: int32 + replicas: + description: Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1. + type: integer + format: int32 + revisionHistoryLimit: + description: The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10. + type: integer + format: int32 + selector: + description: Label selector for pods. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template's labels. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + strategy: + description: The deployment strategy to use to replace existing pods with new ones. + type: object + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be.' + type: object + properties: + maxSurge: + description: 'The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.' + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + description: 'The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.' + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: + description: Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. + type: string + template: + description: Template describes the pods that will be created. + type: object + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + x-kubernetes-preserve-unknown-fields: true + spec: + description: 'Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' type: object required: - - key - - operator + - containers properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - additionalProperties: - type: string - strategy: - description: The deployment strategy to use to replace - existing pods with new ones. - type: object - properties: - rollingUpdate: - description: 'Rolling update config params. - Present only if DeploymentStrategyType = RollingUpdate. - --- TODO: Update this to follow our convention - for oneOf, whatever we decide it to be.' - type: object - properties: - maxSurge: - description: 'The maximum number of pods - that can be scheduled above the desired - number of pods. Value can be an absolute - number (ex: 5) or a percentage of desired - pods (ex: 10%). This can not be 0 if MaxUnavailable - is 0. Absolute number is calculated from - percentage by rounding up. Defaults to - 25%. Example: when this is set to 30%, - the new ReplicaSet can be scaled up immediately - when the rolling update starts, such that - the total number of old and new pods do - not exceed 130% of desired pods. Once - old pods have been killed, new ReplicaSet - can be scaled up further, ensuring that - total number of pods running at any time - during the update is at most 130% of desired - pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - description: 'The maximum number of pods - that can be unavailable during the update. - Value can be an absolute number (ex: 5) - or a percentage of desired pods (ex: 10%). - Absolute number is calculated from percentage - by rounding down. This can not be 0 if - MaxSurge is 0. Defaults to 25%. Example: - when this is set to 30%, the old ReplicaSet - can be scaled down to 70% of desired pods - immediately when the rolling update starts. - Once new pods are ready, old ReplicaSet - can be scaled down further, followed by - scaling up the new ReplicaSet, ensuring - that the total number of pods available - at all times during the update is at least - 70% of desired pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: - description: Type of deployment. Can be "Recreate" - or "RollingUpdate". Default is RollingUpdate. - type: string - template: - description: Template describes the pods that will - be created. - type: object - properties: - metadata: - description: 'Standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: 'Specification of the desired behavior - of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - containers - properties: - activeDeadlineSeconds: - description: Optional duration in seconds - the pod may be active on the node relative - to StartTime before the system will actively - try to mark it failed and kill associated - containers. Value must be a positive integer. - type: integer - format: int64 - affinity: - description: If specified, the pod's scheduling - constraints - type: object - properties: - nodeAffinity: - description: Describes node affinity - scheduling rules for the pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches - the corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. - type: array - items: - description: An empty preferred - scheduling term matches all - objects with implicit weight - 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector - term, associated with the - corresponding weight. - type: object - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchFields: - description: A list of - node selector requirements - by node's fields. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the - range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to an - update), the system may or may - not try to eventually evict the - pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. - type: array - items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset - of the NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchFields: - description: A list of - node selector requirements - by node's fields. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - podAffinity: - description: Describes pod affinity - scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as - some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - type: array - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces - specifies which namespaces - the labelSelector applies - to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to a pod - label update), the system may - or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the anti-affinity - expressions specified by this - field, but it may choose a node - that violates one or more of the - expressions. The node that is - most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and - adding "weight" to the sum if - the node has pods which matches - the corresponding podAffinityTerm; - the node(s) with the highest sum - are the most preferred. - type: array - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces - specifies which namespaces - the labelSelector applies - to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this - field are not met at scheduling - time, the pod will not be scheduled - onto the node. If the anti-affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), the - system may or may not try to eventually - evict the pod from its node. When - there are multiple elements, the - lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - automountServiceAccountToken: - description: AutomountServiceAccountToken - indicates whether a service account token - should be automatically mounted. - type: boolean - containers: - description: List of containers belonging - to the pod. Containers cannot currently - be added or removed. There must be at - least one container in a Pod. Cannot be - updated. - type: array - items: - description: A single application container - that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be - expanded, regardless of whether - the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot - be updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container - and any service environment - variables. If a variable cannot - be resolved, the reference - in the input string will be - unchanged. The $(VAR_NAME) - syntax can be escaped with - a double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of - whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the - environment variable's value. - Cannot be used if value is - not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key - to select. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its key must be - defined - type: boolean - fieldRef: - description: 'Selects a - field of the pod: supports - metadata.name, metadata.namespace, - metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key - of the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source - must be a C_IDENTIFIER. All invalid - keys will be reported as an event - when the container is starting. - When a key exists in multiple sources, - the value associated with the last - source will take precedence. Values - defined by an Env with a duplicate - key will take precedence. Cannot - be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be - defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow - higher level config management to - default or override container images - in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. - Defaults to Always if :latest tag - is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management - system should take in response to - container lifecycle events. Cannot - be updated. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated - and restarted according to its - restart policy. Other management - of the container blocks until - the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API - request or management event - such as liveness/startup probe - failure, preemption, resource - contention, etc. The handler - is not called if the container - crashes or exits. The reason - for termination is passed to - the handler. The Pod''s termination - grace period countdown begins - before the PreStop hooked is - executed. Regardless of the - outcome of the handler, the - container will eventually terminate - within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until - the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container - specified as a DNS_LABEL. Each container - in a pod must have a unique name - (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose - from the container. Exposing a port - here gives the system additional - information about the network connections - a container uses, but is primarily - informational. Not specifying a - port here DOES NOT prevent that - port from being exposed. Any port - which is listening on the default - "0.0.0.0" address inside a container - will be accessible from the network. - Cannot be updated. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port - to expose on the pod's IP - address. This must be a valid - port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to - bind the external port to. - type: string - hostPort: - description: Number of port - to expose on the host. If - specified, this must be a - valid port number, 0 < x < - 65536. If HostNetwork is specified, - this must match ContainerPort. - Most containers do not need - this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container - service readiness. Container will - be removed from service endpoints - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'Security options the - pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs - flag will be set on the container - process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities - to add/drop when running containers. - Defaults to the default set - of capabilities granted by the - container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - privileged: - description: Run container in - privileged mode. Processes in - privileged containers are essentially - equivalent to root on the host. - Defaults to false. - type: boolean - procMount: - description: procMount denotes - the type of proc mount to use - for the containers. The default - is DefaultProcMount which uses - the container runtime defaults - for readonly paths and masked - paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container - process. Uses runtime default - if unset. May also be set in - PodSecurityContext. If set - in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext - takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to - start the container if it does. - If unset or false, no such validation - will be performed. May also - be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container - process. Defaults to user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies - to the container. - type: string - role: - description: Role is a SELinux - role label that applies - to the container. - type: string - type: - description: Type is a SELinux - type label that applies - to the container. - type: string - user: - description: User is a SELinux - user label that applies - to the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options - from the PodSecurityContext - will be used. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of - the GMSA credential spec - named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName - in Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - startupProbe: - description: 'StartupProbe indicates - that the Pod has successfully initialized. - If specified, no other probes are - executed until this completes successfully. - If this probe fails, the Pod will - be restarted, just as if the livenessProbe - failed. This can be used to provide - different probe parameters at the - beginning of a Pod''s lifecycle, - when it might take a long time to - load data or warm a cache, than - during steady-state operation. This - cannot be updated. This is a beta - feature enabled by the StartupProbe - feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in - the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container - runtime should close the stdin channel - after it has been opened by a single - attach. When stdin is true the stdin - stream will remain open across multiple - attach sessions. If stdinOnce is - set to true, stdin is opened on - container start, is empty until - the first client attaches to stdin, - and then remains open and accepts - data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads - from stdin will never receive an - EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s - filesystem. Message written is intended - to be brief final status, such as - an assertion failure message. Will - be truncated by the node if greater - than 4096 bytes. The total message - length across all containers will - be limited to 12kb. Defaults to - /dev/termination-log. Cannot be - updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status - message on both success and failure. - FallbackToLogsOnError will use the - last chunk of container log output - if the termination message file - is empty and the container exited - with an error. The log output is - limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to - File. Cannot be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the - list of block devices to be used - by the container. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match - the name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount - into the container's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the - container at which the volume - should be mounted. Must not - contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are - propagated from the host to - container and the other way - around. When not set, MountPropagationNone - is used. This field is beta - in 1.10. - type: string - name: - description: This must match - the Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the - volume from which the container's - volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the - container's volume should - be mounted. Behaves similarly - to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. - If not specified, the container - runtime's default will be used, - which might be configured in the - container image. Cannot be updated. - type: string - dnsConfig: - description: Specifies the DNS parameters - of a pod. Parameters specified here will - be merged to the generated DNS configuration - based on DNSPolicy. - type: object - properties: - nameservers: - description: A list of DNS name server - IP addresses. This will be appended - to the base nameservers generated - from DNSPolicy. Duplicated nameservers - will be removed. - type: array - items: - type: string - options: - description: A list of DNS resolver - options. This will be merged with - the base options generated from DNSPolicy. - Duplicated entries will be removed. - Resolution options given in Options - will override those that appear in - the base DNSPolicy. - type: array - items: - description: PodDNSConfigOption defines - DNS resolver options of a pod. - type: object - properties: - name: - description: Required. - type: string - value: - type: string - searches: - description: A list of DNS search domains - for host-name lookup. This will be - appended to the base search paths - generated from DNSPolicy. Duplicated - search paths will be removed. - type: array - items: - type: string - dnsPolicy: - description: Set DNS policy for the pod. - Defaults to "ClusterFirst". Valid values - are 'ClusterFirstWithHostNet', 'ClusterFirst', - 'Default' or 'None'. DNS parameters given - in DNSConfig will be merged with the policy - selected with DNSPolicy. To have DNS options - set along with hostNetwork, you have to - specify DNS policy explicitly to 'ClusterFirstWithHostNet'. - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates - whether information about services should - be injected into pod''s environment variables, - matching the syntax of Docker links. Optional: - Defaults to true.' - type: boolean - ephemeralContainers: - description: List of ephemeral containers - run in this pod. Ephemeral containers - may be run in an existing pod to perform - user-initiated actions such as debugging. - This list cannot be specified when creating - a pod, and it cannot be modified by updating - the pod spec. In order to add an ephemeral - container to an existing pod, use the - pod's ephemeralcontainers subresource. - This field is alpha-level and is only - honored by servers that enable the EphemeralContainers - feature. - type: array - items: - description: An EphemeralContainer is - a container that may be added temporarily - to an existing pod for user-initiated - activities such as debugging. Ephemeral - containers have no resource or scheduling - guarantees, and they will not be restarted - when they exit or when a pod is removed - or restarted. If an ephemeral container - causes a pod to exceed its resource - allocation, the pod may be evicted. - Ephemeral containers may not be added - by directly updating the pod spec. They - must be added via the pod's ephemeralcontainers - subresource, and they will appear in - the pod spec once added. This is an - alpha feature enabled by the EphemeralContainers - feature flag. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be - expanded, regardless of whether - the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot - be updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container - and any service environment - variables. If a variable cannot - be resolved, the reference - in the input string will be - unchanged. The $(VAR_NAME) - syntax can be escaped with - a double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of - whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the - environment variable's value. - Cannot be used if value is - not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key - to select. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its key must be - defined - type: boolean - fieldRef: - description: 'Selects a - field of the pod: supports - metadata.name, metadata.namespace, - metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key - of the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source - must be a C_IDENTIFIER. All invalid - keys will be reported as an event - when the container is starting. - When a key exists in multiple sources, - the value associated with the last - source will take precedence. Values - defined by an Env with a duplicate - key will take precedence. Cannot - be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be - defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. - Defaults to Always if :latest tag - is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle is not allowed - for ephemeral containers. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated - and restarted according to its - restart policy. Other management - of the container blocks until - the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API - request or management event - such as liveness/startup probe - failure, preemption, resource - contention, etc. The handler - is not called if the container - crashes or exits. The reason - for termination is passed to - the handler. The Pod''s termination - grace period countdown begins - before the PreStop hooked is - executed. Regardless of the - outcome of the handler, the - container will eventually terminate - within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until - the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the ephemeral - container specified as a DNS_LABEL. - This name must be unique among all - containers, init containers and - ephemeral containers. - type: string - ports: - description: Ports are not allowed - for ephemeral containers. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port - to expose on the pod's IP - address. This must be a valid - port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to - bind the external port to. - type: string - hostPort: - description: Number of port - to expose on the host. If - specified, this must be a - valid port number, 0 < x < - 65536. If HostNetwork is specified, - this must match ContainerPort. - Most containers do not need - this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - readinessProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: Resources are not allowed - for ephemeral containers. Ephemeral - containers use spare resources already - allocated to the pod. - type: object - properties: - limits: - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: SecurityContext is not - allowed for ephemeral containers. - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs - flag will be set on the container - process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities - to add/drop when running containers. - Defaults to the default set - of capabilities granted by the - container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - privileged: - description: Run container in - privileged mode. Processes in - privileged containers are essentially - equivalent to root on the host. - Defaults to false. - type: boolean - procMount: - description: procMount denotes - the type of proc mount to use - for the containers. The default - is DefaultProcMount which uses - the container runtime defaults - for readonly paths and masked - paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container - process. Uses runtime default - if unset. May also be set in - PodSecurityContext. If set - in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext - takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to - start the container if it does. - If unset or false, no such validation - will be performed. May also - be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container - process. Defaults to user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies - to the container. - type: string - role: - description: Role is a SELinux - role label that applies - to the container. - type: string - type: - description: Type is a SELinux - type label that applies - to the container. - type: string - user: - description: User is a SELinux - user label that applies - to the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options - from the PodSecurityContext - will be used. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of - the GMSA credential spec - named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName - in Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - startupProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in - the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container - runtime should close the stdin channel - after it has been opened by a single - attach. When stdin is true the stdin - stream will remain open across multiple - attach sessions. If stdinOnce is - set to true, stdin is opened on - container start, is empty until - the first client attaches to stdin, - and then remains open and accepts - data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads - from stdin will never receive an - EOF. Default is false - type: boolean - targetContainerName: - description: If set, the name of the - container from PodSpec that this - ephemeral container targets. The - ephemeral container will be run - in the namespaces (IPC, PID, etc) - of this container. If not set then - the ephemeral container is run in - whatever namespaces are shared for - the pod. Note that the container - runtime must support this feature. - type: string - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s - filesystem. Message written is intended - to be brief final status, such as - an assertion failure message. Will - be truncated by the node if greater - than 4096 bytes. The total message - length across all containers will - be limited to 12kb. Defaults to - /dev/termination-log. Cannot be - updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status - message on both success and failure. - FallbackToLogsOnError will use the - last chunk of container log output - if the termination message file - is empty and the container exited - with an error. The log output is - limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to - File. Cannot be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the - list of block devices to be used - by the container. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match - the name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount - into the container's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the - container at which the volume - should be mounted. Must not - contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are - propagated from the host to - container and the other way - around. When not set, MountPropagationNone - is used. This field is beta - in 1.10. - type: string - name: - description: This must match - the Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the - volume from which the container's - volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the - container's volume should - be mounted. Behaves similarly - to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. - If not specified, the container - runtime's default will be used, - which might be configured in the - container image. Cannot be updated. - type: string - hostAliases: - description: HostAliases is an optional - list of hosts and IPs that will be injected - into the pod's hosts file if specified. - This is only valid for non-hostNetwork - pods. - type: array - items: - description: HostAlias holds the mapping - between IP and hostnames that will be - injected as an entry in the pod's hosts - file. + activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. + type: integer + format: int64 + affinity: + description: If specified, the pod's scheduling constraints type: object properties: - hostnames: - description: Hostnames for the above - IP address. - type: array - items: - type: string - ip: - description: IP address of the host - file entry. - type: string - hostIPC: - description: 'Use the host''s ipc namespace. - Optional: Default to false.' - type: boolean - hostNetwork: - description: Host networking requested for - this pod. Use the host's network namespace. - If this option is set, the ports that - will be used must be specified. Default - to false. - type: boolean - hostPID: - description: 'Use the host''s pid namespace. - Optional: Default to false.' - type: boolean - hostname: - description: Specifies the hostname of the - Pod If not specified, the pod's hostname - will be set to a system-defined value. - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the - images used by this PodSpec. If specified, - these secrets will be passed to individual - puller implementations for them to use. - For example, in the case of docker, only - DockerConfig type secrets are honored. - More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains - enough information to let you locate - the referenced object inside the same - namespace. - type: object - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - initContainers: - description: 'List of initialization containers - belonging to the pod. Init containers - are executed in order prior to containers - being started. If any init container fails, - the pod is considered to have failed and - is handled according to its restartPolicy. - The name for an init container or normal - container must be unique among all containers. - Init containers may not have Lifecycle - actions, Readiness probes, Liveness probes, - or Startup probes. The resourceRequirements - of an init container are taken into account - during scheduling by finding the highest - request/limit for each resource type, - and then using the max of of that value - or the sum of the normal containers. Limits - are applied to init containers in a similar - fashion. Init containers cannot currently - be added or removed. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: A single application container - that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be - expanded, regardless of whether - the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot - be updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container - and any service environment - variables. If a variable cannot - be resolved, the reference - in the input string will be - unchanged. The $(VAR_NAME) - syntax can be escaped with - a double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of - whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the - environment variable's value. - Cannot be used if value is - not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key - to select. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its key must be - defined - type: boolean - fieldRef: - description: 'Selects a - field of the pod: supports - metadata.name, metadata.namespace, - metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key - of the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source - must be a C_IDENTIFIER. All invalid - keys will be reported as an event - when the container is starting. - When a key exists in multiple sources, - the value associated with the last - source will take precedence. Values - defined by an Env with a duplicate - key will take precedence. Cannot - be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be - defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow - higher level config management to - default or override container images - in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. - Defaults to Always if :latest tag - is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management - system should take in response to - container lifecycle events. Cannot - be updated. + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. type: object properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated - and restarted according to its - restart policy. Other management - of the container blocks until - the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API - request or management event - such as liveness/startup probe - failure, preemption, resource - contention, etc. The handler - is not called if the container - crashes or exits. The reason - for termination is passed to - the handler. The Pod''s termination - grace period countdown begins - before the PreStop hooked is - executed. Regardless of the - outcome of the handler, the - container will eventually terminate - within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until - the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container - specified as a DNS_LABEL. Each container - in a pod must have a unique name - (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose - from the container. Exposing a port - here gives the system additional - information about the network connections - a container uses, but is primarily - informational. Not specifying a - port here DOES NOT prevent that - port from being exposed. Any port - which is listening on the default - "0.0.0.0" address inside a container - will be accessible from the network. - Cannot be updated. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port - to expose on the pod's IP - address. This must be a valid - port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to - bind the external port to. - type: string - hostPort: - description: Number of port - to expose on the host. If - specified, this must be a - valid port number, 0 < x < - 65536. If HostNetwork is specified, - this must match ContainerPort. - Most containers do not need - this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container - service readiness. Container will - be removed from service endpoints - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'Security options the - pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs - flag will be set on the container - process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities - to add/drop when running containers. - Defaults to the default set - of capabilities granted by the - container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - privileged: - description: Run container in - privileged mode. Processes in - privileged containers are essentially - equivalent to root on the host. - Defaults to false. - type: boolean - procMount: - description: procMount denotes - the type of proc mount to use - for the containers. The default - is DefaultProcMount which uses - the container runtime defaults - for readonly paths and masked - paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container - process. Uses runtime default - if unset. May also be set in - PodSecurityContext. If set - in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext - takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to - start the container if it does. - If unset or false, no such validation - will be performed. May also - be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container - process. Defaults to user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies - to the container. - type: string - role: - description: Role is a SELinux - role label that applies - to the container. - type: string - type: - description: Type is a SELinux - type label that applies - to the container. - type: string - user: - description: User is a SELinux - user label that applies - to the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options - from the PodSecurityContext - will be used. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of - the GMSA credential spec - named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName - in Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - startupProbe: - description: 'StartupProbe indicates - that the Pod has successfully initialized. - If specified, no other probes are - executed until this completes successfully. - If this probe fails, the Pod will - be restarted, just as if the livenessProbe - failed. This can be used to provide - different probe parameters at the - beginning of a Pod''s lifecycle, - when it might take a long time to - load data or warm a cache, than - during steady-state operation. This - cannot be updated. This is a beta - feature enabled by the StartupProbe - feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in - the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container - runtime should close the stdin channel - after it has been opened by a single - attach. When stdin is true the stdin - stream will remain open across multiple - attach sessions. If stdinOnce is - set to true, stdin is opened on - container start, is empty until - the first client attaches to stdin, - and then remains open and accepts - data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads - from stdin will never receive an - EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s - filesystem. Message written is intended - to be brief final status, such as - an assertion failure message. Will - be truncated by the node if greater - than 4096 bytes. The total message - length across all containers will - be limited to 12kb. Defaults to - /dev/termination-log. Cannot be - updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status - message on both success and failure. - FallbackToLogsOnError will use the - last chunk of container log output - if the termination message file - is empty and the container exited - with an error. The log output is - limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to - File. Cannot be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the - list of block devices to be used - by the container. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match - the name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount - into the container's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the - container at which the volume - should be mounted. Must not - contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are - propagated from the host to - container and the other way - around. When not set, MountPropagationNone - is used. This field is beta - in 1.10. - type: string - name: - description: This must match - the Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the - volume from which the container's - volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the - container's volume should - be mounted. Behaves similarly - to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. - If not specified, the container - runtime's default will be used, - which might be configured in the - container image. Cannot be updated. - type: string - nodeName: - description: NodeName is a request to schedule - this pod onto a specific node. If it is - non-empty, the scheduler simply schedules - this pod onto that node, assuming that - it fits resource requirements. - type: string - nodeSelector: - description: 'NodeSelector is a selector - which must be true for the pod to fit - on a node. Selector which must match a - node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - overhead: - description: 'Overhead represents the resource - overhead associated with running a pod - for a given RuntimeClass. This field will - be autopopulated at admission time by - the RuntimeClass admission controller. - If the RuntimeClass admission controller - is enabled, overhead must not be set in - Pod create requests. The RuntimeClass - admission controller will reject Pod create - requests which have the overhead already - set. If RuntimeClass is configured and - selected in the PodSpec, Overhead will - be set to the value defined in the corresponding - RuntimeClass, otherwise it will remain - unset and treated as zero. More info: - https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md - This field is alpha-level as of Kubernetes - v1.16, and is only honored by servers - that enable the PodOverhead feature.' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preemptionPolicy: - description: PreemptionPolicy is the Policy - for preempting pods with lower priority. - One of Never, PreemptLowerPriority. Defaults - to PreemptLowerPriority if unset. This - field is alpha-level and is only honored - by servers that enable the NonPreemptingPriority - feature. - type: string - priority: - description: The priority value. Various - system components use this field to find - the priority of the pod. When Priority - Admission Controller is enabled, it prevents - users from setting this field. The admission - controller populates this field from PriorityClassName. - The higher the value, the higher the priority. - type: integer - format: int32 - priorityClassName: - description: If specified, indicates the - pod's priority. "system-node-critical" - and "system-cluster-critical" are two - special keywords which indicate the highest - priorities with the former being the highest - priority. Any other name must be defined - by creating a PriorityClass object with - that name. If not specified, the pod priority - will be default or zero if there is no - default. - type: string - readinessGates: - description: 'If specified, all readiness - gates will be evaluated for pod readiness. - A pod is ready when all its containers - are ready AND all conditions specified - in the readiness gates have status equal - to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' - type: array - items: - description: PodReadinessGate contains - the reference to a pod condition - type: object - required: - - conditionType - properties: - conditionType: - description: ConditionType refers - to a condition in the pod's condition - list with matching type. - type: string - restartPolicy: - description: 'Restart policy for all containers - within the pod. One of Always, OnFailure, - Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' - type: string - runtimeClassName: - description: 'RuntimeClassName refers to - a RuntimeClass object in the node.k8s.io - group, which should be used to run this - pod. If no RuntimeClass resource matches - the named class, the pod will not be run. - If unset or empty, the "legacy" RuntimeClass - will be used, which is an implicit class - with an empty definition that uses the - default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is a beta feature as of Kubernetes - v1.14.' - type: string - schedulerName: - description: If specified, the pod will - be dispatched by specified scheduler. - If not specified, the pod will be dispatched - by default scheduler. - type: string - securityContext: - description: 'SecurityContext holds pod-level - security attributes and common container - settings. Optional: Defaults to empty. See - type description for default values of - each field.' - type: object - properties: - fsGroup: - description: "A special supplemental - group that applies to all containers - in a pod. Some volume types allow - the Kubelet to change the ownership - of that volume to be owned by the - pod: \n 1. The owning GID will be - the FSGroup 2. The setgid bit is set - (new files created in the volume will - be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If - unset, the Kubelet will not modify - the ownership and permissions of any - volume." - type: integer - format: int64 - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and - permission of the volume before being - exposed inside Pod. This field will - only apply to volume types which support - fsGroup based ownership(and permissions). - It will have no effect on ephemeral - volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults - to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in SecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does - not run as UID 0 (root) and fail to - start the container if it does. If - unset or false, no such validation - will be performed. May also be set - in SecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set in - SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence for that container. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to - be applied to all containers. If unspecified, - the container runtime will allocate - a random SELinux context for each - container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - type: object - properties: - level: - description: Level is SELinux level - label that applies to the container. - type: string - role: - description: Role is a SELinux role - label that applies to the container. - type: string - type: - description: Type is a SELinux type - label that applies to the container. - type: string - user: - description: User is a SELinux user - label that applies to the container. - type: string - supplementalGroups: - description: A list of groups applied - to the first process run in each container, - in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. - type: array - items: - type: integer - format: int64 - sysctls: - description: Sysctls hold a list of - namespaced sysctls used for the pod. - Pods with unsupported sysctls (by - the container runtime) might fail - to launch. - type: array - items: - description: Sysctl defines a kernel - parameter to be set - type: object - required: - - name - - value - properties: - name: - description: Name of a property - to set - type: string - value: - description: Value of a property - to set - type: string - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user - specified in image metadata if - unspecified. May also be set in - PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - serviceAccount: - description: 'DeprecatedServiceAccount is - a depreciated alias for ServiceAccountName. - Deprecated: Use serviceAccountName instead.' - type: string - serviceAccountName: - description: 'ServiceAccountName is the - name of the ServiceAccount to use to run - this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - shareProcessNamespace: - description: 'Share a single process namespace - between all of the containers in a pod. - When this is set containers will be able - to view and signal processes from other - containers in the same pod, and the first - process in each container will not be - assigned PID 1. HostPID and ShareProcessNamespace - cannot both be set. Optional: Default - to false.' - type: boolean - subdomain: - description: If specified, the fully qualified - Pod hostname will be "...svc.". If not - specified, the pod will not have a domainname - at all. - type: string - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully. - May be decreased in delete request. Value - must be non-negative integer. The value - zero indicates delete immediately. If - this value is nil, the default grace period - will be used instead. The grace period - is the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. Defaults - to 30 seconds. - type: integer - format: int64 - tolerations: - description: If specified, the pod's tolerations. - type: array - items: - description: The pod this Toleration is - attached to tolerates any taint that - matches the triple - using the matching operator . - type: object - properties: - effect: - description: Effect indicates the - taint effect to match. Empty means - match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key - that the toleration applies to. - Empty means match all taint keys. - If the key is empty, operator must - be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a - key's relationship to the value. - Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent - to wildcard for value, so that a - pod can tolerate all taints of a - particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) - tolerates the taint. By default, - it is not set, which means tolerate - the taint forever (do not evict). - Zero and negative values will be - treated as 0 (evict immediately) - by the system. - type: integer - format: int64 - value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. - type: string - topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - This field is only honored by clusters - that enable the EvenPodsSpread feature. - All topologySpreadConstraints are ANDed. - type: array - items: - description: TopologySpreadConstraint - specifies how to spread matching pods - among the given topology. - type: object - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - properties: - labelSelector: - description: LabelSelector is used - to find matching pods. Pods that - match this label selector are counted - to determine the number of pods - in their corresponding topology - domain. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. type: array items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). type: object required: - - key - - operator + - preference + - weight properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. + preference: + description: A node selector term, associated with the corresponding weight. + type: object + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + type: array + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchFields: + description: A list of node selector requirements by node's fields. + type: array + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + type: array + items: + type: string + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + type: integer + format: int32 + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + type: object + required: + - nodeSelectorTerms + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + type: array + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + type: object + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + type: array + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchFields: + description: A list of node selector requirements by node's fields. + type: array + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + type: array + items: + type: string + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + type: array + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + type: object + required: + - podAffinityTerm + - weight + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + type: object + required: + - topologyKey + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + type: array + items: + type: string + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + type: integer + format: int32 + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + type: array + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + type: object + required: + - topologyKey + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" type: array items: type: string - matchLabels: - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - maxSkew: - description: 'MaxSkew describes the - degree to which pods may be unevenly - distributed. It''s the maximum permitted - difference between the number of - matching pods in any two topology - domains of a given topology type. - For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with - the same labelSelector spread as - 1/1/0: | zone1 | zone2 | zone3 | - | P | P | | - if MaxSkew - is 1, incoming pod can only be scheduled - to zone3 to become 1/1/1; scheduling - it onto zone1(zone2) would make - the ActualSkew(2-0) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew - is 2, incoming pod can be scheduled - onto any zone. It''s a required - field. Default value is 1 and 0 - is not allowed.' - type: integer - format: int32 - topologyKey: - description: TopologyKey is the key - of node labels. Nodes that have - a label with this key and identical - values are considered to be in the - same topology. We consider each - as a "bucket", and - try to put balanced number of pods - into each bucket. It's a required - field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - - DoNotSchedule (default) tells the - scheduler not to schedule it - ScheduleAnyway - tells the scheduler to still schedule - it It''s considered as "Unsatisfiable" - if and only if placing incoming - pod on any topology violates "MaxSkew". - For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with - the same labelSelector spread as - 3/1/1: | zone1 | zone2 | zone3 | - | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming - pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can - still be imbalanced, but scheduler - won''t make it *more* imbalanced. - It''s a required field.' - type: string - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - description: 'List of volumes that can be - mounted by containers belonging to the - pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named - volume in a pod that may be accessed - by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore - represents an AWS Disk resource - that is attached to a kubelet''s - host machine and then exposed to - the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). type: object - required: - - volumeID properties: - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in - the volume that you want to - mount. If omitted, the default - is to mount by volume name. - Examples: For volume /dev/sda1, - you specify the partition as - "1". Similarly, the volume partition - for /dev/sda is "0" (or you - can leave the property empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to - force and set the ReadOnly property - in VolumeMounts to "true". If - omitted, the default is "false". - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the - persistent disk resource in - AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents - an Azure Data Disk mount on the - host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: - None, Read Only, Read Write.' - type: string - diskName: - description: The Name of the data - disk in the blob storage - type: string - diskURI: - description: The URI the data - disk in the blob storage - type: string - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - kind: - description: 'Expected values - Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage - account Managed: azure managed - data disk (only in managed availability - set). defaults to shared' - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents - an Azure File Service mount on the - host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretName: - description: the name of secret - that contains Azure Storage - Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph - FS mount on the host that shares - a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors - is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. type: array items: - type: string - path: - description: 'Optional: Used as - the mounted root, rather than - the full Ceph tree, default - is /' - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile - is the path to key ring for - User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef - is reference to the authentication - secret for User, default is - empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - user: - description: 'Optional: User is - the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a - cinder volume attached and mounted - on kubelets host machine. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type - to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred - to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. More - info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points - to a secret object containing - parameters used to connect to - OpenStack.' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - volumeID: - description: 'volume id used to - identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents - a configMap that should populate - this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each - key-value pair in the Data field - of the referenced ConfigMap - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the ConfigMap, the volume - setup will error unless it is - marked optional. Paths must - be relative and may not contain - the '..' path or start with - '..'. - type: array - items: - description: Maps a string key - to a path within a volume. + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) type: object required: - - key - - path + - podAffinityTerm + - weight properties: - key: - description: The key to - project. - type: string - mode: - description: 'Optional: - mode bits to use on this - file, must be a value - between 0 and 0777. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, - like fsGroup, and the - result can be other mode - bits set.' + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + type: object + required: + - topologyKey + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + type: array + items: + type: string + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. type: integer format: int32 - path: - description: The relative - path of the file to map - the key to. May not be - an absolute path. May - not contain the path element - '..'. May not start with - the string '..'. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its keys must be - defined - type: boolean - csi: - description: CSI (Container Storage - Interface) represents storage that - is handled by an external CSI driver - (Alpha feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name - of the CSI driver that handles - this volume. Consult with your - admin for the correct name as - registered in the cluster. - type: string - fsType: - description: Filesystem type to - mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value - is passed to the associated - CSI driver which will determine - the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef - is a reference to the secret - object containing sensitive - information to pass to the CSI - driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. - This field is optional, and may - be empty if no secret is required. - If the secret object contains - more than one secret, all secret - references are passed. - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - readOnly: - description: Specifies a read-only - configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes - stores driver-specific properties - that are passed to the CSI driver. - Consult your driver's documentation - for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents - downward API about the pod that - should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of - downward API volume file + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. type: array items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running type: object required: - - path + - topologyKey properties: - fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name and namespace - are supported.' + labelSelector: + description: A label query over a set of resources, in this case pods. type: object - required: - - fieldPath properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - mode: - description: 'Optional: - mode bits to use on this - file, must be a value - between 0 and 0777. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, - like fsGroup, and the - result can be other mode - bits set.' - type: integer - format: int32 - path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must not - be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + type: array + items: + type: string + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containers: + description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + required: + - name + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + env: + description: List of environment variables to set in the container. Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + type: object + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + httpGet: + description: HTTPGet specifies the http request to perform. type: object required: - - resource + - port properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. anyOf: - - type: integer - - type: string + - type: integer + - type: string x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string - emptyDir: - description: 'EmptyDir represents - a temporary directory that shares - a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage - medium should back this directory. - The default is "" which means - to use the node''s default medium. - Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of - local storage required for this - EmptyDir volume. The size limit - is also applicable for memory - medium. The maximum usage on - memory medium EmptyDir would - be the minimum value between - the SizeLimit specified here - and the sum of memory limits - of all containers in a pod. - The default is nil which means - that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - fc: - description: FC represents a Fibre - Channel resource that is attached - to a kubelet's host machine and - then exposed to the pod. - type: object - properties: - fsType: - description: 'Filesystem type - to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do - we prevent errors in the filesystem - from compromising the machine' - type: string - lun: - description: 'Optional: FC target - lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target - worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume - world wide identifiers (wwids) - Either wwids or combination - of targetWWNs and lun must be - set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents - a generic volume resource that is - provisioned/attached using an exec - based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name - of the driver to use for this - volume. - type: string - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends - on FlexVolume script. - type: string - options: - description: 'Optional: Extra - command options if any.' + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + required: + - port + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + required: + - port + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. type: object - additionalProperties: + required: + - containerPort + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + type: integer + format: int32 + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + default: TCP + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + required: + - port + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: object + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + type: object + properties: + add: + description: Added capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef - is reference to the secret object - containing sensitive information - to pass to the plugin scripts. - This may be empty if no secret - object is specified. If the - secret object contains more - than one secret, all secrets - are passed to the plugin scripts.' + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: integer + format: int64 + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: integer + format: int64 + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: object + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + seccompProfile: + description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. + type: object + required: + - type + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + type: string + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: object + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + required: + - port + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + type: array + items: + description: volumeDevice describes a mapping of a raw block device within a container. type: object + required: + - devicePath + - name + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + dnsConfig: + description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. + type: object + properties: + nameservers: + description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. + type: array + items: + type: string + options: + description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. + type: array + items: + description: PodDNSConfigOption defines DNS resolver options of a pod. + type: object + properties: + name: + description: Required. + type: string + value: + type: string + searches: + description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. + type: array + items: + type: string + dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' + type: boolean + ephemeralContainers: + description: List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature. + type: array + items: + description: An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag. + type: object + required: + - name + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + env: + description: List of environment variables to set in the container. Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name properties: name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string - flocker: - description: Flocker represents a - Flocker volume attached to a kubelet's - host machine. This depends on the - Flocker control service being running + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral containers. + type: object + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + required: + - port + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + required: + - port + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + livenessProbe: + description: Probes are not allowed for ephemeral containers. + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + required: + - port + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + name: + description: Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral containers. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + type: integer + format: int32 + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + default: TCP + readinessProbe: + description: Probes are not allowed for ephemeral containers. + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + required: + - port + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + resources: + description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: SecurityContext is not allowed for ephemeral containers. + type: object + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + type: object + properties: + add: + description: Added capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: integer + format: int64 + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: integer + format: int64 + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: object + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + seccompProfile: + description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. + type: object + required: + - type + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + type: string + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: object + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + startupProbe: + description: Probes are not allowed for ephemeral containers. + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + required: + - port + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + targetContainerName: + description: If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature. + type: string + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + type: array + items: + description: volumeDevice describes a mapping of a raw block device within a container. + type: object + required: + - devicePath + - name + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + hostAliases: + description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods. + type: array + items: + description: HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. + type: object + properties: + hostnames: + description: Hostnames for the above IP address. + type: array + items: + type: string + ip: + description: IP address of the host file entry. + type: string + hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: Default to false.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + type: array + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + initContainers: + description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' + type: array + items: + description: A single application container that you want to run within a pod. + type: object + required: + - name + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + env: + description: List of environment variables to set in the container. Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + type: object + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + required: + - port + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + required: + - port + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + required: + - port + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + type: integer + format: int32 + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + default: TCP + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + required: + - port + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: object + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + type: object + properties: + add: + description: Added capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: integer + format: int64 + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: integer + format: int64 + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: object + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + seccompProfile: + description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. + type: object + required: + - type + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + type: string + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: object + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + required: + - port + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + port: + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + type: array + items: + description: volumeDevice describes a mapping of a raw block device within a container. + type: object + required: + - devicePath + - name + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + nodeName: + description: NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements. + type: string + nodeSelector: + description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + additionalProperties: + type: string + overhead: + description: 'Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is beta-level, gated by the NonPreemptingPriority feature-gate. + type: string + priority: + description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. + type: integer + format: int32 + priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. + type: string + readinessGates: + description: 'If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' + type: array + items: + description: PodReadinessGate contains the reference to a pod condition + type: object + required: + - conditionType + properties: + conditionType: + description: ConditionType refers to a condition in the pod's condition list with matching type. + type: string + restartPolicy: + description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' + type: string + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.' + type: string + schedulerName: + description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. + type: string + securityContext: + description: 'SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.' + type: object + properties: + fsGroup: + description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." + type: integer + format: int64 + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + type: integer + format: int64 + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + type: integer + format: int64 + seLinuxOptions: + description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. type: object properties: - datasetName: - description: Name of the dataset - stored as metadata -> name on - the dataset for Flocker should - be considered as deprecated + level: + description: Level is SELinux level label that applies to the container. type: string - datasetUUID: - description: UUID of the dataset. - This is unique identifier of - a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and - then exposed to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in - the volume that you want to - mount. If omitted, the default - is to mount by volume name. - Examples: For volume /dev/sda1, - you specify the partition as - "1". Similarly, the volume partition - for /dev/sda is "0" (or you - can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the - PD resource in GCE. Used to - identify the disk in GCE. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a - git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. - To provision a container with a - git repo, mount an EmptyDir into - an InitContainer that clones the - repo using git, then mount the EmptyDir - into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory - name. Must not contain or start - with '..'. If '.' is supplied, - the volume directory will be - the git repository. Otherwise, - if specified, the volume will - contain the git repository in - the subdirectory with the given - name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the - specified revision. - type: string - glusterfs: - description: 'Glusterfs represents - a Glusterfs mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is - the endpoint name that details - Glusterfs topology. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will - force the Glusterfs volume to - be mounted with read-only permissions. - Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents - a pre-existing file or directory - on the host machine that is directly - exposed to the container. This is - generally used for system agents - or other privileged things that - are allowed to see the host machine. - Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts - and who can/can not mount host directories - as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory - on the host. If the path is - a symlink, it will follow the - link to the real path. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + role: + description: Role is a SELinux role label that applies to the container. type: string type: - description: 'Type for HostPath - Volume Defaults to "" More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: Type is a SELinux type label that applies to the container. type: string - iscsi: - description: 'ISCSI represents an - ISCSI Disk resource that is attached - to a kubelet''s host machine and - then exposed to the pod. More info: - https://examples.k8s.io/volumes/iscsi/README.md' + user: + description: User is a SELinux user label that applies to the container. + type: string + seccompProfile: + description: The seccomp options to use by the containers in this pod. type: object required: - - iqn - - lun - - targetPortal + - type properties: - chapAuthDiscovery: - description: whether support iSCSI - Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI - Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors - in the filesystem from compromising - the machine' + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". type: string - initiatorName: - description: Custom iSCSI Initiator - Name. If initiatorName is specified - with iscsiInterface simultaneously, - new iSCSI interface : will be - created for the connection. + type: + description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." type: string - iqn: - description: Target iSCSI Qualified - Name. - type: string - iscsiInterface: - description: iSCSI Interface Name - that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun - number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal - List. The portal is either an - IP or ip_addr:port if the port - is other than default (typically - TCP ports 860 and 3260). - type: array - items: + supplementalGroups: + description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. + type: array + items: + type: integer + format: int64 + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + type: array + items: + description: Sysctl defines a kernel parameter to be set + type: object + required: + - name + - value + properties: + name: + description: Name of a property to set type: string - readOnly: - description: ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI - target and initiator authentication - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' + value: + description: Value of a property to set + type: string + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: object + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + serviceAccount: + description: 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + setHostnameAsFQDN: + description: If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. + type: boolean + shareProcessNamespace: + description: 'Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.' + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. + type: integer + format: int64 + tolerations: + description: If specified, the pod's tolerations. + type: array + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + type: object + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + type: integer + format: int64 + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. + type: array + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + type: object + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: type: string - targetPortal: - description: iSCSI Target Portal. - The Portal is either an IP or - ip_addr:port if the port is - other than default (typically - TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must - be a DNS_LABEL and unique within - the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS - mount on the host that shares a - pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported - by the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will - force the NFS export to be mounted - with read-only permissions. - Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the - name of a PersistentVolumeClaim - in the same namespace as the - pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly - setting in VolumeMounts. Default - false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk - represents a PhotonController persistent - disk attached and mounted on kubelets - host machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - pdID: - description: ID that identifies - Photon Controller persistent - disk - type: string - portworxVolume: - description: PortworxVolume represents - a portworx volume attached and mounted - on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents - the filesystem type to mount - Must be a filesystem type supported - by the host operating system. - Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely - identifies a Portworx volume - type: string - projected: - description: Items for all in one - resources secrets, configmaps, and - downward API - type: object - required: - - sources - properties: - defaultMode: - description: Mode bits to use - on created files by default. - Must be a value between 0 and - 0777. Directories within the - path are not affected by this - setting. This might be in conflict - with other options that affect - the file mode, like fsGroup, - and the result can be other - mode bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that - may be projected along with - other supported volume types + maxSkew: + description: 'MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It''s a required field. Default value is 1 and 0 is not allowed.' + type: integer + format: int32 + topologyKey: + description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assigment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' + type: string + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: object + required: + - volumeID + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' + type: integer + format: int32 + readOnly: + description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + type: object + required: + - diskName + - diskURI + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + azureFile: + description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + type: object + required: + - secretName + - shareName + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + cephfs: + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + type: object + required: + - monitors + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: array + items: + type: string + path: + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: object properties: - configMap: - description: information - about the configMap data - to project - type: object - properties: - items: - description: If unspecified, - each key-value pair - in the Data field - of the referenced - ConfigMap will be - projected into the - volume as a file whose - name is the key and - content is the value. - If specified, the - listed keys will be - projected into the - specified paths, and - unlisted keys will - not be present. If - a key is specified - which is not present - in the ConfigMap, - the volume setup will - error unless it is - marked optional. Paths - must be relative and - may not contain the - '..' path or start - with '..'. - type: array - items: - description: Maps - a string key to - a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The - key to project. - type: string - mode: - description: 'Optional: - mode bits to - use on this - file, must be - a value between - 0 and 0777. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' - type: integer - format: int32 - path: - description: The - relative path - of the file - to map the key - to. May not - be an absolute - path. May not - contain the - path element - '..'. May not - start with the - string '..'. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its keys must be - defined - type: boolean - downwardAPI: - description: information - about the downwardAPI - data to project - type: object - properties: - items: - description: Items is - a list of DownwardAPIVolume - file - type: array - items: - description: DownwardAPIVolumeFile - represents information - to create the file - containing the pod - field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: - Selects a field - of the pod: - only annotations, - labels, name - and namespace - are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema - the FieldPath - is written - in terms - of, defaults - to "v1". - type: string - fieldPath: - description: Path - of the field - to select - in the specified - API version. - type: string - mode: - description: 'Optional: - mode bits to - use on this - file, must be - a value between - 0 and 0777. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' - type: integer - format: int32 - path: - description: 'Required: - Path is the - relative path - name of the - file to be created. - Must not be - absolute or - contain the - ''..'' path. - Must be utf-8 - encoded. The - first item of - the relative - path must not - start with ''..''' - type: string - resourceFieldRef: - description: 'Selects - a resource of - the container: - only resources - limits and requests - (limits.cpu, - limits.memory, - requests.cpu - and requests.memory) - are currently - supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required - for volumes, - optional - for env - vars' - type: string - divisor: - description: Specifies - the output - format of - the exposed - resources, - defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource - to select' - type: string - secret: - description: information - about the secret data - to project - type: object - properties: - items: - description: If unspecified, - each key-value pair - in the Data field - of the referenced - Secret will be projected - into the volume as - a file whose name - is the key and content - is the value. If specified, - the listed keys will - be projected into - the specified paths, - and unlisted keys - will not be present. - If a key is specified - which is not present - in the Secret, the - volume setup will - error unless it is - marked optional. Paths - must be relative and - may not contain the - '..' path or start - with '..'. - type: array - items: - description: Maps - a string key to - a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The - key to project. - type: string - mode: - description: 'Optional: - mode bits to - use on this - file, must be - a value between - 0 and 0777. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' - type: integer - format: int32 - path: - description: The - relative path - of the file - to map the key - to. May not - be an absolute - path. May not - contain the - path element - '..'. May not - start with the - string '..'. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - serviceAccountToken: - description: information - about the serviceAccountToken - data to project - type: object - required: - - path - properties: - audience: - description: Audience - is the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and - otherwise should reject - the token. The audience - defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds - is the requested duration - of validity of the - service account token. - As the token approaches - expiration, the kubelet - volume plugin will - proactively rotate - the service account - token. The kubelet - will start trying - to rotate the token - if the token is older - than 80 percent of - its time to live or - if the token is older - than 24 hours.Defaults - to 1 hour and must - be at least 10 minutes. - type: integer - format: int64 - path: - description: Path is - the path relative - to the mount point - of the file to project - the token into. - type: string - quobyte: - description: Quobyte represents a - Quobyte mount on the host that shares - a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume - access to Default is no group - type: string - readOnly: - description: ReadOnly here will - force the Quobyte volume to - be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: Registry represents - a single or multiple Quobyte - Registry services specified - as a string as host:port pair - (multiple entries are separated - with commas) which acts as the - central registry for volumes - type: string - tenant: - description: Tenant owning the - given Quobyte volume in the - Backend Used with dynamically - provisioned Quobyte volumes, - value is set by the plugin - type: string - user: - description: User to map volume - access to Defaults to serivceaccount - user - type: string - volume: - description: Volume is a string - that references an already created - Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados - Block Device mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - image: - description: 'The rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of - Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + user: + description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string - pool: - description: 'The rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name - of the authentication secret - for RBDUser. If provided overrides - keyring. Default is nil. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - user: - description: 'The rados user name. - Default is admin. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a - ScaleIO persistent volume attached - and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: The host address - of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO - Protection Domain for the configured - storage. - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references - to the secret for ScaleIO user - and other sensitive information. - If this is not provided, Login - operation will fail. - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - sslEnabled: - description: Flag to enable/disable - SSL communication with Gateway, - default false - type: boolean - storageMode: - description: Indicates whether - the storage for a volume should - be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage - Pool associated with the protection - domain. - type: string - system: - description: The name of the storage - system as configured in ScaleIO. - type: string - volumeName: - description: The name of a volume - already created in the ScaleIO - system that is associated with - this volume source. - type: string - secret: - description: 'Secret represents a - secret that should populate this - volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each - key-value pair in the Data field - of the referenced Secret will - be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the Secret, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. - type: array + cinder: + description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: object + required: + - volumeID + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + volumeID: + description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + configMap: + description: ConfigMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 items: - description: Maps a string key - to a path within a volume. + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + csi: + description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). + type: object + required: + - driver + properties: + driver: + description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + readOnly: + description: Specifies a read-only configuration for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + type: object + additionalProperties: + type: string + downwardAPI: + description: DownwardAPI represents downward API about the pod that should populate this volume + type: object + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: Items is a list of downward API volume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + emptyDir: + description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: object + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + ephemeral: + description: "Ephemeral represents a volume that is handled by a cluster storage driver (Alpha feature). The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." + type: object + properties: + readOnly: + description: Specifies a read-only configuration for the volume. Defaults to false (read/write). + type: boolean + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." type: object required: - - key - - path + - spec properties: - key: - description: The key to - project. - type: string - mode: - description: 'Optional: - mode bits to use on this - file, must be a value - between 0 and 0777. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, - like fsGroup, and the - result can be other mode - bits set.' - type: integer - format: int32 - path: - description: The relative - path of the file to map - the key to. May not be - an absolute path. May - not contain the path element - '..'. May not start with - the string '..'. - type: string - optional: - description: Specify whether the - Secret or its keys must be defined - type: boolean - secretName: - description: 'Name of the secret - in the pod''s namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents - a StorageOS volume attached and - mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies - the secret to use for obtaining - the StorageOS API credentials. If - not specified, default values - will be attempted. - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' + metadata: + description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. + type: object + properties: + accessModes: + description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + type: array + items: + type: string + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.' + type: object + required: + - kind + - name + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + resources: + description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + selector: + description: A label query over volumes to consider for binding. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + fc: + description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + type: object + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + type: integer + format: int32 + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + type: array + items: type: string - volumeName: - description: VolumeName is the - human-readable name of the StorageOS - volume. Volume names are only - unique within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies - the scope of the volume within - StorageOS. If no namespace - is specified then the Pod's - namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS - for tighter integration. Set - VolumeName to any name to override - the default behaviour. Set to - "default" if you are not using - namespaces within StorageOS. - Namespaces that do not pre-exist - within StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based - Management (SPBM) profile ID - associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based - Management (SPBM) profile name. - type: string - volumePath: - description: Path that identifies - vSphere volume vmdk - type: string - permissions: - type: array - items: - description: StrategyDeploymentPermissions describe the - rbac rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes - a policy rule, but does not contain information - about who the rule applies to or which namespace - the rule applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup - that contains the resources. If multiple API - groups are specified, any action requested against - one of the enumerated resources in any API group - will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial - urls that a user should have access to. *s - are allowed, but only as the full, final step - in the path Since non-resource URLs are not - namespaced, this field is only applicable for - ClusterRoles referenced from a ClusterRoleBinding. - Rules can either apply to API resources (such - as "pods" or "secrets") or non-resource URL - paths (such as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white - list of names that the rule applies to. An - empty set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources - this rule applies to. ResourceAll represents - all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply - to ALL the ResourceKinds and AttributeRestrictions - contained in this rule. VerbAll represents - all kinds. - type: array - items: - type: string - serviceAccountName: - type: string - strategy: - type: string - installModes: - description: InstallModes specify supported installation types - type: array - items: - description: InstallMode associates an InstallModeType with a flag - representing if the CSV supports it - type: object - required: - - supported - - type - properties: - supported: - type: boolean - type: - description: InstallModeType is a supported type of install - mode for CSV installation + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' + type: array + items: + type: string + flexVolume: + description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + type: object + required: + - driver + properties: + driver: + description: Driver is the name of the driver to use for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + description: 'Optional: Extra command options if any.' + type: object + additionalProperties: + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + flocker: + description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + type: object + properties: + datasetName: + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier of a Flocker dataset + type: string + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: object + required: + - pdName + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: integer + format: int32 + pdName: + description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + gitRepo: + description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' + type: object + required: + - repository + properties: + directory: + description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + type: object + required: + - endpoints + - path + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + hostPath: + description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' + type: object + required: + - path + properties: + path: + description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + type: object + required: + - iqn + - lun + - targetPortal + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + type: integer + format: int32 + portals: + description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + type: array + items: + type: string + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + targetPortal: + description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + type: string + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: object + required: + - path + - server + properties: + path: + description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: object + required: + - claimName + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + type: object + required: + - pdID + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent disk + type: string + portworxVolume: + description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + type: object + required: + - volumeID + properties: + fsType: + description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + projected: + description: Items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: information about the configMap data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + downwardAPI: + description: information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + secret: + description: information about the secret data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + serviceAccountToken: + description: information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + type: integer + format: int64 + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + quobyte: + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + type: object + required: + - registry + - volume + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount user + type: string + volume: + description: Volume is a string that references an already created Quobyte volume by name. + type: string + rbd: + description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + type: object + required: + - image + - monitors + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: array + items: + type: string + pool: + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + user: + description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + type: object + required: + - gateway + - secretRef + - system + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + sslEnabled: + description: Flag to enable/disable SSL communication with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the protection domain. + type: string + system: + description: The name of the storage system as configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO system that is associated with this volume source. + type: string + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + storageos: + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + type: object + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + volumeName: + description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + type: string + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + type: object + required: + - volumePath + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + permissions: + type: array + items: + description: StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy + type: object + required: + - rules + - serviceAccountName + properties: + rules: + type: array + items: + description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. + type: object + required: + - verbs + properties: + apiGroups: + description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. + type: array + items: + type: string + nonResourceURLs: + description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. + type: array + items: + type: string + resourceNames: + description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. + type: array + items: + type: string + resources: + description: Resources is a list of resources this rule applies to. ResourceAll represents all resources. + type: array + items: + type: string + verbs: + description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. + type: array + items: + type: string + serviceAccountName: + type: string + strategy: type: string - keywords: - type: array - items: + installModes: + description: InstallModes specify supported installation types + type: array + items: + description: InstallMode associates an InstallModeType with a flag representing if the CSV supports it + type: object + required: + - supported + - type + properties: + supported: + type: boolean + type: + description: InstallModeType is a supported type of install mode for CSV installation + type: string + keywords: + type: array + items: + type: string + labels: + description: Map of string keys and values that can be used to organize and categorize (scope and select) objects. + type: object + additionalProperties: + type: string + links: + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + maintainers: + type: array + items: + type: object + properties: + email: + type: string + name: + type: string + maturity: type: string - labels: - description: Map of string keys and values that can be used to organize - and categorize (scope and select) objects. - type: object - additionalProperties: + minKubeVersion: type: string - links: - type: array - items: + nativeAPIs: + type: array + items: + description: GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion to avoid automatic coersion. It doesn't use a GroupVersion to avoid custom marshalling + type: object + required: + - group + - kind + - version + properties: + group: + type: string + kind: + type: string + version: + type: string + provider: type: object properties: name: type: string url: type: string - maintainers: - type: array - items: - type: object - properties: - email: - type: string - name: - type: string - maturity: - type: string - minKubeVersion: - type: string - nativeAPIs: - type: array - items: - description: GroupVersionKind unambiguously identifies a kind. It - doesn't anonymously include GroupVersion to avoid automatic coersion. It - doesn't use a GroupVersion to avoid custom marshalling - type: object - required: - - group - - kind - - version - properties: - group: - type: string - kind: - type: string - version: - type: string - provider: - type: object - properties: - name: - type: string - url: - type: string - replaces: - description: The name of a CSV this one replaces. Should match the - `metadata.Name` field of the old CSV. - type: string - selector: - description: Label selector for related resources. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + relatedImages: + description: List any related images, or other container images that your Operator might require to perform their functions. This list should also include operand images as well. All image references should be specified by digest (SHA) and not by tag. This field is only used during catalog creation and plays no part in cluster runtime. + type: array + items: type: object - additionalProperties: - type: string - version: - description: OperatorVersion is a wrapper around semver.Version which - supports correct marshaling to YAML and JSON. - type: string - webhookdefinitions: - type: array - items: - description: WebhookDescription provides details to OLM about required - webhooks - type: object - required: - - admissionReviewVersions - - generateName - - sideEffects - - type - properties: - admissionReviewVersions: - type: array - items: + required: + - image + - name + properties: + image: type: string - containerPort: - type: integer - format: int32 - default: 443 - maximum: 65535 - minimum: 1 - conversionCRDs: - type: array - items: + name: type: string - deploymentName: - type: string - failurePolicy: - type: string - generateName: - type: string - matchPolicy: - description: MatchPolicyType specifies the type of match policy - type: string - objectSelector: - description: A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - reinvocationPolicy: - description: ReinvocationPolicyType specifies what type of policy - the admission hook uses. - type: string - rules: - type: array - items: - description: RuleWithOperations is a tuple of Operations and - Resources. It is recommended to make sure that all the tuple - expansions are valid. - type: object - properties: - apiGroups: - description: APIGroups is the API groups the resources - belong to. '*' is all groups. If '*' is present, the - length of the slice must be one. Required. - type: array - items: - type: string - apiVersions: - description: APIVersions is the API versions the resources - belong to. '*' is all versions. If '*' is present, the - length of the slice must be one. Required. - type: array - items: - type: string - operations: - description: Operations is the operations the admission - hook cares about - CREATE, UPDATE, or * for all operations. - If '*' is present, the length of the slice must be one. - Required. - type: array - items: - type: string - resources: - description: "Resources is a list of resources this rule - applies to. \n For example: 'pods' means pods. 'pods/log' - means the log subresource of pods. '*' means all resources, - but not subresources. 'pods/*' means all subresources - of pods. '*/scale' means all scale subresources. '*/*' - means all resources and their subresources. \n If wildcard - is present, the validation rule will ensure resources - do not overlap with each other. \n Depending on the - enclosing object, subresources might not be allowed. - Required." - type: array - items: - type: string - scope: - description: scope specifies the scope of this rule. Valid - values are "Cluster", "Namespaced", and "*" "Cluster" - means that only cluster-scoped resources will match - this rule. Namespace API objects are cluster-scoped. - "Namespaced" means that only namespaced resources will - match this rule. "*" means that there are no scope restrictions. - Subresources match the scope of their parent resource. - Default is "*". - type: string - sideEffects: - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - type: integer - format: int32 - type: - description: WebhookAdmissionType is the type of admission webhooks - supported by OLM - type: string - enum: - - ValidatingAdmissionWebhook - - MutatingAdmissionWebhook - - ConversionWebhook - webhookPath: - type: string - status: - description: ClusterServiceVersionStatus represents information about - the status of a pod. Status may trail the actual state of a system. - type: object - properties: - certsLastUpdated: - description: Last time the owned APIService certs were updated - type: string - format: date-time - certsRotateAt: - description: Time the owned APIService certs will rotate next - type: string - format: date-time - conditions: - description: List of conditions, a history of state transitions - type: array - items: - description: Conditions appear in the status as a record of state - transitions on the ClusterServiceVersion + replaces: + description: The name of a CSV this one replaces. Should match the `metadata.Name` field of the old CSV. + type: string + selector: + description: Label selector for related resources. type: object properties: - lastTransitionTime: - description: Last time the status transitioned from one status - to another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about - why the ClusterServiceVersion is in this condition. - type: string - phase: - description: Condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about - why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - lastTransitionTime: - description: Last time the status transitioned from one status to - another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about why - the ClusterServiceVersion is in this condition. - type: string - phase: - description: Current condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about why - the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - requirementStatus: - description: The status of each requirement for this CSV - type: array - items: - type: object - required: - - group - - kind - - message - - name - - status - - version - properties: - dependents: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: DependentStatus is the status for a dependent - requirement (to prevent infinite nesting) + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. type: object required: - - group - - kind - - status - - version + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + skips: + description: The name(s) of one or more CSV(s) that should be skipped in the upgrade graph. Should match the `metadata.Name` field of the CSV that should be skipped. This field is only used during catalog creation and plays no part in cluster runtime. + type: array + items: + type: string + version: + description: OperatorVersion is a wrapper around semver.Version which supports correct marshaling to YAML and JSON. + type: string + webhookdefinitions: + type: array + items: + description: WebhookDescription provides details to OLM about required webhooks + type: object + required: + - admissionReviewVersions + - generateName + - sideEffects + - type + properties: + admissionReviewVersions: + type: array + items: + type: string + containerPort: + type: integer + format: int32 + default: 443 + maximum: 65535 + minimum: 1 + conversionCRDs: + type: array + items: + type: string + deploymentName: + type: string + failurePolicy: + type: string + generateName: + type: string + matchPolicy: + description: MatchPolicyType specifies the type of match policy + type: string + objectSelector: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + reinvocationPolicy: + description: ReinvocationPolicyType specifies what type of policy the admission hook uses. + type: string + rules: + type: array + items: + description: RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid. + type: object + properties: + apiGroups: + description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + type: array + items: + type: string + apiVersions: + description: APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required. + type: array + items: + type: string + operations: + description: Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required. + type: array + items: + type: string + resources: + description: "Resources is a list of resources this rule applies to. \n For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources. \n If wildcard is present, the validation rule will ensure resources do not overlap with each other. \n Depending on the enclosing object, subresources might not be allowed. Required." + type: array + items: + type: string + scope: + description: scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*". + type: string + sideEffects: + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeoutSeconds: + type: integer + format: int32 + type: + description: WebhookAdmissionType is the type of admission webhooks supported by OLM + type: string + enum: + - ValidatingAdmissionWebhook + - MutatingAdmissionWebhook + - ConversionWebhook + webhookPath: + type: string + status: + description: ClusterServiceVersionStatus represents information about the status of a CSV. Status may trail the actual state of a system. + type: object + properties: + certsLastUpdated: + description: Last time the owned APIService certs were updated + type: string + format: date-time + certsRotateAt: + description: Time the owned APIService certs will rotate next + type: string + format: date-time + cleanup: + description: CleanupStatus represents information about the status of cleanup while a CSV is pending deletion + type: object + properties: + pendingDeletion: + description: PendingDeletion is the list of custom resource objects that are pending deletion and blocked on finalizers. This indicates the progress of cleanup that is blocking CSV deletion or operator uninstall. + type: array + items: + description: ResourceList represents a list of resources which are of the same Group/Kind + type: object + required: + - group + - instances + - kind properties: group: type: string + instances: + type: array + items: + type: object + required: + - name + properties: + name: + type: string + namespace: + description: Namespace can be empty for cluster-scoped resources + type: string kind: type: string - message: - type: string - status: - description: StatusReason is a camelcased reason for the - status of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - group: - type: string - kind: - type: string - message: - type: string - name: - type: string - status: - description: StatusReason is a camelcased reason for the status - of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - served: true - storage: true - subresources: - status: {} + conditions: + description: List of conditions, a history of state transitions + type: array + items: + description: Conditions appear in the status as a record of state transitions on the ClusterServiceVersion + type: object + properties: + lastTransitionTime: + description: Last time the status transitioned from one status to another. + type: string + format: date-time + lastUpdateTime: + description: Last time we updated the status + type: string + format: date-time + message: + description: A human readable message indicating details about why the ClusterServiceVersion is in this condition. + type: string + phase: + description: Condition of the ClusterServiceVersion + type: string + reason: + description: A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' + type: string + lastTransitionTime: + description: Last time the status transitioned from one status to another. + type: string + format: date-time + lastUpdateTime: + description: Last time we updated the status + type: string + format: date-time + message: + description: A human readable message indicating details about why the ClusterServiceVersion is in this condition. + type: string + phase: + description: Current condition of the ClusterServiceVersion + type: string + reason: + description: A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' + type: string + requirementStatus: + description: The status of each requirement for this CSV + type: array + items: + type: object + required: + - group + - kind + - message + - name + - status + - version + properties: + dependents: + type: array + items: + description: DependentStatus is the status for a dependent requirement (to prevent infinite nesting) + type: object + required: + - group + - kind + - status + - version + properties: + group: + type: string + kind: + type: string + message: + type: string + status: + description: StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus + type: string + uuid: + type: string + version: + type: string + group: + type: string + kind: + type: string + message: + type: string + name: + type: string + status: + description: StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus + type: string + uuid: + type: string + version: + type: string + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 + controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: installplans.operators.coreos.com spec: group: operators.coreos.com names: categories: - - olm + - olm kind: InstallPlan listKind: InstallPlanList plural: installplans shortNames: - - ip + - ip singular: installplan scope: Namespaced versions: - - additionalPrinterColumns: - - description: The first CSV in the list of clusterServiceVersionNames - jsonPath: .spec.clusterServiceVersionNames[0] - name: CSV - type: string - - description: The approval mode - jsonPath: .spec.approval - name: Approval - type: string - - jsonPath: .spec.approved - name: Approved - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: InstallPlan defines the installation of a set of operators. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: InstallPlanSpec defines a set of Application resources to - be installed - type: object - required: - - approval - - approved - - clusterServiceVersionNames - properties: - approval: - description: Approval is the user approval policy for an InstallPlan. - It must be one of "Automatic" or "Manual". - type: string - approved: - type: boolean - clusterServiceVersionNames: - type: array - items: + - additionalPrinterColumns: + - description: The first CSV in the list of clusterServiceVersionNames + jsonPath: .spec.clusterServiceVersionNames[0] + name: CSV + type: string + - description: The approval mode + jsonPath: .spec.approval + name: Approval + type: string + - jsonPath: .spec.approved + name: Approved + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: InstallPlan defines the installation of a set of operators. + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: InstallPlanSpec defines a set of Application resources to be installed + type: object + required: + - approval + - approved + - clusterServiceVersionNames + properties: + approval: + description: Approval is the user approval policy for an InstallPlan. It must be one of "Automatic" or "Manual". type: string - generation: - type: integer - source: - type: string - sourceNamespace: - type: string - status: - description: "InstallPlanStatus represents the information about the status - of steps required to complete installation. \n Status may trail the - actual state of a system." - type: object - required: - - catalogSources - - phase - properties: - attenuatedServiceAccountRef: - description: AttenuatedServiceAccountRef references the service account - that is used to do scoped operator install. - type: object - properties: - apiVersion: - description: API version of the referent. + approved: + type: boolean + clusterServiceVersionNames: + type: array + items: type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - bundleLookups: - description: BundleLookups is the set of in-progress requests to pull - and unpackage bundle content to the cluster. - type: array - items: - description: BundleLookup is a request to pull and unpackage the - content of a bundle to the cluster. + generation: + type: integer + source: + type: string + sourceNamespace: + type: string + status: + description: "InstallPlanStatus represents the information about the status of steps required to complete installation. \n Status may trail the actual state of a system." + type: object + required: + - catalogSources + - phase + properties: + attenuatedServiceAccountRef: + description: AttenuatedServiceAccountRef references the service account that is used to do scoped operator install. type: object - required: - - catalogSourceRef - - identifier - - path - - replaces properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to the CatalogSource - the bundle path was resolved from. - type: object + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + bundleLookups: + description: BundleLookups is the set of in-progress requests to pull and unpackage bundle content to the cluster. + type: array + items: + description: BundleLookup is a request to pull and unpackage the content of a bundle to the cluster. + type: object + required: + - catalogSourceRef + - identifier + - path + - replaces + properties: + catalogSourceRef: + description: CatalogSourceRef is a reference to the CatalogSource the bundle path was resolved from. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + conditions: + description: Conditions represents the overall state of a BundleLookup. + type: array + items: + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + format: date-time + lastUpdateTime: + description: Last time the condition was probed. + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + identifier: + description: Identifier is the catalog-unique name of the operator (the name of the CSV for bundles that contain CSVs) + type: string + path: + description: Path refers to the location of a bundle to pull. It's typically an image reference. + type: string properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way - of referencing a part of an object. TODO: this design - is not final and this field is subject to change in the - future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - conditions: - description: Conditions represents the overall state of a BundleLookup. - type: array - items: + description: The effective properties of the unpacked bundle. + type: string + replaces: + description: Replaces is the name of the bundle to replace with the one found at Path. + type: string + catalogSources: + type: array + items: + type: string + conditions: + type: array + items: + description: InstallPlanCondition represents the overall status of the execution of an InstallPlan. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + lastUpdateTime: + type: string + format: date-time + message: + type: string + reason: + description: ConditionReason is a camelcased reason for the state transition. + type: string + status: + type: string + type: + description: InstallPlanConditionType describes the state of an InstallPlan at a certain point as a whole. + type: string + message: + description: Message is a human-readable message containing detailed information that may be important to understanding why the plan has its current status. + type: string + phase: + description: InstallPlanPhase is the current status of a InstallPlan as a whole. + type: string + plan: + type: array + items: + description: Step represents the status of an individual step in an InstallPlan. + type: object + required: + - resolving + - resource + - status + properties: + resolving: + type: string + resource: + description: StepResource represents the status of a resource to be tracked by an InstallPlan. type: object required: - - status - - type + - group + - kind + - name + - sourceName + - sourceNamespace + - version properties: - lastTransitionTime: - description: Last time the condition transitioned from - one status to another. + group: type: string - format: date-time - lastUpdateTime: - description: Last time the condition was probed. + kind: type: string - format: date-time - message: - description: A human readable message indicating details - about the transition. + manifest: type: string - reason: - description: The reason for the condition's last transition. + name: type: string - status: - description: Status of the condition, one of True, False, - Unknown. + sourceName: type: string - type: - description: Type of condition. + sourceNamespace: type: string - identifier: - description: Identifier is the catalog-unique name of the operator - (the name of the CSV for bundles that contain CSVs) - type: string - path: - description: Path refers to the location of a bundle to pull. - It's typically an image reference. - type: string - properties: - description: The effective properties of the unpacked bundle. - type: string - replaces: - description: Replaces is the name of the bundle to replace with - the one found at Path. - type: string - catalogSources: - type: array - items: + version: + type: string + status: + description: StepStatus is the current status of a particular resource an in InstallPlan + type: string + startTime: + description: StartTime is the time when the controller began applying the resources listed in the plan to the cluster. type: string - conditions: - type: array - items: - description: InstallPlanCondition represents the overall status - of the execution of an InstallPlan. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - lastUpdateTime: - type: string - format: date-time - message: - type: string - reason: - description: ConditionReason is a camelcased reason for the - state transition. - type: string - status: - type: string - type: - description: InstallPlanConditionType describes the state of - an InstallPlan at a certain point as a whole. - type: string - phase: - description: InstallPlanPhase is the current status of a InstallPlan - as a whole. - type: string - plan: - type: array - items: - description: Step represents the status of an individual step in - an InstallPlan. - type: object - required: - - resolving - - resource - - status - properties: - resolving: - type: string - resource: - description: StepResource represents the status of a resource - to be tracked by an InstallPlan. - type: object - required: - - group - - kind - - name - - sourceName - - sourceNamespace - - version - properties: - group: - type: string - kind: - type: string - manifest: - type: string - name: - type: string - sourceName: - type: string - sourceNamespace: - type: string - version: - type: string - status: - description: StepStatus is the current status of a particular - resource an in InstallPlan - type: string - served: true - storage: true - subresources: - status: {} + format: date-time + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: operatorconditions.operators.coreos.com +spec: + group: operators.coreos.com + names: + categories: + - olm + kind: OperatorCondition + listKind: OperatorConditionList + plural: operatorconditions + shortNames: + - condition + singular: operatorcondition + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: OperatorCondition is a Custom Resource of type `OperatorCondition` which is used to convey information to OLM about the state of an operator. + type: object + required: + - metadata + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OperatorConditionSpec allows a cluster admin to convey information about the state of an operator to OLM, potentially overriding state reported by the operator. + type: object + properties: + deployments: + type: array + items: + type: string + overrides: + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + serviceAccounts: + type: array + items: + type: string + status: + description: OperatorConditionStatus allows an operator to convey information its state to OLM. The status may trail the actual state of a system. + type: object + properties: + conditions: + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + served: true + storage: false + subresources: + status: {} + - name: v2 + schema: + openAPIV3Schema: + description: OperatorCondition is a Custom Resource of type `OperatorCondition` which is used to convey information to OLM about the state of an operator. + type: object + required: + - metadata + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OperatorConditionSpec allows an operator to report state to OLM and provides cluster admin with the ability to manually override state reported by the operator. + type: object + properties: + conditions: + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + deployments: + type: array + items: + type: string + overrides: + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + serviceAccounts: + type: array + items: + type: string + status: + description: OperatorConditionStatus allows OLM to convey which conditions have been observed. + type: object + properties: + conditions: + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: operatorgroups.operators.coreos.com spec: group: operators.coreos.com names: categories: - - olm + - olm kind: OperatorGroup listKind: OperatorGroupList plural: operatorgroups shortNames: - - og + - og singular: operatorgroup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: OperatorGroup is the unit of multitenancy for OLM managed operators. - It constrains the installation of operators in its namespace to a specified - set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - type: array - items: + - name: v1 + schema: + openAPIV3Schema: + description: OperatorGroup is the unit of multitenancy for OLM managed operators. It constrains the installation of operators in its namespace to a specified set of target namespaces. + type: object + required: + - metadata + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OperatorGroupSpec is the spec for an OperatorGroup resource. + type: object + properties: + selector: + description: Selector selects the OperatorGroup's target namespaces. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account - which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs - annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to - target. If it is set, Selector is ignored. - type: array - items: - type: string - x-kubernetes-list-type: set - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's - status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: - type: string - x-kubernetes-list-type: set - serviceAccountRef: - description: ServiceAccountRef references the service account object - specified. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: true - subresources: - status: {} - - name: v1alpha2 - schema: - openAPIV3Schema: - description: OperatorGroup is the unit of multitenancy for OLM managed operators. - It constrains the installation of operators in its namespace to a specified - set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - type: array - items: + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + serviceAccountName: + description: ServiceAccountName is the admin specified service account which will be used to deploy operator(s) in this operator group. + type: string + staticProvidedAPIs: + description: Static tells OLM not to update the OperatorGroup's providedAPIs annotation + type: boolean + targetNamespaces: + description: TargetNamespaces is an explicit set of namespaces to target. If it is set, Selector is ignored. + type: array + items: + type: string + x-kubernetes-list-type: set + status: + description: OperatorGroupStatus is the status for an OperatorGroupResource. + type: object + required: + - lastUpdated + properties: + lastUpdated: + description: LastUpdated is a timestamp of the last time the OperatorGroup's status was Updated. + type: string + format: date-time + namespaces: + description: Namespaces is the set of target namespaces for the OperatorGroup. + type: array + items: + type: string + x-kubernetes-list-type: set + serviceAccountRef: + description: ServiceAccountRef references the service account object specified. + type: object + properties: + apiVersion: + description: API version of the referent. type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account - which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs - annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to - target. If it is set, Selector is ignored. - type: array - items: + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + served: true + storage: true + subresources: + status: {} + - name: v1alpha2 + schema: + openAPIV3Schema: + description: OperatorGroup is the unit of multitenancy for OLM managed operators. It constrains the installation of operators in its namespace to a specified set of target namespaces. + type: object + required: + - metadata + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OperatorGroupSpec is the spec for an OperatorGroup resource. + type: object + properties: + selector: + description: Selector selects the OperatorGroup's target namespaces. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + serviceAccountName: + description: ServiceAccountName is the admin specified service account which will be used to deploy operator(s) in this operator group. type: string - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's - status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: + staticProvidedAPIs: + description: Static tells OLM not to update the OperatorGroup's providedAPIs annotation + type: boolean + targetNamespaces: + description: TargetNamespaces is an explicit set of namespaces to target. If it is set, Selector is ignored. + type: array + items: + type: string + status: + description: OperatorGroupStatus is the status for an OperatorGroupResource. + type: object + required: + - lastUpdated + properties: + lastUpdated: + description: LastUpdated is a timestamp of the last time the OperatorGroup's status was Updated. type: string - serviceAccountRef: - description: ServiceAccountRef references the service account object - specified. - type: object - properties: - apiVersion: - description: API version of the referent. + format: date-time + namespaces: + description: Namespaces is the set of target namespaces for the OperatorGroup. + type: array + items: type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: false - subresources: - status: {} + serviceAccountRef: + description: ServiceAccountRef references the service account object specified. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + served: true + storage: false + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 + controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: operators.operators.coreos.com spec: group: operators.coreos.com names: categories: - - olm + - olm kind: Operator listKind: OperatorList plural: operators singular: operator scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: Operator represents a cluster operator. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorSpec defines the desired state of Operator - type: object - status: - description: OperatorStatus defines the observed state of an Operator - and its components - type: object - properties: - components: - description: Components describes resources that compose the operator. - type: object - required: - - labelSelector - properties: - labelSelector: - description: LabelSelector is a label query over a set of resources - used to select the operator's components - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - refs: - description: Refs are a set of references to the operator's component - resources, selected with LabelSelector. - type: array - items: - description: RichReference is a reference to a resource, enriched - with its status conditions. + - name: v1 + schema: + openAPIV3Schema: + description: Operator represents a cluster operator. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OperatorSpec defines the desired state of Operator + type: object + status: + description: OperatorStatus defines the observed state of an Operator and its components + type: object + properties: + components: + description: Components describes resources that compose the operator. + type: object + required: + - labelSelector + properties: + labelSelector: + description: LabelSelector is a label query over a set of resources used to select the operator's components type: object properties: - apiVersion: - description: API version of the referent. - type: string - conditions: - description: Conditions represents the latest state of the - component. + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: Condition represent the latest available - observations of an component's state. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. type: object required: - - status - - type + - key + - operator properties: - lastTransitionTime: - description: Last time the condition transitioned - from one status to another. + key: + description: key is the label key that the selector applies to. type: string - format: date-time - lastUpdateTime: - description: Last time the condition was probed + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string - format: date-time - message: - description: A human readable message indicating details - about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, - False, Unknown. - type: string - type: - description: Type of condition. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way - of referencing a part of an object. TODO: this design - is not final and this field is subject to change in the - future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: true - subresources: - status: {} + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + refs: + description: Refs are a set of references to the operator's component resources, selected with LabelSelector. + type: array + items: + description: RichReference is a reference to a resource, enriched with its status conditions. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + conditions: + description: Conditions represents the latest state of the component. + type: array + items: + description: Condition represent the latest available observations of an component's state. + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + format: date-time + lastUpdateTime: + description: Last time the condition was probed + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 + controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: subscriptions.operators.coreos.com spec: group: operators.coreos.com names: categories: - - olm + - olm kind: Subscription listKind: SubscriptionList plural: subscriptions shortNames: - - sub - - subs + - sub + - subs singular: subscription scope: Namespaced versions: - - additionalPrinterColumns: - - description: The package subscribed to - jsonPath: .spec.name - name: Package - type: string - - description: The catalog source for the specified package - jsonPath: .spec.source - name: Source - type: string - - description: The channel of updates to subscribe to - jsonPath: .spec.channel - name: Channel - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Subscription keeps operators up to date by tracking changes to - Catalogs. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SubscriptionSpec defines an Application that can be installed - type: object - required: - - name - - source - - sourceNamespace - properties: - channel: - type: string - config: - description: SubscriptionConfig contains configuration specified for - a subscription. - type: object - properties: - env: - description: Env is a list of environment variables to set in - the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present - in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - envFrom: - description: EnvFrom is a list of sources to populate environment - variables in the container. The keys defined within a source - must be a C_IDENTIFIER. All invalid keys will be reported as - an event when the container is starting. When a key exists in - multiple sources, the value associated with the last source - will take precedence. Values defined by an Env with a duplicate - key will take precedence. Immutable. - type: array - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - nodeSelector: - description: 'NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node''s - labels for the pod to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - resources: - description: 'Resources represents compute resources required - by this container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + - additionalPrinterColumns: + - description: The package subscribed to + jsonPath: .spec.name + name: Package + type: string + - description: The catalog source for the specified package + jsonPath: .spec.source + name: Source + type: string + - description: The channel of updates to subscribe to + jsonPath: .spec.channel + name: Channel + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Subscription keeps operators up to date by tracking changes to Catalogs. + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SubscriptionSpec defines an Application that can be installed + type: object + required: + - name + - source + - sourceNamespace + properties: + channel: + type: string + config: + description: SubscriptionConfig contains configuration specified for a subscription. + type: object + properties: + env: + description: Env is a list of environment variables to set in the container. Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - selector: - description: Selector is the label selector for pods to be configured. - Existing ReplicaSets whose pods are selected by this will be - the ones affected by this deployment. It must match the pod - template's labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - tolerations: - description: Tolerations are the pod's tolerations. - type: array - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - volumeMounts: - description: List of VolumeMounts to set in the container. - type: array - items: - description: VolumeMount describes a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationNone is used. This - field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - volumes: - description: List of Volumes to set in the podSpec. - type: array - items: - description: Volume represents a named volume in a pod that - may be accessed by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property - empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the - default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read - Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob - disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults - to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents an Azure File Service - mount on the host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure - Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph FS mount on the host - that shares a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors is a collection of - Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the - authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - user: - description: 'Optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - volumeID: - description: 'volume id used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents a configMap that should - populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be - projected into the volume as a file whose name is - the key and content is the value. If specified, the - listed keys will be projected into the specified paths, - and unlisted keys will not be present. If a key is - specified which is not present in the ConfigMap, the - volume setup will error unless it is marked optional. - Paths must be relative and may not contain the '..' - path or start with '..'. - type: array - items: - description: Maps a string key to a path within a - volume. + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. type: object required: - - key - - path + - key properties: key: - description: The key to project. + description: The key to select. type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys - must be defined - type: boolean - csi: - description: CSI (Container Storage Interface) represents - storage that is handled by an external CSI driver (Alpha - feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the CSI driver that - handles this volume. Consult with your admin for the - correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed - to the associated CSI driver which will determine - the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to - the secret object containing sensitive information - to pass to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the - secret object contains more than one secret, all secret - references are passed. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - readOnly: - description: Specifies a read-only configuration for - the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes stores driver-specific - properties that are passed to the CSI driver. Consult - your driver's documentation for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents downward API about the - pod that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of downward API volume - file - type: array - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' type: object required: - - path + - fieldPath properties: - fieldRef: - description: 'Required: Selects a field of the - pod: only annotations, labels, name and namespace - are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative - path name of the file to be created. Must not - be absolute or contain the ''..'' path. Must - be utf-8 encoded. The first item of the relative - path must not start with ''..''' + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - emptyDir: - description: 'EmptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + fieldPath: + description: Path of the field to select in the specified API version. + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + envFrom: + description: EnvFrom is a list of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Immutable. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + nodeSelector: + description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + additionalProperties: + type: string + resources: + description: 'Resources represents compute resources required by this container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object - properties: - medium: - description: 'What type of storage medium should back - this directory. The default is "" which means to use - the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required - for this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all - containers in a pod. The default is nil which means - that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: - type: integer - type: string - x-kubernetes-int-or-string: true - fc: - description: FC represents a Fibre Channel resource that - is attached to a kubelet's host machine and then exposed - to the pod. + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs - and lun must be set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the driver to use - for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: string - options: - description: 'Optional: Extra command options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the - secret object containing sensitive information to - pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the - plugin scripts.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - flocker: - description: Flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - type: object - properties: - datasetName: - description: Name of the dataset stored as metadata - -> name on the dataset for Flocker should be considered - as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the PD resource in GCE. - Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an - InitContainer that clones the repo using git, then mount - the EmptyDir into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory name. Must not contain - or start with '..'. If '.' is supplied, the volume - directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on - the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is the endpoint name that - details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs - volume to be mounted with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents a pre-existing file or - directory on the host machine that is directly exposed - to the container. This is generally used for system agents - or other privileged things that are allowed to see the - host machine. Most containers will NOT need this. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host - directory mounts and who can/can not mount host directories - as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory on the host. If - the path is a symlink, it will follow the link to - the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that - is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new - iSCSI interface : will - be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI - transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal List. The portal is - either an IP or ip_addr:port if the port is other - than default (typically TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - targetPortal: - description: iSCSI Target Portal. The Portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that - shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export - to be mounted with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent - disk - type: string - portworxVolume: - description: PortworxVolume represents a portworx volume - attached and mounted on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents the filesystem type to - mount Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx - volume - type: string - projected: - description: Items for all in one resources secrets, configmaps, - and downward API - type: object - required: - - sources - properties: - defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that may be projected along - with other supported volume types - type: object - properties: - configMap: - description: information about the configMap data - to project - type: object - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the ConfigMap, the volume setup will - error unless it is marked optional. Paths - must be relative and may not contain the - '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path - within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its keys must be defined - type: boolean - downwardAPI: - description: information about the downwardAPI - data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume - file - type: array - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute or - contain the ''..'' path. Must be utf-8 - encoded. The first item of the relative - path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required - for volumes, optional for env - vars' - type: string - divisor: - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - secret: - description: information about the secret data - to project - type: object - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the Secret, the volume setup will error - unless it is marked optional. Paths must - be relative and may not contain the '..' - path or start with '..'. - type: array - items: - description: Maps a string key to a path - within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - serviceAccountToken: - description: information about the serviceAccountToken - data to project - type: object - required: - - path - properties: - audience: - description: Audience is the intended audience - of the token. A recipient of a token must - identify itself with an identifier specified - in the audience of the token, and otherwise - should reject the token. The audience defaults - to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, - the kubelet volume plugin will proactively - rotate the service account token. The kubelet - will start trying to rotate the token if - the token is older than 80 percent of its - time to live or if the token is older than - 24 hours.Defaults to 1 hour and must be - at least 10 minutes. - type: integer - format: int64 - path: - description: Path is the path relative to - the mount point of the file to project the - token into. - type: string - quobyte: - description: Quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume access to Default is - no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults - to false. - type: boolean - registry: - description: Registry represents a single or multiple - Quobyte Registry services specified as a string as - host:port pair (multiple entries are separated with - commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to - serivceaccount user - type: string - volume: - description: Volume is a string that references an already - created Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados Block Device mount - on the host that shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - user: - description: 'The rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain - for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for - ScaleIO user and other sensitive information. If this - is not provided, Login operation will fail. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - sslEnabled: - description: Flag to enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with - the protection domain. - type: string - system: - description: The name of the storage system as configured - in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in - the ScaleIO system that is associated with this volume - source. - type: string - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the Secret, the volume setup will - error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start - with '..'. - type: array - items: - description: Maps a string key to a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - optional: - description: Specify whether the Secret or its keys - must be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for - obtaining the StorageOS API credentials. If not specified, - default values will be attempted. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - volumeName: - description: VolumeName is the human-readable name of - the StorageOS volume. Volume names are only unique - within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of - the volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows - the Kubernetes name scoping to be mirrored within - StorageOS for tighter integration. Set VolumeName - to any name to override the default behaviour. Set - to "default" if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist within - StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) - profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) - profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - installPlanApproval: - description: Approval is the user approval policy for an InstallPlan. - It must be one of "Automatic" or "Manual". - type: string - name: - type: string - source: - type: string - sourceNamespace: - type: string - startingCSV: - type: string - status: - type: object - required: - - lastUpdated - properties: - catalogHealth: - description: CatalogHealth contains the Subscription's view of its - relevant CatalogSources' status. It is used to determine SubscriptionStatusConditions - related to CatalogSources. - type: array - items: - description: SubscriptionCatalogHealth describes the health of a - CatalogSource the Subscription knows about. - type: object - required: - - catalogSourceRef - - healthy - - lastUpdated - properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to a CatalogSource. + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + selector: + description: Selector is the label selector for pods to be configured. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template's labels. type: object properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way - of referencing a part of an object. TODO: this design - is not final and this field is subject to change in the - future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - healthy: - description: Healthy is true if the CatalogSource is healthy; - false otherwise. - type: boolean - lastUpdated: - description: LastUpdated represents the last time that the CatalogSourceHealth - changed + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + tolerations: + description: Tolerations are the pod's tolerations. + type: array + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + type: object + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + type: integer + format: int64 + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + volumeMounts: + description: List of VolumeMounts to set in the container. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + volumes: + description: List of Volumes to set in the podSpec. + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: object + required: + - volumeID + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' + type: integer + format: int32 + readOnly: + description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + type: object + required: + - diskName + - diskURI + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + azureFile: + description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + type: object + required: + - secretName + - shareName + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + cephfs: + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + type: object + required: + - monitors + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: array + items: + type: string + path: + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + user: + description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + cinder: + description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: object + required: + - volumeID + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + volumeID: + description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + configMap: + description: ConfigMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + csi: + description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). + type: object + required: + - driver + properties: + driver: + description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + readOnly: + description: Specifies a read-only configuration for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + type: object + additionalProperties: + type: string + downwardAPI: + description: DownwardAPI represents downward API about the pod that should populate this volume + type: object + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: Items is a list of downward API volume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + emptyDir: + description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: object + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + ephemeral: + description: "Ephemeral represents a volume that is handled by a cluster storage driver (Alpha feature). The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." + type: object + properties: + readOnly: + description: Specifies a read-only configuration for the volume. Defaults to false (read/write). + type: boolean + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." + type: object + required: + - spec + properties: + metadata: + description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. + type: object + properties: + accessModes: + description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + type: array + items: + type: string + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.' + type: object + required: + - kind + - name + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + resources: + description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + selector: + description: A label query over volumes to consider for binding. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + fc: + description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + type: object + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + type: integer + format: int32 + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + type: array + items: + type: string + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' + type: array + items: + type: string + flexVolume: + description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + type: object + required: + - driver + properties: + driver: + description: Driver is the name of the driver to use for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + description: 'Optional: Extra command options if any.' + type: object + additionalProperties: + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + flocker: + description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + type: object + properties: + datasetName: + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier of a Flocker dataset + type: string + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: object + required: + - pdName + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: integer + format: int32 + pdName: + description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + gitRepo: + description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' + type: object + required: + - repository + properties: + directory: + description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + type: object + required: + - endpoints + - path + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + hostPath: + description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' + type: object + required: + - path + properties: + path: + description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + type: object + required: + - iqn + - lun + - targetPortal + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + type: integer + format: int32 + portals: + description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + type: array + items: + type: string + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + targetPortal: + description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + type: string + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: object + required: + - path + - server + properties: + path: + description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: object + required: + - claimName + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + type: object + required: + - pdID + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent disk + type: string + portworxVolume: + description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + type: object + required: + - volumeID + properties: + fsType: + description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + projected: + description: Items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: information about the configMap data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + downwardAPI: + description: information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + secret: + description: information about the secret data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + serviceAccountToken: + description: information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + type: integer + format: int64 + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + quobyte: + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + type: object + required: + - registry + - volume + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount user + type: string + volume: + description: Volume is a string that references an already created Quobyte volume by name. + type: string + rbd: + description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + type: object + required: + - image + - monitors + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: array + items: + type: string + pool: + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + user: + description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + type: object + required: + - gateway + - secretRef + - system + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + sslEnabled: + description: Flag to enable/disable SSL communication with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the protection domain. + type: string + system: + description: The name of the storage system as configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO system that is associated with this volume source. + type: string + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + storageos: + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + type: object + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + volumeName: + description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + type: string + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + type: object + required: + - volumePath + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + installPlanApproval: + description: Approval is the user approval policy for an InstallPlan. It must be one of "Automatic" or "Manual". + type: string + name: + type: string + source: + type: string + sourceNamespace: + type: string + startingCSV: + type: string + status: + type: object + required: + - lastUpdated + properties: + catalogHealth: + description: CatalogHealth contains the Subscription's view of its relevant CatalogSources' status. It is used to determine SubscriptionStatusConditions related to CatalogSources. + type: array + items: + description: SubscriptionCatalogHealth describes the health of a CatalogSource the Subscription knows about. + type: object + required: + - catalogSourceRef + - healthy + - lastUpdated + properties: + catalogSourceRef: + description: CatalogSourceRef is a reference to a CatalogSource. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + healthy: + description: Healthy is true if the CatalogSource is healthy; false otherwise. + type: boolean + lastUpdated: + description: LastUpdated represents the last time that the CatalogSourceHealth changed + type: string + format: date-time + conditions: + description: Conditions is a list of the latest available observations about a Subscription's current state. + type: array + items: + description: SubscriptionCondition represents the latest available observations of a Subscription's state. + type: object + required: + - status + - type + properties: + lastHeartbeatTime: + description: LastHeartbeatTime is the last time we got an update on a given condition + type: string + format: date-time + lastTransitionTime: + description: LastTransitionTime is the last time the condition transit from one status to another + type: string + format: date-time + message: + description: Message is a human-readable message indicating details about last transition. + type: string + reason: + description: Reason is a one-word CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of Subscription condition. + type: string + currentCSV: + description: CurrentCSV is the CSV the Subscription is progressing to. + type: string + installPlanGeneration: + description: InstallPlanGeneration is the current generation of the installplan + type: integer + installPlanRef: + description: InstallPlanRef is a reference to the latest InstallPlan that contains the Subscription's current CSV. + type: object + properties: + apiVersion: + description: API version of the referent. type: string - format: date-time - conditions: - description: Conditions is a list of the latest available observations - about a Subscription's current state. - type: array - items: - description: SubscriptionCondition represents the latest available - observations of a Subscription's state. + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + installedCSV: + description: InstalledCSV is the CSV currently installed by the Subscription. + type: string + installplan: + description: 'Install is a reference to the latest InstallPlan generated for the Subscription. DEPRECATED: InstallPlanRef' type: object required: - - status - - type + - apiVersion + - kind + - name + - uuid properties: - lastHeartbeatTime: - description: LastHeartbeatTime is the last time we got an update - on a given condition + apiVersion: type: string - format: date-time - lastTransitionTime: - description: LastTransitionTime is the last time the condition - transit from one status to another + kind: type: string - format: date-time - message: - description: Message is a human-readable message indicating - details about last transition. + name: type: string - reason: - description: Reason is a one-word CamelCase reason for the condition's - last transition. + uuid: + description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. type: string - status: - description: Status is the status of the condition, one of True, - False, Unknown. - type: string - type: - description: Type is the type of Subscription condition. - type: string - currentCSV: - description: CurrentCSV is the CSV the Subscription is progressing - to. - type: string - installPlanGeneration: - description: InstallPlanGeneration is the current generation of the - installplan - type: integer - installPlanRef: - description: InstallPlanRef is a reference to the latest InstallPlan - that contains the Subscription's current CSV. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - installedCSV: - description: InstalledCSV is the CSV currently installed by the Subscription. - type: string - installplan: - description: 'Install is a reference to the latest InstallPlan generated - for the Subscription. DEPRECATED: InstallPlanRef' - type: object - required: - - apiVersion - - kind - - name - - uuid - properties: - apiVersion: - type: string - kind: - type: string - name: - type: string - uuid: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias to - string. Being a type captures intent and helps make sure that - UIDs and names do not get conflated. - type: string - lastUpdated: - description: LastUpdated represents the last time that the Subscription - status was updated. - type: string - format: date-time - reason: - description: Reason is the reason the Subscription was transitioned - to its current state. - type: string - state: - description: State represents the current state of the Subscription - type: string - served: true - storage: true - subresources: - status: {} - + lastUpdated: + description: LastUpdated represents the last time that the Subscription status was updated. + type: string + format: date-time + reason: + description: Reason is the reason the Subscription was transitioned to its current state. + type: string + state: + description: State represents the current state of the Subscription + type: string + served: true + storage: true + subresources: + status: {} diff --git a/deploy/addons/olm/olm.yaml.tmpl b/deploy/addons/olm/olm.yaml.tmpl index e79ce4a015..dcd3175711 100644 --- a/deploy/addons/olm/olm.yaml.tmpl +++ b/deploy/addons/olm/olm.yaml.tmpl @@ -1,4 +1,4 @@ -# Copyright 2016 The Kubernetes Authors All rights reserved. +# Copyright 2021 The Kubernetes Authors All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +# ref: https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.18.3/olm.yaml + --- apiVersion: v1 kind: Namespace @@ -82,7 +84,7 @@ spec: - $(OPERATOR_NAMESPACE) - --writeStatusName - "" - image: {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM }}{{.Images.OLM}} + image: {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM}}{{.Images.OLM}} imagePullPolicy: IfNotPresent ports: - containerPort: 8080 @@ -99,7 +101,6 @@ spec: port: 8080 terminationMessagePolicy: FallbackToLogsOnError env: - - name: OPERATOR_NAMESPACE valueFrom: fieldRef: @@ -110,8 +111,6 @@ spec: requests: cpu: 10m memory: 160Mi - - nodeSelector: kubernetes.io/os: linux --- @@ -144,8 +143,8 @@ spec: - olm - -configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest - -util-image - - {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM }}{{.Images.OLM}} - image: {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM }}{{.Images.OLM}} + - {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM}}{{.Images.OLM}} + image: {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM}}{{.Images.OLM}} imagePullPolicy: IfNotPresent ports: - containerPort: 8080 @@ -161,14 +160,10 @@ spec: path: /healthz port: 8080 terminationMessagePolicy: FallbackToLogsOnError - env: - resources: requests: cpu: 10m memory: 80Mi - - nodeSelector: kubernetes.io/os: linux --- @@ -224,7 +219,7 @@ metadata: name: packageserver namespace: olm labels: - olm.version: 0.17.0 + olm.version: 0.18.3 spec: displayName: Package Server description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. @@ -288,6 +283,9 @@ spec: spec: strategy: type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 1 replicas: 2 selector: matchLabels: @@ -309,7 +307,7 @@ spec: - "5443" - --global-namespace - olm - image: {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM }}{{.Images.OLM}} + image: {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM}}{{.Images.OLM}} imagePullPolicy: Always ports: - containerPort: 5443 @@ -337,7 +335,7 @@ spec: - name: tmpfs emptyDir: {} maturity: alpha - version: 0.17.0 + version: 0.18.3 apiservicedefinitions: owned: - group: packages.operators.coreos.com @@ -356,6 +354,9 @@ metadata: namespace: olm spec: sourceType: grpc - image: {{.CustomRegistries.UpstreamCommunityOperators | default .ImageRepository | default .Registries.UpstreamCommunityOperators }}{{.Images.UpstreamCommunityOperators}} + image: {{.CustomRegistries.UpstreamCommunityOperators | default .ImageRepository | default .Registries.UpstreamCommunityOperators}}{{.Images.UpstreamCommunityOperators}} displayName: Community Operators publisher: OperatorHub.io + updateStrategy: + registryPoll: + interval: 60m diff --git a/pkg/minikube/assets/addons.go b/pkg/minikube/assets/addons.go index e698635a5d..3987104f71 100755 --- a/pkg/minikube/assets/addons.go +++ b/pkg/minikube/assets/addons.go @@ -310,8 +310,9 @@ var Addons = map[string]*Addon{ "olm.yaml", "0640"), }, false, "olm", "", map[string]string{ - "OLM": "operator-framework/olm:v0.17.0@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607", - "UpstreamCommunityOperators": "operator-framework/upstream-community-operators:07bbc13@sha256:cc7b3fdaa1ccdea5866fcd171669dc0ed88d3477779d8ed32e3712c827e38cc0", + "OLM": "operator-framework/olm@sha256:e74b2ac57963c7f3ba19122a8c31c9f2a0deb3c0c5cac9e5323ccffd0ca198ed", + // operator-framework/community-operators was deprecated: https://github.com/operator-framework/community-operators#repository-is-obsolete; switching to OperatorHub.io instead + "UpstreamCommunityOperators": "operatorhubio/catalog:latest", }, map[string]string{ "OLM": "quay.io", "UpstreamCommunityOperators": "quay.io", @@ -527,12 +528,12 @@ var Addons = map[string]*Addon{ "gcp-auth-service.yaml", "0640"), MustBinAsset(addons.GcpAuthAssets, - "gcp-auth/gcp-auth-webhook.yaml.tmpl.tmpl", + "gcp-auth/gcp-auth-webhook.yaml.tmpl", vmpath.GuestAddonsDir, "gcp-auth-webhook.yaml", "0640"), }, false, "gcp-auth", "google", map[string]string{ - "KubeWebhookCertgen": "jettech/kube-webhook-certgen:v1.3.0@sha256:ff01fba91131ed260df3f3793009efbf9686f5a5ce78a85f81c386a4403f7689", + "KubeWebhookCertgen": "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0@sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068", "GCPAuthWebhook": "k8s-minikube/gcp-auth-webhook:v0.0.7@sha256:be9661afbd47e4042bee1cb48cae858cc2f4b4e121340ee69fdc0013aeffcca4", }, map[string]string{ "GCPAuthWebhook": "gcr.io", diff --git a/test/integration/addons_test.go b/test/integration/addons_test.go index 560a4329ab..df3f02823d 100644 --- a/test/integration/addons_test.go +++ b/test/integration/addons_test.go @@ -419,37 +419,27 @@ func validateHelmTillerAddon(ctx context.Context, t *testing.T, profile string) func validateOlmAddon(ctx context.Context, t *testing.T, profile string) { defer PostMortemLogs(t, profile) - client, err := kapi.Client(profile) - if err != nil { - t.Fatalf("failed to get Kubernetes client for %s: %v", profile, err) - } - start := time.Now() - if err := kapi.WaitForDeploymentToStabilize(client, "olm", "catalog-operator", Minutes(6)); err != nil { - t.Errorf("failed waiting for catalog-operator deployment to stabilize: %v", err) + + if _, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "wait", "--for=condition=ready", "--namespace=olm", "pod", "--selector=app=catalog-operator", "--timeout=90s")); err != nil { + t.Fatalf("failed waititing for pod catalog-operator: %v", err) } t.Logf("catalog-operator stabilized in %s", time.Since(start)) - if err := kapi.WaitForDeploymentToStabilize(client, "olm", "olm-operator", Minutes(6)); err != nil { - t.Errorf("failed waiting for olm-operator deployment to stabilize: %v", err) + + if _, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "wait", "--for=condition=ready", "--namespace=olm", "pod", "--selector=app=olm-operator", "--timeout=90s")); err != nil { + t.Fatalf("failed waititing for pod olm-operator: %v", err) } t.Logf("olm-operator stabilized in %s", time.Since(start)) - if err := kapi.WaitForDeploymentToStabilize(client, "olm", "packageserver", Minutes(6)); err != nil { - t.Errorf("failed waiting for packageserver deployment to stabilize: %v", err) + + if _, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "wait", "--for=condition=ready", "--namespace=olm", "pod", "--selector=app=packageserver", "--timeout=90s")); err != nil { + t.Fatalf("failed waititing for pod olm-operator: %v", err) } t.Logf("packageserver stabilized in %s", time.Since(start)) - if _, err := PodWait(ctx, t, profile, "olm", "app=catalog-operator", Minutes(6)); err != nil { - t.Fatalf("failed waiting for pod catalog-operator: %v", err) - } - if _, err := PodWait(ctx, t, profile, "olm", "app=olm-operator", Minutes(6)); err != nil { - t.Fatalf("failed waiting for pod olm-operator: %v", err) - } - if _, err := PodWait(ctx, t, profile, "olm", "app=packageserver", Minutes(6)); err != nil { - t.Fatalf("failed waiting for pod packageserver: %v", err) - } - if _, err := PodWait(ctx, t, profile, "olm", "olm.catalogSource=operatorhubio-catalog", Minutes(6)); err != nil { - t.Fatalf("failed waiting for pod operatorhubio-catalog: %v", err) + if _, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "wait", "--for=condition=ready", "--namespace=olm", "pod", "--selector=olm.catalogSource=operatorhubio-catalog", "--timeout=90s")); err != nil { + t.Fatalf("failed waititing for pod operatorhubio-catalog: %v", err) } + t.Logf("operatorhubio-catalog stabilized in %s", time.Since(start)) // Install one sample Operator such as etcd rr, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "create", "-f", filepath.Join(*testdataDir, "etcd.yaml"))) @@ -471,7 +461,6 @@ func validateOlmAddon(ctx context.Context, t *testing.T, profile string) { } return nil } - // Operator installation takes a while if err := retry.Expo(checkOperatorInstalled, time.Second*3, Minutes(10)); err != nil { t.Errorf("failed checking operator installed: %v", err.Error()) diff --git a/test/integration/testdata/etcd.yaml b/test/integration/testdata/etcd.yaml index b89177a24d..8204e87ba2 100644 --- a/test/integration/testdata/etcd.yaml +++ b/test/integration/testdata/etcd.yaml @@ -1,3 +1,5 @@ +# ref: https://operatorhub.io/install/etcd.yaml + apiVersion: v1 kind: Namespace metadata: @@ -12,13 +14,28 @@ spec: targetNamespaces: - my-etcd --- +# # etcd v0.9.4 uses 'apiVersion: apiextensions.k8s.io/v1beta1' deprecated in k8s v1.22+ +# # ref: https://github.com/k8s-operatorhub/community-operators/blob/834fa9b5a58f75fbf1ae2ed5e37db2efe1cab483/operators/etcd/0.9.4/etcdclusters.etcd.database.coreos.com.crd.yaml#L1 +# # keep it disabled until updated and temporary use the 'cluster-manager' below instead +# apiVersion: operators.coreos.com/v1alpha1 +# kind: Subscription +# metadata: +# name: my-etcd +# namespace: my-etcd +# spec: +# channel: singlenamespace-alpha +# name: etcd +# source: operatorhubio-catalog +# sourceNamespace: olm +# --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: - name: my-etcd + name: cluster-manager namespace: my-etcd spec: - channel: singlenamespace-alpha - name: etcd + channel: stable + name: cluster-manager source: operatorhubio-catalog sourceNamespace: olm + installPlanApproval: Automatic From fc6aa28ccce5013550c7fc903444496abe4f6f57 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Aug 2021 17:56:37 +0000 Subject: [PATCH 194/205] Bump k8s.io/api from 0.22.0 to 0.22.1 Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.22.0 to 0.22.1. - [Release notes](https://github.com/kubernetes/api/releases) - [Commits](https://github.com/kubernetes/api/compare/v0.22.0...v0.22.1) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 022219846f..bc12dd633d 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.16 require ( cloud.google.com/go/storage v1.15.0 contrib.go.opencensus.io/exporter/stackdriver v0.12.1 - github.com/Delta456/box-cli-maker/v2 v2.2.1 + github.com/Delta456/box-cli-maker/v2 v2.2.2 github.com/GoogleCloudPlatform/docker-credential-gcr v0.0.0-20210713212222-faed5e8b8ca2 github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v0.16.0 github.com/Microsoft/hcsshim v0.8.17 // indirect @@ -29,7 +29,6 @@ require ( github.com/google/go-github/v36 v36.0.0 github.com/google/slowjam v1.0.0 github.com/google/uuid v1.3.0 - github.com/gookit/color v1.4.2 // indirect github.com/hashicorp/go-getter v1.5.7 github.com/hashicorp/go-retryablehttp v0.7.0 github.com/hashicorp/golang-lru v0.5.3 // indirect @@ -53,7 +52,6 @@ require ( github.com/machine-drivers/docker-machine-driver-vmware v0.1.3 github.com/mattbaird/jsonpatch v0.0.0-20200820163806-098863c1fc24 github.com/mattn/go-isatty v0.0.13 - github.com/mattn/go-runewidth v0.0.13 // indirect github.com/mitchellh/go-ps v1.0.0 github.com/moby/hyperkit v0.0.0-20210108224842-2f061e447e14 github.com/moby/sys/mount v0.2.0 // indirect @@ -84,14 +82,14 @@ require ( golang.org/x/mod v0.5.0 golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c - golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c + golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf golang.org/x/term v0.0.0-20210406210042-72f3dc4e9b72 golang.org/x/text v0.3.7 gonum.org/v1/plot v0.9.0 google.golang.org/api v0.52.0 gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 // indirect gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.22.0 + k8s.io/api v0.22.1 k8s.io/apimachinery v0.22.0 k8s.io/client-go v0.22.0 k8s.io/klog/v2 v2.10.0 From 4b896270d7bc6221ea2d1d5367c3e40210ae7670 Mon Sep 17 00:00:00 2001 From: Medya Gh Date: Tue, 24 Aug 2021 11:07:40 -0700 Subject: [PATCH 195/205] address review comments --- site/content/en/docs/tutorials/continuous_integration.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/site/content/en/docs/tutorials/continuous_integration.md b/site/content/en/docs/tutorials/continuous_integration.md index c3b0c81ba5..16f97819c9 100644 --- a/site/content/en/docs/tutorials/continuous_integration.md +++ b/site/content/en/docs/tutorials/continuous_integration.md @@ -17,17 +17,17 @@ To see a working example of running minikube in CI checkout [minikube-ci/example ## Supported / Tested CI Platforms -For any platform not yet listed we are looking for your help! Please file Pull Requests and / or Issues for missing CI platforms :smile: +For any platform not yet listed we are looking for your help! Please file Pull Requests and / or Issues for missing CI platforms 😄 | Platform | Known to Work? | Status | |---|---|--| | [Prow](https://github.com/kubernetes/test-infra/tree/master/prow) | [Yes](https://github.com/kubernetes/test-infra/tree/master/config/jobs/kubernetes/minikube) ✔️ | [![Prow](https://prow.k8s.io/badge.svg?jobs=pull-minikube-build)](https://prow.k8s.io/?job=pull-minikube-build) | -| [Google Cloud Build](https://cloud.google.com/cloud-build/) | [Yes](https://github.com/minikube-ci/examples/blob/master/gcb.md) :heavy_check_mark: | [![cloud build status](https://storage.googleapis.com/minikube-ci-example/build/working.svg)](https://pantheon.corp.google.com/cloud-build/dashboard?project=k8s-minikube) | +| [Google Cloud Build](https://cloud.google.com/cloud-build/) | [Yes](https://github.com/minikube-ci/examples/blob/master/gcb.md) ✔️ | [![cloud build status](https://storage.googleapis.com/minikube-ci-example/build/working.svg)](https://pantheon.corp.google.com/cloud-build/dashboard?project=k8s-minikube) | | [Github](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/about-continuous-integration) | [Yes](https://github.com/minikube-ci/examples/blob/master/.github/workflows/minikube.yml) ✔️ | [![Github](https://github.com/minikube-ci/examples/workflows/Minikube/badge.svg)](https://github.com/minikube-ci/examples/actions) | | [Azure Pipelines](https://azure.microsoft.com/en-us/services/devops/pipelines/) | [Yes](https://github.com/minikube-ci/examples/blob/master/azure-pipelines.yml) ✔️ | [![Azure Pipelines](https://dev.azure.com/medyagh0825/minikube-ci/_apis/build/status/examples?api-version=5.1-preview.1)](https://dev.azure.com/medyagh0825/minikube-ci/_build) | [Travis CI](https://travis-ci.com/) | [Yes](https://github.com/minikube-ci/examples/blob/master/.travis.yml) ✔️ | [![Travis CI](https://travis-ci.com/minikube-ci/examples.svg?branch=master)](https://travis-ci.com/minikube-ci/examples/) | | [CircleCI](https://circleci.com/) | [Yes](https://github.com/minikube-ci/examples/blob/master/.circleci) ✔️ | [![CircleCI](https://circleci.com/gh/minikube-ci/examples.svg?style=svg)](https://circleci.com/gh/minikube-ci/examples) | -| [Gitlab](https://about.gitlab.com/product/continuous-integration/) | [Yes](https://github.com/minikube-ci/examples/blob/master/.gitlab-ci.yml) ✔️ | ![Gitlab](https://gitlab.com/minikube-ci/examples/badges/master/pipeline.svg) | +| [Gitlab](https://about.gitlab.com/product/continuous-integration/) | [Yes](https://github.com/minikube-ci/examples/blob/master/.gitlab-ci.yml) ✔️ | Gitlab | From 1ba150fd63bcef8e677f3531d81b0b1021fc1721 Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Tue, 24 Aug 2021 10:26:33 -0700 Subject: [PATCH 196/205] Add unit test for tcsh shell. --- pkg/minikube/shell/shell_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/minikube/shell/shell_test.go b/pkg/minikube/shell/shell_test.go index cf8de26c26..30aac5148a 100644 --- a/pkg/minikube/shell/shell_test.go +++ b/pkg/minikube/shell/shell_test.go @@ -41,6 +41,7 @@ func TestGenerateUsageHint(t *testing.T) { {EnvConfig{"fish"}, `# foo # bar | source`}, {EnvConfig{"none"}, ``}, + {EnvConfig{"tcsh"}, "\n: \"foo\"\n: eval `bar`\n"}, } for _, tc := range testCases { tc := tc @@ -67,6 +68,7 @@ func TestCfgSet(t *testing.T) { {"", "eval", EnvConfig{"emacs"}, `")`}, {"", "eval", EnvConfig{"none"}, ``}, {"", "eval", EnvConfig{"fish"}, `";`}, + {"", "eval", EnvConfig{"tcsh"}, `";`}, } for _, tc := range testCases { tc := tc @@ -100,6 +102,7 @@ set -e bar;`}, {[]string{"baz", "bar"}, EnvConfig{"emacs"}, `(setenv "baz" nil) (setenv "bar" nil)`}, {[]string{"baz", "bar"}, EnvConfig{"none"}, "baz\nbar"}, + {[]string{"baz", "bar"}, EnvConfig{"tcsh"}, "unsetenv baz;\nunsetenv bar;"}, } for _, tc := range testCases { tc := tc From c4bdef14ce0d21b48c1cfe9eeee9766f4d46d094 Mon Sep 17 00:00:00 2001 From: Predrag Rogic Date: Tue, 24 Aug 2021 20:02:19 +0100 Subject: [PATCH 197/205] fix TestFunctional/parallel/LoadImageFromFile --- test/integration/functional_test.go | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/test/integration/functional_test.go b/test/integration/functional_test.go index cd784cba61..a31120ab11 100644 --- a/test/integration/functional_test.go +++ b/test/integration/functional_test.go @@ -299,11 +299,7 @@ func validateLoadImageFromFile(ctx context.Context, t *testing.T, profile string defer os.Remove(imageFile) // try to load the new image into minikube - imagePath, err := filepath.Abs(imageFile) - if err != nil { - t.Fatalf("failed to get absolute path of file %q: %v", imageFile, err) - } - rr, err = Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "image", "load", imagePath)) + rr, err = Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "image", "load", imageFile)) if err != nil { t.Fatalf("loading image into minikube: %v\n%s", err, rr.Output()) } From c2153fb8ccab45784946a2fb976a0a0542c3c525 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Tue, 24 Aug 2021 13:42:05 -0700 Subject: [PATCH 198/205] fix link to iso/kicbase logs on build failure --- hack/jenkins/build_iso.sh | 2 +- hack/jenkins/kicbase_auto_build.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hack/jenkins/build_iso.sh b/hack/jenkins/build_iso.sh index 2411aec719..73ded6d388 100755 --- a/hack/jenkins/build_iso.sh +++ b/hack/jenkins/build_iso.sh @@ -46,7 +46,7 @@ ec=$? if [ $ec -gt 0 ]; then if [ "$release" = false ]; then gh pr comment ${ghprbPullId} --body "Hi ${ghprbPullAuthorLoginMention}, building a new ISO failed. - See the logs at: https://storage.cloud.google.com/minikube-builds/logs/${ghprbPullId}/iso-${BUILD_NUMBER}/iso_build.txt + See the logs at: https://storage.cloud.google.com/minikube-builds/logs/${ghprbPullId}/${ghprbActualCommit::7}/iso_build.txt " fi exit $ec diff --git a/hack/jenkins/kicbase_auto_build.sh b/hack/jenkins/kicbase_auto_build.sh index e73d86ac2b..4a05018dfc 100755 --- a/hack/jenkins/kicbase_auto_build.sh +++ b/hack/jenkins/kicbase_auto_build.sh @@ -68,7 +68,7 @@ ec=$? if [ $ec -gt 0 ]; then if [ "$release" = false ]; then gh pr comment ${ghprbPullId} --body "Hi ${ghprbPullAuthorLoginMention}, building a new kicbase image failed. - See the logs at: https://storage.cloud.google.com/minikube-builds/logs/${ghprbPullId}/kicbase-${BUILD_NUMBER}/kic_image_build.txt + See the logs at: https://storage.cloud.google.com/minikube-builds/logs/${ghprbPullId}/${ghprbActualCommit::7}/kic_image_build.txt " fi exit $ec From c39712803af6fb666050d592cfcbe748dfa2175f Mon Sep 17 00:00:00 2001 From: Predrag Rogic Date: Tue, 24 Aug 2021 22:06:07 +0100 Subject: [PATCH 199/205] fix TestFunctional/parallel/LoadImageFromFile --- test/integration/functional_test.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/test/integration/functional_test.go b/test/integration/functional_test.go index a31120ab11..619765385f 100644 --- a/test/integration/functional_test.go +++ b/test/integration/functional_test.go @@ -65,6 +65,8 @@ var mitm *StartSession var runCorpProxy = GithubActionRunner() && runtime.GOOS == "linux" && !arm64Platform() +var imageFile = "busybox.tar" + // TestFunctional are functionality tests which can safely share a profile in parallel func TestFunctional(t *testing.T) { @@ -208,7 +210,7 @@ func cleanupUnwantedImages(ctx context.Context, t *testing.T, profile string) { } }) } - + os.Remove(imageFile) } // validateNodeLabels checks if minikube cluster is created with correct kubernetes's node label @@ -291,16 +293,18 @@ func validateLoadImageFromFile(ctx context.Context, t *testing.T, profile string } // save image to file - imageFile := "busybox.tar" rr, err = Run(t, exec.CommandContext(ctx, "docker", "save", "-o", imageFile, taggedImage)) if err != nil { t.Fatalf("failed to save image to file: %v\n%s", err, rr.Output()) } - defer os.Remove(imageFile) // try to load the new image into minikube - rr, err = Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "image", "load", imageFile)) + imagePath, err := filepath.Abs(imageFile) if err != nil { + t.Fatalf("failed to get absolute path of file %q: %v", imageFile, err) + } + rr, err = Run(t, exec.CommandContext(ctx, Target(), "-p", profile, "image", "load", imagePath)) + if err != nil || rr.Stderr.String() != "" { t.Fatalf("loading image into minikube: %v\n%s", err, rr.Output()) } @@ -428,7 +432,6 @@ func validateSaveImageToFile(ctx context.Context, t *testing.T, profile string) } // try to save the new image from minikube - imageFile := "busybox.tar" imagePath, err := filepath.Abs(imageFile) if err != nil { t.Fatalf("failed to get absolute path of file %q: %v", imageFile, err) @@ -443,7 +446,6 @@ func validateSaveImageToFile(ctx context.Context, t *testing.T, profile string) if err != nil { t.Fatalf("failed to load image to file: %v\n%s", err, rr.Output()) } - defer os.Remove(imageFile) // make sure the image was correctly loaded rr, err = Run(t, exec.CommandContext(ctx, "docker", "images", name)) From f1ba75f436e477a541dbc2d1381ca40cdbf7fdee Mon Sep 17 00:00:00 2001 From: Predrag Rogic Date: Tue, 24 Aug 2021 23:18:54 +0100 Subject: [PATCH 200/205] fix TestFunctional/parallel/LoadImageFromFile - 2nd race condition --- test/integration/functional_test.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/test/integration/functional_test.go b/test/integration/functional_test.go index 619765385f..c758fb8fca 100644 --- a/test/integration/functional_test.go +++ b/test/integration/functional_test.go @@ -65,8 +65,6 @@ var mitm *StartSession var runCorpProxy = GithubActionRunner() && runtime.GOOS == "linux" && !arm64Platform() -var imageFile = "busybox.tar" - // TestFunctional are functionality tests which can safely share a profile in parallel func TestFunctional(t *testing.T) { @@ -210,7 +208,6 @@ func cleanupUnwantedImages(ctx context.Context, t *testing.T, profile string) { } }) } - os.Remove(imageFile) } // validateNodeLabels checks if minikube cluster is created with correct kubernetes's node label @@ -293,10 +290,12 @@ func validateLoadImageFromFile(ctx context.Context, t *testing.T, profile string } // save image to file + imageFile := "busybox-load.tar" rr, err = Run(t, exec.CommandContext(ctx, "docker", "save", "-o", imageFile, taggedImage)) if err != nil { t.Fatalf("failed to save image to file: %v\n%s", err, rr.Output()) } + defer os.Remove(imageFile) // try to load the new image into minikube imagePath, err := filepath.Abs(imageFile) @@ -314,7 +313,7 @@ func validateLoadImageFromFile(ctx context.Context, t *testing.T, profile string t.Fatalf("listing images: %v\n%s", err, rr.Output()) } if !strings.Contains(rr.Output(), tag) { - t.Fatalf("expected %s to be loaded into minikube but the image is not there", taggedImage) + t.Fatalf("expected %s to be loaded into minikube but the image is not there: %v", taggedImage, rr.Output()) } } @@ -432,6 +431,7 @@ func validateSaveImageToFile(ctx context.Context, t *testing.T, profile string) } // try to save the new image from minikube + imageFile := "busybox-save.tar" imagePath, err := filepath.Abs(imageFile) if err != nil { t.Fatalf("failed to get absolute path of file %q: %v", imageFile, err) @@ -446,6 +446,7 @@ func validateSaveImageToFile(ctx context.Context, t *testing.T, profile string) if err != nil { t.Fatalf("failed to load image to file: %v\n%s", err, rr.Output()) } + defer os.Remove(imageFile) // make sure the image was correctly loaded rr, err = Run(t, exec.CommandContext(ctx, "docker", "images", name)) From aba7d399e83fe18fd3307fe78c269f4eb17475cb Mon Sep 17 00:00:00 2001 From: Predrag Rogic Date: Wed, 25 Aug 2021 02:11:10 +0100 Subject: [PATCH 201/205] fix cilium for k8s v1.22+ --- pkg/minikube/cni/cilium.go | 263 +++++++++++++++++++++++++++---------- 1 file changed, 191 insertions(+), 72 deletions(-) diff --git a/pkg/minikube/cni/cilium.go b/pkg/minikube/cni/cilium.go index 27e9bc393b..c4a9f5c81e 100644 --- a/pkg/minikube/cni/cilium.go +++ b/pkg/minikube/cni/cilium.go @@ -23,23 +23,23 @@ import ( "k8s.io/minikube/pkg/minikube/config" ) -// From https://raw.githubusercontent.com/cilium/cilium/v1.8/install/kubernetes/quick-install.yaml +// From https://raw.githubusercontent.com/cilium/cilium/v1.9/install/kubernetes/quick-install.yaml var ciliumTmpl = `--- -# Source: cilium/charts/agent/templates/serviceaccount.yaml +# Source: cilium/templates/cilium-agent-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: cilium namespace: kube-system --- -# Source: cilium/charts/operator/templates/serviceaccount.yaml +# Source: cilium/templates/cilium-operator-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: cilium-operator namespace: kube-system --- -# Source: cilium/charts/config/templates/configmap.yaml +# Source: cilium/templates/cilium-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: @@ -58,9 +58,14 @@ data: # the kvstore by commenting out the identity-allocation-mode below, or # setting it to "kvstore". identity-allocation-mode: crd + cilium-endpoint-gc-interval: "5m0s" # If you want to run cilium in debug mode change this value to true debug: "false" + # The agent can be put into the following three policy enforcement modes + # default, always and never. + # https://docs.cilium.io/en/latest/policy/intro/#policy-enforcement-modes + enable-policy: "default" # Enable IPv4 addressing. If enabled, all endpoints are allocated an IPv4 # address. @@ -69,8 +74,10 @@ data: # Enable IPv6 addressing. If enabled, all endpoints are allocated an IPv6 # address. enable-ipv6: "false" + # Users who wish to specify their own custom CNI configuration file must set + # custom-cni-conf to "true", otherwise Cilium may overwrite the configuration. + custom-cni-conf: "false" enable-bpf-clock-probe: "true" - # If you want cilium monitor to aggregate tracing for packets, set this level # to "low", "medium", or "maximum". The higher the level, the less packets # that will be seen in monitor output. @@ -87,13 +94,15 @@ data: # # Only effective when monitor aggregation is set to "medium" or higher. monitor-aggregation-flags: all - # bpf-policy-map-max specified the maximum number of entries in endpoint - # policy map (per endpoint) - bpf-policy-map-max: "16384" # Specifies the ratio (0.0-1.0) of total system memory to use for dynamic # sizing of the TCP CT, non-TCP CT, NAT and policy BPF maps. bpf-map-dynamic-size-ratio: "0.0025" - + # bpf-policy-map-max specifies the maximum number of entries in endpoint + # policy map (per endpoint) + bpf-policy-map-max: "16384" + # bpf-lb-map-max specifies the maximum number of entries in bpf lb service, + # backend and affinity maps. + bpf-lb-map-max: "65536" # Pre-allocation of map entries allows per-packet latency to be reduced, at # the expense of up-front memory allocation for the entries in the maps. The # default value below will minimize memory usage in the default installation; @@ -104,9 +113,8 @@ data: # # If this value is modified, then during the next Cilium startup the restore # of existing endpoints and tracking of ongoing connections may be disrupted. - # This may lead to policy drops or a change in loadbalancing decisions for a - # connection for some time. Endpoints may need to be recreated to restore - # connectivity. + # As a result, reply packets may be dropped and the load-balancing decisions + # for established connections may change. # # If this option is set to "false" during an upgrade from 1.3 or earlier to # 1.4 or later, then it may cause one-time disruptions during the upgrade. @@ -116,61 +124,63 @@ data: # container image names sidecar-istio-proxy-image: "cilium/istio_proxy" + # Name of the cluster. Only relevant when building a mesh of clusters. + cluster-name: default + # Unique ID of the cluster. Must be unique across all conneted clusters and + # in the range of 1 and 255. Only relevant when building a mesh of clusters. + cluster-id: "" + # Encapsulation mode for communication between nodes # Possible values: # - disabled # - vxlan (default) # - geneve tunnel: vxlan - - # Name of the cluster. Only relevant when building a mesh of clusters. - cluster-name: default - - # DNS Polling periodically issues a DNS lookup for each 'matchName' from - # cilium-agent. The result is used to regenerate endpoint policy. - # DNS lookups are repeated with an interval of 5 seconds, and are made for - # A(IPv4) and AAAA(IPv6) addresses. Should a lookup fail, the most recent IP - # data is used instead. An IP change will trigger a regeneration of the Cilium - # policy for each endpoint and increment the per cilium-agent policy - # repository revision. - # - # This option is disabled by default starting from version 1.4.x in favor - # of a more powerful DNS proxy-based implementation, see [0] for details. - # Enable this option if you want to use FQDN policies but do not want to use - # the DNS proxy. - # - # To ease upgrade, users may opt to set this option to "true". - # Otherwise please refer to the Upgrade Guide [1] which explains how to - # prepare policy rules for upgrade. - # - # [0] http://docs.cilium.io/en/stable/policy/language/#dns-based - # [1] http://docs.cilium.io/en/stable/install/upgrade/#changes-that-may-require-action - tofqdns-enable-poller: "false" + # Enables L7 proxy for L7 policy enforcement and visibility + enable-l7-proxy: "true" # wait-bpf-mount makes init container wait until bpf filesystem is mounted wait-bpf-mount: "false" masquerade: "true" enable-bpf-masquerade: "true" + enable-xt-socket-fallback: "true" install-iptables-rules: "true" + auto-direct-node-routes: "false" + enable-bandwidth-manager: "false" + enable-local-redirect-policy: "false" kube-proxy-replacement: "probe" + kube-proxy-replacement-healthz-bind-address: "" + enable-health-check-nodeport: "true" node-port-bind-protection: "true" enable-auto-protect-node-port-range: "true" enable-session-affinity: "true" k8s-require-ipv4-pod-cidr: "true" k8s-require-ipv6-pod-cidr: "false" enable-endpoint-health-checking: "true" + enable-health-checking: "true" enable-well-known-identities: "false" enable-remote-node-identity: "true" operator-api-serve-addr: "127.0.0.1:9234" + # Enable Hubble gRPC service. + enable-hubble: "true" + # UNIX domain socket for Hubble server to listen to. + hubble-socket-path: "/var/run/cilium/hubble.sock" + # An additional address for Hubble server to listen to (e.g. ":4244"). + hubble-listen-address: ":4244" + hubble-disable-tls: "false" + hubble-tls-cert-file: /var/lib/cilium/tls/hubble/server.crt + hubble-tls-key-file: /var/lib/cilium/tls/hubble/server.key + hubble-tls-client-ca-files: /var/lib/cilium/tls/hubble/client-ca.crt ipam: "cluster-pool" cluster-pool-ipv4-cidr: "10.0.0.0/8" cluster-pool-ipv4-mask-size: "24" disable-cnp-status-updates: "true" + cgroup-root: "/run/cilium/cgroupv2" --- -# Source: cilium/charts/agent/templates/clusterrole.yaml +# Source: cilium/templates/cilium-agent-clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -207,6 +217,16 @@ rules: - "" resources: - pods + - pods/finalizers + verbs: + - get + - list + - watch + - update + - delete +- apiGroups: + - "" + resources: - nodes verbs: - get @@ -225,27 +245,40 @@ rules: resources: - customresourcedefinitions verbs: + # Deprecated for removal in v1.10 - create - - get - list - watch - update + + # This is used when validating policies in preflight. This will need to stay + # until we figure out how to avoid "get" inside the preflight, and then + # should be removed ideally. + - get - apiGroups: - cilium.io resources: - ciliumnetworkpolicies - ciliumnetworkpolicies/status + - ciliumnetworkpolicies/finalizers - ciliumclusterwidenetworkpolicies - ciliumclusterwidenetworkpolicies/status + - ciliumclusterwidenetworkpolicies/finalizers - ciliumendpoints - ciliumendpoints/status + - ciliumendpoints/finalizers - ciliumnodes - ciliumnodes/status + - ciliumnodes/finalizers - ciliumidentities + - ciliumidentities/finalizers + - ciliumlocalredirectpolicies + - ciliumlocalredirectpolicies/status + - ciliumlocalredirectpolicies/finalizers verbs: - '*' --- -# Source: cilium/charts/operator/templates/clusterrole.yaml +# Source: cilium/templates/cilium-operator-clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -287,14 +320,22 @@ rules: resources: - ciliumnetworkpolicies - ciliumnetworkpolicies/status + - ciliumnetworkpolicies/finalizers - ciliumclusterwidenetworkpolicies - ciliumclusterwidenetworkpolicies/status + - ciliumclusterwidenetworkpolicies/finalizers - ciliumendpoints - ciliumendpoints/status + - ciliumendpoints/finalizers - ciliumnodes - ciliumnodes/status + - ciliumnodes/finalizers - ciliumidentities - ciliumidentities/status + - ciliumidentities/finalizers + - ciliumlocalredirectpolicies + - ciliumlocalredirectpolicies/status + - ciliumlocalredirectpolicies/finalizers verbs: - '*' - apiGroups: @@ -302,11 +343,30 @@ rules: resources: - customresourcedefinitions verbs: + - create - get - list + - update - watch +# For cilium-operator running in HA mode. +# +# Cilium operator running in HA mode requires the use of ResourceLock for Leader Election +# between mulitple running instances. +# The preferred way of doing this is to use LeasesResourceLock as edits to Leases are less +# common and fewer objects in the cluster watch "all Leases". +# The support for leases was introduced in coordination.k8s.io/v1 during Kubernetes 1.14 release. +# In Cilium we currently don't support HA mode for K8s version < 1.14. This condition make sure +# that we only authorize access to leases resources in supported K8s versions. +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update --- -# Source: cilium/charts/agent/templates/clusterrolebinding.yaml +# Source: cilium/templates/cilium-agent-clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -320,7 +380,7 @@ subjects: name: cilium namespace: kube-system --- -# Source: cilium/charts/operator/templates/clusterrolebinding.yaml +# Source: cilium/templates/cilium-operator-clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -334,7 +394,7 @@ subjects: name: cilium-operator namespace: kube-system --- -# Source: cilium/charts/agent/templates/daemonset.yaml +# Source: cilium/templates/cilium-agent-daemonset.yaml apiVersion: apps/v1 kind: DaemonSet metadata: @@ -346,6 +406,10 @@ spec: selector: matchLabels: k8s-app: cilium + updateStrategy: + rollingUpdate: + maxUnavailable: 2 + type: RollingUpdate template: metadata: annotations: @@ -414,16 +478,16 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - - name: CILIUM_Cilium_MASTER_DEVICE + - name: CILIUM_FLANNEL_MASTER_DEVICE valueFrom: configMapKeyRef: - key: Cilium-master-device + key: flannel-master-device name: cilium-config optional: true - - name: CILIUM_Cilium_UNINSTALL_ON_EXIT + - name: CILIUM_FLANNEL_UNINSTALL_ON_EXIT valueFrom: configMapKeyRef: - key: Cilium-uninstall-on-exit + key: flannel-uninstall-on-exit name: cilium-config optional: true - name: CILIUM_CLUSTERMESH_CONFIG @@ -440,7 +504,7 @@ spec: key: custom-cni-conf name: cilium-config optional: true - image: "docker.io/cilium/cilium:v1.8.0" + image: "quay.io/cilium/cilium:v1.9.9@sha256:a85d5cff13f8231c2e267d9fc3c6e43d24be4a75dac9f641c11ec46e7f17624d" imagePullPolicy: IfNotPresent lifecycle: postStart: @@ -480,8 +544,37 @@ spec: readOnly: true - mountPath: /run/xtables.lock name: xtables-lock + - mountPath: /var/lib/cilium/tls/hubble + name: hubble-tls + readOnly: true hostNetwork: true initContainers: + # Required to mount cgroup2 filesystem on the underlying Kubernetes node. + # We use nsenter command with host's cgroup and mount namespaces enabled. + - name: mount-cgroup + env: + - name: CGROUP_ROOT + value: /run/cilium/cgroupv2 + - name: BIN_PATH + value: /opt/cni/bin + command: + - sh + - -c + # The statically linked Go program binary is invoked to avoid any + # dependency on utilities like sh and mount that can be missing on certain + # distros installed on the underlying host. Copy the binary to the + # same directory where we install cilium cni plugin so that exec permissions + # are available. + - 'cp /usr/bin/cilium-mount /hostbin/cilium-mount && nsenter --cgroup=/hostproc/1/ns/cgroup --mount=/hostproc/1/ns/mnt "${BIN_PATH}/cilium-mount" $CGROUP_ROOT; rm /hostbin/cilium-mount' + image: "quay.io/cilium/cilium:v1.9.9@sha256:a85d5cff13f8231c2e267d9fc3c6e43d24be4a75dac9f641c11ec46e7f17624d" + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /hostproc + name: hostproc + - mountPath: /hostbin + name: cni-path + securityContext: + privileged: true - command: - /init-container.sh env: @@ -503,7 +596,7 @@ spec: key: wait-bpf-mount name: cilium-config optional: true - image: "docker.io/cilium/cilium:v1.8.0" + image: "quay.io/cilium/cilium:v1.9.9@sha256:a85d5cff13f8231c2e267d9fc3c6e43d24be4a75dac9f641c11ec46e7f17624d" imagePullPolicy: IfNotPresent name: clean-cilium-state securityContext: @@ -515,6 +608,10 @@ spec: - mountPath: /sys/fs/bpf name: bpf-maps mountPropagation: HostToContainer + # Required to mount cgroup filesystem from the host to cilium agent pod + - mountPath: /run/cilium/cgroupv2 + name: cilium-cgroup + mountPropagation: HostToContainer - mountPath: /var/run/cilium name: cilium-run resources: @@ -539,6 +636,16 @@ spec: path: /sys/fs/bpf type: DirectoryOrCreate name: bpf-maps + # To mount cgroup2 filesystem on the host + - hostPath: + path: /proc + type: Directory + name: hostproc + # To keep state between restarts / upgrades for cgroup2 filesystem + - hostPath: + path: /run/cilium/cgroupv2 + type: DirectoryOrCreate + name: cilium-cgroup # To install cilium cni plugin in the host - hostPath: path: /opt/cni/bin @@ -568,12 +675,25 @@ spec: - configMap: name: cilium-config name: cilium-config-path - updateStrategy: - rollingUpdate: - maxUnavailable: 2 - type: RollingUpdate + - name: hubble-tls + projected: + sources: + - secret: + name: hubble-server-certs + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + optional: true + - configMap: + name: hubble-ca-cert + items: + - key: ca.crt + path: client-ca.crt + optional: true --- -# Source: cilium/charts/operator/templates/deployment.yaml +# Source: cilium/templates/cilium-operator-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: @@ -583,6 +703,9 @@ metadata: name: cilium-operator namespace: kube-system spec: + # We support HA mode only for Kubernetes version > 1.14 + # See docs on ServerCapabilities.LeasesResourceLock in file pkg/k8s/version/version.go + # for more details. replicas: 1 selector: matchLabels: @@ -600,6 +723,18 @@ spec: io.cilium/app: operator name: cilium-operator spec: + # In HA mode, cilium-operator pods must not be scheduled on the same + # node as they will clash with each other. + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: io.cilium/app + operator: In + values: + - operator + topologyKey: kubernetes.io/hostname containers: - args: - --config-dir=/tmp/cilium/config-map @@ -623,25 +758,7 @@ spec: key: debug name: cilium-config optional: true - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: AWS_ACCESS_KEY_ID - name: cilium-aws - optional: true - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: AWS_SECRET_ACCESS_KEY - name: cilium-aws - optional: true - - name: AWS_DEFAULT_REGION - valueFrom: - secretKeyRef: - key: AWS_DEFAULT_REGION - name: cilium-aws - optional: true - image: "docker.io/cilium/operator-generic:v1.8.0" + image: "quay.io/cilium/operator-generic:v1.9.9@sha256:3726a965cd960295ca3c5e7f2b543c02096c0912c6652eb8bbb9ce54bcaa99d8" imagePullPolicy: IfNotPresent name: cilium-operator livenessProbe: @@ -662,6 +779,8 @@ spec: priorityClassName: system-cluster-critical serviceAccount: cilium-operator serviceAccountName: cilium-operator + tolerations: + - operator: Exists volumes: # To read the configuration from the config map - configMap: From 1bed76660ed44ec492bc4ba9a12a89d01cfc6e11 Mon Sep 17 00:00:00 2001 From: Predrag Rogic Date: Wed, 25 Aug 2021 09:41:20 +0100 Subject: [PATCH 202/205] fix lint --- pkg/minikube/cni/cilium.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/minikube/cni/cilium.go b/pkg/minikube/cni/cilium.go index c4a9f5c81e..30035b6a4e 100644 --- a/pkg/minikube/cni/cilium.go +++ b/pkg/minikube/cni/cilium.go @@ -351,7 +351,7 @@ rules: # For cilium-operator running in HA mode. # # Cilium operator running in HA mode requires the use of ResourceLock for Leader Election -# between mulitple running instances. +# between multiple running instances. # The preferred way of doing this is to use LeasesResourceLock as edits to Leases are less # common and fewer objects in the cluster watch "all Leases". # The support for leases was introduced in coordination.k8s.io/v1 during Kubernetes 1.14 release. From 79fa08b26f69c94d68fdd707e3048ff25e60800c Mon Sep 17 00:00:00 2001 From: Andriy Dzikh Date: Tue, 24 Aug 2021 11:19:28 -0700 Subject: [PATCH 203/205] Remove tcsh test from functional tests (our envs dont work with it). --- test/integration/functional_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/test/integration/functional_test.go b/test/integration/functional_test.go index 4a41926688..fa25d4ddff 100644 --- a/test/integration/functional_test.go +++ b/test/integration/functional_test.go @@ -479,7 +479,6 @@ func validateDockerEnv(ctx context.Context, t *testing.T, profile string) { } posixTests := []ShellTest{ {"bash", []string{"/bin/bash", "-c"}, "eval $(%[1]s -p %[2]s docker-env) && "}, - {"tcsh", []string{"/bin/tcsh", "-c"}, "setenv SHELL /bin/tcsh && eval `%[1]s -p %[2]s docker-env` && "}, } tests := posixTests From f391faa3e26ad473bb869d722d0da01770181b0b Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Wed, 25 Aug 2021 17:47:22 +0000 Subject: [PATCH 204/205] Update auto-generated docs and translations --- translations/de.json | 7 +++++++ translations/es.json | 7 +++++++ translations/fr.json | 7 +++++++ translations/ja.json | 7 +++++++ translations/ko.json | 7 +++++++ translations/pl.json | 7 +++++++ translations/strings.txt | 7 +++++++ translations/zh-CN.json | 7 +++++++ 8 files changed, 56 insertions(+) diff --git a/translations/de.json b/translations/de.json index 960f99c0a6..79b79eac6f 100644 --- a/translations/de.json +++ b/translations/de.json @@ -74,6 +74,8 @@ "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", + "Cache image to docker daemon": "", + "Cache image to remote registry": "", "Cannot find directory {{.path}} for copy": "", "Cannot find directory {{.path}} for mount": "", "Cannot use both --output and --format options": "", @@ -244,6 +246,7 @@ "Failed to get command runner": "", "Failed to get image map": "", "Failed to get service URL: {{.error}}": "", + "Failed to get temp": "", "Failed to kill mount process: {{.error}}": "Fehler beim Beenden des Bereitstellungsprozesses: {{.error}}", "Failed to list cached images": "", "Failed to list images": "", @@ -252,10 +255,12 @@ "Failed to pull image": "", "Failed to pull images": "", "Failed to push images": "", + "Failed to read temp": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", "Failed to save dir": "", + "Failed to save image": "", "Failed to save stdin": "", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}": "NO_PROXY Env konnte nicht festgelegt werden. Benutzen Sie `export NO_PROXY = $ NO_PROXY, {{.ip}}", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}`.": "", @@ -436,6 +441,7 @@ "Please install the minikube kvm2 VM driver, or select an alternative --driver": "", "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", + "Please provide an image in the container runtime to save from minikube via \u003cminikube image save IMAGE_NAME\u003e": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", @@ -524,6 +530,7 @@ "SSH key (ssh driver only)": "", "SSH port (ssh driver only)": "", "SSH user (ssh driver only)": "", + "Save a image from minikube": "", "Select a valid value for --dnsdomain": "", "Send trace events. Options include: [gcp]": "", "Service '{{.service}}' was not found in '{{.namespace}}' namespace.\nYou may select another namespace by using 'minikube service {{.service}} -n \u003cnamespace\u003e'. Or list out all the services using 'minikube service list'": "", diff --git a/translations/es.json b/translations/es.json index e7934d2f44..1c3db32d9b 100644 --- a/translations/es.json +++ b/translations/es.json @@ -75,6 +75,8 @@ "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "Plug-in CNI para usar. Opciones validas: auto, bridge, calico, cilium, flannel, kindnet, o ruta a un manifiesto CNI (Por defecto: auto)", "Cache image from docker daemon": "", "Cache image from remote registry": "", + "Cache image to docker daemon": "", + "Cache image to remote registry": "", "Cannot find directory {{.path}} for copy": "", "Cannot find directory {{.path}} for mount": "No se pudo encontrar el directorio {{.path}} para montar", "Cannot use both --output and --format options": "No se pueden usar ambas opciones (--output y --path)", @@ -250,6 +252,7 @@ "Failed to get command runner": "", "Failed to get image map": "", "Failed to get service URL: {{.error}}": "", + "Failed to get temp": "", "Failed to kill mount process: {{.error}}": "No se ha podido detener el proceso de activación: {{.error}}", "Failed to list cached images": "", "Failed to list images": "", @@ -258,10 +261,12 @@ "Failed to pull image": "", "Failed to pull images": "", "Failed to push images": "", + "Failed to read temp": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", "Failed to save dir": "", + "Failed to save image": "", "Failed to save stdin": "", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}": "No se ha podido definir la variable de entorno NO_PROXY. Utiliza export NO_PROXY=$NO_PROXY,{{.ip}}", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}`.": "", @@ -442,6 +447,7 @@ "Please install the minikube kvm2 VM driver, or select an alternative --driver": "", "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", + "Please provide an image in the container runtime to save from minikube via \u003cminikube image save IMAGE_NAME\u003e": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", @@ -530,6 +536,7 @@ "SSH key (ssh driver only)": "", "SSH port (ssh driver only)": "", "SSH user (ssh driver only)": "", + "Save a image from minikube": "", "Select a valid value for --dnsdomain": "", "Send trace events. Options include: [gcp]": "", "Service '{{.service}}' was not found in '{{.namespace}}' namespace.\nYou may select another namespace by using 'minikube service {{.service}} -n \u003cnamespace\u003e'. Or list out all the services using 'minikube service list'": "", diff --git a/translations/fr.json b/translations/fr.json index 1f463da5f3..5f3e35c33a 100644 --- a/translations/fr.json +++ b/translations/fr.json @@ -76,6 +76,8 @@ "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "Plug-in CNI à utiliser. Options valides : auto, bridge, calico, cilium, flannel, kindnet ou chemin vers un manifeste CNI (par défaut : auto)", "Cache image from docker daemon": "Cacher l'image du démon docker", "Cache image from remote registry": "Cacher l'image du registre distant", + "Cache image to docker daemon": "", + "Cache image to remote registry": "", "Cannot find directory {{.path}} for copy": "Impossible de trouver le répertoire {{.path}} pour la copie", "Cannot find directory {{.path}} for mount": "Impossible de trouver le répertoire {{.path}} pour le montage", "Cannot use both --output and --format options": "Impossible d'utiliser à la fois les options --output et --format", @@ -248,6 +250,7 @@ "Failed to get command runner": "Impossible d'obtenir le lanceur de commandes", "Failed to get image map": "Échec de l'obtention de la carte d'image", "Failed to get service URL: {{.error}}": "Échec de l'obtention de l'URL du service : {{.error}}", + "Failed to get temp": "", "Failed to kill mount process: {{.error}}": "Échec de l'arrêt du processus d'installation : {{.error}}", "Failed to list cached images": "Échec de l'obtention de la liste des images mises en cache", "Failed to list images": "Échec de l'obtention de la liste des images", @@ -256,10 +259,12 @@ "Failed to pull image": "Échec de l'extraction de l'image", "Failed to pull images": "", "Failed to push images": "", + "Failed to read temp": "", "Failed to reload cached images": "Échec du rechargement des images mises en cache", "Failed to remove image": "Échec de la suppression de l'image", "Failed to save config {{.profile}}": "Échec de l'enregistrement de la configuration {{.profile}}", "Failed to save dir": "Échec de l'enregistrement du répertoire", + "Failed to save image": "", "Failed to save stdin": "Échec de l'enregistrement de l'entrée standard", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}": "Échec de la définition la variable d'environnement NO_PROXY. Veuillez utiliser `export NO_PROXY=$NO_PROXY,{{.ip}}.", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}`.": "Échec de la définition de la variable d'environnement NO_PROXY. Veuillez utiliser `export NO_PROXY=$NO_PROXY,{{.ip}}`.", @@ -442,6 +447,7 @@ "Please install the minikube kvm2 VM driver, or select an alternative --driver": "Veuillez installer le pilote minikube kvm2 VM, ou sélectionnez un --driver alternatif", "Please make sure the service you are looking for is deployed or is in the correct namespace.": "Veuillez vous assurer que le service que vous recherchez est déployé ou se trouve dans le bon espace de noms.", "Please provide a path or url to build": "Veuillez fournir un chemin ou une URL à construire", + "Please provide an image in the container runtime to save from minikube via \u003cminikube image save IMAGE_NAME\u003e": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "Veuillez fournir une image dans votre démon local à charger dans minikube via \u003cminikube image load IMAGE_NAME\u003e", "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "Veuillez réévaluer votre docker-env, pour vous assurer que vos variables d'environnement ont des ports mis à jour :\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t", @@ -531,6 +537,7 @@ "SSH key (ssh driver only)": "Clé SSH (pilote ssh uniquement)", "SSH port (ssh driver only)": "Port SSH (pilote ssh uniquement)", "SSH user (ssh driver only)": "Utilisateur SSH (pilote ssh uniquement)", + "Save a image from minikube": "", "Select a valid value for --dnsdomain": "Sélectionnez une valeur valide pour --dnsdomain", "Send trace events. Options include: [gcp]": "Envoyer des événements de trace. Les options incluent : [gcp]", "Service '{{.service}}' was not found in '{{.namespace}}' namespace.\nYou may select another namespace by using 'minikube service {{.service}} -n \u003cnamespace\u003e'. Or list out all the services using 'minikube service list'": "Le service '{{.service}}' n'a pas été trouvé dans l'espace de noms '{{.namespace}}'.\nVous pouvez sélectionner un autre espace de noms en utilisant 'minikube service {{.service}} -n \u003cnamespace\u003e'. Ou répertoriez tous les services à l'aide de 'minikube service list'", diff --git a/translations/ja.json b/translations/ja.json index da85a27a4f..3c8d2d6dcb 100644 --- a/translations/ja.json +++ b/translations/ja.json @@ -74,6 +74,8 @@ "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", + "Cache image to docker daemon": "", + "Cache image to remote registry": "", "Cannot find directory {{.path}} for copy": "", "Cannot find directory {{.path}} for mount": "マウントのためのディレクトリ{{.path}}が見つかりません", "Cannot use both --output and --format options": "", @@ -238,6 +240,7 @@ "Failed to get command runner": "", "Failed to get image map": "", "Failed to get service URL: {{.error}}": "", + "Failed to get temp": "", "Failed to kill mount process: {{.error}}": "マウント プロセスを強制終了できませんでした。{{.error}}", "Failed to list cached images": "", "Failed to list images": "", @@ -246,10 +249,12 @@ "Failed to pull image": "", "Failed to pull images": "", "Failed to push images": "", + "Failed to read temp": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", "Failed to save dir": "", + "Failed to save image": "", "Failed to save stdin": "", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}`.": "NO_PROXY 環境変数を設定できませんでした。「export NO_PROXY=$NO_PROXY,{{.ip}}」を使用してください。", "Failed to setup certs": "", @@ -433,6 +438,7 @@ "Please install the minikube kvm2 VM driver, or select an alternative --driver": "", "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", + "Please provide an image in the container runtime to save from minikube via \u003cminikube image save IMAGE_NAME\u003e": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", @@ -523,6 +529,7 @@ "SSH key (ssh driver only)": "", "SSH port (ssh driver only)": "", "SSH user (ssh driver only)": "", + "Save a image from minikube": "", "Select a valid value for --dnsdomain": "", "Send trace events. Options include: [gcp]": "", "Service '{{.service}}' was not found in '{{.namespace}}' namespace.\nYou may select another namespace by using 'minikube service {{.service}} -n \u003cnamespace\u003e'. Or list out all the services using 'minikube service list'": "", diff --git a/translations/ko.json b/translations/ko.json index 88c4762012..7193f1085a 100644 --- a/translations/ko.json +++ b/translations/ko.json @@ -79,6 +79,8 @@ "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "도커 데몬의 캐시 이미지", "Cache image from remote registry": "원격 레지스트리의 캐시 이미지", + "Cache image to docker daemon": "", + "Cache image to remote registry": "", "Cannot find directory {{.path}} for copy": "복사하기 위한 디렉토리 {{.path}} 를 찾을 수 없습니다.", "Cannot find directory {{.path}} for mount": "마운트하기 위한 디렉토리 {{.path}} 를 찾을 수 없습니다", "Cannot use both --output and --format options": "--output 과 --format 옵션을 함께 사용할 수 없습니다", @@ -265,6 +267,7 @@ "Failed to get driver URL": "드라이버 URL 조회에 실패하였습니다", "Failed to get image map": "", "Failed to get service URL: {{.error}}": "서비스 URL 조회에 실패하였습니다: {{.error}}", + "Failed to get temp": "", "Failed to kill mount process: {{.error}}": "마운트 프로세스 중지에 실패하였습니다: {{.error}}", "Failed to list cached images": "캐시된 이미지를 조회하는 데 실패하였습니다", "Failed to list images": "", @@ -273,11 +276,13 @@ "Failed to pull image": "", "Failed to pull images": "", "Failed to push images": "", + "Failed to read temp": "", "Failed to reload cached images": "캐시된 이미지를 다시 불러오는 데 실패하였습니다", "Failed to remove image": "", "Failed to save config": "컨피그 저장에 실패하였습니다", "Failed to save config {{.profile}}": "", "Failed to save dir": "", + "Failed to save image": "", "Failed to save stdin": "", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}`.": "", "Failed to setup certs": "", @@ -457,6 +462,7 @@ "Please install the minikube kvm2 VM driver, or select an alternative --driver": "", "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", + "Please provide an image in the container runtime to save from minikube via \u003cminikube image save IMAGE_NAME\u003e": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", @@ -543,6 +549,7 @@ "SSH key (ssh driver only)": "", "SSH port (ssh driver only)": "", "SSH user (ssh driver only)": "", + "Save a image from minikube": "", "Select a valid value for --dnsdomain": "", "Send trace events. Options include: [gcp]": "", "Service '{{.service}}' was not found in '{{.namespace}}' namespace.\nYou may select another namespace by using 'minikube service {{.service}} -n \u003cnamespace\u003e'. Or list out all the services using 'minikube service list'": "", diff --git a/translations/pl.json b/translations/pl.json index c17ea50253..a5d9f30167 100644 --- a/translations/pl.json +++ b/translations/pl.json @@ -76,6 +76,8 @@ "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", + "Cache image to docker daemon": "", + "Cache image to remote registry": "", "Cannot find directory {{.path}} for copy": "Nie znaleziono katalogu {{.path}} do skopiowania", "Cannot find directory {{.path}} for mount": "Nie można odnaleźć folderu {{.path}} do zamontowania", "Cannot use both --output and --format options": "Nie można użyć obydwu opcji --output i --format jednocześnie", @@ -252,6 +254,7 @@ "Failed to get command runner": "", "Failed to get image map": "", "Failed to get service URL: {{.error}}": "", + "Failed to get temp": "", "Failed to kill mount process: {{.error}}": "Zabicie procesu nie powiodło się: {{.error}}", "Failed to list cached images": "", "Failed to list images": "", @@ -260,12 +263,14 @@ "Failed to pull image": "", "Failed to pull images": "", "Failed to push images": "", + "Failed to read temp": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to remove profile": "Usunięcie profilu nie powiodło się", "Failed to save config": "Zapisywanie konfiguracji nie powiodło się", "Failed to save config {{.profile}}": "", "Failed to save dir": "", + "Failed to save image": "", "Failed to save stdin": "", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}`.": "", "Failed to setup certs": "Konfiguracja certyfikatów nie powiodła się", @@ -450,6 +455,7 @@ "Please install the minikube kvm2 VM driver, or select an alternative --driver": "Zainstaluj sterownik kvm2 lub wybierz inny sterownik używając flagi --driver", "Please make sure the service you are looking for is deployed or is in the correct namespace.": "Proszę upewnij się, że serwis którego szukasz znajduje się w prawidłowej przestrzeni nazw", "Please provide a path or url to build": "", + "Please provide an image in the container runtime to save from minikube via \u003cminikube image save IMAGE_NAME\u003e": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", @@ -542,6 +548,7 @@ "SSH key (ssh driver only)": "", "SSH port (ssh driver only)": "", "SSH user (ssh driver only)": "", + "Save a image from minikube": "", "Select a valid value for --dnsdomain": "", "Send trace events. Options include: [gcp]": "", "Service '{{.service}}' was not found in '{{.namespace}}' namespace.\nYou may select another namespace by using 'minikube service {{.service}} -n \u003cnamespace\u003e'. Or list out all the services using 'minikube service list'": "", diff --git a/translations/strings.txt b/translations/strings.txt index 8d29cea872..e2759bcd63 100644 --- a/translations/strings.txt +++ b/translations/strings.txt @@ -70,6 +70,8 @@ "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", + "Cache image to docker daemon": "", + "Cache image to remote registry": "", "Cannot find directory {{.path}} for copy": "", "Cannot find directory {{.path}} for mount": "", "Cannot use both --output and --format options": "", @@ -229,6 +231,7 @@ "Failed to get command runner": "", "Failed to get image map": "", "Failed to get service URL: {{.error}}": "", + "Failed to get temp": "", "Failed to kill mount process: {{.error}}": "", "Failed to list cached images": "", "Failed to list images": "", @@ -237,10 +240,12 @@ "Failed to pull image": "", "Failed to pull images": "", "Failed to push images": "", + "Failed to read temp": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", "Failed to save dir": "", + "Failed to save image": "", "Failed to save stdin": "", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}`.": "", "Failed to setup certs": "", @@ -411,6 +416,7 @@ "Please install the minikube kvm2 VM driver, or select an alternative --driver": "", "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", + "Please provide an image in the container runtime to save from minikube via \u003cminikube image save IMAGE_NAME\u003e": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", @@ -495,6 +501,7 @@ "SSH key (ssh driver only)": "", "SSH port (ssh driver only)": "", "SSH user (ssh driver only)": "", + "Save a image from minikube": "", "Select a valid value for --dnsdomain": "", "Send trace events. Options include: [gcp]": "", "Service '{{.service}}' was not found in '{{.namespace}}' namespace.\nYou may select another namespace by using 'minikube service {{.service}} -n \u003cnamespace\u003e'. Or list out all the services using 'minikube service list'": "", diff --git a/translations/zh-CN.json b/translations/zh-CN.json index 1690f42703..7fbfaf21e2 100644 --- a/translations/zh-CN.json +++ b/translations/zh-CN.json @@ -90,6 +90,8 @@ "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", + "Cache image to docker daemon": "", + "Cache image to remote registry": "", "Cannot find directory {{.path}} for copy": "", "Cannot find directory {{.path}} for mount": "找不到用来挂载的 {{.path}} 目录", "Cannot use both --output and --format options": "不能同时使用 --output 和 --format 选项", @@ -315,6 +317,7 @@ "Failed to get driver URL": "获取 driver URL 失败", "Failed to get image map": "", "Failed to get service URL: {{.error}}": "获取 service URL 失败:{{.error}}", + "Failed to get temp": "", "Failed to kill mount process: {{.error}}": "未能终止装载进程:{{.error}}", "Failed to list cached images": "无法列出缓存镜像", "Failed to list images": "", @@ -323,12 +326,14 @@ "Failed to pull image": "", "Failed to pull images": "", "Failed to push images": "", + "Failed to read temp": "", "Failed to reload cached images": "重新加载缓存镜像失败", "Failed to remove image": "", "Failed to remove profile": "无法删除配置文件", "Failed to save config": "无法保存配置", "Failed to save config {{.profile}}": "", "Failed to save dir": "", + "Failed to save image": "", "Failed to save stdin": "", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}": "未能设置 NO_PROXY 环境变量。请使用“export NO_PROXY=$NO_PROXY,{{.ip}}”", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}`.": "未能设置 NO_PROXY 环境变量。请使用“export NO_PROXY=$NO_PROXY,{{.ip}}”。", @@ -524,6 +529,7 @@ "Please install the minikube kvm2 VM driver, or select an alternative --driver": "", "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", + "Please provide an image in the container runtime to save from minikube via \u003cminikube image save IMAGE_NAME\u003e": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", @@ -621,6 +627,7 @@ "SSH key (ssh driver only)": "", "SSH port (ssh driver only)": "", "SSH user (ssh driver only)": "", + "Save a image from minikube": "", "Select a valid value for --dnsdomain": "", "Selecting '{{.driver}}' driver from existing profile (alternates: {{.alternates}})": "从现有配置文件中选择 '{{.driver}}' 驱动程序 (可选:{{.alternates}})", "Selecting '{{.driver}}' driver from user configuration (alternates: {{.alternates}})": "从用户配置中选择 {{.driver}}' 驱动程序(可选:{{.alternates}})", From e1606869680bd73e26547da55e16201892bb0ad6 Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Wed, 25 Aug 2021 17:50:06 +0000 Subject: [PATCH 205/205] Update auto-generated docs and translations --- translations/de.json | 7 +++++++ translations/es.json | 7 +++++++ translations/fr.json | 7 +++++++ translations/ja.json | 7 +++++++ translations/ko.json | 7 +++++++ translations/pl.json | 7 +++++++ translations/strings.txt | 7 +++++++ translations/zh-CN.json | 7 +++++++ 8 files changed, 56 insertions(+) diff --git a/translations/de.json b/translations/de.json index 960f99c0a6..79b79eac6f 100644 --- a/translations/de.json +++ b/translations/de.json @@ -74,6 +74,8 @@ "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", + "Cache image to docker daemon": "", + "Cache image to remote registry": "", "Cannot find directory {{.path}} for copy": "", "Cannot find directory {{.path}} for mount": "", "Cannot use both --output and --format options": "", @@ -244,6 +246,7 @@ "Failed to get command runner": "", "Failed to get image map": "", "Failed to get service URL: {{.error}}": "", + "Failed to get temp": "", "Failed to kill mount process: {{.error}}": "Fehler beim Beenden des Bereitstellungsprozesses: {{.error}}", "Failed to list cached images": "", "Failed to list images": "", @@ -252,10 +255,12 @@ "Failed to pull image": "", "Failed to pull images": "", "Failed to push images": "", + "Failed to read temp": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", "Failed to save dir": "", + "Failed to save image": "", "Failed to save stdin": "", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}": "NO_PROXY Env konnte nicht festgelegt werden. Benutzen Sie `export NO_PROXY = $ NO_PROXY, {{.ip}}", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}`.": "", @@ -436,6 +441,7 @@ "Please install the minikube kvm2 VM driver, or select an alternative --driver": "", "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", + "Please provide an image in the container runtime to save from minikube via \u003cminikube image save IMAGE_NAME\u003e": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", @@ -524,6 +530,7 @@ "SSH key (ssh driver only)": "", "SSH port (ssh driver only)": "", "SSH user (ssh driver only)": "", + "Save a image from minikube": "", "Select a valid value for --dnsdomain": "", "Send trace events. Options include: [gcp]": "", "Service '{{.service}}' was not found in '{{.namespace}}' namespace.\nYou may select another namespace by using 'minikube service {{.service}} -n \u003cnamespace\u003e'. Or list out all the services using 'minikube service list'": "", diff --git a/translations/es.json b/translations/es.json index e7934d2f44..1c3db32d9b 100644 --- a/translations/es.json +++ b/translations/es.json @@ -75,6 +75,8 @@ "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "Plug-in CNI para usar. Opciones validas: auto, bridge, calico, cilium, flannel, kindnet, o ruta a un manifiesto CNI (Por defecto: auto)", "Cache image from docker daemon": "", "Cache image from remote registry": "", + "Cache image to docker daemon": "", + "Cache image to remote registry": "", "Cannot find directory {{.path}} for copy": "", "Cannot find directory {{.path}} for mount": "No se pudo encontrar el directorio {{.path}} para montar", "Cannot use both --output and --format options": "No se pueden usar ambas opciones (--output y --path)", @@ -250,6 +252,7 @@ "Failed to get command runner": "", "Failed to get image map": "", "Failed to get service URL: {{.error}}": "", + "Failed to get temp": "", "Failed to kill mount process: {{.error}}": "No se ha podido detener el proceso de activación: {{.error}}", "Failed to list cached images": "", "Failed to list images": "", @@ -258,10 +261,12 @@ "Failed to pull image": "", "Failed to pull images": "", "Failed to push images": "", + "Failed to read temp": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", "Failed to save dir": "", + "Failed to save image": "", "Failed to save stdin": "", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}": "No se ha podido definir la variable de entorno NO_PROXY. Utiliza export NO_PROXY=$NO_PROXY,{{.ip}}", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}`.": "", @@ -442,6 +447,7 @@ "Please install the minikube kvm2 VM driver, or select an alternative --driver": "", "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", + "Please provide an image in the container runtime to save from minikube via \u003cminikube image save IMAGE_NAME\u003e": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", @@ -530,6 +536,7 @@ "SSH key (ssh driver only)": "", "SSH port (ssh driver only)": "", "SSH user (ssh driver only)": "", + "Save a image from minikube": "", "Select a valid value for --dnsdomain": "", "Send trace events. Options include: [gcp]": "", "Service '{{.service}}' was not found in '{{.namespace}}' namespace.\nYou may select another namespace by using 'minikube service {{.service}} -n \u003cnamespace\u003e'. Or list out all the services using 'minikube service list'": "", diff --git a/translations/fr.json b/translations/fr.json index 1f463da5f3..5f3e35c33a 100644 --- a/translations/fr.json +++ b/translations/fr.json @@ -76,6 +76,8 @@ "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "Plug-in CNI à utiliser. Options valides : auto, bridge, calico, cilium, flannel, kindnet ou chemin vers un manifeste CNI (par défaut : auto)", "Cache image from docker daemon": "Cacher l'image du démon docker", "Cache image from remote registry": "Cacher l'image du registre distant", + "Cache image to docker daemon": "", + "Cache image to remote registry": "", "Cannot find directory {{.path}} for copy": "Impossible de trouver le répertoire {{.path}} pour la copie", "Cannot find directory {{.path}} for mount": "Impossible de trouver le répertoire {{.path}} pour le montage", "Cannot use both --output and --format options": "Impossible d'utiliser à la fois les options --output et --format", @@ -248,6 +250,7 @@ "Failed to get command runner": "Impossible d'obtenir le lanceur de commandes", "Failed to get image map": "Échec de l'obtention de la carte d'image", "Failed to get service URL: {{.error}}": "Échec de l'obtention de l'URL du service : {{.error}}", + "Failed to get temp": "", "Failed to kill mount process: {{.error}}": "Échec de l'arrêt du processus d'installation : {{.error}}", "Failed to list cached images": "Échec de l'obtention de la liste des images mises en cache", "Failed to list images": "Échec de l'obtention de la liste des images", @@ -256,10 +259,12 @@ "Failed to pull image": "Échec de l'extraction de l'image", "Failed to pull images": "", "Failed to push images": "", + "Failed to read temp": "", "Failed to reload cached images": "Échec du rechargement des images mises en cache", "Failed to remove image": "Échec de la suppression de l'image", "Failed to save config {{.profile}}": "Échec de l'enregistrement de la configuration {{.profile}}", "Failed to save dir": "Échec de l'enregistrement du répertoire", + "Failed to save image": "", "Failed to save stdin": "Échec de l'enregistrement de l'entrée standard", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}": "Échec de la définition la variable d'environnement NO_PROXY. Veuillez utiliser `export NO_PROXY=$NO_PROXY,{{.ip}}.", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}`.": "Échec de la définition de la variable d'environnement NO_PROXY. Veuillez utiliser `export NO_PROXY=$NO_PROXY,{{.ip}}`.", @@ -442,6 +447,7 @@ "Please install the minikube kvm2 VM driver, or select an alternative --driver": "Veuillez installer le pilote minikube kvm2 VM, ou sélectionnez un --driver alternatif", "Please make sure the service you are looking for is deployed or is in the correct namespace.": "Veuillez vous assurer que le service que vous recherchez est déployé ou se trouve dans le bon espace de noms.", "Please provide a path or url to build": "Veuillez fournir un chemin ou une URL à construire", + "Please provide an image in the container runtime to save from minikube via \u003cminikube image save IMAGE_NAME\u003e": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "Veuillez fournir une image dans votre démon local à charger dans minikube via \u003cminikube image load IMAGE_NAME\u003e", "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "Veuillez réévaluer votre docker-env, pour vous assurer que vos variables d'environnement ont des ports mis à jour :\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t", @@ -531,6 +537,7 @@ "SSH key (ssh driver only)": "Clé SSH (pilote ssh uniquement)", "SSH port (ssh driver only)": "Port SSH (pilote ssh uniquement)", "SSH user (ssh driver only)": "Utilisateur SSH (pilote ssh uniquement)", + "Save a image from minikube": "", "Select a valid value for --dnsdomain": "Sélectionnez une valeur valide pour --dnsdomain", "Send trace events. Options include: [gcp]": "Envoyer des événements de trace. Les options incluent : [gcp]", "Service '{{.service}}' was not found in '{{.namespace}}' namespace.\nYou may select another namespace by using 'minikube service {{.service}} -n \u003cnamespace\u003e'. Or list out all the services using 'minikube service list'": "Le service '{{.service}}' n'a pas été trouvé dans l'espace de noms '{{.namespace}}'.\nVous pouvez sélectionner un autre espace de noms en utilisant 'minikube service {{.service}} -n \u003cnamespace\u003e'. Ou répertoriez tous les services à l'aide de 'minikube service list'", diff --git a/translations/ja.json b/translations/ja.json index da85a27a4f..3c8d2d6dcb 100644 --- a/translations/ja.json +++ b/translations/ja.json @@ -74,6 +74,8 @@ "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", + "Cache image to docker daemon": "", + "Cache image to remote registry": "", "Cannot find directory {{.path}} for copy": "", "Cannot find directory {{.path}} for mount": "マウントのためのディレクトリ{{.path}}が見つかりません", "Cannot use both --output and --format options": "", @@ -238,6 +240,7 @@ "Failed to get command runner": "", "Failed to get image map": "", "Failed to get service URL: {{.error}}": "", + "Failed to get temp": "", "Failed to kill mount process: {{.error}}": "マウント プロセスを強制終了できませんでした。{{.error}}", "Failed to list cached images": "", "Failed to list images": "", @@ -246,10 +249,12 @@ "Failed to pull image": "", "Failed to pull images": "", "Failed to push images": "", + "Failed to read temp": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", "Failed to save dir": "", + "Failed to save image": "", "Failed to save stdin": "", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}`.": "NO_PROXY 環境変数を設定できませんでした。「export NO_PROXY=$NO_PROXY,{{.ip}}」を使用してください。", "Failed to setup certs": "", @@ -433,6 +438,7 @@ "Please install the minikube kvm2 VM driver, or select an alternative --driver": "", "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", + "Please provide an image in the container runtime to save from minikube via \u003cminikube image save IMAGE_NAME\u003e": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", @@ -523,6 +529,7 @@ "SSH key (ssh driver only)": "", "SSH port (ssh driver only)": "", "SSH user (ssh driver only)": "", + "Save a image from minikube": "", "Select a valid value for --dnsdomain": "", "Send trace events. Options include: [gcp]": "", "Service '{{.service}}' was not found in '{{.namespace}}' namespace.\nYou may select another namespace by using 'minikube service {{.service}} -n \u003cnamespace\u003e'. Or list out all the services using 'minikube service list'": "", diff --git a/translations/ko.json b/translations/ko.json index 88c4762012..7193f1085a 100644 --- a/translations/ko.json +++ b/translations/ko.json @@ -79,6 +79,8 @@ "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "도커 데몬의 캐시 이미지", "Cache image from remote registry": "원격 레지스트리의 캐시 이미지", + "Cache image to docker daemon": "", + "Cache image to remote registry": "", "Cannot find directory {{.path}} for copy": "복사하기 위한 디렉토리 {{.path}} 를 찾을 수 없습니다.", "Cannot find directory {{.path}} for mount": "마운트하기 위한 디렉토리 {{.path}} 를 찾을 수 없습니다", "Cannot use both --output and --format options": "--output 과 --format 옵션을 함께 사용할 수 없습니다", @@ -265,6 +267,7 @@ "Failed to get driver URL": "드라이버 URL 조회에 실패하였습니다", "Failed to get image map": "", "Failed to get service URL: {{.error}}": "서비스 URL 조회에 실패하였습니다: {{.error}}", + "Failed to get temp": "", "Failed to kill mount process: {{.error}}": "마운트 프로세스 중지에 실패하였습니다: {{.error}}", "Failed to list cached images": "캐시된 이미지를 조회하는 데 실패하였습니다", "Failed to list images": "", @@ -273,11 +276,13 @@ "Failed to pull image": "", "Failed to pull images": "", "Failed to push images": "", + "Failed to read temp": "", "Failed to reload cached images": "캐시된 이미지를 다시 불러오는 데 실패하였습니다", "Failed to remove image": "", "Failed to save config": "컨피그 저장에 실패하였습니다", "Failed to save config {{.profile}}": "", "Failed to save dir": "", + "Failed to save image": "", "Failed to save stdin": "", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}`.": "", "Failed to setup certs": "", @@ -457,6 +462,7 @@ "Please install the minikube kvm2 VM driver, or select an alternative --driver": "", "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", + "Please provide an image in the container runtime to save from minikube via \u003cminikube image save IMAGE_NAME\u003e": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", @@ -543,6 +549,7 @@ "SSH key (ssh driver only)": "", "SSH port (ssh driver only)": "", "SSH user (ssh driver only)": "", + "Save a image from minikube": "", "Select a valid value for --dnsdomain": "", "Send trace events. Options include: [gcp]": "", "Service '{{.service}}' was not found in '{{.namespace}}' namespace.\nYou may select another namespace by using 'minikube service {{.service}} -n \u003cnamespace\u003e'. Or list out all the services using 'minikube service list'": "", diff --git a/translations/pl.json b/translations/pl.json index c17ea50253..a5d9f30167 100644 --- a/translations/pl.json +++ b/translations/pl.json @@ -76,6 +76,8 @@ "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", + "Cache image to docker daemon": "", + "Cache image to remote registry": "", "Cannot find directory {{.path}} for copy": "Nie znaleziono katalogu {{.path}} do skopiowania", "Cannot find directory {{.path}} for mount": "Nie można odnaleźć folderu {{.path}} do zamontowania", "Cannot use both --output and --format options": "Nie można użyć obydwu opcji --output i --format jednocześnie", @@ -252,6 +254,7 @@ "Failed to get command runner": "", "Failed to get image map": "", "Failed to get service URL: {{.error}}": "", + "Failed to get temp": "", "Failed to kill mount process: {{.error}}": "Zabicie procesu nie powiodło się: {{.error}}", "Failed to list cached images": "", "Failed to list images": "", @@ -260,12 +263,14 @@ "Failed to pull image": "", "Failed to pull images": "", "Failed to push images": "", + "Failed to read temp": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to remove profile": "Usunięcie profilu nie powiodło się", "Failed to save config": "Zapisywanie konfiguracji nie powiodło się", "Failed to save config {{.profile}}": "", "Failed to save dir": "", + "Failed to save image": "", "Failed to save stdin": "", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}`.": "", "Failed to setup certs": "Konfiguracja certyfikatów nie powiodła się", @@ -450,6 +455,7 @@ "Please install the minikube kvm2 VM driver, or select an alternative --driver": "Zainstaluj sterownik kvm2 lub wybierz inny sterownik używając flagi --driver", "Please make sure the service you are looking for is deployed or is in the correct namespace.": "Proszę upewnij się, że serwis którego szukasz znajduje się w prawidłowej przestrzeni nazw", "Please provide a path or url to build": "", + "Please provide an image in the container runtime to save from minikube via \u003cminikube image save IMAGE_NAME\u003e": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", @@ -542,6 +548,7 @@ "SSH key (ssh driver only)": "", "SSH port (ssh driver only)": "", "SSH user (ssh driver only)": "", + "Save a image from minikube": "", "Select a valid value for --dnsdomain": "", "Send trace events. Options include: [gcp]": "", "Service '{{.service}}' was not found in '{{.namespace}}' namespace.\nYou may select another namespace by using 'minikube service {{.service}} -n \u003cnamespace\u003e'. Or list out all the services using 'minikube service list'": "", diff --git a/translations/strings.txt b/translations/strings.txt index 8d29cea872..e2759bcd63 100644 --- a/translations/strings.txt +++ b/translations/strings.txt @@ -70,6 +70,8 @@ "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", + "Cache image to docker daemon": "", + "Cache image to remote registry": "", "Cannot find directory {{.path}} for copy": "", "Cannot find directory {{.path}} for mount": "", "Cannot use both --output and --format options": "", @@ -229,6 +231,7 @@ "Failed to get command runner": "", "Failed to get image map": "", "Failed to get service URL: {{.error}}": "", + "Failed to get temp": "", "Failed to kill mount process: {{.error}}": "", "Failed to list cached images": "", "Failed to list images": "", @@ -237,10 +240,12 @@ "Failed to pull image": "", "Failed to pull images": "", "Failed to push images": "", + "Failed to read temp": "", "Failed to reload cached images": "", "Failed to remove image": "", "Failed to save config {{.profile}}": "", "Failed to save dir": "", + "Failed to save image": "", "Failed to save stdin": "", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}`.": "", "Failed to setup certs": "", @@ -411,6 +416,7 @@ "Please install the minikube kvm2 VM driver, or select an alternative --driver": "", "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", + "Please provide an image in the container runtime to save from minikube via \u003cminikube image save IMAGE_NAME\u003e": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", @@ -495,6 +501,7 @@ "SSH key (ssh driver only)": "", "SSH port (ssh driver only)": "", "SSH user (ssh driver only)": "", + "Save a image from minikube": "", "Select a valid value for --dnsdomain": "", "Send trace events. Options include: [gcp]": "", "Service '{{.service}}' was not found in '{{.namespace}}' namespace.\nYou may select another namespace by using 'minikube service {{.service}} -n \u003cnamespace\u003e'. Or list out all the services using 'minikube service list'": "", diff --git a/translations/zh-CN.json b/translations/zh-CN.json index 1690f42703..7fbfaf21e2 100644 --- a/translations/zh-CN.json +++ b/translations/zh-CN.json @@ -90,6 +90,8 @@ "CNI plug-in to use. Valid options: auto, bridge, calico, cilium, flannel, kindnet, or path to a CNI manifest (default: auto)": "", "Cache image from docker daemon": "", "Cache image from remote registry": "", + "Cache image to docker daemon": "", + "Cache image to remote registry": "", "Cannot find directory {{.path}} for copy": "", "Cannot find directory {{.path}} for mount": "找不到用来挂载的 {{.path}} 目录", "Cannot use both --output and --format options": "不能同时使用 --output 和 --format 选项", @@ -315,6 +317,7 @@ "Failed to get driver URL": "获取 driver URL 失败", "Failed to get image map": "", "Failed to get service URL: {{.error}}": "获取 service URL 失败:{{.error}}", + "Failed to get temp": "", "Failed to kill mount process: {{.error}}": "未能终止装载进程:{{.error}}", "Failed to list cached images": "无法列出缓存镜像", "Failed to list images": "", @@ -323,12 +326,14 @@ "Failed to pull image": "", "Failed to pull images": "", "Failed to push images": "", + "Failed to read temp": "", "Failed to reload cached images": "重新加载缓存镜像失败", "Failed to remove image": "", "Failed to remove profile": "无法删除配置文件", "Failed to save config": "无法保存配置", "Failed to save config {{.profile}}": "", "Failed to save dir": "", + "Failed to save image": "", "Failed to save stdin": "", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}": "未能设置 NO_PROXY 环境变量。请使用“export NO_PROXY=$NO_PROXY,{{.ip}}”", "Failed to set NO_PROXY Env. Please use `export NO_PROXY=$NO_PROXY,{{.ip}}`.": "未能设置 NO_PROXY 环境变量。请使用“export NO_PROXY=$NO_PROXY,{{.ip}}”。", @@ -524,6 +529,7 @@ "Please install the minikube kvm2 VM driver, or select an alternative --driver": "", "Please make sure the service you are looking for is deployed or is in the correct namespace.": "", "Please provide a path or url to build": "", + "Please provide an image in the container runtime to save from minikube via \u003cminikube image save IMAGE_NAME\u003e": "", "Please provide an image in your local daemon to load into minikube via \u003cminikube image load IMAGE_NAME\u003e": "", "Please provide source and target image": "", "Please re-eval your docker-env, To ensure your environment variables have updated ports:\n\n\t'minikube -p {{.profile_name}} docker-env'\n\n\t": "", @@ -621,6 +627,7 @@ "SSH key (ssh driver only)": "", "SSH port (ssh driver only)": "", "SSH user (ssh driver only)": "", + "Save a image from minikube": "", "Select a valid value for --dnsdomain": "", "Selecting '{{.driver}}' driver from existing profile (alternates: {{.alternates}})": "从现有配置文件中选择 '{{.driver}}' 驱动程序 (可选:{{.alternates}})", "Selecting '{{.driver}}' driver from user configuration (alternates: {{.alternates}})": "从用户配置中选择 {{.driver}}' 驱动程序(可选:{{.alternates}})",